NOS-T Tools v3.0.8

Fixed:

• Manager Stop Command Timing During Freezes (manager.py): Fixed bug where Manager sent Stop command at the originally expected time instead of accounting for freeze duration:
  • Added pause mode check in _execute_test_plan_impl() waiting loop to skip stop time calculations while simulator is in PAUSED or PAUSING mode
  • Prevents race condition where stale _wallclock_epoch and _simulation_epoch values caused incorrect stop time calculations during freezes
  • Stop command now correctly sent at original_expected_time + freeze_duration (e.g., 10 minutes total wallclock time for 5-minute execution + 5-minute freeze)
  • Ensures proper synchronization between Manager's waiting logic and Simulator's freeze/resume cycle

Full Changelog: v3.0.7...v3.0.8

NOS-T Tools v3.0.7

Changed:

• Python-Keycloak Version Constraint: Pinned python-keycloak dependency to >=5, <7 in pyproject.toml:
  • Version 7.0.0+ uses PEP 604 union type syntax (str | Role) which requires Python 3.10+
  • This constraint maintains compatibility with Python 3.9 (requires-python = ">=3.9")
  • Can be relaxed when nost_tools drops Python 3.9 support or upstream adds from __future__ import annotations

Full Changelog: v3.0.6...v3.0.7

NOS-T Tools v3.0.6

Changed:

• Consumer Cleanup on Shutdown (application.py): Removed redundant stop_consuming() call in stop_application():

  • Queue deletion already implicitly cancels all consumers attached to those queues via RabbitMQ's standard behavior
  • Eliminates "pika.channel: basic_cancel - consumer not found" warning during application shutdown
  • Reduces unnecessary RPC calls during cleanup sequence

• Reconnection Logic (application.py): Fixed network reconnection failing when applications are in frozen/paused state:

  • Removed duplicate _io_thread creation in reconnect() method that caused two threads to compete for the same ioloop
  • Now stops the old ioloop explicitly after creating the new connection, allowing _start_io_loop's while loop to pick up the new
    connection naturally
  • Changed error handler to use threading.Timer instead of ioloop.call_later() for retry scheduling, since ioloop state may be
    inconsistent during failures
  • Reconnection now works reliably regardless of simulator mode (executing, paused, etc.)

Full Changelog: v3.0.5...v3.0.6

NOS-T Tools v3.0.5

Added:

• Application Configuration Support: Added configuration_parameters support for unmanaged Application class:
  • Updated ExecConfig in schemas.py to include applications dictionary (similar to managed_applications)
  • Updated ApplicationConfig in schemas.py to include configuration_parameters field
  • Updated get_app_specific_config() in configuration.py to accept app_type parameter ("applications" or "managed_applications")
  • Updated Application._get_parameters_from_config() to retrieve app-specific config from applications section
  • Updated ConnectionConfig to populate application_configuration from both applications and managed_applications sections
  • Enables custom per-application configuration parameters in YAML
• Resume Tolerance Configuration: Added global resume_tolerance parameter to GeneralConfig:
  • Added request_resume() method to Application class that sends ResumeRequest messages with optional sim_resume_time and tolerance parameters
  • Removed duplicate request_resume() from ManagedApplication - now inherits enhanced version from Application
  • Default tolerance of 12 hours can be configured globally in execution.general.resume_tolerance
  • Can be overridden per-request by passing tolerance parameter to request_resume()
  • Example YAML structure:

    execution:
      general:
        prefix: nost
        resume_tolerance: "12:00:00"  # Global default for all applications

Full Changelog: v3.0.4...v3.0.5

NOS-T Tools v3.0.4

Added:

• Basic Authentication Mode: Added support for localhost/development connections without Keycloak authentication
  • Allows USERNAME + PASSWORD only (no client credentials required)
  • Ideal for local RabbitMQ development without Keycloak infrastructure
  • System now supports three distinct authentication modes instead of two
• Enhanced Credentials Validation: Updated validate_authentication_mode() in Credentials schema to support three authentication modes:
  • Basic Auth (localhost): USERNAME + PASSWORD only
  • Keycloak Service Account: CLIENT_ID + CLIENT_SECRET_KEY only
  • Keycloak User Account: USERNAME + PASSWORD + CLIENT_ID + CLIENT_SECRET_KEY
• Comprehensive Three-Mode Testing: Added test_basic_auth_mode_valid() test to verify localhost authentication works correctly
• Optional Scenario Time and Tolerance for ResumeRequest: Added optional fields to ResumeRequestParameters in schemas.py:
  • sim_resume_time: Allows managed applications to specify target scenario time for resume
  • tolerance: Time tolerance (timedelta) for matching scenario time to requested time
  • Both fields are optional and maintain backward compatibility (default to None)
  • Uses simResumeTime and tolerance aliases for JSON serialization consistency
• Tolerance-Based Resume Command Logic: Added _handle_resume_request() method in manager.py to handle tolerance-based resume requests:
  • Runs in a separate thread to avoid blocking message callbacks
  • Default tolerance of 12 hours can be specified by managed applications

