From 4ae9fa6b612d23a2c75f332e079ea738ca79e36e Mon Sep 17 00:00:00 2001
From: Michael7371 <40476797+Michael7371@users.noreply.github.com>
Date: Wed, 16 Oct 2024 16:11:40 -0600
Subject: [PATCH 1/2] updates to the obu ota server to return FQDN responses to
 commsignia response manifests

---
 services/Dockerfile.obu_ota_server            |  4 +-
 .../images/obu_ota_server/obu_ota_server.py   | 12 +++-
 .../obu_ota_server/test_obu_ota_server.py     | 68 +++++++++++++++++++
 3 files changed, 81 insertions(+), 3 deletions(-)

diff --git a/services/Dockerfile.obu_ota_server b/services/Dockerfile.obu_ota_server
index b3afbf2b..d6248cfe 100644
--- a/services/Dockerfile.obu_ota_server
+++ b/services/Dockerfile.obu_ota_server
@@ -3,9 +3,9 @@ FROM python:3.12-alpine
 WORKDIR /home
 
 ADD addons/images/obu_ota_server/requirements.txt .
+RUN pip install --no-cache-dir --upgrade -r requirements.txt
+
 ADD addons/images/obu_ota_server/*.py .
 ADD common/*.py ./common/
 
-RUN pip install --no-cache-dir --upgrade -r requirements.txt
-
 CMD ["uvicorn", "obu_ota_server:app", "--host", "0.0.0.0", "--port", "8085"]
\ No newline at end of file
diff --git a/services/addons/images/obu_ota_server/obu_ota_server.py b/services/addons/images/obu_ota_server/obu_ota_server.py
index 4a6669ac..bf3ddcac 100644
--- a/services/addons/images/obu_ota_server/obu_ota_server.py
+++ b/services/addons/images/obu_ota_server/obu_ota_server.py
@@ -52,12 +52,22 @@ def get_firmware_list() -> list:
     return files
 
 
+def get_host_name() -> str:
+    host_name = os.getenv("SERVER_HOST", "localhost")
+    tls_enabled = os.getenv("NGINX_ENCRYPTION", "plain")
+    if tls_enabled.lower() == "ssl":
+        host_name = "https://" + host_name
+    else:
+        host_name = "http://" + host_name
+    return host_name
+
+
 @app.get("/firmwares/commsignia", dependencies=[Depends(authenticate_user)])
 async def get_manifest(request: Request) -> dict[str, Any]:
     try:
         files = get_firmware_list()
         logging.debug(f"get_manifest :: Files: {files}")
-        host_name = os.getenv("SERVER_HOST", "localhost")
+        host_name = get_host_name()
         response_manifest = commsignia_manifest.add_contents(host_name, files)
         return response_manifest
     except Exception as e:
diff --git a/services/addons/tests/obu_ota_server/test_obu_ota_server.py b/services/addons/tests/obu_ota_server/test_obu_ota_server.py
index ea41e3cc..73438d0f 100644
--- a/services/addons/tests/obu_ota_server/test_obu_ota_server.py
+++ b/services/addons/tests/obu_ota_server/test_obu_ota_server.py
@@ -318,5 +318,73 @@ def test_removed_old_logs_with_removal(mock_pgquery):
     )
 
