X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=service-exposure%2Frapps-istio-mgr.go;h=fe68cb090c30b4c9e7ff3a38672a15ff08b88901;hb=b593154ee3bcca6835e768e7d8336d0837530434;hp=fb584bd7d409e25622cdfe749793beb076f60da9;hpb=2513eea5c9c4a1685ab6cbf0c2727d21399de5c7;p=nonrtric.git diff --git a/service-exposure/rapps-istio-mgr.go b/service-exposure/rapps-istio-mgr.go index fb584bd7..fe68cb09 100644 --- a/service-exposure/rapps-istio-mgr.go +++ b/service-exposure/rapps-istio-mgr.go @@ -1,30 +1,30 @@ // - -// ========================LICENSE_START================================= -// O-RAN-SC -// %% -// Copyright (C) 2022: Nordix Foundation -// %% -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// ========================LICENSE_START================================= +// O-RAN-SC +// %% +// Copyright (C) 2022-2023: Nordix Foundation +// %% +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at // -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// ========================LICENSE_END=================================== +// http://www.apache.org/licenses/LICENSE-2.0 // +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ========================LICENSE_END=================================== package main import ( "bytes" "context" "fmt" - netv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" netv1alpha3 "istio.io/client-go/pkg/apis/networking/v1alpha3" + netv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" secv1beta1 "istio.io/client-go/pkg/apis/security/v1beta1" versioned "istio.io/client-go/pkg/clientset/versioned" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -43,13 +43,16 @@ const ( ) type TemplateConfig struct { - Name string - Namespace string - Realm string - Client string - Authenticator string - Role string - Method string + Name string + Namespace string + Realm string + Client string + Authenticator string + Role string + Method string + TlsCrt string + TlsKey string + CaCrt string } var inputs TemplateConfig @@ -86,12 +89,12 @@ func connectToK8s() *versioned.Clientset { func createGateway(clientset *versioned.Clientset) (string, error) { gtClient := clientset.NetworkingV1beta1().Gateways(NAMESPACE) - config = template.Must(template.ParseFiles("./templates/Gateway-template.txt")) - var manifest bytes.Buffer - err := config.Execute(&manifest, inputs) - if err != nil { - return "", err - } + config = template.Must(template.ParseFiles("./templates/Gateway-template.txt")) + var manifest bytes.Buffer + err := config.Execute(&manifest, inputs) + if err != nil { + return "", err + } gt := &netv1beta1.Gateway{} dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000) @@ -112,12 +115,12 @@ func createGateway(clientset *versioned.Clientset) (string, error) { func createVirtualService(clientset *versioned.Clientset) (string, error) { vsClient := clientset.NetworkingV1beta1().VirtualServices(NAMESPACE) - config = template.Must(template.ParseFiles("./templates/VirtualService-template.txt")) - var manifest bytes.Buffer - err := config.Execute(&manifest, inputs) - if err != nil { - return "", err - } + config = template.Must(template.ParseFiles("./templates/VirtualService-template.txt")) + var manifest bytes.Buffer + err := config.Execute(&manifest, inputs) + if err != nil { + return "", err + } vs := &netv1beta1.VirtualService{} dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000) @@ -138,12 +141,12 @@ func createVirtualService(clientset *versioned.Clientset) (string, error) { func createRequestAuthentication(clientset *versioned.Clientset) (string, error) { raClient := clientset.SecurityV1beta1().RequestAuthentications(NAMESPACE) - config = template.Must(template.ParseFiles("./templates/RequestAuthentication-template.txt")) - var manifest bytes.Buffer - err := config.Execute(&manifest, inputs) - if err != nil { - return "", err - } + config = template.Must(template.ParseFiles("./templates/RequestAuthentication-template.txt")) + var manifest bytes.Buffer + err := config.Execute(&manifest, inputs) + if err != nil { + return "", err + } ra := &secv1beta1.RequestAuthentication{} dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000) @@ -164,12 +167,12 @@ func createRequestAuthentication(clientset *versioned.Clientset) (string, error) func createAuthorizationPolicy(clientset *versioned.Clientset) (string, error) { apClient := clientset.SecurityV1beta1().AuthorizationPolicies(NAMESPACE) - config = template.Must(template.ParseFiles("./templates/AuthorizationPolicy-template.txt")) - var manifest bytes.Buffer - err := config.Execute(&manifest, inputs) - if err != nil { - return "", err - } + config = template.Must(template.ParseFiles("./templates/AuthorizationPolicy-template.txt")) + var