Merge pull request #69 from medianetlab/develop

Develop

CHANGELOG.md

@@ -1,4 +1,38 @@
 # Changelog
+## v2.0.0
+
+***Summary:***
+> - *Addition of nginx reverse proxy. Default ports are 8090 for http and 4443 for https*
+> - *Support of server side authentication based on self signed certificates using openssl*
+> - *Support TLS encryption*
+> - *Two step authorisation using OAuth2.0 (jwt tokens) both generated from CAPIF and NEF*
+> - *Migration to python 3.10*
+> - *Compatible with Docker Compose v2.0.0*
+
+### NEF APIs / backend
+
+- new class `OAuth2TwoTokensBearer` that overrides `OAuth2` class based on FastAPI's OAuth2PasswordBearer to support two tokens bearer to authorise either NEF or CAPIF jtw tokens (commiteaccf0f)
+- ⛔ breaking change: the exposed port 8888 is deprecated. All traffic is routed through the reverse proxy via dynamically defined ports. The default ports are 8090 for <kbd style="background-color:#eff7ff;">http</kbd> and 4443 for <kbd style="background-color:#eff7ff;">https</kbd> 
+
+### Docker 🐳
+
+-  ⛔ breaking change: Compatible with Docker Compose V2. CLI commands are now used by replacing the hyphen (-) with a space, using `docker compose`, instead of `docker-compose`. The changes are applied in the Makefile to help developers.
+-  Create env variables for nginx ports 👉`NGINX_HTTP` `NGINX_HTTPS` 
+-  Create env variable for nginx hostname 👉`NEF_HOST`
+-  Create env variable to enable token verification generated by CAPIF, if CAPIF is used. 👉`USE_PUBLIC_KEY_VERIFICATION`
+
+### Libraries
+
+-  Migrate to python 3.10 (from `^3.9.7` 👉 `~3.10`)
+-  Downgrade pyOpenSSL (from `23.0.0` 👉 `22.1.0`) to be compatible with evolved5g SDK
+-  Upgrade emails (from `^0.5.15` 👉 `^0.6`) to be compatible with python 3.10
+
+### Other
+
+ - ✔ Add option `--pull` to `build-no-cache` this forces docker to check and pull newer versions of the images during build
+
+<br><br>
+
 ## v1.6.2
 
 ### NEF APIs / backend

Makefile

@@ -6,43 +6,43 @@ prepare-dev-env:
 	cp env-file-for-local.dev .env
 
 
-# docker-compose TASKS
+# docker compose TASKS
 
 up:
-	docker-compose --profile dev up
+	docker compose --profile dev up
 
 upd:
-	docker-compose --profile dev up -d
+	docker compose --profile dev up -d
 
 debug-up:
-	docker-compose --profile debug up
+	docker compose --profile debug up
 
 debug-upd:
-	docker-compose --profile debug up -d
+	docker compose --profile debug up -d
 
 down:
-	docker-compose down
+	docker compose --profile debug down
 
 down-v: # also removes volumes
-	docker-compose down -v
+	docker compose --profile debug down -v
 
 stop:
-	docker-compose stop
+	docker compose --profile debug stop
 
 build:
-	docker-compose --profile debug build
+	docker compose --profile debug build
 
 build-no-cache:
-	docker-compose --profile debug build --no-cache --pull
+	docker compose --profile debug build --no-cache --pull
 
 logs:
-	docker-compose logs -f
+	docker compose logs -f
 
 logs-backend:
-	docker-compose logs -f backend
+	docker compose logs -f backend
 
 logs-mongo:
-	docker-compose logs -f mongo
+	docker compose logs -f mongo
 
 ps:
 	docker ps -a
@@ -62,8 +62,8 @@ db-init: #simple scenario with 3 UEs, 3 Cells, 1 gNB
 
