Feature: Add serviceList and oauth required config

free5gc · Nov 8, 2023 · 4f04786 · 4f04786
1 parent 404a5e4
commit 4f04786
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 81 deletions.
diff --git a/internal/context/context.go b/internal/context/context.go
@@ -123,11 +123,11 @@ func InitUdmContext(context *UDMContext) {
 		}
 	}
 	udmContext.NrfUri = configuration.NrfUri
-	servingNameList := configuration.ServiceNameList
+	serviceList := configuration.ServiceList
 
 	udmContext.SuciProfiles = configuration.SuciProfiles
 
-	udmContext.InitNFService(servingNameList, config.Info.Version)
+	udmContext.InitNFService(serviceList, config.Info.Version)
 }
 
 func (context *UDMContext) ManageSmData(smDatafromUDR []models.SessionManagementSubscriptionData, snssaiFromReq string,
@@ -452,11 +452,12 @@ func (context *UDMContext) GetSDMUri() string {
 	return context.GetIPv4Uri() + factory.UdmSdmResUriPrefix
 }
 
-func (context *UDMContext) InitNFService(serviceName []string, version string) {
+func (context *UDMContext) InitNFService(serviceList []factory.ServiceList, version string) {
 	tmpVersion := strings.Split(version, ".")
 	versionUri := "v" + tmpVersion[0]
-	for index, nameString := range serviceName {
-		name := models.ServiceName(nameString)
+	for index, service := range serviceList {
+		name := models.ServiceName(service.ServiceName)
+		allowNfTypes := make([]models.NfType, len(service.AllowedNfTypes))
 		context.NfService[name] = models.NfService{
 			ServiceInstanceId: strconv.Itoa(index),
 			ServiceName:       name,
@@ -476,6 +477,9 @@ func (context *UDMContext) InitNFService(serviceName []string, version string) {
 					Port:        int32(context.SBIPort),
 				},
 			},
+			// TODO
+			// Not yet implement the verification of allowNfTypes using this parameters
+			AllowedNfTypes: allowNfTypes,
 		}
 	}
 }

diff --git a/internal/sbi/consumer/nf_accesstoken.go b/internal/sbi/consumer/nf_accesstoken.go
@@ -2,24 +2,20 @@ package consumer
 
 import (
 	"context"
-	"time"
 
 	udm_context "github.com/free5gc/udm/internal/context"
 
-	"github.com/free5gc/udm/internal/logger"
 	"github.com/free5gc/udm/pkg/factory"
 
 	"github.com/free5gc/openapi"
-	"github.com/free5gc/openapi/Nnrf_AccessToken"
+	"github.com/free5gc/openapi/Send_util"
 	"github.com/free5gc/openapi/models"
-
-	"github.com/antihax/optional"
-	"golang.org/x/oauth2"
 )
 
 func GetTokenCtx(scope, targetNF string) (context.Context, *models.ProblemDetails, error) {
 	if factory.UdmConfig.GetOAuth() {
-		tok, pd, err := sendAccTokenReq(scope, targetNF)
+		udmSelf := udm_context.Getself()
+		tok, pd, err := Send_util.SendAccTokenReq(udmSelf.NfId, models.NfType_UDM, scope, targetNF, udmSelf.NrfUri)
 		if err != nil {
 			return nil, pd, err
 		}
@@ -28,61 +24,3 @@ func GetTokenCtx(scope, targetNF string) (context.Context, *models.ProblemDetail
 	}
 	return context.TODO(), nil, nil
 }
-
-func sendAccTokenReq(scope, targetNF string) (oauth2.TokenSource, *models.ProblemDetails, error) {
-	logger.ConsumerLog.Infof("Send Access Token Request")
-	var client *Nnrf_AccessToken.APIClient
-	udmSelf := udm_context.Getself()
-	// Set client and set url
-	configuration := Nnrf_AccessToken.NewConfiguration()
-	configuration.SetBasePath(udmSelf.NrfUri)
-	if val, ok := udmSelf.ClientMap.Load(configuration); ok {
-		client = val.(*Nnrf_AccessToken.APIClient)
-	} else {
-		client = Nnrf_AccessToken.NewAPIClient(configuration)
-		udmSelf.ClientMap.Store(configuration, client)
-	}
-
-	var tok models.AccessTokenRsp
-
-	if val, ok := udmSelf.TokenMap.Load(scope); ok {
-		tok = val.(models.AccessTokenRsp)
-		if int32(time.Now().Unix()) < tok.ExpiresIn {
-			logger.ConsumerLog.Infof("Token is not expired")
-			token := &oauth2.Token{
-				AccessToken: tok.AccessToken,
-				TokenType:   tok.TokenType,
-				Expiry:      time.Unix(int64(tok.ExpiresIn), 0),
-			}
-			return oauth2.StaticTokenSource(token), nil, nil
-		}
-	}
-
-	tok, res, err := client.AccessTokenRequestApi.AccessTokenRequest(context.Background(), "client_credentials",
-		udmSelf.NfId, scope, &Nnrf_AccessToken.AccessTokenRequestParamOpts{
-			NfType:       optional.NewInterface(models.NfType_UDM),
-			TargetNfType: optional.NewInterface(targetNF),
-		})
-	if err == nil {
-		udmSelf.TokenMap.Store(scope, tok)
-		token := &oauth2.Token{
-			AccessToken: tok.AccessToken,
-			TokenType:   tok.TokenType,
-			Expiry:      time.Unix(int64(tok.ExpiresIn), 0),
-		}
-		return oauth2.StaticTokenSource(token), nil, err
-	} else if res != nil {
-		defer func() {
-			if resCloseErr := res.Body.Close(); resCloseErr != nil {
-				logger.ConsumerLog.Errorf("AccessTokenRequestApi response body cannot close: %+v", resCloseErr)
-			}
-		}()
-		if res.Status != err.Error() {
-			return nil, nil, err
-		}
-		problem := err.(openapi.GenericOpenAPIError).Model().(models.ProblemDetails)
-		return nil, &problem, err
-	} else {
-		return nil, nil, openapi.ReportError("server no response")
-	}
-}
diff --git a/internal/sbi/consumer/nf_management.go b/internal/sbi/consumer/nf_management.go
@@ -96,7 +96,7 @@ func SendDeregisterNFInstance() (problemDetails *models.ProblemDetails, err erro
 
