From 7828d8c0474c4f5da2b156804bf944f39b10c3c1 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Sat, 31 May 2025 19:18:49 +0100 Subject: [PATCH 01/18] JIRA: IDUN-162278 IDUN-165439 mtls hello world python --- csar/OtherDefinitions/SecurityManagement/metadata.json | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 csar/OtherDefinitions/SecurityManagement/metadata.json diff --git a/csar/OtherDefinitions/SecurityManagement/metadata.json b/csar/OtherDefinitions/SecurityManagement/metadata.json new file mode 100644 index 0000000..e3f8d86 --- /dev/null +++ b/csar/OtherDefinitions/SecurityManagement/metadata.json @@ -0,0 +1,3 @@ +{ + "authenticatorType": "client-x509" +} \ No newline at end of file From ddf3545952749fea874cd1a9d3897d2a8349d198 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Tue, 3 Jun 2025 17:21:12 +0100 Subject: [PATCH 02/18] HelloWorld Python App Signed-off-by: erjxsrn --- Dockerfile | 2 +- README.md | 177 +++++++++++++----- .../Chart.yaml | 2 +- .../eric-product-info.yaml | 4 +- .../templates/deployment/deployment.yaml | 2 + .../values.yaml | 5 +- csar/Definitions/AppDescriptor.yaml | 16 +- .../eric-oss-hello-world-python-appASD.yaml | 4 +- eric-oss-hello-world-python-app/config.py | 4 +- eric-oss-hello-world-python-app/login.py | 23 ++- 10 files changed, 176 insertions(+), 63 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6dca988..6a50106 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM +FROM python:3.13-slim ARG USER_ID=60577 ARG USER_NAME="eric-sdk" diff --git a/README.md b/README.md index 6999855..cefc819 100644 --- a/README.md +++ b/README.md @@ -205,8 +205,8 @@ Example of command result: { "fileName": "helloworldAppPackage.csar", "onboardingJob": { - "id": "a2f0a43d-730a-4991-8481-746c3e76556e", - "href": "app-onboarding/v2/onboarding-jobs/a2f0a43d-730a-4991-8481-746c3e76556e" + "id": "af036040-a732-4af9-b65a-8103da56c35c", + "href": "/onboarding-jobs/af036040-a732-4af9-b65a-8103da56c35c" } } ``` @@ -229,37 +229,43 @@ Example of command result: ```json { - "id": "a2f0a43d-730a-4991-8481-746c3e76556e", + "id": "af036040-a732-4af9-b65a-8103da56c35c", "fileName": "helloworldAppPackage.csar", "packageVersion": "3.1.1-0", - "packageSize": "53.1282MiB", + "packageSize": "51.7659MiB", "vendor": "Ericsson", "type": "rApp", - "onboardStartedAt": "2024-09-13T09:48:53.239542Z", + "onboardStartedAt": "2025-05-31T13:51:56.616Z", "status": "ONBOARDED", - "onboardEndedAt": "2024-09-13T09:49:01.299826Z", + "onboardEndedAt": "2025-05-31T13:51:59.955Z", "events": [ { "type": "INFO", - "title": "Stored 1 out of 3 artifacts", - "detail": "Uploaded eric-oss-hello-world-python-app", - "occurredAt": "2024-09-13T09:48:57.556164Z" + "title": "Stored 1 out of 4 artifacts", + "detail": "Uploaded eric-oss-hello-world-python-appASD.yaml", + "occurredAt": "2025-05-31T13:51:58.042Z" }, { "type": "INFO", - "title": "Stored 2 out of 3 artifacts", - "detail": "Uploaded eric-oss-hello-world-python-appASD.yaml", - "occurredAt": "2024-09-13T09:48:57.556165Z" + "title": "Stored 2 out of 4 artifacts", + "detail": "Uploaded eric-oss-hello-world-python-app", + "occurredAt": "2025-05-31T13:51:58.043Z" }, { "type": "INFO", - "title": "Stored 3 out of 3 artifacts", + "title": "Stored 3 out of 4 artifacts", "detail": "Uploaded docker.tar", - "occurredAt": "2024-09-13T09:49:00.962182Z" + "occurredAt": "2025-05-31T13:51:59.792Z" + }, + { + "type": "INFO", + "title": "Stored 4 out of 4 artifacts", + "detail": "Uploaded metadata.json", + "occurredAt": "2025-05-31T13:51:59.812Z" } ], "self": { - "href": "app-onboarding/v2/onboarding-jobs/a2f0a43d-730a-4991-8481-746c3e76556e" + "href": "/onboarding-jobs/af036040-a732-4af9-b65a-8103da56c35c" }, "app": { "id": "rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0", @@ -286,7 +292,7 @@ Example of command result: "app": { "status": "INITIALIZING", "id": "rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0", - "href": "/app-lifecycle-management/v3/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" + "href": "/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" } } ``` @@ -309,11 +315,11 @@ Example of command result: "name": "eric-oss-hello-world-python-app", "version": "3.1.1-0", "mode": "DISABLED", - "status": "INITIALIZING", - "createdAt": "2024-09-13T09:49:01.273Z", + "status": "INITIALIZED", + "createdAt": "2025-05-31T13:51:59.931Z", "components": [ { - "type": "MICROSERVICE", + "type": "ASD", "name": "eric-oss-hello-world-python-app", "version": "3.1.1-0", "artifacts": [ @@ -321,12 +327,23 @@ Example of command result: "name": "docker.tar", "type": "IMAGE" }, + { + "name": "eric-oss-hello-world-python-appASD.yaml", + "type": "OPAQUE" + }, { "name": "eric-oss-hello-world-python-app", "type": "HELM" - }, + } + ] + }, + { + "type": "SECURITYMANAGEMENT", + "name": "security-mgmt", + "version": "1.0.0", + "artifacts": [ { - "name": "eric-oss-hello-world-python-appASD.yaml", + "name": "metadata.json", "type": "OPAQUE" } ] @@ -339,9 +356,28 @@ Example of command result: } ], "roles": [], - "events": [], + "events": [ + { + "type": "INITIALIZE", + "title": "SUCCEEDED", + "detail": "INITIALIZE has successfully completed", + "createdAt": "2025-05-31T13:55:50.421Z" + }, + { + "type": "INITIALIZE", + "title": "STARTED", + "detail": "INITIALIZE has started", + "createdAt": "2025-05-31T13:55:34.171Z" + }, + { + "type": "CREATE", + "title": "SUCCEEDED", + "detail": "CREATE has successfully completed", + "createdAt": "2025-05-31T13:51:59.945Z" + } + ], "self": { - "href": "/app-lifecycle-management/v3/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" + "href": "/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" } } ``` @@ -362,7 +398,7 @@ Example of command result: "mode": "ENABLED", "app": { "id": "rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0", - "href": "/app-lifecycle-management/v3/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" + "href": "/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" } } ``` @@ -385,6 +421,9 @@ This section describes how the App can communicate with IAM and produce logs to - The `iamBaseUrl`, as the `/sample-app/python/hello` endpoint of this sample App first communicates with IAM to obtain a client token (login) before returning the "Hello World!!" string output. + - The `authenticationType` defines the authentication method based on the + iamBaseUrl protocol—set to `x509` for mTLS endpoints or `client-secret` for + TLS endpoints. - The `platformCaCertSecretName` and `platformCaCertFileName` to enable secure TLS communication. Refer to [App Certificate Provisioning Developer Guide](https://developer.intelligentautomationplatform.ericsson.net/#capabilities/app-cert-provisioning/developer-guide) @@ -419,35 +458,47 @@ Example command result: ```json { - "id": "rapp-ericsson-eric-oss-hello-world-python-app-28057851", + "id": "rapp-ericsson-eric-oss-hello-world-python-app-68129972", "appId": "rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0", "status": "UNDEPLOYED", "credentials": { - "clientId": "rapp-ericsson-eric-oss-hello-world-python-app-28057851" + "clientId": "rapp-ericsson-eric-oss-hello-world-python-app-68129972" }, "componentInstances": [ { "name": "eric-oss-hello-world-python-app", "version": "3.1.1-0", - "type": "MICROSERVICE", + "type": "ASD", "deployState": "UNDEPLOYED", "properties": { + "userDefinedHelmParameters": { + "global.clientCredentials.secret.clientIdKey": "clientId", + "global.clientCredentials.secret.name": "rapp-ericsson-eric-oss-hello-world-python-app-68129972-cc" + }, "namespace": "", "timeout": 5 } + }, + { + "name": "security-mgmt", + "version": "1.0.0", + "type": "SECURITYMANAGEMENT", + "properties": { + "authenticatorType": "client-x509" + } } ], "self": { - "href": "/app-lifecycle-management/v3/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-28057851" + "href": "/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-68129972" }, "app": { - "href": "/app-lifecycle-management/v3/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" + "href": "/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" } } ``` An app-instance `id` is shown in the command result - (rapp-ericsson-eric-oss-hello-world-python-app-28057851 in the example). This + (rapp-ericsson-eric-oss-hello-world-python-app-68129972 in the example). This is the `APP_INSTANCE_ID` used in the following commands. #### Deploy App Instance @@ -475,13 +526,14 @@ curl --cacert --location --request POST 'https://", "platformCaCertFileName": "", "appKeyFileName": "", - "appCertFileName": "" + "appCertFileName": "", + "authenticationType": "" } } } ] } -}' \ +}' ``` See the following example command result: @@ -502,7 +554,10 @@ See the following example