Merge "Added JWT handling to a1pms"
diff --git a/test/auto-test/FTC100.sh b/test/auto-test/FTC100.sh
index 55f7d82..dfcee33 100755
--- a/test/auto-test/FTC100.sh
+++ b/test/auto-test/FTC100.sh
@@ -20,11 +20,17 @@
TC_ONELINE_DESCR="Full a1pms API walkthrough using a1pms REST/DMAAP and with/without SDNC A1 Controller"
+USE_ISTIO=1
+
#App names to include in the test when running docker, space separated list
DOCKER_INCLUDED_IMAGES="CBS CONSUL CP CR MR A1PMS RICSIM SDNC NGW KUBEPROXY"
#App names to include in the test when running kubernetes, space separated list
-KUBE_INCLUDED_IMAGES="CP CR MR A1PMS RICSIM SDNC KUBEPROXY NGW"
+if [ $USE_ISTIO -eq 0 ]; then
+ KUBE_INCLUDED_IMAGES="CP CR MR A1PMS RICSIM SDNC KUBEPROXY NGW"
+else
+ KUBE_INCLUDED_IMAGES="CP CR MR A1PMS RICSIM SDNC KUBEPROXY NGW KEYCLOAK ISTIO AUTHSIDECAR"
+fi
#Prestarted app (not started by script) to include in the test when running kubernetes, space separated list
KUBE_PRESTARTED_IMAGES=""
@@ -46,11 +52,25 @@
generate_policy_uuid
-# Tested variants of REST/DMAAP/SDNC config
-TESTED_VARIANTS="REST DMAAP REST+SDNC DMAAP+SDNC"
+if [ $USE_ISTIO -eq 0 ]; then
+ # Tested variants of REST/DMAAP/SDNC config
+ TESTED_VARIANTS="REST DMAAP REST+SDNC DMAAP+SDNC"
-#Test a1pms and simulator protocol versions (others are http only)
-TESTED_PROTOCOLS="HTTP HTTPS"
+ #Test a1pms and simulator protocol versions (others are http only)
+ TESTED_PROTOCOLS="HTTP HTTPS"
+else
+ if [ $USE_ISTIO -eq 1 ]; then
+ echo -e $RED"#########################################"$ERED
+ echo -e $RED"# No test of https when running with istio"$ERED
+ echo -e $RED"# No test of SDNC when running with istio"$ERED
+ echo -e $RED"#########################################"$ERED
+ fi
+ # Tested variants of REST/DMAAP/SDNC config
+ TESTED_VARIANTS="REST DMAAP"
+
+ #Test a1pms and simulator protocol versions (others are http only)
+ TESTED_PROTOCOLS="HTTP"
+fi
for __httpx in $TESTED_PROTOCOLS ; do
for interface in $TESTED_VARIANTS ; do
@@ -64,8 +84,80 @@
# Clean container and start all needed containers #
clean_environment
+ if [ $RUNMODE != "KUBE" ]; then
+ USE_ISTIO=0
+ echo "ISTIO not supported by docker - setting USE-ISTIO=0"
+ fi
+
+ if [ $USE_ISTIO -eq 1 ]; then
+ echo -e $RED"#########################################"$ERED
+ echo -e $RED"# Work around istio jwks cache"$ERED
+ echo -e $RED"# Cycle istiod down and up to clear cache"$ERED
+ echo ""
+ __kube_scale deployment istiod istio-system 0
+ __kube_scale deployment istiod istio-system 1
+ echo -e $RED"# Cycle istiod done"
+ echo -e $RED"#########################################"$ERED
+
+ istio_enable_istio_namespace $KUBE_SIM_NAMESPACE
+ istio_enable_istio_namespace $KUBE_NONRTRIC_NAMESPACE
+ istio_enable_istio_namespace $KUBE_A1SIM_NAMESPACE
+ fi
+
+
start_kube_proxy
+ if [ $USE_ISTIO -eq 1 ]; then
+ start_keycloak
+
+ keycloak_api_obtain_admin_token
+
+ keycloak_api_create_realm nrtrealm true 60
+ keycloak_api_create_confidential_client nrtrealm a1pmsc
+ keycloak_api_generate_client_secret nrtrealm a1pmsc
+ keycloak_api_get_client_secret nrtrealm a1pmsc
+ keycloak_api_create_client_roles nrtrealm a1pmsc nrtrole
+ keycloak_api_map_client_roles nrtrealm a1pmsc nrtrole
+
