X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=test%2Fcommon%2Fistio_api_functions.sh;fp=test%2Fcommon%2Fistio_api_functions.sh;h=2afc3f9c89c240d16488d1cd66d1c71c26316d33;hb=145762b23535cdffece56c661d9fc0c073cc911e;hp=0000000000000000000000000000000000000000;hpb=1b82a8331d9b1f92687dbd25e6d28f2943c9df22;p=nonrtric.git

diff --git a/test/common/istio_api_functions.sh b/test/common/istio_api_functions.sh
new file mode 100644
index 00000000..2afc3f9c
--- /dev/null
+++ b/test/common/istio_api_functions.sh
@@ -0,0 +1,249 @@
+#!/bin/bash
+
+#  ============LICENSE_START===============================================
+#  Copyright (C) 2021 Nordix Foundation. All rights reserved.
+#  ========================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#  ============LICENSE_END=================================================
+#
+
+# This is a script that contains function to handle helm on localhost
+
+
+################ Test engine functions ################
+
+# Create the image var used during the test
+# arg: <image-tag-suffix> (selects staging, snapshot, release etc)
+# <image-tag-suffix> is present only for images with staging, snapshot,release tags
+__ISTIO_imagesetup() {
+	:
+}
+
+# Pull image from remote repo or use locally built image
+# arg: <pull-policy-override> <pull-policy-original>
+# <pull-policy-override> Shall be used for images allowing overriding. For example use a local image when test is started to use released images
+# <pull-policy-original> Shall be used for images that does not allow overriding
+# Both var may contain: 'remote', 'remote-remove' or 'local'
+__ISTIO_imagepull() {
+	:
+}
+
+# Build image (only for simulator or interfaces stubs owned by the test environment)
+# arg: <image-tag-suffix> (selects staging, snapshot, release etc)
+# <image-tag-suffix> is present only for images with staging, snapshot,release tags
+__ISTIO_imagebuild() {
+	:
+}
+
+# Generate a string for each included image using the app display name and a docker images format string
+# If a custom image repo is used then also the source image from the local repo is listed
+# arg: <docker-images-format-string> <file-to-append>
+__ISTIO_image_data() {
+	:
+}
+
+# Scale kubernetes resources to zero
+# All resources shall be ordered to be scaled to 0, if relevant. If not relevant to scale, then do no action.
+# This function is called for apps fully managed by the test script
+__ISTIO_kube_scale_zero() {
+	:
+}
+
+# Scale kubernetes resources to zero and wait until this has been accomplished, if relevant. If not relevant to scale, then do no action.
+# This function is called for prestarted apps not managed by the test script.
+__ISTIO_kube_scale_zero_and_wait() {
+	:
+}
+
+# Delete all kube resouces for the app
+# This function is called for apps managed by the test script.
+__ISTIO_kube_delete_all() {
+	__kube_delete_all_resources $KUBE_NONRTRIC_NAMESPACE autotest ISTIO
+}
+
+# Store docker logs
+# This function is called for apps managed by the test script.
+# args: <log-dir> <file-prexix>
+__ISTIO_store_docker_logs() {
+	:
+}
+
+# Initial setup of protocol, host and ports
+# This function is called for apps managed by the test script.
+# args: -
+__ISTIO_initial_setup() {
+	# See jwt-info.txt in simulator-group/kubeproxy for detailed info
+	KUBE_PROXY_CURL_JWT=$ISTIO_GENERIC_JWT
+	KUBE_PROXY_ISTIO_JWKS_KEYS=$ISTIO_GENERIC_JWKS_KEY
+}
+
+# Set app short-name, app name and namespace for logging runtime statistics of kubernets pods or docker containers
+# For docker, the namespace shall be excluded
+# This function is called for apps managed by the test script as well as for prestarted apps.
