218 lines
10 KiB
PowerShell
218 lines
10 KiB
PowerShell
param(
|
|
[string]$ApiBaseUrl = "http://192.168.200.61:18121/api/v1",
|
|
[string]$ClusterID = "cfc0743d-d960-49fb-9de8-96e063d5e4aa",
|
|
[string]$ActorUserID = "f67d943f-5397-4b3a-a229-695fe67ad700",
|
|
[string]$EntryNodeName = "test-1",
|
|
[string]$ExitNodeName = "test-2",
|
|
[string]$EntryBaseUrl = "http://192.168.200.61:19131",
|
|
[string]$ResultPath = "artifacts\c19h-remote-workspace-frame-guardrails-smoke-result.json"
|
|
)
|
|
|
|
Set-StrictMode -Version Latest
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
$repoRoot = (Resolve-Path (Join-Path $PSScriptRoot "..\..")).ProviderPath
|
|
$runId = "c19h-" + (Get-Date -Format "yyyyMMdd-HHmmss")
|
|
|
|
function Invoke-Api {
|
|
param([string]$Method, [string]$Path, [object]$Body = $null)
|
|
$uri = "$ApiBaseUrl$Path"
|
|
if ($null -eq $Body) {
|
|
return Invoke-RestMethod -Method $Method -Uri $uri -TimeoutSec 30
|
|
}
|
|
return Invoke-RestMethod -Method $Method -Uri $uri -ContentType "application/json" -Body ($Body | ConvertTo-Json -Depth 80) -TimeoutSec 30
|
|
}
|
|
|
|
function Get-PropertyValue {
|
|
param([object]$Item, [string]$Name, [object]$Default = $null)
|
|
if ($null -eq $Item) { return $Default }
|
|
$property = $Item.PSObject.Properties[$Name]
|
|
if ($null -eq $property) { return $Default }
|
|
return $property.Value
|
|
}
|
|
|
|
function ConvertTo-Base64UrlJson {
|
|
param([object]$Value)
|
|
if ($Value -is [string]) { $json = $Value } else { $json = $Value | ConvertTo-Json -Depth 80 -Compress }
|
|
$bytes = [System.Text.Encoding]::UTF8.GetBytes($json)
|
|
return [Convert]::ToBase64String($bytes).TrimEnd("=").Replace("+", "-").Replace("/", "_")
|
|
}
|
|
|
|
function Get-NodeByName {
|
|
param([string]$Name)
|
|
$nodes = (Invoke-Api -Method GET -Path "/clusters/$ClusterID/nodes?actor_user_id=$ActorUserID").nodes
|
|
$node = @($nodes | Where-Object { $_.name -eq $Name }) | Select-Object -First 1
|
|
if ($null -eq $node) { throw "Node '$Name' was not found in cluster $ClusterID" }
|
|
return $node
|
|
}
|
|
|
|
function Disable-ExistingRemoteWorkspaceRoutes {
|
|
param([string]$SourceNodeID, [string]$DestinationNodeID)
|
|
$items = (Invoke-Api -Method GET -Path "/clusters/$ClusterID/mesh/route-intents?actor_user_id=$ActorUserID").route_intents
|
|
foreach ($item in @($items)) {
|
|
if ([string](Get-PropertyValue -Item $item -Name "status" -Default "") -ne "active") { continue }
|
|
if ([string](Get-PropertyValue -Item $item -Name "service_class" -Default "") -ne "remote_workspace") { continue }
|
|
$sourceSelector = Get-PropertyValue -Item $item -Name "source_selector" -Default $null
|
|
$destinationSelector = Get-PropertyValue -Item $item -Name "destination_selector" -Default $null
|
|
if ([string](Get-PropertyValue -Item $sourceSelector -Name "node_id" -Default "") -ne $SourceNodeID) { continue }
|
|
if ([string](Get-PropertyValue -Item $destinationSelector -Name "node_id" -Default "") -ne $DestinationNodeID) { continue }
|
|
[void](Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents/$($item.id)/disable" -Body @{
|
|
actor_user_id = $ActorUserID
|
|
reason = "c19h isolate remote workspace frame guardrails smoke"
|
|
})
|
|
}
|
|
}
|
|
|
|
function New-RemoteWorkspaceRouteIntent {
|
|
param([string]$SourceNodeID, [string]$DestinationNodeID)
|
|
$expiresAt = (Get-Date).ToUniversalTime().AddMinutes(5).ToString("o")
|
|
return Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents" -Body @{
|
|
actor_user_id = $ActorUserID
|
|
source_selector = @{ node_id = $SourceNodeID }
|
|