+ keycloak_api_get_client_token nrtrealm a1pmsc
+
+ CLIENT_TOKEN=$(keycloak_api_read_client_token nrtrealm a1pmsc)
+ echo "CLIENT_TOKEN: "$CLIENT_TOKEN
+
+ A1PMS_SEC=$(keycloak_api_read_client_secret nrtrealm a1pmsc)
+ echo "A1PMS_SEC: "$A1PMS_SEC
+
+ # Protect ricsim-g3
+ istio_req_auth_by_jwks ricsim-g1 $KUBE_A1SIM_NAMESPACE KUBEPROXY "$KUBE_PROXY_ISTIO_JWKS_KEYS"
+ istio_auth_policy_by_issuer ricsim-g1 $KUBE_A1SIM_NAMESPACE KUBEPROXY
+
+ istio_req_auth_by_jwksuri ricsim-g1 $KUBE_A1SIM_NAMESPACE nrtrealm
+ istio_auth_policy_by_realm ricsim-g1 $KUBE_A1SIM_NAMESPACE nrtrealm a1pmsc nrtrole
+
+ # Protect ricsim-g2
+ istio_req_auth_by_jwks ricsim-g2 $KUBE_A1SIM_NAMESPACE KUBEPROXY "$KUBE_PROXY_ISTIO_JWKS_KEYS"
+ istio_auth_policy_by_issuer ricsim-g2 $KUBE_A1SIM_NAMESPACE KUBEPROXY
+
+ istio_req_auth_by_jwksuri ricsim-g2 $KUBE_A1SIM_NAMESPACE nrtrealm
+ istio_auth_policy_by_realm ricsim-g2 $KUBE_A1SIM_NAMESPACE nrtrealm a1pmsc nrtrole
+
+ # Protect ricsim-g3
+ istio_req_auth_by_jwks ricsim-g3 $KUBE_A1SIM_NAMESPACE KUBEPROXY "$KUBE_PROXY_ISTIO_JWKS_KEYS"
+ istio_auth_policy_by_issuer ricsim-g3 $KUBE_A1SIM_NAMESPACE KUBEPROXY
+
+ istio_req_auth_by_jwksuri ricsim-g3 $KUBE_A1SIM_NAMESPACE nrtrealm
+ istio_auth_policy_by_realm ricsim-g3 $KUBE_A1SIM_NAMESPACE nrtrealm a1pmsc nrtrole
+
+ # Protect CR
+ istio_req_auth_by_jwks $CR_APP_NAME $KUBE_SIM_NAMESPACE KUBEPROXY "$KUBE_PROXY_ISTIO_JWKS_KEYS"
+ istio_auth_policy_by_issuer $CR_APP_NAME $KUBE_SIM_NAMESPACE KUBEPROXY
+
+ istio_req_auth_by_jwksuri $CR_APP_NAME $KUBE_SIM_NAMESPACE nrtrealm
+ istio_auth_policy_by_realm $CR_APP_NAME $KUBE_SIM_NAMESPACE nrtrealm a1pmsc nrtrole
+
+ a1pms_configure_sec nrtrealm a1pmsc $A1PMS_SEC
+ fi
+
if [ $__httpx == "HTTPS" ]; then
use_cr_https
use_a1pms_rest_https
@@ -585,18 +677,19 @@
else
mr_equal requests_submitted 0
fi
-
- if [[ $interface = *"SDNC"* ]]; then
- sim_contains_str ricsim_g1_1 remote_hosts $SDNC_APP_NAME
- sim_contains_str ricsim_g2_1 remote_hosts $SDNC_APP_NAME
- if [ "$A1PMS_VERSION" == "V2" ]; then
- sim_contains_str ricsim_g3_1 remote_hosts $SDNC_APP_NAME
- fi
- else
- sim_contains_str ricsim_g1_1 remote_hosts $A1PMS_APP_NAME
- sim_contains_str ricsim_g2_1 remote_hosts $A1PMS_APP_NAME
- if [ "$A1PMS_VERSION" == "V2" ]; then
- sim_contains_str ricsim_g3_1 remote_hosts $A1PMS_APP_NAME
+ if [ $USE_ISTIO -eq 0 ]; then
+ if [[ $interface = *"SDNC"* ]]; then
+ sim_contains_str ricsim_g1_1 remote_hosts $SDNC_APP_NAME
+ sim_contains_str ricsim_g2_1 remote_hosts $SDNC_APP_NAME
+ if [ "$A1PMS_VERSION" == "V2" ]; then
+ sim_contains_str ricsim_g3_1 remote_hosts $SDNC_APP_NAME
+ fi
+ else
+ sim_contains_str ricsim_g1_1 remote_hosts $A1PMS_APP_NAME
+ sim_contains_str ricsim_g2_1 remote_hosts $A1PMS_APP_NAME
+ if [ "$A1PMS_VERSION" == "V2" ]; then
+ sim_contains_str ricsim_g3_1 remote_hosts $A1PMS_APP_NAME
+ fi
fi
fi
diff --git a/test/auto-test/FTC1100.sh b/test/auto-test/FTC1100.sh
index 090481a..b8c3045 100755
--- a/test/auto-test/FTC1100.sh
+++ b/test/auto-test/FTC1100.sh
@@ -68,6 +68,7 @@
__kube_scale deployment istiod istio-system 1
echo -e $RED"# Cycle istiod done"
echo -e $RED"#########################################"$ERED
+ echo ""
istio_enable_istio_namespace $KUBE_SIM_NAMESPACE
