#Local vars in test script
##########################
# Path to callback receiver
-CR_PATH="http://$CR_APP_NAME:$CR_EXTERNAL_PORT/callbacks"
+CR_PATH="https://$CR_APP_NAME:$CR_EXTERNAL_SECURE_PORT/callbacks"
# Tested variants of REST/DMAAP/SDNC config
TESTED_VARIANTS="REST DMAAP REST+SDNC DMAAP+SDNC DMAAP_BATCH DMAAP_BATCH+SDNC"
export CR_EXTERNAL_PORT=8090 # Callback receiver container external port (host -> container)
export CR_INTERNAL_PORT=8090 # Callback receiver container internal port (container -> container)
+export CR_EXTERNAL_SECURE_PORT=8091 # Callback receiver container external secure port (host -> container)
+export CR_INTERNAL_SECURE_PORT=8091 # Callback receiver container internal secure port (container -> container)
export CR_APP_NAME="callback-receiver" # Name for the Callback receiver
export CONSUL_HOST="consul-server" # Host name of consul
FROM python:3.8-slim-buster
-WORKDIR /usr/src/app
+COPY app/ /usr/src/app/
+COPY cert/ /usr/src/app/cert/
-COPY requirements.txt requirements.txt
+WORKDIR /usr/src/app
RUN pip install -r requirements.txt
-COPY cr.py cr.py
+RUN chmod +x start.sh
+
+#install nginx
+RUN apt-get update
+RUN apt-get install -y nginx=1.14.*
-CMD [ "python3", "-u", "./cr.py" ]
\ No newline at end of file
+CMD [ "./start.sh" ]
## callback receiver - a stub interface to receive callbacks ##
-The mrstub is intended for function tests to simulate a message router.
-The mrstub exposes the read and write urls, used by the agent, as configured in consul.
-In addition, request messages can be fed to the mrstub and the response messages can be read by polling.
+The callback receiver is intended for function tests to simulate a RAPP.
+The callback receiver exposes the read and write urls, used by the agent, as configured in service.
+The callback receiver receives notifications from PMS when synchronization happens between PMS and RICs.
+# Ports and certificates
+
+The CR normally opens the port 8090 for http. If a certificate and a key are provided the simulator will also open port 8091 for https.
+The certificate and key shall be placed in the same dir and the dir shall be mounted to /usr/src/app/cert in the container.
+
+| Port | Protocol |
+| -------- | ----- |
+| 8090 | http |
+| 8091 | https |
+
+The dir cert contains a self-signed cert. Use the script generate_cert_and_key.sh to generate a new certificate and key. The password of the certificate must be set 'test'.
+The same urls are available on both the http port 8090 and the https port 8091. If using curl and https, the flag -k shall be given to make curl ignore checking the certificate.
### Control interface ###
The control interface can be used by any test script.
The following REST operations are available:
->Send a message to MR<br>
-This method puts a request message in the queue for the agent to pick up. The returned correlationId (auto generated by the mrstub) is used when polling for the reposone message of this particular request.<br>
-```URI and parameter, (GET): /get-event/<id>```<br><br>
-```response: message + 200 or 204```
-
->Receive a message response for MR for the included correlation id<br>
-The method is for polling of messages, returns immediately containing the received response (if any) for the supplied correlationId.<br>
+>Send a message to CR<br>
+This method puts a request message from PMS to notify that sychronization between PMS and certain RIC happens.<br>
```URI and payload, (PUT or POST): /callbacks/<id> <json array of response messages>```<br><br>
```response: OK 200 or 500 for other errors```
>Build image<br>
```docker build -t callback-receiver .```
->Start the image<br>
-```docker run -it -p 8090:8090 callback-receiver```
+>Start the image on both http and https<br>
+```docker run -it -p 8090:8090 -p 8091:8091 callback-receiver```
+
+It will listen to http 8090 port and https 8091 port(using default certificates) at the same time.
