From 6c8f13b544223db874223a65ca8f62ef67d97354 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Thu, 13 Feb 2025 13:19:39 +0100 Subject: [PATCH 01/20] Added CAPIF configuration to MongoDB and integrated security method order selection --- .../capif_security/core/servicesecurity.py | 17 +++++++++++++++-- services/helper/config.yaml | 16 ++++++++++++++++ services/helper/helper_service/db/db.py | 19 +++++++++++++++++++ 3 files changed, 50 insertions(+), 2 deletions(-) diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py b/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py index 916b2861..b1136480 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py @@ -182,8 +182,21 @@ class SecurityOperations(Resource): "Not found comptaible security method with pref security method") return bad_request_error(detail="Not found compatible security method with pref security method", cause="Error pref security method", invalid_params=[{"param": "prefSecurityMethods", "reason": "pref security method not compatible with security method available"}]) - service_instance.sel_security_method = list( - valid_security_method)[0] + # Retrieve security method priority configuration from the database + config_col = self.db.get_col_by_name("capifConfiguration") + capif_config = config_col.find_one({"config_name": "default"}) + if not capif_config: + current_app.logger.error("CAPIF Configuration not found when trying to retrieve security method priority") + return internal_server_error(detail="CAPIF Configuration not found when trying to retrieve security method priority", cause="Database Error") + + priority_mapping = capif_config["settings"]["security_method_priority"] + + # Sort valid security methods based on priority from the configuration + sorted_methods = sorted(valid_security_method, key=lambda method: priority_mapping.get(method.lower(), float('inf'))) + + # Select the highest-priority security method + service_instance.sel_security_method = sorted_methods[0] + # Send service instance to ACL current_app.logger.debug("Sending message to create ACL") publish_ops.publish_message("acls-messages", "create-acl:"+str( diff --git a/services/helper/config.yaml b/services/helper/config.yaml index bb090f08..d4cb1f40 100644 --- a/services/helper/config.yaml +++ b/services/helper/config.yaml @@ -7,6 +7,7 @@ mongo: { 'col_services': "serviceapidescriptions", 'col_security': "security", 'col_event': "eventsdetails", + 'col_capifConfiguration': "capifConfiguration", 'host': 'mongo', 'port': "27017" } @@ -17,3 +18,18 @@ ca_factory: { "token": "dev-only-token", "verify": False } + +capifConfiguration: { + config_name: "default", + version: "1.0", + description: "Default CAPIF Configuration", + settings: { + certify_expiration_period: 30, + acls_size_configuration: 24, + security_method_priority: { + psk: 1, + pki: 2, + oauth: 3 + } + } +} diff --git a/services/helper/helper_service/db/db.py b/services/helper/helper_service/db/db.py index 57b9b72e..85fdd7c5 100644 --- a/services/helper/helper_service/db/db.py +++ b/services/helper/helper_service/db/db.py @@ -16,6 +16,9 @@ class MongoDatabse(): self.services_col = self.config['mongo']['col_services'] self.security_context_col = self.config['mongo']['col_security'] self.events = self.config['mongo']['col_event'] + self.capifConfiguration = self.config['mongo']['col_capifConfiguration'] + + self.initialize_capif_configuration() def get_col_by_name(self, name): @@ -45,3 +48,19 @@ class MongoDatabse(): if self.db.client: self.db.client.close() + def initialize_capif_configuration(self): + """ + Inserts default data into the capifConfiguration collection if it is empty. + The data is taken from config.yaml. + """ + capif_col = self.get_col_by_name(self.capifConfiguration) + + if capif_col.count_documents({}) == 0: + # Read configuration from config.yaml + default_config = self.config["capifConfiguration"] + + capif_col.insert_one(default_config) + print("Default data inserted into the capifConfiguration collection from config.yaml") + else: + print("The capifConfiguration collection already contains data. No default values were inserted.") + -- GitLab From ec32f3c5a39436f925c6e31cbacfb0f69cfac662 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Tue, 18 Feb 2025 10:37:13 +0100 Subject: [PATCH 02/20] Integrated configuration para ACL sizes --- .../capif_acl/core/internal_service_ops.py | 25 ++++++++-- services/helper/config.yaml | 10 ++-- .../controllers/helper_controller.py | 29 +++++++++++ .../helper_service/core/helper_operations.py | 48 +++++++++++++++++++ 4 files changed, 105 insertions(+), 7 deletions(-) diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py index 520f35c1..db159726 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py @@ -21,6 +21,23 @@ class InternalServiceOps(Resource): mycol = self.db.get_col_by_name(self.db.acls) + # 🚨 Nueva Lógica: Recuperar configuración desde capifConfiguration en MongoDB + config_col = self.db.get_col_by_name("capifConfiguration") + capif_config = config_col.find_one({"config_name": "default"}) + + if capif_config: + settings = capif_config.get("settings", {}).get("acl_policy_settings", {}) + allowed_total_invocations = settings.get("allowedTotalInvocations", 100) + allowed_invocations_per_second = settings.get("allowedInvocationsPerSecond", 10) + time_range_days = settings.get("allowedInvocationTimeRangeDays", 365) + else: + current_app.logger.error("CAPIF Configuration not found, applying all values to 0.") + allowed_total_invocations = 0 + allowed_invocations_per_second = 0 + time_range_days = 0 + + + res = mycol.find_one( {"service_id": service_id, "aef_id": aef_id}, {"_id": 0}) @@ -28,9 +45,9 @@ class InternalServiceOps(Resource): current_app.logger.info( f"Adding invoker ACL for invoker {invoker_id}") range_list = [TimeRangeList( - datetime.utcnow(), datetime.utcnow()+timedelta(days=365))] + datetime.utcnow(), datetime.utcnow()+timedelta(days=time_range_days))] invoker_acl = ApiInvokerPolicy( - invoker_id, current_app.config["invocations"]["total"], current_app.config["invocations"]["perSecond"], range_list) + invoker_id, allowed_total_invocations, allowed_invocations_per_second, range_list) r = mycol.find_one({"service_id": service_id, "aef_id": aef_id, "api_invoker_policies.api_invoker_id": invoker_id}, {"_id": 0}) if r is None: @@ -40,9 +57,9 @@ class InternalServiceOps(Resource): current_app.logger.info( f"Creating service ACLs for service: {service_id}") range_list = [TimeRangeList( - datetime.utcnow(), datetime.utcnow()+timedelta(days=365))] + datetime.utcnow(), datetime.utcnow()+timedelta(days=time_range_days))] invoker_acl = ApiInvokerPolicy( - invoker_id, current_app.config["invocations"]["total"], current_app.config["invocations"]["perSecond"], range_list) + invoker_id, allowed_total_invocations, allowed_invocations_per_second, range_list) service_acls = { "service_id": service_id, diff --git a/services/helper/config.yaml b/services/helper/config.yaml index d4cb1f40..94c01773 100644 --- a/services/helper/config.yaml +++ b/services/helper/config.yaml @@ -25,11 +25,15 @@ capifConfiguration: { description: "Default CAPIF Configuration", settings: { certify_expiration_period: 30, - acls_size_configuration: 24, security_method_priority: { - psk: 1, + oauth: 1, pki: 2, - oauth: 3 + psk: 3 + }, + acl_policy_settings: { + allowedTotalInvocations: 5, + allowedInvocationsPerSecond: 10, + allowedInvocationTimeRangeDays: 365 } } } diff --git a/services/helper/helper_service/controllers/helper_controller.py b/services/helper/helper_service/controllers/helper_controller.py index 03d276b7..f2ba5f4a 100644 --- a/services/helper/helper_service/controllers/helper_controller.py +++ b/services/helper/helper_service/controllers/helper_controller.py @@ -113,3 +113,32 @@ def getEvents(): @helper_routes.route("/helper/deleteEntities/", methods=["DELETE"]) def deleteUserEntities(uuid): return helper_operation.remove_entities(uuid) + + +@helper_routes.route("/helper/getConfiguration", methods=["GET"]) +def getConfiguration(): + """Devuelve toda la configuración actual""" + return helper_operation.get_configuration() + + +@helper_routes.route("/helper/updateConfigParam", methods=["PATCH"]) +def updateConfigParam(): + """Actualiza un único parámetro de la configuración""" + data = request.json + param_path = data.get("param_path") # Ej. "settings.acl_policy_settings.allowedTotalInvocations" + new_value = data.get("new_value") + + if not param_path or new_value is None: + return jsonify(message="Missing 'param_path' or 'new_value' in request body"), 400 + + return helper_operation.update_config_param(param_path, new_value) + + +@helper_routes.route("/helper/replaceConfiguration", methods=["PUT"]) +def replaceConfiguration(): + """Reemplaza toda la configuración con una nueva""" + new_config = request.json + if not new_config: + return jsonify(message="Missing new configuration in request body"), 400 + + return helper_operation.replace_configuration(new_config) diff --git a/services/helper/helper_service/core/helper_operations.py b/services/helper/helper_service/core/helper_operations.py index d8a49c01..87dd366f 100644 --- a/services/helper/helper_service/core/helper_operations.py +++ b/services/helper/helper_service/core/helper_operations.py @@ -201,6 +201,54 @@ class HelperOperations: current_app.logger.debug(f"User entities removed successfully") return jsonify(message="User entities removed successfully"), 200 + def get_configuration(self): + """Recupera toda la configuración actual""" + current_app.logger.debug("Retrieving current CAPIF configuration") + config_col = self.db.get_col_by_name(self.db.capifConfiguration) + config = config_col.find_one({"config_name": "default"}, {"_id": 0}) + + if not config: + return jsonify(message="No CAPIF configuration found"), 404 + + return jsonify(config), 200 + + + def update_config_param(self, param_path, new_value): + """ + Actualiza un único parámetro en la configuración. + param_path: Ruta del parámetro (ej. settings.acl_policy_settings.allowedTotalInvocations) + """ + current_app.logger.debug(f"Updating configuration parameter: {param_path} with value: {new_value}") + + config_col = self.db.get_col_by_name(self.db.capifConfiguration) + + # Construir el query dinámico para actualizar un parámetro específico + update_query = {"$set": {param_path: new_value}} + + result = config_col.update_one({"config_name": "default"}, update_query) + + if result.modified_count == 0: + return jsonify(message=f"No configuration found or parameter '{param_path}' not updated"), 404 + + return jsonify(message=f"Parameter '{param_path}' updated successfully"), 200 + def replace_configuration(self, new_config): + """ + Reemplaza toda la configuración actual con una nueva. + """ + current_app.logger.debug("Replacing entire CAPIF configuration") + + config_col = self.db.get_col_by_name(self.db.capifConfiguration) + + # Reemplazar la configuración existente con la nueva + result = config_col.replace_one({"config_name": "default"}, new_config, upsert=True) + + if result.matched_count == 0: + return jsonify(message="No existing configuration found; a new one was created"), 201 + + return jsonify(message="Configuration replaced successfully"), 200 + + + -- GitLab From 3c7bbe2343b1af4c98024e4bd4f1316146d3c213 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Mon, 3 Mar 2025 14:20:28 +0100 Subject: [PATCH 03/20] Use ttls from configuratio database and add config database for register --- .../core/apiinvokerenrolmentdetails.py | 9 ++++- .../core/sign_certificate.py | 8 ++++- services/helper/config.yaml | 4 ++- services/helper/helper_service/app.py | 9 ++++- .../controllers/helper_controller.py | 6 ++-- services/register/register_service/app.py | 7 +++- .../controllers/register_controller.py | 36 +++++++++++++++++++ .../core/register_operations.py | 36 +++++++++++++++++++ services/register/register_service/db/db.py | 13 ++++++- services/vault/vault_prepare_certs.sh | 2 +- 10 files changed, 120 insertions(+), 10 deletions(-) diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py index fcc1a188..8b4b74fd 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py @@ -18,6 +18,9 @@ from .responses import bad_request_error, not_found_error, forbidden_error, inte from ..config import Config from ..util import dict_to_camel_case, serialize_clean_camel_case +from api_invoker_management.db.db import MongoDatabse + + publisher_ops = Publisher() @@ -38,11 +41,14 @@ class InvokerManagementOperations(Resource): def __sign_cert(self, publick_key, invoker_id): + capif_config = self.db.get_col_by_name("capifConfiguration").find_one({"config_name": "default"}) + ttl_invoker_cert = capif_config["settings"].get("ttl_invoker_cert", "43000h") + url = f"http://{self.config['ca_factory']['url']}:{self.config['ca_factory']['port']}/v1/pki_int/sign/my-ca" headers = {'X-Vault-Token': self.config['ca_factory']['token']} data = { 'format': 'pem_bundle', - 'ttl': '43000h', + 'ttl': ttl_invoker_cert, 'csr': publick_key, 'common_name': invoker_id } @@ -58,6 +64,7 @@ class InvokerManagementOperations(Resource): Resource.