istio_enable_istio_namespace $KUBE_NONRTRIC_NAMESPACE
@@ -155,6 +156,11 @@
start_cr 1
+if [ $USE_ISTIO -eq 1 ]; then
+ echo "Sleep 120 to let istio settle - enabling istio on workloads may cause initial dns disturbances - temporary unavailable dns names"
+ sleep 120
+fi
+
CB_JOB="$PROD_STUB_SERVICE_PATH$PROD_STUB_JOB_CALLBACK"
CB_SV="$PROD_STUB_SERVICE_PATH$PROD_STUB_SUPERVISION_CALLBACK"
#Targets for ei jobs
@@ -1448,7 +1454,7 @@
ics_api_edp_put_producer_2 201 prod-ia $CB_JOB/prod-ia $CB_SV/prod-ia type101
ics_api_edp_put_producer_2 200 prod-ia $CB_JOB/prod-ia $CB_SV/prod-ia type101
-if [[ "$ICS_FEATURE_LEVEL" == *"RESP_CODE_CHANGE_1" ]]; then
+if [[ "$ICS_FEATURE_LEVEL" == *"RESP_CODE_CHANGE_1"* ]]; then
ics_api_edp_delete_type_2 409 type101
else
ics_api_edp_delete_type_2 406 type101
@@ -1968,25 +1974,44 @@
cr_equal 0 received_callbacks 12
fi
### Test of pre and post validation
+if [[ "$ICS_FEATURE_LEVEL" != *"DEFAULT_TYPE_VALIDATION"* ]]; then
+ ics_api_idc_get_type_ids 200 type1 type2 type4 type6 type101 type102 type104 type106
+ ics_api_idc_put_job 404 job150 type150 $TARGET150 info-owner-1 $INFOSTATUS150 testdata/ics/job-template.json VALIDATE
+ ics_api_idc_put_job 201 job160 type160 $TARGET160 info-owner-1 $INFOSTATUS160 testdata/ics/job-template.json
-ics_api_idc_get_type_ids 200 type1 type2 type4 type6 type101 type102 type104 type106
-ics_api_idc_put_job 404 job150 type150 $TARGET150 info-owner-1 $INFOSTATUS150 testdata/ics/job-template.json VALIDATE
-ics_api_idc_put_job 201 job160 type160 $TARGET160 info-owner-1 $INFOSTATUS160 testdata/ics/job-template.json
-ics_api_idc_get_job_status2 404 job150
-ics_api_idc_get_job_status2 200 job160 DISABLED EMPTYPROD 60
+ ics_api_idc_get_job_status2 404 job150
+ ics_api_idc_get_job_status2 200 job160 DISABLED EMPTYPROD 60
-prodstub_arm_producer 200 prod-ig
-prodstub_arm_job_create 200 prod-ig job150
-prodstub_arm_job_create 200 prod-ig job160
+ prodstub_arm_producer 200 prod-ig
+ prodstub_arm_job_create 200 prod-ig job150
+ prodstub_arm_job_create 200 prod-ig job160
-ics_api_edp_put_producer_2 201 prod-ig $CB_JOB/prod-ig $CB_SV/prod-ig NOTYPE
-ics_api_edp_get_producer_status 200 prod-ig ENABLED 360
+ ics_api_edp_put_producer_2 201 prod-ig $CB_JOB/prod-ig $CB_SV/prod-ig NOTYPE
+ ics_api_edp_get_producer_status 200 prod-ig ENABLED 360
-ics_api_edp_get_producer_2 200 prod-ig $CB_JOB/prod-ig $CB_SV/prod-ig EMPTY
+ ics_api_edp_get_producer_2 200 prod-ig $CB_JOB/prod-ig $CB_SV/prod-ig EMPTY
-ics_api_idc_get_job_status2 404 job150
-ics_api_idc_get_job_status2 200 job160 DISABLED EMPTYPROD 60
+ ics_api_idc_get_job_status2 404 job150
+ ics_api_idc_get_job_status2 200 job160 DISABLED EMPTYPROD 60
+else
+ ics_api_idc_get_type_ids 200 type1 type2 type4 type6 type101 type102 type104 type106
+ ics_api_idc_put_job 404 job150 type150 $TARGET150 info-owner-1 $INFOSTATUS150 testdata/ics/job-template.json VALIDATE
+
+ ics_api_idc_get_job_status2 404 job150
+
+ prodstub_arm_producer 200 prod-ig
+ prodstub_arm_job_create 200 prod-ig job150
+ prodstub_arm_job_create 200 prod-ig job160
+
+ ics_api_edp_put_producer_2 201 prod-ig $CB_JOB/prod-ig $CB_SV/prod-ig NOTYPE
+ ics_api_edp_get_producer_status 200 prod-ig ENABLED 360