+
+By default, this image has default certificates under /usr/src/app/cert
+file "cert.crt" is the certificate file
+file "key.crt" is the key file
+file "generate_cert_and_key.sh" is a shell script to generate certificate and key
+file "pass" stores the password when you run the shell script
+
+This certificates/key can be overriden by mounting a volume when using "docker run" or "docker-compose"
+In 'docker run', use field:
+--volume "$PWD/certificate:/usr/src/app/cert" a1test
+```docker run -it -p 8090:8090 -p 8091:8091 -v "/PATH_TO_CERT/cert:/usr/src/app/cert" callback-receiver```
+In 'docker-compose.yml', use field:
+volumes:
+ - ./certificate:/usr/src/app/cert:ro
The script ```crstub-build-start.sh``` do the above two steps in one go. This starts the callback-receiver container in stand-alone mode for basic test.<br>If the callback-receiver should be executed manually with the agent, replace docker run with this command to connect to the docker network with the correct service name (--name shall be aligned with the other components, i.e. the host named given in all callback urls).
-```docker run -it -p 8090:8090 --network nonrtric-docker-net --name callback-receiver callback-receiver```
+```docker run -it -p 8090:8090 -p 8091:8091 --network nonrtric-docker-net --name callback-receiver callback-receiver```
+>Start the image on http only<br>
+```docker run -it -p 8090:8090 callback-receiver```
### Basic test ###
-Basic test is made with the script ```basic_test.sh``` which tests all the available urls with a subset of the possible operations. Use the script ```cr-build-start.sh``` to start the callback-receiver in a container first.
+Basic test is made with the script ```basic_test.sh nonsecure|secure``` which tests all the available urls with a subset of the possible operations. Use the script ```cr-build-start.sh``` to start the callback-receiver in a container first.
## License
# Server info
HOST_IP = "::"
-HOST_PORT = 8090
+HOST_PORT = 2222
# Metrics vars
cntr_msg_callbacks=0
--- /dev/null
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+ worker_connections 768;
+ # multi_accept on;
+}
+
+http {
+
+ ##
+ # Basic Settings
+ ##
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ # server_tokens off;
+
+ # server_names_hash_bucket_size 64;
+ # server_name_in_redirect off;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ server { # simple reverse-proxy
+ listen 8090;
+ listen [::]:8090;
+ listen 8091 ssl;
+ listen [::]:8091 ssl;
+ server_name localhost;
+ ssl_certificate /usr/src/app/cert/cert.crt;
+ ssl_certificate_key /usr/src/app/cert/key.crt;
+ ssl_password_file /usr/src/app/cert/pass;
+
+ # serve dynamic requests
+ location / {
+ proxy_pass http://localhost:2222;