__init__(self) self.auth_manager = AuthManager() self.config = Config().get_config() + self.db = MongoDatabse() def add_apiinvokerenrolmentdetail(self, apiinvokerenrolmentdetail, username, uuid): diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py index f535a6c8..45c5c08e 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py @@ -3,17 +3,23 @@ import json import requests from ..config import Config +from ..db.db import MongoDatabse def sign_certificate(publick_key, provider_id): config = Config().get_config() + + db = MongoDatabse() + capif_config = db.get_col_by_name("capifConfiguration").find_one({"config_name": "default"}) + ttl_provider_cert = capif_config.get("settings", {}).get("ttl_provider_cert", "4300h") + url = f"http://{config['ca_factory']['url']}:{config['ca_factory']['port']}/v1/pki_int/sign/my-ca" headers = {'X-Vault-Token': config['ca_factory']['token']} data = { 'format':'pem_bundle', - 'ttl': '43000h', + 'ttl': ttl_provider_cert, 'csr': publick_key, 'common_name': provider_id } diff --git a/services/helper/config.yaml b/services/helper/config.yaml index 94c01773..c895dfae 100644 --- a/services/helper/config.yaml +++ b/services/helper/config.yaml @@ -24,7 +24,9 @@ capifConfiguration: { version: "1.0", description: "Default CAPIF Configuration", settings: { - certify_expiration_period: 30, + ttl_superadmin_cert: "4300h", + ttl_invoker_cert: "4300h", + ttl_provider_cert: "4300h", security_method_priority: { oauth: 1, pki: 2, diff --git a/services/helper/helper_service/app.py b/services/helper/helper_service/app.py index 3f9ae5c1..9440cbd3 100644 --- a/services/helper/helper_service/app.py +++ b/services/helper/helper_service/app.py @@ -2,6 +2,8 @@ import json import logging import os +from db.db import MongoDatabse + import requests from OpenSSL.crypto import PKey, TYPE_RSA, X509Req, dump_certificate_request, FILETYPE_PEM, dump_privatekey from flask import Flask @@ -12,6 +14,11 @@ from controllers.helper_controller import helper_routes app = Flask(__name__) config = Config().get_config() +# Connect MongoDB and get TTL for superadmin certificate +db = MongoDatabse() +capif_config = db.get_col_by_name("capifConfiguration").find_one({"config_name": "default"}) +ttl_superadmin_cert = capif_config["settings"].get("ttl_superadmin_cert", "43000h") + # Setting log level log_level = os.getenv('LOG_LEVEL', 'INFO').upper() numeric_level = getattr(logging, log_level, logging.INFO) @@ -42,7 +49,7 @@ url = 'http://{}:{}/v1/pki_int/sign/my-ca'.format(config["ca_factory"]["url"], c headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"} data = { 'format':'pem_bundle', - 'ttl': '43000h', + 'ttl': ttl_superadmin_cert, 'csr': csr_request, 'common_name': "superadmin" } diff --git a/services/helper/helper_service/controllers/helper_controller.py b/services/helper/helper_service/controllers/helper_controller.py index f2ba5f4a..66a20d6b 100644 --- a/services/helper/helper_service/controllers/helper_controller.py +++ b/services/helper/helper_service/controllers/helper_controller.py @@ -117,13 +117,13 @@ def deleteUserEntities(uuid): @helper_routes.route("/helper/getConfiguration", methods=["GET"]) def getConfiguration(): - """Devuelve toda la configuración actual""" + """Returns the current configuration""" return helper_operation.get_configuration() @helper_routes.route("/helper/updateConfigParam", methods=["PATCH"]) def updateConfigParam(): - """Actualiza un único parámetro de la configuración""" + """Updates a single configuration parameter""" data = request.json param_path = data.get("param_path") # Ej. "settings.acl_policy_settings.allowedTotalInvocations" new_value = data.get("new_value") @@ -136,7 +136,7 @@ def updateConfigParam(): @helper_routes.route("/helper/replaceConfiguration", methods=["PUT"]) def replaceConfiguration(): - """Reemplaza toda la configuración con una nueva""" + """Replaces the entire configuration with a new one""" new_config = request.json if not new_config: return jsonify(message="Missing new configuration in request body"), 400 diff --git a/services/register/register_service/app.py b/services/register/register_service/app.py index 5e9c9a45..c1e5424c 100644 --- a/services/register/register_service/app.py +++ b/services/register/register_service/app.py @@ -19,6 +19,11 @@ jwt_manager = JWTManager(app) config = Config().get_config() +# Connect MongoDB and get TTL for superadmin certificate +db = MongoDatabse() +capif_config = db.get_col_by_name("capifConfiguration").find_one({"config_name": "default"}) +ttl_superadmin_cert = capif_config.get("settings", {}).get("ttl_superadmin_cert", "43000h") + # Setting log level log_level = os.getenv('LOG_LEVEL', 'INFO').upper() numeric_level = getattr(logging, log_level, logging.INFO) @@ -49,7 +54,7 @@ url = 'http://{}:{}/v1/pki_int/sign/my-ca'.format(config["ca_factory"]["url"], c headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"} data = { 'format':'pem_bundle', - 'ttl': '43000h', + 'ttl': ttl_superadmin_cert, 'csr': csr_request, 'common_name': "superadmin" } diff --git a/services/register/register_service/controllers/register_controller.py b/services/register/register_service/controllers/register_controller.py index ff3a5618..b2fdc876 100644 --- a/services/register/register_service/controllers/register_controller.py +++ b/services/register/register_service/controllers/register_controller.py @@ -156,3 +156,39 @@ def remove(username, uuid): def getUsers(username): current_app.logger.debug(f"Returning list of users to admin {username}") return register_operation.get_users() + + +@register_routes.route("/configuration", methods=["GET"]) +@admin_required() +def get_register_configuration(username): + """Retrieve the current register configuration""" + current_app.logger.debug(f"Admin {username} is retrieving the register configuration") + return register_operation.get_register_configuration() + + +@register_routes.route("/configuration", methods=["PATCH"]) +@admin_required() +def update_register_config_param(username): + """Update a single parameter in the register configuration""" + data = request.json + param_path = data.get("param_path") + new_value = data.get("new_value") + + if not param_path or new_value is None: + return jsonify(message="Missing 'param_path' or 'new_value' in request body"), 400 + + current_app.logger.debug(f"Admin {username} is updating parameter {param_path} with value {new_value}") + return register_operation.update_register_config_param(param_path, new_value) + + +@register_routes.route("/configuration", methods=["PUT"]) +@admin_required() +def replace_register_configuration(username): + """Replace the entire register configuration""" + new_config = request.json + if not new_config: + return jsonify(message="Missing new configuration in request body"), 400 + + current_app.logger.debug(f"Admin {username} is replacing the entire register configuration") + return register_operation.replace_register_configuration(new_config) + diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index 937ce0bd..07b837f8 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -94,3 +94,39 @@ class RegisterOperations: except Exception as e: return jsonify(message=f"Error trying to get users: {e}"), 500 + + def get_register_configuration(self): + """Retrieve the current register configuration from MongoDB""" + current_app.logger.debug("Retrieving register configuration") + config_col = self.db.get_col_by_name(self.db.capifConfiguration) + config = config_col.find_one({"config_name": "default"}, {"_id": 0}) + + if not config: + return jsonify(message="No register configuration found"), 404 + + return jsonify(config), 200 + + def update_register_config_param(self, param_path, new_value): + """Update a specific parameter in the register configuration""" + current_app.logger.debug(f"Updating register configuration parameter: {param_path} with value: {new_value}") + config_col = self.db.get_col_by_name(self.db.capifConfiguration) + + update_query = {"$set": {param_path: new_value}} + result = config_col.update_one({"config_name": "default"}, update_query) + + if result.modified_count == 0: + return jsonify(message=f"No configuration found or parameter '{param_path}' not updated"), 404 + + return jsonify(message=f"Parameter '{param_path}' updated successfully"), 200 + + def replace_register_configuration(self, new_config): + """Replace the entire register configuration""" + current_app.logger.debug("Replacing entire register configuration") + config_col = self.db.get_col_by_name(self.db.capifConfiguration) + + result = config_col.replace_one({"config_name": "default"}, new_config, upsert=True) + + if result.matched_count == 0: + return jsonify(message="No existing configuration found; a new one was created"), 201 + + return jsonify(message="Register configuration replaced successfully"), 200 diff --git a/services/register/register_service/db/db.py b/services/register/register_service/db/db.py index e1db51bd..88cbce1b 100644 --- a/services/register/register_service/db/db.py +++ b/services/register/register_service/db/db.py @@ -12,7 +12,9 @@ class MongoDatabse(): self.db = self.__connect() self.capif_users = self.config['mongo']['col'] self.capif_admins = self.config['mongo']['admins'] - + self.capifConfiguration = self.config['mongo']['col_capifConfiguration'] + + self.initialize_capif_configuration() def get_col_by_name(self, name): return self.db[name] @@ -33,6 +35,15 @@ class MongoDatabse(): time.sleep(retry_delay) return None + def initialize_capif_configuration(self): + capif_col = self.get_col_by_name(self.capifConfiguration) + if capif_col.count_documents({}) == 0: + default_config = self.config["capifConfiguration"] + capif_col.insert_one(default_config) + print("Default data inserted into the capifConfiguration collection from config.yaml") + else: + print("The capifConfiguration collection already contains data. No default values were inserted.") + def close_connection(self): if self.db.client: self.db.client.close() diff --git a/services/vault/vault_prepare_certs.sh b/services/vault/vault_prepare_certs.sh index b209ecfe..58a83ba0 100644 --- a/services/vault/vault_prepare_certs.sh +++ b/services/vault/vault_prepare_certs.sh @@ -44,7 +44,7 @@ vault write -format=json pki/root/sign-intermediate \ vault write pki_int/intermediate/set-signed certificate=@capif_intermediate.cert.pem # Configure the role for the intermediate CA -vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=true use_csr_sans=false allowed_domains=$HOSTNAME allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h ttl=4300h +vault write pki_int/roles/my-ca use_csr_common_name=false require_cn=true use_csr_sans=false allowed_domains=$HOSTNAME allow_any_name=true allow_bare_domains=true allow_glob_domains=true allow_subdomains=true max_ttl=4300h # Generate a certificate openssl genrsa -out ./server.key 2048 -- GitLab From 1096cec4aec820b34b2ca494f15d5d06bcad9c90 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Thu, 6 Mar 2025 09:13:42 +0100 Subject: [PATCH 04/20] Register conf --- services/register/config.yaml.bak | 38 +++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 services/register/config.yaml.bak diff --git a/services/register/config.yaml.bak b/services/register/config.yaml.bak new file mode 100644 index 00000000..3d3a42b9 --- /dev/null +++ b/services/register/config.yaml.bak @@ -0,0 +1,38 @@ +mongo: { + 'user': 'root', + 'password': 'example', + 'db': 'capif_users', + 'col': 'user', + 'col_capifConfiguration': "capifConfiguration", + 'admins': 'admins', + 'host': 'mongo_register', + 'port': '27017' +} +ca_factory: { + "url": "vault", + "port": "8200", + "token": "dev-only-token", + "verify": False +} + +ccf: { + "url": "capifcore", + "helper_remove_user": "/helper/deleteEntities/" +} + +register: { + "register_uuid": '6ba7b810-9dad-11d1-80b4-00c04fd430c8', + "refresh_expiration": 30, #days + "token_expiration": 10, #mins + "admin_users": {admin_user: "admin", + admin_pass: "password123"} +} + +capifConfiguration: { + "config_name": "default", + "version": "1.0", + "description": "Default Register Configuration", + "settings": { + ttl_superadmin_cert: "4300h" + } +} -- GitLab From e4f0e86c640e883ec6373db5fe52f2f55101c842 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Thu, 6 Mar 2025 19:02:24 +0100 Subject: [PATCH 05/20] unnecessary file --- services/register/config.yaml.bak | 38 ------------------------------- 1 file changed, 38 deletions(-) delete mode 100644 services/register/config.yaml.bak diff --git a/services/register/config.yaml.bak b/services/register/config.yaml.bak deleted file mode 100644 index 3d3a42b9..00000000 --- a/services/register/config.yaml.bak +++ /dev/null @@ -1,38 +0,0 @@ -mongo: { - 'user': 'root', - 'password': 'example', - 'db': 'capif_users', - 'col': 'user', - 'col_capifConfiguration': "capifConfiguration", - 'admins': 'admins', - 'host': 'mongo_register', - 'port': '27017' -} -ca_factory: { - "url": "vault", - "port": "8200", - "token": "dev-only-token", - "verify": False -} - -ccf: { - "url": "capifcore", - "helper_remove_user": "/helper/deleteEntities/" -} - -register: { - "register_uuid": '6ba7b810-9dad-11d1-80b4-00c04fd430c8', - "refresh_expiration": 30, #days - "token_expiration": 10, #mins - "admin_users": {admin_user: "admin", - admin_pass: "password123"} -} - -capifConfiguration: { - "config_name": "default", - "version": "1.0", - "description": "Default Register Configuration", - "settings": { - ttl_superadmin_cert: "4300h" - } -} -- GitLab From f890e5dd2f5893a2c9c138d8ee3e869c200672ef Mon Sep 17 00:00:00 2001 From: guillecxb Date: Thu, 6 Mar 2025 19:09:13 +0100 Subject: [PATCH 06/20] refactor: rename camelCase variables to snake_case --- services/helper/config.yaml | 4 ++-- services/helper/helper_service/app.py | 2 +- services/helper/helper_service/db/db.py | 12 ++++++------ services/register/config.yaml | 12 +++++++++++- services/register/register_service/db/db.py | 10 +++++----- 5 files changed, 25 insertions(+), 15 deletions(-) diff --git a/services/helper/config.yaml b/services/helper/config.yaml index c895dfae..4ff44224 100644 --- a/services/helper/config.yaml +++ b/services/helper/config.yaml @@ -7,7 +7,7 @@ mongo: { 'col_services': "serviceapidescriptions", 'col_security': "security", 'col_event': "eventsdetails", - 'col_capifConfiguration': "capifConfiguration", + 'col_capif_configuration': "capif_configuration", 'host': 'mongo', 'port': "27017" } @@ -19,7 +19,7 @@ ca_factory: { "verify": False } -capifConfiguration: { +capif_configuration: { config_name: "default", version: "1.0", description: "Default CAPIF Configuration", diff --git a/services/helper/helper_service/app.py b/services/helper/helper_service/app.py index 9440cbd3..b110eb18 100644 --- a/services/helper/helper_service/app.py +++ b/services/helper/helper_service/app.py @@ -16,7 +16,7 @@ config = Config().get_config() # Connect MongoDB and get TTL for superadmin certificate db = MongoDatabse() -capif_config = db.get_col_by_name("capifConfiguration").find_one({"config_name": "default"}) +capif_config = db.get_col_by_name("capif_configuration").find_one({"config_name": "default"}) ttl_superadmin_cert = capif_config["settings"].get("ttl_superadmin_cert", "43000h") # Setting log level diff --git a/services/helper/helper_service/db/db.py b/services/helper/helper_service/db/db.py index 85fdd7c5..8a7ea94d 100644 --- a/services/helper/helper_service/db/db.py +++ b/services/helper/helper_service/db/db.py @@ -16,7 +16,7 @@ class MongoDatabse(): self.services_col = self.config['mongo']['col_services'] self.security_context_col = self.config['mongo']['col_security'] self.events = self.config['mongo']['col_event'] - self.capifConfiguration = self.config['mongo']['col_capifConfiguration'] + self.capif_configuration = self.config['mongo']['col_capif_configuration'] self.initialize_capif_configuration() @@ -50,17 +50,17 @@ class MongoDatabse(): def initialize_capif_configuration(self): """ - Inserts default data into the capifConfiguration collection if it is empty. + Inserts default data into the capif_configuration collection if it is empty. The data is taken from config.yaml. """ - capif_col = self.get_col_by_name(self.capifConfiguration) + capif_col = self.get_col_by_name(self.capif_configuration) if capif_col.count_documents({}) == 0: # Read configuration from config.yaml - default_config = self.config["capifConfiguration"] + default_config = self.config["capif_configuration"] capif_col.insert_one(default_config) - print("Default data inserted into the capifConfiguration collection from config.yaml") + print("Default data inserted into the capif_configuration collection from config.yaml") else: - print("The capifConfiguration collection already contains data. No default values were inserted.") + print("The capif_configuration collection already contains data. No default values were inserted.") diff --git a/services/register/config.yaml b/services/register/config.yaml index f1e1a257..a974120d 100644 --- a/services/register/config.yaml +++ b/services/register/config.yaml @@ -3,6 +3,7 @@ mongo: { 'password': 'example', 'db': 'capif_users', 'col': 'user', + 'col_capif_configuration': "capif_configuration", 'admins': 'admins', 'host': 'mongo_register', 'port': '27017' @@ -25,4 +26,13 @@ register: { "token_expiration": 10, #mins "admin_users": {admin_user: "admin", admin_pass: "password123"} -} \ No newline at end of file +} + +capif_configuration: { + "config_name": "default", + "version": "1.0", + "description": "Default Register Configuration", + "settings": { + ttl_superadmin_cert: "4300h" + } +} diff --git a/services/register/register_service/db/db.py b/services/register/register_service/db/db.py index 88cbce1b..a93cdeaa 100644 --- a/services/register/register_service/db/db.py +++ b/services/register/register_service/db/db.py @@ -12,7 +12,7 @@ class MongoDatabse(): self.db = self.__connect() self.capif_users = self.config['mongo']['col'] self.capif_admins = self.config['mongo']['admins'] - self.capifConfiguration = self.config['mongo']['col_capifConfiguration'] + self.capif_configuration = self.config['mongo']['col_capif_configuration'] self.initialize_capif_configuration() @@ -36,13 +36,13 @@ class MongoDatabse(): return None def initialize_capif_configuration(self): - capif_col = self.get_col_by_name(self.capifConfiguration) + capif_col = self.get_col_by_name(self.capif_configuration) if capif_col.count_documents({}) == 0: - default_config = self.config["capifConfiguration"] + default_config = self.config["capif_configuration"] capif_col.insert_one(default_config) - print("Default data inserted into the capifConfiguration collection from config.yaml") + print("Default data inserted into the capif_configuration collection from config.yaml") else: - print("The capifConfiguration collection already contains data. No default values were inserted.") + print("The capif_configuration collection already contains data. No default values were inserted.") def close_connection(self): if self.db.client: -- GitLab From 112e7225348ae17abe148540b0a6eb54a426123d Mon Sep 17 00:00:00 2001 From: guillecxb Date: Fri, 7 Mar 2025 16:24:40 +0100 Subject: [PATCH 07/20] refactor config --- .../core/apiinvokerenrolmentdetails.py | 4 ++-- .../core/sign_certificate.py | 4 ++-- .../capif_acl/core/internal_service_ops.py | 4 ++-- .../capif_security/core/servicesecurity.py | 2 +- services/helper/config.yaml | 20 ++++++++++--------- services/helper/helper_service/app.py | 7 ++++++- .../helper_service/core/helper_operations.py | 6 +++--- services/register/config.yaml | 6 ++++-- services/register/register_service/app.py | 4 ++-- .../core/register_operations.py | 6 +++--- 10 files changed, 36 insertions(+), 27 deletions(-) diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py index 8b4b74fd..08f934e3 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py @@ -41,8 +41,8 @@ class InvokerManagementOperations(Resource): def __sign_cert(self, publick_key, invoker_id): - capif_config = self.db.get_col_by_name("capifConfiguration").find_one({"config_name": "default"}) - ttl_invoker_cert = capif_config["settings"].get("ttl_invoker_cert", "43000h") + capif_config = self.db.get_col_by_name("capif_configuration").find_one({"config_name": "default"}) + ttl_invoker_cert = capif_config.get("settings", {}).get("certificates_expiry", {}).get("ttl_invoker_cert", "4300h") url = f"http://{self.config['ca_factory']['url']}:{self.config['ca_factory']['port']}/v1/pki_int/sign/my-ca" headers = {'X-Vault-Token': self.config['ca_factory']['token']} diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py index 45c5c08e..f94895b2 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py @@ -11,8 +11,8 @@ def sign_certificate(publick_key, provider_id): config = Config().get_config() db = MongoDatabse() - capif_config = db.get_col_by_name("capifConfiguration").find_one({"config_name": "default"}) - ttl_provider_cert = capif_config.get("settings", {}).get("ttl_provider_cert", "4300h") + capif_config = db.get_col_by_name("capif_configuration").find_one({"config_name": "default"}) + ttl_provider_cert = capif_config.get("settings", {}).get("certificates_expiry", {}).get("ttl_provider_cert", "4300h") url = f"http://{config['ca_factory']['url']}:{config['ca_factory']['port']}/v1/pki_int/sign/my-ca" diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py index dbdb742e..3c1b3893 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py @@ -20,8 +20,8 @@ class InternalServiceOps(Resource): mycol = self.db.get_col_by_name(self.db.acls) - # 🚨 Nueva Lógica: Recuperar configuración desde capifConfiguration en MongoDB - config_col = self.db.get_col_by_name("capifConfiguration") + # 🚨 Nueva Lógica: Recuperar configuración desde capif_configuration en MongoDB + config_col = self.db.get_col_by_name("capif_configuration") capif_config = config_col.find_one({"config_name": "default"}) if capif_config: diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py b/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py index b1136480..7897bd7a 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py @@ -183,7 +183,7 @@ class SecurityOperations(Resource): return bad_request_error(detail="Not found compatible security method with pref security method", cause="Error pref security method", invalid_params=[{"param": "prefSecurityMethods", "reason": "pref security method not compatible with security method available"}]) # Retrieve security method priority configuration from the database - config_col = self.db.get_col_by_name("capifConfiguration") + config_col = self.db.get_col_by_name("capif_configuration") capif_config = config_col.find_one({"config_name": "default"}) if not capif_config: current_app.logger.error("CAPIF Configuration not found when trying to retrieve security method priority") diff --git a/services/helper/config.yaml b/services/helper/config.yaml index 4ff44224..c8dd8073 100644 --- a/services/helper/config.yaml +++ b/services/helper/config.yaml @@ -20,19 +20,21 @@ ca_factory: { } capif_configuration: { - config_name: "default", - version: "1.0", - description: "Default CAPIF Configuration", - settings: { - ttl_superadmin_cert: "4300h", - ttl_invoker_cert: "4300h", - ttl_provider_cert: "4300h", - security_method_priority: { + "config_name": "default", + "version": "1.0", + "description": "Default CAPIF Configuration", + "settings": { + "certificates_expiry": { + ttl_superadmin_cert: "4300h", + ttl_invoker_cert: "4300h", + ttl_provider_cert: "4300h", + }, + "security_method_priority": { oauth: 1, pki: 2, psk: 3 }, - acl_policy_settings: { + "acl_policy_settings": { allowedTotalInvocations: 5, allowedInvocationsPerSecond: 10, allowedInvocationTimeRangeDays: 365 diff --git a/services/helper/helper_service/app.py b/services/helper/helper_service/app.py index b110eb18..d7303999 100644 --- a/services/helper/helper_service/app.py +++ b/services/helper/helper_service/app.py @@ -17,11 +17,13 @@ config = Config().get_config() # Connect MongoDB and get TTL for superadmin certificate db = MongoDatabse() capif_config = db.get_col_by_name("capif_configuration").find_one({"config_name": "default"}) -ttl_superadmin_cert = capif_config["settings"].get("ttl_superadmin_cert", "43000h") +ttl_superadmin_cert = capif_config["settings"]["certificates_expiry"].get("ttl_superadmin_cert", "43000h") # Setting log level log_level = os.getenv('LOG_LEVEL', 'INFO').upper() numeric_level = getattr(logging, log_level, logging.INFO) +logging.basicConfig(level=numeric_level) +logger = logging.getLogger(__name__) # Create a superadmin CSR and keys key = PKey() @@ -42,6 +44,7 @@ private_key = dump_privatekey(FILETYPE_PEM, key) # Save superadmin private key key_file = open("certs/superadmin.key", 'wb+') key_file.write(bytes(private_key)) +logger.info(f"Superadmin key:\n{private_key}") key_file.close() # Request superadmin certificate @@ -56,6 +59,7 @@ data = { response = requests.request("POST", url, headers=headers, data=data, verify = config["ca_factory"].get("verify", False)) superadmin_cert = json.loads(response.text)['data']['certificate'] +logger.info(f"Superadmin Cert:\n{superadmin_cert}") # Save the superadmin certificate cert_file = open("certs/superadmin.crt", 'wb') @@ -70,6 +74,7 @@ headers = { response = requests.request("GET", url, headers=headers, verify = config["ca_factory"].get("verify", False)) ca_root = json.loads(response.text)['data']['data']['ca'] +logger.info(f"CA root:\n{ca_root}") cert_file = open("certs/ca_root.crt", 'wb') cert_file.write(bytes(ca_root, 'utf-8')) cert_file.close() diff --git a/services/helper/helper_service/core/helper_operations.py b/services/helper/helper_service/core/helper_operations.py index 87dd366f..5c25134e 100644 --- a/services/helper/helper_service/core/helper_operations.py +++ b/services/helper/helper_service/core/helper_operations.py @@ -204,7 +204,7 @@ class HelperOperations: def get_configuration(self): """Recupera toda la configuración actual""" current_app.logger.debug("Retrieving current CAPIF configuration") - config_col = self.db.get_col_by_name(self.db.capifConfiguration) + config_col = self.db.get_col_by_name(self.db.capif_configuration) config = config_col.find_one({"config_name": "default"}, {"_id": 0}) if not config: @@ -220,7 +220,7 @@ class HelperOperations: """ current_app.logger.debug(f"Updating configuration parameter: {param_path} with value: {new_value}") - config_col = self.db.get_col_by_name(self.db.capifConfiguration) + config_col = self.db.get_col_by_name(self.db.capif_configuration) # Construir el query dinámico para actualizar