+
+ ics_api_edp_get_producer_2 200 prod-ig $CB_JOB/prod-ig $CB_SV/prod-ig EMPTY
+
+ ics_api_idc_get_job_status2 404 job150
+ #ics_api_idc_get_job_status2 200 job160 DISABLED EMPTYPROD 60
+fi
prodstub_arm_type 200 prod-ig type160
@@ -2000,12 +2025,14 @@
ics_api_idc_put_job 404 job150 type150 $TARGET150 info-owner-1 $INFOSTATUS150 testdata/ics/job-template.json VALIDATE
ics_api_idc_get_job_status2 404 job150
-ics_api_idc_get_job_status2 200 job160 ENABLED 1 prod-ig 60
+if [[ "$ICS_FEATURE_LEVEL" != *"DEFAULT_TYPE_VALIDATION"* ]]; then
+ ics_api_idc_get_job_status2 200 job160 ENABLED 1 prod-ig 60
-prodstub_check_jobdata_3 200 prod-ig job160 type160 $TARGET160 info-owner-1 testdata/ics/job-template.json
+ prodstub_check_jobdata_3 200 prod-ig job160 type160 $TARGET160 info-owner-1 testdata/ics/job-template.json
-prodstub_equal create/prod-ig/job160 1
-prodstub_equal delete/prod-ig/job160 0
+ prodstub_equal create/prod-ig/job160 1
+ prodstub_equal delete/prod-ig/job160 0
+fi
prodstub_arm_type 200 prod-ig type150
@@ -2025,6 +2052,10 @@
ics_api_edp_get_producer_2 200 prod-ig $CB_JOB/prod-ig $CB_SV/prod-ig type160 type150
+if [[ "$ICS_FEATURE_LEVEL" == *"DEFAULT_TYPE_VALIDATION"* ]]; then
+ ics_api_idc_put_job 201 job160 type160 $TARGET160 info-owner-1 $INFOSTATUS160 testdata/ics/job-template.json
+fi
+
ics_api_idc_get_job_status2 404 job150
ics_api_idc_get_job_status2 200 job160 ENABLED 1 prod-ig
@@ -2044,7 +2075,7 @@
if [[ "$ICS_FEATURE_LEVEL" == *"TYPE-SUBSCRIPTIONS"* ]]; then
- if [[ "$ICS_FEATURE_LEVEL" == *"RESP_CODE_CHANGE_1" ]]; then
+ if [[ "$ICS_FEATURE_LEVEL" == *"RESP_CODE_CHANGE_1"* ]]; then
ics_api_edp_delete_type_2 409 type104
else
ics_api_edp_delete_type_2 406 type104
diff --git a/test/auto-test/FTC1800.sh b/test/auto-test/FTC1800.sh
index 749ba82..6e1b764 100755
--- a/test/auto-test/FTC1800.sh
+++ b/test/auto-test/FTC1800.sh
@@ -359,7 +359,7 @@
if [[ "$ICS_FEATURE_LEVEL" == *"TYPE-SUBSCRIPTIONS"* ]]; then
- ics_equal json:/data-consumer/v1/info-type-subscription 2 200
+ ics_equal json:data-consumer/v1/info-type-subscription 2 200
ics_api_idc_get_subscription_ids 200 owner1 subscription-id-1
ics_api_idc_get_subscription_ids 200 owner2 subscription-id-2
@@ -382,7 +382,7 @@
if [[ "$ICS_FEATURE_LEVEL" == *"TYPE-SUBSCRIPTIONS"* ]]; then
- ics_equal json:/data-consumer/v1/info-type-subscription 2 200
+ ics_equal json:data-consumer/v1/info-type-subscription 2 200
ics_api_idc_get_subscription_ids 200 owner1 subscription-id-1
ics_api_idc_get_subscription_ids 200 owner2 subscription-id-2
diff --git a/test/common/a1pms_api_functions.sh b/test/common/a1pms_api_functions.sh
index f539717..8a903b8 100644
--- a/test/common/a1pms_api_functions.sh
+++ b/test/common/a1pms_api_functions.sh
@@ -89,6 +89,7 @@
# args: -
__A1PMS_initial_setup() {
use_a1pms_rest_http
+ export A1PMS_SIDECAR_JWT_FILE=""
}
# Set app short-name, app name and namespace for logging runtime statistics of kubernets pods or docker containers
@@ -306,6 +307,10 @@
# Create app
input_yaml=$SIM_GROUP"/"$A1PMS_COMPOSE_DIR"/"app.yaml
output_yaml=$PWD/tmp/a1pmsapp.yaml
+ if [ -z "$A1PMS_SIDECAR_JWT_FILE" ]; then
+ cat $input_yaml | sed '/#A1PMS_JWT_START/,/#A1PMS_JWT_STOP/d' > $PWD/tmp/a1pmsapp_tmp.yaml
