From 6b65f83f4a115da4c066d4aca91d1d78fbc00d37 Mon Sep 17 00:00:00 2001
From: "Zhang Rong(Jon)" <rong.zhang@windriver.com>
Date: Wed, 18 Dec 2024 23:11:14 +0800
Subject: [PATCH] Enhance local test with insecure access

Since the new O-Cloud will enable the HTTPS by default,
this commit will enhance the local testing.

Test Plan:
PASS - Docker compose running with O-Cloud backend as expect.
PASS - cgtsclient, dcclient, fmclient working correctly.

Change-Id: I362d816965309ecdbf67e5571690cb19ba9e7b8c
Signed-off-by: Zhang Rong(Jon) <rong.zhang@windriver.com>
---
 README.md                                          |  12 +-
 cgtsclient-insecure.patch                          |  20 ---
 docker-compose.yml                                 |   2 +-
 o2common/config/config.py                          |   4 +
 .../stx-distcloud-client/distclient-insecure.patch |  13 ++
 tests/o2app-watcher-entry.sh                       |   5 +
 tests/test_cgtsclient.py                           | 168 +++++++++++++++++++++
 7 files changed, 196 insertions(+), 28 deletions(-)
 delete mode 100644 cgtsclient-insecure.patch
 create mode 100644 patches/stx-distcloud-client/distclient-insecure.patch
 create mode 100644 tests/test_cgtsclient.py

diff --git a/README.md b/README.md
index 6dbcbaf..ca0698f 100644
--- a/README.md
+++ b/README.md
@@ -6,13 +6,11 @@ cloned into temp before docker building
 ```sh
 mkdir -p temp
 cd temp
-git clone --branch r/stx.7.0 https://opendev.org/starlingx/config.git
-git clone --branch master https://opendev.org/starlingx/distcloud-client.git
-(cd distcloud-client && git reset --hard eb4e7eeeb09bdf2e1b80984b378c5a8ea9930f04)
-git clone --depth 1 --branch r/stx.7.0 https://opendev.org/starlingx/fault.git
-cd config
-git checkout bca406d1
-patch -p1 < ../../cgtsclient-insecure.patch
+git clone --branch r/stx.9.0 https://opendev.org/starlingx/config.git
+git clone --branch r/stx.9.0 https://opendev.org/starlingx/distcloud-client.git
+git clone --branch r/stx.9.0 https://opendev.org/starlingx/fault.git
+cd distcloud-client
+patch -p1 < ../../patches/stx-distcloud-client/distclient-insecure.patch
 cd -
 ```
 
diff --git a/cgtsclient-insecure.patch b/cgtsclient-insecure.patch
deleted file mode 100644
index 5ead988..0000000
--- a/cgtsclient-insecure.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/sysinv/cgts-client/cgts-client/cgtsclient/client.py b/sysinv/cgts-client/cgts-client/cgtsclient/client.py
-index d16cb239..bcf791c7 100644
---- a/sysinv/cgts-client/cgts-client/cgtsclient/client.py
-+++ b/sysinv/cgts-client/cgts-client/cgtsclient/client.py
-@@ -49,6 +49,7 @@ def _make_session(**kwargs):
-         user_domain_name = kwargs.get('os_user_domain_name') or "Default"
-         project_domain_id = kwargs.get('os_project_domain_id')
-         project_domain_name = kwargs.get('os_project_domain_name') or "Default"
-+        insecure = kwargs.get('insecure')
-         # todo(abailey): we can enhance this to also support token
-         auth_type = 'password'
-         username = kwargs.get('os_username')
-@@ -70,6 +71,7 @@ def _make_session(**kwargs):
-         loader = loading.get_plugin_loader(auth_type)
-         auth_plugin = loader.load_from_options(**auth_kwargs)
-         session = loading.session.Session().load_from_options(auth=auth_plugin,
-+                                                              insecure=insecure,
-                                                               timeout=timeout)
-     # session could still be None
-     return session
diff --git a/docker-compose.yml b/docker-compose.yml
index a624b56..db82023 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -80,7 +80,7 @@ services:
       - ./tests:/tests
     entrypoint:
       - /bin/sh
-      - /tests/o2app-api-entry2.sh
+      - /tests/o2app-api-entry.sh
     ports:
       - "5005:80"
 