+ }
+ }
+ ##
+ # SSL Settings
+ ##
+
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+ ssl_prefer_server_ciphers on;
+
+ ##
+ # Logging Settings
+ ##
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ ##
+ # Gzip Settings
+ ##
+
+ gzip on;
+
+ # gzip_vary on;
+ # gzip_proxied any;
+ # gzip_comp_level 6;
+ # gzip_buffers 16 8k;
+ # gzip_http_version 1.1;
+ # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+ ##
+ # Virtual Host Configs
+ ##
+
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+# # See sample authentication script at:
+# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+# # auth_http localhost/auth.php;
+# # pop3_capabilities "TOP" "USER";
+# # imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+# server {
+# listen localhost:110;
+# protocol pop3;
+# proxy on;
+# }
+#
+# server {
+# listen localhost:143;
+# protocol imap;
+# proxy on;
+# }
+#}
--- /dev/null
+#!/bin/bash
+# ============LICENSE_START===============================================
+# Copyright (C) 2020 Nordix Foundation. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+#start nginx
+nginx -c /usr/src/app/nginx.conf
+
+#start mrstub
+python3 -u cr.py
# Automated test script for callback receiver container
# callbackreciver port
-export PORT=8090
+# export PORT=8090
+if [ $# -ne 1 ]; then
+ echo "Usage: ./basic_test.sh nonsecure|secure"
+ exit 1
+fi
+if [ "$1" != "nonsecure" ] && [ "$1" != "secure" ]; then
+ echo "Usage: ./basic_test.sh nonsecure|secure"
+ exit 1
+fi
+
+if [ $1 == "nonsecure" ]; then
+ #Default http port for the simulator
+ PORT=8090
+ # Set http protocol
+ HTTPX="http"
+else
+ #Default https port for the simulator
+ PORT=8091
+ # Set https protocol
+ HTTPX="https"
+fi
# source function to do curl and check result
. ../common/do_curl_function.sh
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICljCCAX4CCQCv7SV/aTc/YjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJT
+RTAeFw0yMDA1MDMwMDI0MzdaFw00NzA5MTgwMDI0MzdaMA0xCzAJBgNVBAYTAlNF
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsGQcCv+Ce/+AbHx+3Wu
+ujGtWF7uLX+/MahOHPfdXqidwG7OpmYnGkL06cA52P0BcZdc1hPGQbQdFJC8aW6U
+5X9owRz9IRiwpzRhRqmMJfeqrLaqLL9K5MpCv+qsDzXu9ngRLJDk5CyeEfTjosEr
+GWDywWahQKHChamdH701djFGwWGP3gttGvQoMnaSpzeyDKitBZql6bSxKkhWgFop
+yxfU7qjbzOASLWaMx2r+MIJ88+AYDqYBTj649N534AYrIdjlQnvEKzGH0sOgHFYO
+oaTTvmE/vRPlmbSX1U7mo/SvMWNPZkKUPDltyapOpBltfMiRJH4ndLOXJWRgmYha
+SQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAdAwQpntpgUWUxCTk/Pw2+w5v+VxMM
+K6QWhm9JdRn3XKQnKrFexVRso/x8TA8V50EUGwQwbnKApNXvJsV2jvbP/YwDsG2u
+jBxs0DSspjDvbhUTkuWNYufQZIUGYMyccHap+CKD4rD2loMkmwbh5rII3SGEzUFE
+rOY4VhqDjGCcILbChiY/QMA6Uyb6jLGxTARhgblWi9RWr9LuKv7raaUcnAIz1GO8
