Implement M1 Provisioning Session

[rjb1000]

Relevant specifications

• TS 26.512 clauses 4.3.2 and 7.2.

Specification

In this reference implementation, each Provisioning Session resource shall be uniquely identified by a UUID that is assigned by the 5GMS AF at the point of creation.

The following operations are included in the scope of this issue.

Create: M1_ProvisioningSession_createProvisioningSession

A Provisioning Session resource is sent by the M1 client to the M1 server.

• The provisioning session type (downlink/uplink) must be provided by the M1 client.
• The external application identifier must be provided by the M1 client.
• The application service provider identifier is optional in TS 26.512 V17.2.0.
  • Requested clarification from SA4 experts on why this is optional and whether it is correct in the specification - See Use of aspId and externalApplicationId in M1_ProvisioningSession_createProvisioningSession Standards#33.

The 5GMS AF is responsible for allocating a Provisioning Session ID and in this implementation it is a UUID.

On success, the fully populated Provisioning Session resource is returned in a 200 OK response.

Retrieve: M1_ProvisioningSession_getProvisioningSessionById

The current Provisioning Session resource is returned.

Update

There is no update operation associated with this API.

Destroy: M1_ProvisioningSession_destroyProvisioningSession

Discussed the approach to the destruction operation with @davidjwbbc and @devbbc and there are two implementation options for the M1_ProvisioningSession_destroyProvisioningSession operation:

After validating the Provisioning Session ID path parameter, the 5GMS AF marks the Provisioning Session for deletion and responds immediately to the M1 client with 202 Accepted. Then, when it processes the deletion task, the 5GMS AF creates some jobs on its task queue to invoke the relevant M3 destruction operations for all subresources (server certificates, Content Hosting Configurations and Content Preparation Templates).

• Note that the 202 Accepted response is not present in the M1 API (as of TS 26.512 V17.2.0). An issue has been raised to add this to the specification based on implementation experience - See Add signalling for asynchronous destruction of Provisioning Session at reference point M1 Standards#34.

• If an M1 client attempts to destroy a Provisioning Session that has no associated subresources, or has subresources that have not yet been synchronised to any 5GMS AS, then the local state in the 5GMS AF is deleted synchronously and a 204 No Content response is returned.

• If an M1 client attempts to perform any operation on a Provisioning Session that is already marked for deletion, the response is 404 Not Found.

[devbbc]

Went through the relevant specifications and started implementing the M1 Provisioning session.

As a first step, generated code files from the latest TS26512_M1_ProvisioningSessions.yaml. The latest model contains arrays with the uniqueItems boolean set to true.

This is supposed to be implemented as a set (array or list that doesn't contain duplicate entries) and included in the generated code files through set.h.

However there is no implementation of set.h neither in the openapi-generator version used by Open5GS nor in latest version of openapi-generator. For Open5GS, it is not a problem as it does not implement any such models.

To handle multiple provisioning sessions in the Application Function, we may possibly need to implement wrapper functions around the functions that implement list, which prevents duplicates from entering the list.

However, to handle a single provisioning session, it is sufficient to create a set.h with typedef struct OpenAPI_list_s OpenAPI_set_t;.

[rjb1000]

Discussed with @davidjwbbc. First conclusion is that the absence of an implemention of sets for the C language needs to be reported as a bug to the OpenAPI Generator project.

Creating a wrapper around the list data structure that rejects duplicate values sounds like a reasonable approach. This would presumably entail creating set.h and set.c code.

Rather than closing this gap in our project, my preference would be to contribute a fix to the OpenAPI Generator project, if the contribution licence terms are amenable. Please could you look into this, @davidjwbbc?

[rjb1000]

To unblock @devbbc's development, I think it would be acceptable to use a simple list for the time being as a substitute for a set. The implementation of the M1 Server can ensure that all resources referenced by the Provisioning Session are assigned unique resource identifiers (let's say UUIDs) when they are created which will naturally ensure no duplicates.

[devbbc]

On reception of the POST request, the Application function now generates an UUID and creates a new Provisioning Session using the OpenAPI function OpenAPI_provisioning_session_create(...). If the creation of the Provisioning Session succeeds, it returns a 201 to the client with the created Provisioning Session.

For example:

curl -H 'User-Agent: AF' -X POST -v http://127.0.0.22:7779/3gpp-m1/v2/provisioning-sessions/
*   Trying 127.0.0.22:7779...
* TCP_NODELAY set
* Connected to 127.0.0.22 (127.0.0.22) port 7779 (#0)
> POST /3gpp-m1/v2/provisioning-sessions/ HTTP/1.1
> Host: 127.0.0.22:7779
> Accept: */*
> User-Agent: AF
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 201 Created
< Connection: Keep-Alive
< Content-Length: 159
< Content-Type: application/json

< 
{
	"provisioningSessionId":	"a7a15c08-7147-41ed-b63a-f1c110c12746",
	"provisioningSessionType":	"DOWNLINK",
	"aspId":	"",
	"externalApplicationId":	""

}

Currently, provisioningSessionType, aspId, and externalApplicationId are generated by the Application Function instead of parsing the Provisioning Session resource sent by the client in the POST body.