manifest bytes.Buffer + err := config.Execute(&manifest, inputs) + if err != nil { + return "", err + } ap := &secv1beta1.AuthorizationPolicy{} dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000) @@ -189,29 +192,29 @@ func createAuthorizationPolicy(clientset *versioned.Clientset) (string, error) { } func createEnvoyFilter(clientset *versioned.Clientset) (string, error) { - efClient := clientset.NetworkingV1alpha3().EnvoyFilters(NAMESPACE) + efClient := clientset.NetworkingV1alpha3().EnvoyFilters(NAMESPACE) config = template.Must(template.ParseFiles("./templates/EnvoyFilter-template.txt")) var manifest bytes.Buffer - err := config.Execute(&manifest, inputs) - if err != nil { - return "", err - } + err := config.Execute(&manifest, inputs) + if err != nil { + return "", err + } - ef := &netv1alpha3.EnvoyFilter{} - dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000) + ef := &netv1alpha3.EnvoyFilter{} + dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000) - if err = dec.Decode(&ef); err != nil { - return "", err - } + if err = dec.Decode(&ef); err != nil { + return "", err + } - result, err := efClient.Create(context.TODO(), ef, metav1.CreateOptions{}) + result, err := efClient.Create(context.TODO(), ef, metav1.CreateOptions{}) - if err != nil { - return "", err - } + if err != nil { + return "", err + } - fmt.Printf("Create Envoy Filter %s \n", result.GetName()) - return result.GetName(), nil + fmt.Printf("Create Envoy Filter %s \n", result.GetName()) + return result.GetName(), nil } func removeGateway(clientset *versioned.Clientset) { @@ -256,12 +259,12 @@ func removeAuthorizationPolicy(clientset *versioned.Clientset) { func removeEnvoyFilter(clientset *versioned.Clientset) { efClient := clientset.NetworkingV1alpha3().EnvoyFilters(NAMESPACE) - err := efClient.Delete(context.TODO(), appName+"-outbound-filter", metav1.DeleteOptions{}) - if err != nil { - fmt.Println(err) - } else { - fmt.Println("Deleted EnvoyFilter " + appName + "-outbound-filter") - } + err := efClient.Delete(context.TODO(), appName+"-outbound-filter", metav1.DeleteOptions{}) + if err != nil { + fmt.Println(err) + } else { + fmt.Println("Deleted EnvoyFilter " + appName + "-outbound-filter") + } } func createIstioPolicy(res http.ResponseWriter, req *http.Request) { @@ -270,7 +273,7 @@ func createIstioPolicy(res http.ResponseWriter, req *http.Request) { appName := query.Get("name") roleName := query.Get("role") methodName := query.Get("method") - inputs = TemplateConfig{Name: appName, Namespace: NAMESPACE, Realm: realmName, Role: roleName, Method: methodName } + inputs = TemplateConfig{Name: appName, Namespace: NAMESPACE, Realm: realmName, Role: roleName, Method: methodName} var msg string clientset := connectToK8s() _, err := createGateway(clientset) @@ -306,23 +309,27 @@ func createIstioPolicy(res http.ResponseWriter, req *http.Request) { } func createIstioFilter(res http.ResponseWriter, req *http.Request) { - query := req.URL.Query() - realmName := query.Get("realm") - clientId := query.Get("client") - appName := query.Get("name") - authType := query.Get("authType") - inputs = TemplateConfig{Name: appName, Namespace: NAMESPACE, Realm: realmName, Client: clientId, Authenticator: authType} - var msg string - clientset := connectToK8s() - _, err := createEnvoyFilter(clientset) - if err != nil { - msg = err.Error() - fmt.Println(err.Error()) - } - // create response binary data - data := []byte(msg) // slice of bytes - // write `data` to response - res.Write(data) + query := req.URL.Query() + realmName := query.Get("realm") + clientId := query.Get("client") + appName := query.Get("name") + authType := query.Get("authType") + tlsCrt := query.Get("tlsCrt") + tlsKey := query.Get("tlsKey") + caCrt := query.Get("caCrt") + inputs = TemplateConfig{Name: appName, Namespace: NAMESPACE, Realm: realmName, Client: clientId, + Authenticator: authType, TlsCrt: tlsCrt, TlsKey: tlsKey, CaCrt: caCrt} + var msg string + clientset := connectToK8s() + _, err := createEnvoyFilter(clientset) + if err != nil { + msg = err.Error() + fmt.Println(err.Error()) + } + // create response binary data + data := []byte(msg) // slice of bytes + // write `data` to response + res.Write(data) } func removeIstioPolicy(res http.ResponseWriter, req *http.Request) { @@ -336,10 +343,10 @@ func removeIstioPolicy(res http.ResponseWriter, req *http.Request) { } func removeIstioFilter(res http.ResponseWriter, req *http.Request) { - query := req.URL.Query() - appName = query.Get("name") - clientset := connectToK8s() - removeEnvoyFilter(clientset) + query := req.URL.Query() + appName = query.Get("name") + clientset := connectToK8s() + removeEnvoyFilter(clientset) } func main() {