param( [string]$ApiBaseUrl = "http://192.168.200.61:18121/api/v1", [string]$ClusterID = "cfc0743d-d960-49fb-9de8-96e063d5e4aa", [string]$ActorUserID = "f67d943f-5397-4b3a-a229-695fe67ad700", [string]$EntryNodeName = "test-1", [string]$RelayNodeName = "test-3", [string]$ExitNodeName = "test-2", [string]$EntryBaseUrl = "http://192.168.200.61:19131", [string]$DockerSSH = "test-docker", [string]$ExpectedBackendImage = "rap-backend:fabric-service-channel-0.2.239", [string]$ExpectedNodeAgentImage = "rap-node-agent:0.2.237", [string]$ResultPath = "artifacts\c18z57-service-channel-remediation-command-smoke-result.json" ) Set-StrictMode -Version Latest $ErrorActionPreference = "Stop" $scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path $repoRoot = (Resolve-Path (Join-Path $scriptDir "..\..")).ProviderPath $runId = "c18z57-" + (Get-Date -Format "yyyyMMdd-HHmmss") function Invoke-Api { param( [string]$Method, [string]$Path, [object]$Body = $null ) if ($null -eq $Body) { return Invoke-RestMethod -Method $Method -Uri "$ApiBaseUrl$Path" -TimeoutSec 30 } return Invoke-RestMethod -Method $Method -Uri "$ApiBaseUrl$Path" -ContentType "application/json" -Body ($Body | ConvertTo-Json -Depth 80) -TimeoutSec 30 } function Get-PropertyValue { param( [object]$Item, [string]$Name, [object]$Default = $null ) if ($null -eq $Item) { return $Default } $property = $Item.PSObject.Properties[$Name] if ($null -eq $property) { return $Default } return $property.Value } function Get-NodeByName { param([string]$Name) $nodes = (Invoke-Api -Method GET -Path "/clusters/$ClusterID/nodes?actor_user_id=$ActorUserID").nodes $node = @($nodes | Where-Object { $_.name -eq $Name }) | Select-Object -First 1 if ($null -eq $node) { throw "Node '$Name' was not found in cluster $ClusterID" } return $node } function New-RouteIntent { param( [string]$SourceNodeID, [string]$DestinationNodeID, [string[]]$Hops, [int]$Priority, [string]$Label ) $expiresAt = (Get-Date).ToUniversalTime().AddMinutes(5).ToString("o") return Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents" -Body @{ actor_user_id = $ActorUserID source_selector = @{ node_id = $SourceNodeID } destination_selector = @{ node_id = $DestinationNodeID } service_class = "vpn_packets" priority = $Priority policy = @{ synthetic_enabled = $true route_version = "$runId-$Label" policy_version = "$runId-$Label" peer_directory_version = "$runId-$Label" hops = @($Hops) allowed_channels = @("vpn_packet", "fabric_control") max_ttl = 8 max_hops = 8 expires_at = $expiresAt metadata = @{ smoke = "c18z57_service_channel_remediation_command" run_id = $runId label = $Label } } } } function Send-DegradedHeartbeat { param( [string]$EntryNodeID, [string]$PrimaryRouteID ) $observedAt = (Get-Date).ToUniversalTime().ToString("o") return Invoke-Api -Method POST -Path "/clusters/$ClusterID/nodes/$EntryNodeID/heartbeats" -Body @{ health_status = "healthy" reported_version = "0.2.235" capabilities = @{ fabric_service_channel_runtime = $true fabric_service_channel_route_manager = $true fabric_service_channel_route_quality_feedback = $true smoke_feedback_injection = "c18z57" } service_states = @{ smoke = "c18z57_primary_degraded_alternate_available" } metadata = @{ fabric_service_channel_runtime_report = @{ schema_version = "c18l.fabric_service_channel_runtime_report.v1" config_version = "$runId-primary" cluster_id = $ClusterID local_node_id = $EntryNodeID observed_at = $observedAt ingress = @{ flow_scheduler = @{ schema_version = "rap.fabric_flow_scheduler.v1" service_neutral = $true service_mode = "application_protocol_agnostic" channel_stats = @{ "c18z57-primary-degraded" = @{ last_route_id = $PrimaryRouteID last_failed_route_id = $PrimaryRouteID route_generation = "$runId-primary" last_error = "c18z57 primary route degraded; alternate available" last_send_duration_ms = 980 consecutive_failures = 3 stall_count = 2 route_rebuild_recommended = $true degraded_fallback_recommended = $false quality_window_sample_count = 8 quality_window_success_count = 2 quality_window_failure_count = 3 quality_window_slow_count = 2 quality_window_drop_count = 1 quality_window_avg_latency_ms = 980 quality_window_last_updated_at = $observedAt } } } } } smoke = @{ name = "c18z57_service_channel_remediation_command" run_id = $runId } } } } $entryNode = Get-NodeByName -Name $EntryNodeName $relayNode = Get-NodeByName -Name $RelayNodeName $exitNode = Get-NodeByName -Name $ExitNodeName $primaryRouteID = "" $alternateRouteID = "" $result = $null try { $primary = (New-RouteIntent -SourceNodeID $entryNode.id -DestinationNodeID $exitNode.id -Hops @($entryNode.id, $exitNode.id) -Priority 2100000000 -Label "primary").route_intent $alternate = (New-RouteIntent -SourceNodeID $entryNode.id -DestinationNodeID $exitNode.id -Hops @($entryNode.id, $relayNode.id, $exitNode.id) -Priority 2099999900 -Label "alternate").route_intent $primaryRouteID = [string]$primary.id $alternateRouteID = [string]$alternate.id $resourceID = "c18z57-vpn-smoke" $lease = (Invoke-Api -Method POST -Path "/clusters/$ClusterID/fabric/service-channels/leases" -Body @{ actor_user_id = $ActorUserID organization_id = "smoke-org" user_id = "smoke-user" resource_id = $resourceID service_class = "vpn_packets" entry_node_ids = @([string]$entryNode.id) exit_node_ids = @([string]$exitNode.id) preferred_entry_node_id = [string]$entryNode.id preferred_exit_node_id = [string]$exitNode.id allowed_channels = @("vpn_packet", "fabric_control") ttl_seconds = 180 metadata = @{ smoke = "c18z57_service_channel_remediation_command" run_id = $runId } }).fabric_service_channel_lease [void](Send-DegradedHeartbeat -EntryNodeID $entryNode.id -PrimaryRouteID $primaryRouteID) $packetPath = $lease.entry_http.path_template. Replace("{cluster_id}", $ClusterID). Replace("{channel_id}", [string]$lease.channel_id). Replace("{resource_id}", $resourceID) $packetUrl = $EntryBaseUrl.TrimEnd("/") + $packetPath $headers = @{ "X-RAP-Service-Channel-Token" = [string]$lease.token.token "X-RAP-Fabric-Channel-ID" = [string]$lease.channel_id "X-RAP-Service-Class" = "vpn_packets" "X-RAP-Channel-Class" = "vpn_packet" } $response = Invoke-WebRequest -Method Post -Uri $packetUrl -Headers $headers -Body ([System.Text.Encoding]::UTF8.GetBytes("c18z57-alternate-remediation")) -ContentType "application/octet-stream" -TimeoutSec 30 $acceptedBy = [string]$response.Headers["X-RAP-Service-Channel-Accepted-By"] $accessTelemetry = $null $matchingChannel = $null for ($i = 0; $i -lt 10; $i++) { Start-Sleep -Seconds 3 $accessTelemetry = (Invoke-Api -Method GET -Path "/clusters/$ClusterID/fabric/service-channels/access-telemetry?actor_user_id=$ActorUserID&limit=20").fabric_service_channel_access_telemetry $channels = @() if ($accessTelemetry.PSObject.Properties.Name -contains "active_channels") { $channels = @($accessTelemetry.active_channels) } $matchingChannel = $channels | Where-Object { $_.channel_id -eq $lease.channel_id } | Select-Object -First 1 if ($null -ne $matchingChannel -and [string](Get-PropertyValue -Item $matchingChannel -Name "remediation_action" -Default "") -eq "prefer_alternate_route") { break } } $backendLine = (& ssh $DockerSSH "docker ps --format '{{.Names}} {{.Image}} {{.Status}}' | grep '^rap_test_backend '") | Out-String $nodeLines = (& ssh $DockerSSH "docker ps --format '{{.Names}} {{.Image}} {{.Status}}' | grep '^rap_test_node_test_'") | Out-String $leasePrimaryRouteID = [string](Get-PropertyValue -Item (Get-PropertyValue -Item $lease -Name "primary_route" -Default $null) -Name "route_id" -Default "") $leaseAlternates = @() if ($lease.PSObject.Properties.Name -contains "alternate_routes") { $leaseAlternates = @($lease.alternate_routes) } $leaseHasAlternate = (@($leaseAlternates | Where-Object { [string]$_.route_id -eq $alternateRouteID }).Count -ge 1) $remediationCommand = Get-PropertyValue -Item $matchingChannel -Name "remediation_command" -Default $null $commandAction = [string](Get-PropertyValue -Item $remediationCommand -Name "action" -Default "") $commandPrimaryRouteID = [string](Get-PropertyValue -Item $remediationCommand -Name "primary_route_id" -Default "") $commandReplacementRouteID = [string](Get-PropertyValue -Item $remediationCommand -Name "replacement_route_id" -Default "") $commandExpiresAt = [string](Get-PropertyValue -Item $remediationCommand -Name "expires_at" -Default "") $result = [ordered]@{ schema_version = "c18z57.service_channel_remediation_command_smoke.v1" run_id = $runId cluster_id = $ClusterID primary_route_id = $primaryRouteID alternate_route_id = $alternateRouteID channel_id = [string]$lease.channel_id passed = [bool]( $backendLine.Contains($ExpectedBackendImage) -and $nodeLines.Contains($ExpectedNodeAgentImage) -and [string]$lease.status -eq "ready" -and $leasePrimaryRouteID -eq $primaryRouteID -and $leaseHasAlternate -and [int]$response.StatusCode -eq 202 -and $acceptedBy -eq "introspection" -and $null -ne $matchingChannel -and [string](Get-PropertyValue -Item $matchingChannel -Name "primary_route_id" -Default "") -eq $primaryRouteID -and -not [bool](Get-PropertyValue -Item $matchingChannel -Name "force_degraded_route" -Default $false) -and [string](Get-PropertyValue -Item $matchingChannel -Name "route_feedback_status" -Default "") -eq "fenced" -and [string](Get-PropertyValue -Item $matchingChannel -Name "remediation_action" -Default "") -eq "prefer_alternate_route" -and [string](Get-PropertyValue -Item $matchingChannel -Name "remediation_route_id" -Default "") -eq $alternateRouteID -and $null -ne $remediationCommand -and $commandAction -eq "prefer_alternate_route" -and $commandPrimaryRouteID -eq $primaryRouteID -and $commandReplacementRouteID -eq $alternateRouteID -and $commandExpiresAt.Length -gt 0 -and [int]$accessTelemetry.degraded_fallback_channel_count -eq 0 ) checks = [ordered]@{ backend_expected_image_deployed = $backendLine.Contains($ExpectedBackendImage) node_agent_expected_image_deployed = $nodeLines.Contains($ExpectedNodeAgentImage) lease_ready = ([string]$lease.status -eq "ready") lease_selected_primary_route = ($leasePrimaryRouteID -eq $primaryRouteID) lease_contains_alternate_route = $leaseHasAlternate packet_accepted = ([int]$response.StatusCode -eq 202) accepted_by_header_is_introspection = ($acceptedBy -eq "introspection") active_channel_visible = ($null -ne $matchingChannel) active_channel_not_degraded_route = ($null -ne $matchingChannel -and -not [bool](Get-PropertyValue -Item $matchingChannel -Name "force_degraded_route" -Default $false)) route_quality_fenced = ($null -ne $matchingChannel -and [string](Get-PropertyValue -Item $matchingChannel -Name "route_feedback_status" -Default "") -eq "fenced") remediation_prefers_alternate = ($null -ne $matchingChannel -and [string](Get-PropertyValue -Item $matchingChannel -Name "remediation_action" -Default "") -eq "prefer_alternate_route") remediation_route_is_alternate = ($null -ne $matchingChannel -and [string](Get-PropertyValue -Item $matchingChannel -Name "remediation_route_id" -Default "") -eq $alternateRouteID) remediation_command_visible = ($null -ne $remediationCommand) remediation_command_prefers_alternate = ($commandAction -eq "prefer_alternate_route") remediation_command_primary_route_matches = ($commandPrimaryRouteID -eq $primaryRouteID) remediation_command_replacement_route_matches = ($commandReplacementRouteID -eq $alternateRouteID) remediation_command_has_ttl = ($commandExpiresAt.Length -gt 0) degraded_route_not_recommended = ([int]$accessTelemetry.degraded_fallback_channel_count -eq 0) } summary = [ordered]@{ backend_container = $backendLine.Trim() node_containers = $nodeLines.Trim() accepted_by = $acceptedBy lease_status = [string]$lease.status lease_primary_route_id = $leasePrimaryRouteID lease_alternate_route_count = $leaseAlternates.Count access_status = [string]$accessTelemetry.status active_channel_count = [int]$accessTelemetry.active_channel_count correlated_route_count = [int]$accessTelemetry.correlated_route_count degraded_route_count = [int]$accessTelemetry.degraded_route_count degraded_fallback_channel_count = [int]$accessTelemetry.degraded_fallback_channel_count matching_channel = $matchingChannel } } $failedChecks = @($result.checks.GetEnumerator() | Where-Object { $_.Value -ne $true }) if ($failedChecks.Count -gt 0) { throw "C18Z57 failed checks: $($failedChecks.Name -join ', ')" } } finally { if ($primaryRouteID) { try { Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents/$primaryRouteID/expire" -Body @{ actor_user_id = $ActorUserID } | Out-Null } catch {} } if ($alternateRouteID) { try { Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents/$alternateRouteID/expire" -Body @{ actor_user_id = $ActorUserID } | Out-Null } catch {} } } $resultFullPath = Join-Path $repoRoot $ResultPath $resultDir = Split-Path -Parent $resultFullPath if (-not (Test-Path $resultDir)) { New-Item -ItemType Directory -Path $resultDir | Out-Null } $result | ConvertTo-Json -Depth 100 | Set-Content -Path $resultFullPath -Encoding UTF8 Write-Host "C18Z57 service-channel remediation command smoke passed. Result: $resultFullPath" $result