From: ecaiyanlinux Date: Sat, 1 Aug 2020 14:05:17 +0000 (+0000) Subject: Support https for callback_reciever X-Git-Tag: 2.1.0~53 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F02%2F4502%2F5;p=nonrtric.git Support https for callback_reciever Currently callback_reciever only supports http This commit makes it support both http/https Change-Id: I6a8a7001231b113516f8d256b23b2b84d994bbce Signed-off-by: ecaiyanlinux Issue-ID: NONRTRIC-268 --- diff --git a/test/auto-test/FTC300.sh b/test/auto-test/FTC300.sh index d9bca7df..3d575db3 100755 --- a/test/auto-test/FTC300.sh +++ b/test/auto-test/FTC300.sh @@ -33,7 +33,7 @@ generate_uuid #Local vars in test script ########################## # Path to callback receiver -CR_PATH="http://$CR_APP_NAME:$CR_EXTERNAL_PORT/callbacks" +CR_PATH="https://$CR_APP_NAME:$CR_EXTERNAL_SECURE_PORT/callbacks" # Tested variants of REST/DMAAP/SDNC config TESTED_VARIANTS="REST DMAAP REST+SDNC DMAAP+SDNC DMAAP_BATCH DMAAP_BATCH+SDNC" diff --git a/test/common/test_env.sh b/test/common/test_env.sh index 623bc247..ee48e8b1 100755 --- a/test/common/test_env.sh +++ b/test/common/test_env.sh @@ -117,6 +117,8 @@ export MR_WRITE_URL="/events/A1-POLICY-AGENT-WRITE" # Path write mes export CR_EXTERNAL_PORT=8090 # Callback receiver container external port (host -> container) export CR_INTERNAL_PORT=8090 # Callback receiver container internal port (container -> container) +export CR_EXTERNAL_SECURE_PORT=8091 # Callback receiver container external secure port (host -> container) +export CR_INTERNAL_SECURE_PORT=8091 # Callback receiver container internal secure port (container -> container) export CR_APP_NAME="callback-receiver" # Name for the Callback receiver export CONSUL_HOST="consul-server" # Host name of consul diff --git a/test/cr/Dockerfile b/test/cr/Dockerfile index d2e69cd3..bdc3521d 100644 --- a/test/cr/Dockerfile +++ b/test/cr/Dockerfile @@ -17,12 +17,17 @@ FROM python:3.8-slim-buster -WORKDIR /usr/src/app +COPY app/ /usr/src/app/ +COPY cert/ /usr/src/app/cert/ -COPY requirements.txt requirements.txt +WORKDIR /usr/src/app RUN pip install -r requirements.txt -COPY cr.py cr.py +RUN chmod +x start.sh + +#install nginx +RUN apt-get update +RUN apt-get install -y nginx=1.14.* -CMD [ "python3", "-u", "./cr.py" ] \ No newline at end of file +CMD [ "./start.sh" ] diff --git a/test/cr/README.md b/test/cr/README.md index 31dae4ca..251f0b31 100644 --- a/test/cr/README.md +++ b/test/cr/README.md @@ -1,22 +1,29 @@ ## callback receiver - a stub interface to receive callbacks ## -The mrstub is intended for function tests to simulate a message router. -The mrstub exposes the read and write urls, used by the agent, as configured in consul. -In addition, request messages can be fed to the mrstub and the response messages can be read by polling. +The callback receiver is intended for function tests to simulate a RAPP. +The callback receiver exposes the read and write urls, used by the agent, as configured in service. +The callback receiver receives notifications from PMS when synchronization happens between PMS and RICs. +# Ports and certificates + +The CR normally opens the port 8090 for http. If a certificate and a key are provided the simulator will also open port 8091 for https. +The certificate and key shall be placed in the same dir and the dir shall be mounted to /usr/src/app/cert in the container. + +| Port | Protocol | +| -------- | ----- | +| 8090 | http | +| 8091 | https | + +The dir cert contains a self-signed cert. Use the script generate_cert_and_key.sh to generate a new certificate and key. The password of the certificate must be set 'test'. +The same urls are available on both the http port 8090 and the https port 8091. If using curl and https, the flag -k shall be given to make curl ignore checking the certificate. ### Control interface ### The control interface can be used by any test script. The following REST operations are available: ->Send a message to MR
-This method puts a request message in the queue for the agent to pick up. The returned correlationId (auto generated by the mrstub) is used when polling for the reposone message of this particular request.