command result: "appSecretName": "", "logEndpoint": "", "appKeyFileName": "", - "appCertFileName": "" + "appCertFileName": "", + "authenticationType": "", + "global.clientCredentials.secret.name": "", + "global.clientCredentials.secret.clientIdKey": "" } } } @@ -510,7 +565,7 @@ See the following example command result: }, "appInstance": { "status": "DEPLOYING", - "href": "/app-lifecycle-management/v3/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-28057851" + "href": "/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-68129972" } } ``` @@ -528,41 +583,71 @@ curl --cacert --location --request GET 'https://", - "platformCaCertFileName": "", "iamBaseUrl": "https://", - "appSecretName": "", "logEndpoint": "", + "platformCaCertSecretName": "", + "appSecretName": "", + "platformCaCertFileName": "", "appKeyFileName": "", - "appCertFileName": "" + "appCertFileName": "", + "authenticationType": "", + "global.clientCredentials.secret.name": "", + "global.clientCredentials.secret.clientIdKey": "" }, "namespace": "", "timeout": 5 } + }, + { + "name": "security-mgmt", + "version": "1.0.0", + "type": "SECURITYMANAGEMENT", + "properties": { + "authenticatorType": "client-x509" + } + } + ], + "events": [ + { + "type": "DEPLOY", + "title": "SUCCEEDED", + "detail": "DEPLOY has successfully completed", + "createdAt": "2025-05-31T14:04:16.297Z" + }, + { + "type": "DEPLOY", + "title": "STARTED", + "detail": "DEPLOY has started", + "createdAt": "2025-05-31T14:04:15.609Z" + }, + { + "type": "CREATE", + "title": "SUCCEEDED", + "detail": "CREATE has successfully completed", + "createdAt": "2025-05-31T14:01:01.753Z" } ], - "events": [], "self": { - "href": "/app-lifecycle-management/v3/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-28057851" + "href": "/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-68129972" }, "app": { - "href": "/app-lifecycle-management/v3/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" + "href": "/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" } } ``` diff --git a/charts/eric-oss-hello-world-python-app/Chart.yaml b/charts/eric-oss-hello-world-python-app/Chart.yaml index 2f6aa4f..2a2ddd9 100644 --- a/charts/eric-oss-hello-world-python-app/Chart.yaml +++ b/charts/eric-oss-hello-world-python-app/Chart.yaml @@ -3,4 +3,4 @@ appVersion: "2.0.0" description: IDUN SDK Hello World App name: eric-oss-hello-world-python-app type: application -version: VERSION +version: 1.0.1-1 diff --git a/charts/eric-oss-hello-world-python-app/eric-product-info.yaml b/charts/eric-oss-hello-world-python-app/eric-product-info.yaml index ecd4eb7..d2964cd 100644 --- a/charts/eric-oss-hello-world-python-app/eric-product-info.yaml +++ b/charts/eric-oss-hello-world-python-app/eric-product-info.yaml @@ -5,6 +5,6 @@ images: productName: "Python hello world sample app image" productNumber: "" registry: "armdocker.rnd.ericsson.se" - repoPath: "REPO_PATH" + repoPath: "proj-eric-oss-drop" name: "eric-oss-hello-world-python-app" - tag: "VERSION" + tag: "1.0.1-1" diff --git a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml index 511d61e..0202f30 100644 --- a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml @@ -108,6 +108,8 @@ spec: value: {{ index .Values "appCertFileName" | quote }} - name: APP_CERT_FILE_PATH value: {{ index .Values "appCertMountPath" | default .Values.instantiationDefaults.appCertMountPath | quote }} + - name: AUTHENTICATION_TYPE + value: {{ index .Values "authenticationType" | default .Values.instantiationDefaults.authenticationType | quote }} - name: SERVICE_NAME value: {{ .Chart.Name }} - name: CONTAINER_NAME diff --git a/charts/eric-oss-hello-world-python-app/values.yaml b/charts/eric-oss-hello-world-python-app/values.yaml index 3acc20f..0b6e5c1 100644 --- a/charts/eric-oss-hello-world-python-app/values.yaml +++ b/charts/eric-oss-hello-world-python-app/values.yaml @@ -5,13 +5,13 @@ global: timezone: UTC registry: url: armdocker.rnd.ericsson.se - imagePullPolicy: IfNotPresent + imagePullPolicy: Always pullSecret: internalIPFamily: imageCredentials: repoPath: - pullPolicy: IfNotPresent + pullPolicy: Always registry: url: pullSecret: @@ -126,3 +126,4 @@ podPriority: instantiationDefaults: platformCaCertMountPath: "/etc/tls-ca/platform/" appCertMountPath: "/etc/tls/log/" + authenticationType: "x509" diff --git a/csar/Definitions/AppDescriptor.yaml b/csar/Definitions/AppDescriptor.yaml index 0fb0a96..876c9fb 100644 --- a/csar/Definitions/AppDescriptor.yaml +++ b/csar/Definitions/AppDescriptor.yaml @@ -1,10 +1,14 @@ #tosca_definitions_version: Metadata/Tosca.meta Description of an APP: APPName: eric-oss-hello-world-python-app - APPVersion: VERSION + APPVersion: 1.0.1-1 APPType: rApp -APPComponent: - NameofComponent: eric-oss-hello-world-python-app - Version: VERSION - Path: OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml - ArtefactType: Microservice +AppComponentList: + - NameofComponent: eric-oss-hello-world-python-app + Version: 1.0.1-1 + Path: OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml + ArtefactType: ASD + - NameofComponent: security-mgmt + Version: 1.0.0 + Path: OtherDefinitions/SecurityManagement + ArtefactType: SecurityManagement \ No newline at end of file diff --git a/csar/OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml b/csar/OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml index c570dd0..d2cf1dd 100644 --- a/csar/OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml +++ b/csar/OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml @@ -2,9 +2,9 @@ asdId: 1 asdSchemaVersion: 1.0.0 asdProvider: Ericsson asdApplicationName: eric-oss-hello-world-python-app -asdApplicationVersion: VERSION +asdApplicationVersion: 1.0.1-1 asdApplicationInfoName: Hello World Python Application asdInfoDescription: Hello World Python application for App Onboarding deploymentItems: deploymentItemId: 1 - artifactId: OtherDefinitions/ASD/eric-oss-hello-world-python-app-VERSION.tgz \ No newline at end of file + artifactId: OtherDefinitions/ASD/eric-oss-hello-world-python-app-1.0.1-1.tgz \ No newline at end of file diff --git a/eric-oss-hello-world-python-app/config.py b/eric-oss-hello-world-python-app/config.py index e9bb85b..a37a808 100644 --- a/eric-oss-hello-world-python-app/config.py +++ b/eric-oss-hello-world-python-app/config.py @@ -15,6 +15,7 @@ def get_config(): app_key = get_os_env_string("APP_KEY", "") app_cert = get_os_env_string("APP_CERT", "") app_cert_file_path = get_os_env_string("APP_CERT_FILE_PATH", "") + authentication_type = get_os_env_string("AUTHENTICATION_TYPE", "") config = { "iam_client_id": iam_client_id, @@ -26,7 +27,8 @@ def get_config(): "log_endpoint": log_endpoint, "app_key": app_key, "app_cert": app_cert, - "app_cert_file_path": app_cert_file_path + "app_cert_file_path": app_cert_file_path, + "authentication_type": authentication_type } return config diff --git a/eric-oss-hello-world-python-app/login.py b/eric-oss-hello-world-python-app/login.py index 4112a04..996fa4e 100644 --- a/eric-oss-hello-world-python-app/login.py +++ b/eric-oss-hello-world-python-app/login.py @@ -44,9 +44,28 @@ def tls_login(url, form_data, headers): This function sends an HTTP POST request with TLS for the login operation ''' config = get_config() - cert = os.path.join("/", config.get("ca_cert_file_path"), config.get("ca_cert_file_name")) + ca_cert = os.path.join("/", config.get("ca_cert_file_path"), config.get("ca_cert_file_name")) + app_cert = os.path.join("/", config.get("app_cert_file_path"), config.get("app_cert")) + app_key = os.path.join("/", config.get("app_cert_file_path"), config.get("app_key")) + authentication_type = config.get("authentication_type") try: - response = requests.post(url, data=form_data, headers = headers, timeout=5, verify=cert) + if authentication_type == "x509": + response = requests.post( + url, + data=form_data, + headers=headers, + timeout=5, + verify=ca_cert, + cert=(app_cert, app_key) + ) + elif authentication_type == "client-secret": + response = requests.post( + url, + data=form_data, + headers=headers, + timeout=5, + verify=ca_cert + ) if response.status_code != 200: raise LoginError(f"Login failed ({response.status_code})") except Exception as exception: From 4671ed22640a780aca14581ae969bd93ecba6bb1 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Tue, 3 Jun 2025 17:21:12 +0100 Subject: [PATCH 03/18] HelloWorld Python App Signed-off-by: erjxsrn --- Dockerfile | 2 +- README.md | 177 +++++++++++++----- .../Chart.yaml | 2 +- .../eric-product-info.yaml | 4 +- .../templates/deployment/deployment.yaml | 2 + .../values.yaml | 5 +- csar/Definitions/AppDescriptor.yaml | 16 +- .../eric-oss-hello-world-python-appASD.yaml | 4 +- eric-oss-hello-world-python-app/config.py | 4 +- eric-oss-hello-world-python-app/login.py | 23 ++- 10 files changed, 176 insertions(+), 63 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6dca988..6a50106 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM +FROM python:3.13-slim ARG USER_ID=60577 ARG USER_NAME="eric-sdk" diff --git a/README.md b/README.md index 6999855..3157954 100644 --- a/README.md +++ b/README.md @@ -205,8 +205,8 @@ Example of command result: { "fileName": "helloworldAppPackage.csar", "onboardingJob": { - "id": "a2f0a43d-730a-4991-8481-746c3e76556e", - "href": "app-onboarding/v2/onboarding-jobs/a2f0a43d-730a-4991-8481-746c3e76556e" + "id": "af036040-a732-4af9-b65a-8103da56c35c", + "href": "/onboarding-jobs/af036040-a732-4af9-b65a-8103da56c35c" } } ``` @@ -229,37 +229,43 @@ Example of command result: ```json { - "id": "a2f0a43d-730a-4991-8481-746c3e76556e", + "id": "af036040-a732-4af9-b65a-8103da56c35c", "fileName": "helloworldAppPackage.csar", "packageVersion": "3.1.1-0", - "packageSize": "53.1282MiB", + "packageSize": "51.7659MiB", "vendor": "Ericsson", "type": "rApp", - "onboardStartedAt": "2024-09-13T09:48:53.239542Z", + "onboardStartedAt": "2025-05-31T13:51:56.616Z", "status": "ONBOARDED", - "onboardEndedAt": "2024-09-13T09:49:01.299826Z", + "onboardEndedAt": "2025-05-31T13:51:59.955Z", "events": [ { "type": "INFO", - "title": "Stored 1 out of 3 artifacts", - "detail": "Uploaded eric-oss-hello-world-python-app", - "occurredAt": "2024-09-13T09:48:57.556164Z" + "title": "Stored 1 out of 4 artifacts", + "detail": "Uploaded eric-oss-hello-world-python-appASD.yaml", + "occurredAt": "2025-05-31T13:51:58.042Z" }, { "type": "INFO", - "title": "Stored 2 out of 3 artifacts", - "detail": "Uploaded eric-oss-hello-world-python-appASD.yaml", - "occurredAt": "2024-09-13T09:48:57.556165Z" + "title": "Stored 2 out of 4 artifacts", + "detail": "Uploaded eric-oss-hello-world-python-app", + "occurredAt": "2025-05-31T13:51:58.043Z" }, { "type": "INFO", - "title": "Stored 3 out of 3 artifacts", + "title": "Stored 3 out of 4 artifacts", "detail": "Uploaded docker.tar", - "occurredAt": "2024-09-13T09:49:00.962182Z" + "occurredAt": "2025-05-31T13:51:59.792Z" + }, + { + "type": "INFO", + "title": "Stored 4 out of 4 artifacts", + "detail": "Uploaded metadata.json", + "occurredAt": "2025-05-31T13:51:59.812Z" } ], "self": { - "href": "app-onboarding/v2/onboarding-jobs/a2f0a43d-730a-4991-8481-746c3e76556e" + "href": "/onboarding-jobs/af036040-a732-4af9-b65a-8103da56c35c" }, "app": { "id": "rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0", @@ -286,7 +292,7 @@ Example of command result: "app": { "status": "INITIALIZING", "id": "rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0", - "href": "/app-lifecycle-management/v3/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" + "href": "/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" } } ``` @@ -309,11 +315,11 @@ Example of command result: "name": "eric-oss-hello-world-python-app", "version": "3.1.1-0", "mode": "DISABLED", - "status": "INITIALIZING", - "createdAt": "2024-09-13T09:49:01.273Z", + "status": "INITIALIZED", + "createdAt": "2025-05-31T13:51:59.931Z", "components": [ { - "type": "MICROSERVICE", + "type": "ASD", "name": "eric-oss-hello-world-python-app", "version": "3.1.1-0", "artifacts": [ @@ -321,12 +327,23 @@ Example of command result: "name": "docker.tar", "type": "IMAGE" }, + { + "name": "eric-oss-hello-world-python-appASD.yaml", + "type": "OPAQUE" + }, { "name": "eric-oss-hello-world-python-app", "type": "HELM" - }, + } + ] + }, + { + "type": "SECURITYMANAGEMENT", + "name": "security-mgmt", + "version": "1.0.0", + "artifacts": [ { - "name": "eric-oss-hello-world-python-appASD.yaml", + "name": "metadata.json", "type": "OPAQUE" } ] @@ -339,9 +356,28 @@ Example of command result: } ], "roles": [], - "events": [], + "events": [ + { + "type": "INITIALIZE", + "title": "SUCCEEDED", + "detail": "INITIALIZE has successfully completed", + "createdAt": "2025-05-31T13:55:50.421Z" + }, + { + "type": "INITIALIZE", + "title": "STARTED", + "detail": "INITIALIZE has started", + "createdAt": "2025-05-31T13:55:34.171Z" + }, + { + "type": "CREATE", + "title": "SUCCEEDED", + "detail": "CREATE has successfully completed", + "createdAt": "2025-05-31T13:51:59.945Z" + } + ], "self": { - "href": "/app-lifecycle-management/v3/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" + "href": "/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" } } ``` @@ -362,7 +398,7 @@ Example of command result: "mode": "ENABLED", "app": { "id": "rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0", - "href": "/app-lifecycle-management/v3/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" + "href": "/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" } } ``` @@ -385,6 +421,9 @@ This section describes how the App can communicate with IAM and produce logs to - The `iamBaseUrl`, as the `/sample-app/python/hello` endpoint of this sample App first communicates with IAM to obtain a client token (login) before returning the "Hello World!!" string output. + - The `authenticationType` defines the authentication method based on the + iamBaseUrl protocol—set to `client-x509` for mTLS endpoints or `client-secret` for + TLS endpoints. - The `platformCaCertSecretName` and `platformCaCertFileName` to enable secure TLS communication. Refer to [App Certificate Provisioning Developer Guide](https://developer.intelligentautomationplatform.ericsson.net/#capabilities/app-cert-provisioning/developer-guide) @@ -419,35 +458,47 @@ Example command result: ```json { - "id": "rapp-ericsson-eric-oss-hello-world-python-app-28057851", + "id": "rapp-ericsson-eric-oss-hello-world-python-app-68129972", "appId": "rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0", "status": "UNDEPLOYED", "credentials": { - "clientId": "rapp-ericsson-eric-oss-hello-world-python-app-28057851" + "clientId": "rapp-ericsson-eric-oss-hello-world-python-app-68129972" }, "componentInstances": [ { "name": "eric-oss-hello-world-python-app", "version": "3.1.1-0", - "type": "MICROSERVICE", + "type": "ASD", "deployState": "UNDEPLOYED", "properties": { + "userDefinedHelmParameters": { + "global.clientCredentials.secret.clientIdKey": "clientId", + "global.clientCredentials.secret.name": "rapp-ericsson-eric-oss-hello-world-python-app-68129972-cc" + }, "namespace": "", "timeout": 5 } + }, + { + "name": "security-mgmt", + "version": "1.0.0", + "type": "SECURITYMANAGEMENT", + "properties": { + "authenticatorType": "client-x509" + } } ], "self": { - "href": "/app-lifecycle-management/v3/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-28057851" + "href": "/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-68129972" }, "app": { - "href": "/app-lifecycle-management/v3/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" + "href": "/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" } } ``` An app-instance `id` is shown in the command result - (rapp-ericsson-eric-oss-hello-world-python-app-28057851 in the example). This + (rapp-ericsson-eric-oss-hello-world-python-app-68129972 in the example). This is the `APP_INSTANCE_ID` used in the following commands. #### Deploy App Instance @@ -475,13 +526,14 @@ curl --cacert --location --request POST 'https://", "platformCaCertFileName": "", "appKeyFileName": "", - "appCertFileName": "" + "appCertFileName": "", + "authenticationType": "" } } } ] } -}' \ +}' ``` See the following example command result: @@ -502,7 +554,10 @@ See the following example command result: "appSecretName": "", "logEndpoint": "", "appKeyFileName": "", - "appCertFileName": "" + "appCertFileName": "", + "authenticationType": "", + "global.clientCredentials.secret.name": "", + "global.clientCredentials.secret.clientIdKey": "" } } } @@ -510,7 +565,7 @@ See the following example command result: }, "appInstance": { "status": "DEPLOYING", - "href": "/app-lifecycle-management/v3/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-28057851" + "href": "/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-68129972" } } ``` @@ -528,41 +583,71 @@ curl --cacert --location --request GET 'https://", - "platformCaCertFileName": "", "iamBaseUrl": "https://", - "appSecretName": "", "logEndpoint": "", + "platformCaCertSecretName": "", + "appSecretName": "", + "platformCaCertFileName": "", "appKeyFileName": "", - "appCertFileName": "" + "appCertFileName": "", + "authenticationType": "", + "global.clientCredentials.secret.name": "", + "global.clientCredentials.secret.clientIdKey": "" }, "namespace": "", "timeout": 5 } + }, + { + "name": "security-mgmt", + "version": "1.0.0", + "type": "SECURITYMANAGEMENT", + "properties": { + "authenticatorType": "client-x509" + } + } + ], + "events": [ + { + "type": "DEPLOY", + "title": "SUCCEEDED", + "detail": "DEPLOY has successfully completed", + "createdAt": "2025-05-31T14:04:16.297Z" + }, + { + "type": "DEPLOY", + "title": "STARTED", + "detail": "DEPLOY has started", + "createdAt": "2025-05-31T14:04:15.609Z" + }, + { + "type": "CREATE", + "title": "SUCCEEDED", + "detail": "CREATE has successfully completed", + "createdAt": "2025-05-31T14:01:01.753Z" } ], - "events": [], "self": { - "href": "/app-lifecycle-management/v3/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-28057851" + "href": "/app-instances/rapp-ericsson-eric-oss-hello-world-python-app-68129972" }, "app": { - "href": "/app-lifecycle-management/v3/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" + "href": "/apps/rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0" } } ``` diff --git a/charts/eric-oss-hello-world-python-app/Chart.yaml b/charts/eric-oss-hello-world-python-app/Chart.yaml index 2f6aa4f..2a2ddd9 100644 --- a/charts/eric-oss-hello-world-python-app/Chart.yaml +++ b/charts/eric-oss-hello-world-python-app/Chart.yaml @@ -3,4 +3,4 @@ appVersion: "2.0.0" description: IDUN SDK Hello World App name: eric-oss-hello-world-python-app type: application -version: VERSION +version: 1.0.1-1 diff --git a/charts/eric-oss-hello-world-python-app/eric-product-info.yaml b/charts/eric-oss-hello-world-python-app/eric-product-info.yaml index ecd4eb7..d2964cd 100644 --- a/charts/eric-oss-hello-world-python-app/eric-product-info.yaml +++ b/charts/eric-oss-hello-world-python-app/eric-product-info.yaml @@ -5,6 +5,6 @@ images: productName: "Python hello world sample app image" productNumber: "" registry: "armdocker.rnd.ericsson.se" - repoPath: "REPO_PATH" + repoPath: "proj-eric-oss-drop" name: "eric-oss-hello-world-python-app" - tag: "VERSION" + tag: "1.0.1-1" diff --git a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml index 511d61e..0202f30 100644 --- a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml @@ -108,6 +108,8 @@ spec: value: {{ index .Values "appCertFileName" | quote }} - name: APP_CERT_FILE_PATH value: {{ index .Values "appCertMountPath" | default .Values.instantiationDefaults.appCertMountPath | quote }} + - name: AUTHENTICATION_TYPE + value: {{ index .Values "authenticationType" | default .Values.instantiationDefaults.authenticationType | quote }} - name: SERVICE_NAME value: {{ .Chart.Name }} - name: CONTAINER_NAME diff --git a/charts/eric-oss-hello-world-python-app/values.yaml b/charts/eric-oss-hello-world-python-app/values.yaml index 3acc20f..0b6e5c1 100644 --- a/charts/eric-oss-hello-world-python-app/values.yaml +++ b/charts/eric-oss-hello-world-python-app/values.yaml @@ -5,13 +5,13 @@ global: timezone: UTC registry: url: armdocker.rnd.ericsson.se - imagePullPolicy: IfNotPresent + imagePullPolicy: Always pullSecret: internalIPFamily: imageCredentials: repoPath: - pullPolicy: IfNotPresent + pullPolicy: Always registry: url: pullSecret: @@ -126,3 +126,4 @@ podPriority: instantiationDefaults: platformCaCertMountPath: "/etc/tls-ca/platform/" appCertMountPath: "/etc/tls/log/" + authenticationType: "x509" diff --git a/csar/Definitions/AppDescriptor.yaml b/csar/Definitions/AppDescriptor.yaml index 0fb0a96..876c9fb 100644 --- a/csar/Definitions/AppDescriptor.yaml +++ b/csar/Definitions/AppDescriptor.yaml @@ -1,10 +1,14 @@ #tosca_definitions_version: Metadata/Tosca.meta Description of an APP: APPName: eric-oss-hello-world-python-app - APPVersion: VERSION + APPVersion: 1.0.1-1 APPType: rApp -APPComponent: - NameofComponent: eric-oss-hello-world-python-app - Version: VERSION - Path: OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml - ArtefactType: Microservice +AppComponentList: + - NameofComponent: eric-oss-hello-world-python-app + Version: 1.0.1-1 + Path: OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml + ArtefactType: ASD + - NameofComponent: security-mgmt + Version: 1.0.0 + Path: OtherDefinitions/SecurityManagement + ArtefactType: SecurityManagement \ No newline at end of file diff --git a/csar/OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml b/csar/OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml index c570dd0..d2cf1dd 100644 --- a/csar/OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml +++ b/csar/OtherDefinitions/ASD/eric-oss-hello-world-python-appASD.yaml @@ -2,9 +2,9 @@ asdId: 1 asdSchemaVersion: 1.0.0 asdProvider: Ericsson asdApplicationName: eric-oss-hello-world-python-app -asdApplicationVersion: VERSION +asdApplicationVersion: 1.0.1-1 asdApplicationInfoName: Hello World Python Application asdInfoDescription: Hello World Python application for App Onboarding deploymentItems: deploymentItemId: 1 - artifactId: OtherDefinitions/ASD/eric-oss-hello-world-python-app-VERSION.tgz \ No newline at end of file + artifactId: OtherDefinitions/ASD/eric-oss-hello-world-python-app-1.0.1-1.tgz \ No newline at end of file diff --git a/eric-oss-hello-world-python-app/config.py b/eric-oss-hello-world-python-app/config.py index e9bb85b..a37a808 100644 --- a/eric-oss-hello-world-python-app/config.py +++ b/eric-oss-hello-world-python-app/config.py @@ -15,6 +15,7 @@ def get_config(): app_key = get_os_env_string("APP_KEY", "") app_cert = get_os_env_string("APP_CERT", "") app_cert_file_path = get_os_env_string("APP_CERT_FILE_PATH", "") + authentication_type = get_os_env_string("AUTHENTICATION_TYPE", "") config = { "iam_client_id": iam_client_id, @@ -26,7 +27,8 @@ def get_config(): "log_endpoint": log_endpoint, "app_key": app_key, "app_cert": app_cert, - "app_cert_file_path": app_cert_file_path + "app_cert_file_path": app_cert_file_path, + "authentication_type": authentication_type } return config diff --git a/eric-oss-hello-world-python-app/login.py b/eric-oss-hello-world-python-app/login.py index 4112a04..38b9070 100644 --- a/eric-oss-hello-world-python-app/login.py +++ b/eric-oss-hello-world-python-app/login.py @@ -44,9 +44,28 @@ def tls_login(url, form_data, headers): This function sends an HTTP POST request with TLS for the login operation ''' config = get_config() - cert = os.path.join("/", config.get("ca_cert_file_path"), config.get("ca_cert_file_name")) + ca_cert = os.path.join("/", config.get("ca_cert_file_path"), config.get("ca_cert_file_name")) + app_cert = os.path.join("/", config.get("app_cert_file_path"), config.get("app_cert")) + app_key = os.path.join("/", config.get("app_cert_file_path"), config.get("app_key")) + authentication_type = config.get("authentication_type") try: - response = requests.post(url, data=form_data, headers = headers, timeout=5, verify=cert) + if authentication_type == "client-x509": + response = requests.post( + url, + data=form_data, + headers=headers, + timeout=5, + verify=ca_cert, + cert=(app_cert, app_key) + ) + elif authentication_type == "client-secret": + response = requests.post( + url, + data=form_data, + headers=headers, + timeout=5, + verify=ca_cert + ) if response.status_code != 200: raise LoginError(f"Login failed ({response.status_code})") except Exception as exception: From a2fd9d194858b528617ea3eb1dd283dc9ac851e3 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Wed, 4 Jun 2025 20:09:28 +0100 Subject: [PATCH 04/18] Hello world Python SDK changes --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4df763b..13ddffc 100644 --- a/README.md +++ b/README.md @@ -423,7 +423,7 @@ This section describes how the App can communicate with IAM and produce logs to before returning the "Hello World!!" string output. - The `authenticationType` defines the authentication method the sample app will use to communicate with IAM - set to `client-x509` for mTLS or - 'client-secret' for TLS. + `client-secret` for TLS. - The `platformCaCertSecretName` and `platformCaCertFileName` to enable secure TLS communication. Refer to [App Certificate Provisioning Developer Guide](https://developer.intelligentautomationplatform.ericsson.net/#capabilities/app-cert-provisioning/developer-guide) From c96f915abaf2fc63b8a94092d03d25155bc88076 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Wed, 4 Jun 2025 20:52:51 +0100 Subject: [PATCH 05/18] Hello World Python App changes --- charts/eric-oss-hello-world-python-app/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/eric-oss-hello-world-python-app/values.yaml b/charts/eric-oss-hello-world-python-app/values.yaml index 0b6e5c1..d7c8369 100644 --- a/charts/eric-oss-hello-world-python-app/values.yaml +++ b/charts/eric-oss-hello-world-python-app/values.yaml @@ -126,4 +126,4 @@ podPriority: instantiationDefaults: platformCaCertMountPath: "/etc/tls-ca/platform/" appCertMountPath: "/etc/tls/log/" - authenticationType: "x509" + authenticationType: "client-x509" From 6a394f9796c3cf666d1fe5a0a27ce3d34ce9a7a2 