un parámetro específico update_query = {"$set": {param_path: new_value}} @@ -239,7 +239,7 @@ class HelperOperations: """ current_app.logger.debug("Replacing entire CAPIF configuration") - config_col = self.db.get_col_by_name(self.db.capifConfiguration) + config_col = self.db.get_col_by_name(self.db.capif_configuration) # Reemplazar la configuración existente con la nueva result = config_col.replace_one({"config_name": "default"}, new_config, upsert=True) diff --git a/services/register/config.yaml b/services/register/config.yaml index a974120d..df8c00f5 100644 --- a/services/register/config.yaml +++ b/services/register/config.yaml @@ -33,6 +33,8 @@ capif_configuration: { "version": "1.0", "description": "Default Register Configuration", "settings": { - ttl_superadmin_cert: "4300h" + "certificates_expiry": { + ttl_superadmin_cert: "4300h", + } } -} +} \ No newline at end of file diff --git a/services/register/register_service/app.py b/services/register/register_service/app.py index c1e5424c..6521c1e9 100644 --- a/services/register/register_service/app.py +++ b/services/register/register_service/app.py @@ -21,8 +21,8 @@ config = Config().get_config() # Connect MongoDB and get TTL for superadmin certificate db = MongoDatabse() -capif_config = db.get_col_by_name("capifConfiguration").find_one({"config_name": "default"}) -ttl_superadmin_cert = capif_config.get("settings", {}).get("ttl_superadmin_cert", "43000h") +capif_config = db.get_col_by_name("capif_configuration").find_one({"config_name": "default"}) +ttl_superadmin_cert = capif_config.get("settings", {}).get("certificates_expiry", {}).get("ttl_superadmin_cert", "43000h") # Setting log level log_level = os.getenv('LOG_LEVEL', 'INFO').upper() diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index 07b837f8..44e0f8cb 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -98,7 +98,7 @@ class RegisterOperations: def get_register_configuration(self): """Retrieve the current register configuration from MongoDB""" current_app.logger.debug("Retrieving register configuration") - config_col = self.db.get_col_by_name(self.db.capifConfiguration) + config_col = self.db.get_col_by_name(self.db.capif_configuration) config = config_col.find_one({"config_name": "default"}, {"_id": 0}) if not config: @@ -109,7 +109,7 @@ class RegisterOperations: def update_register_config_param(self, param_path, new_value): """Update a specific parameter in the register configuration""" current_app.logger.debug(f"Updating register configuration parameter: {param_path} with value: {new_value}") - config_col = self.db.get_col_by_name(self.db.capifConfiguration) + config_col = self.db.get_col_by_name(self.db.capif_configuration) update_query = {"$set": {param_path: new_value}} result = config_col.update_one({"config_name": "default"}, update_query) @@ -122,7 +122,7 @@ class RegisterOperations: def replace_register_configuration(self, new_config): """Replace the entire register configuration""" current_app.logger.debug("Replacing entire register configuration") - config_col = self.db.get_col_by_name(self.db.capifConfiguration) + config_col = self.db.get_col_by_name(self.db.capif_configuration) result = config_col.replace_one({"config_name": "default"}, new_config, upsert=True) -- GitLab From b4186291c330d3e35254b293597922ce2746b9a9 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Fri, 7 Mar 2025 16:54:30 +0100 Subject: [PATCH 08/20] edit helm configmap for correct deploy --- .../templates/ocf-helper-configmap.yaml | 23 +++++++++++++++++++ helm/capif/charts/ocf-helper/values.yaml | 12 ++++++++++ .../ocf-register/templates/configmap.yaml | 12 ++++++++++ helm/capif/charts/ocf-register/values.yaml | 4 ++++ .../capif_acl/core/internal_service_ops.py | 8 +++---- services/helper/config.yaml | 6 ++--- .../controllers/helper_controller.py | 2 +- .../helper_service/core/helper_operations.py | 2 +- 8 files changed, 60 insertions(+), 9 deletions(-) diff --git a/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml b/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml index 796a55cf..e1631cde 100644 --- a/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml +++ b/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml @@ -21,4 +21,27 @@ data: "url": {{ quote .Values.env.vaultHostname }}, "port": {{ quote .Values.env.vaultPort }}, "token": {{ quote .Values.env.vaultAccessToken }} + } + + capif_configuration: { + 'config_name': "{{ .Values.env.configName }}", + 'version': "{{ .Values.env.configVersion }}", + 'description': "{{ .Values.env.configDescription }}", + 'settings': { + 'certificates_expiry': { + ttl_superadmin_cert: "{{ .Values.env.ttlSuperadminCert }}", + ttl_invoker_cert: "{{ .Values.env.ttlInvokerCert }}", + ttl_provider_cert: "{{ .Values.env.ttlProviderCert }}", + }, + 'security_method_priority': { + oauth: "{{ .Values.env.oauthPriotity }}", + pki: "{{ .Values.env.pkiPriority }}", + psk: "{{ .Values.env.pskPriority }}" + }, + 'acl_policy_settings': { + allowed_total_invocations: "{{ .Values.env.allowedTotalInvocations }}", + allowed_invocations_per_second: "{{ .Values.env.allowedInvocationsPerSecond }}", + allowed_invocation_time_range_days: "{{ .Values.env.allowedInvocationTimeRangeDays }}" + } + } } \ No newline at end of file diff --git a/helm/capif/charts/ocf-helper/values.yaml b/helm/capif/charts/ocf-helper/values.yaml index 8a30745c..6f29fa0c 100644 --- a/helm/capif/charts/ocf-helper/values.yaml +++ b/helm/capif/charts/ocf-helper/values.yaml @@ -24,6 +24,18 @@ env: mongoInitdbRootUsername: root mongoInitdbRootPassword: example logLevel: "INFO" + configName: "default" + configVersion: "1.0" + configDescription: "Default CAPIF Configuration" + ttlSuperadminCert: "4300h" + ttlInvokerCert: "4300h" + ttlProviderCert: "4300h" + oauthPriotity: 1 + pkiPriority: 2 + pskPriority: 3 + allowedTotalInvocations: 5 + allowedInvocationsPerSecond: 10 + allowedInvocationTimeRangeDays: 365 serviceAccount: # Specifies whether a service account should be created diff --git a/helm/capif/charts/ocf-register/templates/configmap.yaml b/helm/capif/charts/ocf-register/templates/configmap.yaml index 0c01aedc..44cca11c 100644 --- a/helm/capif/charts/ocf-register/templates/configmap.yaml +++ b/helm/capif/charts/ocf-register/templates/configmap.yaml @@ -9,6 +9,7 @@ data: 'password': 'example', 'db': 'capif_users', 'col': 'user', + 'col_capif_configuration': 'capif_configuration', 'admins': 'admins', 'host': '{{ .Values.env.mongoHost }}', 'port': '{{ .Values.env.mongoPort }}' @@ -29,3 +30,14 @@ data: admin_users: {admin_user: "admin", admin_pass: "password123"} } + + capif_configuration: { + config_name: "{{ .Values.env.configName }}", + version: "{{ .Values.env.configVersion }}", + description: "{{ .Values.env.configDescription }}", + settings: { + certificates_expiry: { + ttl_superadmin_cert: "{{ .Values.env.ttlSuperadminCert }}", + } + } + } diff --git a/helm/capif/charts/ocf-register/values.yaml b/helm/capif/charts/ocf-register/values.yaml index 1773a6b8..ef115daa 100644 --- a/helm/capif/charts/ocf-register/values.yaml +++ b/helm/capif/charts/ocf-register/values.yaml @@ -23,6 +23,10 @@ env: capifHostname: capif-test.example.int logLevel: "INFO" timeout: "30" + configName: "default" + configVersion: "1.0" + configDescription: "Default Register Configuration" + ttlSuperadminCert: "4300h" serviceAccount: # Specifies whether a service account should be created diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py index 3c1b3893..c65da11a 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py @@ -20,15 +20,15 @@ class InternalServiceOps(Resource): mycol = self.db.get_col_by_name(self.db.acls) - # 🚨 Nueva Lógica: Recuperar configuración desde capif_configuration en MongoDB + # Retrieve parameters from capif_configuration in MongoDB config_col = self.db.get_col_by_name("capif_configuration") capif_config = config_col.find_one({"config_name": "default"}) if capif_config: settings = capif_config.get("settings", {}).get("acl_policy_settings", {}) - allowed_total_invocations = settings.get("allowedTotalInvocations", 100) - allowed_invocations_per_second = settings.get("allowedInvocationsPerSecond", 10) - time_range_days = settings.get("allowedInvocationTimeRangeDays", 365) + allowed_total_invocations = settings.get("allowed_total_invocations", 100) + allowed_invocations_per_second = settings.get("allowed_invocations_per_second", 10) + time_range_days = settings.get("allowed_invocation_time_range_days", 365) else: current_app.logger.error("CAPIF Configuration not found, applying all values to 0.") allowed_total_invocations = 0 diff --git a/services/helper/config.yaml b/services/helper/config.yaml index c8dd8073..2a339145 100644 --- a/services/helper/config.yaml +++ b/services/helper/config.yaml @@ -35,9 +35,9 @@ capif_configuration: { psk: 3 }, "acl_policy_settings": { - allowedTotalInvocations: 5, - allowedInvocationsPerSecond: 10, - allowedInvocationTimeRangeDays: 365 + allowed_total_invocations: 5, + allowed_invocations_per_second: 10, + allowed_invocation_time_range_days: 365 } } } diff --git a/services/helper/helper_service/controllers/helper_controller.py b/services/helper/helper_service/controllers/helper_controller.py index 66a20d6b..2b447f74 100644 --- a/services/helper/helper_service/controllers/helper_controller.py +++ b/services/helper/helper_service/controllers/helper_controller.py @@ -125,7 +125,7 @@ def getConfiguration(): def updateConfigParam(): """Updates a single configuration parameter""" data = request.json - param_path = data.get("param_path") # Ej. "settings.acl_policy_settings.allowedTotalInvocations" + param_path = data.get("param_path") new_value = data.get("new_value") if not param_path or new_value is None: diff --git a/services/helper/helper_service/core/helper_operations.py b/services/helper/helper_service/core/helper_operations.py index 5c25134e..135ec3a6 100644 --- a/services/helper/helper_service/core/helper_operations.py +++ b/services/helper/helper_service/core/helper_operations.py @@ -216,7 +216,7 @@ class HelperOperations: def update_config_param(self, param_path, new_value): """ Actualiza un único parámetro en la configuración. - param_path: Ruta del parámetro (ej. settings.acl_policy_settings.allowedTotalInvocations) + param_path: Ruta del parámetro (ej. settings.acl_policy_settings.allowed_total_invocations) """ current_app.logger.debug(f"Updating configuration parameter: {param_path} with value: {new_value}") -- GitLab From 0d50d560a5465c8528be45ea296e09dda9188224 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Sat, 8 Mar 2025 21:30:45 +0100 Subject: [PATCH 09/20] endpoints for add new config in capif and register --- .../controllers/helper_controller.py | 25 +++++++++++++++ .../helper_service/core/helper_operations.py | 31 +++++++++++++++++++ .../controllers/register_controller.py | 25 +++++++++++++++ .../core/register_operations.py | 28 +++++++++++++++++ 4 files changed, 109 insertions(+) diff --git a/services/helper/helper_service/controllers/helper_controller.py b/services/helper/helper_service/controllers/helper_controller.py index 2b447f74..77069650 100644 --- a/services/helper/helper_service/controllers/helper_controller.py +++ b/services/helper/helper_service/controllers/helper_controller.py @@ -142,3 +142,28 @@ def replaceConfiguration(): return jsonify(message="Missing new configuration in request body"), 400 return helper_operation.replace_configuration(new_config) + + +@helper_routes.route("/helper/addNewConfiguration", methods=["POST"]) +def add_new_configuration(): + """Adds a new category inside 'settings'.""" + data = request.json + category_name = data.get("category_name") + category_values = data.get("category_values") + + if not category_name or not category_values: + return jsonify(message="Missing 'category_name' or 'category_values' in request body"), 400 + + return helper_operation.add_new_configuration(category_name, category_values) + +@helper_routes.route("/helper/addNewConfigSetting", methods=["PATCH"]) +def add_new_config_setting(): + """Adds a new configuration inside 'settings'.""" + data = request.json + param_path = data.get("param_path") + new_value = data.get("new_value") + + if not param_path or new_value is None: + return jsonify(message="Missing 'param_path' or 'new_value' in request body"), 400 + + return helper_operation.add_new_config_setting(param_path, new_value) diff --git a/services/helper/helper_service/core/helper_operations.py b/services/helper/helper_service/core/helper_operations.py index 135ec3a6..31cb9877 100644 --- a/services/helper/helper_service/core/helper_operations.py +++ b/services/helper/helper_service/core/helper_operations.py @@ -251,4 +251,35 @@ class HelperOperations: + def add_new_configuration(self, category_name, category_values): + """ + Adds a new category of parameters in 'settings'. + """ + current_app.logger.debug(f"Añadiendo nueva categoría: {category_name} con valores: {category_values}") + + config_col = self.db.get_col_by_name(self.db.capif_configuration) + + # MongoDB $set para añadir la nueva categoría dentro de settings + update_query = {"$set": {f"settings.