Also, the response does not yet contain a Location header as required by TS 26.512.

The next step is to parse the received Provisioning Session resource and use it to populate the data structure for the Provisioning Session and to add in the missing Location header.

[devbbc]

The Application Function can now receive and parse the Provisioning Session resource sent by the client in the POST body. It then populates the data structure for this Provisioning Session and sends a response back to the client with information about the created resource.
The response also includes a Location header as required by TS 26.512.
Example output:

curl -H 'User-Agent: AF' -H 'Content-Type: application/json' --data '{"provisioningSessionType": "DOWNLINK", "aspId": "test-asp" , "externalApplicationId" :"test-app"}' -v http://127.0.0.22:7779/3gpp-m1/v2/provisioning-sessions
*   Trying 127.0.0.22:7779...
* TCP_NODELAY set
* Connected to 127.0.0.22 (127.0.0.22) port 7779 (#0)
> POST /3gpp-m1/v2/provisioning-sessions HTTP/1.1
> Host: 127.0.0.22:7779
> Accept: */*
> User-Agent: AF
> Content-Type: application/json
> Content-Length: 98
> 
* upload completely sent off: 98 out of 98 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 201 Created
< Connection: Keep-Alive
< Content-Length: 168
< Content-Type: application/json
< Location: /3gpp-m1/v2/provisioning-sessions/7966d76a-7268-41ed-bee2-ff86598c0d72
< Date: Fri, 02 Dec 2022 17:40:55 GMT
< 
{
	"provisioningSessionId":	"7966d76a-7268-41ed-bee2-ff86598c0d72",
	"provisioningSessionType":	"DOWNLINK",
	"aspId":	"test-asp",
	"externalApplicationId":	"test-app"
* Connection #0 to host 127.0.0.22 left intact
}

The below output show the Provisioning Session resource created without the aspId, as it is optional:

curl -H 'User-Agent: AF' -H 'Content-Type: application/json' --data '{"provisioningSessionType": "DOWNLINK", "externalApplicationId" :"test-app"}' -v http://127.0.0.22:7779/3gpp-m1/v2/provisioning-sessions
*   Trying 127.0.0.22:7779...
* TCP_NODELAY set
* Connected to 127.0.0.22 (127.0.0.22) port 7779 (#0)
> POST /3gpp-m1/v2/provisioning-sessions HTTP/1.1
> Host: 127.0.0.22:7779
> Accept: */*
> User-Agent: AF
> Content-Type: application/json
> Content-Length: 77
> 
* upload completely sent off: 77 out of 77 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 201 Created
< Connection: Keep-Alive
< Content-Length: 146
< Content-Type: application/json
< Location: /3gpp-m1/v2/provisioning-sessions/83e96f22-7268-41ed-bee2-ff86598c0d72
< Date: Fri, 02 Dec 2022 17:41:13 GMT
< 
{
	"provisioningSessionId":	"83e96f22-7268-41ed-bee2-ff86598c0d72",
	"provisioningSessionType":	"DOWNLINK",
	"externalApplicationId":	"test-app"
* Connection #0 to host 127.0.0.22 left intact
}

The deletion of the created resource is still a work in progress.

[rjb1000]

Discussed the approach to the destruction operation with @davidjwbbc and @devbbc and there are two implementation options for the M1_ProvisioningSession_destroyProvisioningSession operation:

1. Synchronous. After validating the Provisioning Session ID path parameter, the 5GMS AF invokes the relevant M3 destruction operations for all subresources (server certificates, Content Hosting Configurations and Content Preparation Templates) synchronously before responding to the M1 client.
2. Asynchronous. After validating the Provisioning Session ID path parameter, the 5GMS AF marks the Provisioning Session for deletion and responds immediately to the M1 client with 202 Accepted. Then, when it processes the deletion task, the 5GMS AF creates some jobs on its task queue to invoke the relevant M3 destruction operations for all subresources (server certificates, Content Hosting Configurations and Content Preparation Templates).
   • Note that the 202 Accepted response is not present in the M1 API (as of TS 26.512 V17.2.0). An issue therefore needs to be raised to add this to the specification based on implementation experience.

We selected option 2 because it reduces the likelihood of the M1 client request timing out if, for example, the 5GMS AS is not responding at the time of the destruction request.

Exceptions:

• If an M1 client attempts to destroy a Provisioning Session that has no associated subresources, or has subresources that have not yet been synchronised to any 5GMS AS, then the local state in the 5GMS AF is deleted synchronously and a 204 No Content response is returned.
• If an M1 client attempts to perform any operation on a Provisioning Session that is already marked for deletion, the response is 404 Not Found.

[rjb1000]

Observation from @davidjwbbc: the Provisioning Session resource lists the set of server certificates, metrics reporting configurations, content preparation templates currently associated with it (as arrays of resource identifiers). However, as of TS 26.512 V17.2.0, there is no indication of whether there is a (singleton) Content Hosting Configuration or consumption reporting configuration associated.

