diff options
author | Krzysztof Gajewski <krzysztof.gajewski@nokia.com> | 2021-02-15 23:41:16 +0100 |
---|---|---|
committer | Marcin Przybysz <marcin.przybysz@nokia.com> | 2021-02-26 14:06:55 +0000 |
commit | aadaad68888217c76e06adf633a4d8b97d39779e (patch) | |
tree | 07ce01704e2744c10eb47f4f8c22de00411d4fa5 | |
parent | c0b6b6cfc2448e9c513107940fba7b46fc6362ed (diff) |
Add JWT support in HTTP/HTTPS based locations - integration
Issue-ID: DCAEGEN2-2536
Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Change-Id: I334c66c025e1f3ef59393c3a0fe69493d4a3b5fa
16 files changed, 200 insertions, 12 deletions
diff --git a/test/mocks/datafilecollector-testharness/common/test_env.sh b/test/mocks/datafilecollector-testharness/common/test_env.sh index d565ea7ed..35d82ab53 100644 --- a/test/mocks/datafilecollector-testharness/common/test_env.sh +++ b/test/mocks/datafilecollector-testharness/common/test_env.sh @@ -57,10 +57,12 @@ SFTP_SIMS_CONTAINER="sftp-server0:22,sftp-server1:22,sftp-server2:22,sftp-server #List of sftp server name and port number, used by MR sim to produce file urls. Theses server names and ports are used when running dfc and the simulators in a private docker network FTPES_SIMS_CONTAINER="ftpes-server-vsftpd0:21,ftpes-server-vsftpd1:21,ftpes-server-vsftpd2:21,ftpes-server-vsftpd3:21,ftpes-server-vsftpd4:21" -#List of http/https/https with no authorization server name and port number, used by MR sim to produce file urls. Theses server names and ports are used when running dfc and the simulators in a private docker network +#List of http/https/https with no authorization/with jwt token server name and port number, used by MR sim to produce file urls. Theses server names and ports are used when running dfc and the simulators in a private docker network HTTP_SIMS_CONTAINER="http-https-server0:80,http-https-server1:80,http-https-server2:80,http-https-server3:80,http-https-server4:80" +HTTP_JWT_SIMS_CONTAINER="http-https-server0:32000,http-https-server1:32000,http-https-server2:32000,http-https-server3:32000,http-https-server4:32000" HTTPS_SIMS_CONTAINER="http-https-server0:443,http-https-server1:443,http-https-server2:443,http-https-server3:443,http-https-server4:443" HTTPS_SIMS_NO_AUTH_CONTAINER="http-https-server0:8080,http-https-server1:8080,http-https-server2:8080,http-https-server3:8080,http-https-server4:8080" +HTTPS_JWT_SIMS_CONTAINER="http-https-server0:32100,http-https-server1:32100,http-https-server2:32100,http-https-server3:32100,http-https-server4:32100" #List of sftp server name and port number, used by MR sim to produce file urls. Theses server names and ports are used when running dfc as stand along app and the simulators in a private docker network SFTP_SIMS_LOCALHOST="localhost:1022,localhost:1023,localhost:1024,localhost:1025,localhost:1026" @@ -68,16 +70,20 @@ SFTP_SIMS_LOCALHOST="localhost:1022,localhost:1023,localhost:1024,localhost:1025 #List of ftpes server name and port number, used by MR sim to produce file urls. Theses server names and ports are used when running dfc as stand along app and the simulators in a private docker network FTPES_SIMS_LOCALHOST="localhost:1032,localhost:1033,localhost:1034,localhost:1035,localhost:1036" -#List of http/https/https with no authorization server name and port number, used by MR sim to produce file urls. Theses server names and ports are used when running dfc as stand along app and the simulators in a private docker network +#List of http/https/https with no authorization/with jwt token server name and port number, used by MR sim to produce file urls. Theses server names and ports are used when running dfc as stand along app and the simulators in a private docker network HTTP_SIMS_LOCALHOST="localhost:81,localhost:82,localhost:83,localhost:84,localhost:85" +HTTP_JWT_SIMS_LOCALHOST="localhost:32001,localhost:32002,localhost:32003,localhost:32004,localhost:32005" HTTPS_SIMS_LOCALHOST="localhost:444,localhost:445,localhost:446,localhost:447,localhost:448" HTTPS_SIMS_NO_AUTH_LOCALHOST="localhost:8081,localhost:8082,localhost:8083,localhost:8084,localhost:8085" +HTTPS_JWT_SIMS_LOCALHOST="localhost:32101,localhost:32102,localhost:32103,localhost:32104,localhost:32105" export