Feature/gh actions test inclussion

.github/workflows/container_creation.yml

@@ -1,6 +1,6 @@
 # This is a basic workflow to help you get started with Actions
 
-name: PEP Engine BB Workflow
+name: PEP Container Creation
 
 # Controls when the action will run. 
 on: push
@@ -27,14 +27,14 @@ jobs:
         with:
           python-version: 3.6.9
       # Runs a set of commands using the runners shell
-      - name: Testing
-        run: |
-          sudo apt-get install jq python3-venv
-          pip install -r ./src/requirements.txt
+      # - name: Testing
+      #   run: |
+      #     sudo apt-get install jq python3-venv
+      #     pip install -r ./src/requirements.txt
       #   python3 ./src/main.py
       # Uncomment below if wanted Dockerhub Publication
-      # - name: Container Creation and Publishing
-      #   run: ./gh_actions/containerCreation.sh um-pep-engine
+      - name: Container Creation
+        run: ./gh_actions/containerCreation.sh um-pep-engine
       # - name: Smoke and Acceptance Test
       #   run: ./gh_actions/acceptanceTest.sh um-pep-engine 8080 7000
       # - name: Release Container

.github/workflows/documentation.yml

@@ -1,6 +1,6 @@
 # This is a basic workflow to help you get started with Actions
 
-name: PDP Engine Documentation
+name: PEP Engine Documentation
 
 # Controls when the action will run. 
 on: push

.github/workflows/main.yml

@@ -1,6 +1,6 @@
 # This is a basic workflow to help you get started with Actions
 
-name: CI
+name: Sonar Scanner
 
 # Controls when the action will run. 
 on:

.github/workflows/test.yml

@@ -1,6 +1,6 @@
 # This is a basic workflow to help you get started with Actions
 
-name: PDP Engine Test Workflow
+name: PEP Engine Test Workflow
 
 # Controls when the action will run. 
 on: push
@@ -32,12 +32,16 @@ jobs:
       - name: Create python env
         run: python3 -m venv env
       - name: Activate environment
+        run: source env/bin/activate
+      - name: Install requirements
+        run: pip3 install -r src/requirements.txt
+      - name: Run mongo container
+        run: sudo docker run -p 27017:27017 -d mongo
+      - name: Run main
         run: |
-          source env/bin/activate
-          pip install -r src/requirements.txt
-      # - name: Run main
-      #   run: python src/main.py
-      # - name: Run tests Database
-      #   run: python tests/test_database.py
-      # - name: Run tests PDP
-      #   run: python tests/um_pdp_test.py
+            nohup python3 src/main.py &
+            sleep 1
+      - name: Run tests Database
+        run: python tests/testMongo.py
+      # - name: Run tests PEP
+      #   run: python tests/testPEPResources.py

gh_actions/containerCreation.sh

@@ -13,7 +13,7 @@ buildTag=travis_$TRAVIS_BUILD_NUMBER # We use a temporary build number for taggi
 docker build -t eoepca/$1 .
 docker tag eoepca/$1 eoepca/$1:$buildTag
 
-echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+# echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
 
-docker push eoepca/$1:$buildTag   # defaults to docker hub EOEPCA repo
+# docker push eoepca/$1:$buildTag   # defaults to docker hub EOEPCA repo
 

src/blueprints/resources.py

@@ -19,6 +19,8 @@ def get_resource_list():
         logger.debug("Retrieving all registered resources...")
         #gets all resources registered on local DB
         custom_mongo = Mongo_Handler("resource_db", "resources")
+
+        logger.info("==========No entiendo==========")
         resources = custom_mongo.get_all_resources()
 
         rpt = request.headers.get('Authorization')
@@ -28,6 +30,7 @@ def get_resource_list():
         uid = None
         try:
             head_protected = str(request.headers)
+
             headers_protected = head_protected.split()
             uid = oidc_client.verify_uid_headers(headers_protected, "sub")
             if "NO TOKEN FOUND" in uid:
@@ -42,6 +45,9 @@ def get_resource_list():
             response.headers["Error"] = str(e)
             activity = {"Description":"No token found/error reading token: "+str(e)}
             logger.info(log_handler.format_message(subcomponent="RESOURCES",action_id="HTTP",action_type=request.method,log_code=2001,activity=activity))
+
+            activity = {"Error While passing the token: "+str(uid)}
+            logger.info(log_handler.format_message(subcomponent="RESOURCES",action_id="HTTP",action_type=request.method,log_code=2001,activity=activity))
             return response
 