Maybe a simple boolean flag could be added to the data structure in a future revision of TS 26.512.

[devbbc]

The Application Function now marks the provisioning session for deletion and responds immediately to the M1 client with 202 Accepted. For example, let's create a Provisioning session with the Id generated by the AF:

 curl -H 'User-Agent: AF' -H 'Content-Type: application/json' --data '{"provisioningSessionType": "DOWNLINK", "aspId": "test-asp" , "externalApplicationId" :"test-app"}' -v http://127.0.0.22:7779/3gpp-m1/v2/provisioning-sessions
*   Trying 127.0.0.22:7779...
* TCP_NODELAY set
* Connected to 127.0.0.22 (127.0.0.22) port 7779 (#0)
> POST /3gpp-m1/v2/provisioning-sessions HTTP/1.1
> Host: 127.0.0.22:7779
> Accept: */*
> User-Agent: AF
> Content-Type: application/json
> Content-Length: 98
> 
* upload completely sent off: 98 out of 98 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 201 Created
< Connection: Keep-Alive
< Content-Length: 168
< Content-Type: application/json
< Location: /3gpp-m1/v2/provisioning-sessions/c566da28-7661-41ed-9373-1dbe0e2dedda
< Date: Wed, 07 Dec 2022 16:03:01 GMT
< 
{
	"provisioningSessionId":	"c566da28-7661-41ed-9373-1dbe0e2dedda",
	"provisioningSessionType":	"DOWNLINK",
	"aspId":	"test-asp",
	"externalApplicationId":	"test-app"
* Connection #0 to host 127.0.0.22 left intact
}

To delete this Provisioning session

curl -H 'User-Agent: AF' -X DELETE -v http://127.0.0.22:7779/3gpp-m1/v2/provisioning-sessions/c566da28-7661-41ed-9373-1dbe0e2dedda
*   Trying 127.0.0.22:7779...
* TCP_NODELAY set
* Connected to 127.0.0.22 (127.0.0.22) port 7779 (#0)
> DELETE /3gpp-m1/v2/provisioning-sessions/c566da28-7661-41ed-9373-1dbe0e2dedda HTTP/1.1
> Host: 127.0.0.22:7779
> Accept: */*
> User-Agent: AF
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 202 Accepted
< Connection: Keep-Alive
< Content-Length: 0
< Date: Wed, 07 Dec 2022 16:03:34 GMT
< 
* Connection #0 to host 127.0.0.22 left intact

[devbbc]

This is functionally complete. Now tidying up the code.

[davidjwbbc]

Observation from @davidjwbbc: the Provisioning Session resource lists the set of server certificates, metrics reporting configurations, content preparation templates currently associated with it (as arrays of resource identifiers). However, as of TS 26.512 V17.2.0, there is no indication of whether there is a (singleton) Content Hosting Configuration or consumption reporting configuration associated.

Maybe a simple boolean flag could be added to the data structure in a future revision of TS 26.512.

Raised 5G-MAG/Standards#35 to address this.

[davidjwbbc]

Discussed with @davidjwbbc. First conclusion is that the absence of an implemention of sets for the C language needs to be reported as a bug to the OpenAPI Generator project.

Creating a wrapper around the list data structure that rejects duplicate values sounds like a reasonable approach. This would presumably entail creating set.h and set.c code.

Rather than closing this gap in our project, my preference would be to contribute a fix to the OpenAPI Generator project, if the contribution licence terms are amenable. Please could you look into this, @davidjwbbc?

Checked the latest release of openapi-generator (v6.2.1) and this is still an issue with generated C code.

I will raise this as an issue on the openapi-generator project.

I've had a look at what the fix would entail and it involves some fairly minor edits to a lot of template file and the addition of the set.c and set.h files.

To implement set in the current open5gs main branch, we would need to make the same sort of template file edits to the templates in lib/sbi/support/... and add the set-body.mustache (set.c) and set-header.mustache (set.h) and update the generator configuration file to add these two new files.

[rjb1000]

Discussed the missing OpenAPI Generator "set" feature.

@davidjwbbc will raise an issue on the OpenAPI Generator project and notify @acetcom of the problem with unique lists (although he has probably not encountered it yet).

For the lists of resource identifiers in the M1 Provisoning Session resource, the members of the various arrays are UUIDs so the quick-and-dirty typedef solution is adequate since the Application Function ensures uniqueness by virtue of the fact that each UUID in inherently unique.

[davidjwbbc]

Issue raised on the openapi-generator project: OpenAPITools/openapi-generator#14234.

[devbbc]

Completed tidying of the code and now ready for review.

[davidjwbbc]

Had a look through the code and found some minor bugs which I fixed. These fixes are part of the M3 uplift to TS 26.512 v17.3.0 (PR #26) since the M1 provisioning session handling was included in the uplift due to nature of the code changes making difficult to unpick.

To exercise this properly we really need the M1 client (Issue #20), but hand crafted curl requests will suffice for now.