+# args: -
+__ISTIO_statisics_setup() {
+	:
+}
+
+# Check application requirements, e.g. helm, the the test needs. Exit 1 if req not satisfied
+# args: -
+__ISTIO_test_requirements() {
+
+	kubectl $KUBECONF get requestauthentications -A &> /dev/null
+	if [ $? -ne 0 ]; then
+		echo $RED" Istio api: kubectl get requestauthentications is not installed"
+		exit 1
+	fi
+	kubectl $KUBECONF get authorizationpolicies -A &> /dev/null
+	if [ $? -ne 0 ]; then
+		echo $RED" Istio api: kubectl get authorizationpolicies is not installed"
+		exit 1
+	fi
+}
+
+#######################################################
+
+
+# Enable istio on namespace
+# arg: <namespace>
+istio_enable_istio_namespace() {
+	__log_conf_start $@
+    if [ $# -ne 1 ]; then
+        __print_err "<namespace>" $@
+        return 1
+    fi
+	__kube_create_namespace $1
+	__kube_label_non_ns_instance ns $1 "istio-injection=enabled"
+	__log_conf_ok
+	return 0
+}
+
+# Request authorization by jwksuri
+# args: <app> <namespace> <realm>
+istio_req_auth_by_jwksuri() {
+	__log_conf_start $@
+    if [ $# -ne 3 ]; then
+        __print_err "<app> <namespace> <realm>" $@
+        return 1
+    fi
+	name="ra-jwksuri-"$3"-"$1"-"$2
+	export  ISTIO_TEMPLATE_REPLACE_RA_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
+	export  ISTIO_TEMPLATE_REPLACE_RA_NS=$2
+	export  ISTIO_TEMPLATE_REPLACE_RA_APP_NAME=$1
+	export  ISTIO_TEMPLATE_REPLACE_RA_ISSUER=$KEYCLOAK_ISSUER_PATH$KEYCLOAK_TOKEN_URL_PREFIX/$3
+	export  ISTIO_TEMPLATE_REPLACE_RA_JWKSURI=$KEYCLOAK_SERVICE_PATH$KEYCLOAK_TOKEN_URL_PREFIX/$3/protocol/openid-connect/certs
+	inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ra-jwksuri-template.yaml
+	outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_RA_NAME".yaml"
+	envsubst < $inputfile > $outputfile
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general "Cannot substitute yaml: $inputfile"
+		return 1
+	fi
+	kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general "Cannot apply yaml: $outputfile"
+		return 1
+	fi
+	__log_conf_ok
+	return 0
+}
+
+# Request authorization by jwks (inline keys)
+# args: <app> <namespace> <issuer> <key>
+istio_req_auth_by_jwks() {
+	__log_conf_start $@
+    if [ $# -ne 4 ]; then
+        __print_err "<app> <namespace> <issuer> <key>" $@
+        return 1
+    fi
+	name="ra-jwks-"$3"-"$1"-"$2
+	export  ISTIO_TEMPLATE_REPLACE_RA_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
+	export  ISTIO_TEMPLATE_REPLACE_RA_NS=$2
+	export  ISTIO_TEMPLATE_REPLACE_RA_APP_NAME=$1
+	export  ISTIO_TEMPLATE_REPLACE_RA_ISSUER=$3
+	export  ISTIO_TEMPLATE_REPLACE_RA_JWKS=$4
+	inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ra-jwks-template.yaml
+	outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_RA_NAME".yaml"
+	envsubst < $inputfile > $outputfile
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general "Cannot substitute yaml: $inputfile"
+		return 1
+	fi
+	kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general "Cannot apply yaml: $outputfile"
+		return 1
+	fi
+	__log_conf_ok
+	return 0
+}
+
+# Authorization policy - by realm
+# args: <app> <namespace> <realam>
+istio_auth_policy_by_realm() {
+	__log_conf_start $@
+    if [ $# -ne 3 ]; then
+        __print_err "<app> <namespace> <realam>" $@
+        return 1
+    fi
+	name="ap-realm-"$3"-"$1"-"$2
+	export  ISTIO_TEMPLATE_REPLACE_AP_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
+	export  ISTIO_TEMPLATE_REPLACE_AP_NS=$2
+	export  ISTIO_TEMPLATE_REPLACE_AP_APP_NAME=$1
+	export  ISTIO_TEMPLATE_REPLACE_AP_PRINCIPAL="$KEYCLOAK_ISSUER_PATH$KEYCLOAK_TOKEN_URL_PREFIX/$3/*"
+	inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ap-principal-template.yaml
+	outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_AP_NAME".yaml"
+	envsubst < $inputfile > $outputfile
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general "Cannot substitute yaml: $inputfile"
+		return 1
+	fi
+	kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general "Cannot apply yaml: $outputfile"
+		return 1
+	fi
+	__log_conf_ok
+	return 0
+}
+
+# Authorization policy - by issuer
+# args: <app> <namespace> <issuer>
+istio_auth_policy_by_issuer() {
+	__log_conf_start $@
+    if [ $# -ne 3 ]; then
+        __print_err "<app> <namespace> <issuer>" $@
+        return 1
+    fi
+	name="ap-iss-"$3"-"$1"-"$2
+	export  ISTIO_TEMPLATE_REPLACE_AP_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
+	export  ISTIO_TEMPLATE_REPLACE_AP_NS=$2
+	export  ISTIO_TEMPLATE_REPLACE_AP_APP_NAME=$1
+	export  ISTIO_TEMPLATE_REPLACE_AP_PRINCIPAL="$3/*"
+	inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ap-principal-template.yaml
+	outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_AP_NAME".yaml"
+	envsubst < $inputfile > $outputfile
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general "Cannot substitute yaml: $inputfile"
+		return 1
+	fi
+	kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
+	if [ $? -ne 0 ]; then
+		__log_conf_fail_general "Cannot apply yaml: $outputfile"
+		return 1
+	fi
+	__log_conf_ok
+	return 0
+}
+
+