mirror/nttgin-BGPalerter
1
0
Fork 0
mirror of https://github.com/nttgin/BGPalerter.git synced 2024-05-19 06:50:08 +00:00
Code Issues Releases Wiki Activity

improved tests and documentation on generic rpki api connector

Browse Source
This commit is contained in:
Massimo Candela
2021-03-04 18:39:03 +01:00
parent 9311915f10
commit 70ee4513a5
5 changed files with 102 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
docs/rpki.md
View File

@@ -17,36 +17,77 @@ Below you can see the parameters available:
|---|---|
|preCacheROAs| When this parameter is set to true (default), BGPalerter will download Validated ROA Payloads (VRPs) lists locally instead of using online validation. More info [here](https://github.com/massimocandela/rpki-validator).|
|refreshVrpListMinutes| If `preCacheROAs` is set to true, this parameter allows to specify a refresh time for the VRPs lists (read [here](https://github.com/massimocandela/rpki-validator#rpki-auto-refresh-limits) for the minimum refresh time allowed). |
|vrpProvider| A string indicating the provider of the VRPs list. Possible options are: `ntt` (default), `cloudflare`, `rpkiclient`, `ripe`, `external`. Use external only if you wish to specify a file with `vrpFile`. More info [here](https://github.com/massimocandela/rpki-validator#options).|
|vrpProvider| A string indicating the provider of the VRPs list. Possible options are: `ntt` (default), `cloudflare`, `rpkiclient`, `ripe`, `external`, `api`. The `external` and `api` options are used to specify your own VRP source, read here.|
|vrpFile| A JSON file with an array of VRPs. See example below.|
|markDataAsStaleAfterMinutes| The amount of minutes (integer) after which an unchanged VRP list is marked as stale. Set to 0 to disable the check. |
## Generating a VRP file
## Use your own VRPs
Using external VRP providers for the monitoring is quick and easy, but you are essentially trusting somebody else writing the VRP file correctly.
You can generate your JSON VRP file periodically and BGPalerter will load it automatically.
Instead, you can specify your own VRPs in two ways:
VRPs file example:
* Using your own API producing JSON output;
* Using your favourite rpki validator to generate a file locally.
> In case the download of the VRP data fails, an online provider is used (the error is reported in the logs).
### Use your own API
To use your own API you need to set the following options in config.yml:
```yaml
rpki:
vrpProvider: api
url: https://my-api.api.com/vrps/
preCacheROAs: true
```
> Remember, you must specify the url when you use "api" as vrpProvider
The API must return the JSON format described [here](https://github.com/massimocandela/rpki-validator#vrps-on-custom-api);
### Use your own VRP file
You can generate your JSON VRP file periodically and BGPalerter will detect changes and reload it automatically.
To do so, you have to use the following options in config.yml:
```yaml
rpki:
vrpProvider: external
vrpFile: myfile.json
preCacheROAs: true
```
> Remember, you must specify vrpFile when you use "external" as vrpProvider
The VRPs file must be in the following format:
```json5
[
{
"prefix": "123.4.5.0/22",
"asn": "1234",
"asn": 1234,
"maxLength": 24
},
{
"prefix": "321.4.5.0/22",
"asn": "9876",
"asn": 9876,
"maxLength": 22
}
]
```
You can use any of the RPKI validator that support JSON as output format. Below some copy-paste examples.
Also the following format is supported:
```json5
{
roas: [ ... ] // containing items as described above
}
```
You can use any of the RPKI validator that support JSON as output format to generate it. Below some copy-paste examples.
### rpki-client
#### rpki-client
* Download rpki-client [here](https://www.rpki-client.org/);

36
package-lock.json generated
View File

@@ -2047,9 +2047,9 @@
}
},
"node_modules/caniuse-lite": {
"version": "1.0.30001194",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001194.tgz",
"integrity": "sha512-iDUOH+oFeBYk5XawYsPtsx/8fFpndAPUQJC7gBTfxHM8xw5nOZv7ceAD4frS1MKCLUac7QL5wdAJiFQlDRjXlA==",
"version": "1.0.30001196",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001196.tgz",
"integrity": "sha512-CPvObjD3ovWrNBaXlAIGWmg2gQQuJ5YhuciUOjPRox6hIQttu8O+b51dx6VIpIY9ESd2d0Vac1RKpICdG4rGUg==",
"dev": true
},
"node_modules/caseless": {
@@ -2713,9 +2713,9 @@
"integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
},
"node_modules/electron-to-chromium": {
"version": "1.3.677",
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.677.tgz",
"integrity": "sha512-Tcmk+oKQgpjcM+KYanlkd76ZtpzalkpUULnlJDP6vjHtR7UU564IM9Qv5DxqHZNBQjzXm6mkn7Y8bw2OoE3FmQ==",
"version": "1.3.680",
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.680.tgz",
"integrity": "sha512-XBACJT9RdpdWtoMXQPR8Be3ZtmizWWbxfw8cY2b5feUwiDO3FUl8qo4W2jXoq/WnnA3xBRqafu1XbpczqyUvlA==",
"dev": true
},
"node_modules/emoji-regex": {
@@ -2732,9 +2732,9 @@
}
},
"node_modules/es-abstract": {
"version": "1.18.0-next.3",
"resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.18.0-next.3.tgz",
"integrity": "sha512-VMzHx/Bczjg59E6jZOQjHeN3DEoptdhejpARgflAViidlqSpjdq9zA6lKwlhRRs/lOw1gHJv2xkkSFRgvEwbQg==",
"version": "1.18.0",
"resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.18.0.tgz",
"integrity": "sha512-LJzK7MrQa8TS0ja2w3YNLzUgJCGPdPOV1yVvezjNnS89D+VR08+Szt2mz3YB2Dck/+w5tfIq/RoUAFqJJGM2yw==",
"dev": true,
"dependencies": {
"call-bind": "^1.0.2",
@@ -9274,9 +9274,9 @@
"dev": true
},
"caniuse-lite": {
"version": "1.0.30001194",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001194.tgz",
"integrity": "sha512-iDUOH+oFeBYk5XawYsPtsx/8fFpndAPUQJC7gBTfxHM8xw5nOZv7ceAD4frS1MKCLUac7QL5wdAJiFQlDRjXlA==",
"version": "1.0.30001196",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001196.tgz",
"integrity": "sha512-CPvObjD3ovWrNBaXlAIGWmg2gQQuJ5YhuciUOjPRox6hIQttu8O+b51dx6VIpIY9ESd2d0Vac1RKpICdG4rGUg==",
"dev": true
},
"caseless": {
@@ -9798,9 +9798,9 @@
"integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
},
"electron-to-chromium": {
"version": "1.3.677",
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.677.tgz",
"integrity": "sha512-Tcmk+oKQgpjcM+KYanlkd76ZtpzalkpUULnlJDP6vjHtR7UU564IM9Qv5DxqHZNBQjzXm6mkn7Y8bw2OoE3FmQ==",
"version": "1.3.680",
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.680.tgz",
"integrity": "sha512-XBACJT9RdpdWtoMXQPR8Be3ZtmizWWbxfw8cY2b5feUwiDO3FUl8qo4W2jXoq/WnnA3xBRqafu1XbpczqyUvlA==",
"dev": true
},
"emoji-regex": {
@@ -9814,9 +9814,9 @@
"integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k="
},
"es-abstract": {
"version": "1.18.0-next.3",
"resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.18.0-next.3.tgz",
"integrity": "sha512-VMzHx/Bczjg59E6jZOQjHeN3DEoptdhejpARgflAViidlqSpjdq9zA6lKwlhRRs/lOw1gHJv2xkkSFRgvEwbQg==",
"version": "1.18.0",
"resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.18.0.tgz",
"integrity": "sha512-LJzK7MrQa8TS0ja2w3YNLzUgJCGPdPOV1yVvezjNnS89D+VR08+Szt2mz3YB2Dck/+w5tfIq/RoUAFqJJGM2yw==",
"dev": true,
"requires": {
"call-bind": "^1.0.2",

39
src/utils/rpkiUtils.js
View File

@@ -17,7 +17,7 @@ export default class RpkiUtils {
const providers = ["ntt", "ripe", "cloudflare", "rpkiclient", "external", "api"]; // First provider is the default one
if (this.params.api) {
if (this.params.url) {
this.params.vrpProvider = "api";
this.params.preCacheROAs = true;
}
@@ -75,20 +75,13 @@ export default class RpkiUtils {
axios: axiosEnrich(axios, (!this.params.noProxy && this.agent) ? this.agent : null, this.userAgent)
};
if (this.params.api) {
rpkiValidatorOptions.api = this.params.api;
if (this.params.url) {
rpkiValidatorOptions.url = this.params.url;
}
this.rpki = new rpki(rpkiValidatorOptions);
if (!!this.params.preCacheROAs) {
this._preCache()
.catch(() => {
this.logger.log({
level: 'error',
message: "One of the VRPs lists cannot be downloaded. The RPKI monitoring should be working anyway with one of the on-line providers."
});
});
this._preCache();
}
}
};
@@ -132,14 +125,7 @@ export default class RpkiUtils {
});
this.rpki.setVRPs(vrps);
this._preCache()
.catch(() => {
this.logger.log({
level: 'error',
message: "It was not possible to load correctly the VRPs file. Possibly there is an error in the format. The RPKI monitoring should be working anyway with one of the on-line providers."
});
});
this._preCache();
} else {
this.logger.log({
@@ -186,13 +172,14 @@ export default class RpkiUtils {
return data;
})
.catch(() => {
this.status.data = false;
this.status.stale = true;
if (!this._cannotDownloadErrorOnce) {
this.logger.log({
level: 'error',
message: "The VRP list cannot be downloaded."
});
message: "The VRP list cannot be downloaded. The RPKI monitoring should be working anyway with one of the on-line providers."
});
}
this._cannotDownloadErrorOnce = true;
})
} else {
this.status.data = true;
this.status.stale = false;
@@ -281,6 +268,12 @@ export default class RpkiUtils {
}
});
}))
.catch(error => {
this.logger.log({
level: 'error',
message: "RPKI validation failed due to:" + error
});
})
});
};

3
tests/rpki_tests/config.rpki.test.api.yml
View File

@@ -33,9 +33,8 @@ persistStatus: false
rpki:
vrpProvider: api
api: https://rpki.gin.ntt.net/api/export.json
url: https://rpki.gin.ntt.net/api/export.json
preCacheROAs: true
refreshVrpListMinutes: 15
notificationIntervalSeconds: 1800 # Repeat the same alert (which keeps being triggered) after x seconds
alertOnlyOnce: false

4
tests/rpki_tests/tests.api.js
View File

@@ -42,14 +42,14 @@ if (fs.existsSync(cacheFile)) {
fs.unlinkSync(cacheFile);
}
global.EXTERNAL_CONFIG_FILE = "tests/rpki_tests/config.rpki.test.default.yml";
global.EXTERNAL_CONFIG_FILE = "tests/rpki_tests/config.rpki.test.api.yml";
const worker = require("../../index");
const pubSub = worker.pubSub;
describe("RPKI monitoring api", function() {
it("default connector", function (done) {
it("api connector", function (done) {
const expectedData = {