diff --git a/o2common/config/config.py b/o2common/config/config.py
index c82a8e0..415b87d 100644
--- a/o2common/config/config.py
+++ b/o2common/config/config.py
@@ -171,6 +171,9 @@ def get_stx_access_info(region_name=get_region_name(),
     os_client_args = {}
     for key, val in client_args.items():
         os_client_args['os_{key}'.format(key=key)] = val
+
+    os_client_args['insecure'] = CGTS_INSECURE_SSL
+
     if "" != subcloud_hostname:
         if is_ipv6(subcloud_hostname):
             subcloud_hostname = "[" + subcloud_hostname + "]"
@@ -222,6 +225,7 @@ def get_dc_access_info():
     os_client_args['project_name'] = os_client_args.pop('os_project_name')
     os_client_args['user_domain_name'] = 'Default'
     os_client_args['project_domain_name'] = 'Default'
+    os_client_args['insecure'] = CGTS_INSECURE_SSL
 
     return os_client_args
 
diff --git a/patches/stx-distcloud-client/distclient-insecure.patch b/patches/stx-distcloud-client/distclient-insecure.patch
new file mode 100644
index 0000000..4d68876
--- /dev/null
+++ b/patches/stx-distcloud-client/distclient-insecure.patch
@@ -0,0 +1,13 @@
+diff --git a/distributedcloud-client/dcmanagerclient/api/v1/client.py b/distributedcloud-client/dcmanagerclient/api/v1/client.py
+index 6a23103..d68d05d 100644
+--- a/distributedcloud-client/dcmanagerclient/api/v1/client.py
++++ b/distributedcloud-client/dcmanagerclient/api/v1/client.py
+@@ -202,7 +202,7 @@ def authenticate(
+                 "a password (api_key) and a user."
+             )
+         if auth:
+-            session = ks_session.Session(auth=auth)
++            session = ks_session.Session(auth=auth, verify=False)
+ 
+     if session:
+         token = session.get_token()
diff --git a/tests/o2app-watcher-entry.sh b/tests/o2app-watcher-entry.sh
index 3db6cb7..3f04066 100644
--- a/tests/o2app-watcher-entry.sh
+++ b/tests/o2app-watcher-entry.sh
@@ -16,5 +16,10 @@ cp -r /o2app/* /src/o2app
 mkdir -p /src/helm_sdk
 cp -r /helm_sdk/* /src/helm_sdk
 