 
+@patch.dict("os.environ", {"OTA_USERNAME": "username", "OTA_PASSWORD": "password"})
+@pytest.mark.anyio
+@patch("addons.images.obu_ota_server.obu_ota_server.get_firmware_list")
+@patch("addons.images.obu_ota_server.obu_ota_server.commsignia_manifest.add_contents")
+async def test_get_manifest(mock_commsignia_manifest, mock_get_firmware_list):
+    mock_get_firmware_list.return_value = [
+        "/firmwares/test1.tar.sig",
+        "/firmwares/test2.tar.sig",
+    ]
+    mock_commsignia_manifest.return_value = {"json": "data"}
+    async with AsyncClient(app=app, base_url="http://test") as ac:
+        response = await ac.get(
+            "/firmwares/commsignia", auth=BasicAuth("username", "password")
+        )
+    assert response.status_code == 200
+    assert response.json() == {"json": "data"}
+
+
+@patch.dict(
+    "os.environ",
+    {
+        "OTA_USERNAME": "username",
+        "OTA_PASSWORD": "password",
+        "NGINX_ENCRYPTION": "plain",
+    },
+)
+@pytest.mark.anyio
+@patch("addons.images.obu_ota_server.obu_ota_server.get_firmware_list")
+@patch("addons.images.obu_ota_server.obu_ota_server.commsignia_manifest.add_contents")
+async def test_fqdn_response_plain(mock_commsignia_manifest, mock_get_firmware_list):
+    mock_get_firmware_list.return_value = []
+    expected_hostname = "http://localhost"
+    mock_commsignia_manifest.return_value = {"json": "data"}
+
+    async with AsyncClient(app=app, base_url="http://test") as ac:
+        response = await ac.get(
+            "/firmwares/commsignia", auth=BasicAuth("username", "password")
+        )
+
+    assert response.status_code == 200
+    mock_commsignia_manifest.assert_called_once_with(expected_hostname, [])
+
+
+@patch.dict(
+    "os.environ",
+    {
+        "OTA_USERNAME": "username",
+        "OTA_PASSWORD": "password",
+        "NGINX_ENCRYPTION": "SSL",
+    },
+)
+@pytest.mark.anyio
+@patch("addons.images.obu_ota_server.obu_ota_server.get_firmware_list")
+@patch("addons.images.obu_ota_server.obu_ota_server.commsignia_manifest.add_contents")
+async def test_fqdn_response_ssl(mock_commsignia_manifest, mock_get_firmware_list):
+    mock_get_firmware_list.return_value = []
+    expected_hostname = "https://localhost"
+    mock_commsignia_manifest.return_value = {"json": "data"}
+
+    async with AsyncClient(app=app, base_url="http://test") as ac:
+        response = await ac.get(
+            "/firmwares/commsignia", auth=BasicAuth("username", "password")
+        )
+
+    assert response.status_code == 200
+    mock_commsignia_manifest.assert_called_once_with(expected_hostname, [])
+
+
 if __name__ == "__main__":
     pytest.main()

From 69daa35e315dedb1702df5fe206594bccc4fd4b9 Mon Sep 17 00:00:00 2001
From: Michael7371 <40476797+Michael7371@users.noreply.github.com>
Date: Wed, 16 Oct 2024 16:40:58 -0600
Subject: [PATCH 2/2] updates to docker compose and k8 template

---
 docker-compose-obu-ota-server.yml                | 1 +
 resources/kubernetes/obu-ota-server.yaml         | 2 ++
 services/addons/images/obu_ota_server/sample.env | 1 +
 3 files changed, 4 insertions(+)

diff --git a/docker-compose-obu-ota-server.yml b/docker-compose-obu-ota-server.yml
index 88854d9a..8adba346 100644
--- a/docker-compose-obu-ota-server.yml
+++ b/docker-compose-obu-ota-server.yml
@@ -25,6 +25,7 @@ services:
       PG_DB_PASS: ${PG_DB_PASS}
 
       MAX_COUNT: ${MAX_COUNT}
+      NGINX_ENCRYPTION: ${NGINX_ENCRYPTION}
     volumes:
       - ./resources/ota/firmwares:/firmwares
     logging:
diff --git a/resources/kubernetes/obu-ota-server.yaml b/resources/kubernetes/obu-ota-server.yaml
index 92727c8d..03f0fd10 100644
--- a/resources/kubernetes/obu-ota-server.yaml
+++ b/resources/kubernetes/obu-ota-server.yaml
@@ -170,6 +170,8 @@ spec:
                 secretKeyRef:
                   name: some-postgres-secret-password
                   key: some-postgres-secret-key
+            - name: NGINX_ENCRYPTION
+              value: 'ssl'
           volumeMounts:
             - name: cv-manager-service-key
               mountPath: /home/secret
diff --git a/services/addons/images/obu_ota_server/sample.env b/services/addons/images/obu_ota_server/sample.env
index d96f532d..d0cdc634 100644
--- a/services/addons/images/obu_ota_server/sample.env
+++ b/services/addons/images/obu_ota_server/sample.env
@@ -21,6 +21,7 @@ OTA_PASSWORD = "admin"
 
 # Nginx encryption options: "plain", "ssl"
 # Note that this just changes the config file attached as a volume to the Nginx container
+# This is also used to generate the proper FQDN in the manifest response
 NGINX_ENCRYPTION="plain"
 
 # SSL file name in path /docker/nginx/ssl/