SFTP_SIMS=$SFTP_SIMS_CONTAINER #This env will be set to SFTP_SIMS_LOCALHOST if auto test is executed with 'manual-app' export FTPES_SIMS=$FTPES_SIMS_CONTAINER #This env will be set to FTPES_SIMS_LOCALHOST if auto test is executed with 'manual-app' export HTTP_SIMS=$HTTP_SIMS_CONTAINER #This env will be set to HTTP_SIMS_LOCALHOST if auto test is executed with 'manual-app' +export HTTP_JWT_SIMS=$HTTP_JWT_SIMS_CONTAINER #This env will be set to HTTP_JWT_SIMS_LOCALHOST if auto test is executed with 'manual-app' export HTTPS_SIMS=$HTTPS_SIMS_CONTAINER #This env will be set to HTTPS_SIMS_LOCALHOST if auto test is executed with 'manual-app' export HTTPS_SIMS_NO_AUTH=$HTTPS_SIMS_NO_AUTH_CONTAINER #This env will be set to HTTPS_SIMS_NO_AUTH_LOCALHOST if auto test is executed with 'manual-app' +export HTTPS_JWT_SIMS=$HTTPS_JWT_SIMS_CONTAINER #This env will be set to HTTPS_JWT_SIMS_LOCALHOST if auto test is executed with 'manual-app' #Host name of the DR redirect simulator export DR_REDIR_SIM="drsim_redir" #This env will be set to 'localhost' if auto test is executed with arg 'manual-app' diff --git a/test/mocks/datafilecollector-testharness/common/testcase_common.sh b/test/mocks/datafilecollector-testharness/common/testcase_common.sh index a0bc4b4df..47e765f88 100755 --- a/test/mocks/datafilecollector-testharness/common/testcase_common.sh +++ b/test/mocks/datafilecollector-testharness/common/testcase_common.sh @@ -192,8 +192,10 @@ if [ $START_ARG == "manual-app" ]; then export SFTP_SIMS=$SFTP_SIMS_LOCALHOST export FTPES_SIMS=$FTPES_SIMS_LOCALHOST export HTTP_SIMS=$HTTP_SIMS_LOCALHOST + export HTTP_JWT_SIMS=$HTTP_JWT_SIMS_LOCALHOST export HTTPS_SIMS=$HTTPS_SIMS_LOCALHOST export HTTPS_SIMS_NO_AUTH=HTTPS_SIMS_NO_AUTH_LOCALHOST + export HTTPS_JWT_SIMS=$HTTPS_JWT_SIMS_LOCALHOST export DR_REDIR_SIM="localhost" fi #else @@ -537,8 +539,10 @@ log_sim_settings() { echo "SFTP_SIMS= "$SFTP_SIMS echo "FTPES_SIMS= "$FTPES_SIMS echo "HTTP_SIMS= "$HTTP_SIMS + echo "HTTP_JWT_SIMS= "$HTTP_JWT_SIMS echo "HTTPS_SIMS= "$HTTPS_SIMS echo "HTTPS_SIMS_NO_AUTH= "$HTTPS_SIMS_NO_AUTH + echo "HTTPS_JWT_SIMS= "$HTTPS_JWT_SIMS echo "" } diff --git a/test/mocks/datafilecollector-testharness/http-https-server/Dockerfile-http-https b/test/mocks/datafilecollector-testharness/http-https-server/Dockerfile-http-https index c1f85596c..5a5037f3e 100644 --- a/test/mocks/datafilecollector-testharness/http-https-server/Dockerfile-http-https +++ b/test/mocks/datafilecollector-testharness/http-https-server/Dockerfile-http-https @@ -1,15 +1,19 @@ -FROM httpd:alpine +FROM httpd:2.4 -RUN apk update +RUN apt-get update ENV APACHE_LOG_DIR /usr/local/apache2/logs COPY --chown=root:root apache2/conf /usr/local/apache2/conf COPY --chown=root:root apache2/conf/extra /usr/local/apache2/conf/extra +COPY --chown=root:root ./apache2/lib/libjwt.so.1.7.0 /usr/lib/x86_64-linux-gnu/libjwt.so.1 +COPY --chown=root:root ./apache2/modules/mod_authnz_jwt.so /usr/local/apache2/modules/mod_authnz_jwt.so RUN chmod 644 /usr/local/apache2/conf/.htpasswd RUN chmod 644 /usr/local/apache2/conf/httpd.conf RUN chmod 644 /usr/local/apache2/conf/extra/httpd-ssl.conf +RUN chmod 644 /usr/lib/x86_64-linux-gnu/libjwt.so.1 +RUN chmod 644 /usr/local/apache2/modules/mod_authnz_jwt.so RUN mkdir /usr/local/apache2/certs RUN chown root:root /usr/local/apache2/certs diff --git a/test/mocks/datafilecollector-testharness/http-https-server/README.md b/test/mocks/datafilecollector-testharness/http-https-server/README.md index 77e701175..7902c09d9 100644 --- a/test/mocks/datafilecollector-testharness/http-https-server/README.md +++ b/test/mocks/datafilecollector-testharness/http-https-server/README.md @@ -30,3 +30,8 @@ by using 'docker ps' and stop them if necessary. # Cleaning docker structure Deep cleaning: `docker system prune` + +# mod_authnz_jwt.so + +External library `mod_authnz_jwt.so` was added to the Apache server. This library wasn't changed in any