         if not uid:
@@ -80,14 +86,20 @@ def get_resource_list():
     def resource_creation():
         logger.debug("Processing " + request.method + " resource request...")
         response = Response()
+
+        logger.info("==========No entiendo==========")
+
         uid = None
         #Inspect JWT token (UMA) or query OIDC userinfo endpoint (OAuth) for user id
         try:
             head_protected = str(request.headers)
+            logger.info("==========1  "+ head_protected+"==========")
             headers_protected = head_protected.split()
-            logger.debug(head_protected)
+            logger.info("==========2 "+ str(headers_protected)+" ==========")
+
             uid = oidc_client.verify_uid_headers(headers_protected, "sub")
-            logger.debug(uid)
+
+            logger.info("==========2  "+ uid+"==========")
             if "NO TOKEN FOUND" in uid:
                 response.status_code = 401
                 response.headers["Error"] = 'no token passed!'

src/config.py

@@ -121,7 +121,7 @@ def get_config(config_path: str):
         g_config["client_id"] = new_client["client_id"]
         g_config["client_secret"] = new_client["client_secret"]
         if use_env_var is False:
-            save_config("config/config.json", g_config)
+            save_config(config_path, g_config)
         else:
             os.environ["PEP_CLIENT_ID"] = new_client["client_id"]
             os.environ["PEP_CLIENT_SECRET"] = new_client["client_secret"]
@@ -139,11 +139,13 @@ def get_default_resources(path: str):
     Loads Charts configuration file in addition with the alredy existent on the source path
     """
     #Sets logger
+    dir_path = os.path.dirname(os.path.realpath(__file__))
+
     logger = logging.getLogger("PEP_ENGINE")
     g_config = {}    
     # Global config objects
     g_config = load_config(path)
-    l_config = load_config("config/default-resources.json")
+    l_config = load_config(dir_path+"/config/default-resources.json")
     for k in l_config['default_resources']:
         if not any(d['resource_uri'] == k['resource_uri'] for d in g_config['default_resources']):
             g_config['default_resources'].append(k)      

src/config/config.json

@@ -1 +1 @@
-{"realm": "eoepca", "auth_server_url": "https://test.eoepca.org", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false}
+{"realm": "eoepca", "auth_server_url": "https://test.185.52.193.87.nip.io/", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false, "default_resource_path": "config/default-resources.json", "client_id": "7a08eb39-5866-4a61-9f4e-a621a6e5bc33", "client_secret": "58fa394d-5bde-43e0-a1da-5dbfdd71f769"}

src/config/default-resources.json

@@ -1,3 +1,5 @@
 {
-  "default_resources": []
+  "default_resources": [
+    {"name": "Base Path", "description": "Base path for Open Access to PEP", "resource_uri": "/", "scopes": "public_access", "default_owner": "0000000000000"}
+  ]
 }

src/handlers/oidc_handler.py

@@ -7,6 +7,7 @@
 from handlers.uma_handler import UMA_Handler, resource
 from handlers.uma_handler import rpt as class_rpt
 from config import load_config
+import os, sys
 import logging
 import base64
 import json
@@ -50,6 +51,8 @@ def get_new_pat(self):
 
     def verify_JWT_token(self, token, key):
         try:
+
+            self.logger.info("pues JWT decoding")
             header = str(token).split(".")[0]
             paddedHeader = header + '=' * (4 - len(header) % 4)
             decodedHeader = base64.b64decode(paddedHeader)
@@ -64,12 +67,16 @@ def verify_JWT_token(self, token, key):
             decoded = decoded.decode('utf-8')
             decoded_str = json.loads(decoded)
 
+            self.logger.info("pues JWT decoding segundo check")
             if self.getVerificationConfig() == True:
+                self.logger.info("TRUE")
                 if decoded_str_header['kid'] != "RSA1":
+                    self.logger.info("TRUE2")
                     verificator = JWT_Verification()
                     result = verificator.verify_signature_JWT(token)
                 else:
                     #validate signature for rpt
+                    self.logger.info("FALSE 2")
                     rsajwk = RSAKey(kid="RSA1", key=import_rsa_key_from_file("config/public.pem"))
                     dict_rpt_values = JWS().verify_compact(token, keys=[rsajwk], sigalg="RS256")
 