-```URI and parameter, (GET): /get-event/```

-```response: message + 200 or 204``` - ->Receive a message response for MR for the included correlation id
-The method is for polling of messages, returns immediately containing the received response (if any) for the supplied correlationId.
+>Send a message to CR
+This method puts a request message from PMS to notify that sychronization between PMS and certain RIC happens.
```URI and payload, (PUT or POST): /callbacks/ ```

```response: OK 200 or 500 for other errors``` @@ -32,16 +39,34 @@ There are a number of counters that can be read to monitor the message processin >Build image
```docker build -t callback-receiver .``` ->Start the image
-```docker run -it -p 8090:8090 callback-receiver``` +>Start the image on both http and https
+```docker run -it -p 8090:8090 -p 8091:8091 callback-receiver``` + +It will listen to http 8090 port and https 8091 port(using default certificates) at the same time. + +By default, this image has default certificates under /usr/src/app/cert +file "cert.crt" is the certificate file +file "key.crt" is the key file +file "generate_cert_and_key.sh" is a shell script to generate certificate and key +file "pass" stores the password when you run the shell script + +This certificates/key can be overriden by mounting a volume when using "docker run" or "docker-compose" +In 'docker run', use field: +--volume "$PWD/certificate:/usr/src/app/cert" a1test +```docker run -it -p 8090:8090 -p 8091:8091 -v "/PATH_TO_CERT/cert:/usr/src/app/cert" callback-receiver``` +In 'docker-compose.yml', use field: +volumes: + - ./certificate:/usr/src/app/cert:ro The script ```crstub-build-start.sh``` do the above two steps in one go. This starts the callback-receiver container in stand-alone mode for basic test.
If the callback-receiver should be executed manually with the agent, replace docker run with this command to connect to the docker network with the correct service name (--name shall be aligned with the other components, i.e. the host named given in all callback urls). -```docker run -it -p 8090:8090 --network nonrtric-docker-net --name callback-receiver callback-receiver``` +```docker run -it -p 8090:8090 -p 8091:8091 --network nonrtric-docker-net --name callback-receiver callback-receiver``` +>Start the image on http only
+```docker run -it -p 8090:8090 callback-receiver``` ### Basic test ### -Basic test is made with the script ```basic_test.sh``` which tests all the available urls with a subset of the possible operations. Use the script ```cr-build-start.sh``` to start the callback-receiver in a container first. +Basic test is made with the script ```basic_test.sh nonsecure|secure``` which tests all the available urls with a subset of the possible operations. Use the script ```cr-build-start.sh``` to start the callback-receiver in a container first. ## License diff --git a/test/cr/cr.py b/test/cr/app/cr.py similarity index 99% rename from test/cr/cr.py rename to test/cr/app/cr.py index 105ccc25..bc6e28f9 100644 --- a/test/cr/cr.py +++ b/test/cr/app/cr.py @@ -32,7 +32,7 @@ msg_callbacks={} # Server info HOST_IP = "::" -HOST_PORT = 8090 +HOST_PORT = 2222 # Metrics vars cntr_msg_callbacks=0 diff --git a/test/cr/app/nginx.conf b/test/cr/app/nginx.conf new file mode 100644 index 