way. +This library is supplied under the Apache License, Version 2.0 (the "License"). diff --git a/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/extra/httpd-ssl.conf b/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/extra/httpd-ssl.conf index f4caf357e..24cf51da3 100644 --- a/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/extra/httpd-ssl.conf +++ b/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/extra/httpd-ssl.conf @@ -1,5 +1,6 @@ Listen 443 Listen 8080 +Listen 32100 SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLProxyProtocol all -SSLv3 @@ -63,3 +64,36 @@ SSLSessionCacheTimeout 300 SSLCertificateFile /usr/local/apache2/certs/keystore.pem SSLCertificateKeyFile /usr/local/apache2/certs/key.pem </VirtualHost> +<VirtualHost *:32100> + + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + AuthJWTSignatureAlgorithm HS256 + AuthJWTSignatureSharedSecret Q0hBTkdFTUU= + AuthJWTIss onap + <Directory "/usr/local/apache2/htdocs"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AuthType jwt + AuthName "Restricted Content" + Require valid-user + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.*) + RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + SSLCACertificateFile /usr/local/apache2/certs/truststore.pem + SSLCertificateFile /usr/local/apache2/certs/keystore.pem + SSLCertificateKeyFile /usr/local/apache2/certs/key.pem +</VirtualHost> diff --git a/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/httpd.conf b/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/httpd.conf index ef3ce95f7..58892c461 100644 --- a/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/httpd.conf +++ b/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/httpd.conf @@ -50,6 +50,7 @@ ServerRoot "/usr/local/apache2" # #Listen 12.34.56.78:80 Listen 80 +Listen 32000 # # Dynamic Shared Object (DSO) Support @@ -63,6 +64,7 @@ Listen 80 # Example: # LoadModule foo_module modules/mod_foo.so # +LoadModule auth_jwt_module modules/mod_authnz_jwt.so LoadModule mpm_event_module modules/mod_mpm_event.so #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so #LoadModule mpm_worker_module modules/mod_mpm_worker.so @@ -196,7 +198,7 @@ LoadModule dir_module modules/mod_dir.so #LoadModule speling_module modules/mod_speling.so #LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so -#LoadModule rewrite_module modules/mod_rewrite.so +LoadModule rewrite_module modules/mod_rewrite.so <IfModule unixd_module> # @@ -299,6 +301,31 @@ ServerAdmin you@example.com AuthUserFile /usr/local/apache2/conf/.htpasswd Require valid-user </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> +<VirtualHost *:32000> + + ServerAdmin httpserver-onap.org + DocumentRoot "/usr/local/apache2/htdocs" + + AuthJWTSignatureAlgorithm HS256 + AuthJWTSignatureSharedSecret Q0hBTkdFTUU= + AuthJWTIss onap + <Directory "/usr/local/apache2/htdocs"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AuthType jwt + AuthName "Restricted Content" + Require valid-user + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.*) + RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> # # DirectoryIndex: sets the file that Apache will serve if a directory diff --git a/test/mocks/datafilecollector-testharness/http-https-server/apache2/lib/libjwt.so.1.7.0 b/test/mocks/datafilecollector-testharness/http-https-server/apache2/lib/libjwt.so.1.7.0 Binary files differnew file mode 100755 index 000000000..b22c52786 --- /dev/null +++ b/test/mocks/datafilecollector-testharness/http-https-server/apache2/lib/libjwt.so.1.7.0 diff --git a/test/mocks/datafilecollector-testharness/http-https-server/apache2/modules/mod_authnz_jwt.so b/test/mocks/datafilecollector-testharness/http-https-server/apache2/modules/mod_authnz_jwt.so Binary files differnew file mode 100644 index 000000000..2e2e834e0 --- /dev/null +++ b/test/mocks/datafilecollector-testharness/http-https-server/apache2/modules/mod_authnz_jwt.so diff --git a/test/mocks/datafilecollector-testharness/http-https-server/docker-compose.yml b/test/mocks/datafilecollector-testharness/http-https-server/docker-compose.yml