+ input_yaml=$PWD/tmp/a1pmsapp_tmp.yaml
+ fi
__kube_create_instance app $A1PMS_APP_NAME $input_yaml $output_yaml
fi
@@ -346,6 +351,7 @@
fi
else
echo " No files in mounted dir or dir does not exists"
+ mkdir db
fi
cd $curdir
@@ -542,7 +548,7 @@
ric_id=${ric%.*.*} #extract pod id from full hosthame
ric_id=$(echo "$ric_id" | tr '-' '_')
else
- if [ $DOCKER_COMPOSE_VERION == "V1" ]; then
+ if [ $DOCKER_COMPOSE_VERSION == "V1" ]; then
ric_id=$ric
else
ric_id=$(echo "$ric" | tr '-' '_') #ric id still needs underscore as it is different from the container name
@@ -2380,4 +2386,17 @@
__log_test_pass
return 0
+}
+
+# args: <realm> <client-name> <client-secret>
+a1pms_configure_sec() {
+ export A1PMS_CREDS_GRANT_TYPE="client_credentials"
+ export A1PMS_CREDS_CLIENT_SECRET=$3
+ export A1PMS_CREDS_CLIENT_ID=$2
+ export A1PMS_AUTH_SERVICE_URL=$KEYCLOAK_SERVICE_PATH$KEYCLOAK_TOKEN_URL_PREFIX/$1/protocol/openid-connect/token
+ export A1PMS_SIDECAR_MOUNT="/token-cache"
+ export A1PMS_SIDECAR_JWT_FILE=$A1PMS_SIDECAR_MOUNT"/jwt.txt"
+
+ export AUTHSIDECAR_APP_NAME
+ export AUTHSIDECAR_DISPLAY_NAME
}
\ No newline at end of file
diff --git a/test/common/cr_api_functions.sh b/test/common/cr_api_functions.sh
index e80ad16..a29d010 100644
--- a/test/common/cr_api_functions.sh
+++ b/test/common/cr_api_functions.sh
@@ -122,7 +122,7 @@
CR_INSTANCE_KUBE=$(($CR_INSTANCE-1))
echo -n " CR-$CR_INSTANCE_KUBE $CR_APP_NAME-$CR_INSTANCE_KUBE $KUBE_SIM_NAMESPACE "
else
- if [ $DOCKER_COMPOSE_VERION == "V1" ]; then
+ if [ $DOCKER_COMPOSE_VERSION == "V1" ]; then
echo -n " CR_$CR_INSTANCE ${CR_APP_NAME}_cr_$CR_INSTANCE "
else
echo -n " CR_$CR_INSTANCE ${CR_APP_NAME}-cr-$CR_INSTANCE "
@@ -171,7 +171,7 @@
for ((CR_INSTANCE=0; CR_INSTANCE<$MAX_CR_APP_COUNT; CR_INSTANCE++ )); do
CR_DOCKER_INSTANCE=$(($CR_INSTANCE+1))
# CR_SERVICE_PATH is the base path to cr
- if [ $DOCKER_COMPOSE_VERION == "V1" ]; then
+ if [ $DOCKER_COMPOSE_VERSION == "V1" ]; then
__CR_SERVICE_PATH=$1"://"$CR_APP_NAME"_cr_"${CR_DOCKER_INSTANCE}":"$2 # docker access, container->container and script->container via proxy
else
__CR_SERVICE_PATH=$1"://"$CR_APP_NAME"-cr-"${CR_DOCKER_INSTANCE}":"$2 # docker access, container->container and script->container via proxy
@@ -299,7 +299,7 @@
app_data=""
cntr=1
while [ $cntr -le $CR_APP_COUNT ]; do
- if [ $DOCKER_COMPOSE_VERION == "V1" ]; then
+ if [ $DOCKER_COMPOSE_VERSION == "V1" ]; then
app=$CR_APP_NAME"_cr_"$cntr
else
app=$CR_APP_NAME"-cr-"$cntr
@@ -315,7 +315,7 @@
cntr=1 #Counter for docker instance, starts on 1
cntr2=0 #Couter for env var name, starts with 0 to be compablible with kube
while [ $cntr -le $CR_APP_COUNT ]; do
- if [ $DOCKER_COMPOSE_VERION == "V1" ]; then
+ if [ $DOCKER_COMPOSE_VERSION == "V1" ]; then
app=$CR_APP_NAME"_cr_"$cntr
else
app=$CR_APP_NAME"-cr-"$cntr
diff --git a/test/common/ics_api_functions.sh b/test/common/ics_api_functions.sh
index 2152de9..0c067ca 100644
--- a/test/common/ics_api_functions.sh
+++ b/test/common/ics_api_functions.sh
@@ -326,6 +326,7 @@
fi
else
echo " No files in mounted dir or dir does not exists"
+ mkdir db
fi
cd $curdir
diff --git a/test/common/istio_api_functions.sh b/test/common/istio_api_functions.sh