00000000..479d8964 --- /dev/null +++ b/test/cr/app/nginx.conf @@ -0,0 +1,100 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server { # simple reverse-proxy + listen 8090; + listen [::]:8090; + listen 8091 ssl; + listen [::]:8091 ssl; + server_name localhost; + ssl_certificate /usr/src/app/cert/cert.crt; + ssl_certificate_key /usr/src/app/cert/key.crt; + ssl_password_file /usr/src/app/cert/pass; + + # serve dynamic requests + location / { + proxy_pass http://localhost:2222; + } + } + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/test/cr/requirements.txt b/test/cr/app/requirements.txt similarity index 100% rename from test/cr/requirements.txt rename to test/cr/app/requirements.txt diff --git a/test/cr/app/start.sh b/test/cr/app/start.sh new file mode 100755 index 00000000..16ee34d8 --- /dev/null +++ b/test/cr/app/start.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# ============LICENSE_START=============================================== +# Copyright (C) 2020 Nordix Foundation. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +#start nginx +nginx -c /usr/src/app/nginx.conf + +#start mrstub +python3 -u cr.py diff --git a/test/cr/basic_test.sh b/test/cr/basic_test.sh index 8be110af..dbaca4f0 100755 --- a/test/cr/basic_test.sh +++ b/test/cr/basic_test.sh @@ -20,7 +20,27 @@ # Automated test script for callback receiver container # callbackreciver port -export PORT=8090 +# export PORT=8090 +if [ $# -ne 1 ]; then + echo "Usage: ./basic_test.sh nonsecure|secure" + exit 1 +fi +if [ "$1" != "nonsecure" ] && [ "$1" != "secure" ]; then + echo "Usage: ./basic_test.sh nonsecure|secure" + exit 1 +fi + +if [ $1 == "nonsecure" ]; then + #Default http port for the simulator + PORT=8090 + # Set http protocol + HTTPX="http" +else + #Default https port for the simulator + PORT=8091 + # Set https protocol + HTTPX="https" +fi # source function to do curl and check result . ../common/do_curl_function.sh diff --git a/test/cr/cert/cert.crt b/test/cr/cert/cert.crt new file mode 100644 index 00000000..a24dfc49 --- /dev/null +++ b/test/cr/cert/cert.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICljCCAX4CCQCv7SV/aTc/YjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJT +RTAeFw0yMDA1MDMwMDI0MzdaFw00NzA5MTgwMDI0MzdaMA0xCzAJBgNVBAYTAlNF +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsGQcCv+Ce/+AbHx+3Wu +ujGtWF7uLX+/MahOHPfdXqidwG7OpmYnGkL06cA52P0BcZdc1hPGQbQdFJC8aW6U +5X9owRz9IRiwpzRhRqmMJfeqrLaqLL9K5MpCv+qsDzXu9ngRLJDk5CyeEfTjosEr +GWDywWahQKHChamdH701djFGwWGP3gttGvQoMnaSpzeyDKitBZql6bSxKkhWgFop +yxfU7qjbzOASLWaMx2r+MIJ88+AYDqYBTj649N534AYrIdjlQnvEKzGH0sOgHFYO +oaTTvmE/vRPlmbSX1U7mo/SvMWNPZkKUPDltyapOpBltfMiRJH4ndLOXJWRgmYha +SQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAdAwQpntpgUWUxCTk/Pw2+w5v+VxMM +K6QWhm9JdRn3XKQnKrFexVRso/x8TA8V50EUGwQwbnKApNXvJsV2jvbP/YwDsG2u +jBxs0DSspjDvbhUTkuWNYufQZIUGYMyccHap+CKD4rD2loMkmwbh5rII3SGEzUFE +rOY4VhqDjGCcILbChiY/QMA6Uyb6jLGxTARhgblWi9RWr9LuKv7raaUcnAIz1GO8 +z559kUnOKbsB46RZKRa0uIumz9qqXqxnVLWnIwT3DinpXsnzcPqNyyhTk6XR+W5o +0AuUCyT1WKlejrfMmmV6hRNHbT4x7cQrx4EjNf5hM00mN++F+QdGMa/G +-----END CERTIFICATE----- diff --git a/test/cr/cert/generate_cert_and_key.sh b/test/cr/cert/generate_cert_and_key.sh new file mode 100755 index 00000000..0f79bbf7 --- /dev/null +++ b/test/cr/cert/generate_cert_and_key.