destination_selector = @{ node_id = $DestinationNodeID }
|
|
service_class = "remote_workspace"
|
|
priority = 2100000000
|
|
policy = @{
|
|
synthetic_enabled = $true
|
|
route_version = "$runId-remote-workspace"
|
|
policy_version = "$runId-remote-workspace"
|
|
peer_directory_version = "$runId-remote-workspace"
|
|
hops = @($SourceNodeID, $DestinationNodeID)
|
|
allowed_channels = @("control", "interactive", "reliable", "bulk", "droppable")
|
|
max_ttl = 8
|
|
max_hops = 8
|
|
expires_at = $expiresAt
|
|
metadata = @{ smoke = "c19h_remote_workspace_frame_guardrails"; run_id = $runId }
|
|
}
|
|
}
|
|
}
|
|
|
|
function Invoke-GuardedFrameBatch {
|
|
param([string]$Name, [object]$FrameBatch, [hashtable]$Headers, [string]$Url)
|
|
try {
|
|
$response = Invoke-WebRequest -Method POST -Uri $Url -Headers $Headers -Body ($FrameBatch | ConvertTo-Json -Depth 40 -Compress) -ContentType "application/vnd.rap.remote-workspace-frame-batch.v1+json" -TimeoutSec 30
|
|
return [ordered]@{ name = $Name; status_code = [int]$response.StatusCode; body = $response.Content }
|
|
} catch {
|
|
$statusCode = $null
|
|
if ($_.Exception.Response) { $statusCode = [int]$_.Exception.Response.StatusCode }
|
|
$details = $_.ErrorDetails.Message
|
|
if (-not $details) { $details = $_.Exception.Message }
|
|
return [ordered]@{ name = $Name; status_code = $statusCode; body = $details }
|
|
}
|
|
}
|
|
|
|
function New-FrameBatch {
|
|
param(
|
|
[bool]$ProbeOnly = $true,
|
|
[string]$ServiceClass = "remote_workspace",
|
|
[string]$ChannelClass = "interactive",
|
|
[string]$FrameChannel = "input",
|
|
[string]$Direction = "client_to_adapter",
|
|
[string]$PayloadEncoding = "none"
|
|
)
|
|
return [ordered]@{
|
|
schema_version = "rap.remote_workspace_frame_batch.v1"
|
|
probe_only = $ProbeOnly
|
|
service_class = $ServiceClass
|
|
channel_class = $ChannelClass
|
|
adapter_contract_id = "rap.rdp_worker.remote_workspace_adapter_contract_probe.v1"
|
|
frames = @(@{
|
|
channel = $FrameChannel
|
|
direction = $Direction
|
|
payload_encoding = $PayloadEncoding
|
|
payload_length = 0
|
|
droppable = $true
|
|
})
|
|
}
|
|
}
|
|
|
|
$entryNode = Get-NodeByName -Name $EntryNodeName
|
|
$exitNode = Get-NodeByName -Name $ExitNodeName
|
|
Disable-ExistingRemoteWorkspaceRoutes -SourceNodeID $entryNode.id -DestinationNodeID $exitNode.id
|
|
$route = (New-RemoteWorkspaceRouteIntent -SourceNodeID $entryNode.id -DestinationNodeID $exitNode.id).route_intent
|
|
$routeID = [string]$route.id
|
|
|
|
$leaseResponse = Invoke-Api -Method POST -Path "/clusters/$ClusterID/fabric/service-channels/leases" -Body @{
|
|
actor_user_id = $ActorUserID
|
|
organization_id = "org-home"
|
|
user_id = "user-m"
|
|
resource_id = "$runId-remote-workspace"
|
|
service_class = "remote_workspace"
|
|
entry_node_ids = @([string]$entryNode.id)
|
|
exit_node_ids = @([string]$exitNode.id)
|
|
preferred_entry_node_id = [string]$entryNode.id
|
|
preferred_exit_node_id = [string]$exitNode.id
|
|
ttl_seconds = 120
|
|
metadata = @{ smoke = "c19h_remote_workspace_frame_guardrails"; run_id = $runId }
|
|
}
|
|
$lease = $leaseResponse.fabric_service_channel_lease
|
|
$authorityPayload = Get-PropertyValue -Item $lease -Name "authority_payload" -Default $null
|
|
if ($authorityPayload -is [string] -and $authorityPayload.Length -gt 0) { $decodedAuthority = $authorityPayload | ConvertFrom-Json } else { $decodedAuthority = $authorityPayload }
|
|
|
|
$ingressUrl = "$EntryBaseUrl/api/v1/clusters/$ClusterID/fabric/service-channels/$($lease.channel_id)/remote-workspaces/$($lease.resource_id)/streams/interactive"
|
|
$headers = @{
|
|