index 1eb7336..dbbc6a5 100644
--- a/test/common/istio_api_functions.sh
+++ b/test/common/istio_api_functions.sh
@@ -69,6 +69,11 @@
# This function is called for apps managed by the test script.
__ISTIO_kube_delete_all() {
__kube_delete_all_resources $KUBE_NONRTRIC_NAMESPACE autotest ISTIO
+ __kube_delete_all_resources $KUBE_A1SIM_NAMESPACE autotest ISTIO
+ __kube_delete_all_resources $KUBE_ONAP_NAMESPACE autotest ISTIO
+ __kube_delete_all_resources $KUBE_KEYCLOAK_NAMESPACE autotest ISTIO
+ __kube_delete_all_resources $KUBE_SDNC_NAMESPACE autotest ISTIO
+ __kube_delete_all_resources $KUBE_SIM_NAMESPACE autotest ISTIO
}
# Store docker logs
diff --git a/test/common/ricsim_api_functions.sh b/test/common/ricsim_api_functions.sh
index b8af532..d71d11a 100644
--- a/test/common/ricsim_api_functions.sh
+++ b/test/common/ricsim_api_functions.sh
@@ -103,7 +103,7 @@
echo -n " RICSIM_G2_$RICSIM_INSTANCE_KUBE ${RIC_SIM_PREFIX}-g2-$RICSIM_INSTANCE_KUBE $KUBE_A1SIM_NAMESPACE "
echo -n " RICSIM_G3_$RICSIM_INSTANCE_KUBE ${RIC_SIM_PREFIX}-g3-$RICSIM_INSTANCE_KUBE $KUBE_A1SIM_NAMESPACE "
else
- if [ $DOCKER_COMPOSE_VERION == "V1" ]; then
+ if [ $DOCKER_COMPOSE_VERSION == "V1" ]; then
echo -n " RICSIM_G1_$RICSIM_INSTANCE ${RIC_SIM_PREFIX}_g1_$RICSIM_INSTANCE "
echo -n " RICSIM_G2_$RICSIM_INSTANCE ${RIC_SIM_PREFIX}_g2_$RICSIM_INSTANCE "
echo -n " RICSIM_G3_$RICSIM_INSTANCE ${RIC_SIM_PREFIX}_g3_$RICSIM_INSTANCE "
@@ -294,7 +294,7 @@
# <ricsim-prefix>-<service-name>-<index>
app_data=""
cntr=1
- if [ $DOCKER_COMPOSE_VERION == "V1" ]; then
+ if [ $DOCKER_COMPOSE_VERSION == "V1" ]; then
app_name_prefix=$RIC_SIM_PREFIX"_"$RICSIM_COMPOSE_SERVICE_NAME"_"
else
app_name_prefix=$RIC_SIM_PREFIX"-"$RICSIM_COMPOSE_SERVICE_NAME"-"
@@ -309,7 +309,7 @@
cntr=1
while [ $cntr -le $2 ]; do
- if [ $DOCKER_COMPOSE_VERION == "V1" ]; then
+ if [ $DOCKER_COMPOSE_VERSION == "V1" ]; then
app=$RIC_SIM_PREFIX"_"$RICSIM_COMPOSE_SERVICE_NAME"_"$cntr
else
app=$RIC_SIM_PREFIX"-"$RICSIM_COMPOSE_SERVICE_NAME"-"$cntr
@@ -347,7 +347,7 @@
fi
echo $RIC_SIM_HTTPX"://"$ricname.$ric_setname.$KUBE_A1SIM_NAMESPACE":"$RIC_SIM_PORT
else
- if [ $DOCKER_COMPOSE_VERION == "V1" ]; then
+ if [ $DOCKER_COMPOSE_VERSION == "V1" ]; then
echo $RIC_SIM_HTTPX"://"$1":"$RIC_SIM_PORT
else
ricname=$(echo "$1" | tr '_' '-')
@@ -376,8 +376,14 @@
proxyflag=" --proxy-insecure --proxy $KUBE_PROXY_PATH"
fi
fi
- echo " CMD: $2 $proxyflag" >> $HTTPLOG
- res="$($2 $proxyflag)"
+ if [ -z "$KUBE_PROXY_CURL_JWT" ]; then
+ echo " CMD: $2 $proxyflag" >> $HTTPLOG
+ res="$($2 $proxyflag)"
+ else
+ echo " CMD: $2 $proxyflag -H Authorization: Bearer $KUBE_PROXY_CURL_JWT" >> $HTTPLOG
+ res=$($2 $proxyflag -H 'Authorization: Bearer '$KUBE_PROXY_CURL_JWT)
+ fi
+
echo " RESP: $res" >> $HTTPLOG
retcode=$?