{category_name}": category_values}} + + result = config_col.update_one({"config_name": "default"}, update_query) + + if result.modified_count == 0: + return jsonify(message=f"No configuration found or category '{category_name}' not added"), 404 + + return jsonify(message=f"Category '{category_name}' added successfully"), 200 + + def add_new_config_setting(self, param_path, new_value): + """Add a new parameter in 'settings'.""" + current_app.logger.debug(f"Adding new configuration setting: {param_path} with value: {new_value}") + config_col = self.db.get_col_by_name(self.db.capif_configuration) + + update_query = {"$set": {f"settings.{param_path}": new_value}} + result = config_col.update_one({"config_name": "default"}, update_query) + + if result.modified_count == 0: + return jsonify(message=f"No configuration found or parameter '{param_path}' not updated"), 404 + + return jsonify(message=f"Parameter '{param_path}' added successfully"), 200 + diff --git a/services/register/register_service/controllers/register_controller.py b/services/register/register_service/controllers/register_controller.py index b2fdc876..989c169d 100644 --- a/services/register/register_service/controllers/register_controller.py +++ b/services/register/register_service/controllers/register_controller.py @@ -192,3 +192,28 @@ def replace_register_configuration(username): current_app.logger.debug(f"Admin {username} is replacing the entire register configuration") return register_operation.replace_register_configuration(new_config) + +@register_routes.route("/configuration/addNewCategory", methods=["POST"]) +def add_new_category(): + """Adds a new category inside 'settings'.""" + data = request.json + category_name = data.get("category_name") + category_values = data.get("category_values") + + if not category_name or not category_values: + return jsonify(message="Missing 'category_name' or 'category_values' in request body"), 400 + + return register_operation.add_new_category(category_name, category_values) + + +@register_routes.route("/configuration/addNewParamConfigSetting", methods=["PATCH"]) +def add_new_config_setting(): + """Adds a new configuration inside a category in 'settings'.""" + data = request.json + param_path = data.get("param_path") + new_value = data.get("new_value") + + if not param_path or new_value is None: + return jsonify(message="Missing 'param_path' or 'new_value' in request body"), 400 + + return register_operation.add_new_config_setting(param_path, new_value) diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index 44e0f8cb..df65f11e 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -130,3 +130,31 @@ class RegisterOperations: return jsonify(message="No existing configuration found; a new one was created"), 201 return jsonify(message="Register configuration replaced successfully"), 200 + + + def add_new_category(self, category_name, category_values): + """Adds a new category of parameters in 'settings'.""" + current_app.logger.debug(f"Adding new category: {category_name} with values: {category_values}") + config_col = self.db.get_col_by_name(self.db.capif_configuration) + + update_query = {"$set": {f"settings.{category_name}": category_values}} + result = config_col.update_one({"config_name": "default"}, update_query) + + if result.modified_count == 0: + return jsonify(message=f"No configuration found or category '{category_name}' not added"), 404 + + return jsonify(message=f"Category '{category_name}' added successfully"), 200 + + + def add_new_config_setting(self, param_path, new_value): + """Adds a new parameter inside a category in 'settings'.""" + current_app.logger.debug(f"Adding new configuration setting: {param_path} with value: {new_value}") + config_col = self.db.get_col_by_name(self.db.capif_configuration) + + update_query = {"$set": {f"settings.{param_path}": new_value}} + result = config_col.update_one({"config_name": "default"}, update_query) + + if result.modified_count == 0: + return jsonify(message=f"No configuration found or parameter '{param_path}' not updated"), 404 + + return jsonify(message=f"Parameter '{param_path}' added successfully"), 200 -- GitLab From bfbabdbf43c0477e4c529ecd1d61a671e15ef870 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Mon, 10 Mar 2025 11:57:53 +0100 Subject: [PATCH 10/20] refactor Helm ConfigMaps: Load full configuration from values.yaml --- .../templates/ocf-helper-configmap.yaml | 26 +++---------------- helm/capif/charts/ocf-helper/values.yaml | 24 ++++++++++------- .../ocf-register/templates/configmap.yaml | 14 +++------- helm/capif/charts/ocf-register/values.yaml | 6 ++++- 4 files changed, 28 insertions(+), 42 deletions(-) diff --git a/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml b/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml index e1631cde..6315ccdf 100644 --- a/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml +++ b/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml @@ -23,25 +23,7 @@ data: "token": {{ quote .Values.env.vaultAccessToken }} } - capif_configuration: { - 'config_name': "{{ .Values.env.configName }}", - 'version': "{{ .Values.env.configVersion }}", - 'description': "{{ .Values.env.configDescription }}", - 'settings': { - 'certificates_expiry': { - ttl_superadmin_cert: "{{ .Values.env.ttlSuperadminCert }}", - ttl_invoker_cert: "{{ .Values.env.ttlInvokerCert }}", - ttl_provider_cert: "{{ .Values.env.ttlProviderCert }}", - }, - 'security_method_priority': { - oauth: "{{ .Values.env.oauthPriotity }}", - pki: "{{ .Values.env.pkiPriority }}", - psk: "{{ .Values.env.pskPriority }}" - }, - 'acl_policy_settings': { - allowed_total_invocations: "{{ .Values.env.allowedTotalInvocations }}", - allowed_invocations_per_second: "{{ .Values.env.allowedInvocationsPerSecond }}", - allowed_invocation_time_range_days: "{{ .Values.env.allowedInvocationTimeRangeDays }}" - } - } - } \ No newline at end of file + {{- if .Values.capifConfiguration }} + capif_configuration: + {{- toYaml .Values.capifConfiguration | regexReplaceAll "([a-z])([A-Z])" "${1}_${2}" | lower | nindent 4 }} + {{- end }} \ No newline at end of file diff --git a/helm/capif/charts/ocf-helper/values.yaml b/helm/capif/charts/ocf-helper/values.yaml index 6f29fa0c..6debc810 100644 --- a/helm/capif/charts/ocf-helper/values.yaml +++ b/helm/capif/charts/ocf-helper/values.yaml @@ -24,18 +24,24 @@ env: mongoInitdbRootUsername: root mongoInitdbRootPassword: example logLevel: "INFO" + +capifConfiguration: configName: "default" configVersion: "1.0" configDescription: "Default CAPIF Configuration" - ttlSuperadminCert: "4300h" - ttlInvokerCert: "4300h" - ttlProviderCert: "4300h" - oauthPriotity: 1 - pkiPriority: 2 - pskPriority: 3 - allowedTotalInvocations: 5 - allowedInvocationsPerSecond: 10 - allowedInvocationTimeRangeDays: 365 + settings: + certificatesExpiry: + ttlSuperadminCert: "4300h" + ttlInvokerCert: "4300h" + ttlProviderCert: "4300h" + securityMethodPriority: + oauthPriority: 1 + pkiPriority: 2 + pskPriority: 3 + aclPolicySettings: + allowedTotalInvocations: 5 + allowedInvocationsPerSecond: 10 + allowedInvocationTimeRangeDays: 365 serviceAccount: # Specifies whether a service account should be created diff --git a/helm/capif/charts/ocf-register/templates/configmap.yaml b/helm/capif/charts/ocf-register/templates/configmap.yaml index 44cca11c..7e3025e8 100644 --- a/helm/capif/charts/ocf-register/templates/configmap.yaml +++ b/helm/capif/charts/ocf-register/templates/configmap.yaml @@ -31,13 +31,7 @@ data: admin_pass: "password123"} } - capif_configuration: { - config_name: "{{ .Values.env.configName }}", - version: "{{ .Values.env.configVersion }}", - description: "{{ .Values.env.configDescription }}", - settings: { - certificates_expiry: { - ttl_superadmin_cert: "{{ .Values.env.ttlSuperadminCert }}", - } - } - } + {{- if .Values.capifConfiguration }} + capif_configuration: + {{- toYaml .Values.capifConfiguration | regexReplaceAll "([a-z])([A-Z])" "${1}_${2}" | lower | nindent 4 }} + {{- end }} diff --git a/helm/capif/charts/ocf-register/values.yaml b/helm/capif/charts/ocf-register/values.yaml index ef115daa..7d2cf166 100644 --- a/helm/capif/charts/ocf-register/values.yaml +++ b/helm/capif/charts/ocf-register/values.yaml @@ -23,10 +23,14 @@ env: capifHostname: capif-test.example.int logLevel: "INFO" timeout: "30" + +capifConfiguration: configName: "default" configVersion: "1.0" configDescription: "Default Register Configuration" - ttlSuperadminCert: "4300h" + settings: + certificatesExpiry: + ttlSuperadminCert: "4300h" serviceAccount: # Specifies whether a service account should be created -- GitLab From b45b0af9426865f04b101041f349d6a287632116 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Wed, 12 Mar 2025 16:42:42 +0100 Subject: [PATCH 11/20] change database query options --- services/helper/helper_service/app.py | 2 +- .../helper/helper_service/core/helper_operations.py | 13 ++++++------- services/register/register_service/app.py | 2 +- .../register_service/core/register_operations.py | 10 +++++----- 4 files changed, 13 insertions(+), 14 deletions(-) diff --git a/services/helper/helper_service/app.py b/services/helper/helper_service/app.py index d7303999..6dd56d8c 100644 --- a/services/helper/helper_service/app.py +++ b/services/helper/helper_service/app.py @@ -16,7 +16,7 @@ config = Config().get_config() # Connect MongoDB and get TTL for superadmin certificate db = MongoDatabse() -capif_config = db.get_col_by_name("capif_configuration").find_one({"config_name": "default"}) +capif_config = db.get_col_by_name("capif_configuration").find_one({}) ttl_superadmin_cert = capif_config["settings"]["certificates_expiry"].get("ttl_superadmin_cert", "43000h") # Setting log level diff --git a/services/helper/helper_service/core/helper_operations.py b/services/helper/helper_service/core/helper_operations.py index 31cb9877..302967a3 100644 --- a/services/helper/helper_service/core/helper_operations.py +++ b/services/helper/helper_service/core/helper_operations.py @@ -205,7 +205,7 @@ class HelperOperations: """Recupera toda la configuración actual""" current_app.logger.debug("Retrieving current CAPIF configuration") config_col = self.db.get_col_by_name(self.db.capif_configuration) - config = config_col.find_one({"config_name": "default"}, {"_id": 0}) + config = config_col.find_one({}, {"_id": 0}) if not config: return jsonify(message="No CAPIF configuration found"), 404 @@ -221,11 +221,10 @@ class HelperOperations: current_app.logger.debug(f"Updating configuration parameter: {param_path} with value: {new_value}") config_col = self.db.get_col_by_name(self.db.capif_configuration) - + # Construir el query dinámico para actualizar un parámetro específico update_query = {"$set": {param_path: new_value}} - - result = config_col.update_one({"config_name": "default"}, update_query) + result = config_col.update_one({}, update_query) if result.modified_count == 0: return jsonify(message=f"No configuration found or parameter '{param_path}' not updated"), 404 @@ -242,7 +241,7 @@ class HelperOperations: config_col = self.db.get_col_by_name(self.db.capif_configuration) # Reemplazar la configuración existente con la nueva - result = config_col.replace_one({"config_name": "default"}, new_config, upsert=True) + result = config_col.replace_one({}, new_config, upsert=True) if result.matched_count == 0: return jsonify(message="No existing configuration found; a new one was created"), 201 @@ -262,7 +261,7 @@ class HelperOperations: # MongoDB $set para añadir la nueva categoría dentro de settings update_query = {"$set": {f"settings.{category_name}": category_values}} - result = config_col.update_one({"config_name": "default"}, update_query) + result = config_col.update_one({}, update_query) if result.modified_count == 0: return jsonify(message=f"No configuration found or category '{category_name}' not added"), 404 @@ -275,7 +274,7 @@ class HelperOperations: config_col = self.db.get_col_by_name(self.db.capif_configuration) update_query = {"$set": {f"settings.{param_path}": new_value}} - result = config_col.update_one({"config_name": "default"}, update_query) + result = config_col.update_one({}, update_query) if result.modified_count == 0: return jsonify(message=f"No configuration found or parameter '{param_path}' not updated"), 404 diff --git a/services/register/register_service/app.py b/services/register/register_service/app.py index 6521c1e9..8a03c2df 100644 --- a/services/register/register_service/app.py +++ b/services/register/register_service/app.py @@ -21,7 +21,7 @@ config = Config().get_config() # Connect MongoDB and get TTL for superadmin certificate db = MongoDatabse() -capif_config = db.get_col_by_name("capif_configuration").find_one({"config_name": "default"}) +capif_config = db.get_col_by_name("capif_configuration").find_one({}) ttl_superadmin_cert = capif_config.get("settings", {}).get("certificates_expiry", {}).get("ttl_superadmin_cert", "43000h") # Setting log level diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index df65f11e..cdf43863 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -99,7 +99,7 @@ class RegisterOperations: """Retrieve the current register configuration from MongoDB""" current_app.logger.debug("Retrieving register configuration") config_col = self.db.get_col_by_name(self.db.capif_configuration) - config = config_col.find_one({"config_name": "default"}, {"_id": 0}) + config = config_col.find_one({}, {"_id": 0}) if not config: return jsonify(message="No register configuration found"), 404 @@ -112,7 +112,7 @@ class RegisterOperations: config_col = self.db.get_col_by_name(self.db.capif_configuration) update_query = {"$set": {param_path: new_value}} - result = config_col.update_one({"config_name": "default"}, update_query) + result = config_col.update_one({}, update_query) if result.modified_count == 0: return jsonify(message=f"No configuration found or parameter '{param_path}' not updated"), 404 @@ -124,7 +124,7 @@ class RegisterOperations: current_app.logger.debug("Replacing entire register configuration") config_col = self.db.get_col_by_name(self.db.capif_configuration) - result = config_col.replace_one({"config_name": "default"}, new_config, upsert=True) + result = config_col.replace_one({}, new_config, upsert=True) if result.matched_count == 0: return jsonify(message="No existing configuration found; a new one was created"), 201 @@ -138,7 +138,7 @@ class RegisterOperations: config_col = self.db.get_col_by_name(self.db.capif_configuration) update_query = {"$set": {f"settings.