param( [string]$ApiBaseUrl = "http://192.168.200.61:18121/api/v1", [string]$ClusterID = "cfc0743d-d960-49fb-9de8-96e063d5e4aa", [string]$ActorUserID = "f67d943f-5397-4b3a-a229-695fe67ad700", [string]$EntryNodeName = "test-1", [string]$ExitNodeName = "test-2", [string]$EntryBaseUrl = "http://192.168.200.61:19131", [string]$DockerSSH = "test-docker", [string]$ExpectedBackendImage = "rap-backend:fabric-service-channel-0.2.239", [string]$ExpectedNodeAgentImage = "rap-node-agent:0.2.237", [string]$ResultPath = "artifacts\c18z52-service-channel-access-telemetry-smoke-result.json" ) Set-StrictMode -Version Latest $ErrorActionPreference = "Stop" $scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path $repoRoot = (Resolve-Path (Join-Path $scriptDir "..\..")).ProviderPath function Invoke-ApiGet { param([string]$Path, [int]$TimeoutSec = 30) Invoke-RestMethod -Method Get -Uri "$ApiBaseUrl$Path" -TimeoutSec $TimeoutSec } function Invoke-RawPostStatus { param( [string]$Url, [hashtable]$Headers, [string]$Body = "packet" ) try { Invoke-WebRequest -Method Post -Uri $Url -Headers $Headers -Body ([System.Text.Encoding]::UTF8.GetBytes($Body)) -ContentType "application/octet-stream" -TimeoutSec 30 | Out-Null return 202 } catch { if ($_.Exception.Response -and $_.Exception.Response.StatusCode) { return [int]$_.Exception.Response.StatusCode } throw } } $nodes = @((Invoke-ApiGet -Path "/clusters/$ClusterID/nodes?actor_user_id=$ActorUserID").nodes) $entryNode = $nodes | Where-Object { $_.name -eq $EntryNodeName } | Select-Object -First 1 $exitNode = $nodes | Where-Object { $_.name -eq $ExitNodeName } | Select-Object -First 1 if ($null -eq $entryNode -or $null -eq $exitNode) { throw "Entry or exit node not found: $EntryNodeName / $ExitNodeName" } $resourceID = "c18z52-vpn-smoke" $leaseBody = @{ actor_user_id = $ActorUserID organization_id = "smoke-org" user_id = "smoke-user" resource_id = $resourceID service_class = "vpn_packets" entry_node_ids = @([string]$entryNode.id) exit_node_ids = @([string]$exitNode.id) preferred_entry_node_id = [string]$entryNode.id preferred_exit_node_id = [string]$exitNode.id allowed_channels = @("vpn_packet", "fabric_control") ttl_seconds = 120 } | ConvertTo-Json -Depth 20 $lease = (Invoke-RestMethod -Method Post -Uri "$ApiBaseUrl/clusters/$ClusterID/fabric/service-channels/leases" -ContentType "application/json" -Body $leaseBody -TimeoutSec 30).fabric_service_channel_lease $packetPath = $lease.entry_http.path_template. Replace("{cluster_id}", $ClusterID). Replace("{channel_id}", [string]$lease.channel_id). Replace("{resource_id}", $resourceID) $packetUrl = $EntryBaseUrl.TrimEnd("/") + $packetPath $headers = @{ "X-RAP-Service-Channel-Token" = [string]$lease.token.token "X-RAP-Fabric-Channel-ID" = [string]$lease.channel_id "X-RAP-Service-Class" = "vpn_packets" "X-RAP-Channel-Class" = "vpn_packet" } $firstStatus = Invoke-RawPostStatus -Url $packetUrl -Headers $headers -Body "c18z52-access-1" $secondResponse = Invoke-WebRequest -Method Post -Uri $packetUrl -Headers $headers -Body ([System.Text.Encoding]::UTF8.GetBytes("c18z52-access-2")) -ContentType "application/octet-stream" -TimeoutSec 30 $acceptedBy = [string]$secondResponse.Headers["X-RAP-Service-Channel-Accepted-By"] $accessTelemetry = $null for ($i = 0; $i -lt 8; $i++) { Start-Sleep -Seconds 3 $accessTelemetry = (Invoke-ApiGet -Path "/clusters/$ClusterID/fabric/service-channels/access-telemetry?actor_user_id=$ActorUserID&limit=20").fabric_service_channel_access_telemetry if ([int]$accessTelemetry.total_accepted -ge 2 -and [int]$accessTelemetry.reporting_node_count -ge 1) { break } } $backendLine = (& ssh $DockerSSH "docker ps --format '{{.Names}} {{.Image}} {{.Status}}' | grep '^rap_test_backend '") | Out-String $nodeLines = (& ssh $DockerSSH "docker ps --format '{{.Names}} {{.Image}} {{.Status}}' | grep '^rap_test_node_test_'") | Out-String $result = [ordered]@{ schema_version = "c18z52.service_channel_access_telemetry_smoke.v1" cluster_id = $ClusterID entry_node_id = [string]$entryNode.id exit_node_id = [string]$exitNode.id channel_id = [string]$lease.channel_id passed = [bool]( $backendLine.Contains($ExpectedBackendImage) -and $nodeLines.Contains($ExpectedNodeAgentImage) -and $firstStatus -eq 202 -and $acceptedBy -eq "introspection" -and [int]$accessTelemetry.reporting_node_count -ge 1 -and [int]$accessTelemetry.total_accepted -ge 2 -and [int]$accessTelemetry.introspection_accepted -ge 2 ) checks = [ordered]@{ backend_expected_image_deployed = $backendLine.Contains($ExpectedBackendImage) node_agent_expected_image_deployed = $nodeLines.Contains($ExpectedNodeAgentImage) packet_accepted = ($firstStatus -eq 202) accepted_by_header_is_introspection = ($acceptedBy -eq "introspection") access_telemetry_reporting = ([int]$accessTelemetry.reporting_node_count -ge 1) accepted_count_recorded = ([int]$accessTelemetry.total_accepted -ge 2) introspection_count_recorded = ([int]$accessTelemetry.introspection_accepted -ge 2) } summary = [ordered]@{ backend_container = $backendLine.Trim() node_containers = $nodeLines.Trim() packet_url = $packetUrl accepted_by = $acceptedBy telemetry_status = [string]$accessTelemetry.status reporting_nodes = [int]$accessTelemetry.reporting_node_count total_accepted = [int]$accessTelemetry.total_accepted signed_accepted = [int]$accessTelemetry.signed_accepted introspection_accepted = [int]$accessTelemetry.introspection_accepted backend_fallback_count = [int]$accessTelemetry.backend_fallback_count } } $resultFullPath = Join-Path $repoRoot $ResultPath $resultDir = Split-Path -Parent $resultFullPath if (-not (Test-Path $resultDir)) { New-Item -ItemType Directory -Path $resultDir | Out-Null } $result | ConvertTo-Json -Depth 100 | Set-Content -Path $resultFullPath -Encoding UTF8 if (-not $result.passed) { throw "C18Z52 service-channel access telemetry smoke failed. Result: $resultFullPath" } Write-Host "C18Z52 service-channel access telemetry smoke passed. Result: $resultFullPath" $result