if [ $retcode -ne 0 ]; then
diff --git a/test/common/test_env-oran-f-release.sh b/test/common/test_env-oran-f-release.sh
index 85f4764..da8a5db 100755
--- a/test/common/test_env-oran-f-release.sh
+++ b/test/common/test_env-oran-f-release.sh
@@ -298,7 +298,7 @@
ICS_CONFIG_MOUNT_PATH=/opt/app/information-coordinator-service/config # Internal container path for configuration
ICS_CONFIG_FILE=application.yaml # Config file name
ICS_VERSION="V1-2" # Version where the types are decoupled from the producer registration
-ICS_FEATURE_LEVEL="INFO-TYPES TYPE-SUBSCRIPTIONS INFO-TYPE-INFO RESP_CODE_CHANGE_1" # Space separated list of features
+ICS_FEATURE_LEVEL="INFO-TYPES TYPE-SUBSCRIPTIONS INFO-TYPE-INFO RESP_CODE_CHANGE_1 DEFAULT_TYPE_VALIDATION" # Space separated list of features
MR_DMAAP_APP_NAME="message-router" # Name for the Dmaap MR
MR_STUB_APP_NAME="mr-stub" # Name of the MR stub
diff --git a/test/common/testcase_common.sh b/test/common/testcase_common.sh
index 78f27fd..47d8ced 100755
--- a/test/common/testcase_common.sh
+++ b/test/common/testcase_common.sh
@@ -135,7 +135,7 @@
#Var to indicate docker-compose version, V1 or V2
#V1 names replicated containers <proj-name>_<service-name>_<index>
#V2 names replicated containers <proj-name>-<service-name>-<index>
-DOCKER_COMPOSE_VERION="V1"
+DOCKER_COMPOSE_VERSION="V1"
# Function to indent cmd output with one space
indent1() { sed 's/^/ /'; }
@@ -1120,7 +1120,7 @@
tmp=$(docker-compose version)
echo " docker-compose installed and using version $tmp"
if [[ "$tmp" == *'v2'* ]]; then
- DOCKER_COMPOSE_VERION="V2"
+ DOCKER_COMPOSE_VERSION="V2"
fi
fi
fi
@@ -2731,6 +2731,17 @@
fi
done
+ # Remove istio label on namespaces
+ test_env_namespaces=$(kubectl $KUBECONF get ns --no-headers -o custom-columns=":metadata.name" -l autotest=engine -l istio-injection=enabled) #Get list of ns created by the test env
+ if [ $? -ne 0 ]; then
+ echo " Cannot get list of namespaces...continues.."
+ else
+ for test_env_ns in $test_env_namespaces; do
+ echo " Removing istio label on ns: "$test_env_ns
+ __kube_label_non_ns_instance ns $test_env_ns "istio-injection-"
+ done
+ fi
+
echo ""
}
@@ -2853,7 +2864,7 @@
envsubst < $compose_file > "gen_"$compose_file
compose_file="gen_"$compose_file
- if [ $DOCKER_COMPOSE_VERION == "V1" ]; then
+ if [ $DOCKER_COMPOSE_VERSION == "V1" ]; then
docker_compose_cmd="docker-compose"
else
docker_compose_cmd="docker compose"
diff --git a/test/http-https-proxy/http_proxy.js b/test/http-https-proxy/http_proxy.js
index 0bab052..e90dfca 100644
--- a/test/http-https-proxy/http_proxy.js
+++ b/test/http-https-proxy/http_proxy.js
@@ -77,7 +77,7 @@
if (crproto != undefined) {
crurl=crproto+"://"+crhost+crurl
if (debug) {
- console.log(" Constructed ulr: "+crurl)
+ console.log(" Constructed url: "+crurl)
}
} else if (crurl.startsWith('/')) {
console.log("Catched bad url in http request: "+crurl)
diff --git a/test/simulator-group/a1pms/app.yaml b/test/simulator-group/a1pms/app.yaml
index b53f22a..11dad9b 100644
--- a/test/simulator-group/a1pms/app.yaml
+++ b/test/simulator-group/a1pms/app.yaml
@@ -36,6 +36,29 @@
name: a1pms-pv-data-name
- mountPath: $A1PMS_DATA_MOUNT_PATH
name: a1pms-data-name
+#A1PMS_JWT_START
+ - mountPath: $A1PMS_SIDECAR_MOUNT
+ name: token-cache-volume
+#A1PMS_JWT_STOP
+#A1PMS_JWT_START
+ - name: $AUTHSIDECAR_APP_NAME
+ image: $AUTHSIDECAR_IMAGE
+ imagePullPolicy: $KUBE_IMAGE_PULL_POLICY
+ env:
+ - name: CREDS_GRANT_TYPE