+# test only
+if [ -e '/etc/ssl/custom-cert.pem' ]; then
+    update-ca-certificates
+fi
+
 pip install -e /src
 python /o2app/entrypoints/resource_watcher.py
diff --git a/tests/test_cgtsclient.py b/tests/test_cgtsclient.py
new file mode 100644
index 0000000..f708d30
--- /dev/null
+++ b/tests/test_cgtsclient.py
@@ -0,0 +1,168 @@
+#!/usr/bin/env python3
+
+import os
+from cgtsclient.client import get_client as get_stx_client
+from cgtsclient.exc import EndpointException
+from dcmanagerclient.api.client import client as get_dc_client
+
+
+def get_stx_client_args():
+    """Get StarlingX client arguments from environment variables"""
+    client_args = dict(
+        auth_url=os.environ.get('OS_AUTH_URL', 'http://192.168.204.1:5000/v3'),
+        username=os.environ.get('OS_USERNAME', 'admin'),
+        api_key=os.environ.get('OS_PASSWORD', 'fakepasswd1'),
+        project_name=os.environ.get('OS_PROJECT_NAME', 'admin'),
+    )
+    return client_args
+
+
+def get_stx_access_info():
+    """Convert client args to StarlingX format"""
+    try:
+        client_args = get_stx_client_args()
+    except KeyError as e:
+        print('Error: Please source your RC file before execution')
+        print('e.g.: source ~/downloads/admin-rc.sh')
+        raise e
+
+    os_client_args = {}
+    for key, val in client_args.items():
+        os_client_args['os_' + key] = val
+
+    os_client_args['os_password'] = os_client_args.pop('os_api_key')
+    os_client_args['os_region_name'] = os.environ.get('OS_REGION_NAME',
+                                                      'RegionOne')
+    os_client_args['api_version'] = 1
+
+    # Add certificate related parameters
+    os_client_args['insecure'] = os.environ.get(
+        'OS_INSECURE', "False").lower() == "true"
+    os_client_args['ca_file'] = os.environ.get(
+        'OS_CACERT', '/etc/ssl/certs/ca-certificates.crt')
+    os_client_args['cert_file'] = os.environ.get('OS_CERT', None)
+    os_client_args['key_file'] = os.environ.get('OS_KEY', None)
+
+    return os_client_args
+
+
+def get_dc_access_info():
+    """Convert client args to DC Manager format"""
+    try:
+        client_args = get_stx_client_args()
+    except KeyError as e:
+        print('Error: Please source your RC file before execution')
+        print('e.g.: source ~/downloads/admin-rc.sh')
+        raise e
+
+    os_client_args = {}
+    for key, val in client_args.items():
+        os_client_args['os_' + key] = val
+
+    # Convert to dcmanager format
+    dc_client_args = {
+        'auth_url': os_client_args['os_auth_url'],
+        'username': os_client_args['os_username'],
+        'api_key': os_client_args['os_api_key'],
+        'project_name': os_client_args['os_project_name'],
+        'user_domain_name': 'Default',
+        'project_domain_name': 'Default',
+        'insecure': os.environ.get('OS_INSECURE', "False").lower() == "true",
+        'cacert': os.environ.get('OS_CACERT',
+                                 '/etc/ssl/certs/ca-certificates.crt')
+    }
+
+    # Set dcmanager URL
+    dc_port = os.environ.get("DCMANAGER_API_PORT", "8119")
+    dc_path = os.environ.get("DCMANAGER_API_PATH", "/v1.0")
+    auth_url = os.environ.get("DCMANAGER_OS_AUTH_URL")
+
+    if not auth_url:
+        from urllib.parse import urlparse
+        u = urlparse(dc_client_args['auth_url'])
+        auth_url = u._replace(
+            netloc=f"{u.hostname}:{dc_port}", path=dc_path).geturl()
+
+    dc_client_args['dcmanager_url'] = auth_url
+
+    return dc_client_args
+
+
+def test_stx_client():
+    """Test StarlingX client connection"""
+    try:
+        # Get client configuration
+        os_client_args = get_stx_access_info()
+        print("\nTrying to connect with STX args:")
+        for k, v in os_client_args.items():
+            print("{0}: {1}".format(k, v))
+
+        # Create client
+        print("\nCreating StarlingX client...")
+        client = get_stx_client(**os_client_args)
+
+        # Test system information retrieval
+        print("\nGetting system information...")
+        systems = client.isystem.list()
+
+        if systems:
+            system = systems[0]
+            print("\nSystem information:")
+            print("Name: {0}".format(system.name))
+            print("UUID: {0}".format(system.uuid))
+            print("System Type: {0}".format(system.system_type))
+            print("System Mode: {0}".format(system.system_mode))
+            print("Software Version: {0}".format(system.software_version))
+            print("Capabilities: {0}".format(system.capabilities))
+        else:
+            print("No systems found!")
+
+    except EndpointException as e:
+        print("\nEndpoint Error: {0}".format(str(e)))
+    except Exception as e:
+        print("\nError: {0}".format(str(e)))
+        raise
+
+
+def test_dc_client():
+    """Test DC Manager client connection"""
+    try:
+        # Get client configuration
+        dc_client_args = get_dc_access_info()
+        print("\nTrying to connect with DC args:")
+        for k, v in dc_client_args.items():
+            print("{0}: {1}".format(k, v))
+
+        # Create DC Manager client
+        print("\nCreating DC Manager client...")
+        client = get_dc_client(**dc_client_args)
+
+        # Get subcloud list
+        print("\nGetting subcloud list...")
+        subclouds = client.subcloud_manager.list_subclouds()
+
+        if subclouds:
+            print("\nFound {0} subclouds:".format(len(subclouds)))
+            for subcloud in subclouds:
+                print("\nSubcloud information:")
+                print("Name: {0}".format(subcloud.name))
+                print("Region Name: {0}".format(subcloud.region_name))
+                print("Management State: {0}".format(
+                    subcloud.management_state))
+                print("Availability Status: {0}".format(
+                    subcloud.availability_status))
+                print("Sync Status: {0}".format(subcloud.sync_status))
+        else:
+            print("No subclouds found!")
+
+    except Exception as e:
+        print("\nDC Manager Error: {0}".format(str(e)))
+        raise
+
+
+if __name__ == "__main__":
+    print("Testing StarlingX and DC Manager Client Connections...")
+    print("\n=== Testing StarlingX Client ===")
+    test_stx_client()
+    print("\n=== Testing DC Manager Client ===")
+    test_dc_client()
-- 
2.16.6