service-exposure/rapps-rapp-invoker.go

// -
//   ========================LICENSE_START=================================
//   O-RAN-SC
//   %%
//   Copyright (C) 2022: Nordix Foundation
//   %%
//   Licensed under the Apache License, Version 2.0 (the "License");
//   you may not use this file except in compliance with the License.
//   You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//   Unless required by applicable law or agreed to in writing, software
//   distributed under the License is distributed on an "AS IS" BASIS,
//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//   See the License for the specific language governing permissions and
//   limitations under the License.
//   ========================LICENSE_END===================================
//
package main

import (
	"bytes"
	"context"
	"encoding/json"
	"flag"
	"fmt"
	"io/ioutil"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	kubernetes "k8s.io/client-go/kubernetes"
	"k8s.io/client-go/rest"
	"net/http"
	"net/url"
	"strings"
	"time"
)

type Jwttoken struct {
	Access_token       string
	Expires_in         int
	Refresh_expires_in int
	Refresh_token      string
	Token_type         string
	Not_before_policy  int
	Session_state      string
	Scope              string
}

var gatewayHost string
var gatewayPort string
var keycloakHost string
var keycloakPort string
var securityEnabled string
var useGateway string
var role string
var rapp string
var methods string
var healthy bool = true
var ttime time.Time
var jwt Jwttoken

const (
  namespace = "istio-nonrtric"
)

func getToken(secretName string) string {
	if ttime.Before(time.Now()) {
		clientSecret, clientId, realmName := getSecret(secretName)
		keycloakUrl := "http://" + keycloakHost + ":" + keycloakPort + "/auth/realms/" + realmName + "/protocol/openid-connect/token"
		resp, err := http.PostForm(keycloakUrl,
			url.Values{"client_secret": {clientSecret}, "grant_type": {"client_credentials"}, "client_id": {clientId}})
		if err != nil {
			fmt.Println(err)
			panic("Something wrong with the credentials or url ")
		}
		defer resp.Body.Close()
		body, err := ioutil.ReadAll(resp.Body)
		json.Unmarshal([]byte(body), &jwt)
		ttime = time.Now()
		ttime = ttime.Add(time.Second * time.Duration(jwt.Expires_in))
	}
	return jwt.Access_token
}

func getSecret(secretName string) (string, string, string) {
        clientset := connectToK8s()
        res, err := clientset.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, metav1.GetOptions{})
        if err != nil {
                fmt.Println(err.Error())
        }
        return string(res.Data["client_secret"]), string(res.Data["client_id"]), string(res.Data["realm"])
}

func MakeRequest(client *http.Client, prefix string, method string, ch chan string) {
	var service = strings.Split(prefix, "/")[1]
	var gatewayUrl = "http://" + gatewayHost + ":" + gatewayPort
	var token = ""
	var jsonValue []byte = []byte{}
	var restUrl string = ""

	if securityEnabled == "true" {
		secretName := role + "-secret"
		token = getToken(secretName)
	} else {
		useGateway = "N"
	}

	if strings.ToUpper(useGateway) != "Y" {
		gatewayUrl = "http://" + service + "."+namespace+":80"
		prefix = ""
	}

	restUrl = gatewayUrl + prefix

	req, err := http.NewRequest(method, restUrl, bytes.NewBuffer(jsonValue))
	if err != nil {
		fmt.Printf("Got error %s", err.Error())
	}
	req.Header.Set("Content-type", "application/json")
	req.Header.Set("Authorization", "Bearer "+token)

	resp, err := client.Do(req)
	if err != nil {
		fmt.Printf("Got error %s", err.Error())
	}
	defer resp.Body.Close()
	body, _ := ioutil.ReadAll(resp.Body)
	respString := string(body[:])
	if respString == "RBAC: access denied" {
		respString += " for " + service + " " + strings.ToLower(method) + " request"
	}
	fmt.Printf("Received response for %s %s request - %s\n", service, strings.ToLower(method), respString)
	ch <- prefix + "," + method
}

func connectToK8s() *kubernetes.Clientset {
	config, err := rest.InClusterConfig()
	if err != nil {
		fmt.Println("failed to create K8s config")
	}

	clientset, err := kubernetes.NewForConfig(config)
	if err != nil {
		fmt.Println("Failed to create K8s clientset")
	}

	return clientset
}

func health(res http.ResponseWriter, req *http.Request) {
	if healthy {
		res.WriteHeader(http.StatusOK)
		res.Write([]byte("healthy"))
	} else {
		res.WriteHeader(http.StatusInternalServerError)
		res.Write([]byte("unhealthy"))
	}
}

func main() {
	ttime = time.Now()
	time.Sleep(1 * time.Second)
	flag.StringVar(&gatewayHost, "gatewayHost", "istio-ingressgateway.istio-system", "Gateway Host")
	flag.StringVar(&gatewayPort, "gatewayPort", "80", "Gateway Port")
	flag.StringVar(&keycloakHost, "keycloakHost", "istio-ingressgateway.istio-system", "Keycloak Host")
	flag.StringVar(&keycloakPort, "keycloakPort", "80", "Keycloak Port")
	flag.StringVar(&useGateway, "useGateway", "Y", "Connect to services through API gateway")
	flag.StringVar(&securityEnabled, "securityEnabled", "true", "Security is required to use this application")
	flag.StringVar(&role, "role", "provider-viewer", "Role granted to application")
	flag.StringVar(&rapp, "rapp", "rapp-provider", "Name of rapp to invoke")
	flag.StringVar(&methods, "methods", "GET", "Methods to access application")
	flag.Parse()

	healthHandler := http.HandlerFunc(health)
	http.Handle("/health", healthHandler)
	go func() {
		http.ListenAndServe(":9000", nil)
	}()

	client := &http.Client{
		Timeout: time.Second * 10,
	}

	ch := make(chan string)
	var prefixArray []string = []string{"/" + rapp}
	var methodArray []string = []string{methods}
	for _, prefix := range prefixArray {
		for _, method := range methodArray {
			go MakeRequest(client, prefix, method, ch)
		}
	}

	ioutil.WriteFile("init.txt", []byte("Initialization done."), 0644)

	for r := range ch {
		go func(resp string) {
			time.Sleep(10 * time.Second)
			elements := strings.Split(resp, ",")
			prefix := elements[0]
			method := elements[1]
			MakeRequest(client, prefix, method, ch)
		}(r)
	}

}