Skip to content
This repository has been archived by the owner on Nov 26, 2024. It is now read-only.

Documentation not up-to-date #91

Open
giuliocarot0 opened this issue Jun 29, 2023 · 6 comments
Open

Documentation not up-to-date #91

giuliocarot0 opened this issue Jun 29, 2023 · 6 comments

Comments

@giuliocarot0
Copy link

Dear all, I am testing you framework and trying to implement an API Provider.
I tried to test the CAPIF Core Services using both the curl scripts and the postman templates, however in both cases I think the doc is incoherent with the endpoints exposed by the Core.
For example, the endpoint /gettoken seems replaced by /getauth (by looking at the nginx service configuration), or the role exposer replaced by provider.
Is there something I am missing? or the docs are not updated? if not, are you planning to update them?

@PelleRavn
Copy link

PelleRavn commented Aug 24, 2023

I'm trying to achieve the same as @giuliocarot0, and had the exact same results. I tried on both a Mac and a Debian machine with the same outcome.

Here's the problems I've seen so far:

  • The Curl scripts doesn't seem to work, and gives the error curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it.
  • The written test case and the Curl scripts doesn't follow the same flows (Curl scripts call /sign-csr and written test case states calling /api-provider-management/v1/registrations).
  • The Postman templates is way out of date (I know the documentation states this is only works for CAPIF 1.0), but it would be great to actually test it though Postman.
  • Can't run the Robots test, because when the it tries to build the Docker image for the robot, it gives an error at the following step:
RUN apt-get install -y --fix-missing python3.10 python3.10-venv python3.10-dev:                                    
0.267 Reading package lists...                                                                                                
0.729 Building dependency tree...                                                                                             
0.798 Reading state information...                                                                                            
0.843 E: Unable to locate package python3.10-venv
0.843 E: Couldn't find any package by glob 'python3.10-venv'
0.843 E: Couldn't find any package by regex 'python3.10-venv'
0.843 E: Unable to locate package python3.10-dev
0.843 E: Couldn't find any package by glob 'python3.10-dev'
0.843 E: Couldn't find any package by regex 'python3.10-dev'
  • The docker-compose setup seems to be configured incorrectly, as the HTTPS endpoints always returns 403 Forbidden probably because of the certificate used and the if ($ssl_client_verify != SUCCESS) { return 403; } configuration.
    Update: This was incorrectly explained. Error message is {"status":401, "title":"Unauthorized" ,"detail":"User not authorized", "cause":"Certificate not authorized"}, with the certificate that was issued by the "/sign-csr" endpoint itself (both with the provided Curl scripts and my own test-implementation).
  • Running each service individually doesn't work as specified (e.g. like this) because services like Redis have a hardcoded container hostname to 'redis', so it won't start unless it was started thought the complete docker-compose setup (that doesn't work like mentioned above).

So at this point, I don't really have anything to test with, as this is the go-to samples to test out building a provider for CAPIF.

@PelayoToAl
Copy link

Hello, I apologize for the delay in my response.

1. the endpoint /gettoken seems replaced by /getauth (by looking at the nginx service configuration), or the role exposer replaced by provider. / The Curl scripts doesn't seem to work

The Curl tests have not been updated to reflect the latest changes. As you rightly pointed out, the current endpoint should be /getauth rather than /gettoken, besides having to use 'provider' instead of 'exposer'

2. The written test case and the Curl scripts doesn't follow the same flows (Curl scripts call /sign-csr and written test case states calling /api-provider-management/v1/registrations)

This situation involves preconditions. It's essential to initiate the process with /register and /getauth in order to obtain a valid token for interacting with CAPIF. Subsequently, the certificate must be signed through /sign-csr using the token acquired earlier. This leads to the eventual onboarding of CAPIF.

3. The Postman templates is way out of date (I know the documentation states this is only works for CAPIF 1.0), but it would be great to actually test it though Postman.

While the Postman template initially served as a useful tool for developers, it no longer maintains current relevance. CAPIF adheres to standard specifications, thereby enabling anyone to construct collections within Postman.

4. Can't run the Robots test, because when the it tries to build the Docker image for the robot

The repository has been updated to incorporate the required Robot image essential for successful test execution.

5. Running each service individually doesn't work as specified (e.g. like this) because services like Redis have a hardcoded container hostname to 'redis', so it won't start unless it was started thought the complete docker-compose setup

You've aptly identified the situation. With services reliant on the Redis service, it's presently impossible to launch CAPIF services individually. We recommend leveraging the run.sh script within the services directory to initiate CAPIF, encompassing all necessary components.

Moreover, we are diligently working on an upcoming version that will introduce a plethora of substantial enhancements. These alterations have been designed to uphold the existing structure while significantly enhancing the overall user experience when engaging with CAPIF.