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Thu, 5 Jun 2025 19:02:32 +0100 Subject: [PATCH 06/18] mtls changes --- README.md | 4 ++-- .../{metadata.json => security-metadata.json} | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename csar/OtherDefinitions/SecurityManagement/{metadata.json => security-metadata.json} (100%) diff --git a/README.md b/README.md index 13ddffc..b37fca7 100644 --- a/README.md +++ b/README.md @@ -260,7 +260,7 @@ Example of command result: { "type": "INFO", "title": "Stored 4 out of 4 artifacts", - "detail": "Uploaded metadata.json", + "detail": "Uploaded security-metadata.json", "occurredAt": "2025-05-31T13:51:59.812Z" } ], @@ -343,7 +343,7 @@ Example of command result: "version": "1.0.0", "artifacts": [ { - "name": "metadata.json", + "name": "security-metadata.json", "type": "OPAQUE" } ] diff --git a/csar/OtherDefinitions/SecurityManagement/metadata.json b/csar/OtherDefinitions/SecurityManagement/security-metadata.json similarity index 100% rename from csar/OtherDefinitions/SecurityManagement/metadata.json rename to csar/OtherDefinitions/SecurityManagement/security-metadata.json From 322eedeade0ae33cb1f17534bc4b06cfb28499bf Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Tue, 10 Jun 2025 11:50:47 +0100 Subject: [PATCH 07/18] mtls hello world app README app --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b37fca7..a5c64e5 100644 --- a/README.md +++ b/README.md @@ -423,7 +423,8 @@ This section describes how the App can communicate with IAM and produce logs to before returning the "Hello World!!" string output. - The `authenticationType` defines the authentication method the sample app will use to communicate with IAM - set to `client-x509` for mTLS or - `client-secret` for TLS. + `client-secret` for TLS. If `authenticationType` is not used, then by default + it will be mTLS as its mentioned in values.yaml - The `platformCaCertSecretName` and `platformCaCertFileName` to enable secure TLS communication. Refer to [App Certificate Provisioning Developer Guide](https://developer.intelligentautomationplatform.ericsson.net/#capabilities/app-cert-provisioning/developer-guide) From 1294a2cf30a5ccead1a7842a73348d37d99017e4 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Tue, 10 Jun 2025 13:22:40 +0100 Subject: [PATCH 08/18] curl changes --- README.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index a5c64e5..a433d17 100644 --- a/README.md +++ b/README.md @@ -166,7 +166,7 @@ See [Client Access to REST APIs](https://developer.intelligentautomationplatform Use the following command to generate a valid access token: ```bash -curl --cacert --request POST \ +curl --cert --key --cacert --request POST \ https:///auth/realms/master/protocol/openid-connect/token \ --header 'content-type: application/x-www-form-urlencoded' \ --data "grant_type=client_credentials&client_id=&client_secret=" @@ -193,7 +193,7 @@ To start the onboarding of the Hello World CSAR app, run the following command in a command line tool. ```bash -curl --cacert --location --request POST 'https:///app-onboarding/v2/app-packages' \ +curl --cert --key --cacert --location --request POST 'https:///app-onboarding/v2/app-packages' \ --header 'Authorization: Bearer ' \ --header 'accept: application/json' \ --form 'file=@"/helloworldAppPackage.csar"' @@ -217,7 +217,7 @@ This is the `JOB_ID`. Use the `JOB_ID` to get the status of the onboarding process in the following commands: ```bash -curl --cacert --location --request GET 'https:///app-onboarding/v2/onboarding-jobs/' \ +curl --cert --key --cacert --location --request GET 'https:///app-onboarding/v2/onboarding-jobs/' \ --header 'Authorization: Bearer ' \ --header 'accept: application/json' ``` @@ -279,7 +279,7 @@ command (rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0 in the example). Run the following command to initialize the App. ```bash -curl --cacert --location --request POST 'https:///app-lifecycle-management/v3/apps//initialization-actions' \ +curl --cert --key --cacert --location --request POST 'https:///app-lifecycle-management/v3/apps//initialization-actions' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ -d '{"action": "INITIALIZE"}' @@ -300,7 +300,7 @@ Example of command result: Repeat the following command until the status is changed to `INITIALIZED`. ```shell -curl --cacert --location --request GET 'https:///app-lifecycle-management/v3/apps/' \ +curl --cert --key --cacert --location --request GET 'https:///app-lifecycle-management/v3/apps/' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' ``` @@ -385,7 +385,7 @@ Example of command result: Run the following command to switch the app mode from 'DISABLED' to 'ENABLED'. ```bash -curl --cacert --location --request PUT 'https:///app-lifecycle-management/v3/apps//mode' \ +curl --cert --key --cacert --location --request PUT 'https:///app-lifecycle-management/v3/apps//mode' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ -d '{"mode": "ENABLED"}' @@ -446,7 +446,7 @@ Run the following commands to start the instantiation process using the #### Create App Instance ```shell -curl --cacert --location --request POST 'https:///app-lifecycle-management/v3/app-instances' \ +curl --cert --key --cacert --location --request POST 'https:///app-lifecycle-management/v3/app-instances' \ --header 'accept: application/json' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ @@ -508,7 +508,7 @@ An app-instance `id` is shown in the command result of your App. ```shell -curl --cacert --location --request POST 'https:///app-lifecycle-management/v3/app-instances//deployment-actions' \ +curl --cert --key --cacert --location --request POST 'https:///app-lifecycle-management/v3/app-instances//deployment-actions' \ --header 'accept: application/json' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ @@ -576,7 +576,7 @@ Use the App instance ID in the following command to check the instantiation to `"status":"DEPLOYED"`. ```shell -curl --cacert --location --request GET 'https:///app-lifecycle-management/v3/app-instances/' \ +curl --cert --key --cacert --location --request GET 'https:///app-lifecycle-management/v3/app-instances/' \ --header 'accept: application/json' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' @@ -664,7 +664,7 @@ For details, see [Service Exposure - Developer Guide](https://developer.intellig To create an API to be onboarded, run the following commands: ```bash -curl --cacert --location --request POST 'https:///hub/apiprovisioning/v1/admin/v3/apis' \ +curl --cert --key --cacert --location --request POST 'https:///hub/apiprovisioning/v1/admin/v3/apis' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{ @@ -690,7 +690,7 @@ To create an endpoint for the previously generated API, run the following command: ```bash -curl --cacert --location --request POST 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/endpoints' \ +curl --cert --key --cacert --location --request POST 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/endpoints' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{ @@ -703,7 +703,7 @@ To bind the plugin for authorization of the previously generated API, run the following command: ```bash -curl --cacert --location --request PUT 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/phases/auth/plugin-list' \ +curl --cert --key --cacert --location --request PUT 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/phases/auth/plugin-list' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '[ @@ -717,7 +717,7 @@ To configure the binded plugin for authorization, run the following command: ```bash -curl --cacert --location --request PUT 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/plugins/requestPartyTokenInterceptor/configuration' \ +curl --cert --key --cacert --location --request PUT 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/plugins/requestPartyTokenInterceptor/configuration' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{ @@ -735,7 +735,7 @@ Role-Based Access Control (RBAC) configuration is required. To add the RBAC policy run the following curl command: ```bash -curl --cacert --location --request POST 'https:///idm/rolemgmt/v1/extapp/rbac' \ +curl --cert --key --cacert --location --request POST 'https:///idm/rolemgmt/v1/extapp/rbac' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ --data '{ From f10a0b5c4df8e706ae1e3386fe8287eb5dfbe874 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Tue, 10 Jun 2025 15:39:06 +0100 Subject: [PATCH 09/18] New changes --- README.md | 3 +-- charts/eric-oss-hello-world-python-app/values.yaml | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index a433d17..2ee2ada 100644 --- a/README.md +++ b/README.md @@ -423,8 +423,7 @@ This section describes how the App can communicate with IAM and produce logs to before returning the "Hello World!!" string output. - The `authenticationType` defines the authentication method the sample app will use to communicate with IAM - set to `client-x509` for mTLS or - `client-secret` for TLS. If `authenticationType` is not used, then by default - it will be mTLS as its mentioned in values.yaml + `client-secret` for TLS. - The `platformCaCertSecretName` and `platformCaCertFileName` to enable secure TLS communication. Refer to [App Certificate Provisioning Developer Guide](https://developer.intelligentautomationplatform.ericsson.net/#capabilities/app-cert-provisioning/developer-guide) diff --git a/charts/eric-oss-hello-world-python-app/values.yaml b/charts/eric-oss-hello-world-python-app/values.yaml index d7c8369..09cfc2d 100644 --- a/charts/eric-oss-hello-world-python-app/values.yaml +++ b/charts/eric-oss-hello-world-python-app/values.yaml @@ -126,4 +126,3 @@ podPriority: instantiationDefaults: platformCaCertMountPath: "/etc/tls-ca/platform/" appCertMountPath: "/etc/tls/log/" - authenticationType: "client-x509" From 647ee570db05ee941b9b8f126b1e69ee2d5c4202 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Tue, 10 Jun 2025 22:46:49 +0100 Subject: [PATCH 10/18] more changes --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2ee2ada..812cb25 100644 --- a/README.md +++ b/README.md @@ -169,7 +169,7 @@ Use the following command to generate a valid access token: curl --cert --key --cacert --request POST \ https:///auth/realms/master/protocol/openid-connect/token \ --header 'content-type: application/x-www-form-urlencoded' \ ---data "grant_type=client_credentials&client_id=&client_secret=" +--data "grant_type=client_credentials&client_id=" ``` This command returns an access token, which is used in the commands in the From d2e71f60e642cc98ce8729c72808be16bd1934b9 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Thu, 12 Jun 2025 08:57:08 +0100 Subject: [PATCH 11/18] vulnerabilty --- README.md | 15 ++++++++++----- requirements.txt | 2 +- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 812cb25..d536707 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,8 @@ with the correct Python Sample App version. Run the following commands from within your project directory `eric-oss-hello-world-python-app-`. +**Note:** By default, the app code uses mTLS commincation with the hosts. + ```bash mkdir -p helloworldAppPackage ``` @@ -421,16 +423,14 @@ This section describes how the App can communicate with IAM and produce logs to - The `iamBaseUrl`, as the `/sample-app/python/hello` endpoint of this sample App first communicates with IAM to obtain a client token (login) before returning the "Hello World!!" string output. - - The `authenticationType` defines the authentication method the sample app - will use to communicate with IAM - set to `client-x509` for mTLS or - `client-secret` for TLS. - The `platformCaCertSecretName` and `platformCaCertFileName` to enable secure TLS communication. Refer to [App Certificate Provisioning Developer Guide](https://developer.intelligentautomationplatform.ericsson.net/#capabilities/app-cert-provisioning/developer-guide) to understand how certificates are loaded into the App during instantiation for secure communication. - - The `appSecretName`, `logEndpoint`, - `appKeyFileName`, `appCertFileName` + - The `logEndpoint` endpoint designed to capture log data supports only + mTLS communication. + - The `appSecretName`, `appKeyFileName`, `appCertFileName` for mTLS communication. For more information on the variable values required, see [App Logging Developer Guide to Produce logs](https://developer.intelligentautomationplatform.ericsson.net/#capabilities/app-logging/how-to-produce-logs?chapter=identify-environment-and-secret-variables-names). @@ -506,6 +506,11 @@ An app-instance `id` is shown in the command result > All `userDefinedHelmParameters` are required for successful instantiation of your App. + **Note:** The `authenticationType` defines the authentication method the sample app + will use to communicate with IAM - set to `client-x509` for mTLS or + `client-secret` for TLS. This parameter is only used navigate between TLS and mTLS + within the app code. + ```shell curl --cert --key --cacert --location --request POST 'https:///app-lifecycle-management/v3/app-instances//deployment-actions' \ --header 'accept: application/json' \ diff --git a/requirements.txt b/requirements.txt index f37ed8d..50df0a4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ flask==3.0.1 -requests==2.32.0 +requests==2.32.4 prometheus-client==0.20.0 \ No newline at end of file From 6860e607f3601711d4db70296a1dd358b1cad3da Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Thu, 12 Jun 2025 09:05:39 +0100 Subject: [PATCH 12/18] dummy --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d536707..410039f 100644 --- a/README.md +++ b/README.md @@ -428,7 +428,7 @@ This section describes how the App can communicate with IAM and produce logs to [App Certificate Provisioning Developer Guide](https://developer.intelligentautomationplatform.ericsson.net/#capabilities/app-cert-provisioning/developer-guide) to understand how certificates are loaded into the App during instantiation for secure communication. - - The `logEndpoint` endpoint designed to capture log data supports only + - The `logEndpoint` endpoint designed to capture log data, supports only mTLS communication. - The `appSecretName`, `appKeyFileName`, `appCertFileName` for mTLS communication. For more information on the variable values @@ -508,7 +508,7 @@ An app-instance `id` is shown in the command result **Note:** The `authenticationType` defines the authentication method the sample app will use to communicate with IAM - set to `client-x509` for mTLS or - `client-secret` for TLS. This parameter is only used navigate between TLS and mTLS + `client-secret` for TLS. This parameter is only used to navigate between TLS and mTLS within the app code. ```shell From 0d934b37ca57ae67916098fe807855813080d319 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Thu, 12 Jun 2025 20:36:37 +0100 Subject: [PATCH 13/18] Additional changes --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 410039f..e355923 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ with the correct Python Sample App version. Run the following commands from within your project directory `eric-oss-hello-world-python-app-`. -**Note:** By default, the app code uses mTLS commincation with the hosts. +**Note:** By default, the app code uses mTLS commincation with the EIC host and logging host. ```bash mkdir -p helloworldAppPackage @@ -424,15 +424,15 @@ This section describes how the App can communicate with IAM and produce logs to sample App first communicates with IAM to obtain a client token (login) before returning the "Hello World!!" string output. - The `platformCaCertSecretName` and `platformCaCertFileName` to enable - secure TLS communication. Refer to + secure communication. Refer to [App Certificate Provisioning Developer Guide](https://developer.intelligentautomationplatform.ericsson.net/#capabilities/app-cert-provisioning/developer-guide) to understand how certificates are loaded into the App during instantiation for secure communication. - The `logEndpoint` endpoint designed to capture log data, supports only - mTLS communication. - - The `appSecretName`, `appKeyFileName`, `appCertFileName` - for mTLS communication. For more information on the variable values + mTLS communication. For more information on the variable values required, see [App Logging Developer Guide to Produce logs](https://developer.intelligentautomationplatform.ericsson.net/#capabilities/app-logging/how-to-produce-logs?chapter=identify-environment-and-secret-variables-names). + - The `appSecretName`, `appKeyFileName`, `appCertFileName` + used for mTLS communication to verify the client. ### Steps for Instantiation From 01be99709b39512fba2501520a3e09b3ffb07575 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Sat, 14 Jun 2025 16:16:31 +0100 Subject: [PATCH 14/18] new review comment change --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e355923..a4cdba4 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ with the correct Python Sample App version. Run the following commands from within your project directory `eric-oss-hello-world-python-app-`. -**Note:** By default, the app code uses mTLS commincation with the EIC host and logging host. +**Note:** By default, App code uses mTLS communication with the platform and logging host. ```bash mkdir -p helloworldAppPackage From faa8764c72480b69a5d610aa60eb9ccd822918ba Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Sat, 14 Jun 2025 16:28:31 +0100 Subject: [PATCH 15/18] re --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a4cdba4..468d007 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ with the correct Python Sample App version. Run the following commands from within your project directory `eric-oss-hello-world-python-app-`. -**Note:** By default, App code uses mTLS communication with the platform and logging host. +**Note:** The App code present in the SDK portal ZIP package uses mTLS for communication with the platform. ```bash mkdir -p helloworldAppPackage From 7d993bbffac468e8da5e1df8b164d7e89e62b178 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Sun, 15 Jun 2025 23:00:31 +0100 Subject: [PATCH 16/18] New change --- README.