index 09b698f89..4e6263ee7 100644 --- a/test/mocks/datafilecollector-testharness/http-https-server/docker-compose.yml +++ b/test/mocks/datafilecollector-testharness/http-https-server/docker-compose.yml @@ -4,17 +4,21 @@ services: http-https-server: container_name: http-https-server-httpd - image: httpd:alpine + image: httpd:2.4 environment: APACHE_LOG_DIR: /usr/local/apache2/logs ports: - "80:80" - "443:443" - "8080:8080" + - "32000:32000" + - "32100:32100" volumes: - ./apache2/conf/.htpasswd:/usr/local/apache2/conf/.htpasswd:ro - ./apache2/conf/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro - ./apache2/conf/extra/httpd-ssl.conf:/usr/local/apache2/conf/extra/httpd-ssl.conf:ro + - ./apache2/lib/libjwt.so.1.7.0:/usr/lib/x86_64-linux-gnu/libjwt.so.1:ro + - ./apache2/modules/mod_authnz_jwt.so:/usr/local/apache2/modules/mod_authnz_jwt.so:ro - ./../certservice/generated-certs/apache-pem:/usr/local/apache2/certs:ro - ./files/onap/http:/usr/local/apache2/htdocs restart: on-failure diff --git a/test/mocks/datafilecollector-testharness/mr-sim/README.md b/test/mocks/datafilecollector-testharness/mr-sim/README.md index a8d2b7aaa..11f53df95 100644 --- a/test/mocks/datafilecollector-testharness/mr-sim/README.md +++ b/test/mocks/datafilecollector-testharness/mr-sim/README.md @@ -33,7 +33,9 @@ The following envrionment vaiables are used: - **FTPES_SIMS** - A comma-separated list of hostname:port for the FTP servers to generate ftpes file urls for. If not set MR sim will assume 'localhost:21'. Minimum 1 and maximum 5 host-port pairs can be given. - **SFTP_SIMS** - A comma-separated list of hostname:port for the FTP servers to generate sftp file urls for. If not set MR sim will assume 'localhost:1022'. Minimum 1 and maximum 5 host-port pairs can be given. - **HTTP_SIMS** - A comma-separated list of hostname:port for the HTTP servers to generate http file urls for. If not set MR sim will assume 'localhost:81'. Minimum 1 and maximum 5 host-port pairs can be given. +- **HTTP_JWT_SIMS** - A comma-separated list of hostname:port for the HTTP servers (using JWT token for authentication) to generate http file urls for. If not set MR sim will assume 'localhost:32000'. Minimum 1 and maximum 5 host-port pairs can be given. - **HTTPS_SIMS** - A comma-separated list of hostname:port for the HTTPS servers (configured for client certificate authentication and basic authentication; certificates were obtained using CMPv2 server) to generate http file urls for. If not set MR sim will assume 'localhost:444'. Minimum 1 and maximum 5 host-port pairs can be given. +- **HTTPS_JWT_SIMS** - A comma-separated list of hostname:port for the HTTPS servers (using JWT token for authentication) to generate http file urls for. If not set MR sim will assume 'localhost:32100'. Minimum 1 and maximum 5 host-port pairs can be given. - **HTTPS_SIMS_NO_AUTH** - A comma-separated list of hostname:port for the HTTPS servers with no autorization to generate http file urls for. If not set MR sim will assume 'localhost:8081'. Minimum 1 and maximum 5 host-port pairs can be given. - **NUM_FTP_SERVERS** - Number of FTP servers to use out of those specified in the envrioment variables above. The number shall be in the range 1-5. - **NUM_HTTP_SERVERS** - Number of HTTP/HTTPS/HTTPS with no authorization servers to use out of those specified in the envrioment variables above. The number shall be in the range 1-5. @@ -183,7 +185,7 @@ Changing the first digit in tc number will change the test case to run FTPES or TC2XX is same as TC1XX but with FTPES, TC3XX is same as TC1XX but with HTTP, TC4XX is same as TC1XX but with HTTPS (with basic authorization). Note, in the case of HTTPS, some tests may not have direct correspondence in FTP tests -(TC403, TC404 described in the end of this section). +(TC303, TC403, TC404, TC405 described in the end of this section). TC6XX is same as TC5XX but with FTPES @@ -191,10 +193,14 @@ TC8XX is same as TC7XX but with FTPES TC2XXX is same as TC1XXX but with FTPES +TC303 - One ME, HTTP with JWT authentication, 