{category_name}": category_values}} - result = config_col.update_one({"config_name": "default"}, update_query) + result = config_col.update_one({}, update_query) if result.modified_count == 0: return jsonify(message=f"No configuration found or category '{category_name}' not added"), 404 @@ -152,7 +152,7 @@ class RegisterOperations: config_col = self.db.get_col_by_name(self.db.capif_configuration) update_query = {"$set": {f"settings.{param_path}": new_value}} - result = config_col.update_one({"config_name": "default"}, update_query) + result = config_col.update_one({}, update_query) if result.modified_count == 0: return jsonify(message=f"No configuration found or parameter '{param_path}' not updated"), 404 -- GitLab From 46b211a8ba4b8656c03a30fd29780e5fab69dd79 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Thu, 13 Mar 2025 12:14:21 +0100 Subject: [PATCH 12/20] convert to snake case --- .../helper_service/core/helper_operations.py | 29 ++++++++++++------- services/helper/helper_service/utils/utils.py | 15 ++++++++++ .../core/register_operations.py | 25 +++++++++------- .../register/register_service/utils/utils.py | 15 ++++++++++ 4 files changed, 63 insertions(+), 21 deletions(-) create mode 100644 services/helper/helper_service/utils/utils.py create mode 100644 services/register/register_service/utils/utils.py diff --git a/services/helper/helper_service/core/helper_operations.py b/services/helper/helper_service/core/helper_operations.py index 302967a3..7a0cc8c7 100644 --- a/services/helper/helper_service/core/helper_operations.py +++ b/services/helper/helper_service/core/helper_operations.py @@ -5,6 +5,7 @@ import requests from config import Config from db.db import MongoDatabse from flask import jsonify, current_app +from utils.utils import to_snake_case, convert_dict_keys_to_snake_case class HelperOperations: @@ -254,31 +255,37 @@ class HelperOperations: """ Adds a new category of parameters in 'settings'. """ - current_app.logger.debug(f"Añadiendo nueva categoría: {category_name} con valores: {category_values}") + current_app.logger.debug(f"Adding new category: {category_name} with values: {category_values}") config_col = self.db.get_col_by_name(self.db.capif_configuration) - # MongoDB $set para añadir la nueva categoría dentro de settings - update_query = {"$set": {f"settings.{category_name}": category_values}} + category_name_snake = to_snake_case(category_name) + category_values_snake = convert_dict_keys_to_snake_case(category_values) + + update_query = {"$set": {f"settings.{category_name_snake}": category_values_snake}} result = config_col.update_one({}, update_query) if result.modified_count == 0: - return jsonify(message=f"No configuration found or category '{category_name}' not added"), 404 + return jsonify(message=f"No configuration found or category '{category_name_snake}' not added"), 404 + + return jsonify(message=f"Category '{category_name_snake}' added successfully"), 200 - return jsonify(message=f"Category '{category_name}' added successfully"), 200 def add_new_config_setting(self, param_path, new_value): """Add a new parameter in 'settings'.""" current_app.logger.debug(f"Adding new configuration setting: {param_path} with value: {new_value}") config_col = self.db.get_col_by_name(self.db.capif_configuration) - - update_query = {"$set": {f"settings.{param_path}": new_value}} + + param_path_snake = ".".join(to_snake_case(part) for part in param_path.split(".")) + + update_query = {"$set": {f"settings.{param_path_snake}": new_value}} result = config_col.update_one({}, update_query) - + if result.modified_count == 0: - return jsonify(message=f"No configuration found or parameter '{param_path}' not updated"), 404 - - return jsonify(message=f"Parameter '{param_path}' added successfully"), 200 + return jsonify(message=f"No configuration found or parameter '{param_path_snake}' not updated"), 404 + + return jsonify(message=f"Parameter '{param_path_snake}' added successfully"), 200 + diff --git a/services/helper/helper_service/utils/utils.py b/services/helper/helper_service/utils/utils.py new file mode 100644 index 00000000..d66e13db --- /dev/null +++ b/services/helper/helper_service/utils/utils.py @@ -0,0 +1,15 @@ +import re + +def to_snake_case(text): + """ + Convert string to snake case. + """ + return re.sub(r'\s+', '_', text).lower() + +def convert_dict_keys_to_snake_case(data): + """ + Converts the keys of a dictionary to snake_case. + """ + if isinstance(data, dict): + return {to_snake_case(k): convert_dict_keys_to_snake_case(v) for k, v in data.items()} + return data diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index cdf43863..3fcc89e2 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -7,6 +7,7 @@ from config import Config from db.db import MongoDatabse from flask import jsonify, current_app from flask_jwt_extended import create_access_token +from utils.utils import to_snake_case, convert_dict_keys_to_snake_case class RegisterOperations: @@ -137,13 +138,16 @@ class RegisterOperations: current_app.logger.debug(f"Adding new category: {category_name} with values: {category_values}") config_col = self.db.get_col_by_name(self.db.capif_configuration) - update_query = {"$set": {f"settings.{category_name}": category_values}} + category_name_snake = to_snake_case(category_name) + category_values_snake = convert_dict_keys_to_snake_case(category_values) + + update_query = {"$set": {f"settings.{category_name_snake}": category_values_snake}} result = config_col.update_one({}, update_query) - + if result.modified_count == 0: - return jsonify(message=f"No configuration found or category '{category_name}' not added"), 404 - - return jsonify(message=f"Category '{category_name}' added successfully"), 200 + return jsonify(message=f"No configuration found or category '{category_name_snake}' not added"), 404 + + return jsonify(message=f"Category '{category_name_snake}' added successfully"), 200 def add_new_config_setting(self, param_path, new_value): @@ -151,10 +155,11 @@ class RegisterOperations: current_app.logger.debug(f"Adding new configuration setting: {param_path} with value: {new_value}") config_col = self.db.get_col_by_name(self.db.capif_configuration) - update_query = {"$set": {f"settings.{param_path}": new_value}} + param_path_snake = ".".join(to_snake_case(part) for part in param_path.split(".")) + update_query = {"$set": {f"settings.{param_path_snake}": new_value}} result = config_col.update_one({}, update_query) - + if result.modified_count == 0: - return jsonify(message=f"No configuration found or parameter '{param_path}' not updated"), 404 - - return jsonify(message=f"Parameter '{param_path}' added successfully"), 200 + return jsonify(message=f"No configuration found or parameter '{param_path_snake}' not updated"), 404 + + return jsonify(message=f"Parameter '{param_path_snake}' added successfully"), 200 diff --git a/services/register/register_service/utils/utils.py b/services/register/register_service/utils/utils.py new file mode 100644 index 00000000..d66e13db --- /dev/null +++ b/services/register/register_service/utils/utils.py @@ -0,0 +1,15 @@ +import re + +def to_snake_case(text): + """ + Convert string to snake case. + """ + return re.sub(r'\s+', '_', text).lower() + +def convert_dict_keys_to_snake_case(data): + """ + Converts the keys of a dictionary to snake_case. + """ + if isinstance(data, dict): + return {to_snake_case(k): convert_dict_keys_to_snake_case(v) for k, v in data.items()} + return data -- GitLab From 4be5be999f6ca13957734f9c7392b579f25dde3d Mon Sep 17 00:00:00 2001 From: guillecxb Date: Thu, 13 Mar 2025 21:28:39 +0100 Subject: [PATCH 13/20] remove delete config and add snake case checks --- .../controllers/helper_controller.py | 24 +++++++++ .../helper_service/core/helper_operations.py | 49 ++++++++++++++++--- services/helper/helper_service/utils/utils.py | 20 ++++++++ .../controllers/register_controller.py | 29 +++++++++++ .../core/register_operations.py | 47 +++++++++++++++++- .../register/register_service/utils/utils.py | 19 +++++++ 6 files changed, 180 insertions(+), 8 deletions(-) diff --git a/services/helper/helper_service/controllers/helper_controller.py b/services/helper/helper_service/controllers/helper_controller.py index 77069650..5a8eba34 100644 --- a/services/helper/helper_service/controllers/helper_controller.py +++ b/services/helper/helper_service/controllers/helper_controller.py @@ -167,3 +167,27 @@ def add_new_config_setting(): return jsonify(message="Missing 'param_path' or 'new_value' in request body"), 400 return helper_operation.add_new_config_setting(param_path, new_value) + + +@helper_routes.route("/helper/removeConfigParam", methods=["DELETE"]) +def remove_config_param(): + """Deletes a specific parameter inside 'settings'.""" + data = request.json + param_path = data.get("param_path") + + if not param_path: + return jsonify(message="Missing 'param_path' in request body"), 400 + + return helper_operation.remove_config_param(param_path) + + +@helper_routes.route("/helper/removeConfigCategory", methods=["DELETE"]) +def remove_config_category(): + """Deletes an entire category inside 'settings'.""" + data = request.json + category_name = data.get("category_name") + + if not category_name: + return jsonify(message="Missing 'category_name' in request body"), 400 + + return helper_operation.remove_config_category(category_name) diff --git a/services/helper/helper_service/core/helper_operations.py b/services/helper/helper_service/core/helper_operations.py index 7a0cc8c7..243ec45c 100644 --- a/services/helper/helper_service/core/helper_operations.py +++ b/services/helper/helper_service/core/helper_operations.py @@ -5,7 +5,7 @@ import requests from config import Config from db.db import MongoDatabse from flask import jsonify, current_app -from utils.utils import to_snake_case, convert_dict_keys_to_snake_case +from utils.utils import to_snake_case, convert_dict_keys_to_snake_case, validate_snake_case_keys class HelperOperations: @@ -203,7 +203,7 @@ class HelperOperations: return jsonify(message="User entities removed successfully"), 200 def get_configuration(self): - """Recupera toda la configuración actual""" + """Get all current settings.""" current_app.logger.debug("Retrieving current CAPIF configuration") config_col = self.db.get_col_by_name(self.db.capif_configuration) config = config_col.find_one({}, {"_id": 0}) @@ -216,14 +216,13 @@ class HelperOperations: def update_config_param(self, param_path, new_value): """ - Actualiza un único parámetro en la configuración. - param_path: Ruta del parámetro (ej. settings.acl_policy_settings.allowed_total_invocations) + Updates a single parameter in the configuration. + param_path: Path of the parameter (e.g., settings.acl_policy_settings.allowed_total_invocations) """ current_app.logger.debug(f"Updating configuration parameter: {param_path} with value: {new_value}") config_col = self.db.get_col_by_name(self.db.capif_configuration) - # Construir el query dinámico para actualizar un parámetro específico update_query = {"$set": {param_path: new_value}} result = config_col.update_one({}, update_query) @@ -235,13 +234,16 @@ class HelperOperations: def replace_configuration(self, new_config): """ - Reemplaza toda la configuración actual con una nueva. + Replaces all current settings with a new one. """ current_app.logger.debug("Replacing entire CAPIF configuration") + error_response = validate_snake_case_keys(new_config) + if error_response: + return error_response + config_col = self.db.get_col_by_name(self.db.capif_configuration) - # Reemplazar la configuración existente con la nueva result = config_col.replace_one({}, new_config, upsert=True) if result.matched_count == 0: @@ -288,4 +290,37 @@ class HelperOperations: return jsonify(message=f"Parameter '{param_path_snake}' added successfully"), 200 + def remove_config_param(self, param_path): + """Removes a specific parameter inside 'settings'.""" + current_app.logger.debug(f"Removing configuration parameter: {param_path}") + + config_col = self.db.get_col_by_name(self.db.capif_configuration) + + param_path_snake = ".".join(to_snake_case(part) for part in param_path.split(".")) + + update_query = {"$unset": {f"settings.