+ value: $A1PMS_CREDS_GRANT_TYPE
+ - name: CREDS_CLIENT_SECRET
+ value: $A1PMS_CREDS_CLIENT_SECRET
+ - name: CREDS_CLIENT_ID
+ value: $A1PMS_CREDS_CLIENT_ID
+ - name: OUTPUT_FILE
+ value: $A1PMS_SIDECAR_JWT_FILE
+ - name: AUTH_SERVICE_URL
+ value: $A1PMS_AUTH_SERVICE_URL
+ volumeMounts:
+ - mountPath: $A1PMS_SIDECAR_MOUNT
+ name: token-cache-volume
+#A1PMS_JWT_STOP
volumes:
- configMap:
defaultMode: 420
@@ -48,6 +71,10 @@
- persistentVolumeClaim:
claimName: $A1PMS_DATA_PVC_NAME
name: a1pms-pv-data-name
+#A1PMS_JWT_START
+ - name: token-cache-volume
+ emptyDir: {}
+#A1PMS_JWT_STOP
# Selector will be set when pod is started first time
nodeSelector:
diff --git a/test/simulator-group/a1pms/application.yaml b/test/simulator-group/a1pms/application.yaml
index b9286b6..a3530b7 100644
--- a/test/simulator-group/a1pms/application.yaml
+++ b/test/simulator-group/a1pms/application.yaml
@@ -69,3 +69,4 @@
http.proxy-host: $A1PMS_HTTP_PROXY_CONFIG_HOST_NAME
http.proxy-port: $A1PMS_HTTP_PROXY_CONFIG_PORT
http.proxy-type: HTTP
+ auth-token-file: $A1PMS_SIDECAR_JWT_FILE
\ No newline at end of file
diff --git a/test/simulator-group/a1pms/application2.yaml b/test/simulator-group/a1pms/application2.yaml
index 18a92e0..05ee278 100644
--- a/test/simulator-group/a1pms/application2.yaml
+++ b/test/simulator-group/a1pms/application2.yaml
@@ -69,3 +69,4 @@
http.proxy-host: $A1PMS_HTTP_PROXY_CONFIG_HOST_NAME
http.proxy-port: $A1PMS_HTTP_PROXY_CONFIG_PORT
http.proxy-type: HTTP
+ auth-token-file: $A1PMS_SIDECAR_JWT_FILE
\ No newline at end of file
diff --git a/test/simulator-group/a1pms/mnt/.gitignore b/test/simulator-group/a1pms/mnt/.gitignore
new file mode 100644
index 0000000..beb0d9b
--- /dev/null
+++ b/test/simulator-group/a1pms/mnt/.gitignore
@@ -0,0 +1,18 @@
+################################################################################
+# Copyright (c) 2021 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*
+!.gitignore
+!db
diff --git a/test/simulator-group/control_panel/mnt/.gitignore b/test/simulator-group/control_panel/mnt/.gitignore
index 72e8ffc..2aac55e 100644
--- a/test/simulator-group/control_panel/mnt/.gitignore
+++ b/test/simulator-group/control_panel/mnt/.gitignore
@@ -1 +1,17 @@
+################################################################################
+# Copyright (c) 2022 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
*
+!.gitignore
diff --git a/test/simulator-group/ics/mnt/.gitignore b/test/simulator-group/ics/mnt/.gitignore
index b94353c..f27872e 100644
--- a/test/simulator-group/ics/mnt/.gitignore
+++ b/test/simulator-group/ics/mnt/.gitignore
@@ -1,5 +1,5 @@
################################################################################
-# Copyright (c) 2021 Nordix Foundation. #
+# Copyright (c) 2022 Nordix Foundation. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
@@ -14,4 +14,5 @@
# limitations under the License. #
################################################################################
*
-!.gitignore
\ No newline at end of file
+!.gitignore
+!db
diff --git a/test/simulator-group/ngw/mnt/.gitignore b/test/simulator-group/ngw/mnt/.gitignore
index 72e8ffc..2aac55e 100644
--- a/test/simulator-group/ngw/mnt/.gitignore
+++ b/test/simulator-group/ngw/mnt/.gitignore
@@ -1 +1,17 @@
+################################################################################
+# Copyright (c) 2022 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
*
+!.gitignore