1 1MB file, 1 event + TC403 - One ME, HTTPS with client certificate authentication, 1 1MB file, 1 event TC404 - One ME, HTTPS with no client authentication, 1 1MB file, 1 event +TC405 - One ME, HTTPS with JWT authentication, 1 1MB file, 1 event + ## Developer workflow 1. `sudo apt install python3-venv` diff --git a/test/mocks/datafilecollector-testharness/mr-sim/mr-sim.py b/test/mocks/datafilecollector-testharness/mr-sim/mr-sim.py index 323dde618..cdf9bad4a 100644 --- a/test/mocks/datafilecollector-testharness/mr-sim/mr-sim.py +++ b/test/mocks/datafilecollector-testharness/mr-sim/mr-sim.py @@ -30,8 +30,12 @@ ftpes_hosts = [] ftpes_ports = [] http_hosts = [] http_ports = [] +http_jwt_hosts = [] +http_jwt_ports = [] https_hosts = [] https_ports = [] +https_jwt_hosts = [] +https_jwt_ports = [] https_hosts_no_auth = [] https_ports_no_auth = [] num_ftp_servers = 1 @@ -538,6 +542,8 @@ def MR_reply(consumerGroup, consumerId): return tc100(groupIndex, changeId, filePrefix, "http", "5MB") elif args.tc302: return tc100(groupIndex, changeId, filePrefix, "http", "50MB") + elif args.tc303: + return tc100(groupIndex, changeId, filePrefix, "httpJWT", "1MB") elif args.tc400: return tc100(groupIndex, changeId, filePrefix, "https", "1MB") @@ -549,6 +555,8 @@ def MR_reply(consumerGroup, consumerId): return tc100(groupIndex, changeId, filePrefix, "httpsCAuth", "1MB") elif args.tc404: return tc100(groupIndex, changeId, filePrefix, "httpsNoAuth", "1MB") + elif args.tc405: + return tc100(groupIndex, changeId, filePrefix, "httpsJWT", "1MB") #### Test case functions @@ -573,6 +581,9 @@ def tc100(groupIndex, changeId, filePrefix, schemeType, fileSize): or (schemeType == "httpsCAuth") or (schemeType == "httpsNoAuth"): msg = getEventHead(groupIndex, changeId, nodeName) + getEventName(fileName, schemeType, "demo", "demo123456!", nodeIndex) + getEventEnd() + if (schemeType == "httpJWT") or (schemeType == "httpsJWT"): + msg = getEventHead(groupIndex, changeId, nodeName) + getEventName(fileName, schemeType, "", "", + nodeIndex) + getEventEnd() fileMap[groupIndex][seqNr * hash(filePrefix)] = seqNr ctr_events[groupIndex] = ctr_events[groupIndex] + 1 return buildOkResponse("[" + msg + "]") @@ -1220,6 +1231,7 @@ def getEventName(fn, type, user, passwd, nodeIndex): port = sftp_ports[nodeIndex] ip = sftp_hosts[nodeIndex] location_variant = type + """://""" + user + """:""" + passwd + """@""" + ip + """:""" + str(port) + token = "" if type == "ftpes": port = ftpes_ports[nodeIndex] ip = ftpes_hosts[nodeIndex] @@ -1229,11 +1241,25 @@ def getEventName(fn, type, user, passwd, nodeIndex): port = http_ports[nodeIndex] ip = http_hosts[nodeIndex] location_variant = type + """://""" + user + """:""" + passwd + """@""" + ip + """:""" + str(port) + elif type == "httpJWT": + alt_type = "http" + nodeIndex = nodeIndex % num_http_servers + port = http_jwt_ports[nodeIndex] + ip = http_jwt_hosts[nodeIndex] + location_variant = alt_type + """://""" + ip + """:""" + str(port) + token = "?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwidXNlciI6Imp3dFVzZXIiLCJpc3MiOiJvbmFwIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjk5OTk5OTk5OTksIm5iZiI6MTUxNjIzOTAyMn0.dZUtnGlr6Z42MehhZTGHYSVFaAggRjob9GyvnGpEc6o" elif type == "https": nodeIndex = nodeIndex % num_http_servers port = https_ports[nodeIndex] ip = https_hosts[nodeIndex] location_variant = type + """://""" + user + """:""" + passwd + """@""" + ip + """:""" + str(port) + elif type == "httpsJWT": + alt_type = "https" + nodeIndex = nodeIndex % num_http_servers + port = https_jwt_ports[nodeIndex] + ip = https_jwt_hosts[nodeIndex] + location_variant = alt_type + """://""" + ip + """:""" + str(port) + token = "?