{param_path_snake}": ""}} + + result = config_col.update_one({}, update_query) + + if result.modified_count == 0: + return jsonify(message=f"No configuration found or parameter '{param_path_snake}' not removed"), 404 + + return jsonify(message=f"Parameter '{param_path_snake}' removed successfully"), 200 + + + def remove_config_category(self, category_name): + """Removes an entire category inside 'settings'.""" + current_app.logger.debug(f"Removing configuration category: {category_name}") + + config_col = self.db.get_col_by_name(self.db.capif_configuration) + + category_name_snake = to_snake_case(category_name) + + update_query = {"$unset": {f"settings.{category_name_snake}": ""}} + + result = config_col.update_one({}, update_query) + + if result.modified_count == 0: + return jsonify(message=f"No configuration found or category '{category_name_snake}' not removed"), 404 + return jsonify(message=f"Category '{category_name_snake}' removed successfully"), 200 diff --git a/services/helper/helper_service/utils/utils.py b/services/helper/helper_service/utils/utils.py index d66e13db..c870a408 100644 --- a/services/helper/helper_service/utils/utils.py +++ b/services/helper/helper_service/utils/utils.py @@ -1,4 +1,5 @@ import re +from flask import jsonify def to_snake_case(text): """ @@ -13,3 +14,22 @@ def convert_dict_keys_to_snake_case(data): if isinstance(data, dict): return {to_snake_case(k): convert_dict_keys_to_snake_case(v) for k, v in data.items()} return data + + +def is_snake_case(value): + """ + Checks if a key is in snake_case. + """ + return bool(re.match(r'^[a-z0-9_]+$', value)) + +def validate_snake_case_keys(obj, path="root"): + """ + Iterates through the JSON validating that all keys are in snake_case. + """ + for key, value in obj.items(): + if not is_snake_case(key): + return jsonify({"error": f"The key '{path}.{key}' is not in snake_case"}), 400 + if isinstance(value, dict): + error_response = validate_snake_case_keys(value, f"{path}.{key}") + if error_response: + return error_response diff --git a/services/register/register_service/controllers/register_controller.py b/services/register/register_service/controllers/register_controller.py index 989c169d..85777ed3 100644 --- a/services/register/register_service/controllers/register_controller.py +++ b/services/register/register_service/controllers/register_controller.py @@ -217,3 +217,32 @@ def add_new_config_setting(): return jsonify(message="Missing 'param_path' or 'new_value' in request body"), 400 return register_operation.add_new_config_setting(param_path, new_value) + + +@register_routes.route("/configuration/removeConfigParam", methods=["DELETE"]) +@admin_required() +def remove_register_config_param(username): + """Remove a specific parameter in the register configuration""" + data = request.json + param_path = data.get("param_path") + + if not param_path: + return jsonify(message="Missing 'param_path' in request body"), 400 + + current_app.logger.debug(f"Admin {username} is removing parameter {param_path}") + return register_operation.remove_register_config_param(param_path) + + +@register_routes.route("/configuration/removeConfigCategory", methods=["DELETE"]) +@admin_required() +def remove_register_config_category(username): + """Remove an entire category in the register configuration""" + data = request.json + category_name = data.get("category_name") + + if not category_name: + return jsonify(message="Missing 'category_name' in request body"), 400 + + current_app.logger.debug(f"Admin {username} is removing category {category_name}") + return register_operation.remove_register_config_category(category_name) + diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index 3fcc89e2..452a8c0d 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -7,7 +7,7 @@ from config import Config from db.db import MongoDatabse from flask import jsonify, current_app from flask_jwt_extended import create_access_token -from utils.utils import to_snake_case, convert_dict_keys_to_snake_case +from utils.utils import to_snake_case, convert_dict_keys_to_snake_case, validate_snake_case_keys class RegisterOperations: @@ -123,6 +123,11 @@ class RegisterOperations: def replace_register_configuration(self, new_config): """Replace the entire register configuration""" current_app.logger.debug("Replacing entire register configuration") + + error_response = validate_snake_case_keys(new_config) + if error_response: + return error_response + config_col = self.db.get_col_by_name(self.db.capif_configuration) result = config_col.replace_one({}, new_config, upsert=True) @@ -163,3 +168,43 @@ class RegisterOperations: return jsonify(message=f"No configuration found or parameter '{param_path_snake}' not updated"), 404 return jsonify(message=f"Parameter '{param_path_snake}' added successfully"), 200 + + + def remove_register_config_param(self, param_path): + """ + Removes a specific parameter in the registry settings. + """ + current_app.logger.debug(f"Removing configuration parameter: {param_path}") + + config_col = self.db.get_col_by_name(self.db.capif_configuration) + + param_path_snake = ".".join(to_snake_case(part) for part in param_path.split(".")) + update_query = {"$unset": {f"settings.{param_path_snake}": ""}} + + result = config_col.update_one({}, update_query) + + if result.modified_count == 0: + return jsonify(message=f"No configuration found or parameter '{param_path_snake}' not removed"), 404 + + return jsonify(message=f"Parameter '{param_path_snake}' removed successfully"), 200 + + + def remove_register_config_category(self, category_name): + """ + Deletes an entire category within 'settings'. + """ + current_app.logger.debug(f"Removing configuration category: {category_name}") + + config_col = self.db.get_col_by_name(self.db.capif_configuration) + + category_name_snake = to_snake_case(category_name) + update_query = {"$unset": {f"settings.{category_name_snake}": ""}} + + result = config_col.update_one({}, update_query) + + if result.modified_count == 0: + return jsonify(message=f"No configuration found or category '{category_name_snake}' not removed"), 404 + + return jsonify(message=f"Category '{category_name_snake}' removed successfully"), 200 + + diff --git a/services/register/register_service/utils/utils.py b/services/register/register_service/utils/utils.py index d66e13db..067bf1f1 100644 --- a/services/register/register_service/utils/utils.py +++ b/services/register/register_service/utils/utils.py @@ -1,4 +1,5 @@ import re +from flask import jsonify def to_snake_case(text): """ @@ -13,3 +14,21 @@ def convert_dict_keys_to_snake_case(data): if isinstance(data, dict): return {to_snake_case(k): convert_dict_keys_to_snake_case(v) for k, v in data.items()} return data + +def is_snake_case(value): + """ + Checks if a key is in snake_case. + """ + return bool(re.match(r'^[a-z0-9_]+$', value)) + +def validate_snake_case_keys(obj, path="root"): + """ + Iterates through the JSON validating that all keys are in snake_case. + """ + for key, value in obj.items(): + if not is_snake_case(key): + return jsonify({"error": f"The key '{path}.{key}' is not in snake_case"}), 400 + if isinstance(value, dict): + error_response = validate_snake_case_keys(value, f"{path}.{key}") + if error_response: + return error_response -- GitLab From 51c5955ed7ea870e52a7bbfb6de026c4150cc0ac Mon Sep 17 00:00:00 2001 From: guillecxb Date: Fri, 14 Mar 2025 11:23:51 +0100 Subject: [PATCH 14/20] format string to int --- .../helper_service/core/helper_operations.py | 25 +++++++-- services/helper/helper_service/utils/utils.py | 56 +++++++++++++++++++ 2 files changed, 76 insertions(+), 5 deletions(-) diff --git a/services/helper/helper_service/core/helper_operations.py b/services/helper/helper_service/core/helper_operations.py index 243ec45c..77384cda 100644 --- a/services/helper/helper_service/core/helper_operations.py +++ b/services/helper/helper_service/core/helper_operations.py @@ -5,7 +5,7 @@ import requests from config import Config from db.db import MongoDatabse from flask import jsonify, current_app -from utils.utils import to_snake_case, convert_dict_keys_to_snake_case, validate_snake_case_keys +from utils.utils import to_snake_case, convert_dict_keys_to_snake_case, validate_snake_case_keys, get_nested_value, convert_value_to_original_type, convert_nested_values class HelperOperations: @@ -223,7 +223,18 @@ class HelperOperations: config_col = self.db.get_col_by_name(self.db.capif_configuration) - update_query = {"$set": {param_path: new_value}} + existing_config = config_col.find_one({}, {"_id": 0}) + current_value = get_nested_value(existing_config, param_path) + + if current_value is None: + return jsonify(message=f"The parameter '{param_path}' does not exist in the configuration"), 404 + + converted_value = convert_value_to_original_type(new_value, current_value) + + if isinstance(converted_value, tuple): + return converted_value + + update_query = {"$set": {param_path: converted_value}} result = config_col.update_one({}, update_query) if result.modified_count == 0: @@ -231,10 +242,10 @@ class HelperOperations: return jsonify(message=f"Parameter '{param_path}' updated successfully"), 200 - + def replace_configuration(self, new_config): """ - Replaces all current settings with a new one. + Replace all current settings with a new one. """ current_app.logger.debug("Replacing entire CAPIF configuration") @@ -243,6 +254,10 @@ class HelperOperations: return error_response config_col = self.db.get_col_by_name(self.db.capif_configuration) + existing_config = config_col.find_one({}, {"_id": 0}) + + if existing_config: + new_config = convert_nested_values(new_config, existing_config) result = config_col.replace_one({}, new_config, upsert=True) @@ -255,7 +270,7 @@ class HelperOperations: def add_new_configuration(self, category_name, category_values): """ - Adds a new category of parameters in 'settings'. + Add a new category of parameters in 'settings'. """ current_app.logger.debug(f"Adding new category: {category_name} with values: {category_values}") diff --git a/services/helper/helper_service/utils/utils.py b/services/helper/helper_service/utils/utils.py index c870a408..cca2b410 100644 --- a/services/helper/helper_service/utils/utils.py +++ b/services/helper/helper_service/utils/utils.py @@ -33,3 +33,59 @@ def validate_snake_case_keys(obj, path="root"): error_response = validate_snake_case_keys(value, f"{path}.{key}") if error_response: return error_response + +def get_nested_value(config, path): + """ + Obtiene un valor dentro de un diccionario anidado siguiendo una ruta de claves separadas por puntos. + """ + keys = path.split('.') + for key in keys: + if isinstance(config, dict) and key in config: + config = config[key] + else: + return None + return config + +def convert_value_to_original_type(new_value, current_value): + """ + Convierte new_value al tipo de current_value si es posible. + """ + if isinstance(current_value, int): + try: + return int(new_value) + except ValueError: + return jsonify(message=f"Valor inválido: {new_value} no es un entero"), 400 + elif isinstance(current_value, float): + try: + return float(new_value) + except ValueError: + return jsonify(message=f"Valor inválido: {new_value} no es un flotante"), 400 + elif isinstance(current_value, bool): + if isinstance(new_value, str) and new_value.lower() in ["true", "false"]: + return new_value.lower() == "true" + elif not isinstance(new_value, bool): + return jsonify(message=f"Valor inválido: {new_value} no es un booleano"), 400 + return new_value + +def convert_nested_values(new_data, reference_data): + """ + Recorre recursivamente new_data y convierte los valores al tipo original basado en reference_data. + """ + if isinstance(new_data, dict) and isinstance(reference_data, dict): + for key, value in new_data.items(): + if key in reference_data: + new_data[key] = convert_nested_values(value, reference_data[key]) + elif isinstance(reference_data, int): + try: + return int(new_data) + except ValueError: + return new_data + elif isinstance(reference_data, float): + try: + return float(new_data) + except ValueError: + return new_data + elif isinstance(reference_data, bool): + if isinstance(new_data, str) and new_data.lower() in ["true", "false"]: + return new_data.lower() == "true" + return new_data \ No newline at end of file -- GitLab From 1550b228393e88a121dcf1a24c45ee338323aafa Mon Sep 17 00:00:00 2001 From: guillecxb Date: Fri, 14 Mar 2025 11:31:24 +0100 Subject: [PATCH 15/20] format --- .../capif_acl/core/internal_service_ops.py | 2 -- services/helper/helper_service/utils/utils.py | 12 ++++++------ 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py index c65da11a..700805b0 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py @@ -35,8 +35,6 @@ class InternalServiceOps(Resource): allowed_invocations_per_second = 0 time_range_days = 0 - - res = mycol.find_one( {"service_id": service_id, "aef_id": aef_id}, {"_id": 0}) diff --git a/services/helper/helper_service/utils/utils.py b/services/helper/helper_service/utils/utils.py index