@starcore2022
Copy link

starcore2022 commented Feb 7, 2024

Hi!
I tried out the curl example with the modificitaions you all mentioned (provider instead of exposer, getauth instead of gettoken, etc.). Everything checks out until publishing a service API.
For the most of the time I got the error, that the certficate is not authorized. The script still works like this.
I wrote a nodejs code that does, the same process and it did result in the same error. Made some modifications and the code no longer send back error message, but I don't receive confirmation. I suspect I did not properly parse up something or the request is not complete, because the code is seemingly waiting for the continuation of the request.
So I went back to the .sh script. Now looking at it the only clue I got the somehow the certificate, or provider is not authorized to publish service APIs.
Looked into the test cases, the documentation and even into the nginx configuration file, the only thing I found was the robot test cases. Here it was documented that somehow I have to get an authorized "apf_id".
It seems to be the user id, when I did the registration, but not sure.
Could someone help put, what the problem could be and how to fix it?

Thanks in advance!

The modified bash script:

##### Execute Exposer curls locally

##### Configure machine 

##### Add in /etc/hosts: 127.0.0.1	capifcore


##### Set environment variables 
capifhost="capifcore"
capifhttpport="8080"

exposerpk="-----BEGIN CERTIFICATE REQUEST-----\nMIIC0TCCAbkCAQAwgYsxEDAOBgNVBAMMB2V4cG9zZXIxFzAVBgNVBAoMDlRlbGVm\nb25pY2EgSStEMRMwEQYDVQQLDApJbm5vdmF0aW9uMQ8wDQYDVQQHDAZNYWRyaWQx\nDzANBgNVBAgMBk1hZHJpZDELMAkGA1UEBhMCRVMxGjAYBgkqhkiG9w0BCQEWC2lu\nbm9AdGlkLmVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpJ7FzAI\nkzFYxLKbW54lIsQBNIQz5zQIvRZDFcrO4QLR2jQUps9giBWEDih++47JiBJyM+z1\nWkEh7b+moZhQThj7L9PKgJHRhU1oeHpSE1x/r7479J5F+CFRqFo5v9dC+2zGfP4E\nsSrNfp3MK/KQHsHhMzSt881xAHs+p2/bcM+sd/BlXC4J6E1y6Hk3ogI7kq443fcY\noUHZx9ClUSboOvXa1ZSPVxdCV6xKRraUdAKfhMGn+pYtJDsNp8Gg/BN8NXmYUzl9\ntDhjeuIxr4N38LgW3gRHLNIa8acO9eBctWw9AD20JWzFAXvvmsboBPc2wsOVcsml\ncCbisMRKX4JyKQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAIxZ1Sec9ATbqjhi\nRz4rvhX8+myXhyfEw2MQ62jz5tpH4qIVZFtn+cZvU/ULySY10WHaBijGgx8fTaMh\nvjQbc+p3PXmgtnmt1QmoOGjDTFa6vghqpxPLSUjjCUe8yj5y24gkOImY6Cv5rzzQ\nlnTMkNvnGgpDgUeiqWcQNbwwge3zkzp9bVRgogTT+EDxiFnjTTF6iUG80sRtXMGr\nD6sygLsF2zijGGfWoKRo/7aZTQxuCiCixceVFXegMfr+eACkOjV25Kso7hYBoEdP\nkgUf5PNpl5uK3/rmPIrl/TeE0SnGGfCYP7QajE9ELRsBVmVDZJb7ZxUl1A4YydFY\ni0QOM3Y=\n-----END CERTIFICATE REQUEST-----\n"


##### Retrieve and store CA certificate 

curl --request GET "http://$capifhost:$capifhttpport/ca-root" | jq -r '.certificate' -j > ca.crt


##### Register an entity 

exposerid=$(curl --request POST "http://$capifhost:$capifhttpport/register" --header 'Content-Type: application/json' --data '{
    "username":"provider_1",
    "password":"exposer",
    "role":"provider",
    "description":"Exposer",
    "cn":"exposer"
}' | jq -r '.id' -j)


##### Get access token

exposertoken=$(curl --request POST "http://$capifhost:$capifhttpport/getauth" --header 'Content-Type: application/json' --data '{
    "username":"provider_1",
    "password":"exposer",
    "role":"provider"
}' | jq -r '.access_token' -j)


##### Sign exposer certificate

curl --request POST "http://$capifhost:$capifhttpport/sign-csr" --header "Authorization: Bearer $exposertoken" --header 'Content-Type: application/json' --data "{
  \"csr\":  \"$exposerpk\",
  \"mode\":  \"client\",
  \"filename\": \"exposer\"
}" | jq -r '.certificate' -j > exposer.crt