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# ============LICENSE_START=============================================== +# Copyright (C) 2020 Nordix Foundation. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +# This will generate a self-signed certificate with password 'test' +openssl req -x509 -passout pass:"test" -newkey rsa:2048 -keyout key.crt -out cert.crt -days 9999 diff --git a/test/cr/cert/key.crt b/test/cr/cert/key.crt new file mode 100644 index 00000000..105ee75b --- /dev/null +++ b/test/cr/cert/key.crt @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIpz2Uxhl1+ZwCAggA +MB0GCWCGSAFlAwQBKgQQu1or54X1Bk5IMPGoDrdxkASCBNCBKcePejHXlG0fb2qt +TtQrpEr8UR60iFOaeUQ2Lc1zK0wzFCXAIXEWEcaozv75mJ5ReemkBMCyuzPJnoiM +LTeKuoUw8l48S9arB9l+/vVgUnMY0fm+QDsnPffkXKxC2kNwwFgGCT7tIGezuo/e +a9a5JJY707YEnkhUKWAQI2Oz/I95tbeYu64d/WtSN2OLu5JVLsCGAhV4cqcShjEb +pFlfgOHrT0z+qK7YXVR9P74qAZtGsH2ydUrtPtdvddKRpOAm4LzDNmox4Bs6e9nr +jY56sVRiHGhqeeqW04qRks5ReZF7zuwEgUSzGNlAcbbHn6FNJPOZKuN0e8KYexEM +y0G04rSNW8qppMsvez6txsou62CeIZ5LyAumwaJJYzwkob0nCmWYcZl5tSpkXZly +HsQKI2UlO3tiRKd057a46/kxcK85Pwav3Il+FaRXJkzl2rkU3DSy9SjaGL0ROD0U +1EaZCjeDdzN2GmqRQ1WhN5ivowQyWVf6H/mrxtkWZ3qLKmpa1JmvUgOybPcbqqQr +tqjj3Oj0zvLFZDqBjfIlTAAimXPgh6qLHH+qUGrI62pMpaldNZNy/swnpPuTX2sF +TUxFZvnGOmG3qHyvPm91+PypbdVSMb0PeB75XQFqWmajwnua7xfWrH8PLSijp5xQ +aLyiJ1jjFqXWE9D2v7JhB2BNCYlHxP98UI8kHxh7Fw5y0EKT5pCcbrg2nuLzMrCz +D4QaxZRuiIiPgy21kowk3WbHLYAjG7f9cIcbbX6Khc/3ulbB8xJ24WNRuzv4EHeh +TATHqk8nIgpkn1zmvPsKILdWzqZh70IlSctSzoIGzI6C2J76ycSZmcKtar2BZya9 +f1coUlFgXMvdmrf4bt4j2u/biA48OJaVlWBYVfIXUbliFTAQ8biRZFC2n3Xg+W8t +U2xqW14lZWBOIQFJp27foG6Z4JzyL2WZgQ0PWe0m0+tDaKA/LSWB2Qpwt4o2n0cb +RCs++c0eFCeOgErEfmmeburMhzQsfkUqpsL+J/ZMaRSiuTCpYM8qbz+KKT/Z6zbl +2cHWxSFRIqRKAMsj2a61IANjNIdwi2uBHZrWH1HMVVXAbGUJQFKZhxdpn5PBrXqg +vHRa9u0MQFCjs9NcQAGnBQDS6u+pUVO02WT4MvTker+hbu+f6NPU9FMLu+QbQUEP +SUdEZL4W9ZuBTdS3n/fTHEL8wKRB5yEW/CS5JuD+8YinZZXrsd3n3Oky05fdk6Bk +QH9cjMXdsd0Sb0Epw3CWGtXZ6YTHlVWqjdTNlOQdzQ7qfzktgcKujGwvQK0Mgd8x +nmG+f/HWMOss0JEL3ZR+K9Rr50u8/R+W5+e4VE57yw1fg9Jpq2/sVe2Pt8S7isFK +qDLoFZtF5RXi1O9KcA9BpnQX1ihPSC1RoY1pGXoF2D4KkV9U4/4j2qM6MGxjQ6lw +MN0qJ/N70Lti3YWqvYiTymLwVJr8FqoMQsV19MB8012Xd51Bvy6igddhrO83wuuV +b8PlUzl3Tl7yOviYqxiJ0xd8qw+Hs4+FkHbZIFJcUzTHVbb4SlPUE3wn6nrrIcfK +rT4wsYhK3afrlvK3ILi6kzzazS1dK+Hv9+mNozNf5u5nNBFQ+7MhtttzLWIaiV6D +ilLpOwcoO0X0qrzXKR7a+rQ/Dw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/cr/cert/pass b/test/cr/cert/pass new file mode 100644 index 00000000..30d74d25 --- /dev/null +++ b/test/cr/cert/pass @@ -0,0 +1 @@ +test \ No newline at end of file diff --git a/test/cr/cr-build-start.sh b/test/cr/cr-build-start.sh index 1954eb7d..a971d680 100755 --- a/test/cr/cr-build-start.sh +++ b/test/cr/cr-build-start.sh @@ -21,4 +21,4 @@ docker build -t callback-receiver . -docker run -it -p 8090:8090 callback-receiver +docker run -it -p 8090:8090 -p 8091:8091 callback-receiver diff --git a/test/simulator-group/cr/docker-compose.yml b/test/simulator-group/cr/docker-compose.yml index 77a958f1..4fc3991f 100644 --- a/test/simulator-group/cr/docker-compose.yml +++ b/test/simulator-group/cr/docker-compose.yml @@ -28,3 +28,4 @@ services: image: ${CR_IMAGE} ports: - ${CR_EXTERNAL_PORT}:${CR_INTERNAL_PORT} + - ${CR_EXTERNAL_SECURE_PORT}:${CR_INTERNAL_SECURE_PORT}