+z559kUnOKbsB46RZKRa0uIumz9qqXqxnVLWnIwT3DinpXsnzcPqNyyhTk6XR+W5o
+0AuUCyT1WKlejrfMmmV6hRNHbT4x7cQrx4EjNf5hM00mN++F+QdGMa/G
+-----END CERTIFICATE-----
--- /dev/null
+#!/bin/bash
+
+# ============LICENSE_START===============================================
+# Copyright (C) 2020 Nordix Foundation. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+# This will generate a self-signed certificate with password 'test'
+openssl req -x509 -passout pass:"test" -newkey rsa:2048 -keyout key.crt -out cert.crt -days 9999
--- /dev/null
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIpz2Uxhl1+ZwCAggA
+MB0GCWCGSAFlAwQBKgQQu1or54X1Bk5IMPGoDrdxkASCBNCBKcePejHXlG0fb2qt
+TtQrpEr8UR60iFOaeUQ2Lc1zK0wzFCXAIXEWEcaozv75mJ5ReemkBMCyuzPJnoiM
+LTeKuoUw8l48S9arB9l+/vVgUnMY0fm+QDsnPffkXKxC2kNwwFgGCT7tIGezuo/e
+a9a5JJY707YEnkhUKWAQI2Oz/I95tbeYu64d/WtSN2OLu5JVLsCGAhV4cqcShjEb
+pFlfgOHrT0z+qK7YXVR9P74qAZtGsH2ydUrtPtdvddKRpOAm4LzDNmox4Bs6e9nr
+jY56sVRiHGhqeeqW04qRks5ReZF7zuwEgUSzGNlAcbbHn6FNJPOZKuN0e8KYexEM
+y0G04rSNW8qppMsvez6txsou62CeIZ5LyAumwaJJYzwkob0nCmWYcZl5tSpkXZly
+HsQKI2UlO3tiRKd057a46/kxcK85Pwav3Il+FaRXJkzl2rkU3DSy9SjaGL0ROD0U
+1EaZCjeDdzN2GmqRQ1WhN5ivowQyWVf6H/mrxtkWZ3qLKmpa1JmvUgOybPcbqqQr
+tqjj3Oj0zvLFZDqBjfIlTAAimXPgh6qLHH+qUGrI62pMpaldNZNy/swnpPuTX2sF
+TUxFZvnGOmG3qHyvPm91+PypbdVSMb0PeB75XQFqWmajwnua7xfWrH8PLSijp5xQ
+aLyiJ1jjFqXWE9D2v7JhB2BNCYlHxP98UI8kHxh7Fw5y0EKT5pCcbrg2nuLzMrCz
+D4QaxZRuiIiPgy21kowk3WbHLYAjG7f9cIcbbX6Khc/3ulbB8xJ24WNRuzv4EHeh
+TATHqk8nIgpkn1zmvPsKILdWzqZh70IlSctSzoIGzI6C2J76ycSZmcKtar2BZya9
+f1coUlFgXMvdmrf4bt4j2u/biA48OJaVlWBYVfIXUbliFTAQ8biRZFC2n3Xg+W8t
+U2xqW14lZWBOIQFJp27foG6Z4JzyL2WZgQ0PWe0m0+tDaKA/LSWB2Qpwt4o2n0cb
+RCs++c0eFCeOgErEfmmeburMhzQsfkUqpsL+J/ZMaRSiuTCpYM8qbz+KKT/Z6zbl
+2cHWxSFRIqRKAMsj2a61IANjNIdwi2uBHZrWH1HMVVXAbGUJQFKZhxdpn5PBrXqg
+vHRa9u0MQFCjs9NcQAGnBQDS6u+pUVO02WT4MvTker+hbu+f6NPU9FMLu+QbQUEP
+SUdEZL4W9ZuBTdS3n/fTHEL8wKRB5yEW/CS5JuD+8YinZZXrsd3n3Oky05fdk6Bk
+QH9cjMXdsd0Sb0Epw3CWGtXZ6YTHlVWqjdTNlOQdzQ7qfzktgcKujGwvQK0Mgd8x
+nmG+f/HWMOss0JEL3ZR+K9Rr50u8/R+W5+e4VE57yw1fg9Jpq2/sVe2Pt8S7isFK
+qDLoFZtF5RXi1O9KcA9BpnQX1ihPSC1RoY1pGXoF2D4KkV9U4/4j2qM6MGxjQ6lw
+MN0qJ/N70Lti3YWqvYiTymLwVJr8FqoMQsV19MB8012Xd51Bvy6igddhrO83wuuV
+b8PlUzl3Tl7yOviYqxiJ0xd8qw+Hs4+FkHbZIFJcUzTHVbb4SlPUE3wn6nrrIcfK
+rT4wsYhK3afrlvK3ILi6kzzazS1dK+Hv9+mNozNf5u5nNBFQ+7MhtttzLWIaiV6D
+ilLpOwcoO0X0qrzXKR7a+rQ/Dw==
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+test
\ No newline at end of file
docker build -t callback-receiver .
-docker run -it -p 8090:8090 callback-receiver
+docker run -it -p 8090:8090 -p 8091:8091 callback-receiver
image: ${CR_IMAGE}
ports:
- ${CR_EXTERNAL_PORT}:${CR_INTERNAL_PORT}
+ - ${CR_EXTERNAL_SECURE_PORT}:${CR_INTERNAL_SECURE_PORT}
Code Review / nonrtric.git / commitdiff