Changed:

• Credentials Validator (schemas.py): Enhanced validation logic to recognize basic authentication as a valid mode alongside Keycloak authentication modes
• Test Suite (tests/test_credentials.py):
  • Renamed test_user_account_mode_valid() to test_keycloak_user_account_mode_valid() for clarity
  • Updated test assertions to match new error messages
  • Now testing 8 scenarios (was 7) including basic auth mode
• Error Messages: Updated validation error messages to include all three authentication modes for better troubleshooting
• Resume Request Handling (manager.py): Modified on_resume_request() to delegate to _handle_resume_request() for tolerance-based handling:
  • If tolerance is NOT provided: ResumeCommand is sent immediately (regardless of sim_resume_time)
  • If tolerance IS provided:
    • Both tolerance and sim_resume_time provided: Checks if current scenario time is within tolerance of requested time
      • Within tolerance: ResumeCommand is sent immediately
      • Outside tolerance: Request is ignored with informative log message showing time difference
    • Only tolerance provided (no sim_resume_time): ResumeCommand is sent immediately
  • This tolerance-based approach allows managed applications to send multiple ResumeRequest messages with the Manager only acting when scenario time is within the specified tolerance window
• Exchange Declaration (application.py): Moved establish_exchange() method from Manager class to base Application class:
  • All applications (unmanaged Application, ManagedApplication, and Manager) now automatically declare the exchange when channel opens
  • Fixes "NOT_FOUND - no exchange" errors when unmanaged applications try to publish messages
  • Exchange is declared in on_channel_open() callback, ensuring it exists before any message operations
  • Eliminates requirement for Manager to run first before other applications can send messages
• Freeze Request Logging (manager.py): Fixed misleading log message in _handle_freeze_request():
  • "Indefinite freeze requested - manual resume required" now logs before freeze starts (not after)
  • Added "Indefinite freeze has ended" log message after freeze completes
• BasicProperties Handling (application.py): Fixed RabbitMQ protocol error "UNEXPECTED_FRAME - expected content header for class 60":
  • Added _build_basic_properties() helper method that filters out None values before creating pika.BasicProperties
  • Updated send_message() and _process_message_queue() to use the new helper
  • Prevents protocol errors when YAML configuration has undefined/None BasicProperties fields
  • Resolves random connection drops with error code 505 (UNEXPECTED_FRAME)

Full Changelog: v3.0.3...v3.0.4

NOS-T Tools v3.0.3

Added:

• Service Account Authentication Support: Applications can now authenticate with Keycloak using service accounts (client credentials only) without requiring username and password. This is ideal for automated systems, scripts, and long-running processes.
• Dual Authentication Modes: The system now supports two Keycloak authentication modes:
  • User Account: Requires USERNAME, PASSWORD, CLIENT_ID, and CLIENT_SECRET_KEY
  • Service Account: Requires only CLIENT_ID and CLIENT_SECRET_KEY
• Intelligent OTP Detection: Added smart OTP/TOTP requirement detection in new_access_token() method that:
  • Analyzes Keycloak error responses for OTP-related keywords (otp, totp, two-factor, 2fa, mfa)
  • Only prompts for OTP when Keycloak explicitly indicates it's required
  • Prevents false OTP prompts when username/password are incorrect
  • Provides clear, context-specific error messages for different failure scenarios
• Programmatic OTP Support: Added optional otp parameter to new_access_token() method to support automation with OTP-enabled accounts
• Credentials Validation: Added validate_authentication_mode() validator in Credentials schema that enforces valid credential combinations and provides clear error messages for invalid configurations
• Comprehensive Test Suite: Added tests/test_credentials.py with 7 tests covering both authentication modes and validation scenarios
• Documentation:
  • Created KEYCLOAK_AUTH_MODES.md with detailed guide on both authentication modes, setup instructions, and error handling
  • Created OTP_IMPROVEMENTS.md documenting intelligent OTP handling improvements
  • Created .env.example template showing both authentication modes
  • Created .env.sos.example specific template for sos.yaml configuration

Changed:

• Credentials Schema (schemas.py): Changed default values for username and password from "admin" to None to make them optional for service account authentication
• Environment Variable Loading (configuration.py): Updated load_environment_variables() method to support optional username/password when Keycloak authentication is enabled, allowing service account mode
• Authentication Method (application.py): Updated new_access_token() method to:
  • Automatically detect authentication mode based on presence of username/password
  • Use grant_type="password" for user authentication
  • Use grant_type=["client_credentials"] for service account authentication
  • Intelligently handle OTP requirements with proper error detection
  • Log which authentication mode is being used for debugging
• Error Messages: Improved authentication error messages to clearly indicate:
  • "Authentication failed. Please check your username and password" for wrong credentials
  • "OTP/TOTP is required for this account" when OTP is needed
  • "The provided OTP may be incorrect or expired" for wrong OTP

Full Changelog: v3.0.2...v3.0.3

NOS-T Tools v3.0.2

Updated:

• Removed self._next_time = self._time from resume() in simulator.py, which was causing a drift of approximately 1 second per simulated day.
• Changed a log statement in freeze() within manager.py from log.info to log.debug to reduce verbosity. The affected line reports the remaining time during a freeze.