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkZW1vIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjk5OTk5OTk5OTksIm5iZiI6MTUxNjIzOTAyMH0.vyktOJyCMVvJXEfImBuZCTaEifrvH0kXeAPpnHakffA" elif type == "httpsCAuth": alt_type = "https" port = https_ports[nodeIndex] @@ -1249,7 +1275,7 @@ def getEventName(fn, type, user, passwd, nodeIndex): "name": \"""" + fn + """", "hashMap": { "fileFormatType": "org.3GPP.32.435#measCollec", - "location": \"""" + location_variant + """/""" + fn + """", + "location": \"""" + location_variant + """/""" + fn + token + """", "fileFormatVersion": "V10", "compression": "gzip" } @@ -1292,18 +1318,22 @@ if __name__ == "__main__": sftp_sims = os.environ.get('SFTP_SIMS', 'localhost:1022') ftpes_sims = os.environ.get('FTPES_SIMS', 'localhost:21') http_sims = os.environ.get('HTTP_SIMS', 'localhost:81') + http_jwt_sims = os.environ.get('HTTP_JWT_SIMS', 'localhost:32000') https_sims = os.environ.get('HTTPS_SIMS', 'localhost:444') https_sims_no_auth = os.environ.get('HTTPS_SIMS_NO_AUTH', 'localhost:8081') + https_jwt_sims = os.environ.get('HTTPS_JWT_SIMS', 'localhost:32100') num_ftp_servers = int(os.environ.get('NUM_FTP_SERVERS', 1)) num_http_servers = int(os.environ.get('NUM_HTTP_SERVERS', 1)) print("Configured sftp sims: " + sftp_sims) print("Configured ftpes sims: " + ftpes_sims) print("Configured http sims: " + http_sims) + print("Configured http JWT sims: " + http_jwt_sims) print("Configured https sims: " + https_sims) print("Configured https with no authorization sims: " + https_sims_no_auth) + print("Configured https JWT sims: " + https_jwt_sims) print("Configured number of ftp servers: " + str(num_ftp_servers)) - print("Configured number of http/https/https with no auth servers: " + str(num_http_servers) + " each") + print("Configured number of http/https/https with no auth/JWT servers: " + str(num_http_servers) + " each") tmp = sftp_sims.split(',') for i in range(len(tmp)): @@ -1323,12 +1353,24 @@ if __name__ == "__main__": http_hosts.append(hp[0]) http_ports.append(hp[1]) + tmp = http_jwt_sims.split(',') + for i in range(len(tmp)): + hp = tmp[i].split(':') + http_jwt_hosts.append(hp[0]) + http_jwt_ports.append(hp[1]) + tmp = https_sims.split(',') for i in range(len(tmp)): hp = tmp[i].split(':') https_hosts.append(hp[0]) https_ports.append(hp[1]) + tmp = https_jwt_sims.split(',') + for i in range(len(tmp)): + hp = tmp[i].split(':') + https_jwt_hosts.append(hp[0]) + https_jwt_ports.append(hp[1]) + tmp = https_sims_no_auth.split(',') for i in range(len(tmp)): hp = tmp[i].split(':') @@ -1697,6 +1739,10 @@ if __name__ == "__main__": '--tc302', action='store_true', help='TC302 - One ME, HTTP, 1 50MB file, 1 event') + parser.add_argument( + '--tc303', + action='store_true', + help='TC303 - One ME, HTTP JWT, 1 1MB file, 1 event') # HTTPS TCs with single ME parser.add_argument( @@ -1719,6 +1765,10 @@ if __name__ == "__main__": '--tc404', action='store_true', help='TC404 - One ME, HTTPS no client authentication, 1 1MB file, 1 event') + parser.add_argument( + '--tc405', + action='store_true', + help='TC405 - One ME, HTTPS JWT, 1 1MB file, 1 event') args = parser.parse_args() @@ -1860,6 +1910,8 @@ if __name__ == "__main__": tc_num = "TC# 301" elif args.tc302: tc_num = "TC# 302" + elif args.tc303: + tc_num = "TC# 303" elif args.tc400: tc_num = "TC# 400" @@ -1871,6 +1923,8 @@ if __name__ == "__main__": tc_num = "TC# 403" elif args.tc404: tc_num = "TC# 404" + elif args.tc405: + tc_num = "TC# 405" else: print("No TC was defined") @@ -1891,6 +1945,10 @@ if __name__ == "__main__": print("Using " + str(http_hosts[i]) + ":" + str(http_ports[i]) + " for http server with index " + str( i) + " for http server address and port in file urls.") + for i in range(len(http_jwt_hosts)): + print("Using " + str(http_jwt_hosts[i]) + ":" + str(http_jwt_ports[i]) + " for http jwt server with index " + str( + i) + " for http jwt server address and port in file urls.") + for i in range(len(https_hosts)): print("Using " + str(https_hosts[i]) + ":" + str(https_ports[i]) + " for https server with index " + str( i) + " for https server address and port in file urls.") @@ -1900,9 +1958,13 @@ if __name__ == "__main__": + " for https server with no authentication with index " + str(i) + " for https server address and port in file urls.") + for i in range(len(https_jwt_hosts)): + print("Using " + str(https_jwt_hosts[i]) + ":" + str(https_jwt_ports[i]) + " for https jwt server with index " + str( + i) + " for https jwt server address and port in file urls.") + print("Using up to " + str(num_ftp_servers) + " ftp servers, for each protocol for PNFs.") print("Using up to " + str(num_http_servers) - + " http/https/https with no auth servers, for each protocol for PNFs.") + + " http/https/https with no auth/jwt servers, for each protocol for PNFs.") def https_app(**kwargs): diff --git a/test/mocks/datafilecollector-testharness/simulator-group/README.md b/test/mocks/datafilecollector-testharness/simulator-group/README.md index 98b26bc86..545776a24 100644 --- a/test/mocks/datafilecollector-testharness/simulator-group/README.md +++ b/test/mocks/datafilecollector-testharness/simulator-group/README.md @@ -102,7 +102,7 @@ in the script need to be manually adapted to for each specific simulator behavio parameters. All simulators will be started with the generated docker-compose.yml file -To generate an ftp/http/https url with an IP different from localhost, set the SFTP_SIM_IP and/or FTPES_SIM_IP and/or HTTP_SIM_IP and/or HTTPS_SIM_IP and/or HTTPS_SIM_NO_AUTH_IP env variables to the address(es) of the ftp/http/https servers before starting. +To generate an ftp/http/https url with an IP different from localhost, set the SFTP_SIM_IP and/or FTPES_SIM_IP and/or HTTP_SIM_IP and/or HTTPS_SIM_IP and/or HTTPS_SIM_NO_AUTH_IP and/or HTTP_JWT_SIM_IP and/or HTTPS_JWT_SIM_IP env variables to the address(es) of the ftp/http/https servers before starting. So far, this only works when the simulator python script is started from the command line. Kill all the containers with `simulators-kill.se` diff --git a/test/mocks/datafilecollector-testharness/simulator-group/docker-compose-setup.sh b/test/mocks/datafilecollector-testharness/simulator-group/docker-compose-setup.sh index d5b36ec58..9f531f447 100755 --- a/test/mocks/datafilecollector-testharness/simulator-group/docker-compose-setup.sh +++ b/test/mocks/datafilecollector-testharness/simulator-group/docker-compose-setup.sh @@ -40,8 +40,10 @@ export BASIC_AUTH_PASSWORD=demo123456! export SFTP_SIMS="localhost:21,localhost:22,localhost:23,localhost:24,localhost:25" # Comma separated list for SFTP servers host:port export FTPES_SIMS="localhost:1022,localhost:1023,localhost:1024,localhost:1026,localhost:1026" # Comma separated list for FTPES servers host:port export HTTP_SIMS="localhost:81,localhost:82,localhost:83,localhost:84,localhost:85" # Comma separated list for HTTP servers host:port +export HTTP_JWT_SIMS="localhost:32001,localhost:32002,localhost:32003,localhost:32004,localhost:32005" # Comma separated list for HTTP JWT servers host:port export HTTPS_SIMS="localhost:444,localhost:445,localhost:446,localhost:447,localhost:448" # Comma separated list for HTTPS (enabling client certificate authorization and basic authorization) servers host:port export HTTPS_SIMS_NO_AUTH="localhost:8081,localhost:8082,localhost:8083,localhost:8084,localhost:8085" # Comma separated list for HTTPS (with no authorization) servers host:port +export HTTPS_JWT_SIMS="localhost:32101,localhost:32102,localhost:32103,localhost:32104,localhost:32105" # Comma separated list for HTTPS JWT servers host:port export DR_REDIR_SIM="localhost" # Hostname of DR redirect server diff --git a/test/mocks/datafilecollector-testharness/simulator-group/docker-compose-template.yml b/test/mocks/datafilecollector-testharness/simulator-group/docker-compose-template.yml index 537012afb..7193c6ce2 100644 --- a/test/mocks/datafilecollector-testharness/simulator-group/docker-compose-template.yml +++ b/test/mocks/datafilecollector-testharness/simulator-group/docker-compose-template.yml @@ -78,8 +78,10 @@ services: SFTP_SIMS: ${SFTP_SIMS} FTPES_SIMS: ${FTPES_SIMS} HTTP_SIMS: ${HTTP_SIMS} + HTTP_JWT_SIMS: ${HTTP_JWT_SIMS} HTTPS_SIMS: ${HTTPS_SIMS} HTTPS_SIMS_NO_AUTH: ${HTTPS_SIMS_NO_AUTH} + HTTPS_JWT_SIMS: ${HTTPS_JWT_SIMS} NUM_FTP_SERVERS: ${NUM_FTP_SERVERS} NUM_HTTP_SERVERS: ${NUM_HTTP_SERVERS} MR_GROUPS: ${MR_GROUPS} @@ -239,6 +241,8 @@ services: - "81:80" - "444:443" - "8081:8080" + - "32001:32000" + - "32101:32100" restart: on-failure volumes: - ./../certservice/generated-certs/apache-pem:/usr/local/apache2/certs/:rw @@ -252,6 +256,8 @@ services: - "82:80" - "445:443" - "8082:8080" + - "32002:32000" + - "32102:32100" restart: on-failure volumes: - ./../certservice/generated-certs/apache-pem:/usr/local/apache2/certs/:rw @@ -265,6 +271,8 @@ services: - "83:80" - "446:443" - "8083:8080" + - "32003:32000" + - "32103:32100" restart: on-failure volumes: - ./../certservice/generated-certs/apache-pem:/usr/local/apache2/certs/:rw @@ -278,6 +286,8 @@ services: - "84:80" - "447:443" - "8084:8080" + - "32004:32000" + - "32104:32100" restart: on-failure volumes: - ./../certservice/generated-certs/apache-pem:/usr/local/apache2/certs/:rw @@ -291,6 +301,8 @@ services: - "85:80" - "448:443" - "8085:8080" + - "32005:32000" + - "32105:32100" restart: on-failure volumes: - ./../certservice/generated-certs/apache-pem:/usr/local/apache2/certs/:rw diff --git a/test/mocks/datafilecollector-testharness/simulator-group/setup-http-files-for-image.sh b/test/mocks/datafilecollector-testharness/simulator-group/setup-http-files-for-image.sh index 9d54bc3ef..1a83dd143 100755 --- a/test/mocks/datafilecollector-testharness/simulator-group/setup-http-files-for-image.sh +++ b/test/mocks/datafilecollector-testharness/simulator-group/setup-http-files-for-image.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/usr/bin/env bash # Script to create files for the HTTP server to return upon request. # The file names matches the files names in the events polled from the MR simulator. diff --git a/test/mocks/datafilecollector-testharness/simulator-group/simulators-start.sh b/test/mocks/datafilecollector-testharness/simulator-group/simulators-start.sh index 69d47354e..71767ffa9 100755 --- a/test/mocks/datafilecollector-testharness/simulator-group/simulators-start.sh +++ b/test/mocks/datafilecollector-testharness/simulator-group/simulators-start.sh @@ -45,6 +45,18 @@ http_https_server_check() { echo "Simulator " $1 " on localhost:$2 - no response" } +http_https_jwt_server_check() { + for i in {1..10}; do + res=$(curl $4 -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkZW1vIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjk5OTk5OTk5OTksIm5iZiI6MTUxNjIzOTAyMH0.vyktOJyCMVvJXEfImBuZCTaEifrvH0kXeAPpnHakffA' -s -o /dev/null -w "%{http_code}" $3://localhost:$2) + if [ $res -gt 199 ] && [ $res -lt 300 ]; then + echo "Simulator " $1 " on localhost:$2 responded ok" + return + fi + sleep 1 + done + echo "Simulator " $1 " on localhost:$2 - no response" +} + server_check_https() { for i in {1..10}; do res=$(curl -k -s -o /dev/null -w "%{http_code}" https://localhost:$2$3) @@ -199,6 +211,11 @@ http_https_basic_server_check "HTTP basic auth server 1" 82 http http_https_basic_server_check "HTTP basic auth server 2" 83 http http_https_basic_server_check "HTTP basic auth server 3" 84 http http_https_basic_server_check "HTTP basic auth server 4" 85 http +http_https_jwt_server_check "HTTP JWT server 0" 32001 http +http_https_jwt_server_check "HTTP JWT server 1" 32002 http +http_https_jwt_server_check "HTTP JWT server 2" 32003 http +http_https_jwt_server_check "HTTP JWT server 3" 32004 http +http_https_jwt_server_check "HTTP JWT server 4" 32005 http http_https_basic_server_check "HTTPS basic auth server 0" 444 https -k http_https_basic_server_check "HTTPS basic auth server 1" 445 https -k http_https_basic_server_check "HTTPS basic auth server 2" 446 https -k @@ -214,6 +231,11 @@ http_https_server_check "HTTPS no auth server 1" 8082 https -k http_https_server_check "HTTPS no auth server 2" 8083 https -k http_https_server_check "HTTPS no auth server 3" 8084 https -k http_https_server_check "HTTPS no auth server 4" 8085 https -k +http_https_jwt_server_check "HTTPS JWT server 0" 32101 https -k +http_https_jwt_server_check "HTTPS JWT server 1" 32102 https -k +http_https_jwt_server_check "HTTPS JWT server 2" 32103 https -k +http_https_jwt_server_check "HTTPS JWT server 3" 32104 https -k +http_https_jwt_server_check "HTTPS JWT server 4" 32105 https -k echo "" |