 
 db-reset:
-	docker-compose exec db psql -h localhost -U postgres -d app -c 'TRUNCATE TABLE cell, gnb, monitoring, path, points, ue RESTART IDENTITY;'
-	docker-compose exec mongo_nef /bin/bash -c 'mongo fastapi -u $$MONGO_USER -p $$MONGO_PASSWORD --authenticationDatabase admin --eval "db.dropDatabase();"'
+	docker compose exec db psql -h localhost -U postgres -d app -c 'TRUNCATE TABLE cell, gnb, monitoring, path, points, ue RESTART IDENTITY;'
+	docker compose exec mongo_nef /bin/bash -c 'mongo fastapi -u $$MONGO_USER -p $$MONGO_PASSWORD --authenticationDatabase admin --eval "db.dropDatabase();"'
 
 
 db-reinit: db-reset db-init
@@ -72,4 +72,4 @@ db-reinit: db-reset db-init
 #Individual logs
 
 logs-location:
-	docker-compose logs -f backend 2>&1 | grep -E "(handovers|monitoringType|'ack')"
+	docker compose logs -f backend 2>&1 | grep -E "(handovers|monitoringType|'ack')"

backend/Dockerfile.backend

@@ -26,11 +26,13 @@ ENV PYTHONPATH=/app
 
 WORKDIR /
 
-RUN git clone https://github.com/EVOLVED-5G/SDK-CLI.git && \
-    cd SDK-CLI/ && \
-    git checkout libraries && \ 
-    python3 setup.py install && \ 
-    cp -R evolved5g /usr/local/lib/python3.10/site-packages/
+#Remove the comments below for manual testing of evolved5g library
+
+# RUN git clone https://github.com/EVOLVED-5G/SDK-CLI.git && \
+#     cd SDK-CLI/ && \
+#     git checkout develop && \ 
+#     python3 setup.py install && \ 
+#     cp -R evolved5g /usr/local/lib/python3.10/site-packages/
 
 WORKDIR /app/
 COPY ./start-reload.sh /

backend/app/app/api/api_v1/endpoints/monitoringevent.py

@@ -14,7 +14,7 @@
 router = APIRouter()
 db_collection= 'MonitoringEvent'
 
-@router.get("/{scsAsId}/subscriptions")
+@router.get("/{scsAsId}/subscriptions", response_model=List[schemas.MonitoringEventSubscription], responses={204: {"model" : None}})
 def read_active_subscriptions(
     *,
     scsAsId: str = Path(..., title="The ID of the Netapp that read all the subscriptions", example="myNetapp"),

backend/app/app/api/deps.py

@@ -30,7 +30,6 @@ def verify_with_public_key(tokens: Dict[str, str] = Depends(reusable_oauth2)):
         try:
             if "capif_token" in tokens:
                 token = tokens.get("capif_token") 
-                print(f"CAPIF token {token}")
             else:
                 token = tokens.get("token")
 
@@ -52,7 +51,6 @@ def get_current_user(
     try:
         if "nef_token" in tokens:
             token = tokens.get("nef_token") 
-            print(f"NEF token {token}")
         else:
             token = tokens.get("token")
 

backend/app/app/core/security.py

@@ -54,7 +54,6 @@ async def __call__(self, request: Request) -> Optional[Tuple[str, str]]:
 
         try:
             nef_token, capif_token = param.split(',')
-            print("Parameter splitted")
         except ValueError as ex:
             return {"token" : param}
 

backend/app/app/db/init_simple.sh

@@ -1,14 +1,13 @@
 #!/bin/bash
 
-PORT=8888
-URL=http://localhost
-
 set -a # automatically export all variables
 source .env
 set +a
 
+PORT=$NGINX_HTTPS
+URL=https://$DOMAIN
 
-TOKEN=$(curl -X 'POST' \
+TOKEN=$(curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/login/access-token" \
   -H 'accept: application/json' \
   -H 'Content-Type: application/x-www-form-urlencoded' \
@@ -26,7 +25,7 @@ printf '\n==================================================\n'
 