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/README.md b/README.md index 468d007..836fb43 100644 --- a/README.md +++ b/README.md @@ -471,10 +471,7 @@ Example command result: "type": "ASD", "deployState": "UNDEPLOYED", "properties": { - "userDefinedHelmParameters": { - "global.clientCredentials.secret.clientIdKey": "clientId", - "global.clientCredentials.secret.name": "rapp-ericsson-eric-oss-hello-world-python-app-68129972-cc" - }, + "userDefinedHelmParameters": {}, "namespace": "", "timeout": 5 } @@ -561,8 +558,6 @@ See the following example command result: "appKeyFileName": "", "appCertFileName": "", "authenticationType": "", - "global.clientCredentials.secret.name": "", - "global.clientCredentials.secret.clientIdKey": "" } } } @@ -612,8 +607,6 @@ curl --cert --key --cacert ", "appCertFileName": "", "authenticationType": "", - "global.clientCredentials.secret.name": "", - "global.clientCredentials.secret.clientIdKey": "" }, "namespace": "", "timeout": 5 From c04acfb678591c5bb10f2827a127c8a51fa246e0 Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Mon, 16 Jun 2025 14:36:09 +0100 Subject: [PATCH 17/18] change in cert name --- README.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 836fb43..c6bf902 100644 --- a/README.md +++ b/README.md @@ -168,7 +168,7 @@ See [Client Access to REST APIs](https://developer.intelligentautomationplatform Use the following command to generate a valid access token: ```bash -curl --cert --key --cacert --request POST \ +curl --cert --key --cacert --request POST \ https:///auth/realms/master/protocol/openid-connect/token \ --header 'content-type: application/x-www-form-urlencoded' \ --data "grant_type=client_credentials&client_id=" @@ -195,7 +195,7 @@ To start the onboarding of the Hello World CSAR app, run the following command in a command line tool. ```bash -curl --cert --key --cacert --location --request POST 'https:///app-onboarding/v2/app-packages' \ +curl --cert --key --cacert --location --request POST 'https:///app-onboarding/v2/app-packages' \ --header 'Authorization: Bearer ' \ --header 'accept: application/json' \ --form 'file=@"/helloworldAppPackage.csar"' @@ -219,7 +219,7 @@ This is the `JOB_ID`. Use the `JOB_ID` to get the status of the onboarding process in the following commands: ```bash -curl --cert --key --cacert --location --request GET 'https:///app-onboarding/v2/onboarding-jobs/' \ +curl --cert --key --cacert --location --request GET 'https:///app-onboarding/v2/onboarding-jobs/' \ --header 'Authorization: Bearer ' \ --header 'accept: application/json' ``` @@ -281,7 +281,7 @@ command (rapp-ericsson-eric-oss-hello-world-python-app-3-1-1-0 in the example). Run the following command to initialize the App. ```bash -curl --cert --key --cacert --location --request POST 'https:///app-lifecycle-management/v3/apps//initialization-actions' \ +curl --cert --key --cacert --location --request POST 'https:///app-lifecycle-management/v3/apps//initialization-actions' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ -d '{"action": "INITIALIZE"}' @@ -302,7 +302,7 @@ Example of command result: Repeat the following command until the status is changed to `INITIALIZED`. ```shell -curl --cert --key --cacert --location --request GET 'https:///app-lifecycle-management/v3/apps/' \ +curl --cert --key --cacert --location --request GET 'https:///app-lifecycle-management/v3/apps/' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' ``` @@ -387,7 +387,7 @@ Example of command result: Run the following command to switch the app mode from 'DISABLED' to 'ENABLED'. ```bash -curl --cert --key --cacert --location --request PUT 'https:///app-lifecycle-management/v3/apps//mode' \ +curl --cert --key --cacert --location --request PUT 'https:///app-lifecycle-management/v3/apps//mode' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ -d '{"mode": "ENABLED"}' @@ -445,7 +445,7 @@ Run the following commands to start the instantiation process using the #### Create App Instance ```shell -curl --cert --key --cacert --location --request POST 'https:///app-lifecycle-management/v3/app-instances' \ +curl --cert --key --cacert --location --request POST 'https:///app-lifecycle-management/v3/app-instances' \ --header 'accept: application/json' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ @@ -509,7 +509,7 @@ An app-instance `id` is shown in the command result within the app code. ```shell -curl --cert --key --cacert --location --request POST 'https:///app-lifecycle-management/v3/app-instances//deployment-actions' \ +curl --cert --key --cacert --location --request POST 'https:///app-lifecycle-management/v3/app-instances//deployment-actions' \ --header 'accept: application/json' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ @@ -575,7 +575,7 @@ Use the App instance ID in the following command to check the instantiation to `"status":"DEPLOYED"`. ```shell -curl --cert --key --cacert --location --request GET 'https:///app-lifecycle-management/v3/app-instances/' \ +curl --cert --key --cacert --location --request GET 'https:///app-lifecycle-management/v3/app-instances/' \ --header 'accept: application/json' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' @@ -661,7 +661,7 @@ For details, see [Service Exposure - Developer Guide](https://developer.intellig To create an API to be onboarded, run the following commands: ```bash -curl --cert --key --cacert --location --request POST 'https:///hub/apiprovisioning/v1/admin/v3/apis' \ +curl --cert --key --cacert --location --request POST 'https:///hub/apiprovisioning/v1/admin/v3/apis' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{ @@ -687,7 +687,7 @@ To create an endpoint for the previously generated API, run the following command: ```bash -curl --cert --key --cacert --location --request POST 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/endpoints' \ +curl --cert --key --cacert --location --request POST 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/endpoints' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{ @@ -700,7 +700,7 @@ To bind the plugin for authorization of the previously generated API, run the following command: ```bash -curl --cert --key --cacert --location --request PUT 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/phases/auth/plugin-list' \ +curl --cert --key --cacert --location --request PUT 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/phases/auth/plugin-list' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '[ @@ -714,7 +714,7 @@ To configure the binded plugin for authorization, run the following command: ```bash -curl --cert --key --cacert --location --request PUT 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/plugins/requestPartyTokenInterceptor/configuration' \ +curl --cert --key --cacert --location --request PUT 'https:///hub/apiprovisioning/v1/admin/v3/apis/hello-world-python-route-001/plugins/requestPartyTokenInterceptor/configuration' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{ @@ -732,7 +732,7 @@ Role-Based Access Control (RBAC) configuration is required. To add the RBAC policy run the following curl command: ```bash -curl --cert --key --cacert --location --request POST 'https:///idm/rolemgmt/v1/extapp/rbac' \ +curl --cert --key --cacert --location --request POST 'https:///idm/rolemgmt/v1/extapp/rbac' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' \ --data '{ From 0dc6404ee4e42fd3407eafe669c0a0f91509b92f Mon Sep 17 00:00:00 2001 From: erjxsrn Date: Tue, 17 Jun 2025 07:32:51 +0100 Subject: [PATCH 18/18] mtls client-secret adoption --- .../templates/_helpers.tpl | 19 ++++++- .../templates/deployment/deployment.yaml | 11 ++++ .../values.yaml | 7 +++ eric-oss-hello-world-python-app/config.py | 6 ++- eric-oss-hello-world-python-app/login.py | 53 +++++++++++++++---- .../mtls_logging.py | 16 ++++-- 6 files changed, 98 insertions(+), 14 deletions(-) diff --git a/charts/eric-oss-hello-world-python-app/templates/_helpers.tpl