Feat/oauth

internal/context/context.go

@@ -11,6 +11,8 @@ import (
 type AUSFContext struct {
 	suciSupiMap          sync.Map
 	UePool               sync.Map
+	ClientMap            sync.Map
+	TokenMap             sync.Map
 	NfId                 string
 	GroupID              string
 	SBIPort              int

internal/sbi/consumer/nf_discovery.go

@@ -1,7 +1,6 @@
 package consumer
 
 import (
-	"context"
 	"fmt"
 	"net/http"
 
@@ -16,8 +15,12 @@ func SendSearchNFInstances(nrfUri string, targetNfType, requestNfType models.NfT
 	configuration := Nnrf_NFDiscovery.NewConfiguration()
 	configuration.SetBasePath(nrfUri)
 	client := Nnrf_NFDiscovery.NewAPIClient(configuration)
+	ctx, _, err := GetTokenCtx("nnrf-disc", "NRF")
+	if err != nil {
+		return nil, err
+	}
 
-	result, rsp, rspErr := client.NFInstancesStoreApi.SearchNFInstances(context.TODO(),
+	result, rsp, rspErr := client.NFInstancesStoreApi.SearchNFInstances(ctx,
 		targetNfType, requestNfType, &param)
 	if rspErr != nil {
 		return nil, fmt.Errorf("NFInstancesStoreApi Response error: %+w", rspErr)

internal/sbi/consumer/nf_management.go

@@ -7,13 +7,87 @@
 	"strings"
 	"time"
 
+	"github.com/antihax/optional"
 	ausf_context "github.com/free5gc/ausf/internal/context"
 	"github.com/free5gc/ausf/internal/logger"
+	"github.com/free5gc/ausf/pkg/factory"
 	"github.com/free5gc/openapi"
+	"github.com/free5gc/openapi/Nnrf_AccessToken"
 	"github.com/free5gc/openapi/Nnrf_NFManagement"
 	"github.com/free5gc/openapi/models"
+	"golang.org/x/oauth2"
 )
 
+func GetTokenCtx(scope, targetNF string) (context.Context, *models.ProblemDetails, error) {
+	if factory.AusfConfig.GetOAuth() {
+		tok, pd, err := sendAccTokenReq(scope, targetNF)
+		if err != nil {
+			return nil, pd, err
+		}
+		return context.WithValue(context.Background(),
+			openapi.ContextOAuth2, tok), pd, nil
+	}
+	return context.TODO(), nil, nil
+}
+
+func sendAccTokenReq(scope, targetNF string) (oauth2.TokenSource, *models.ProblemDetails, error) {
+	logger.ConsumerLog.Infof("Send Access Token Request")
+	var client *Nnrf_AccessToken.APIClient
+	ausfSelf := ausf_context.GetSelf()
+	// Set client and set url
+	configuration := Nnrf_AccessToken.NewConfiguration()
+	configuration.SetBasePath(ausfSelf.NrfUri)
+	if val, ok := ausfSelf.ClientMap.Load(configuration); ok {
+		client = val.(*Nnrf_AccessToken.APIClient)
+	} else {
+		client = Nnrf_AccessToken.NewAPIClient(configuration)
+		ausfSelf.ClientMap.Store(configuration, client)
+	}
+
+	var tok models.AccessTokenRsp
+
+	if val, ok := ausfSelf.TokenMap.Load(scope); ok {
+		tok = val.(models.AccessTokenRsp)
+		if int32(time.Now().Unix()) < tok.ExpiresIn {
+			logger.ConsumerLog.Infof("Token is not expired")
+			token := &oauth2.Token{
+				AccessToken: tok.AccessToken,
+				TokenType:   tok.TokenType,
+				Expiry:      time.Unix(int64(tok.ExpiresIn), 0),
+			}
+			return oauth2.StaticTokenSource(token), nil, nil
+		}
+	}
+
+	tok, res, err := client.AccessTokenRequestApi.AccessTokenRequest(context.Background(), "client_credentials",
+		ausfSelf.NfId, scope, &Nnrf_AccessToken.AccessTokenRequestParamOpts{
+			NfType:       optional.NewInterface(models.NfType_AUSF),
+			TargetNfType: optional.NewInterface(targetNF),
+		})
+	if err == nil {
+		ausfSelf.TokenMap.Store(scope, tok)
+		token := &oauth2.Token{
+			AccessToken: tok.AccessToken,
+			TokenType:   tok.TokenType,
+			Expiry:      time.Unix(int64(tok.ExpiresIn), 0),
+		}
+		return oauth2.StaticTokenSource(token), nil, err
+	} else if res != nil {
+		defer func() {
+			if resCloseErr := res.Body.Close(); resCloseErr != nil {
+				logger.ConsumerLog.Errorf("AccessTokenRequestApi response body cannot close: %+v", resCloseErr)
+			}
+		}()
+		if res.Status != err.Error() {
+			return nil, nil, err
+		}
+		problem := err.(openapi.GenericOpenAPIError).Model().(models.ProblemDetails)
+		return nil, &problem, err
+	} else {
+		return nil, nil, openapi.ReportError("server no response")
+	}
+}
+
 func BuildNFInstance(ausfContext *ausf_context.AUSFContext) (profile models.NfProfile, err error) {
 	profile.NfInstanceId = ausfContext.NfId
 	profile.NfType = models.NfType_AUSF
@@ -75,14 +149,18 @@
 
 func SendDeregisterNFInstance() (*models.ProblemDetails, error) {
 	logger.ConsumerLog.Infof("Send Deregister NFInstance")
+	ctx, pd, err := GetTokenCtx("nnrf-nfm", "NRF")
+	if err != nil {
+		return pd, err
+	}
 
 	ausfSelf := ausf_context.GetSelf()
 	// Set client and set url
 	configuration := Nnrf_NFManagement.NewConfiguration()
 	configuration.SetBasePath(ausfSelf.NrfUri)
 	client := Nnrf_NFManagement.NewAPIClient(configuration)
 
-	res, err := client.NFInstanceIDDocumentApi.DeregisterNFInstance(context.Background(), ausfSelf.NfId)
+	res, err := client.NFInstanceIDDocumentApi.DeregisterNFInstance(ctx, ausfSelf.NfId)
 	if err == nil {
 		return nil, err
 	} else if res != nil {

pkg/factory/config.go

@@ -109,6 +109,13 @@ type Sbi struct {
 	BindingIPv4  string `yaml:"bindingIPv4,omitempty" valid:"host,required"`  // IP used to run the server in the node.
 	Port         int    `yaml:"port,omitempty" valid:"port,required"`
 	Tls          *Tls   `yaml:"tls,omitempty" valid:"optional"`
+	OAuth        bool   `yaml:"oauth,omitempty" valid:"optional"`
+}
+
+func (c *Config) GetOAuth() bool {
+	c.RLock()
+	defer c.RUnlock()
+	return c.Configuration.Sbi.OAuth
 }
 
 func (s *Sbi) validate() (bool, error) {