@@ -83,7 +90,8 @@ def verify_JWT_token(self, token, key):
                     raise Exception
                 else:
                     self.logger.debug("Signature verification is correct!")
-
+
+            self.logger.info("FALSE")
             user_value = None
             if decoded_str.get(key):                   
                 user_value = decoded_str[key]
@@ -114,6 +122,8 @@ def verify_OAuth_token(self, token, key):
     def verify_uid_headers(self, headers_protected, key):
         value = None
         token_protected = None
+        self.logger.info("entiendo? creo? wth")
+
         #Retrieve the token from the headers
         for i in headers_protected:
             if 'Bearer' in str(i):
@@ -122,15 +132,21 @@ def verify_uid_headers(self, headers_protected, key):
         if token_protected:
             #Compares between JWT id_token and OAuth access token to retrieve the requested key-value
             if len(str(token_protected))>40:
+                self.logger.info(str(token_protected))
                 value=self.verify_JWT_token(token_protected, key)
             else:
+                self.logger.info("entiendo? creo? what the fuuuck locl")
                 value=self.verify_OAuth_token(token_protected, key)
 
             return value
         else:
             return 'NO TOKEN FOUND'
 
     def getVerificationConfig(self):
-        g_config = load_config("config/config.json")
+        self.logger.info("esto es el verify: ")
+
+        dir_path = os.path.dirname(os.path.realpath(__file__))
+        g_config = load_config(dir_path+"/../config/config.json")
 
+        self.logger.info("esto es el verify: "+ str(g_config['verify_signature']))
         return g_config['verify_signature']

src/main.py

@@ -32,15 +32,19 @@
 import logging
 from handlers.log_handler import LogHandler
 
+dir_path = os.path.dirname(os.path.realpath(__file__))
 log_handler = LogHandler
-log_handler.load_config("PEP", "./config/log_config.yaml")
+log_handler.load_config("PEP", dir_path+"/config/log_config.yaml")
 logger = logging.getLogger("PEP_ENGINE")
 
 logger.info("==========Starting load config==========")
 ### INITIAL SETUP
-g_config, g_wkh = get_config("config/config.json")
+print(dir_path+"/config/config.json")
+for x in os.listdir(dir_path+'/config/'):
+    print(x)
+g_config, g_wkh = get_config(dir_path+"/config/config.json")
 #Load HTTP verb mapping
-g_config = get_verb_config("config/verb_config.json", g_config)
+g_config = get_verb_config(dir_path+"/config/verb_config.json", g_config)
 
 oidc_client = OIDCHandler(g_wkh,
                             client_id = g_config["client_id"],
@@ -55,7 +59,7 @@
 #Default behavior is open_access
 #Creation of default resources
 try:
-    path = g_config["default_resource_path"]
+    path = dir_path+"/"+ g_config["default_resource_path"]
     kube_resources= get_default_resources(path)
     for k in kube_resources['default_resources']:
         id_res=""
@@ -82,11 +86,11 @@ def generateRSAKeyPair():
     private_key = _rsakey.exportKey()
     public_key = _rsakey.publickey().exportKey()
 
-    file_out = open("config/private.pem", "wb+")
+    file_out = open(dir_path+"/config/private.pem", "wb+")
     file_out.write(private_key)
     file_out.close()
 
-    file_out = open("config/public.pem", "wb+")
+    file_out = open(dir_path+"/config/public.pem", "wb+")
     file_out.write(public_key)
     file_out.close()
 
@@ -104,8 +108,8 @@ def generateRSAKeyPair():
 # SWAGGER initiation
 SWAGGER_URL = '/swagger-ui'  # URL for exposing Swagger UI (without trailing '/')
 API_URL = "" # Our local swagger resource for PEP. Not used here as 'spec' parameter is used in config
-SWAGGER_SPEC_PROXY = json.load(open("./static/swagger_pep_proxy_ui.json"))
-SWAGGER_SPEC_RESOURCES = json.load(open("./static/swagger_pep_resources_ui.json"))
+SWAGGER_SPEC_PROXY = json.load(open(dir_path+"/static/swagger_pep_proxy_ui.json"))
+SWAGGER_SPEC_RESOURCES = json.load(open(dir_path+"/static/swagger_pep_resources_ui.json"))
 SWAGGER_APP_NAME = "Policy Enforcement Point Interfaces"
 
 swaggerui_proxy_blueprint = get_swaggerui_blueprint(

src/requirements.txt

@@ -6,7 +6,9 @@ requests==2.23.0
 Flask==1.1.2
 pyjwkest==1.4.2
 pycrypto==2.6.1
+PyCryptodome
 pymongo
 mock
+pytest==6.2.4
 flask-swagger-ui==3.36.0
 pyyaml