b/charts/eric-oss-hello-world-python-app/templates/_helpers.tpl index b584d95..25f27e0 100644 --- a/charts/eric-oss-hello-world-python-app/templates/_helpers.tpl +++ b/charts/eric-oss-hello-world-python-app/templates/_helpers.tpl @@ -341,4 +341,21 @@ Define the annotations for security policy */}} {{- define "eric-oss-hello-world-python-app.securityPolicy.annotations" -}} # Automatically generated annotations for documentation purposes. -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Define the function to get the secret name + */}} +{{- define "eric-oss-hello-world-python-app.clientSecret" -}} +{{- $clientSecret := "" -}} +{{- if .Values.global }} + {{- if .Values.global.clientCredentials }} + {{- if .Values.global.clientCredentials.secret }} + {{- if .Values.global.clientCredentials.secret.name }} + {{- $clientSecret = .Values.global.clientCredentials.secret.name }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- print $clientSecret }} +{{- end }} \ No newline at end of file diff --git a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml index 0202f30..78bd37c 100644 --- a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml @@ -63,6 +63,10 @@ spec: secret: secretName: {{ index .Values "appSecretName" | quote }} defaultMode: 420 + - name: client-creds + secret: + secretName: {{ include "eric-oss-hello-world-python-app.clientSecret" . | quote }} + defaultMode: 420 containers: - name: eric-oss-hello-world-python-app image: {{ template "eric-oss-hello-world-python-app.imagePath" (dict "imageId" "eric-oss-hello-world-python-app" "values" .Values "files" .Files) }} @@ -89,6 +93,9 @@ spec: - name: app-certs mountPath: {{ index .Values "appCertMountPath" | default .Values.instantiationDefaults.appCertMountPath | quote }} readOnly: true + - name: client-creds + mountPath: {{ index .Values "clientCredsMountPath" | default .Values.instantiationDefaults.clientCredsMountPath | quote }} + readOnly: true env: - name: IAM_CLIENT_ID value: {{ index .Values "clientId" | quote }} @@ -108,6 +115,10 @@ spec: value: {{ index .Values "appCertFileName" | quote }} - name: APP_CERT_FILE_PATH value: {{ index .Values "appCertMountPath" | default .Values.instantiationDefaults.appCertMountPath | quote }} + - name: CLIENT_CREDS_FILE_PATH + value: {{ index .Values "clientCredsMountPath" | default .Values.instantiationDefaults.clientCredsMountPath | quote }} + - name: CLIENT_ID_FILE_NAME + value: {{ .Values.global.clientCredentials.secret.clientIdKey | quote }} - name: AUTHENTICATION_TYPE value: {{ index .Values "authenticationType" | default .Values.instantiationDefaults.authenticationType | quote }} - name: SERVICE_NAME diff --git a/charts/eric-oss-hello-world-python-app/values.yaml b/charts/eric-oss-hello-world-python-app/values.yaml index 09cfc2d..06ff323 100644 --- a/charts/eric-oss-hello-world-python-app/values.yaml +++ b/charts/eric-oss-hello-world-python-app/values.yaml @@ -126,3 +126,10 @@ podPriority: instantiationDefaults: platformCaCertMountPath: "/etc/tls-ca/platform/" appCertMountPath: "/etc/tls/log/" + clientCredsMountPath: "/etc/client-creds/" + +global: + clientCredentials: + secret: + clientIdKey: "clientId" + name: "-cc" diff --git a/eric-oss-hello-world-python-app/config.py b/eric-oss-hello-world-python-app/config.py index a37a808..f075aff 100644 --- a/eric-oss-hello-world-python-app/config.py +++ b/eric-oss-hello-world-python-app/config.py @@ -16,6 +16,8 @@ def get_config(): app_cert = get_os_env_string("APP_CERT", "") app_cert_file_path = get_os_env_string("APP_CERT_FILE_PATH", "") authentication_type = get_os_env_string("AUTHENTICATION_TYPE", "") + client_creds_file_path = get_os_env_string("CLIENT_CREDS_FILE_PATH", "") + client_id_file_name = get_os_env_string("CLIENT_ID_FILE_NAME", "") config = { "iam_client_id": iam_client_id, @@ -28,7 +30,9 @@ def get_config(): "app_key": app_key, "app_cert": app_cert, "app_cert_file_path": app_cert_file_path, - "authentication_type": authentication_type + "authentication_type": authentication_type, + "client_creds_file_path": client_creds_file_path, + "client_id_file_name": client_id_file_name } return config diff --git a/eric-oss-hello-world-python-app/login.py b/eric-oss-hello-world-python-app/login.py index 02de129..ed97dd2 100644 --- a/eric-oss-hello-world-python-app/login.py +++ b/eric-oss-hello-world-python-app/login.py @@ -7,6 +7,8 @@ from urllib.parse import urljoin import json import requests +import logging +import re from config import get_config class LoginError(Exception): @@ -23,15 +25,16 @@ def login(): headers = { "Content-Type": "application/x-www-form-urlencoded" } - form_data = { - "grant_type": "client_credentials", - "client_id": config.get("iam_client_id"), - "client_secret": config.get("iam_client_secret"), - "tenant_id": "master" - } try: - resp = tls_login(login_url, form_data, headers) - except LoginError: + resp = tls_login(login_url, headers) + except LoginError as e: + error_message = str(e) + match = re.search(r'\((\d{3})\)', error_message) + if match: + status_code = int(match.group(1)) + print(f"Login failed with status code: {status_code}") + else: + print(f"Login failed: {error_message}") return None, 0 resp = json.loads(resp.decode('utf-8')) @@ -39,7 +42,7 @@ def login(): time_until_expiry -= 10 # add a buffer to ensure our session doesn't expire mid-request return token, time_until_expiry -def tls_login(url, form_data, headers): +def tls_login(url, headers): ''' This function sends an HTTP POST request with TLS for the login operation ''' @@ -49,7 +52,22 @@ def tls_login(url, form_data, headers): app_key = os.path.join("/", config.get("app_cert_file_path"), config.get("app_key")) authentication_type = config.get("authentication_type").lower() try: + + print("Headers:", headers) if authentication_type == "client-x509": + print("client_creds_file_path:", config.get("client_creds_file_path")) + print("client_id_file_name:", config.get("client_id_file_name")) + client_id_file_path = os.path.join("/", config.get("client_creds_file_path"), config.get("client_id_file_name")) + print("Hello 1:", client_id_file_path) + client_id = read_file(client_id_file_path) + print("Hello 2:", client_id) + form_data = { + "grant_type": "client_credentials", + "client_id": client_id, + "tenant_id": "master" + } + print("Form data1:", form_data) + print(f"Login1") response = requests.post( url, data=form_data, @@ -59,6 +77,14 @@ def tls_login(url, form_data, headers): cert=(app_cert, app_key) ) elif authentication_type == "client-secret": + form_data = { + "grant_type": "client_credentials", + "client_id": config.get("iam_client_id"), + "client_secret": config.get("iam_client_secret"), + "tenant_id": "master" + } + print("Form data2:", form_data) + print(f"Login2") response = requests.post( url, data=form_data, @@ -67,7 +93,16 @@ def tls_login(url, form_data, headers): verify=ca_cert ) if response.status_code != 200: + print(f"Log POST to https://{url} responded with {response.status_code}: {response.text}") + print(f"Login3") + print("Response status code:", response.status_code) + print("Response content:", response.text) raise LoginError(f"Login failed ({response.status_code})") except Exception as exception: + print(f"Login4") raise LoginError(f"Login failed ({exception})") from exception return response.content + +def read_file(path): + with open(path, "r") as f: + return f.read().strip() diff --git a/eric-oss-hello-world-python-app/mtls_logging.py b/eric-oss-hello-world-python-app/mtls_logging.py index dc91c70..cc143f6 100644 --- a/eric-oss-hello-world-python-app/mtls_logging.py +++ b/eric-oss-hello-world-python-app/mtls_logging.py @@ -97,8 +97,18 @@ def log(self, message, severity): ca_cert = os.path.join("/", self.config.get("ca_cert_file_path"), self.config.get("ca_cert_file_name")) app_cert = os.path.join("/", self.config.get("app_cert_file_path"), self.config.get("app_cert")) app_key = os.path.join("/", self.config.get("app_cert_file_path"), self.config.get("app_key")) - requests.post(f"https://{log_url}", json=json_data, timeout=5, - headers = headers, verify=ca_cert, cert=(app_cert, app_key)) + response = requests.post( + f"https://{log_url}", + json=json_data, + timeout=5, + headers=headers, + verify=ca_cert, + cert=(app_cert, app_key) + ) + + # Add this log after the request + print(f"Log POST to https://{log_url} responded with {response.status_code}: {response.text}") + except (requests.exceptions.InvalidURL, requests.exceptions.MissingSchema) as exception: # logs to console if failed to log to log transformer - self.logger.error("Request failed for mTLS logging: %s", exception) + self.logger.error("Request failed for mTLS logging: %s", exception) \ No newline at end of file