Full Changelog: v3.0.1...v3.0.2

NOS-T Tools v3.0.1

Updated:

• Removed the calculation of target_resume_time from the freeze() method in manager.py.
  A freeze event now persists until the resume time specified in the FreezeCommand message payload is reached. Previously, the resume time was calculated from the scenario time at which the FreezeRequest message was received by the manager (scenario time at message receipt + freeze duration), which could cause time drift.
• Prevented a one-step early advance after RESUMING by ensuring the _wait_for_tock() method in simulator.py re-anchors epochs and waits until the next tick before advancing.
• Updated the on_manager_freeze() method in managed_application.py to honor simFreezeTime from a FreezeCommand, aligning to the requested scenario time (via wallclock mapping) before calling pause() so all apps freeze at the same scenario time.

Full Changelog: v3.0.0...v3.0.1

NOS-T Tools v3.0.0

Added:

• Added comprehensive freeze time tracking system and callbacks in Manager class in manager.py to properly account for dynamic, distributed freezes, resumes, and updates to scenario time:
  • Added on_freeze_request() callback which freezes scenario time based on messages containing requests from managed applications, integrated this callback into start_up() method
  • Added _handle_freeze_request() that handles dynamic, distributed freeze requests
  • Added freeze() that issues freeze command, integrated this into the _handle_freeze_request()
  • Added on_resume_request() callback which resumes scenario time based on messages containing requests from managed applications, integrated this callback into start_up() method
  • Added on_update_request() callback which updates the time scale factor based on messages containing requests from managed applications, integrated this callback into start_up() method
  • Added update() that issues update command, integrated this into the on_update_request() method
• Added new methods to ManagedApplication class in managed_application.py to allow requests for a freeze in scenario time from the Manager class in manager.py
  • Added request_freeze() method that sends a FreezeRequest message which is received by the Manager application, added an associated on_manager_freeze() callback that responds to FreezeCommand messages from Manger
  • Added request_resume() method that sends a ResumeRequest message which is received by the Manager application, added an associated on_manager_resume() callback that responds to ResumeCommand messages from Manager
  • Added request_update() method that sends a UpdateRequest message which is received by the Manager application, added an associated on_manager_update() callback that responds to UpdateCommand messages from Manager
• Added new freeze-tracking capabilities to Simulator class in simulator.py
  • Added reset of wallclock and simulation epochs when mode switches to Mode.EXECUTING in _wait_for_tock() method
• Added the following classes to schemas.py:
  • FreezeTaskingParameters, FreezeCommand, ResumeTaskingParameters, ResumeCommand, FreezeRequestParameters, FreezeRequest, ResumeRequestParameters, ResumeRequest, UpdateRequestParameters, UpdateRequest

Updated:

• Removed code related to scheduled time scale updates in _execute_test_plan_impl() of Manager application. Scheduled time scale factor updates, defined in the YAML configuration file, are no longer supported. They must now be requested by a ManagedApplication and processed by the Manager who maintains control of sending the FreezeCommand as defined in schemas.py
• Removed TimeScaleUpdate class in manager.py
• Removed TimeScaleUpdateSchema and FreezeSchema classes in schemas.py
• Removed time_scale_updates and freezes fields from ManagerConfig class in schemas.py
• Prevent re-entrant execution in Simulator.execute() by adding an explicit mode guard; now raises a clear RuntimeError when called outside UNDEFINED, INITIALIZED, or TERMINATED modes: Cannot execute: simulator is {self._mode}. Wait for TERMINATED or terminate the current run.
• Removed WallclockOffsetProperties class and wallclock_offset_properties section from RuntimeConfig in schemas.py and configuration.py.
• Added wallclock_offset_refresh_interval and ntp_host to GeneralConfig class in schemas.py
• Updated FireSat test suite to show examples of time scale updates and scenario time freezes.

Full Changelog: v2.4.0...v3.0.0

NOS-T Tools v2.4.0

Added:

• Introduced the configure_file_logging() method in the base Application class, automatically invoked during the start_up() process.
• Added a LoggingConfig Pydantic model to encapsulate configuration parameters for the configure_file_logging() method.

Updated:

• Changed the default value of token_refresh_interval in the KeycloakConfig Pydantic class from 60 seconds (1 minute) to 240 seconds (4 minutes).

Full Changelog: v2.3.0...v2.4.0