"X-RAP-Service-Channel-Token" = [string]$lease.token.token
|
|
"X-RAP-Fabric-Channel-ID" = [string]$lease.channel_id
|
|
"X-RAP-Service-Channel-Authority-Payload" = ConvertTo-Base64UrlJson -Value $decodedAuthority
|
|
"X-RAP-Service-Channel-Authority-Signature" = ConvertTo-Base64UrlJson -Value (Get-PropertyValue -Item $lease -Name "authority_signature" -Default $null)
|
|
"X-RAP-Service-Class" = "remote_workspace"
|
|
"X-RAP-Channel-Class" = "interactive"
|
|
}
|
|
|
|
$cases = @()
|
|
$cases += Invoke-GuardedFrameBatch -Name "probe_only_false" -FrameBatch (New-FrameBatch -ProbeOnly $false) -Headers $headers -Url $ingressUrl
|
|
$cases += Invoke-GuardedFrameBatch -Name "unknown_channel" -FrameBatch (New-FrameBatch -FrameChannel "unknown") -Headers $headers -Url $ingressUrl
|
|
$cases += Invoke-GuardedFrameBatch -Name "wrong_direction" -FrameBatch (New-FrameBatch -FrameChannel "display" -Direction "client_to_adapter") -Headers $headers -Url $ingressUrl
|
|
$cases += Invoke-GuardedFrameBatch -Name "service_mismatch" -FrameBatch (New-FrameBatch -ServiceClass "vpn_packets") -Headers $headers -Url $ingressUrl
|
|
$cases += Invoke-GuardedFrameBatch -Name "channel_mismatch" -FrameBatch (New-FrameBatch -ChannelClass "reliable") -Headers $headers -Url $ingressUrl
|
|
$cases += Invoke-GuardedFrameBatch -Name "unsupported_encoding" -FrameBatch (New-FrameBatch -PayloadEncoding "raw") -Headers $headers -Url $ingressUrl
|
|
|
|
$caseChecks = [ordered]@{}
|
|
foreach ($case in $cases) {
|
|
$caseChecks[$case.name] = ([int]$case.status_code -eq 400 -and [string]$case.body -notmatch "adapter_delivery" -and [string]$case.body -notmatch "delivered_probe_only")
|
|
}
|
|
$checks = [ordered]@{
|
|
lease_ready = ([string]$lease.status -eq "ready")
|
|
lease_uses_requested_route = ([string]$lease.primary_route.route_id -eq $routeID)
|
|
all_guardrails_rejected = -not ($caseChecks.Values -contains $false)
|
|
}
|
|
foreach ($key in $caseChecks.Keys) {
|
|
$checks["guardrail_$key"] = $caseChecks[$key]
|
|
}
|
|
$failed = @($checks.GetEnumerator() | Where-Object { -not $_.Value } | ForEach-Object { $_.Key })
|
|
|
|
$result = [ordered]@{
|
|
schema_version = "c19h.remote_workspace_frame_guardrails_smoke.v1"
|
|
run_id = $runId
|
|
base_url = $ApiBaseUrl
|
|
entry_base_url = $EntryBaseUrl
|
|
cluster_id = $ClusterID
|
|
entry_node = [ordered]@{ id = $entryNode.id; name = $entryNode.name }
|
|
exit_node = [ordered]@{ id = $exitNode.id; name = $exitNode.name }
|
|
channel_id = [string]$lease.channel_id
|
|
route_id = $routeID
|
|
cases = $cases
|
|
checks = $checks
|
|
failed_checks = $failed
|
|
passed = ($failed.Count -eq 0)
|
|
}
|
|
|
|
$fullResultPath = Join-Path $repoRoot $ResultPath
|
|
$resultDir = Split-Path -Parent $fullResultPath
|
|
if ($resultDir) { New-Item -ItemType Directory -Force -Path $resultDir | Out-Null }
|
|
$result | ConvertTo-Json -Depth 80 | Set-Content -Encoding UTF8 -Path $fullResultPath
|
|
|
|
try {
|
|
if ($routeID) { Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents/$routeID/expire" -Body @{ actor_user_id = $ActorUserID } | Out-Null }
|
|
Invoke-Api -Method POST -Path "/clusters/$ClusterID/fabric/service-channels/leases/cleanup" -Body @{ actor_user_id = $ActorUserID; limit = 100 } | Out-Null
|
|
} catch {
|
|
Write-Warning "cleanup failed after c19h smoke: $($_.Exception.Message)"
|
|
}
|
|
|
|
if (-not $result.passed) {
|
|
throw "C19H remote workspace frame guardrails smoke failed. Result: $fullResultPath Failed: $($failed -join ', ')"
|
|
}
|
|
|
|
Write-Host "C19H remote workspace frame guardrails smoke passed. Result: $fullResultPath"
|
|
$result
|