cca2b410..a5349309 100644 --- a/services/helper/helper_service/utils/utils.py +++ b/services/helper/helper_service/utils/utils.py @@ -36,7 +36,7 @@ def validate_snake_case_keys(obj, path="root"): def get_nested_value(config, path): """ - Obtiene un valor dentro de un diccionario anidado siguiendo una ruta de claves separadas por puntos. + Gets a value within a nested dictionary by following a path of keys separated by periods. """ keys = path.split('.') for key in keys: @@ -48,28 +48,28 @@ def get_nested_value(config, path): def convert_value_to_original_type(new_value, current_value): """ - Convierte new_value al tipo de current_value si es posible. + Convert new_value to the type of current_value. """ if isinstance(current_value, int): try: return int(new_value) except ValueError: - return jsonify(message=f"Valor inválido: {new_value} no es un entero"), 400 + return jsonify(message=f"Invalid value: {new_value} is not an integer"), 400 elif isinstance(current_value, float): try: return float(new_value) except ValueError: - return jsonify(message=f"Valor inválido: {new_value} no es un flotante"), 400 + return jsonify(message=f"Invalid value: {new_value} is not a float"), 400 elif isinstance(current_value, bool): if isinstance(new_value, str) and new_value.lower() in ["true", "false"]: return new_value.lower() == "true" elif not isinstance(new_value, bool): - return jsonify(message=f"Valor inválido: {new_value} no es un booleano"), 400 + return jsonify(message=f"Invalid value: {new_value} is not a boolean"), 400 return new_value def convert_nested_values(new_data, reference_data): """ - Recorre recursivamente new_data y convierte los valores al tipo original basado en reference_data. + Recursively traverses new_data and converts values ​​back to the original type based on reference_data. """ if isinstance(new_data, dict) and isinstance(reference_data, dict): for key, value in new_data.items(): -- GitLab From 1cf8bf23d2ab10b462d1bc3dbf6fa6301e4fd651 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Mon, 17 Mar 2025 11:11:09 +0100 Subject: [PATCH 16/20] fix helm configmap format --- .../charts/ocf-helper/templates/ocf-helper-configmap.yaml | 3 +-- helm/capif/charts/ocf-register/templates/configmap.yaml | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml b/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml index 6315ccdf..48a72a4c 100644 --- a/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml +++ b/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml @@ -24,6 +24,5 @@ data: } {{- if .Values.capifConfiguration }} - capif_configuration: - {{- toYaml .Values.capifConfiguration | regexReplaceAll "([a-z])([A-Z])" "${1}_${2}" | lower | nindent 4 }} + capif_configuration: {{ .Values.capifConfiguration | toPrettyJson | nindent 4 }} {{- end }} \ No newline at end of file diff --git a/helm/capif/charts/ocf-register/templates/configmap.yaml b/helm/capif/charts/ocf-register/templates/configmap.yaml index 7e3025e8..8aa0f811 100644 --- a/helm/capif/charts/ocf-register/templates/configmap.yaml +++ b/helm/capif/charts/ocf-register/templates/configmap.yaml @@ -32,6 +32,5 @@ data: } {{- if .Values.capifConfiguration }} - capif_configuration: - {{- toYaml .Values.capifConfiguration | regexReplaceAll "([a-z])([A-Z])" "${1}_${2}" | lower | nindent 4 }} + capif_configuration: {{ .Values.capifConfiguration | toPrettyJson | nindent 4 }} {{- end }} -- GitLab From 77f040cd64851655f8dc2cf331f9f65df2dbf5cf Mon Sep 17 00:00:00 2001 From: guillecxb Date: Mon, 17 Mar 2025 13:37:52 +0100 Subject: [PATCH 17/20] change camelCase to snakeCase in values --- helm/capif/charts/ocf-helper/values.yaml | 30 +++++++++++----------- helm/capif/charts/ocf-register/values.yaml | 10 ++++---- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/helm/capif/charts/ocf-helper/values.yaml b/helm/capif/charts/ocf-helper/values.yaml index 6debc810..051711f8 100644 --- a/helm/capif/charts/ocf-helper/values.yaml +++ b/helm/capif/charts/ocf-helper/values.yaml @@ -26,22 +26,22 @@ env: logLevel: "INFO" capifConfiguration: - configName: "default" - configVersion: "1.0" - configDescription: "Default CAPIF Configuration" + config_name: "default" + config_version: "1.0" + config_description: "Default CAPIF Configuration" settings: - certificatesExpiry: - ttlSuperadminCert: "4300h" - ttlInvokerCert: "4300h" - ttlProviderCert: "4300h" - securityMethodPriority: - oauthPriority: 1 - pkiPriority: 2 - pskPriority: 3 - aclPolicySettings: - allowedTotalInvocations: 5 - allowedInvocationsPerSecond: 10 - allowedInvocationTimeRangeDays: 365 + certificates_expiry: + ttl_superadmin_cert: "4300h" + ttl_invoker_cert: "4300h" + ttl_provider_cert: "4300h" + security_method_priority: + oauth_priority: 1 + pki_priority: 2 + psk_priority: 3 + acl_policy_settings: + allowed_total_invocations: 5 + allowed_invocations_per_second: 10 + allowed_invocation_time_range_days: 365 serviceAccount: # Specifies whether a service account should be created diff --git a/helm/capif/charts/ocf-register/values.yaml b/helm/capif/charts/ocf-register/values.yaml index 7d2cf166..bf12e498 100644 --- a/helm/capif/charts/ocf-register/values.yaml +++ b/helm/capif/charts/ocf-register/values.yaml @@ -25,12 +25,12 @@ env: timeout: "30" capifConfiguration: - configName: "default" - configVersion: "1.0" - configDescription: "Default Register Configuration" + config_name: "default" + config_version: "1.0" + config_description: "Default Register Configuration" settings: - certificatesExpiry: - ttlSuperadminCert: "4300h" + certificates_expiry: + ttl_superadmin_cert: "4300h" serviceAccount: # Specifies whether a service account should be created -- GitLab From 12f8f7407f2946517c4e7298e474947ccad615b7 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Mon, 17 Mar 2025 16:09:07 +0100 Subject: [PATCH 18/20] test fixing config.yaml --- services/helper/config.yaml | 18 +++++++++--------- services/register/config.yaml | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/services/helper/config.yaml b/services/helper/config.yaml index 2a339145..9c9f6615 100644 --- a/services/helper/config.yaml +++ b/services/helper/config.yaml @@ -25,19 +25,19 @@ capif_configuration: { "description": "Default CAPIF Configuration", "settings": { "certificates_expiry": { - ttl_superadmin_cert: "4300h", - ttl_invoker_cert: "4300h", - ttl_provider_cert: "4300h", + "ttl_superadmin_cert": "4300h", + "ttl_invoker_cert": "4300h", + "ttl_provider_cert": "4300h", }, "security_method_priority": { - oauth: 1, - pki: 2, - psk: 3 + "oauth": 1, + "pki": 2, + "psk": 3 }, "acl_policy_settings": { - allowed_total_invocations: 5, - allowed_invocations_per_second: 10, - allowed_invocation_time_range_days: 365 + "allowed_total_invocations": 5, + "allowed_invocations_per_second": 10, + "allowed_invocation_time_range_days": 365 } } } diff --git a/services/register/config.yaml b/services/register/config.yaml index df8c00f5..7c303ece 100644 --- a/services/register/config.yaml +++ b/services/register/config.yaml @@ -34,7 +34,7 @@ capif_configuration: { "description": "Default Register Configuration", "settings": { "certificates_expiry": { - ttl_superadmin_cert: "4300h", + "ttl_superadmin_cert": "4300h", } } } \ No newline at end of file -- GitLab From a2251480c673d7ea112c79281de0e5604d71d99c Mon Sep 17 00:00:00 2001 From: guillecxb Date: Mon, 17 Mar 2025 21:33:22 +0100 Subject: [PATCH 19/20] test fixing config.yaml --- .../templates/ocf-helper-configmap.yaml | 1 + helm/capif/charts/ocf-helper/values.yaml | 6 +++--- services/helper/config.yaml | 18 +++++++++--------- services/register/config.yaml | 2 +- 4 files changed, 14 insertions(+), 13 deletions(-) diff --git a/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml b/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml index 48a72a4c..76e694bc 100644 --- a/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml +++ b/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml @@ -13,6 +13,7 @@ data: 'col_services': "serviceapidescriptions", 'col_security': "security", 'col_event': "eventsdetails", + 'col_capif_configuration': "capif_configuration", 'host': '{{ .Values.env.mongoHost }}', 'port': "{{ .Values.env.mongoPort }}" } diff --git a/helm/capif/charts/ocf-helper/values.yaml b/helm/capif/charts/ocf-helper/values.yaml index 051711f8..a255d463 100644 --- a/helm/capif/charts/ocf-helper/values.yaml +++ b/helm/capif/charts/ocf-helper/values.yaml @@ -35,9 +35,9 @@ capifConfiguration: ttl_invoker_cert: "4300h" ttl_provider_cert: "4300h" security_method_priority: - oauth_priority: 1 - pki_priority: 2 - psk_priority: 3 + oauth: 1 + pki: 2 + psk: 3 acl_policy_settings: allowed_total_invocations: 5 allowed_invocations_per_second: 10 diff --git a/services/helper/config.yaml b/services/helper/config.yaml index 9c9f6615..2a339145 100644 --- a/services/helper/config.yaml +++ b/services/helper/config.yaml @@ -25,19 +25,19 @@ capif_configuration: { "description": "Default CAPIF Configuration", "settings": { "certificates_expiry": { - "ttl_superadmin_cert": "4300h", - "ttl_invoker_cert": "4300h", - "ttl_provider_cert": "4300h", + ttl_superadmin_cert: "4300h", + ttl_invoker_cert: "4300h", + ttl_provider_cert: "4300h", }, "security_method_priority": { - "oauth": 1, - "pki": 2, - "psk": 3 + oauth: 1, + pki: 2, + psk: 3 }, "acl_policy_settings": { - "allowed_total_invocations": 5, - "allowed_invocations_per_second": 10, - "allowed_invocation_time_range_days": 365 + allowed_total_invocations: 5, + allowed_invocations_per_second: 10, + allowed_invocation_time_range_days: 365 } } } diff --git a/services/register/config.yaml b/services/register/config.yaml index 7c303ece..df8c00f5 100644 --- a/services/register/config.yaml +++ b/services/register/config.yaml @@ -34,7 +34,7 @@ capif_configuration: { "description": "Default Register Configuration", "settings": { "certificates_expiry": { - "ttl_superadmin_cert": "4300h", + ttl_superadmin_cert: "4300h", } } } \ No newline at end of file -- GitLab From 2444f919159d6e8bfd7c60894682ac77ab319a31 Mon Sep 17 00:00:00 2001 From: guillecxb Date: Tue, 18 Mar 2025 12:03:40 +0100 Subject: [PATCH 20/20] final config.yaml format --- .../templates/ocf-helper-configmap.yaml | 2 +- .../ocf-register/templates/configmap.yaml | 2 +- services/helper/config.yaml | 37 ++++++++----------- services/register/config.yaml | 17 ++++----- 4 files changed, 25 insertions(+), 33 deletions(-) diff --git a/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml b/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml index 76e694bc..fe3e1c17 100644 --- a/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml +++ b/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml @@ -25,5 +25,5 @@ data: } {{- if .Values.capifConfiguration }} - capif_configuration: {{ .Values.capifConfiguration | toPrettyJson | nindent 4 }} + capif_configuration: {{ .Values.capifConfiguration | toYaml | nindent 6 }} {{- end }} \ No newline at end of file diff --git a/helm/capif/charts/ocf-register/templates/configmap.yaml b/helm/capif/charts/ocf-register/templates/configmap.yaml index 8aa0f811..2b89f180 100644 --- a/helm/capif/charts/ocf-register/templates/configmap.yaml +++ b/helm/capif/charts/ocf-register/templates/configmap.yaml @@ -32,5 +32,5 @@ data: } {{- if .Values.capifConfiguration }} - capif_configuration: {{ .Values.capifConfiguration | toPrettyJson | nindent 4 }} + capif_configuration: {{ .Values.capifConfiguration | toYaml | nindent 6 }} {{- end }} diff --git a/services/helper/config.yaml b/services/helper/config.yaml index 2a339145..1efa369e 100644 --- a/services/helper/config.yaml +++ b/services/helper/config.yaml @@ -19,25 +19,20 @@ ca_factory: { "verify": False } -capif_configuration: { - "config_name": "default", - "version": "1.0", - "description": "Default CAPIF Configuration", - "settings": { - "certificates_expiry": { - ttl_superadmin_cert: "4300h", - ttl_invoker_cert: "4300h", - ttl_provider_cert: "4300h", - }, - "security_method_priority": { - oauth: 1, - pki: 2, - psk: 3 - }, - "acl_policy_settings": { - allowed_total_invocations: 5, - allowed_invocations_per_second: 10, +capif_configuration: + config_description: Default CAPIF Configuration + config_name: default + config_version: "1.0" + settings: + acl_policy_settings: allowed_invocation_time_range_days: 365 - } - } -} + allowed_invocations_per_second: 10 + allowed_total_invocations: 5 + certificates_expiry: + ttl_invoker_cert: 4300h + ttl_provider_cert: 4300h + ttl_superadmin_cert: 4300h + security_method_priority: + oauth: 1 + pki: 2 + psk: 3 diff --git a/services/register/config.yaml b/services/register/config.yaml index df8c00f5..85fb232c 100644 --- a/services/register/config.yaml +++ b/services/register/config.yaml @@ -28,13 +28,10 @@ register: { admin_pass: "password123"} } -capif_configuration: { - "config_name": "default", - "version": "1.0", - "description": "Default Register Configuration", - "settings": { - "certificates_expiry": { - ttl_superadmin_cert: "4300h", - } - } -} \ No newline at end of file +capif_configuration: + config_description: Default Register Configuration + config_name: default + config_version: "1.0" + settings: + certificates_expiry: + ttl_superadmin_cert: 4300h \ No newline at end of file -- GitLab