upd v3 of the api to use new deck

microservices/gatewayApi/requirements.txt

@@ -1,12 +1,13 @@
+werkzeug==2.2.2
 ply==3.10
 cryptography==38.0.4
 authlib==0.15.3
 flask-swagger-ui==3.36.0
-Jinja2>=3.1
+Jinja2==3.0.3
 PyYAML==6.0.1
 munch==2.5.0
 boto3==1.9.12
-flask==2.3.3
+flask==2.1.3
 flask-compress==1.4.0
 flask-cors==3.0.9
 gevent==22.10.2

microservices/gatewayApi/swagger.py

@@ -37,7 +37,6 @@ def openapi_spec(ver:str):
             return Response(open("%s/%s.yaml" % (conf.data['workingFolder'], ver)).read(), mimetype='application/x-yaml')
 
         #app.add_url_rule("/%s/docs/openapi.yaml" % version, openapi_spec)
-        app.register_blueprint(swaggerui_blueprint)
 
         for version in versions:
             ## Template the spec and write it to a temporary location
@@ -52,10 +51,12 @@ def openapi_spec(ver:str):
                 authorization_url = discovery["authorization_endpoint"],
                 accesstoken_url = discovery["token_endpoint"]
             ))
-
 
             log.info("Configured /%s/docs" % version)
 
+        app.register_blueprint(swaggerui_blueprint)
+        log.info("Swagger UI registered")
+
     except:
         traceback.print_exc(file=sys.stdout)
         log.error("Failed to do OIDC Discovery for %s, sleeping 5 seconds and trying again." % version)

microservices/gatewayApi/v3/routes/gateway.py

@@ -29,7 +29,7 @@
 from utils.transforms import plugins_transformations
 from utils.masking import mask
 
-gw = Blueprint('gwa_v2', 'gateway')
+gw = Blueprint('gwa_v3', 'gateway')
 local_environment = os.environ.get("LOCAL_ENVIRONMENT", default=False)
 
 

microservices/gatewayApi/v3/routes/gw_status.py

@@ -0,0 +1,160 @@
+import requests
+import sys
+import traceback
+import urllib3
+import certifi
+import socket
+from urllib.parse import urlparse
+from flask import Blueprint, jsonify, request, Response, make_response, abort, g, current_app as app
+
+from v3.auth.auth import admin_jwt, uma_enforce
+
+from clients.kong import get_services_by_ns, get_routes_by_ns
+
+gw_status = Blueprint('gw_status_v3', 'gw_status')
+
+@gw_status.route('',
+           methods=['GET'], strict_slashes=False)
+@admin_jwt(None)
+@uma_enforce('namespace', 'GatewayConfig.Publish')
+def get_statuses(namespace: str) -> object:
+
+    log = app.logger
+
+    log.info("Get status for %s" % namespace)
+
+    services = get_services_by_ns (namespace)
+    routes = get_routes_by_ns (namespace)
+
+    response = []
+
+    for service in services:
+        url = build_url (service)
+        status = "UP"
+        reason = ""
+
+        actual_host = None
+        host = None
+        for route in routes:
+            if route['service']['id'] == service['id'] and 'hosts' in route:
+                actual_host = route['hosts'][0]
+                if route['preserve_host']:
+                    host = clean_host(actual_host)
+
+        try:
+            addr = socket.gethostbyname(service['host'])
+            log.info("Address = %s" % addr)
+        except:
+            status = "DOWN"
+            reason = "DNS"
+
+        if status == "UP":
+            try:
+                headers = {}
+                if host is None or service['host'].endswith('.svc'):
+                    r = requests.get(url, headers=headers, timeout=3.0)
+                    status_code = r.status_code
+                else:
+                    u = urlparse(url)
+
+                    if host is None:
+                        headers['Host'] = u.hostname
+                    else:
+                        headers['Host'] = host
+
+                    log.info("GET %-30s %s" % ("%s://%s" % (u.scheme, u.netloc), headers))
+
+                    urllib3.disable_warnings()
+                    if u.scheme == "https":
+                        pool = urllib3.HTTPSConnectionPool(
+                            "%s" % (u.netloc),
+                            assert_hostname=host,
+                            server_hostname=host,
+                            cert_reqs='CERT_NONE',
+                            ca_certs=certifi.where()
+                        )
+                    else:
+                        pool = urllib3.HTTPConnectionPool(
+                            "%s" % (u.netloc)
+                        )
+                    req = pool.urlopen(
+                        "GET",
+                        u.path,
+                        headers={"Host": host},
+                        assert_same_host=False,
+                        timeout=1.0,
+                        retries=False
+                    )
+
+                    status_code = req.status
+
+                log.info("Result received!! %d" % status_code)
+                if status_code < 400:
+                    status =  "UP"
+                    reason = "%d Response" % status_code
+                elif status_code == 401 or status_code == 403:
+                    status = "UP"
+                    reason = "AUTH %d" % status_code
+                else:
+                    status =  "DOWN"
+                    reason = "%d Response" % status_code
+            except requests.exceptions.Timeout as ex:
+                status = "DOWN"
+                reason = "TIMEOUT"
+            except urllib3.exceptions.ConnectTimeoutError as ex:
+                status = "DOWN"
+                reason = "TIMEOUT"
+            except requests.exceptions.ConnectionError as ex:
+                log.error("ConnError %s" % ex)
+                status = "DOWN"
+                reason = "CONNECTION"
+            except requests.exceptions.SSLError as ex:
+                status = "DOWN"
+                reason = "SSL"
+            except urllib3.exceptions.NewConnectionError as ex:
+                log.error("NewConnError %s" % ex)
+                status = "DOWN"
+                reason = "CON_ERR"
+            except urllib3.exceptions.SSLError as ex:
+                log.error(ex)
+                status = "DOWN"
+                reason = "SSL_URLLIB3"
+            except Exception as ex:
+                log.error(ex)
+                traceback.print_exc(file=sys.stdout)
+                status = "DOWN"
+                reason = "UNKNOWN"
+
+        log.info("GET %-30s %s" % (url,reason))
+        response.append({"name": service['name'], "upstream": url, "status": status, "reason": reason, "host": host, "env_host": actual_host})
+
+    return make_response(jsonify(response))
+
+def build_url (s):
+    schema = default(s, "protocol", "http")
+    defaultPort = 80
+    if schema == "https":
+        defaultPort = 443
+    host = s['host']
+    port = default(s, "port", defaultPort)
+    path = default(s, "path", "/")
+    if 'url' in s:
+        return s['url']
+    else:
+        return "%s://%s:%d%s" % (schema, host, port, path)
+
+
+def default (s, key, val):
+    if key in s and s[key] is not None:
+        return s[key]
+    else:
+        return val
+
+
+def clean_host (host):
+    conf = app.config['hostTransformation']
+    if conf['enabled'] is True:
+        conf = app.config['hostTransformation']
+        return host.replace(conf['baseUrl'], 'gov.bc.ca').replace('-data-gov-bc-ca', '.data').replace('-api-gov-bc-ca', '.api').replace('-apps-gov-bc-ca', '.apps')
+    else:
+        return host