tests/testMongo.py

@@ -1,7 +1,11 @@
 #!/usr/bin/env python3
 import pymongo
 from pymongo import MongoClient
-from src.handlers.mongo_handler import Mongo_Handler
+import os, sys
+sys.path.insert(0, '../src')
+dir_path = os.path.dirname(os.path.realpath(__file__))
+sys.path.append(dir_path+'/../src/')
+from handlers.mongo_handler import Mongo_Handler
 import pytest
 import unittest
 import mock
@@ -55,7 +59,7 @@ def test_mongo(self, mock_test,raise_for_status=None):
         if raise_for_status:
             mock_resp.raise_for_status.side_effect = raise_for_status
         mongo = Mongo_Handler("resource_db", "resources")
-        self.assertEqual(str(mongo)[:-16], '<src.handlers.mongo_handler.Mongo_Handler object at')
+        self.assertEqual(str(mongo)[:-16], '<handlers.mongo_handler.Mongo_Handler object at')
 
 
     @mock.patch('pymongo.collection.Collection.find_one', side_effect=mocked_exists_mongo)
@@ -69,7 +73,7 @@ def test_find_mongo(self, mock_find_test,raise_for_status=None):
 
 
     #@mock.patch('pymongo.collection.Collection.find_one', side_effect=mocked_exists_mongo)
-    @mock.patch('src.handlers.mongo_handler.Mongo_Handler.insert_resource_in_mongo', side_effect=mocked_insert_mongo)
+    @mock.patch('handlers.mongo_handler.Mongo_Handler.insert_resource_in_mongo', side_effect=mocked_insert_mongo)
     @mock.patch('pymongo.collection.Collection.find_one', side_effect=mocked_exists_mongo)
     def test_insert_mongo(self, mock_insert_test,raise_for_status=None):
         mock_resp = mock.Mock()

tests/testPEPResources.py

@@ -21,13 +21,14 @@ class PEPResourceTest(unittest.TestCase):
     @classmethod
     def setUpClass(cls):
         cls.g_config = {}
-        with open("../src/config/config.json") as j:
+        dir_path = os.path.dirname(os.path.realpath(__file__))
+        with open(dir_path+"/../src/config/config.json") as j:
             cls.g_config = json.load(j)
 
         wkh = WellKnownHandler(cls.g_config["auth_server_url"], secure=False)
         cls.__TOKEN_ENDPOINT = wkh.get(TYPE_OIDC, KEY_OIDC_TOKEN_ENDPOINT)
 
-        _rsajwk = RSAKey(kid="RSA1", key=import_rsa_key_from_file("../src/config/private.pem"))
+        _rsajwk = RSAKey(kid="RSA1", key=import_rsa_key_from_file(dir_path+"/../src/config/private.pem"))
         _payload = { 
                     "iss": cls.g_config["client_id"],
                     "sub": cls.g_config["client_id"],
@@ -51,7 +52,9 @@ def setUpClass(cls):
         _jws_ownership = JWS(_payload_ownership, alg="RS256")
 
         cls.jwt = _jws.sign_compact(keys=[_rsajwk])
+        print(cls.jwt)
         cls.jwt_rotest = _jws_ownership.sign_compact(keys=[_rsajwk])
+        print(cls.jwt_rotest)
         #cls.scopes = 'public_access'
         cls.scopes = 'protected_access'
         cls.resourceName = "TestResourcePEP"
@@ -78,7 +81,12 @@ def getResourceList(self, id_token="filler"):
     def createTestResource(self, id_token="filler"):
         payload = { "resource_scopes":[ self.scopes ], "icon_uri":"/"+self.resourceName, "name": self.resourceName }
         headers = { 'content-type': "application/json", "cache-control": "no-cache", "Authorization": "Bearer "+str(id_token) }
+        print(headers)
         res = requests.post(self.PEP_RES_HOST+"/resources", headers=headers, json=payload, verify=False)
+        print(res)
+        print(res.text)
+        print('lo siguiente es tal + /resources')
+        print(self.PEP_RES_HOST+"/resources")
         if res.status_code == 200:
             return 200, res.text
         return 500, None
@@ -169,6 +177,10 @@ def test_resource(self):
         id_token = self.getJWT()
         id_token_ro = self.getJWT_RO()
 
+        print('hmmmm')
+        print(id_token)
+        print(id_token_ro)
+
         #Create resource
         status, self.resourceID = self.createTestResource(id_token)
         self.assertEqual(status, 200)