 	res, err = client.NFInstanceIDDocumentApi.DeregisterNFInstance(ctx, udmSelf.NfId)
 	if err == nil {
-		return
+		return nil, nil
 	} else if res != nil {
 		defer func() {
 			if rspCloseErr := res.Body.Close(); rspCloseErr != nil {
@@ -105,12 +105,12 @@ func SendDeregisterNFInstance() (problemDetails *models.ProblemDetails, err erro
 		}()
 
 		if res.Status != err.Error() {
-			return
+			return nil, nil
 		}
 		problem := err.(openapi.GenericOpenAPIError).Model().(models.ProblemDetails)
 		problemDetails = &problem
 	} else {
 		err = openapi.ReportError("server no response")
 	}
-	return
+	return problemDetails, nil
 }
diff --git a/internal/util/init_context.go b/internal/util/init_context.go
@@ -43,9 +43,9 @@ func InitUDMContext(udmContext *context.UDMContext) {
 		}
 	}
 	udmContext.NrfUri = configuration.NrfUri
-	servingNameList := configuration.ServiceNameList
+	serviceList := configuration.ServiceList
 
 	udmContext.SuciProfiles = configuration.SuciProfiles
 
-	udmContext.InitNFService(servingNameList, config.Info.Version)
+	udmContext.InitNFService(serviceList, config.Info.Version)
 }
diff --git a/pkg/factory/config.go b/pkg/factory/config.go
@@ -58,11 +58,17 @@ type Info struct {
 	Description string `yaml:"description,omitempty" valid:"type(string)"`
 }
 
+type ServiceList struct {
+	ServiceName    string   `yaml:"serviceName" valid:"required"`
+	AllowedNfTypes []string `yaml:"allowedNfTypes,omitempty" valid:"required"`
+}
+
 type Configuration struct {
-	Sbi             *Sbi               `yaml:"sbi,omitempty"  valid:"required"`
-	ServiceNameList []string           `yaml:"serviceNameList,omitempty"  valid:"required"`
-	NrfUri          string             `yaml:"nrfUri,omitempty"  valid:"required, url"`
-	SuciProfiles    []suci.SuciProfile `yaml:"SuciProfile,omitempty"`
+	Sbi            *Sbi               `yaml:"sbi,omitempty"  valid:"required"`
+	ServiceList    []ServiceList      `yaml:"serviceList" valid:"required"`
+	NrfUri         string             `yaml:"nrfUri,omitempty"  valid:"required, url"`
+	NrfCertPemPath string             `yaml:"nrfCertPemPath" valid:"required"`
+	SuciProfiles   []suci.SuciProfile `yaml:"SuciProfile,omitempty"`
 }
 type Logger struct {
 	Enable       bool   `yaml:"enable" valid:"type(bool)"`
@@ -77,9 +83,10 @@ func (c *Configuration) validate() (bool, error) {
 		}
 	}
 
-	if c.ServiceNameList != nil {
+	if c.ServiceList != nil {
 		var errs govalidator.Errors
-		for _, v := range c.ServiceNameList {
+		for _, service := range c.ServiceList {
+			v := service.ServiceName
 			if v != "nudm-sdm" && v != "nudm-uecm" && v != "nudm-ueau" && v != "nudm-ee" && v != "nudm-pp" {
 				err := fmt.Errorf("Invalid ServiceNameList: [%s],"+
 					" value should be nudm-sdm or nudm-uecm or nudm-ueau or nudm-ee or nudm-pp", v)
@@ -122,6 +129,37 @@ func (c *Configuration) validate() (bool, error) {
 	return result, err
 }
 
+func (c *Config) VerifyServiceAllowType(nfTypeName string, serviceName string) error {
+	c.RLock()
+	defer c.RUnlock()
+
+	serviceFound := false
+	for _, service := range c.Configuration.ServiceList {
+		if service.ServiceName == serviceName {
+			serviceFound = true
+			for _, allowNf := range service.AllowedNfTypes {
+				if nfTypeName == "All" {
+					return nil
+				}
+				if nfTypeName == allowNf {
+					return nil
+				}
+			}
+			break
+		}
+	}
+	if serviceFound {
+		return fmt.Errorf("Not allow NF Type: %+v", nfTypeName)
+	}
+	return fmt.Errorf("ServiceName not found: %+v", serviceName)
+}
+
+func (c *Config) GetNrfCertPemPath() string {
+	c.RLock()
+	defer c.RUnlock()
+	return c.Configuration.NrfCertPemPath
+}
+
 type Sbi struct {
 	Scheme       string `yaml:"scheme" valid:"scheme"`
 	RegisterIPv4 string `yaml:"registerIPv4,omitempty" valid:"host,required"` // IP that is registered at NRF.