 
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/paths" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -45,7 +44,7 @@ curl -X 'POST' \
   "color": "#00a3cc"
 }'
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/paths" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -73,7 +72,7 @@ printf '\n==================================================\n'
 
 
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/gNBs" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -96,7 +95,7 @@ printf '\n==================================================\n'
 
 
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/Cells" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -111,7 +110,7 @@ curl -X 'POST' \
   "radius" : 100
 }'
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/Cells" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -126,7 +125,7 @@ curl -X 'POST' \
   "radius" : 150
 }'
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/Cells" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -141,7 +140,7 @@ curl -X 'POST' \
   "radius" : 100
 }'
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/Cells" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -165,7 +164,7 @@ printf 'Initiallizing UEs for admin...'
 printf '\n==================================================\n'
 
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/UEs" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -186,7 +185,7 @@ curl -X 'POST' \
   "speed": "LOW"
 }'
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/UEs" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -207,7 +206,7 @@ curl -X 'POST' \
   "speed": "LOW"
 }'
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/UEs" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -228,7 +227,7 @@ curl -X 'POST' \
   "speed": "HIGH"
 }'
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/UEs/associate/path" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -238,7 +237,7 @@ curl -X 'POST' \
   "path": 2
 }'
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/UEs/associate/path" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \
@@ -248,7 +247,7 @@ curl -X 'POST' \
   "path": 1
 }'
 
-curl -X 'POST' \
+curl -k -X 'POST' \
   "${URL}:${PORT}/api/v1/UEs/associate/path" \
   -H 'accept: application/json' \
   -H "Authorization: Bearer ${TOKEN}" \

backend/app/pyproject.toml

@@ -24,7 +24,7 @@ sqlalchemy = "^1.3.16"
 pytest = ">6"
 python-jose = {extras = ["cryptography"], version = "^3.1.0"}
 aiofiles = "^0.6.0"
-evolved5g = "^0.8.3"
+evolved5g = "^1.0.0"
 pyOpenSSL = "22.1.0" 
 
 

docker-compose.yml

@@ -66,8 +66,6 @@ services:
     image: '${DOCKER_IMAGE_BACKEND?Variable not set}:${TAG-latest}'
     profiles: ["debug", "dev"]
     command: /start-reload.sh
-    ports:
-      - "${SERVER_PORT}:80"
     volumes:
       - ./backend/app:/app
     env_file:
@@ -115,7 +113,7 @@ services:
       - db
     networks:
       - services_default
-    command: /dynamic_ports.sh
+    command: sh -c '/self-signed-crt.sh && /dynamic_ports.sh'
 
 networks:
     services_default:
@@ -126,5 +124,4 @@ volumes:
   app-db-data:
   pgadmin-data:
   app-mongo-db-data:
-  nginxdata:
-
+  nginxdata:

nginx/Dockerfile.nginx

@@ -1,16 +1,13 @@
 FROM nginx:1.23.2
 
-RUN rm -rf /etc/nginx/conf.d/default.conf
-
-COPY conf.d/app.conf /etc/nginx/conf.d/app.conf
 
+#Create the private-public keys only on build
+COPY ./self-signed-crt.sh /
+RUN chmod 700 self-signed-crt.sh
 RUN mkdir -p /etc/nginx/certs
+# RUN /self-signed-crt.sh
 
-COPY ./certs /etc/nginx/certs
+RUN rm -rf /etc/nginx/conf.d/default.conf
+COPY ./conf.d/app.conf /etc/nginx/conf.d/app.conf
 COPY ./dynamic_ports.sh /
-RUN chmod 700 dynamic_ports.sh
-COPY ./self-signed-crt.sh /
-
-
-#Create the private-public keys only on build
-RUN /self-signed-crt.sh
+RUN chmod 700 dynamic_ports.sh