##### Publish service
curl --cert exposer.crt --key exposer.key --cacert ca.crt --request POST "https://$capifhost/published-apis/v1/$exposerid/service-apis"  --header 'Content-Type: application/json' --data '{
  "apiName": "3gpp-monitoring-event",
  "aefProfiles": [
    {
      "aefId": "string",
      "versions": [
        {
          "apiVersion": "v1",
          "expiry": "2021-11-30T10:32:02.004Z",
          "resources": [
            {
              "resourceName": "string",
              "commType": "REQUEST_RESPONSE",
              "uri": "string",
              "custOpName": "string",
              "operations": [
                "GET"
              ],
              "description": "string"
            }
          ],
          "custOperations": [
            {
              "commType": "REQUEST_RESPONSE",
              "custOpName": "string",
              "operations": [
                "GET"
              ],
              "description": "string"
            }
          ]
        }
      ],
      "protocol": "HTTP_1_1",
      "dataFormat": "JSON",
      "securityMethods": ["PSK"],
      "interfaceDescriptions": [
        {
          "ipv4Addr": "string",
          "port": 65535,
          "securityMethods": ["PSK"]
        },
        {
          "ipv4Addr": "string",
          "port": 65535,
          "securityMethods": ["PSK"]
        }
      ]
    }
  ],
  "description": "string",
  "supportedFeatures": "fffff",
  "shareableInfo": {
    "isShareable": true,
    "capifProvDoms": [
      "string"
    ]
  },
  "serviceAPICategory": "string",
  "apiSuppFeats": "fffff",
  "pubApiPath": {
    "ccfIds": [
      "string"
    ]
  },
  "ccfId": "string"
}' > response.json

apiserviceid=$(cat response.json | jq -r '.apiId' -j)


##### Update a published service API
curl --cert exposer.crt --key exposer.key --cacert ca.crt --request PUT "https://$capifhost/published-apis/v1/$exposerid/service-apis/$apiserviceid" --header 'Content-Type: application/json' --data '{
  "apiName": "3gpp-monitoring-event",
  "aefProfiles": [
    {
      "aefId": "string1",
      "versions": [
        {
          "apiVersion": "v1",
          "expiry": "2021-11-30T10:32:02.004Z",
          "resources": [
            {
              "resourceName": "string",
              "commType": "REQUEST_RESPONSE",
              "uri": "string",
              "custOpName": "string",
              "operations": [
                "GET"
              ],
              "description": "string"
            }
          ],
          "custOperations": [
            {
              "commType": "REQUEST_RESPONSE",
              "custOpName": "string",
              "operations": [
                "GET"
              ],
              "description": "string"
            }
          ]
        }
      ],
      "protocol": "HTTP_1_1",
      "dataFormat": "JSON",
      "securityMethods": ["PSK"],
      "interfaceDescriptions": [
        {
          "ipv4Addr": "string",
          "port": 65535,
          "securityMethods": ["PSK"]
        },
        {
          "ipv4Addr": "string",
          "port": 65535,
          "securityMethods": ["PSK"]
        }
      ]
    }
  ],
  "description": "string",
  "supportedFeatures": "fffff",
  "shareableInfo": {
    "isShareable": true,
    "capifProvDoms": [
      "string"
    ]
  },
  "serviceAPICategory": "string",
  "apiSuppFeats": "fffff",
  "pubApiPath": {
    "ccfIds": [
      "string"
    ]
  },
  "ccfId": "string"
}'


##### Retrieve all published APIs

curl --cert exposer.crt --key exposer.key --cacert ca.crt --request GET "https://$capifhost/published-apis/v1/$exposerid/service-apis"


##### Retrieve a published service API

curl --cert exposer.crt --key exposer.key --cacert ca.crt --request GET "https://$capifhost/published-apis/v1/$exposerid/service-apis/$apiserviceid"


##### Unpublish a published service API

curl --cert exposer.crt --key exposer.key --cacert ca.crt --request DELETE "https://$capifhost/published-apis/v1/$exposerid/service-apis/$apiserviceid"

@starcore2022
Copy link

starcore2022 commented Feb 28, 2024

Update: In the node.js HTTP server I created, if I send the signed certificate with, with adding to it the encoding information, then there is an error (Certificate not authorized.), but without it, there is no information sent back.
When there is no information sent back, it seems as if the HTTP request is not finished and CAPIF is waiting for the rest of it, or when you don't end your request.

@starcore2022
Copy link

starcore2022 commented Mar 6, 2024

The output of the curl bash file:

 % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1203  100  1203    0     0   596k      0 --:--:-- --:--:-- --:--:-- 1174k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   350  100   216  100   134  72410  44921 --:--:-- --:--:-- --:--:--  170k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   743  100   660  100    83  20866   2624 --:--:-- --:--:-- --:--:-- 23967
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  5935  100  4801  100  1134  97690  23074 --:--:-- --:--:-- --:--:--  118k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1583  100   108  100  1475  18547   247k --:--:-- --:--:-- --:--:--  309k
{"status":401, "title":"Unauthorized" ,"detail":"User not authorized", "cause":"Certificate not authorized"}{"status":401, "title":"Unauthorized" ,"detail":"User not authorized", "cause":"Certificate not authorized"}
{"status":401, "title":"Unauthorized" ,"detail":"User not authorized", "cause":"Certificate not authorized"}{"status":401, "title":"Unauthorized" ,"detail":"User not authorized", "cause":"Certificate not authorized"}

@sxarism
Copy link
Contributor

sxarism commented Jun 19, 2024

Hello all!
This repo and the version of the code are not used anymore.
This open-source implementation of CAPIF software is now supported by ETSI. You can find all the necessary information (documentation, code etc) here, in the official site of OpenCAPIF Software Development Group.

Hope to see you there!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants