Merge branch 'main' into feat/on-prem-perf-testing

.env

@@ -1,19 +1,23 @@
 ## Mojaloop Docker Image Versions
-ML_API_ADAPTER_VERSION=v14.0.1
+# ML_API_ADAPTER_VERSION=v14.0.1
+ML_API_ADAPTER_VERSION=v14.0.4
 ## ALS initial baseline with version included in Mojaloop v15.1.0 Helm Release
 # ACCOUNT_LOOKUP_SERVICE_VERSION=v14.2.2
 ## ALS published version with included fix: JSON.stringify disabled in logResponse function
 ACCOUNT_LOOKUP_SERVICE_VERSION=v14.2.3
 ## ALS snapshot release with fix: v14.2.3 + caching for validateParticipant and resolve Participants via Oracles
 # ACCOUNT_LOOKUP_SERVICE_VERSION=v14.2.4-snapshot.3
-QUOTING_SERVICE_VERSION=v15.1.0
+# QUOTING_SERVICE_VERSION=v15.2.1
+QUOTING_SERVICE_VERSION=v15.4.0
 ## CL initial baseline with version included in Mojaloop v15.1.0 Helm Release
-CENTRAL_LEDGER_VERSION=v17.2.0
+# CENTRAL_LEDGER_VERSION=v17.0.3
+## Cl latest version
+CENTRAL_LEDGER_VERSION=v17.2.1
 ## CL snapshot release with included fix: JSON.stringify disabled in logResponse function
 # CENTRAL_LEDGER_VERSION=v17.0.4-snapshot.0
 ## Central Ledger version with batch processing capability
 CENTRAL_LEDGER_BATCH_VERSION=v17.3.0-snapshot.5
-
+SDK_SCHEME_ADAPTER_VERSION=v23.3.0
 ## Testing & Sims
 TEST_SIMULATOR_VERSION=v11.1.3
 TEST_TTK_SVC_VERSION=v16.1.1
@@ -42,8 +46,187 @@ K6_VERSION=0.50.0
 ## Performance Testing Replicas
 QS_REPLICAS=1
 ALS_REPLICAS=1
-CENTRAL_LEDGER_GENERAL_REPLICAS=4
-CENTRAL_LEDGER_POSITION_REPLICAS=8
+CENTRAL_LEDGER_GENERAL_REPLICAS=1
+CENTRAL_LEDGER_POSITION_REPLICAS=1
 CENTRAL_LEDGER_POSITION_BATCH_REPLICAS=0
-ML_API_ADAPTER_REPLICAS=4
-ML_NOTIFICATION_REPLICAS=4
+ML_API_ADAPTER_REPLICAS=1
+ML_NOTIFICATION_REPLICAS=1
+
+## ----------------------------------------------
+
+
+
+# Port number that the inbound (Mojaloop API) HTTP server will listen on
+INBOUND_LISTEN_PORT=4000
+
+# Port number that the outbound (simplified DFSP outbound API) HTTP server will listen on
+OUTBOUND_LISTEN_PORT=4001
+
+# Enable mutual TLS authentication. Useful when not running in a secure
+# environment, i.e. when you're running it locally against your own implementation.
+INBOUND_MUTUAL_TLS_ENABLED=false
+OUTBOUND_MUTUAL_TLS_ENABLED=false
+
+# Enable verification or incoming JWS signatures
+# Note that signatures will be required on incoming messages
+# and will be validated against a public key.
+VALIDATE_INBOUND_JWS=false
+
+# applicable only if VALIDATE_INBOUND_JWS is "true"
+# allows disabling of validation on incoming PUT /parties/{idType}/{idValue} requests
+VALIDATE_INBOUND_PUT_PARTIES_JWS=false
+
+# Enable signing of outgoing requests
+JWS_SIGN=false
+VALIDATE_JWS_SIGN=false
+
+# applicable only if JWS_SIGN is "true"
+# allows disabling of signing on outgoing PUT /parties/{idType}/{idValue} requests
+JWS_SIGN_PUT_PARTIES=false
+
+# Path to JWS signing key (private key of THIS DFSP)
+JWS_SIGNING_KEY_PATH=secrets/jwsSigningKey.key
+JWS_VERIFICATION_KEYS_DIRECTORY=secrets/jwsVerificationKeys
+
+# Location of certs and key required for TLS
+# IN_CA_CERT_PATH=./secrets/cacert.pem
+# IN_SERVER_CERT_PATH=./secrets/servercert.pem
+# IN_SERVER_KEY_PATH=./secrets/serverkey.pem
+
+# OUT_CA_CERT_PATH=./secrets/cacert.pem
+# OUT_CLIENT_CERT_PATH=./secrets/servercert.pem
+# OUT_CLIENT_KEY_PATH=./secrets/serverkey.pem
+
+# The number of space characters by which to indent pretty-printed logs. If set to zero, log events
+# will each be printed on a single line.
+LOG_INDENT=0
+
+# REDIS CACHE CONNECTION
+CACHE_URL=redis://redis:6379
+
+# expiry period in seconds for quote and transfers issued by the SDK
+EXPIRY_SECONDS=60
+
+# if set to false the SDK will not automatically accept all returned quotes
+# but will halt the transfer after a quote response is received. A further
+# confirmation call will be required to complete the final transfer stage.
+AUTO_ACCEPT_QUOTES=false
+
+# if set to false the SDK will not automatically accept a resolved party
+# but will halt the transer after a party lookup response is received. A further
+# cnofirmation call will be required to progress the transfer to quotes state.
+AUTO_ACCEPT_PARTY=false
+
+# if set to false the SDK will not automatically accept a resolved party on a requestToPay operation
+# but will halt the operation after a party lookup response is received. A further
+# confirmation call will be required to progress the requestToPay to transactionRequest state.
+AUTO_ACCEPT_R2P_PARTY=true
+
+# This parameter is only for the requestToPay transfers when the initiator is of type BUSINESS.
+# if set to false the SDK will not automatically accept quote on a requestToPayTransfer.
+# but will halt the operation after a quote response is received. A further
+# confirmation call will be required to progress the requestToPayTransfer to authorization step.
+AUTO_ACCEPT_R2P_BUSINESS_QUOTES=false
+
+# if set to false the SDK will not automatically accept OTP on a requestToPay operation
+# but will halt the operation after receiving entered OTP from payee. A further
+# confirmation call will be required to progress the requestToPayTransfer to transfer step.
+AUTO_ACCEPT_R2P_DEVICE_OTP=false
+
+# this flag is for testing purpose only. sdk-scheme-adapter is not supposed to receive PUT /participants/{Type}/{ID},
+# but for testing we can enable it by setting this flag to true
+AUTO_ACCEPT_PARTICIPANTS_PUT=false
+
+# when set to true, when sending money via the outbound API, the SDK will use the value
+# of FSPIOP-Source header from the received quote response as the payeeFsp value in the
+# transfer prepare request body instead of the value received in the payee party lookup.
+# This behaviour should be enabled when the SDK user DFSP is in a forex enabled switch
+# ecosystem and expects quotes and transfers to be rerouted by the switch to forex
+# entities i.e. forex providing DFSPs. Please see the SDK documentation and switch
+# operator documentation for more information on forex use cases.
+USE_QUOTE_SOURCE_FSP_AS_TRANSFER_PAYEE_FSP=false
+
+# set to true to validate ILP, otherwise false to ignore ILP
+CHECK_ILP=false
+
+# set to true to enable test features such as request cacheing and retrieval endpoints
+ENABLE_TEST_FEATURES=false
+
+# set to true to mock WSO2 oauth2 token endpoint
+ENABLE_OAUTH_TOKEN_ENDPOINT=false
+OAUTH_TOKEN_ENDPOINT_CLIENT_KEY=test-client-key
+OAUTH_TOKEN_ENDPOINT_CLIENT_SECRET=test-client-secret
+OAUTH_TOKEN_ENDPOINT_LISTEN_PORT=6000
+
+# WSO2 Bearer Token specific to golden-fsp instance and environment
+WSO2_BEARER_TOKEN=7718fa9b-be13-3fe7-87f0-a12cf1628168
+
+# OAuth2 data used to obtain WSO2 bearer token
+OAUTH_TOKEN_ENDPOINT=
+OAUTH_CLIENT_KEY=
+OAUTH_CLIENT_SECRET=
+OAUTH_REFRESH_SECONDS=3600
+
+# Set to true to respect expirity timestamps
+REJECT_EXPIRED_QUOTE_RESPONSES=false
+REJECT_TRANSFERS_ON_EXPIRED_QUOTES=false
+REJECT_EXPIRED_TRANSFER_FULFILS=false
+
+# Timeout for GET/POST/DELETE - PUT flow processing
+REQUEST_PROCESSING_TIMEOUT_SECONDS=4
+
+# Common Account Lookup System (ALS)
+# ALS_ENDPOINT=ttkhubsim:4040
+
+# # QUOTES_ENDPOINT
+# QUOTES_ENDPOINT=ttkhubsim:4040
+
+# # TRANSFERS_ENDPOINT
+# TRANSFERS_ENDPOINT=ttkhubsim:4040
+
+# To allow transfer without a previous quote request, set this value to true.
+# The incoming transfer request should consists of an ILP packet and a matching condition in this case.
+# The fulfilment will be generated from the provided ILP packet, and must hash to the provided condition.
+ALLOW_TRANSFER_WITHOUT_QUOTE=false
+
+# To enable request for notification on fulfiled transfer
+RESERVE_NOTIFICATION=true
+# resources API versions should be string in format: "resourceOneName=1.0,resourceTwoName=1.1"
+RESOURCE_VERSIONS="transfers=1.1,participants=1.1"
+
+# Management API websocket connection settings.
+# The Management API uses this for exchanging connector management messages.
+MGMT_API_WS_URL=mock-management-svc
+MGMT_API_WS_PORT=4005
+
+# Set to true to enable the use of PM4ML-related services e.g MCM, Management API service
+# when running the scheme-adapter as a mojaloop connector component within Payment Manager for Mojaloop.
+PM4ML_ENABLED=false
+
+BACKEND_EVENT_CONSUMER_BROKER_LIST=kafka:29092
+BACKEND_EVENT_PRODUCER_BROKER_LIST=kafka:29092
+FSPIOP_EVENT_CONSUMER_BROKER_LIST=kafka:29092
+FSPIOP_EVENT_PRODUCER_BROKER_LIST=kafka:29092
+
+# Maximum payload limits
+FSPIOP_API_SERVER_MAX_REQUEST_BYTES=209715200
+BACKEND_API_SERVER_MAX_REQUEST_BYTES=209715200
+
+ENABLE_FSPIOP_EVENT_HANDLER=false
+ENABLE_BACKEND_EVENT_HANDLER=false
+
+# Port number that the inbound (Mojaloop API) HTTP server will listen on
+INBOUND_LISTEN_PORT=4000
+
+# Port number that the outbound (simplified DFSP outbound API) HTTP server will listen on
+OUTBOUND_LISTEN_PORT=4001
+
+# ---- SDK Config ----
+# The option 'PEER_ENDPOINT' has no effect if the remaining options 'ALS_ENDPOINT', 'QUOTES_ENDPOINT',
+# 'BULK_QUOTES_ENDPOINT', 'TRANSFERS_ENDPOINT', 'BULK_TRANSFERS_ENDPOINT', 'TRANSACTION_REQUESTS_ENDPOINT' are specified.
+# ALS_ENDPOINT=callback-handler-svc-cl-sim:3001/backend
+# QUOTES_ENDPOINT=callback-handler-svc-cl-sim:3001/backend
+# BULK_QUOTES_ENDPOINT=callback-handler-svc-cl-sim:3001/backend
+# TRANSFERS_ENDPOINT=callback-handler-svc-cl-sim:3001/backend
+# BULK_TRANSFERS_ENDPOINT=callback-handler-svc-cl-sim:3001/backend
+# TRANSACTION_REQUESTS_ENDPOINT=callback-handler-svc-cl-sim:3001/backend

README.md

@@ -226,11 +226,44 @@ docker compose --project-name ml-core -f docker-compose-perf.yml --profile quote
 
 > NOTE: `-v` argument is optional, and it will delete any volume data created by the monitoring docker compose
 
+### Running Services for Full E2E (Discovery+Agreement+Transfers) characterization
+
+- Set `ALS_SWITCH_ENDPOINT` to "http://central-ledger:3001" in perf.env
+- Set `QS_SWITCH_ENDPOINT` to "http://central-ledger:3001" in perf.env
+
+```bash
+docker compose --project-name ml-core -f docker-compose-perf.yml --profile all-services --profile 8dfsp --profile ttk-provisioning-e2e up -d
+```
+
+Stop Services
+
+```bash
+docker compose --project-name ml-core -f docker-compose-perf.yml --profile all-services --profile 8dfsp down -v
+```
+
+> NOTE: `-v` argument is optional, and it will delete any volume data created by the monitoring docker compose
+
+### Running Services for SDK characterization
+
+```bash
+docker compose --project-name ml-core -f docker-compose-perf.yml --profile sdk-scheme-adapter up -d
+```
+
+Stop Services
+
+```bash
+docker compose --project-name ml-core -f docker-compose-perf.yml --profile sdk-scheme-adapter down -v
+```
+
+#### Setting up the Inbound/Outbound Server variables
+- Go to `perf.env` and comment out the inboundSDK variables. You'll need to do the same and restart the `docker-compose` in order to change test suite.
+
 ### Configuration for Transfers with batch support
 - Set CENTRAL_LEDGER_POSITION_BATCH_REPLICAS to desired count in `.env` file
 - Enable line `CLEDG_KAFKA__EVENT_TYPE_ACTION_TOPIC_MAP__POSITION__PREPARE=topic-transfer-position-batch` in `perf.env` file
 - Set `CENTRAL_LEDGER_VERSION` to `v17.2.0` or higher
 
+
 ### Monitoring
 
 Start Monitoring Services stack which uses:
@@ -247,7 +280,7 @@ docker compose --project-name monitoring -f docker-compose-monitoring.yml up -d
 Stop Monitoring Services
 
 ```bash
-docker compose --project-name monitoring --profile als-test -f docker-compose-monitoring.yml down -v
+docker compose --project-name monitoring --profile als-test --profile transfers-test -f docker-compose-monitoring.yml down -v
 ```
 
 Start monitoring with account lookup service mysql exporter
@@ -270,6 +303,13 @@ docker compose --project-name monitoring --profile quotes-test -f docker-compose
 
 since the quoting service uses the central ledger database.
 
+Start monitoring with all exporters
+
+```bash
+docker compose --project-name monitoring --profile als-test --profile quotes-test --profile transfers-test -f docker-compose-monitoring.yml up -d
+```
+
+
 > NOTE: `-v` argument is optional, and it will delete any volume data created by the monitoring docker compose
 
 TODO:
@@ -313,6 +353,14 @@ env K6_SCRIPT_CONFIG_FILE_NAME=fspiopTransfersUnidirectional.json docker compose
 env K6_SCRIPT_CONFIG_FILE_NAME=fspiopDiscovery.json docker compose --project-name load -f docker-compose-load.yml up
 ( or )
 env K6_SCRIPT_CONFIG_FILE_NAME=fspiopQuotes.json docker compose --project-name load -f docker-compose-load.yml up
+( or )
+env K6_SCRIPT_CONFIG_FILE_NAME=fspiopE2E.json docker compose --project-name load -f docker-compose-load.yml up
+( or )
+env K6_SCRIPT_CONFIG_FILE_NAME=inboundSDKDiscovery.json docker compose --project-name load -f docker-compose-load.yml up
+( or )
+env K6_SCRIPT_CONFIG_FILE_NAME=inboundSDKQuotes.json docker compose --project-name load -f docker-compose-load.yml up
+( or )
+env K6_SCRIPT_CONFIG_FILE_NAME=inboundSDKTransfer.json docker compose --project-name load -f docker-compose-load.yml up
 ```
 
 Cleanup tests
@@ -321,6 +369,35 @@ Cleanup tests
 docker compose --project-name load -f docker-compose-load.yml down -v
 ```
 
+### SDK Security Overhead Testing
+
+#### Regenerating Certificates
+
+It's recommended that you do not trouble certificates and keys found in `docker/security/`.
+If you do need to for whatever reason these are the steps.
+
+From the root `ml-core-test-harness` directory. Accept all defaults and enter `y` when prompted.
+
+- `cd docker/security/payer/jws/ && . keygen.sh && cd ../tls/ && . createSecrets.sh && cd ../../payee/jws && . keygen.sh && cd ../tls/ && . createSecrets.sh && cd ../../../../`
+- `cp docker/security/payer/jws/publickey.cer docker/security/payee/jws/verification_keys/fspiopsimpayer.pem && cp docker/security/payee/jws/publickey.cer docker/security/payer/jws/verification_keys/fspiopsimpayee.pem`
+- `cd docker/security/payer/tls/ && openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payee/tls/dfsp_client_cert.pem -infiles ../../payee/tls/dfsp_client.csr && cp dfsp_server_cacert.pem ../../payee/tls/payer_server_cacert.pem && cd ../../../../`
+- `cd docker/security/payee/tls/ && openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payer/tls/dfsp_client_cert.pem -infiles ../../payer/tls/dfsp_client.csr && cp dfsp_server_cacert.pem ../../payer/tls/payee_server_cacert.pem && cd ../../../../`
+
+Here are more verbose hands on instructions of what above commands do.
+
+- Run `. keygen.sh` and `. createSecrets.sh` in the `/jws` and `/tls` folders respectively for both payer and payee.
+- Move `payee/jws/publickey.cer` to `payer/jws/verification_keys/fspiopsimpayee.pem` and move `payer/jws/publickey.cer` to `payee/jws/verification_keys/fspiopsimpayer.pem`
+- Switch directories to `docker/security/payer/tls/`
+- Run `openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payee/tls/dfsp_client_cert.pem -infiles ../../payee/tls/dfsp_client.csr`
+- Switch directories to `docker/security/payee/tls/`
+- Run `openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payer/tls/dfsp_client_cert.pem -infiles ../../payer/tls/dfsp_client.csr`
+- Move each others `dfsp_server_cacert.pem` into each others folder and rename to `payer_server_cacert.pem` and `payee_server_cacert.pem`
+
+#### Starting the Security Harness
+
+- Run `docker compose --project-name security -f docker-compose-security.yml --profile security-sdk-scheme-adapter up`
+
+
 ### Automate Load Tests
 
 This section describes the process to automate capturing of grafana rendered dashboards after running the performance testing scenarios.

automate_perf.sh

@@ -81,7 +81,8 @@ declare -a dashboards=(\
   "NodeJS%20Application%20Dashboard" \
   "Official%20k6%20Test%20Result" \
   "MySQL%20Overview" \
-  "Supporting%20Services%20-%20Callback%20Hander%20Service"
+  "Supporting%20Services%20-%20Callback%20Hander%20Service" \
+  "Mojaloop%20-%20Quoting%20Service"
   )
 
 # # create a directory to store the results with date timestamp in the name, check if the directory exists