microservices/gatewayApi/v3/routes/whoami.py

@@ -0,0 +1,30 @@
+import os
+import shutil
+from subprocess import Popen, PIPE
+import uuid
+import logging
+import yaml
+from flask import Blueprint, jsonify, request, Response, make_response, abort, g, current_app as app
+from io import TextIOWrapper
+
+from v3.auth.auth import admin_jwt
+
+whoami = Blueprint('whoami_v3', 'whoami')
+
+@whoami.route('',
+           methods=['GET'], strict_slashes=False)
+@admin_jwt(None)
+def who_am_i() -> object:
+    """
+    :return: JSON of some key information about the authenticated principal
+    """
+    output = {
+        "authorized-party": g.principal['azp'],
+        "scope": g.principal['scope'],
+        "issuer": g.principal['iss']
+    }
+    if ('aud' in g.principal):
+        output['audience'] = g.principal['aud']
+    if ('clientAddress' in g.principal):
+        output['client-address'] = g.principal['clientAddress']
+    return make_response(jsonify(output))

microservices/gatewayApi/v3/spec/spec.yaml

@@ -1,6 +1,6 @@
 openapi: 3.0.0
 info:
-  version: 2.0.0
+  version: 3.0.0
   title: Gateway Administration (GWA) API
   license:
     name: Apache 2.0

microservices/gatewayApi/v3/v3.py

@@ -1,10 +1,7 @@
 from flask import Blueprint, jsonify
-from v2.routes.authz import authz
-from v2.routes.gw_status import gw_status
-from v2.routes.namespaces import ns
-from v2.routes.whoami import whoami
-
 from v3.routes.gateway import gw
+from v3.routes.gw_status import gw_status
+from v3.routes.whoami import whoami
 
 v3 = Blueprint('v3', 'v3')
 
@@ -19,8 +16,6 @@ def get_status():
 class Register:
     def __init__(self, app):
         app.register_blueprint(v3, url_prefix="/v3")
-        app.register_blueprint(authz, url_prefix="/v3/authz")
-        app.register_blueprint(ns, url_prefix="/v3/namespaces")
         app.register_blueprint(gw, url_prefix="/v3/namespaces/<string:namespace>/gateway")
         app.register_blueprint(gw_status, url_prefix="/v3/namespaces/<string:namespace>/services")
         app.register_blueprint(whoami, url_prefix="/v3/whoami")