diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index d73f29db6..db16a513b 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -75,6 +75,13 @@ jobs: - "pkg/ulid/**" - "pkg/uuid/**" + bootstrap: + - "bootstrap/**" + - "cmd/bootstrap/**" + - "pkg/bootstrap/**" + - "provision/**" + - "pkg/sdk/**" + channels: - "channels/**" - "cmd/channels/**" @@ -233,10 +240,11 @@ jobs: if [[ "${{ steps.changes.outputs.workflow }}" == "true" || "${{ steps.changes.outputs.pkg-errors }}" == "true" ]]; then # If workflow or pkg/errors changed, test everything - modules=("auth" "channels" "cli" "clients" "domains" "groups" "internal" "journal" "logger" "pkg-errors" "pkg-events" "pkg-grpcclient" "pkg-messaging" "pkg-sdk" "pkg-transformers" "pkg-ulid" "pkg-uuid" "users" "notifications" "api" "consumers" "readers" "re" "alarms" "reports") + modules=("auth" "bootstrap" "channels" "cli" "clients" "domains" "groups" "internal" "journal" "logger" "pkg-errors" "pkg-events" "pkg-grpcclient" "pkg-messaging" "pkg-sdk" "pkg-transformers" "pkg-ulid" "pkg-uuid" "users" "notifications" "api" "consumers" "readers" "re" "alarms" "reports") else # Add only changed modules [[ "${{ steps.changes.outputs.auth }}" == "true" ]] && modules+=("auth") + [[ "${{ steps.changes.outputs.bootstrap }}" == "true" ]] && modules+=("bootstrap") [[ "${{ steps.changes.outputs.channels }}" == "true" ]] && modules+=("channels") [[ "${{ steps.changes.outputs.cli }}" == "true" ]] && modules+=("cli") [[ "${{ steps.changes.outputs.clients }}" == "true" ]] && modules+=("clients") diff --git a/Makefile b/Makefile index 1cdd8c527..92f625d67 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ override MG_DOCKER_IMAGE_NAME_PREFIX := ghcr.io/absmach/magistrala MG_DOCKER_VOLUME_NAME_PREFIX ?= magistrala BUILD_DIR ?= build -SERVICES = auth users clients groups channels domains notifications certs re postgres-writer postgres-reader timescale-writer timescale-reader cli alarms reports bootstrap journal fluxmq +SERVICES = auth users clients groups channels domains notifications certs re postgres-writer postgres-reader timescale-writer timescale-reader cli alarms reports bootstrap provision journal fluxmq TEST_API_SERVICES = journal auth certs clients users channels groups domains TEST_API = $(addprefix test_api_,$(TEST_API_SERVICES)) DOCKERS = $(addprefix docker_,$(SERVICES)) diff --git a/apidocs/openapi/bootstrap.yaml b/apidocs/openapi/bootstrap.yaml index 7ec7f288c..cae92b7d7 100644 --- a/apidocs/openapi/bootstrap.yaml +++ b/apidocs/openapi/bootstrap.yaml @@ -5,7 +5,8 @@ openapi: 3.0.1 info: title: Magistrala Bootstrap service description: | - HTTP API for managing platform clients configuration. + HTTP API for managing platform clients configuration, device profiles, + and enrollment bindings. Some useful links: - [The Magistrala repository](https://github.com/absmach/magistrala) contact: @@ -13,7 +14,7 @@ info: license: name: Apache 2.0 url: https://github.com/absmach/magistrala/blob/main/LICENSE - version: 0.18.5 + version: 0.19.0 servers: - url: http://localhost:9013 @@ -21,18 +22,24 @@ servers: tags: - name: configs - description: Everything about your Configs + description: Bootstrap enrollment configurations externalDocs: description: Find out more about Configs url: https://magistrala.absmach.eu/docs/ + - name: profiles + description: Device configuration profiles and templates + - name: enrollments + description: Enrollment profile assignment and resource bindings paths: + # ── Enrollment configs ──────────────────────────────────────────────────── + /{domainID}/clients/configs: post: operationId: createConfig - summary: Adds new config + summary: Adds a new enrollment config description: | - Adds new config to the list of config owned by user identified using + Adds a new bootstrap enrollment config owned by the user identified by the provided access token. tags: - configs @@ -49,33 +56,24 @@ paths: description: Missing or invalid access token provided. "403": description: Failed to perform authorization over the entity. - "404": - description: A non-existent entity request. "409": - description: Failed due to using an existing identity. + description: Failed due to using an existing external ID. "415": description: Missing or invalid content type. - "422": - description: Database can't process request. "500": $ref: "#/components/responses/ServiceError" - "503": - description: Failed to receive response from the clients service. get: operationId: getConfigs summary: Retrieves managed configs description: | - Retrieves a list of managed configs. Due to performance concerns, data - is retrieved in subsets. The API configs must ensure that the entire - dataset is consumed either by making subsequent requests, or by - increasing the subset size of the initial request. + Retrieves a paginated list of managed enrollment configs. tags: - configs parameters: - $ref: "#/components/parameters/DomainID" - $ref: "#/components/parameters/Limit" - $ref: "#/components/parameters/Offset" - - $ref: "#/components/parameters/State" + - $ref: "#/components/parameters/Status" - $ref: "#/components/parameters/Name" responses: "200": @@ -84,47 +82,39 @@ paths: description: Failed due to malformed query parameters. "401": description: Missing or invalid access token provided. - "422": - description: Database can't process request. "500": $ref: "#/components/responses/ServiceError" /{domainID}/clients/configs/{configID}: get: operationId: getConfig - summary: Retrieves config info (with channels). + summary: Retrieves a config tags: - configs parameters: - $ref: "#/components/parameters/DomainID" - - $ref: "#/components/parameters/ConfigId" + - $ref: "#/components/parameters/ConfigID" responses: "200": $ref: "#/components/responses/ConfigRes" - "400": - description: Missing or invalid config. "401": description: Missing or invalid access token provided. "403": description: Failed to perform authorization over the entity. "404": description: Config does not exist. - "422": - description: Database can't process request. "500": $ref: "#/components/responses/ServiceError" - put: + patch: operationId: updateConfig summary: Updates config info description: | - Update is performed by replacing the current resource data with values - provided in a request payload. Note that the owner, ID, external ID, - external key, Magistrala Client ID and key cannot be changed. + Updates name and content of an existing enrollment config. tags: - configs parameters: - $ref: "#/components/parameters/DomainID" - - $ref: "#/components/parameters/ConfigId" + - $ref: "#/components/parameters/ConfigID" requestBody: $ref: "#/components/requestBodies/ConfigUpdateReq" responses: @@ -140,52 +130,42 @@ paths: description: Config does not exist. "415": description: Missing or invalid content type. - "422": - description: Database can't process request. "500": $ref: "#/components/responses/ServiceError" delete: operationId: removeConfig - summary: Removes a Config - description: | - Removes a Config. In case of successful removal the service will ensure - that the removed config is disconnected from all of the Magistrala channels. + summary: Removes a config tags: - configs parameters: - $ref: "#/components/parameters/DomainID" - - $ref: "#/components/parameters/ConfigId" + - $ref: "#/components/parameters/ConfigID" responses: "204": description: Config removed. - "400": - description: Failed due to malformed config ID. "401": description: Missing or invalid access token provided. "403": description: Failed to perform authorization over the entity. - "422": - description: Database can't process request. "500": $ref: "#/components/responses/ServiceError" /{domainID}/clients/configs/certs/{configID}: patch: operationId: updateConfigCerts - summary: Updates certs + summary: Updates client certificates description: | - Update is performed by replacing the current certificate data with values - provided in a request payload. + Replaces the certificate fields (client_cert, client_key, ca_cert) of an + existing enrollment config. tags: - configs parameters: - $ref: "#/components/parameters/DomainID" - - $ref: "#/components/parameters/ConfigId" + - $ref: "#/components/parameters/ConfigID" requestBody: $ref: "#/components/requestBodies/ConfigCertUpdateReq" responses: "200": - description: Config updated. $ref: "#/components/responses/ConfigUpdateCertsRes" "400": description: Failed due to malformed JSON. @@ -197,126 +177,454 @@ paths: description: Config does not exist. "415": description: Missing or invalid content type. - "422": - description: Database can't process request. "500": $ref: "#/components/responses/ServiceError" - /{domainID}/clients/configs/connections/{configID}: - put: - operationId: updateConfigConnections - summary: Updates channels the client is connected to + /{domainID}/clients/configs/{configID}/enable: + post: + operationId: enableConfig + summary: Enables a config description: | - Update connections performs update of the channel list corresponding - Client is connected to. + Enables the enrollment config, allowing its device to bootstrap. + Idempotent — returns the current config without error if already enabled. tags: - configs parameters: - $ref: "#/components/parameters/DomainID" - - $ref: "#/components/parameters/ConfigId" - requestBody: - $ref: "#/components/requestBodies/ConfigConnUpdateReq" + - $ref: "#/components/parameters/ConfigID" responses: "200": - description: Config updated. - "400": - description: Failed due to malformed JSON. + $ref: "#/components/responses/ConfigRes" "401": description: Missing or invalid access token provided. "403": description: Failed to perform authorization over the entity. "404": description: Config does not exist. - "415": - description: Missing or invalid content type. - "422": - description: Database can't process request. "500": $ref: "#/components/responses/ServiceError" - /clients/bootstrap/{externalId}: + /{domainID}/clients/configs/{configID}/disable: + post: + operationId: disableConfig + summary: Disables a config + description: | + Disables the enrollment config, preventing its device from bootstrapping. + Idempotent — returns the current config without error if already disabled. + tags: + - configs + parameters: + - $ref: "#/components/parameters/DomainID" + - $ref: "#/components/parameters/ConfigID" + responses: + "200": + $ref: "#/components/responses/ConfigRes" + "401": + description: Missing or invalid access token provided. + "403": + description: Failed to perform authorization over the entity. + "404": + description: Config does not exist. + "500": + $ref: "#/components/responses/ServiceError" + + # ── Device bootstrap ────────────────────────────────────────────────────── + + /clients/bootstrap/{externalID}: get: operationId: getBootstrapConfig - summary: Retrieves configuration. + summary: Retrieves a bootstrap configuration description: | - Retrieves a configuration with given external ID and external key. + Returns the rendered bootstrap configuration for a device identified by + its external ID and external key. tags: - configs security: - bootstrapAuth: [] parameters: - - $ref: "#/components/parameters/ExternalId" + - $ref: "#/components/parameters/ExternalID" responses: "200": $ref: "#/components/responses/BootstrapConfigRes" "400": - description: Failed due to malformed JSON. + description: Missing or invalid external ID. "401": - description: Missing or invalid external key provided. + description: Missing or invalid external key. + "403": + description: Config is disabled. "404": - description: Failed to retrieve corresponding config. - "422": - description: Database can't process request. + description: No config found for the given external ID. "500": $ref: "#/components/responses/ServiceError" - /clients/bootstrap/secure/{externalId}: + /clients/bootstrap/secure/{externalID}: get: operationId: getSecureBootstrapConfig - summary: Retrieves configuration. + summary: Retrieves an encrypted bootstrap configuration description: | - Retrieves a configuration with given external ID and encrypted external key. + Returns the rendered bootstrap configuration encrypted with the device's + AES key. The external key must be hex-encoded and AES-encrypted. tags: - configs security: - bootstrapEncAuth: [] parameters: - - $ref: "#/components/parameters/ExternalId" + - $ref: "#/components/parameters/ExternalID" responses: "200": - $ref: "#/components/responses/BootstrapConfigRes" + description: Encrypted bootstrap payload (binary). + content: + application/octet-stream: + schema: + type: string + format: binary + "400": + description: Missing or invalid external ID. + "401": + description: Missing or invalid encrypted external key. + "403": + description: Config is disabled. + "404": + description: No config found for the given external ID. + "500": + $ref: "#/components/responses/ServiceError" + + # ── Device profiles ─────────────────────────────────────────────────────── + + /{domainID}/clients/bootstrap/profiles: + post: + operationId: createProfile + summary: Creates a device profile + tags: + - profiles + parameters: + - $ref: "#/components/parameters/DomainID" + requestBody: + $ref: "#/components/requestBodies/ProfileCreateReq" + responses: + "201": + $ref: "#/components/responses/ProfileRes" + "400": + description: Failed due to malformed JSON. + "401": + description: Missing or invalid access token provided. + "403": + description: Failed to perform authorization over the entity. + "409": + description: A profile with the same name already exists in this domain. + "415": + description: Missing or invalid content type. + "500": + $ref: "#/components/responses/ServiceError" + get: + operationId: listProfiles + summary: Lists device profiles + tags: + - profiles + parameters: + - $ref: "#/components/parameters/DomainID" + - $ref: "#/components/parameters/Limit" + - $ref: "#/components/parameters/Offset" + responses: + "200": + $ref: "#/components/responses/ProfileListRes" + "400": + description: Failed due to malformed query parameters. + "401": + description: Missing or invalid access token provided. + "500": + $ref: "#/components/responses/ServiceError" + + /{domainID}/clients/bootstrap/profiles/upload: + post: + operationId: uploadProfile + summary: Uploads a device profile + description: | + Uploads a profile definition. Accepts JSON, YAML, or TOML payloads + depending on the Content-Type header. + tags: + - profiles + parameters: + - $ref: "#/components/parameters/DomainID" + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/Profile" + application/yaml: + schema: + $ref: "#/components/schemas/Profile" + application/toml: + schema: + $ref: "#/components/schemas/Profile" + responses: + "201": + $ref: "#/components/responses/ProfileRes" + "400": + description: Failed due to malformed body. + "401": + description: Missing or invalid access token provided. + "415": + description: Unsupported content type. + "500": + $ref: "#/components/responses/ServiceError" + + /{domainID}/clients/bootstrap/profiles/{profileID}: + get: + operationId: getProfile + summary: Retrieves a device profile + tags: + - profiles + parameters: + - $ref: "#/components/parameters/DomainID" + - $ref: "#/components/parameters/ProfileID" + responses: + "200": + $ref: "#/components/responses/ProfileRes" + "401": + description: Missing or invalid access token provided. + "404": + description: Profile does not exist. + "500": + $ref: "#/components/responses/ServiceError" + patch: + operationId: updateProfile + summary: Updates a device profile + tags: + - profiles + parameters: + - $ref: "#/components/parameters/DomainID" + - $ref: "#/components/parameters/ProfileID" + requestBody: + $ref: "#/components/requestBodies/ProfileUpdateReq" + responses: + "200": + $ref: "#/components/responses/ProfileRes" "400": description: Failed due to malformed JSON. "401": description: Missing or invalid access token provided. "404": - description: | - Failed to retrieve corresponding config. - "422": - description: Database can't process request. + description: Profile does not exist. + "415": + description: Missing or invalid content type. "500": $ref: "#/components/responses/ServiceError" - - /{domainID}/clients/state/{configID}: - put: - operationId: updateConfigState - summary: Updates Config state. - description: | - Updating state represents enabling/disabling Config, i.e. connecting - and disconnecting corresponding Magistrala Client to the list of Channels. + delete: + operationId: deleteProfile + summary: Deletes a device profile tags: - - configs + - profiles parameters: - $ref: "#/components/parameters/DomainID" - - $ref: "#/components/parameters/ConfigId" - requestBody: - $ref: "#/components/requestBodies/ConfigStateUpdateReq" + - $ref: "#/components/parameters/ProfileID" responses: "204": - description: Config removed. - "400": - description: Failed due to malformed config's ID. + description: Profile deleted. "401": description: Missing or invalid access token provided. "404": - description: A non-existent entity request. - "415": - description: Missing or invalid content type. - "422": - description: Database can't process request. + description: Profile does not exist. "500": $ref: "#/components/responses/ServiceError" + /{domainID}/clients/bootstrap/profiles/{profileID}/slots: + get: + operationId: getProfileSlots + summary: Retrieves the binding slots declared by a profile + tags: + - profiles + parameters: + - $ref: "#/components/parameters/DomainID" + - $ref: "#/components/parameters/ProfileID" + responses: + "200": + description: Binding slots retrieved. + content: + application/json: + schema: + type: object + properties: + slots: + type: array + items: + $ref: "#/components/schemas/BindingSlot" + "401": + description: Missing or invalid access token provided. + "404": + description: Profile does not exist. + "500": + $ref: "#/components/responses/ServiceError" + + /{domainID}/clients/bootstrap/profiles/{profileID}/render-preview: + post: + operationId: renderPreview + summary: Renders a profile template preview + description: | + Renders the profile's content template with the supplied device context + and binding snapshots. No external service calls are made — all data + must be supplied in the request body. + tags: + - profiles + parameters: + - $ref: "#/components/parameters/DomainID" + - $ref: "#/components/parameters/ProfileID" + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + config: + $ref: "#/components/schemas/Config" + render_context: + type: object + additionalProperties: true + description: Per-device variable overrides. + bindings: + type: array + items: + $ref: "#/components/schemas/BindingSnapshot" + responses: + "200": + description: Rendered template output. + content: + application/json: + schema: + type: object + properties: + rendered: + type: string + "400": + description: Template rendering failed. + "401": + description: Missing or invalid access token provided. + "404": + description: Profile does not exist. + "500": + $ref: "#/components/responses/ServiceError" + + # ── Enrollment bindings ─────────────────────────────────────────────────── + + /{domainID}/clients/bootstrap/enrollments/{configID}/profile: + patch: + operationId: assignProfile + summary: Assigns a profile to an enrollment + tags: + - enrollments + parameters: + - $ref: "#/components/parameters/DomainID" + - $ref: "#/components/parameters/ConfigID" + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + profile_id: + type: string + format: uuid + required: + - profile_id + responses: + "200": + description: Profile assigned. + "400": + description: Failed due to malformed JSON. + "401": + description: Missing or invalid access token provided. + "404": + description: Config or profile does not exist. + "415": + description: Missing or invalid content type. + "500": + $ref: "#/components/responses/ServiceError" + + /{domainID}/clients/bootstrap/enrollments/{configID}/bindings: + put: + operationId: bindResources + summary: Binds resources to profile slots + description: | + Resolves the requested resource bindings via their owning services, + stores snapshots, and marks the enrollment renderable when all required + slots are satisfied. + tags: + - enrollments + parameters: + - $ref: "#/components/parameters/DomainID" + - $ref: "#/components/parameters/ConfigID" + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + bindings: + type: array + minItems: 1 + items: + $ref: "#/components/schemas/BindingRequest" + required: + - bindings + responses: + "200": + description: Bindings stored. + "400": + description: Failed due to malformed JSON or invalid binding request. + "401": + description: Missing or invalid access token provided. + "404": + description: Config or resource not found. + "415": + description: Missing or invalid content type. + "500": + $ref: "#/components/responses/ServiceError" + get: + operationId: listBindings + summary: Lists binding snapshots for an enrollment + tags: + - enrollments + parameters: + - $ref: "#/components/parameters/DomainID" + - $ref: "#/components/parameters/ConfigID" + responses: + "200": + $ref: "#/components/responses/BindingsRes" + "401": + description: Missing or invalid access token provided. + "404": + description: Config does not exist. + "500": + $ref: "#/components/responses/ServiceError" + + /{domainID}/clients/bootstrap/enrollments/{configID}/bindings/refresh: + post: + operationId: refreshBindings + summary: Refreshes all binding snapshots + description: | + Re-resolves every existing binding for the enrollment and updates the + stored snapshots with current resource data. + tags: + - enrollments + parameters: + - $ref: "#/components/parameters/DomainID" + - $ref: "#/components/parameters/ConfigID" + responses: + "200": + description: Bindings refreshed. + "401": + description: Missing or invalid access token provided. + "404": + description: Config does not exist. + "500": + $ref: "#/components/responses/ServiceError" + + # ── Health ──────────────────────────────────────────────────────────────── + /health: get: summary: Retrieves service health check info. @@ -331,179 +639,270 @@ paths: components: schemas: - State: - type: integer - enum: [0, 1] + Status: + type: string + enum: [enabled, disabled] + description: Enrollment status. + Config: type: object properties: - client_id: + id: type: string format: uuid - description: Corresponding Magistrala Client ID. - magistrala_secret: + description: Enrollment ID. + domain_id: type: string format: uuid - description: Corresponding Magistrala Client key. - channels: - type: array - minItems: 0 - items: - type: object - properties: - id: - type: string - format: uuid - description: Channel unique identifier. - name: - type: string - description: Name of the Channel. - metadata: - type: object - description: Custom metadata related to the Channel. + description: Domain the enrollment belongs to. external_id: type: string - description: External ID (MAC address or some unique identifier). + description: External device identifier (e.g. MAC address). external_key: type: string - description: External key. + description: External authentication key (write-only; not returned after creation). + name: + type: string + description: Human-readable name. content: type: string - description: Free-form custom configuration. - state: - $ref: "#/components/schemas/State" + description: Legacy free-form configuration payload. + status: + $ref: "#/components/schemas/Status" + profile_id: + type: string + format: uuid + description: ID of the device profile used for template rendering. + render_context: + type: object + additionalProperties: true + description: Per-device variable values injected into the profile template. client_cert: type: string - description: Client certificate. + description: Client TLS certificate (PEM). + client_key: + type: string + description: Client TLS private key (PEM). ca_cert: type: string - description: Issuing CA certificate. + description: CA certificate (PEM). required: - external_id - external_key + ConfigList: type: object properties: total: type: integer - description: Total number of results. minimum: 0 offset: type: integer - description: Number of items to skip during retrieval. minimum: 0 default: 0 limit: type: integer - description: Size of the subset to retrieve. maximum: 100 default: 10 configs: type: array - minItems: 0 - uniqueItems: true items: $ref: "#/components/schemas/Config" required: - configs + BootstrapConfig: type: object + description: Rendered configuration returned to a bootstrapping device. properties: - client_id: + id: type: string format: uuid - description: Corresponding Magistrala Client ID. - client_key: - type: string - format: uuid - description: Corresponding Magistrala Client key. - channels: - type: array - minItems: 0 - items: - type: string + description: Enrollment ID. content: type: string - description: Free-form custom configuration. + description: Rendered configuration payload. client_cert: type: string - description: Client certificate. - required: - - client_id - - client_key - - channels - - content + description: Client TLS certificate (PEM). + client_key: + type: string + description: Client TLS private key (PEM). + ca_cert: + type: string + description: CA certificate (PEM). + ConfigUpdateCerts: type: object properties: - client_id: + id: type: string format: uuid - description: Corresponding Magistrala Client ID. client_cert: type: string - description: Client certificate. client_key: type: string - description: Key for the client_cert. ca_cert: type: string - description: Issuing CA certificate. + domain_id: + type: string + format: uuid + + Profile: + type: object + properties: + id: + type: string + format: uuid + readOnly: true + domain_id: + type: string + format: uuid + readOnly: true + name: + type: string + description: + type: string + template_format: + type: string + enum: [go-template, raw] + default: go-template + content_template: + type: string + description: Template text rendered at bootstrap time. + defaults: + type: object + additionalProperties: true + description: Default variable values merged with per-device render_context. + binding_slots: + type: array + items: + $ref: "#/components/schemas/BindingSlot" + description: Named resource slots declared by this profile. + version: + type: integer + readOnly: true + created_at: + type: string + format: date-time + readOnly: true + updated_at: + type: string + format: date-time + readOnly: true required: - - client_id - - client_key - - channels - - content + - name + - template_format + + ProfileList: + type: object + properties: + total: + type: integer + minimum: 0 + offset: + type: integer + minimum: 0 + limit: + type: integer + maximum: 100 + profiles: + type: array + items: + $ref: "#/components/schemas/Profile" + + BindingSlot: + type: object + description: A named resource placeholder declared by a profile. + properties: + name: + type: string + description: Slot name referenced in the template (e.g. "mqtt_client"). + type: + type: string + enum: [client, channel, cert] + description: Expected resource type. + required: + type: boolean + default: true + description: Whether the slot must be bound before the device can bootstrap. + fields: + type: array + items: + type: string + description: Resource fields snapshotted at binding time. + required: + - name + - type + + BindingRequest: + type: object + description: A request to bind a profile slot to a concrete resource. + properties: + slot: + type: string + description: Profile slot name to fill. + type: + type: string + enum: [client, channel, cert] + resource_id: + type: string + format: uuid + description: ID of the resource in its owning service. + required: + - slot + - type + - resource_id + + BindingSnapshot: + type: object + description: Bootstrap-owned snapshot of a bound resource. + properties: + config_id: + type: string + format: uuid + slot: + type: string + type: + type: string + resource_id: + type: string + format: uuid + snapshot: + type: object + additionalProperties: true + description: Non-secret resource fields captured at binding time. + updated_at: + type: string + format: date-time parameters: - ConfigId: + ConfigID: name: configID - description: Unique Config identifier. It's the ID of the corresponding Client. + description: Unique enrollment config identifier. in: path schema: type: string format: uuid required: true - ExternalId: - name: externalId - description: Unique Config identifier provided by external entity. + + ProfileID: + name: profileID + description: Unique profile identifier. + in: path + schema: + type: string + format: uuid + required: true + + ExternalID: + name: externalID + description: External device identifier provided at registration. in: path schema: type: string required: true - Limit: - name: limit - description: Size of the subset to retrieve. - in: query - schema: - type: integer - default: 10 - maximum: 100 - minimum: 1 - required: false - Offset: - name: offset - description: Number of items to skip during retrieval. - in: query - schema: - type: integer - default: 0 - minimum: 0 - required: false - State: - name: state - description: A state of items - in: query - schema: - $ref: "#/components/schemas/State" - required: false - Name: - name: name - description: Name of the config. Search by name is partial-match and case-insensitive. - in: query - schema: - type: string - required: false + DomainID: name: domainID description: Unique domain identifier. @@ -514,9 +913,46 @@ components: required: true example: bb7edb32-2eac-4aad-aebe-ed96fe073879 + Limit: + name: limit + description: Maximum number of items to return. + in: query + schema: + type: integer + default: 10 + maximum: 100 + minimum: 1 + required: false + + Offset: + name: offset + description: Number of items to skip. + in: query + schema: + type: integer + default: 0 + minimum: 0 + required: false + + Status: + name: status + description: Filter by enrollment status. + in: query + schema: + $ref: "#/components/schemas/Status" + required: false + + Name: + name: name + description: Filter by name (partial, case-insensitive match). + in: query + schema: + type: string + required: false + requestBodies: ConfigCreateReq: - description: JSON-formatted document describing the new config. + description: New enrollment config. required: true content: application/json: @@ -525,51 +961,44 @@ components: properties: external_id: type: string - description: External ID (MAC address or some unique identifier). external_key: type: string - description: External key. - client_id: - type: string - format: uuid - description: ID of the corresponding Magistrala Client. - channels: - type: array - minItems: 0 - items: - type: string - format: uuid - content: - type: string name: type: string + content: + type: string + profile_id: + type: string + format: uuid + render_context: + type: object + additionalProperties: true client_cert: type: string - description: Client Certificate. client_key: type: string - description: Client Private Key. ca_cert: type: string required: - external_id - external_key + ConfigUpdateReq: - description: JSON-formatted document describing the updated client. + description: Fields to update on an enrollment config. + required: true content: application/json: schema: type: object properties: - content: - type: string name: type: string - required: - - content - - name + content: + type: string + ConfigCertUpdateReq: - description: JSON-formatted document describing the updated client. + description: Replacement certificate fields. + required: true content: application/json: schema: @@ -581,119 +1010,142 @@ components: type: string ca_cert: type: string - ConfigConnUpdateReq: - description: Array if IDs the client is be connected to. + + ProfileCreateReq: + description: New device profile. + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/Profile" + + ProfileUpdateReq: + description: Updated device profile fields. All fields are optional. + required: true content: application/json: schema: type: object properties: - channels: + name: + type: string + description: + type: string + template_format: + type: string + enum: [go-template, raw] + content_template: + type: string + defaults: + type: object + additionalProperties: true + binding_slots: type: array - minItems: 0 items: - type: string - format: uuid - ConfigStateUpdateReq: - description: Update the state of the Config. - content: - application/json: - schema: - type: object - properties: - state: - $ref: "#/components/schemas/State" + $ref: "#/components/schemas/BindingSlot" responses: ConfigCreateRes: description: Config registered. headers: Location: - content: - text/plain: - schema: - type: string - description: Created configuration's relative URL (i.e. /clients/configs/{configID}). - ConfigListRes: - description: Data retrieved. Configs from this list don't contain channels. - content: - application/json: schema: - $ref: "#/components/schemas/ConfigList" - ConfigRes: - description: Data retrieved. + type: string + description: Relative URL of the created config (e.g. /clients/configs/{configID}). content: application/json: schema: $ref: "#/components/schemas/Config" - links: - update: - operationId: updateConfig - parameters: - configID: $response.body#/id - updateCerts: - operationId: updateConfigCerts - parameters: - configID: $response.body#/id - updateConnections: - operationId: updateConfigConnections - parameters: - configID: $response.body#/id - updateState: - operationId: updateConfigState - parameters: - configID: $response.body#/id - delete: - operationId: removeConfig - parameters: - configID: $response.body#/id - BootstrapConfigRes: - description: | - Data retrieved. If secure, a response is encrypted using - the secret key, so the response is in the binary form. + + ConfigListRes: + description: Configs retrieved. content: application/json: schema: - $ref: "#/components/schemas/BootstrapConfig" - ServiceError: - description: Unexpected server-side error occurred. - HealthRes: - description: Service Health Check. + $ref: "#/components/schemas/ConfigList" + + ConfigRes: + description: Config retrieved. content: - application/health+json: + application/json: schema: - $ref: "./schemas/health_info.yaml" + $ref: "#/components/schemas/Config" + ConfigUpdateCertsRes: - description: Data retrieved. Config certs updated. + description: Config certificates updated. content: application/json: schema: $ref: "#/components/schemas/ConfigUpdateCerts" + BootstrapConfigRes: + description: | + Rendered bootstrap configuration. For the secure endpoint the response + body is AES-encrypted binary rather than JSON. + content: + application/json: + schema: + $ref: "#/components/schemas/BootstrapConfig" + + ProfileRes: + description: Profile retrieved or created. + content: + application/json: + schema: + $ref: "#/components/schemas/Profile" + + ProfileListRes: + description: Profiles retrieved. + content: + application/json: + schema: + $ref: "#/components/schemas/ProfileList" + + BindingsRes: + description: Binding snapshots retrieved. + content: + application/json: + schema: + type: object + properties: + bindings: + type: array + items: + $ref: "#/components/schemas/BindingSnapshot" + + ServiceError: + description: Unexpected server-side error occurred. + + HealthRes: + description: Service health check. + content: + application/health+json: + schema: + $ref: "./schemas/health_info.yaml" + securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: | - * Users access: "Authorization: Bearer " + User access token: "Authorization: Bearer " bootstrapAuth: type: http scheme: bearer bearerFormat: string description: | - * Clients access: "Authorization: Client " + Device access: "Authorization: Client " bootstrapEncAuth: type: http scheme: bearer - bearerFormat: aes-sha256-uuid + bearerFormat: aes-uuid description: | - * Clients access: "Authorization: Client " - Hex-encoded configuration external key encrypted using - the AES algorithm and SHA256 sum of the external key - itself as an encryption key. + Device access with AES-encrypted key: "Authorization: Client " + The external key must be hex-encoded and encrypted with AES using the + SHA256 of the external key itself as the encryption key. security: - bearerAuth: [] diff --git a/auth/api/grpc/auth/client.go b/auth/api/grpc/auth/client.go index c03989280..c071b11e0 100644 --- a/auth/api/grpc/auth/client.go +++ b/auth/api/grpc/auth/client.go @@ -94,6 +94,9 @@ func (client authGrpcClient) Authorize(ctx context.Context, req *grpcAuthV1.Auth } if patReq != nil { + if patReq.GetDomain() != "" { + authReqData.Domain = patReq.GetDomain() + } authReqData.UserID = patReq.GetUserId() authReqData.PatID = patReq.GetPatId() authReqData.EntityType = patReq.GetEntityType() diff --git a/auth/api/grpc/auth/endpoint_test.go b/auth/api/grpc/auth/endpoint_test.go index 19233f48f..7e982bf4d 100644 --- a/auth/api/grpc/auth/endpoint_test.go +++ b/auth/api/grpc/auth/endpoint_test.go @@ -131,6 +131,8 @@ func TestAuthorize(t *testing.T) { token string authRequest *grpcAuthV1.AuthZReq authResponse *grpcAuthV1.AuthZRes + expectedReq *policies.Policy + expectedPAT *auth.PATAuthz err error }{ { @@ -270,6 +272,47 @@ func TestAuthorize(t *testing.T) { authResponse: &grpcAuthV1.AuthZRes{Authorized: true}, err: nil, }, + { + desc: "authorize bootstrap PAT keeps PAT domain when policy domain is empty", + token: validPATToken, + authRequest: &grpcAuthV1.AuthZReq{ + PolicyReq: &grpcAuthV1.PolicyReq{ + Subject: id, + SubjectType: policies.UserType, + SubjectKind: policies.UsersKind, + Permission: policies.MembershipPermission, + ObjectType: policies.DomainType, + Object: domainID, + }, + PatReq: &grpcAuthV1.PATReq{ + PatId: id, + Domain: domainID, + Operation: "create", + UserId: id, + EntityId: auth.AnyIDs, + EntityType: auth.BootstrapStr, + }, + }, + authResponse: &grpcAuthV1.AuthZRes{Authorized: true}, + expectedReq: &policies.Policy{ + Domain: domainID, + SubjectType: policies.UserType, + SubjectKind: policies.UsersKind, + Subject: id, + Permission: policies.MembershipPermission, + ObjectType: policies.DomainType, + Object: domainID, + }, + expectedPAT: &auth.PATAuthz{ + PatID: id, + UserID: id, + EntityType: auth.BootstrapType, + EntityID: auth.AnyIDs, + Operation: "create", + Domain: domainID, + }, + err: nil, + }, { desc: "authorize user with unauthorized PAT token", token: inValidToken, diff --git a/auth/api/grpc/auth/server.go b/auth/api/grpc/auth/server.go index 34a1eac5f..37e69614d 100644 --- a/auth/api/grpc/auth/server.go +++ b/auth/api/grpc/auth/server.go @@ -88,6 +88,9 @@ func decodeAuthorizeRequest(_ context.Context, grpcReq any) (any, error) { } if patReq != nil { + if patReq.GetDomain() != "" { + authRequest.Domain = patReq.GetDomain() + } authRequest.UserID = patReq.GetUserId() authRequest.PatID = patReq.GetPatId() authRequest.EntityType = patReq.GetEntityType() diff --git a/auth/pat.go b/auth/pat.go index 05b6e3134..e1afd316a 100644 --- a/auth/pat.go +++ b/auth/pat.go @@ -76,6 +76,7 @@ const ( GroupsType EntityType = iota ChannelsType ClientsType + BootstrapType DashboardType MessagesType DomainsType @@ -88,6 +89,7 @@ const ( GroupsScopeStr = "groups" ChannelsScopeStr = "channels" ClientsScopeStr = "clients" + BootstrapStr = "bootstrap" DashboardsStr = "dashboards" MessagesStr = "messages" DomainsStr = "domains" @@ -104,6 +106,8 @@ func (et EntityType) String() string { return ChannelsScopeStr case ClientsType: return ClientsScopeStr + case BootstrapType: + return BootstrapStr case DashboardType: return DashboardsStr case MessagesType: @@ -129,6 +133,8 @@ func ParseEntityType(et string) (EntityType, error) { return ChannelsType, nil case ClientsScopeStr: return ClientsType, nil + case BootstrapStr: + return BootstrapType, nil case DashboardsStr: return DashboardType, nil case MessagesStr: @@ -169,7 +175,7 @@ func (et *EntityType) UnmarshalText(data []byte) (err error) { func IsValidOperationForEntity(entityType EntityType, operation string) bool { switch entityType { - case ClientsType, ChannelsType, GroupsType, DomainsType, RulesType, ReportsType: + case ClientsType, ChannelsType, GroupsType, BootstrapType, DomainsType, RulesType, ReportsType: return true case DashboardType: return operation == OpDashboardShare || operation == OpDashboardUnshare diff --git a/auth/pat_test.go b/auth/pat_test.go index 3bbaa3ae4..d73b13979 100644 --- a/auth/pat_test.go +++ b/auth/pat_test.go @@ -31,6 +31,11 @@ func TestEntityTypeString(t *testing.T) { et: auth.ClientsType, expected: "clients", }, + { + desc: "Bootstrap entity type", + et: auth.BootstrapType, + expected: "bootstrap", + }, { desc: "Dashboard entity type", et: auth.DashboardType, @@ -91,6 +96,12 @@ func TestParseEntityType(t *testing.T) { expected: auth.ClientsType, err: false, }, + { + desc: "Parse bootstrap", + et: "bootstrap", + expected: auth.BootstrapType, + err: false, + }, { desc: "Parse dashboards", et: "dashboards", @@ -155,6 +166,12 @@ func TestEntityTypeMarshalJSON(t *testing.T) { expected: []byte(`"clients"`), err: nil, }, + { + desc: "Marshal bootstrap", + et: auth.BootstrapType, + expected: []byte(`"bootstrap"`), + err: nil, + }, { desc: "Marshal rules", et: auth.RulesType, @@ -197,6 +214,12 @@ func TestEntityTypeUnmarshalJSON(t *testing.T) { expected: auth.ChannelsType, err: false, }, + { + desc: "Unmarshal bootstrap", + data: []byte(`"bootstrap"`), + expected: auth.BootstrapType, + err: false, + }, { desc: "Unmarshal rules", data: []byte(`"rules"`), @@ -250,6 +273,12 @@ func TestEntityTypeMarshalText(t *testing.T) { expected: []byte("channels"), err: nil, }, + { + desc: "Marshal bootstrap as text", + et: auth.BootstrapType, + expected: []byte("bootstrap"), + err: nil, + }, } for _, tc := range cases { @@ -280,6 +309,12 @@ func TestEntityTypeUnmarshalText(t *testing.T) { expected: auth.ChannelsType, err: false, }, + { + desc: "Unmarshal bootstrap from text", + data: []byte("bootstrap"), + expected: auth.BootstrapType, + err: false, + }, { desc: "Unmarshal unknown from text", data: []byte("unknown"), diff --git a/bootstrap/README.md b/bootstrap/README.md index d5d1c0498..17035f7d1 100644 --- a/bootstrap/README.md +++ b/bootstrap/README.md @@ -4,9 +4,9 @@ New devices need to be configured properly and connected to the Magistrala. Boot 1. Creating new Magistrala Clients 2. Providing basic configuration for the newly created Clients -3. Enabling/disabling Clients +3. Enabling/disabling bootstrap enrollments -Pre-provisioning a new Client is as simple as sending Configuration data to the Bootstrap service. Once the Client is online, it sends a request for initial config to Bootstrap service. Bootstrap service provides an API for enabling and disabling Clients. Only enabled Clients can exchange messages over Magistrala. Bootstrapping does not implicitly enable Clients, it has to be done manually. +Pre-provisioning a new Client is as simple as sending Configuration data to the Bootstrap service. Once the Client is online, it sends a request for initial config to Bootstrap service. Bootstrap service provides an API for enabling and disabling bootstrap enrollments. Bootstrapping does not implicitly enable an enrollment; it has to be done manually. In order to bootstrap successfully, the Client needs to send bootstrapping request to the specific URL, as well as a secret key. This key and URL are pre-provisioned during the manufacturing process. If the Client is provisioned on the Bootstrap service side, the corresponding configuration will be sent as a response. Otherwise, the Client will be saved so that it can be provisioned later. @@ -20,14 +20,14 @@ Client Configuration consists of two logical parts: the custom configuration tha > Note: list of channels contains IDs of the Magistrala channels. These channels are _pre-provisioned_ on the Magistrala side and, unlike corresponding Magistrala Client, Bootstrap service is not able to create Magistrala Channels. -Enabling and disabling Client (adding Client to/from whitelist) is as simple as connecting corresponding Magistrala Client to the given list of Channels. Configuration keeps _state_ of the Client: +Enabling and disabling a bootstrap enrollment is an enrollment toggle. Configuration keeps a _status_: -| State | What it means | -| -------- | ---------------------------------------------- | -| Inactive | Client is created, but isn't enabled | -| Active | Client is able to communicate using Magistrala | +| Status | What it means | +| -------- | ----------------------------------------------------------- | +| disabled | Enrollment exists, but bootstrap is not allowed | +| enabled | Enrollment can be used to fetch bootstrap configuration | -Switching between states `Active` and `Inactive` enables and disables Client, respectively. +Switching between statuses `enabled` and `disabled` enables and disables the enrollment, respectively. Client configuration also contains the so-called `external ID` and `external key`. An external ID is a unique identifier of corresponding Client. For example, a device MAC address is a good choice for external ID. External key is a secret key that is used for authentication during the bootstrapping procedure. diff --git a/bootstrap/api/endpoint.go b/bootstrap/api/endpoint.go index 5d0a0b658..53df9321f 100644 --- a/bootstrap/api/endpoint.go +++ b/bootstrap/api/endpoint.go @@ -26,21 +26,16 @@ func addEndpoint(svc bootstrap.Service) endpoint.Endpoint { return nil, svcerr.ErrAuthorization } - channels := []bootstrap.Channel{} - for _, c := range req.Channels { - channels = append(channels, bootstrap.Channel{ID: c}) - } - config := bootstrap.Config{ - ClientID: req.ClientID, - ExternalID: req.ExternalID, - ExternalKey: req.ExternalKey, - Channels: channels, - Name: req.Name, - ClientCert: req.ClientCert, - ClientKey: req.ClientKey, - CACert: req.CACert, - Content: req.Content, + ExternalID: req.ExternalID, + ExternalKey: req.ExternalKey, + Name: req.Name, + ClientCert: req.ClientCert, + ClientKey: req.ClientKey, + CACert: req.CACert, + Content: req.Content, + ProfileID: req.ProfileID, + RenderContext: req.RenderContext, } saved, err := svc.Add(ctx, session, req.token, config) @@ -49,8 +44,17 @@ func addEndpoint(svc bootstrap.Service) endpoint.Endpoint { } res := configRes{ - id: saved.ClientID, - created: true, + ID: saved.ID, + ExternalID: saved.ExternalID, + Name: saved.Name, + Content: saved.Content, + Status: saved.Status, + ProfileID: saved.ProfileID, + RenderContext: saved.RenderContext, + ClientCert: saved.ClientCert, + CACert: saved.CACert, + ClientKey: saved.ClientKey, + created: true, } return res, nil @@ -69,13 +73,13 @@ func updateCertEndpoint(svc bootstrap.Service) endpoint.Endpoint { return nil, svcerr.ErrAuthorization } - cfg, err := svc.UpdateCert(ctx, session, req.clientID, req.ClientCert, req.ClientKey, req.CACert) + cfg, err := svc.UpdateCert(ctx, session, req.configID, req.ClientCert, req.ClientKey, req.CACert) if err != nil { return nil, err } res := updateConfigRes{ - ClientID: cfg.ClientID, + ID: cfg.ID, ClientCert: cfg.ClientCert, CACert: cfg.CACert, ClientKey: cfg.ClientKey, @@ -102,24 +106,14 @@ func viewEndpoint(svc bootstrap.Service) endpoint.Endpoint { return nil, err } - var channels []channelRes - for _, ch := range config.Channels { - channels = append(channels, channelRes{ - ID: ch.ID, - Name: ch.Name, - Metadata: ch.Metadata, - }) - } - res := viewRes{ - ClientID: config.ClientID, - CLientSecret: config.ClientSecret, - Channels: channels, - ExternalID: config.ExternalID, - ExternalKey: config.ExternalKey, - Name: config.Name, - Content: config.Content, - State: config.State, + ID: config.ID, + ExternalID: config.ExternalID, + Name: config.Name, + Content: config.Content, + Status: config.Status, + ProfileID: config.ProfileID, + RenderContext: config.RenderContext, } return res, nil @@ -139,46 +133,16 @@ func updateEndpoint(svc bootstrap.Service) endpoint.Endpoint { } config := bootstrap.Config{ - ClientID: req.id, - Name: req.Name, - Content: req.Content, + ID: req.id, + Name: req.Name, + Content: req.Content, } if err := svc.Update(ctx, session, config); err != nil { return nil, err } - res := configRes{ - id: config.ClientID, - created: false, - } - - return res, nil - } -} - -func updateConnEndpoint(svc bootstrap.Service) endpoint.Endpoint { - return func(ctx context.Context, request any) (any, error) { - req := request.(updateConnReq) - if err := req.validate(); err != nil { - return nil, errors.Wrap(apiutil.ErrValidation, err) - } - - session, ok := ctx.Value(authn.SessionKey).(authn.Session) - if !ok { - return nil, svcerr.ErrAuthorization - } - - if err := svc.UpdateConnections(ctx, session, req.token, req.id, req.Channels); err != nil { - return nil, err - } - - res := configRes{ - id: req.id, - created: false, - } - - return res, nil + return updateRes{}, nil } } @@ -206,24 +170,14 @@ func listEndpoint(svc bootstrap.Service) endpoint.Endpoint { } for _, cfg := range page.Configs { - var channels []channelRes - for _, ch := range cfg.Channels { - channels = append(channels, channelRes{ - ID: ch.ID, - Name: ch.Name, - Metadata: ch.Metadata, - }) - } - view := viewRes{ - ClientID: cfg.ClientID, - CLientSecret: cfg.ClientSecret, - Channels: channels, - ExternalID: cfg.ExternalID, - ExternalKey: cfg.ExternalKey, - Name: cfg.Name, - Content: cfg.Content, - State: cfg.State, + ID: cfg.ID, + ExternalID: cfg.ExternalID, + Name: cfg.Name, + Content: cfg.Content, + Status: cfg.Status, + ProfileID: cfg.ProfileID, + RenderContext: cfg.RenderContext, } res.Configs = append(res.Configs, view) } @@ -268,9 +222,9 @@ func bootstrapEndpoint(svc bootstrap.Service, reader bootstrap.ConfigReader, sec } } -func stateEndpoint(svc bootstrap.Service) endpoint.Endpoint { +func enableConfigEndpoint(svc bootstrap.Service) endpoint.Endpoint { return func(ctx context.Context, request any) (any, error) { - req := request.(changeStateReq) + req := request.(changeConfigStatusReq) if err := req.validate(); err != nil { return nil, errors.Wrap(apiutil.ErrValidation, err) } @@ -280,10 +234,257 @@ func stateEndpoint(svc bootstrap.Service) endpoint.Endpoint { return nil, svcerr.ErrAuthorization } - if err := svc.ChangeState(ctx, session, req.token, req.id, req.State); err != nil { + cfg, err := svc.EnableConfig(ctx, session, req.id) + if err != nil { return nil, err } - return stateRes{}, nil + return changeConfigStatusRes{Config: cfg}, nil + } +} + +func disableConfigEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(changeConfigStatusReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + + cfg, err := svc.DisableConfig(ctx, session, req.id) + if err != nil { + return nil, err + } + + return changeConfigStatusRes{Config: cfg}, nil + } +} + +func createProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(createProfileReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + saved, err := svc.CreateProfile(ctx, session, req.Profile) + if err != nil { + return nil, err + } + return profileRes{Profile: saved, created: true}, nil + } +} + +func uploadProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(uploadProfileReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + saved, err := svc.CreateProfile(ctx, session, req.Profile) + if err != nil { + return nil, err + } + return profileRes{Profile: saved, created: true}, nil + } +} + +func viewProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(viewProfileReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + p, err := svc.ViewProfile(ctx, session, req.profileID) + if err != nil { + return nil, err + } + return profileRes{Profile: p}, nil + } +} + +func profileSlotsEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(viewProfileReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + p, err := svc.ViewProfile(ctx, session, req.profileID) + if err != nil { + return nil, err + } + return profileSlotsRes{BindingSlots: p.BindingSlots}, nil + } +} + +func renderPreviewEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(renderPreviewReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + p, err := svc.ViewProfile(ctx, session, req.profileID) + if err != nil { + return nil, err + } + + cfg := req.Config + cfg.DomainID = session.DomainID + cfg.ProfileID = p.ID + if cfg.RenderContext == nil { + cfg.RenderContext = req.RenderContext + } + + rendered, err := bootstrap.NewRenderer().Render(p, cfg, req.Bindings) + if err != nil { + return nil, err + } + + return renderPreviewRes{Content: string(rendered)}, nil + } +} + +func updateProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(updateProfileReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + req.Profile.ID = req.profileID + if err := svc.UpdateProfile(ctx, session, req.Profile); err != nil { + return nil, err + } + return profileRes{Profile: req.Profile}, nil + } +} + +func deleteProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(deleteProfileReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + if err := svc.DeleteProfile(ctx, session, req.profileID); err != nil { + return nil, err + } + return removeRes{}, nil + } +} + +func listProfilesEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(listProfilesReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + page, err := svc.ListProfiles(ctx, session, req.offset, req.limit) + if err != nil { + return nil, err + } + return profilesPageRes{ProfilesPage: page}, nil + } +} + +func assignProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(assignProfileReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + if err := svc.AssignProfile(ctx, session, req.configID, req.ProfileID); err != nil { + return nil, err + } + return removeRes{}, nil + } +} + +func bindResourcesEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(bindResourcesReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + if err := svc.BindResources(ctx, session, req.token, req.configID, req.Bindings); err != nil { + return nil, err + } + return removeRes{}, nil + } +} + +func listBindingsEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(listBindingsReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + snapshots, err := svc.ListBindings(ctx, session, req.configID) + if err != nil { + return nil, err + } + return bindingsRes{Bindings: snapshots}, nil + } +} + +func refreshBindingsEndpoint(svc bootstrap.Service) endpoint.Endpoint { + return func(ctx context.Context, request any) (any, error) { + req := request.(refreshBindingsReq) + if err := req.validate(); err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + session, ok := ctx.Value(authn.SessionKey).(authn.Session) + if !ok { + return nil, svcerr.ErrAuthorization + } + if err := svc.RefreshBindings(ctx, session, req.token, req.configID); err != nil { + return nil, err + } + return removeRes{}, nil } } diff --git a/bootstrap/api/endpoint_test.go b/bootstrap/api/endpoint_test.go index b78a45d39..dab0ddef5 100644 --- a/bootstrap/api/endpoint_test.go +++ b/bootstrap/api/endpoint_test.go @@ -38,7 +38,6 @@ const ( invalidToken = "invalid" email = "test@example.com" unknown = "unknown" - channelsNum = 3 contentType = "application/json" wrongID = "wrong_id" @@ -49,44 +48,32 @@ const ( ) var ( - encKey = []byte("1234567891011121") - metadata = map[string]any{"meta": "data"} - addExternalID = testsutil.GenerateUUID(&testing.T{}) - addExternalKey = testsutil.GenerateUUID(&testing.T{}) - addClientID = testsutil.GenerateUUID(&testing.T{}) - addClientSecret = testsutil.GenerateUUID(&testing.T{}) - addReq = struct { - ClientID string `json:"client_id"` - ClientSecret string `json:"client_secret"` - ExternalID string `json:"external_id"` - ExternalKey string `json:"external_key"` - Channels []string `json:"channels"` - Name string `json:"name"` - Content string `json:"content"` + encKey = []byte("1234567891011121") + addExternalID = testsutil.GenerateUUID(&testing.T{}) + addExternalKey = testsutil.GenerateUUID(&testing.T{}) + addID = testsutil.GenerateUUID(&testing.T{}) + addReq = struct { + ExternalID string `json:"external_id"` + ExternalKey string `json:"external_key"` + Name string `json:"name"` + Content string `json:"content"` }{ - ClientID: addClientID, - ClientSecret: addClientSecret, - ExternalID: addExternalID, - ExternalKey: addExternalKey, - Channels: []string{"1"}, - Name: "name", - Content: "config", + ExternalID: addExternalID, + ExternalKey: addExternalKey, + Name: "name", + Content: "config", } updateReq = struct { - Channels []string `json:"channels,omitempty"` - Content string `json:"content,omitempty"` - State bootstrap.State `json:"state,omitempty"` - ClientCert string `json:"client_cert,omitempty"` - ClientSecret string `json:"client_secret,omitempty"` - CACert string `json:"ca_cert,omitempty"` + Content string `json:"content,omitempty"` + Status bootstrap.Status `json:"status,omitempty"` + ClientCert string `json:"client_cert,omitempty"` + CACert string `json:"ca_cert,omitempty"` }{ - Channels: []string{"1"}, - Content: "config update", - State: 1, - ClientCert: "newcert", - ClientSecret: "newkey", - CACert: "newca", + Content: "config update", + Status: bootstrap.EnabledStatus, + ClientCert: "newcert", + CACert: "newca", } missingIDRes = toJSON(apiutil.ErrMissingID) @@ -108,21 +95,14 @@ type testRequest struct { func newConfig() bootstrap.Config { return bootstrap.Config{ - ClientID: addClientID, - ClientSecret: addClientSecret, - ExternalID: addExternalID, - ExternalKey: addExternalKey, - Channels: []bootstrap.Channel{ - { - ID: "1", - Metadata: metadata, - }, - }, - Name: addName, - Content: addContent, - ClientCert: "newcert", - ClientKey: "newkey", - CACert: "newca", + ID: addID, + ExternalID: addExternalID, + ExternalKey: addExternalKey, + Name: addName, + Content: addContent, + ClientCert: "newcert", + ClientKey: "newkey", + CACert: "newca", } } @@ -200,14 +180,6 @@ func TestAdd(t *testing.T) { data := toJSON(addReq) - neID := addReq - neID.ClientID = testsutil.GenerateUUID(t) - neData := toJSON(neID) - - invalidChannels := addReq - invalidChannels.Channels = []string{wrongID} - wrongData := toJSON(invalidChannels) - cases := []struct { desc string req string @@ -238,7 +210,7 @@ func TestAdd(t *testing.T) { token: validToken, contentType: contentType, status: http.StatusCreated, - location: "/clients/configs/" + c.ClientID, + location: "/clients/configs/" + c.ID, err: nil, }, { @@ -261,26 +233,6 @@ func TestAdd(t *testing.T) { location: "", err: svcerr.ErrConflict, }, - { - desc: "add a config with non-existent ID", - req: neData, - domainID: domainID, - token: validToken, - contentType: contentType, - status: http.StatusBadRequest, - location: "", - err: svcerr.ErrConflict, - }, - { - desc: "add a config with invalid channels", - req: wrongData, - domainID: domainID, - token: validToken, - contentType: contentType, - status: http.StatusBadRequest, - location: "", - err: svcerr.ErrConflict, - }, { desc: "add a config with wrong JSON", req: "{\"external_id\": 5}", @@ -354,20 +306,12 @@ func TestView(t *testing.T) { defer bs.Close() c := newConfig() - var channels []channel - for _, ch := range c.Channels { - channels = append(channels, channel{ID: ch.ID, Name: ch.Name, Metadata: ch.Metadata}) - } - data := config{ - ClientID: c.ClientID, - ClientSecret: c.ClientSecret, - State: c.State, - Channels: channels, - ExternalID: c.ExternalID, - ExternalKey: c.ExternalKey, - Name: c.Name, - Content: c.Content, + ID: c.ID, + Status: c.Status, + ExternalID: c.ExternalID, + Name: c.Name, + Content: c.Content, } cases := []struct { @@ -383,7 +327,7 @@ func TestView(t *testing.T) { { desc: "view a config with invalid token", token: invalidToken, - id: c.ClientID, + id: c.ID, status: http.StatusUnauthorized, res: config{}, authenticateErr: svcerr.ErrAuthentication, @@ -392,7 +336,7 @@ func TestView(t *testing.T) { { desc: "view a config", token: validToken, - id: c.ClientID, + id: c.ID, status: http.StatusOK, res: data, err: nil, @@ -408,7 +352,7 @@ func TestView(t *testing.T) { { desc: "view a config with an empty token", token: "", - id: c.ClientID, + id: c.ID, status: http.StatusUnauthorized, res: config{}, err: apiutil.ErrBearerToken, @@ -416,7 +360,7 @@ func TestView(t *testing.T) { { desc: "view config without authorization", token: validToken, - id: c.ClientID, + id: c.ID, status: http.StatusForbidden, res: config{}, err: svcerr.ErrAuthorization, @@ -445,10 +389,6 @@ func TestView(t *testing.T) { assert.Nil(t, err, fmt.Sprintf("Decoding expected to succeed %s: %s", tc.desc, err)) } - assert.ElementsMatch(t, tc.res.Channels, view.Channels, fmt.Sprintf("%s: expected response '%s' got '%s'", tc.desc, tc.res.Channels, view.Channels)) - // Empty channels to prevent order mismatch. - tc.res.Channels = []channel{} - view.Channels = []channel{} assert.Equal(t, tc.res, view, fmt.Sprintf("%s: expected response '%s' got '%s'", tc.desc, tc.res, view)) svcCall.Unset() authCall.Unset() @@ -477,7 +417,7 @@ func TestUpdate(t *testing.T) { { desc: "update with invalid token", req: data, - id: c.ClientID, + id: c.ID, token: invalidToken, contentType: contentType, status: http.StatusUnauthorized, @@ -487,7 +427,7 @@ func TestUpdate(t *testing.T) { { desc: "update with an empty token", req: data, - id: c.ClientID, + id: c.ID, token: "", contentType: contentType, status: http.StatusUnauthorized, @@ -496,7 +436,7 @@ func TestUpdate(t *testing.T) { { desc: "update a valid config", req: data, - id: c.ClientID, + id: c.ID, token: validToken, contentType: contentType, status: http.StatusOK, @@ -505,7 +445,7 @@ func TestUpdate(t *testing.T) { { desc: "update a config with wrong content type", req: data, - id: c.ClientID, + id: c.ID, token: validToken, contentType: "", status: http.StatusUnsupportedMediaType, @@ -523,7 +463,7 @@ func TestUpdate(t *testing.T) { { desc: "update a config with invalid request format", req: "}", - id: c.ClientID, + id: c.ID, token: validToken, contentType: contentType, status: http.StatusBadRequest, @@ -531,7 +471,7 @@ func TestUpdate(t *testing.T) { }, { desc: "update a config with an empty request", - id: c.ClientID, + id: c.ID, req: "", token: validToken, contentType: contentType, @@ -549,7 +489,7 @@ func TestUpdate(t *testing.T) { svcCall := svc.On("Update", mock.Anything, tc.session, mock.Anything).Return(tc.err) req := testRequest{ client: bs.Client(), - method: http.MethodPut, + method: http.MethodPatch, url: fmt.Sprintf("%s/%s/clients/configs/%s", bs.URL, domainID, tc.id), contentType: tc.contentType, token: tc.token, @@ -585,7 +525,7 @@ func TestUpdateCert(t *testing.T) { { desc: "update with invalid token", req: data, - id: c.ClientID, + id: c.ID, token: invalidToken, contentType: contentType, status: http.StatusUnauthorized, @@ -595,7 +535,7 @@ func TestUpdateCert(t *testing.T) { { desc: "update with an empty token", req: data, - id: c.ClientID, + id: c.ID, token: "", contentType: contentType, status: http.StatusUnauthorized, @@ -604,7 +544,7 @@ func TestUpdateCert(t *testing.T) { { desc: "update a valid config", req: data, - id: c.ClientID, + id: c.ID, token: validToken, contentType: contentType, status: http.StatusOK, @@ -613,7 +553,7 @@ func TestUpdateCert(t *testing.T) { { desc: "update a config with wrong content type", req: data, - id: c.ClientID, + id: c.ID, token: validToken, contentType: "", status: http.StatusUnsupportedMediaType, @@ -631,7 +571,7 @@ func TestUpdateCert(t *testing.T) { { desc: "update a config with invalid request format", req: "}", - id: c.ClientSecret, + id: c.ID, token: validToken, contentType: contentType, status: http.StatusBadRequest, @@ -639,7 +579,7 @@ func TestUpdateCert(t *testing.T) { }, { desc: "update a config with an empty request", - id: c.ClientID, + id: c.ID, req: "", token: validToken, contentType: contentType, @@ -672,130 +612,9 @@ func TestUpdateCert(t *testing.T) { } } -func TestUpdateConnections(t *testing.T) { - bs, svc, auth := newBootstrapServer() - defer bs.Close() - c := newConfig() - data := toJSON(updateReq) - - invalidChannels := updateReq - invalidChannels.Channels = []string{wrongID} - - wrongData := toJSON(invalidChannels) - - cases := []struct { - desc string - req string - id string - token string - session smqauthn.Session - contentType string - status int - authenticateErr error - err error - }{ - { - desc: "update connections with invalid token", - req: data, - id: c.ClientID, - token: invalidToken, - contentType: contentType, - status: http.StatusUnauthorized, - authenticateErr: svcerr.ErrAuthentication, - err: svcerr.ErrAuthentication, - }, - { - desc: "update connections with an empty token", - req: data, - id: c.ClientID, - token: "", - contentType: contentType, - status: http.StatusUnauthorized, - err: apiutil.ErrBearerToken, - }, - { - desc: "update connections valid config", - req: data, - id: c.ClientID, - token: validToken, - contentType: contentType, - status: http.StatusOK, - err: nil, - }, - { - desc: "update connections with wrong content type", - req: data, - id: c.ClientID, - token: validToken, - contentType: "", - status: http.StatusUnsupportedMediaType, - err: apiutil.ErrUnsupportedContentType, - }, - { - desc: "update connections for a non-existing config", - req: data, - id: wrongID, - token: validToken, - contentType: contentType, - status: http.StatusNotFound, - err: svcerr.ErrNotFound, - }, - { - desc: "update connections with invalid channels", - req: wrongData, - id: c.ClientID, - token: validToken, - contentType: contentType, - status: http.StatusNotFound, - err: svcerr.ErrNotFound, - }, - { - desc: "update a config with invalid request format", - req: "}", - id: c.ClientID, - token: validToken, - contentType: contentType, - status: http.StatusBadRequest, - err: svcerr.ErrMalformedEntity, - }, - { - desc: "update a config with an empty request", - id: c.ClientID, - req: "", - token: validToken, - contentType: contentType, - status: http.StatusBadRequest, - err: svcerr.ErrMalformedEntity, - }, - } - - for _, tc := range cases { - t.Run(tc.desc, func(t *testing.T) { - if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} - } - authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) - repoCall := svc.On("UpdateConnections", mock.Anything, tc.session, tc.token, mock.Anything, mock.Anything).Return(tc.err) - req := testRequest{ - client: bs.Client(), - method: http.MethodPut, - url: fmt.Sprintf("%s/%s/clients/configs/connections/%s", bs.URL, domainID, tc.id), - contentType: tc.contentType, - token: tc.token, - body: strings.NewReader(tc.req), - } - res, err := req.make() - assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", tc.desc, err)) - assert.Equal(t, tc.status, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", tc.desc, tc.status, res.StatusCode)) - repoCall.Unset() - authCall.Unset() - }) - } -} - func TestList(t *testing.T) { configNum := 101 - changedStateNum := 20 + changedStatusNum := 20 var active, inactive []config list := make([]config, configNum) @@ -807,43 +626,32 @@ func TestList(t *testing.T) { for i := 0; i < configNum; i++ { c.ExternalID = strconv.Itoa(i) - c.ClientSecret = c.ExternalID c.Name = fmt.Sprintf("%s-%d", addName, i) c.ExternalKey = fmt.Sprintf("%s%s", addExternalKey, strconv.Itoa(i)) - var channels []channel - for _, ch := range c.Channels { - channels = append(channels, channel{ID: ch.ID, Name: ch.Name, Metadata: ch.Metadata}) - } s := config{ - ClientID: c.ClientID, - ClientSecret: c.ClientSecret, - Channels: channels, - ExternalID: c.ExternalID, - ExternalKey: c.ExternalKey, - Name: c.Name, - Content: c.Content, - State: c.State, + ID: c.ID, + ExternalID: c.ExternalID, + Name: c.Name, + Content: c.Content, + Status: c.Status, } list[i] = s } - // Change state of first 20 elements for filtering tests. - for i := 0; i < changedStateNum; i++ { - state := bootstrap.Active + // Change status of first 20 elements for filtering tests. + for i := 0; i < changedStatusNum; i++ { if i%2 == 0 { - state = bootstrap.Inactive - } - svcCall := svc.On("ChangeState", context.Background(), mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil) - err := svc.ChangeState(context.Background(), smqauthn.Session{}, validToken, list[i].ClientID, state) - assert.Nil(t, err, fmt.Sprintf("Changing state expected to succeed: %s.\n", err)) - - svcCall.Unset() - - list[i].State = state - if state == bootstrap.Inactive { + // Even elements remain inactive (default status). inactive = append(inactive, list[i]) continue } + // Odd elements are enabled (active). + enabledCfg := bootstrap.Config{ID: list[i].ID, Status: bootstrap.Active} + svcCall := svc.On("EnableConfig", context.Background(), mock.Anything, mock.Anything).Return(enabledCfg, nil) + _, err := svc.EnableConfig(context.Background(), smqauthn.Session{}, list[i].ID) + assert.Nil(t, err, fmt.Sprintf("Enabling config expected to succeed: %s.\n", err)) + svcCall.Unset() + list[i].Status = bootstrap.Active active = append(active, list[i]) } @@ -979,7 +787,7 @@ func TestList(t *testing.T) { { desc: "view list with invalid query parameters", token: validToken, - url: fmt.Sprintf("%s?offset=%d&limit=%d&state=%d&key=%%", path, 10, 10, bootstrap.Inactive), + url: fmt.Sprintf("%s?offset=%d&limit=%d&status=%s&key=%%", path, 10, 10, bootstrap.Disabled), status: http.StatusBadRequest, res: configPage{}, err: apiutil.ErrInvalidQueryParams, @@ -987,7 +795,7 @@ func TestList(t *testing.T) { { desc: "view first 10 active", token: validToken, - url: fmt.Sprintf("%s?offset=%d&limit=%d&state=%d", path, 0, 20, bootstrap.Active), + url: fmt.Sprintf("%s?offset=%d&limit=%d&status=%s", path, 0, 20, bootstrap.Enabled), status: http.StatusOK, res: configPage{ Total: uint64(len(active)), @@ -1000,7 +808,7 @@ func TestList(t *testing.T) { { desc: "view first 10 inactive", token: validToken, - url: fmt.Sprintf("%s?offset=%d&limit=%d&state=%d", path, 0, 20, bootstrap.Inactive), + url: fmt.Sprintf("%s?offset=%d&limit=%d&status=%s", path, 0, 20, bootstrap.Disabled), status: http.StatusOK, res: configPage{ Total: uint64(len(list) - len(inactive)), @@ -1013,7 +821,7 @@ func TestList(t *testing.T) { { desc: "view first 5 active", token: validToken, - url: fmt.Sprintf("%s?offset=%d&limit=%d&state=%d", path, 0, 10, bootstrap.Active), + url: fmt.Sprintf("%s?offset=%d&limit=%d&status=%s", path, 0, 10, bootstrap.Enabled), status: http.StatusOK, res: configPage{ Total: uint64(len(active)), @@ -1026,7 +834,7 @@ func TestList(t *testing.T) { { desc: "view last 5 inactive", token: validToken, - url: fmt.Sprintf("%s?offset=%d&limit=%d&state=%d", path, 10, 10, bootstrap.Inactive), + url: fmt.Sprintf("%s?offset=%d&limit=%d&status=%s", path, 10, 10, bootstrap.Disabled), status: http.StatusOK, res: configPage{ Total: uint64(len(list) - len(active)), @@ -1085,7 +893,7 @@ func TestRemove(t *testing.T) { }{ { desc: "remove with invalid token", - id: c.ClientID, + id: c.ID, token: invalidToken, status: http.StatusUnauthorized, authenticateErr: svcerr.ErrAuthentication, @@ -1093,7 +901,7 @@ func TestRemove(t *testing.T) { }, { desc: "remove with an empty token", - id: c.ClientID, + id: c.ID, token: "", status: http.StatusUnauthorized, err: apiutil.ErrBearerToken, @@ -1107,7 +915,7 @@ func TestRemove(t *testing.T) { }, { desc: "remove config", - id: c.ClientID, + id: c.ID, token: validToken, status: http.StatusNoContent, err: nil, @@ -1151,27 +959,18 @@ func TestBootstrap(t *testing.T) { encExternKey, err := enc([]byte(c.ExternalKey)) assert.Nil(t, err, fmt.Sprintf("Encrypting config expected to succeed: %s.\n", err)) - var channels []channel - for _, ch := range c.Channels { - channels = append(channels, channel{ID: ch.ID, Name: ch.Name, Metadata: ch.Metadata}) - } - s := struct { - ClientID string `json:"client_id"` - ClientSecret string `json:"client_secret"` - Channels []channel `json:"channels"` - Content string `json:"content"` - ClientCert string `json:"client_cert"` - ClientKey string `json:"client_key"` - CACert string `json:"ca_cert"` + ID string `json:"id"` + Content string `json:"content"` + ClientCert string `json:"client_cert"` + ClientKey string `json:"client_key"` + CACert string `json:"ca_cert"` }{ - ClientID: c.ClientID, - ClientSecret: c.ClientSecret, - Channels: channels, - Content: c.Content, - ClientCert: c.ClientCert, - ClientKey: c.ClientKey, - CACert: c.CACert, + ID: c.ID, + Content: c.Content, + ClientCert: c.ClientCert, + ClientKey: c.ClientKey, + CACert: c.CACert, } data := toJSON(s) @@ -1276,97 +1075,63 @@ func TestBootstrap(t *testing.T) { } } -func TestChangeState(t *testing.T) { +func TestChangeStatus(t *testing.T) { bs, svc, auth := newBootstrapServer() defer bs.Close() c := newConfig() - inactive := fmt.Sprintf("{\"state\": %d}", bootstrap.Inactive) - active := fmt.Sprintf("{\"state\": %d}", bootstrap.Active) + activeCfg := bootstrap.Config{ID: c.ID, Status: bootstrap.Active} + inactiveCfg := bootstrap.Config{ID: c.ID, Status: bootstrap.Inactive} cases := []struct { desc string id string token string session smqauthn.Session - state string - contentType string + action string status int authenticateErr error - err error + svcCfg bootstrap.Config + svcErr error }{ { - desc: "change state with invalid token", - id: c.ClientID, + desc: "enable with invalid token", + id: c.ID, token: invalidToken, - state: active, - contentType: contentType, + action: "enable", status: http.StatusUnauthorized, authenticateErr: svcerr.ErrAuthentication, - err: svcerr.ErrAuthentication, }, { - desc: "change state with an empty token", - id: c.ClientID, - token: "", - state: active, - contentType: contentType, - status: http.StatusUnauthorized, - err: apiutil.ErrBearerToken, + desc: "enable with empty token", + id: c.ID, + token: "", + action: "enable", + status: http.StatusUnauthorized, }, { - desc: "change state with invalid content type", - id: c.ClientID, - token: validToken, - state: active, - contentType: "", - status: http.StatusUnsupportedMediaType, - err: apiutil.ErrUnsupportedContentType, + desc: "enable config", + id: c.ID, + token: validToken, + action: "enable", + status: http.StatusOK, + svcCfg: activeCfg, }, { - desc: "change state to active", - id: c.ClientID, - token: validToken, - state: active, - contentType: contentType, - status: http.StatusOK, - err: nil, + desc: "disable config", + id: c.ID, + token: validToken, + action: "disable", + status: http.StatusOK, + svcCfg: inactiveCfg, }, { - desc: "change state to inactive", - id: c.ClientID, - token: validToken, - state: inactive, - contentType: contentType, - status: http.StatusOK, - err: nil, - }, - { - desc: "change state of non-existing config", - id: wrongID, - token: validToken, - state: active, - contentType: contentType, - status: http.StatusNotFound, - err: svcerr.ErrNotFound, - }, - { - desc: "change state to invalid value", - id: c.ClientID, - token: validToken, - state: fmt.Sprintf("{\"state\": %d}", -3), - contentType: contentType, - status: http.StatusBadRequest, - err: svcerr.ErrMalformedEntity, - }, - { - desc: "change state with invalid data", - id: c.ClientID, - token: validToken, - state: "", - contentType: contentType, - status: http.StatusBadRequest, - err: svcerr.ErrMalformedEntity, + desc: "enable non-existing config", + id: wrongID, + token: validToken, + action: "enable", + status: http.StatusNotFound, + svcErr: svcerr.ErrNotFound, }, } @@ -1376,14 +1141,16 @@ func TestChangeState(t *testing.T) { tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) - svcCall := svc.On("ChangeState", mock.Anything, tc.session, tc.token, mock.Anything, mock.Anything).Return(tc.err) + methodName := "EnableConfig" + if tc.action == "disable" { + methodName = "DisableConfig" + } + svcCall := svc.On(methodName, mock.Anything, tc.session, mock.Anything).Return(tc.svcCfg, tc.svcErr) req := testRequest{ - client: bs.Client(), - method: http.MethodPut, - url: fmt.Sprintf("%s/%s/clients/state/%s", bs.URL, domainID, tc.id), - token: tc.token, - contentType: tc.contentType, - body: strings.NewReader(tc.state), + client: bs.Client(), + method: http.MethodPost, + url: fmt.Sprintf("%s/%s/clients/configs/%s/%s", bs.URL, domainID, tc.id, tc.action), + token: tc.token, } res, err := req.make() assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", tc.desc, err)) @@ -1394,21 +1161,185 @@ func TestChangeState(t *testing.T) { } } -type channel struct { - ID string `json:"id"` - Name string `json:"name,omitempty"` - Metadata any `json:"metadata,omitempty"` +func TestUploadProfile(t *testing.T) { + bs, svc, auth := newBootstrapServer() + defer bs.Close() + + session := smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + saved := bootstrap.Profile{ + ID: testsutil.GenerateUUID(t), + Name: "gateway", + TemplateFormat: bootstrap.TemplateFormatGoTemplate, + ContentTemplate: "{{ .Device.ID }}", + } + + cases := []struct { + desc string + contentType string + body string + profile bootstrap.Profile + }{ + { + desc: "upload JSON profile", + contentType: "application/json", + body: `{"name":"gateway","template_format":"go-template","content_template":"{{ .Device.ID }}"}`, + profile: bootstrap.Profile{ + Name: "gateway", + TemplateFormat: bootstrap.TemplateFormatGoTemplate, + ContentTemplate: "{{ .Device.ID }}", + }, + }, + { + desc: "upload YAML profile", + contentType: "application/yaml", + body: "name: gateway\ntemplate_format: go-template\ncontent_template: '{{ .Device.ID }}'\n", + profile: bootstrap.Profile{ + Name: "gateway", + TemplateFormat: bootstrap.TemplateFormatGoTemplate, + ContentTemplate: "{{ .Device.ID }}", + }, + }, + { + desc: "upload TOML profile", + contentType: "application/toml", + body: "name = 'gateway'\ntemplate_format = 'go-template'\ncontent_template = '{{ .Device.ID }}'\n", + profile: bootstrap.Profile{ + Name: "gateway", + TemplateFormat: bootstrap.TemplateFormatGoTemplate, + ContentTemplate: "{{ .Device.ID }}", + }, + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + authCall := auth.On("Authenticate", mock.Anything, validToken).Return(session, nil) + svcCall := svc.On("CreateProfile", mock.Anything, session, tc.profile).Return(saved, nil) + req := testRequest{ + client: bs.Client(), + method: http.MethodPost, + url: fmt.Sprintf("%s/%s/clients/bootstrap/profiles/upload", bs.URL, domainID), + contentType: tc.contentType, + token: validToken, + body: strings.NewReader(tc.body), + } + res, err := req.make() + assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", tc.desc, err)) + assert.Equal(t, http.StatusCreated, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", tc.desc, http.StatusCreated, res.StatusCode)) + assert.Equal(t, "/bootstrap/profiles/"+saved.ID, res.Header.Get("Location")) + svcCall.Unset() + authCall.Unset() + }) + } +} + +func TestProfileSlots(t *testing.T) { + bs, svc, auth := newBootstrapServer() + defer bs.Close() + + session := smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + profileID := testsutil.GenerateUUID(t) + slots := []bootstrap.BindingSlot{ + {Name: "mqtt_client", Type: "client", Required: true, Fields: []string{"id", "secret"}}, + {Name: "telemetry", Type: "channel", Required: true, Fields: []string{"id", "topic"}}, + } + profile := bootstrap.Profile{ + ID: profileID, + Name: "gateway", + BindingSlots: slots, + } + authCall := auth.On("Authenticate", mock.Anything, validToken).Return(session, nil) + svcCall := svc.On("ViewProfile", mock.Anything, session, profileID).Return(profile, nil) + + req := testRequest{ + client: bs.Client(), + method: http.MethodGet, + url: fmt.Sprintf("%s/%s/clients/bootstrap/profiles/%s/slots", bs.URL, domainID, profileID), + token: validToken, + } + res, err := req.make() + assert.Nil(t, err, fmt.Sprintf("profile slots unexpected error %s", err)) + assert.Equal(t, http.StatusOK, res.StatusCode, fmt.Sprintf("expected status code %d got %d", http.StatusOK, res.StatusCode)) + + var got struct { + BindingSlots []bootstrap.BindingSlot `json:"binding_slots"` + } + err = json.NewDecoder(res.Body).Decode(&got) + assert.Nil(t, err, fmt.Sprintf("decoding profile slots expected to succeed: %s", err)) + assert.ElementsMatch(t, slots, got.BindingSlots) + + svcCall.Unset() + authCall.Unset() +} + +func TestRenderPreview(t *testing.T) { + bs, svc, auth := newBootstrapServer() + defer bs.Close() + + session := smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + profileID := testsutil.GenerateUUID(t) + configID := testsutil.GenerateUUID(t) + profile := bootstrap.Profile{ + ID: profileID, + Name: "gateway", + TemplateFormat: bootstrap.TemplateFormatGoTemplate, + ContentTemplate: `device={{ .Device.ID }} site={{ .Vars.site }} topic={{ index (index .Bindings "telemetry").Snapshot "topic" }}`, + } + authCall := auth.On("Authenticate", mock.Anything, validToken).Return(session, nil) + svcCall := svc.On("ViewProfile", mock.Anything, session, profileID).Return(profile, nil) + + reqBody := struct { + Config bootstrap.Config `json:"config"` + Bindings []bootstrap.BindingSnapshot `json:"bindings"` + }{ + Config: bootstrap.Config{ + ID: configID, + ExternalID: "gw-001", + RenderContext: map[string]any{ + "site": "warehouse-1", + }, + }, + Bindings: []bootstrap.BindingSnapshot{ + { + Slot: "telemetry", + Type: "channel", + ResourceID: "ch-1", + Snapshot: map[string]any{ + "topic": "devices/gw-001/telemetry", + }, + }, + }, + } + + req := testRequest{ + client: bs.Client(), + method: http.MethodPost, + url: fmt.Sprintf("%s/%s/clients/bootstrap/profiles/%s/render-preview", bs.URL, domainID, profileID), + contentType: contentType, + token: validToken, + body: strings.NewReader(toJSON(reqBody)), + } + res, err := req.make() + assert.Nil(t, err, fmt.Sprintf("render preview unexpected error %s", err)) + assert.Equal(t, http.StatusOK, res.StatusCode, fmt.Sprintf("expected status code %d got %d", http.StatusOK, res.StatusCode)) + + var got struct { + Content string `json:"content"` + } + err = json.NewDecoder(res.Body).Decode(&got) + assert.Nil(t, err, fmt.Sprintf("decoding render preview expected to succeed: %s", err)) + assert.Equal(t, "device="+configID+" site=warehouse-1 topic=devices/gw-001/telemetry", got.Content) + + svcCall.Unset() + authCall.Unset() } type config struct { - ClientID string `json:"client_id,omitempty"` - ClientSecret string `json:"client_secret,omitempty"` - Channels []channel `json:"channels,omitempty"` - ExternalID string `json:"external_id"` - ExternalKey string `json:"external_key,omitempty"` - Content string `json:"content,omitempty"` - Name string `json:"name"` - State bootstrap.State `json:"state"` + ID string `json:"id,omitempty"` + ExternalID string `json:"external_id"` + Content string `json:"content,omitempty"` + Name string `json:"name"` + Status bootstrap.Status `json:"status"` } type configPage struct { diff --git a/bootstrap/api/requests.go b/bootstrap/api/requests.go index 685ff077c..a8cff4699 100644 --- a/bootstrap/api/requests.go +++ b/bootstrap/api/requests.go @@ -11,16 +11,16 @@ import ( const maxLimitSize = 100 type addReq struct { - token string - ClientID string `json:"client_id"` - ExternalID string `json:"external_id"` - ExternalKey string `json:"external_key"` - Channels []string `json:"channels"` - Name string `json:"name"` - Content string `json:"content"` - ClientCert string `json:"client_cert"` - ClientKey string `json:"client_key"` - CACert string `json:"ca_cert"` + token string + ExternalID string `json:"external_id"` + ExternalKey string `json:"external_key"` + Name string `json:"name"` + Content string `json:"content"` + ClientCert string `json:"client_cert"` + ClientKey string `json:"client_key"` + CACert string `json:"ca_cert"` + ProfileID string `json:"profile_id"` + RenderContext map[string]any `json:"render_context"` } func (req addReq) validate() error { @@ -36,16 +36,6 @@ func (req addReq) validate() error { return apiutil.ErrBearerKey } - if len(req.Channels) == 0 { - return apiutil.ErrEmptyList - } - - for _, channel := range req.Channels { - if channel == "" { - return apiutil.ErrMissingID - } - } - return nil } @@ -76,32 +66,14 @@ func (req updateReq) validate() error { } type updateCertReq struct { - clientID string + configID string ClientCert string `json:"client_cert"` ClientKey string `json:"client_key"` CACert string `json:"ca_cert"` } func (req updateCertReq) validate() error { - if req.clientID == "" { - return apiutil.ErrMissingID - } - - return nil -} - -type updateConnReq struct { - token string - id string - Channels []string `json:"channels"` -} - -func (req updateConnReq) validate() error { - if req.token == "" { - return apiutil.ErrBearerToken - } - - if req.id == "" { + if req.configID == "" { return apiutil.ErrMissingID } @@ -139,13 +111,12 @@ func (req bootstrapReq) validate() error { return nil } -type changeStateReq struct { +type changeConfigStatusReq struct { token string id string - State bootstrap.State `json:"state"` } -func (req changeStateReq) validate() error { +func (req changeConfigStatusReq) validate() error { if req.token == "" { return apiutil.ErrBearerToken } @@ -154,10 +125,153 @@ func (req changeStateReq) validate() error { return apiutil.ErrMissingID } - if req.State != bootstrap.Inactive && - req.State != bootstrap.Active { - return bootstrap.ErrBootstrapState - } - + return nil +} + +// --- Profile requests --- + +type createProfileReq struct { + bootstrap.Profile +} + +func (req createProfileReq) validate() error { + if req.Name == "" { + return apiutil.ErrMissingName + } + return nil +} + +type uploadProfileReq struct { + bootstrap.Profile +} + +func (req uploadProfileReq) validate() error { + if req.Name == "" { + return apiutil.ErrMissingName + } + return nil +} + +type viewProfileReq struct { + profileID string +} + +func (req viewProfileReq) validate() error { + if req.profileID == "" { + return apiutil.ErrMissingID + } + return nil +} + +type updateProfileReq struct { + profileID string + bootstrap.Profile +} + +func (req updateProfileReq) validate() error { + if req.profileID == "" { + return apiutil.ErrMissingID + } + return nil +} + +type renderPreviewReq struct { + profileID string + Config bootstrap.Config `json:"config"` + RenderContext map[string]any `json:"render_context,omitempty"` + Bindings []bootstrap.BindingSnapshot `json:"bindings,omitempty"` +} + +func (req renderPreviewReq) validate() error { + if req.profileID == "" { + return apiutil.ErrMissingID + } + return nil +} + +type deleteProfileReq struct { + profileID string +} + +func (req deleteProfileReq) validate() error { + if req.profileID == "" { + return apiutil.ErrMissingID + } + return nil +} + +type listProfilesReq struct { + offset uint64 + limit uint64 +} + +func (req listProfilesReq) validate() error { + if req.limit == 0 || req.limit > maxLimitSize { + return apiutil.ErrLimitSize + } + return nil +} + +// --- Enrollment binding requests --- + +type assignProfileReq struct { + configID string + ProfileID string `json:"profile_id"` +} + +func (req assignProfileReq) validate() error { + if req.configID == "" || req.ProfileID == "" { + return apiutil.ErrMissingID + } + return nil +} + +type bindResourcesReq struct { + token string + configID string + Bindings []bootstrap.BindingRequest `json:"bindings"` +} + +func (req bindResourcesReq) validate() error { + if req.token == "" { + return apiutil.ErrBearerToken + } + if req.configID == "" { + return apiutil.ErrMissingID + } + if len(req.Bindings) == 0 { + return apiutil.ErrEmptyList + } + for _, b := range req.Bindings { + if b.Slot == "" || b.Type == "" || b.ResourceID == "" { + return apiutil.ErrMissingID + } + } + return nil +} + +type listBindingsReq struct { + configID string +} + +func (req listBindingsReq) validate() error { + if req.configID == "" { + return apiutil.ErrMissingID + } + return nil +} + +type refreshBindingsReq struct { + token string + configID string +} + +func (req refreshBindingsReq) validate() error { + if req.token == "" { + return apiutil.ErrBearerToken + } + if req.configID == "" { + return apiutil.ErrMissingID + } return nil } diff --git a/bootstrap/api/requests_test.go b/bootstrap/api/requests_test.go index 41433fd13..fcbf82aa4 100644 --- a/bootstrap/api/requests_test.go +++ b/bootstrap/api/requests_test.go @@ -8,23 +8,15 @@ import ( "testing" apiutil "github.com/absmach/magistrala/api/http/util" - "github.com/absmach/magistrala/bootstrap" - "github.com/absmach/magistrala/internal/testsutil" "github.com/stretchr/testify/assert" ) -var ( - channel1 = testsutil.GenerateUUID(&testing.T{}) - channel2 = testsutil.GenerateUUID(&testing.T{}) -) - func TestAddReqValidation(t *testing.T) { cases := []struct { desc string token string externalID string externalKey string - channels []string err error }{ { @@ -32,7 +24,6 @@ func TestAddReqValidation(t *testing.T) { token: "token", externalID: "external-id", externalKey: "external-key", - channels: []string{channel1, channel2}, err: nil, }, { @@ -40,7 +31,6 @@ func TestAddReqValidation(t *testing.T) { token: "", externalID: "external-id", externalKey: "external-key", - channels: []string{channel1, channel2}, err: apiutil.ErrBearerToken, }, { @@ -48,7 +38,6 @@ func TestAddReqValidation(t *testing.T) { token: "token", externalID: "", externalKey: "external-key", - channels: []string{channel1, channel2}, err: apiutil.ErrMissingID, }, { @@ -56,7 +45,6 @@ func TestAddReqValidation(t *testing.T) { token: "token", externalID: "external-id", externalKey: "", - channels: []string{channel1, channel2}, err: apiutil.ErrBearerKey, }, { @@ -64,23 +52,6 @@ func TestAddReqValidation(t *testing.T) { token: "token", externalID: "", externalKey: "", - channels: []string{channel1, channel2}, - err: apiutil.ErrMissingID, - }, - { - desc: "empty channels", - token: "token", - externalID: "external-id", - externalKey: "external-key", - channels: []string{}, - err: apiutil.ErrEmptyList, - }, - { - desc: "empty channel value", - token: "token", - externalID: "external-id", - externalKey: "external-key", - channels: []string{channel1, ""}, err: apiutil.ErrMissingID, }, } @@ -90,7 +61,6 @@ func TestAddReqValidation(t *testing.T) { token: tc.token, ExternalID: tc.externalID, ExternalKey: tc.externalKey, - Channels: tc.channels, } err := req.validate() @@ -152,52 +122,19 @@ func TestUpdateReqValidation(t *testing.T) { func TestUpdateCertReqValidation(t *testing.T) { cases := []struct { desc string - clientID string + configID string err error }{ { - desc: "empty client id", - clientID: "", + desc: "empty config id", + configID: "", err: apiutil.ErrMissingID, }, } for _, tc := range cases { req := updateCertReq{ - clientID: tc.clientID, - } - - err := req.validate() - assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - } -} - -func TestUpdateConnReqValidation(t *testing.T) { - cases := []struct { - desc string - id string - token string - - err error - }{ - { - desc: "empty token", - token: "", - id: "id", - err: apiutil.ErrBearerToken, - }, - { - desc: "empty id", - token: "token", - id: "", - err: apiutil.ErrMissingID, - }, - } - - for _, tc := range cases { - req := updateConnReq{ - token: tc.token, - id: tc.id, + configID: tc.configID, } err := req.validate() @@ -269,42 +206,37 @@ func TestBootstrapReqValidation(t *testing.T) { } } -func TestChangeStateReqValidation(t *testing.T) { +func TestChangeConfigStatusReqValidation(t *testing.T) { cases := []struct { desc string token string id string - state bootstrap.State err error }{ { desc: "empty token", token: "", id: "id", - state: bootstrap.State(1), err: apiutil.ErrBearerToken, }, { desc: "empty id", token: "token", id: "", - state: bootstrap.State(0), err: apiutil.ErrMissingID, }, { - desc: "invalid state", + desc: "valid request", token: "token", id: "id", - state: bootstrap.State(14), - err: bootstrap.ErrBootstrapState, + err: nil, }, } for _, tc := range cases { - req := changeStateReq{ + req := changeConfigStatusReq{ token: tc.token, id: tc.id, - State: tc.state, } err := req.validate() diff --git a/bootstrap/api/responses.go b/bootstrap/api/responses.go index b1890dedb..3b0c5031e 100644 --- a/bootstrap/api/responses.go +++ b/bootstrap/api/responses.go @@ -14,7 +14,7 @@ import ( var ( _ magistrala.Response = (*removeRes)(nil) _ magistrala.Response = (*configRes)(nil) - _ magistrala.Response = (*stateRes)(nil) + _ magistrala.Response = (*changeConfigStatusRes)(nil) _ magistrala.Response = (*viewRes)(nil) _ magistrala.Response = (*listRes)(nil) ) @@ -33,9 +33,32 @@ func (res removeRes) Empty() bool { return true } +type updateRes struct{} + +func (res updateRes) Code() int { + return http.StatusOK +} + +func (res updateRes) Headers() map[string]string { + return map[string]string{} +} + +func (res updateRes) Empty() bool { + return true +} + type configRes struct { - id string - created bool + ID string `json:"id"` + ExternalID string `json:"external_id"` + Name string `json:"name,omitempty"` + Content string `json:"content,omitempty"` + Status bootstrap.Status `json:"status"` + ProfileID string `json:"profile_id,omitempty"` + RenderContext map[string]any `json:"render_context,omitempty"` + ClientCert string `json:"client_cert,omitempty"` + CACert string `json:"ca_cert,omitempty"` + ClientKey string `json:"client_key,omitempty"` + created bool } func (res configRes) Code() int { @@ -49,7 +72,7 @@ func (res configRes) Code() int { func (res configRes) Headers() map[string]string { if res.created { return map[string]string{ - "Location": fmt.Sprintf("/clients/configs/%s", res.id), + "Location": fmt.Sprintf("/clients/configs/%s", res.ID), } } @@ -57,26 +80,20 @@ func (res configRes) Headers() map[string]string { } func (res configRes) Empty() bool { - return true -} - -type channelRes struct { - ID string `json:"id"` - Name string `json:"name,omitempty"` - Metadata any `json:"metadata,omitempty"` + return false } type viewRes struct { - ClientID string `json:"client_id,omitempty"` - CLientSecret string `json:"client_secret,omitempty"` - Channels []channelRes `json:"channels,omitempty"` - ExternalID string `json:"external_id"` - ExternalKey string `json:"external_key,omitempty"` - Content string `json:"content,omitempty"` - Name string `json:"name,omitempty"` - State bootstrap.State `json:"state"` - ClientCert string `json:"client_cert,omitempty"` - CACert string `json:"ca_cert,omitempty"` + ID string `json:"id,omitempty"` + ExternalID string `json:"external_id"` + Content string `json:"content,omitempty"` + Name string `json:"name,omitempty"` + Status bootstrap.Status `json:"status"` + ProfileID string `json:"profile_id,omitempty"` + RenderContext map[string]any `json:"render_context,omitempty"` + ClientCert string `json:"client_cert,omitempty"` + CACert string `json:"ca_cert,omitempty"` + ClientKey string `json:"client_key,omitempty"` } func (res viewRes) Code() int { @@ -110,22 +127,24 @@ func (res listRes) Empty() bool { return false } -type stateRes struct{} +type changeConfigStatusRes struct { + bootstrap.Config +} -func (res stateRes) Code() int { +func (res changeConfigStatusRes) Code() int { return http.StatusOK } -func (res stateRes) Headers() map[string]string { +func (res changeConfigStatusRes) Headers() map[string]string { return map[string]string{} } -func (res stateRes) Empty() bool { - return true +func (res changeConfigStatusRes) Empty() bool { + return false } type updateConfigRes struct { - ClientID string `json:"client_id,omitempty"` + ID string `json:"id,omitempty"` CACert string `json:"ca_cert,omitempty"` ClientCert string `json:"client_cert,omitempty"` ClientKey string `json:"client_key,omitempty"` @@ -142,3 +161,63 @@ func (res updateConfigRes) Headers() map[string]string { func (res updateConfigRes) Empty() bool { return false } + +// profileRes is returned on create (201) or update (200). +type profileRes struct { + bootstrap.Profile + created bool +} + +func (res profileRes) Code() int { + if res.created { + return http.StatusCreated + } + return http.StatusOK +} + +func (res profileRes) Headers() map[string]string { + if res.created { + return map[string]string{ + "Location": fmt.Sprintf("/bootstrap/profiles/%s", res.ID), + } + } + return map[string]string{} +} + +func (res profileRes) Empty() bool { return false } + +// profilesPageRes is returned by ListProfiles. +type profilesPageRes struct { + bootstrap.ProfilesPage +} + +func (res profilesPageRes) Code() int { return http.StatusOK } +func (res profilesPageRes) Headers() map[string]string { return map[string]string{} } +func (res profilesPageRes) Empty() bool { return false } + +// profileSlotsRes is returned by profile slots endpoint. +type profileSlotsRes struct { + BindingSlots []bootstrap.BindingSlot `json:"binding_slots"` +} + +func (res profileSlotsRes) Code() int { return http.StatusOK } +func (res profileSlotsRes) Headers() map[string]string { return map[string]string{} } +func (res profileSlotsRes) Empty() bool { return false } + +// renderPreviewRes is returned by profile render-preview endpoint. +type renderPreviewRes struct { + Content string `json:"content"` +} + +func (res renderPreviewRes) Code() int { return http.StatusOK } +func (res renderPreviewRes) Headers() map[string]string { return map[string]string{} } +func (res renderPreviewRes) Empty() bool { return false } + +// bindingsRes is returned by ListBindings. +type bindingsRes struct { + Bindings []bootstrap.BindingSnapshot `json:"bindings"` +} + +func (res bindingsRes) Code() int { return http.StatusOK } +func (res bindingsRes) Headers() map[string]string { return map[string]string{} } +func (res bindingsRes) Empty() bool { return false } diff --git a/bootstrap/api/transport.go b/bootstrap/api/transport.go index 088cf71de..8e3f685d8 100644 --- a/bootstrap/api/transport.go +++ b/bootstrap/api/transport.go @@ -6,6 +6,7 @@ package api import ( "context" "encoding/json" + "io" "log/slog" "net/http" "net/url" @@ -19,12 +20,16 @@ import ( "github.com/absmach/magistrala/pkg/errors" "github.com/go-chi/chi/v5" kithttp "github.com/go-kit/kit/transport/http" + "github.com/pelletier/go-toml/v2" "github.com/prometheus/client_golang/prometheus/promhttp" "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" + "gopkg.in/yaml.v3" ) const ( contentType = "application/json" + yamlContentType = "yaml" + tomlContentType = "toml" byteContentType = "application/octet-stream" offsetKey = "offset" limitKey = "limit" @@ -33,7 +38,7 @@ const ( ) var ( - fullMatch = []string{"state", "external_id", "client_id", "client_key"} + fullMatch = []string{"status", "external_id", "id"} partialMatch = []string{"name"} // ErrBootstrap indicates error in getting bootstrap configuration. ErrBootstrap = errors.New("failed to read bootstrap configuration") @@ -69,7 +74,7 @@ func MakeHandler(svc bootstrap.Service, authn smqauthn.AuthNMiddleware, reader b api.EncodeResponse, opts...), "view").ServeHTTP) - r.Put("/{configID}", otelhttp.NewHandler(kithttp.NewServer( + r.Patch("/{configID}", otelhttp.NewHandler(kithttp.NewServer( updateEndpoint(svc), decodeUpdateRequest, api.EncodeResponse, @@ -81,25 +86,106 @@ func MakeHandler(svc bootstrap.Service, authn smqauthn.AuthNMiddleware, reader b api.EncodeResponse, opts...), "remove").ServeHTTP) - r.Patch("/certs/{certID}", otelhttp.NewHandler(kithttp.NewServer( + r.Patch("/certs/{configID}", otelhttp.NewHandler(kithttp.NewServer( updateCertEndpoint(svc), decodeUpdateCertRequest, api.EncodeResponse, opts...), "update_cert").ServeHTTP) - r.Put("/connections/{connID}", otelhttp.NewHandler(kithttp.NewServer( - updateConnEndpoint(svc), - decodeUpdateConnRequest, + r.Post("/{configID}/enable", otelhttp.NewHandler(kithttp.NewServer( + enableConfigEndpoint(svc), + decodeChangeConfigStatusRequest, api.EncodeResponse, - opts...), "update_connections").ServeHTTP) + opts...), "enable_config").ServeHTTP) + + r.Post("/{configID}/disable", otelhttp.NewHandler(kithttp.NewServer( + disableConfigEndpoint(svc), + decodeChangeConfigStatusRequest, + api.EncodeResponse, + opts...), "disable_config").ServeHTTP) }) }) - r.With(authn.WithOptions(smqauthn.WithDomainCheck(true)).Middleware()).Put("/state/{clientID}", otelhttp.NewHandler(kithttp.NewServer( - stateEndpoint(svc), - decodeStateRequest, - api.EncodeResponse, - opts...), "update_state").ServeHTTP) + // Profile and enrollment binding endpoints. + r.Route("/bootstrap", func(r chi.Router) { + r.Use(authn.WithOptions(smqauthn.WithDomainCheck(true)).Middleware()) + + r.Route("/profiles", func(r chi.Router) { + r.Post("/", otelhttp.NewHandler(kithttp.NewServer( + createProfileEndpoint(svc), + decodeCreateProfileRequest, + api.EncodeResponse, + opts...), "create_profile").ServeHTTP) + + r.Post("/upload", otelhttp.NewHandler(kithttp.NewServer( + uploadProfileEndpoint(svc), + decodeUploadProfileRequest, + api.EncodeResponse, + opts...), "upload_profile").ServeHTTP) + + r.Get("/", otelhttp.NewHandler(kithttp.NewServer( + listProfilesEndpoint(svc), + decodeListProfilesRequest, + api.EncodeResponse, + opts...), "list_profiles").ServeHTTP) + + r.Get("/{profileID}", otelhttp.NewHandler(kithttp.NewServer( + viewProfileEndpoint(svc), + decodeProfileEntityRequest, + api.EncodeResponse, + opts...), "view_profile").ServeHTTP) + + r.Get("/{profileID}/slots", otelhttp.NewHandler(kithttp.NewServer( + profileSlotsEndpoint(svc), + decodeProfileEntityRequest, + api.EncodeResponse, + opts...), "profile_slots").ServeHTTP) + + r.Post("/{profileID}/render-preview", otelhttp.NewHandler(kithttp.NewServer( + renderPreviewEndpoint(svc), + decodeRenderPreviewRequest, + api.EncodeResponse, + opts...), "render_preview").ServeHTTP) + + r.Patch("/{profileID}", otelhttp.NewHandler(kithttp.NewServer( + updateProfileEndpoint(svc), + decodeUpdateProfileRequest, + api.EncodeResponse, + opts...), "update_profile").ServeHTTP) + + r.Delete("/{profileID}", otelhttp.NewHandler(kithttp.NewServer( + deleteProfileEndpoint(svc), + decodeDeleteProfileRequest, + api.EncodeResponse, + opts...), "delete_profile").ServeHTTP) + }) + + r.Route("/enrollments", func(r chi.Router) { + r.Patch("/{configID}/profile", otelhttp.NewHandler(kithttp.NewServer( + assignProfileEndpoint(svc), + decodeAssignProfileRequest, + api.EncodeResponse, + opts...), "assign_profile").ServeHTTP) + + r.Put("/{configID}/bindings", otelhttp.NewHandler(kithttp.NewServer( + bindResourcesEndpoint(svc), + decodeBindResourcesRequest, + api.EncodeResponse, + opts...), "bind_resources").ServeHTTP) + + r.Get("/{configID}/bindings", otelhttp.NewHandler(kithttp.NewServer( + listBindingsEndpoint(svc), + decodeEnrollmentEntityRequest, + api.EncodeResponse, + opts...), "list_bindings").ServeHTTP) + + r.Post("/{configID}/bindings/refresh", otelhttp.NewHandler(kithttp.NewServer( + refreshBindingsEndpoint(svc), + decodeRefreshBindingsRequest, + api.EncodeResponse, + opts...), "refresh_bindings").ServeHTTP) + }) + }) }) r.Route("/clients/bootstrap", func(r chi.Router) { @@ -162,23 +248,7 @@ func decodeUpdateCertRequest(_ context.Context, r *http.Request) (any, error) { } req := updateCertReq{ - clientID: chi.URLParam(r, "certID"), - } - if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) - } - - return req, nil -} - -func decodeUpdateConnRequest(_ context.Context, r *http.Request) (any, error) { - if !strings.Contains(r.Header.Get("Content-Type"), contentType) { - return nil, apiutil.ErrUnsupportedContentType - } - - req := updateConnReq{ - token: apiutil.ExtractBearerToken(r), - id: chi.URLParam(r, "connID"), + configID: chi.URLParam(r, "configID"), } if err := json.NewDecoder(r.Body).Decode(&req); err != nil { return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) @@ -209,6 +279,17 @@ func decodeListRequest(_ context.Context, r *http.Request) (any, error) { limit: l, } + rawStatus := q.Get("status") + parsed, err := bootstrap.ToStatus(rawStatus) + if err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, apiutil.ErrInvalidQueryParams) + } + if parsed == bootstrap.AllStatus { + delete(req.filter.FullMatch, "status") + } else { + req.filter.FullMatch["status"] = parsed.String() + } + return req, nil } @@ -221,20 +302,11 @@ func decodeBootstrapRequest(_ context.Context, r *http.Request) (any, error) { return req, nil } -func decodeStateRequest(_ context.Context, r *http.Request) (any, error) { - if !strings.Contains(r.Header.Get("Content-Type"), contentType) { - return nil, apiutil.ErrUnsupportedContentType - } - - req := changeStateReq{ +func decodeChangeConfigStatusRequest(_ context.Context, r *http.Request) (any, error) { + return changeConfigStatusReq{ token: apiutil.ExtractBearerToken(r), - id: chi.URLParam(r, "clientID"), - } - if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) - } - - return req, nil + id: chi.URLParam(r, "configID"), + }, nil } func decodeEntityRequest(_ context.Context, r *http.Request) (any, error) { @@ -281,3 +353,148 @@ func contains(l []string, s string) bool { } return false } + +func decodeCreateProfileRequest(_ context.Context, r *http.Request) (any, error) { + if !strings.Contains(r.Header.Get("Content-Type"), contentType) { + return nil, apiutil.ErrUnsupportedContentType + } + var req createProfileReq + if err := json.NewDecoder(r.Body).Decode(&req.Profile); err != nil { + return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) + } + return req, nil +} + +func decodeUploadProfileRequest(_ context.Context, r *http.Request) (any, error) { + contentType := r.Header.Get("Content-Type") + var req uploadProfileReq + + switch { + case strings.Contains(contentType, "json"): + if err := json.NewDecoder(r.Body).Decode(&req.Profile); err != nil { + return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) + } + case strings.Contains(contentType, yamlContentType): + body, err := io.ReadAll(r.Body) + if err != nil { + return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) + } + if err := decodeYAMLProfile(body, &req.Profile); err != nil { + return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) + } + case strings.Contains(contentType, tomlContentType): + body, err := io.ReadAll(r.Body) + if err != nil { + return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) + } + if err := decodeTOMLProfile(body, &req.Profile); err != nil { + return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) + } + default: + return nil, apiutil.ErrUnsupportedContentType + } + + return req, nil +} + +func decodeYAMLProfile(body []byte, profile *bootstrap.Profile) error { + var raw map[string]any + if err := yaml.Unmarshal(body, &raw); err != nil { + return err + } + return decodeProfileMap(raw, profile) +} + +func decodeTOMLProfile(body []byte, profile *bootstrap.Profile) error { + var raw map[string]any + if err := toml.Unmarshal(body, &raw); err != nil { + return err + } + return decodeProfileMap(raw, profile) +} + +func decodeProfileMap(raw map[string]any, profile *bootstrap.Profile) error { + body, err := json.Marshal(raw) + if err != nil { + return err + } + return json.Unmarshal(body, profile) +} + +func decodeListProfilesRequest(_ context.Context, r *http.Request) (any, error) { + o, err := apiutil.ReadNumQuery[uint64](r, offsetKey, defOffset) + if err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + l, err := apiutil.ReadNumQuery[uint64](r, limitKey, defLimit) + if err != nil { + return nil, errors.Wrap(apiutil.ErrValidation, err) + } + return listProfilesReq{offset: o, limit: l}, nil +} + +func decodeProfileEntityRequest(_ context.Context, r *http.Request) (any, error) { + return viewProfileReq{profileID: chi.URLParam(r, "profileID")}, nil +} + +func decodeDeleteProfileRequest(_ context.Context, r *http.Request) (any, error) { + return deleteProfileReq{profileID: chi.URLParam(r, "profileID")}, nil +} + +func decodeUpdateProfileRequest(_ context.Context, r *http.Request) (any, error) { + if !strings.Contains(r.Header.Get("Content-Type"), contentType) { + return nil, apiutil.ErrUnsupportedContentType + } + req := updateProfileReq{profileID: chi.URLParam(r, "profileID")} + if err := json.NewDecoder(r.Body).Decode(&req.Profile); err != nil { + return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) + } + return req, nil +} + +func decodeRenderPreviewRequest(_ context.Context, r *http.Request) (any, error) { + if !strings.Contains(r.Header.Get("Content-Type"), contentType) { + return nil, apiutil.ErrUnsupportedContentType + } + req := renderPreviewReq{profileID: chi.URLParam(r, "profileID")} + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) + } + return req, nil +} + +func decodeAssignProfileRequest(_ context.Context, r *http.Request) (any, error) { + if !strings.Contains(r.Header.Get("Content-Type"), contentType) { + return nil, apiutil.ErrUnsupportedContentType + } + req := assignProfileReq{configID: chi.URLParam(r, "configID")} + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) + } + return req, nil +} + +func decodeBindResourcesRequest(_ context.Context, r *http.Request) (any, error) { + if !strings.Contains(r.Header.Get("Content-Type"), contentType) { + return nil, apiutil.ErrUnsupportedContentType + } + req := bindResourcesReq{ + token: apiutil.ExtractBearerToken(r), + configID: chi.URLParam(r, "configID"), + } + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err) + } + return req, nil +} + +func decodeEnrollmentEntityRequest(_ context.Context, r *http.Request) (any, error) { + return listBindingsReq{configID: chi.URLParam(r, "configID")}, nil +} + +func decodeRefreshBindingsRequest(_ context.Context, r *http.Request) (any, error) { + return refreshBindingsReq{ + token: apiutil.ExtractBearerToken(r), + configID: chi.URLParam(r, "configID"), + }, nil +} diff --git a/bootstrap/binding_validation.go b/bootstrap/binding_validation.go new file mode 100644 index 000000000..d5baaeb80 --- /dev/null +++ b/bootstrap/binding_validation.go @@ -0,0 +1,109 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package bootstrap + +import ( + "fmt" + "text/template" + + "github.com/absmach/magistrala/pkg/errors" +) + +var errBindingSlot = errors.New("invalid binding slot") + +func validateProfileBindingSlots(profile Profile) error { + seen := make(map[string]struct{}, len(profile.BindingSlots)) + for _, slot := range profile.BindingSlots { + if slot.Name == "" { + return fmt.Errorf("%w: slot name is required", errBindingSlot) + } + if slot.Type == "" { + return fmt.Errorf("%w: slot %q type is required", errBindingSlot, slot.Name) + } + if _, ok := seen[slot.Name]; ok { + return fmt.Errorf("%w: duplicate slot %q", errBindingSlot, slot.Name) + } + seen[slot.Name] = struct{}{} + } + return nil +} + +func validateRequestedBindings(profile Profile, requested []BindingRequest) error { + if len(profile.BindingSlots) == 0 { + return nil + } + + slots := make(map[string]BindingSlot, len(profile.BindingSlots)) + for _, slot := range profile.BindingSlots { + slots[slot.Name] = slot + } + + seen := make(map[string]struct{}, len(requested)) + for _, binding := range requested { + slot, ok := slots[binding.Slot] + if !ok { + return fmt.Errorf("%w: unknown slot %q", errBindingSlot, binding.Slot) + } + if slot.Type != binding.Type { + return fmt.Errorf("%w: slot %q expects %q, got %q", errBindingSlot, binding.Slot, slot.Type, binding.Type) + } + if _, ok := seen[binding.Slot]; ok { + return fmt.Errorf("%w: duplicate binding for slot %q", errBindingSlot, binding.Slot) + } + seen[binding.Slot] = struct{}{} + } + return nil +} + +func validateRequiredBindings(profile Profile, bindings []BindingSnapshot) error { + if len(profile.BindingSlots) == 0 { + return nil + } + + bound := make(map[string]BindingSnapshot, len(bindings)) + for _, binding := range bindings { + bound[binding.Slot] = binding + } + + for _, slot := range profile.BindingSlots { + binding, ok := bound[slot.Name] + if !slot.Required && !ok { + continue + } + if slot.Required && !ok { + return fmt.Errorf("%w: required slot %q is not bound", errBindingSlot, slot.Name) + } + if binding.Type != slot.Type { + return fmt.Errorf("%w: slot %q expects %q, got %q", errBindingSlot, slot.Name, slot.Type, binding.Type) + } + } + return nil +} + +func mergeBindingSnapshots(existing, updated []BindingSnapshot) []BindingSnapshot { + merged := make(map[string]BindingSnapshot, len(existing)+len(updated)) + for _, binding := range existing { + merged[binding.Slot] = binding + } + for _, binding := range updated { + merged[binding.Slot] = binding + } + + bindings := make([]BindingSnapshot, 0, len(merged)) + for _, binding := range merged { + bindings = append(bindings, binding) + } + return bindings +} + +func validateProfileTemplate(p Profile) error { + if p.ContentTemplate == "" || p.TemplateFormat == TemplateFormatRaw { + return nil + } + _, err := template.New("bootstrap").Funcs(allowlistedFuncs()).Parse(p.ContentTemplate) + if err != nil { + return errors.Wrap(ErrRenderFailed, err) + } + return nil +} diff --git a/bootstrap/bindings.go b/bootstrap/bindings.go new file mode 100644 index 000000000..be5eb034b --- /dev/null +++ b/bootstrap/bindings.go @@ -0,0 +1,81 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package bootstrap + +import ( + "context" + "time" +) + +// BindingRequest carries a user's intent to bind a named profile slot to +// a concrete resource. +type BindingRequest struct { + Slot string `json:"slot"` + Type string `json:"type"` // "client" | "channel" | "cert" + ResourceID string `json:"resource_id"` // ID of the resource in its owning service +} + +// BindingSnapshot is a Bootstrap-owned point-in-time copy of the resource +// fields needed for template rendering. It is populated at binding time so +// that the render path never calls external services. +type BindingSnapshot struct { + ConfigID string `json:"config_id"` + Slot string `json:"slot"` + Type string `json:"type"` + ResourceID string `json:"resource_id"` + Snapshot map[string]any `json:"snapshot,omitempty"` + SecretSnapshot map[string]any `json:"secret_snapshot,omitempty"` // encrypted at rest + UpdatedAt time.Time `json:"updated_at,omitempty"` +} + +// BindingStore is the persistence interface for BindingSnapshots. +type BindingStore interface { + // Save upserts all given snapshots for the config. + Save(ctx context.Context, configID string, bindings []BindingSnapshot) error + + // Retrieve returns all snapshots for the given config. + Retrieve(ctx context.Context, configID string) ([]BindingSnapshot, error) + + // Delete removes the snapshot for a specific slot of a config. + Delete(ctx context.Context, configID, slot string) error +} + +// ResolveRequest carries everything the BindingResolver needs to snapshot a +// set of resource bindings. +type ResolveRequest struct { + Enrollment Config + Token string + Requested []BindingRequest +} + +// BindingResolver validates that requested resources exist in their owning +// services, verifies type and slot compatibility, and returns snapshots ready +// for storage. It is called at binding time only; the render path must not +// call it. +type BindingResolver interface { + Resolve(ctx context.Context, req ResolveRequest) ([]BindingSnapshot, error) +} + +// RenderContext is the typed value injected into Go templates during rendering. +type RenderContext struct { + Device DeviceContext + Vars map[string]any + Bindings map[string]BindingContext +} + +// DeviceContext holds enrollment identity fields available inside templates. +type DeviceContext struct { + ID string + ExternalID string + DomainID string +} + +// BindingContext holds the resolved resource data available inside templates +// for a specific slot. +type BindingContext struct { + Type string + ID string + Snapshot map[string]any + Secret map[string]any +} diff --git a/bootstrap/configs.go b/bootstrap/configs.go index 95808093a..d2f8b8f5b 100644 --- a/bootstrap/configs.go +++ b/bootstrap/configs.go @@ -3,45 +3,22 @@ package bootstrap -import ( - "context" - "time" +import "context" - "github.com/absmach/magistrala/clients" -) - -// Config represents Configuration entity. It wraps information about external entity -// as well as info about corresponding Magistrala entities. -// MGClient represents corresponding Magistrala Client ID. -// MGKey is key of corresponding Magistrala Client. -// MGChannels is a list of Magistrala Channels corresponding Magistrala Client connects to. +// Config represents a bootstrap enrollment. type Config struct { - ClientID string `json:"client_id"` - ClientSecret string `json:"client_secret"` - DomainID string `json:"domain_id,omitempty"` - Name string `json:"name,omitempty"` - ClientCert string `json:"client_cert,omitempty"` - ClientKey string `json:"client_key,omitempty"` - CACert string `json:"ca_cert,omitempty"` - Channels []Channel `json:"channels,omitempty"` - ExternalID string `json:"external_id"` - ExternalKey string `json:"external_key"` - Content string `json:"content,omitempty"` - State State `json:"state"` -} - -// Channel represents Magistrala channel corresponding Magistrala Client is connected to. -type Channel struct { - ID string `json:"id"` - Name string `json:"name,omitempty"` - Metadata map[string]any `json:"metadata,omitempty"` - DomainID string `json:"domain_id"` - Parent string `json:"parent_id,omitempty"` - Description string `json:"description,omitempty"` - CreatedAt time.Time `json:"created_at"` - UpdatedAt time.Time `json:"updated_at,omitempty"` - UpdatedBy string `json:"updated_by,omitempty"` - Status clients.Status `json:"status"` + ID string `json:"id"` + DomainID string `json:"domain_id,omitempty"` + Name string `json:"name,omitempty"` + ClientCert string `json:"client_cert,omitempty"` + ClientKey string `json:"client_key,omitempty"` + CACert string `json:"ca_cert,omitempty"` + ExternalID string `json:"external_id"` + ExternalKey string `json:"external_key"` + Content string `json:"content,omitempty"` + Status Status `json:"status"` + ProfileID string `json:"profile_id,omitempty"` + RenderContext map[string]any `json:"render_context,omitempty"` } // Filter is used for the search filters. @@ -63,15 +40,15 @@ type ConfigsPage struct { type ConfigRepository interface { // Save persists the Config. Successful operation is indicated by non-nil // error response. - Save(ctx context.Context, cfg Config, chsConnIDs []string) (string, error) + Save(ctx context.Context, cfg Config) (string, error) // RetrieveByID retrieves the Config having the provided identifier, that is owned // by the specified user. RetrieveByID(ctx context.Context, domainID, id string) (Config, error) - // RetrieveAll retrieves a subset of Configs that are owned - // by the specific user, with given filter parameters. - RetrieveAll(ctx context.Context, domainID string, clientIDs []string, filter Filter, offset, limit uint64) ConfigsPage + // RetrieveAll retrieves a subset of Configs that belong to the given domain, + // with given filter parameters. + RetrieveAll(ctx context.Context, domainID string, filter Filter, offset, limit uint64) ConfigsPage // RetrieveByExternalID returns Config for given external ID. RetrieveByExternalID(ctx context.Context, externalID string) (Config, error) @@ -80,39 +57,17 @@ type ConfigRepository interface { // to indicate operation failure. Update(ctx context.Context, cfg Config) error + // AssignProfile sets the profile reference for the given Config. + AssignProfile(ctx context.Context, domainID, id, profileID string) error + // UpdateCerts updates and returns an existing Config certificate and domainID. // A non-nil error is returned to indicate operation failure. - UpdateCert(ctx context.Context, domainID, clientID, clientCert, clientKey, caCert string) (Config, error) - - // UpdateConnections updates a list of Channels the Config is connected to - // adding new Channels if needed. - UpdateConnections(ctx context.Context, domainID, id string, channels []Channel, connections []string) error + UpdateCert(ctx context.Context, domainID, id, clientCert, clientKey, caCert string) (Config, error) // Remove removes the Config having the provided identifier, that is owned // by the specified user. Remove(ctx context.Context, domainID, id string) error - // ChangeState changes of the Config, that is owned by the specific user. - ChangeState(ctx context.Context, domainID, id string, state State) error - - // ListExisting retrieves those channels from the given list that exist in DB. - ListExisting(ctx context.Context, domainID string, ids []string) ([]Channel, error) - - // Methods RemoveClient, UpdateChannel, and RemoveChannel are related to - // event sourcing. That's why these methods surpass ownership check. - - // RemoveClient removes Config of the Client with the given ID. - RemoveClient(ctx context.Context, id string) error - - // UpdateChannel updates channel with the given ID. - UpdateChannel(ctx context.Context, c Channel) error - - // RemoveChannel removes channel with the given ID. - RemoveChannel(ctx context.Context, id string) error - - // ConnectClient changes state of the Config when the corresponding Client is connected to the Channel. - ConnectClient(ctx context.Context, channelID, clientID string) error - - // DisconnectClient changes state of the Config when the corresponding Client is disconnected from the Channel. - DisconnectClient(ctx context.Context, channelID, clientID string) error + // ChangeStatus changes the Status of the Config owned by the specific user. + ChangeStatus(ctx context.Context, domainID, id string, status Status) error } diff --git a/bootstrap/events/consumer/doc.go b/bootstrap/events/consumer/doc.go deleted file mode 100644 index f3fea76f1..000000000 --- a/bootstrap/events/consumer/doc.go +++ /dev/null @@ -1,6 +0,0 @@ -// Copyright (c) Abstract Machines -// SPDX-License-Identifier: Apache-2.0 - -// Package consumer contains events consumer for events -// published by Bootstrap service. -package consumer diff --git a/bootstrap/events/consumer/events.go b/bootstrap/events/consumer/events.go deleted file mode 100644 index 451001b81..000000000 --- a/bootstrap/events/consumer/events.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright (c) Abstract Machines -// SPDX-License-Identifier: Apache-2.0 - -package consumer - -import "time" - -type removeEvent struct { - id string -} - -type updateChannelEvent struct { - id string - name string - metadata map[string]any - updatedAt time.Time - updatedBy string -} - -// Connection event is either connect or disconnect event. -type connectionEvent struct { - clientIDs []string - channelID string -} diff --git a/bootstrap/events/consumer/streams.go b/bootstrap/events/consumer/streams.go deleted file mode 100644 index f0f7d14a7..000000000 --- a/bootstrap/events/consumer/streams.go +++ /dev/null @@ -1,148 +0,0 @@ -// Copyright (c) Abstract Machines -// SPDX-License-Identifier: Apache-2.0 - -package consumer - -import ( - "context" - "time" - - "github.com/absmach/magistrala/bootstrap" - svcerr "github.com/absmach/magistrala/pkg/errors/service" - "github.com/absmach/magistrala/pkg/events" -) - -const ( - clientRemove = "client.remove" - clientConnect = "group.assign" - clientDisconnect = "group.unassign" - - channelPrefix = "channels." - channelUpdate = channelPrefix + "update" - channelRemove = channelPrefix + "remove" - - memberKind = "client" - relation = "group" -) - -type eventHandler struct { - svc bootstrap.Service -} - -// NewEventHandler returns new event store handler. -func NewEventHandler(svc bootstrap.Service) events.EventHandler { - return &eventHandler{ - svc: svc, - } -} - -func (es *eventHandler) Handle(ctx context.Context, event events.Event) error { - msg, err := event.Encode() - if err != nil { - return err - } - - switch msg["operation"] { - case clientRemove: - rte := decodeRemoveClient(msg) - err = es.svc.RemoveConfigHandler(ctx, rte.id) - case clientConnect: - cte := decodeConnectClient(msg) - if cte.channelID == "" || len(cte.clientIDs) == 0 { - return svcerr.ErrMalformedEntity - } - for _, clientID := range cte.clientIDs { - if clientID == "" { - return svcerr.ErrMalformedEntity - } - if err := es.svc.ConnectClientHandler(ctx, cte.channelID, clientID); err != nil { - return err - } - } - case clientDisconnect: - dte := decodeDisconnectClient(msg) - if dte.channelID == "" || len(dte.clientIDs) == 0 { - return svcerr.ErrMalformedEntity - } - for _, clientID := range dte.clientIDs { - if clientID == "" { - return svcerr.ErrMalformedEntity - } - } - - for _, c := range dte.clientIDs { - if err = es.svc.DisconnectClientHandler(ctx, dte.channelID, c); err != nil { - return err - } - } - case channelUpdate: - uce := decodeUpdateChannel(msg) - err = es.handleUpdateChannel(ctx, uce) - case channelRemove: - rce := decodeRemoveChannel(msg) - err = es.svc.RemoveChannelHandler(ctx, rce.id) - } - if err != nil { - return err - } - - return nil -} - -func decodeRemoveClient(event map[string]any) removeEvent { - return removeEvent{ - id: events.Read(event, "id", ""), - } -} - -func decodeUpdateChannel(event map[string]any) updateChannelEvent { - metadata := events.Read(event, "metadata", map[string]any{}) - - return updateChannelEvent{ - id: events.Read(event, "id", ""), - name: events.Read(event, "name", ""), - metadata: metadata, - updatedAt: events.Read(event, "updated_at", time.Now()), - updatedBy: events.Read(event, "updated_by", ""), - } -} - -func decodeRemoveChannel(event map[string]any) removeEvent { - return removeEvent{ - id: events.Read(event, "id", ""), - } -} - -func decodeConnectClient(event map[string]any) connectionEvent { - if events.Read(event, "memberKind", "") != memberKind && events.Read(event, "relation", "") != relation { - return connectionEvent{} - } - - return connectionEvent{ - channelID: events.Read(event, "group_id", ""), - clientIDs: events.ReadStringSlice(event, "member_ids"), - } -} - -func decodeDisconnectClient(event map[string]any) connectionEvent { - if events.Read(event, "memberKind", "") != memberKind && events.Read(event, "relation", "") != relation { - return connectionEvent{} - } - - return connectionEvent{ - channelID: events.Read(event, "group_id", ""), - clientIDs: events.ReadStringSlice(event, "member_ids"), - } -} - -func (es *eventHandler) handleUpdateChannel(ctx context.Context, uce updateChannelEvent) error { - channel := bootstrap.Channel{ - ID: uce.id, - Name: uce.name, - Metadata: uce.metadata, - UpdatedAt: uce.updatedAt, - UpdatedBy: uce.updatedBy, - } - - return es.svc.UpdateChannelHandler(ctx, channel) -} diff --git a/bootstrap/events/producer/events.go b/bootstrap/events/producer/events.go index 80719a928..e6893dce5 100644 --- a/bootstrap/events/producer/events.go +++ b/bootstrap/events/producer/events.go @@ -9,37 +9,45 @@ import ( ) const ( - configPrefix = "bootstrap.config." - configCreate = configPrefix + "create" - configUpdate = configPrefix + "update" - configRemove = configPrefix + "remove" - configView = configPrefix + "view" - configList = configPrefix + "list" - configHandlerRemove = configPrefix + "remove_handler" + configPrefix = "bootstrap.config." + configCreate = configPrefix + "create" + configUpdate = configPrefix + "update" + configRemove = configPrefix + "remove" + configView = configPrefix + "view" + configList = configPrefix + "list" + clientPrefix = "bootstrap.client." + clientBootstrap = clientPrefix + "bootstrap" + configEnable = configPrefix + "enable" + configDisable = configPrefix + "disable" + certUpdate = "bootstrap.cert.update" - clientPrefix = "bootstrap.client." - clientBootstrap = clientPrefix + "bootstrap" - clientStateChange = clientPrefix + "change_state" - clientUpdateConnections = clientPrefix + "update_connections" - clientConnect = clientPrefix + "connect" - clientDisconnect = clientPrefix + "disconnect" - - channelPrefix = "bootstrap.channel." - channelHandlerRemove = channelPrefix + "remove_handler" - channelUpdateHandler = channelPrefix + "update_handler" - - certUpdate = "bootstrap.cert.update" + profilePrefix = "bootstrap.profile." + profileCreate = profilePrefix + "create" + profileView = profilePrefix + "view" + profileUpdate = profilePrefix + "update" + profileList = profilePrefix + "list" + profileDelete = profilePrefix + "delete" + profileAssign = profilePrefix + "assign" + bindingsPrefix = "bootstrap.bindings." + bindingsBind = bindingsPrefix + "bind" + bindingsList = bindingsPrefix + "list" + bindingsRefresh = bindingsPrefix + "refresh" ) var ( _ events.Event = (*configEvent)(nil) _ events.Event = (*removeConfigEvent)(nil) _ events.Event = (*bootstrapEvent)(nil) - _ events.Event = (*changeStateEvent)(nil) - _ events.Event = (*updateConnectionsEvent)(nil) + _ events.Event = (*enableConfigEvent)(nil) + _ events.Event = (*disableConfigEvent)(nil) _ events.Event = (*updateCertEvent)(nil) _ events.Event = (*listConfigsEvent)(nil) - _ events.Event = (*removeHandlerEvent)(nil) + _ events.Event = (*profileEvent)(nil) + _ events.Event = (*deleteProfileEvent)(nil) + _ events.Event = (*assignProfileEvent)(nil) + _ events.Event = (*bindResourcesEvent)(nil) + _ events.Event = (*listBindingsEvent)(nil) + _ events.Event = (*refreshBindingsEvent)(nil) ) type configEvent struct { @@ -49,17 +57,17 @@ type configEvent struct { func (ce configEvent) Encode() (map[string]any, error) { val := map[string]any{ - "state": ce.State.String(), + "status": ce.Status.String(), "operation": ce.operation, } - if ce.ClientID != "" { - val["client_id"] = ce.ClientID + if ce.ID != "" { + val["config_id"] = ce.ID } if ce.Content != "" { val["content"] = ce.Content } if ce.DomainID != "" { - val["domain_id "] = ce.DomainID + val["domain_id"] = ce.DomainID } if ce.Name != "" { val["name"] = ce.Name @@ -67,13 +75,6 @@ func (ce configEvent) Encode() (map[string]any, error) { if ce.ExternalID != "" { val["external_id"] = ce.ExternalID } - if len(ce.Channels) > 0 { - channels := make([]string, len(ce.Channels)) - for i, ch := range ce.Channels { - channels[i] = ch.ID - } - val["channels"] = channels - } if ce.ClientCert != "" { val["client_cert"] = ce.ClientCert } @@ -91,12 +92,12 @@ func (ce configEvent) Encode() (map[string]any, error) { } type removeConfigEvent struct { - client string + config string } func (rce removeConfigEvent) Encode() (map[string]any, error) { return map[string]any{ - "client_id": rce.client, + "config_id": rce.config, "operation": configRemove, }, nil } @@ -137,14 +138,14 @@ func (be bootstrapEvent) Encode() (map[string]any, error) { "operation": clientBootstrap, } - if be.ClientID != "" { - val["client_id"] = be.ClientID + if be.ID != "" { + val["config_id"] = be.ID } if be.Content != "" { val["content"] = be.Content } if be.DomainID != "" { - val["domain_id "] = be.DomainID + val["domain_id"] = be.DomainID } if be.Name != "" { val["name"] = be.Name @@ -152,13 +153,6 @@ func (be bootstrapEvent) Encode() (map[string]any, error) { if be.ExternalID != "" { val["external_id"] = be.ExternalID } - if len(be.Channels) > 0 { - channels := make([]string, len(be.Channels)) - for i, ch := range be.Channels { - channels[i] = ch.ID - } - val["channels"] = channels - } if be.ClientCert != "" { val["client_cert"] = be.ClientCert } @@ -174,34 +168,30 @@ func (be bootstrapEvent) Encode() (map[string]any, error) { return val, nil } -type changeStateEvent struct { - mgClient string - state bootstrap.State +type enableConfigEvent struct { + configID string } -func (cse changeStateEvent) Encode() (map[string]any, error) { +func (e enableConfigEvent) Encode() (map[string]any, error) { return map[string]any{ - "client_id": cse.mgClient, - "state": cse.state.String(), - "operation": clientStateChange, + "config_id": e.configID, + "operation": configEnable, }, nil } -type updateConnectionsEvent struct { - mgClient string - mgChannels []string +type disableConfigEvent struct { + configID string } -func (uce updateConnectionsEvent) Encode() (map[string]any, error) { +func (e disableConfigEvent) Encode() (map[string]any, error) { return map[string]any{ - "client_id": uce.mgClient, - "channels": uce.mgChannels, - "operation": clientUpdateConnections, + "config_id": e.configID, + "operation": configDisable, }, nil } type updateCertEvent struct { - clientID string + configID string clientCert string clientKey string caCert string @@ -209,7 +199,7 @@ type updateCertEvent struct { func (uce updateCertEvent) Encode() (map[string]any, error) { return map[string]any{ - "client_id": uce.clientID, + "config_id": uce.configID, "client_cert": uce.clientCert, "client_key": uce.clientKey, "ca_cert": uce.caCert, @@ -217,61 +207,82 @@ func (uce updateCertEvent) Encode() (map[string]any, error) { }, nil } -type removeHandlerEvent struct { - id string +type profileEvent struct { + bootstrap.Profile operation string } -func (rhe removeHandlerEvent) Encode() (map[string]any, error) { - return map[string]any{ - "config_id": rhe.id, - "operation": rhe.operation, - }, nil -} - -type updateChannelHandlerEvent struct { - bootstrap.Channel -} - -func (uche updateChannelHandlerEvent) Encode() (map[string]any, error) { +func (pe profileEvent) Encode() (map[string]any, error) { val := map[string]any{ - "operation": channelUpdateHandler, + "operation": pe.operation, } - - if uche.ID != "" { - val["channel_id"] = uche.ID + if pe.ID != "" { + val["profile_id"] = pe.ID } - if uche.Name != "" { - val["name"] = uche.Name + if pe.DomainID != "" { + val["domain_id"] = pe.DomainID } - if uche.Metadata != nil { - val["metadata"] = uche.Metadata + if pe.Name != "" { + val["name"] = pe.Name } return val, nil } -type connectClientEvent struct { - clientID string - channelID string +type deleteProfileEvent struct { + profileID string } -func (cte connectClientEvent) Encode() (map[string]any, error) { +func (dpe deleteProfileEvent) Encode() (map[string]any, error) { return map[string]any{ - "client_id": cte.clientID, - "channel_id": cte.channelID, - "operation": clientConnect, + "profile_id": dpe.profileID, + "operation": profileDelete, }, nil } -type disconnectClientEvent struct { - clientID string - channelID string +type assignProfileEvent struct { + configID string + profileID string } -func (dte disconnectClientEvent) Encode() (map[string]any, error) { +func (ape assignProfileEvent) Encode() (map[string]any, error) { return map[string]any{ - "client_id": dte.clientID, - "channel_id": dte.channelID, - "operation": clientDisconnect, + "config_id": ape.configID, + "profile_id": ape.profileID, + "operation": profileAssign, + }, nil +} + +type bindResourcesEvent struct { + configID string + slots []string +} + +func (bre bindResourcesEvent) Encode() (map[string]any, error) { + return map[string]any{ + "config_id": bre.configID, + "slots": bre.slots, + "operation": bindingsBind, + }, nil +} + +type listBindingsEvent struct { + configID string +} + +func (lbe listBindingsEvent) Encode() (map[string]any, error) { + return map[string]any{ + "config_id": lbe.configID, + "operation": bindingsList, + }, nil +} + +type refreshBindingsEvent struct { + configID string +} + +func (rbe refreshBindingsEvent) Encode() (map[string]any, error) { + return map[string]any{ + "config_id": rbe.configID, + "operation": bindingsRefresh, }, nil } diff --git a/bootstrap/events/producer/streams.go b/bootstrap/events/producer/streams.go index 72234fdd7..969cb8e5e 100644 --- a/bootstrap/events/producer/streams.go +++ b/bootstrap/events/producer/streams.go @@ -14,21 +14,23 @@ import ( var _ bootstrap.Service = (*eventStore)(nil) const ( - magistralaPrefix = "magistrala." - createStream = magistralaPrefix + configCreate - viewStream = magistralaPrefix + configView - listStream = magistralaPrefix + configList - updateStream = magistralaPrefix + configUpdate - removeStream = magistralaPrefix + configRemove - updateCertStream = magistralaPrefix + certUpdate - updateConnectionsStream = magistralaPrefix + clientUpdateConnections - removeHandlerStream = magistralaPrefix + configHandlerRemove - bootstrapStream = magistralaPrefix + clientBootstrap - stateChangeStream = magistralaPrefix + clientStateChange - connectStream = magistralaPrefix + clientConnect - disconnectStream = magistralaPrefix + clientDisconnect - updateHandlerStream = magistralaPrefix + channelUpdateHandler - removeChannelHandlerStream = magistralaPrefix + channelHandlerRemove + magistralaPrefix = "magistrala." + createStream = magistralaPrefix + configCreate + listStream = magistralaPrefix + configList + removeStream = magistralaPrefix + configRemove + updateCertStream = magistralaPrefix + certUpdate + bootstrapStream = magistralaPrefix + clientBootstrap + enableConfigStream = magistralaPrefix + configEnable + disableConfigStream = magistralaPrefix + configDisable + createProfileStream = magistralaPrefix + profileCreate + viewProfileStream = magistralaPrefix + profileView + updateProfileStream = magistralaPrefix + profileUpdate + listProfilesStream = magistralaPrefix + profileList + deleteProfileStream = magistralaPrefix + profileDelete + assignProfileStream = magistralaPrefix + profileAssign + bindResourcesStream = magistralaPrefix + bindingsBind + listBindingsStream = magistralaPrefix + bindingsList + refreshBindingsStream = magistralaPrefix + bindingsRefresh ) type eventStore struct { @@ -71,7 +73,7 @@ func (es *eventStore) View(ctx context.Context, session smqauthn.Session, id str cfg, configView, } - if err := es.Publish(ctx, configView, ev); err != nil { + if err := es.Publish(ctx, magistralaPrefix+configView, ev); err != nil { return cfg, err } @@ -87,17 +89,17 @@ func (es *eventStore) Update(ctx context.Context, session smqauthn.Session, cfg cfg, configUpdate, } - return es.Publish(ctx, configUpdate, ev) + return es.Publish(ctx, magistralaPrefix+configUpdate, ev) } -func (es eventStore) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) { - cfg, err := es.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert) +func (es eventStore) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (bootstrap.Config, error) { + cfg, err := es.svc.UpdateCert(ctx, session, id, clientCert, clientKey, caCert) if err != nil { return cfg, err } ev := updateCertEvent{ - clientID: clientID, + configID: id, clientCert: clientCert, clientKey: clientKey, caCert: caCert, @@ -110,19 +112,6 @@ func (es eventStore) UpdateCert(ctx context.Context, session smqauthn.Session, c return cfg, nil } -func (es *eventStore) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) error { - if err := es.svc.UpdateConnections(ctx, session, token, id, connections); err != nil { - return err - } - - ev := updateConnectionsEvent{ - mgClient: id, - mgChannels: connections, - } - - return es.Publish(ctx, updateConnectionsStream, ev) -} - func (es *eventStore) List(ctx context.Context, session smqauthn.Session, filter bootstrap.Filter, offset, limit uint64) (bootstrap.ConfigsPage, error) { bp, err := es.svc.List(ctx, session, filter, offset, limit) if err != nil { @@ -149,7 +138,7 @@ func (es *eventStore) Remove(ctx context.Context, session smqauthn.Session, id s } ev := removeConfigEvent{ - client: id, + config: id, } return es.Publish(ctx, removeStream, ev) @@ -175,79 +164,120 @@ func (es *eventStore) Bootstrap(ctx context.Context, externalKey, externalID str return cfg, err } -func (es *eventStore) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state bootstrap.State) error { - if err := es.svc.ChangeState(ctx, session, token, id, state); err != nil { - return err +func (es *eventStore) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) { + cfg, err := es.svc.EnableConfig(ctx, session, id) + if err != nil { + return cfg, err } - ev := changeStateEvent{ - mgClient: id, - state: state, + ev := enableConfigEvent{configID: id} + if err := es.Publish(ctx, enableConfigStream, ev); err != nil { + return cfg, err } - - return es.Publish(ctx, stateChangeStream, ev) + return cfg, nil } -func (es *eventStore) RemoveConfigHandler(ctx context.Context, id string) error { - if err := es.svc.RemoveConfigHandler(ctx, id); err != nil { - return err +func (es *eventStore) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) { + cfg, err := es.svc.DisableConfig(ctx, session, id) + if err != nil { + return cfg, err } - ev := removeHandlerEvent{ - id: id, - operation: configHandlerRemove, + ev := disableConfigEvent{configID: id} + if err := es.Publish(ctx, disableConfigStream, ev); err != nil { + return cfg, err } - - return es.Publish(ctx, removeHandlerStream, ev) + return cfg, nil } -func (es *eventStore) RemoveChannelHandler(ctx context.Context, id string) error { - if err := es.svc.RemoveChannelHandler(ctx, id); err != nil { - return err +func (es *eventStore) CreateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (bootstrap.Profile, error) { + saved, err := es.svc.CreateProfile(ctx, session, p) + if err != nil { + return saved, err } - - ev := removeHandlerEvent{ - id: id, - operation: channelHandlerRemove, + ev := profileEvent{saved, profileCreate} + if err := es.Publish(ctx, createProfileStream, ev); err != nil { + return saved, err } - - return es.Publish(ctx, removeChannelHandlerStream, ev) + return saved, nil } -func (es *eventStore) UpdateChannelHandler(ctx context.Context, channel bootstrap.Channel) error { - if err := es.svc.UpdateChannelHandler(ctx, channel); err != nil { - return err +func (es *eventStore) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (bootstrap.Profile, error) { + p, err := es.svc.ViewProfile(ctx, session, profileID) + if err != nil { + return p, err } - - ev := updateChannelHandlerEvent{ - channel, + ev := profileEvent{p, profileView} + if err := es.Publish(ctx, viewProfileStream, ev); err != nil { + return p, err } - - return es.Publish(ctx, updateStream, ev) + return p, nil } -func (es *eventStore) ConnectClientHandler(ctx context.Context, channelID, clientID string) error { - if err := es.svc.ConnectClientHandler(ctx, channelID, clientID); err != nil { +func (es *eventStore) UpdateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) error { + if err := es.svc.UpdateProfile(ctx, session, p); err != nil { return err } - - ev := connectClientEvent{ - clientID: clientID, - channelID: channelID, - } - - return es.Publish(ctx, connectStream, ev) + ev := profileEvent{p, profileUpdate} + return es.Publish(ctx, updateProfileStream, ev) } -func (es *eventStore) DisconnectClientHandler(ctx context.Context, channelID, clientID string) error { - if err := es.svc.DisconnectClientHandler(ctx, channelID, clientID); err != nil { +func (es *eventStore) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (bootstrap.ProfilesPage, error) { + pp, err := es.svc.ListProfiles(ctx, session, offset, limit) + if err != nil { + return pp, err + } + ev := profileEvent{operation: profileList} + if err := es.Publish(ctx, listProfilesStream, ev); err != nil { + return pp, err + } + return pp, nil +} + +func (es *eventStore) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error { + if err := es.svc.DeleteProfile(ctx, session, profileID); err != nil { return err } - - ev := disconnectClientEvent{ - clientID: clientID, - channelID: channelID, - } - - return es.Publish(ctx, disconnectStream, ev) + ev := deleteProfileEvent{profileID: profileID} + return es.Publish(ctx, deleteProfileStream, ev) +} + +func (es *eventStore) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error { + if err := es.svc.AssignProfile(ctx, session, configID, profileID); err != nil { + return err + } + ev := assignProfileEvent{configID: configID, profileID: profileID} + return es.Publish(ctx, assignProfileStream, ev) +} + +func (es *eventStore) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []bootstrap.BindingRequest) error { + if err := es.svc.BindResources(ctx, session, token, configID, bindings); err != nil { + return err + } + slots := make([]string, len(bindings)) + for i, b := range bindings { + slots[i] = b.Slot + } + ev := bindResourcesEvent{configID: configID, slots: slots} + return es.Publish(ctx, bindResourcesStream, ev) +} + +func (es *eventStore) ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]bootstrap.BindingSnapshot, error) { + bs, err := es.svc.ListBindings(ctx, session, configID) + if err != nil { + return bs, err + } + ev := listBindingsEvent{configID: configID} + if err := es.Publish(ctx, listBindingsStream, ev); err != nil { + return bs, err + } + return bs, nil +} + +func (es *eventStore) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error { + if err := es.svc.RefreshBindings(ctx, session, token, configID); err != nil { + return err + } + ev := refreshBindingsEvent{configID: configID} + return es.Publish(ctx, refreshBindingsStream, ev) } diff --git a/bootstrap/events/producer/streams_test.go b/bootstrap/events/producer/streams_test.go index 44b62ed98..5763d22db 100644 --- a/bootstrap/events/producer/streams_test.go +++ b/bootstrap/events/producer/streams_test.go @@ -13,15 +13,13 @@ import ( "github.com/absmach/magistrala/bootstrap" "github.com/absmach/magistrala/bootstrap/events/producer" + bootstraphasher "github.com/absmach/magistrala/bootstrap/hasher" "github.com/absmach/magistrala/bootstrap/mocks" "github.com/absmach/magistrala/internal/testsutil" smqauthn "github.com/absmach/magistrala/pkg/authn" "github.com/absmach/magistrala/pkg/errors" svcerr "github.com/absmach/magistrala/pkg/errors/service" "github.com/absmach/magistrala/pkg/events/store" - policysvc "github.com/absmach/magistrala/pkg/policies" - policymocks "github.com/absmach/magistrala/pkg/policies/mocks" - mgsdk "github.com/absmach/magistrala/pkg/sdk" sdkmocks "github.com/absmach/magistrala/pkg/sdk/mocks" "github.com/absmach/magistrala/pkg/uuid" "github.com/redis/go-redis/v9" @@ -31,35 +29,22 @@ import ( ) const ( - streamID = "magistrala.bootstrap" - email = "user@example.com" - validToken = "validToken" - invalidToken = "invalid" - unknownClientID = "unknown" - channelsNum = 3 - defaultTimout = 5 + streamID = "magistrala.bootstrap" + validToken = "validToken" + unknownID = "unknown" - configPrefix = "config." - configCreate = configPrefix + "create" - configView = configPrefix + "view" - configUpdate = configPrefix + "update" - configRemove = configPrefix + "remove" - configList = configPrefix + "list" - configHandlerRemove = configPrefix + "remove_handler" - - clientPrefix = "client." - clientBootstrap = clientPrefix + "bootstrap" - clientStateChange = clientPrefix + "change_state" - clientUpdateConnections = clientPrefix + "update_connections" - clientConnect = clientPrefix + "connect" - clientDisconnect = clientPrefix + "disconnect" - - channelPrefix = "group." - channelHandlerRemove = channelPrefix + "remove_handler" - channelUpdateHandler = channelPrefix + "update_handler" + configPrefix = "config." + configCreate = configPrefix + "create" + configView = configPrefix + "view" + configUpdate = configPrefix + "update" + configRemove = configPrefix + "remove" + configList = configPrefix + "list" + clientPrefix = "client." + clientBootstrap = clientPrefix + "bootstrap" + configEnable = configPrefix + "enable" + configDisable = configPrefix + "disable" certUpdate = "cert.update" - instanceID = "5de9b29a-feb9-11ed-be56-0242ac120002" ) var ( @@ -68,43 +53,33 @@ var ( domainID = testsutil.GenerateUUID(&testing.T{}) validID = testsutil.GenerateUUID(&testing.T{}) - channel = bootstrap.Channel{ - ID: testsutil.GenerateUUID(&testing.T{}), - Name: "name", - Metadata: map[string]any{"name": "value"}, - } - config = bootstrap.Config{ - ClientID: testsutil.GenerateUUID(&testing.T{}), - ClientSecret: testsutil.GenerateUUID(&testing.T{}), - ExternalID: testsutil.GenerateUUID(&testing.T{}), - ExternalKey: testsutil.GenerateUUID(&testing.T{}), - Channels: []bootstrap.Channel{channel}, - Content: "config", + ID: testsutil.GenerateUUID(&testing.T{}), + ExternalID: testsutil.GenerateUUID(&testing.T{}), + ExternalKey: testsutil.GenerateUUID(&testing.T{}), + Content: "config", + Status: bootstrap.EnabledStatus, } ) type testVariable struct { - svc bootstrap.Service - boot *mocks.ConfigRepository - policies *policymocks.Service - sdk *sdkmocks.SDK + svc bootstrap.Service + boot *mocks.ConfigRepository + sdk *sdkmocks.SDK } func newTestVariable(t *testing.T, redisURL string) testVariable { boot := new(mocks.ConfigRepository) - policies := new(policymocks.Service) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() - svc := bootstrap.New(policies, boot, sdk, encKey, idp) + svc := bootstrap.New(boot, nil, nil, nil, nil, sdk, bootstraphasher.New(), encKey, idp) publisher, err := store.NewPublisher(context.Background(), redisURL, "bootstrap-es-pub-test") require.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err)) svc = producer.NewEventStoreMiddleware(svc, publisher) return testVariable{ - svc: svc, - boot: boot, - policies: policies, - sdk: sdk, + svc: svc, + boot: boot, + sdk: sdk, } } @@ -114,28 +89,16 @@ func TestAdd(t *testing.T) { tv := newTestVariable(t, redisURL) - var channels []string - for _, ch := range config.Channels { - channels = append(channels, ch.ID) - } - - invalidConfig := config - invalidConfig.Channels = []bootstrap.Channel{{ID: "empty"}} - invalidConfig.Channels = []bootstrap.Channel{{ID: "empty"}} - cases := []struct { - desc string - config bootstrap.Config - token string - session smqauthn.Session - id string - domainID string - clientErr error - channel []bootstrap.Channel - listErr error - saveErr error - err error - event map[string]any + desc string + config bootstrap.Config + token string + session smqauthn.Session + id string + domainID string + saveErr error + err error + event map[string]any }{ { desc: "create config successfully", @@ -143,12 +106,10 @@ func TestAdd(t *testing.T) { token: validToken, id: validID, domainID: domainID, - channel: config.Channels, event: map[string]any{ - "client_id": "1", + "config_id": "1", "domain_id": domainID, "name": config.Name, - "channels": channels, "external_id": config.ExternalID, "content": config.Content, "timestamp": time.Now().Unix(), @@ -157,43 +118,21 @@ func TestAdd(t *testing.T) { err: nil, }, { - desc: "create config with failed to fetch client", - config: config, - token: validToken, - id: validID, - domainID: domainID, - event: nil, - clientErr: svcerr.ErrNotFound, - err: svcerr.ErrNotFound, - }, - { - desc: "create config with failed to list existing", + desc: "create config with failed to save", config: config, token: validToken, id: validID, domainID: domainID, event: nil, - listErr: svcerr.ErrNotFound, - err: svcerr.ErrNotFound, - }, - { - desc: "create invalid config", - config: invalidConfig, - token: validToken, - id: validID, - domainID: domainID, - event: nil, - listErr: svcerr.ErrMalformedEntity, - err: svcerr.ErrMalformedEntity, + saveErr: svcerr.ErrCreateEntity, + err: svcerr.ErrCreateEntity, }, } lastID := "0" for _, tc := range cases { tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID, DomainUserID: validID} - sdkCall := tv.sdk.On("Client", mock.Anything, tc.config.ClientID, tc.domainID, tc.token).Return(mgsdk.Client{ID: tc.config.ClientID, Credentials: mgsdk.ClientCredentials{Secret: tc.config.ClientSecret}}, errors.NewSDKError(tc.clientErr)) - repoCall := tv.boot.On("ListExisting", context.Background(), domainID, mock.Anything).Return(tc.config.Channels, tc.listErr) - repoCall1 := tv.boot.On("Save", context.Background(), mock.Anything, mock.Anything).Return(mock.Anything, tc.saveErr) + repoCall := tv.boot.On("Save", context.Background(), mock.Anything).Return(mock.Anything, tc.saveErr) _, err := tv.svc.Add(context.Background(), tc.session, tc.token, tc.config) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) @@ -212,9 +151,7 @@ func TestAdd(t *testing.T) { test(t, tc.event, event, tc.desc) - sdkCall.Unset() repoCall.Unset() - repoCall1.Unset() } } @@ -225,7 +162,7 @@ func TestView(t *testing.T) { tv := newTestVariable(t, redisURL) nonExisting := config - nonExisting.ClientID = unknownClientID + nonExisting.ID = unknownID cases := []struct { desc string @@ -246,10 +183,9 @@ func TestView(t *testing.T) { domainID: domainID, err: nil, event: map[string]any{ - "client_id": config.ClientID, + "config_id": config.ID, "domain_id": config.DomainID, "name": config.Name, - "channels": config.Channels, "external_id": config.ExternalID, "content": config.Content, "timestamp": time.Now().Unix(), @@ -271,8 +207,8 @@ func TestView(t *testing.T) { lastID := "0" for _, tc := range cases { tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID, DomainUserID: validID} - repoCall := tv.boot.On("RetrieveByID", context.Background(), tc.domainID, tc.config.ClientID).Return(config, tc.retrieveErr) - _, err := tv.svc.View(context.Background(), tc.session, tc.config.ClientID) + repoCall := tv.boot.On("RetrieveByID", context.Background(), tc.domainID, tc.config.ID).Return(config, tc.retrieveErr) + _, err := tv.svc.View(context.Background(), tc.session, tc.config.ID) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) streams := redisClient.XRead(context.Background(), &redis.XReadArgs{ @@ -300,24 +236,12 @@ func TestUpdate(t *testing.T) { tv := newTestVariable(t, redisURL) - c := config - - ch1 := channel - ch1.ID = testsutil.GenerateUUID(t) - - ch2 := channel - ch2.ID = testsutil.GenerateUUID(t) - - c.Channels = append(c.Channels, ch1, ch2) - - modified := c + modified := config modified.Content = "new-config" modified.Name = "new name" nonExisting := config - nonExisting.ClientID = unknownClientID - - channels := []string{modified.Channels[0].ID, modified.Channels[1].ID} + nonExisting.ID = unknownID cases := []struct { desc string @@ -342,11 +266,10 @@ func TestUpdate(t *testing.T) { "content": modified.Content, "timestamp": time.Now().UnixNano(), "operation": configUpdate, - "channels": channels, "external_id": modified.ExternalID, - "client_id": modified.ClientID, + "config_id": modified.ID, "domain_id": domainID, - "state": "0", + "status": bootstrap.Disabled, "occurred_at": time.Now().UnixNano(), }, }, @@ -388,119 +311,6 @@ func TestUpdate(t *testing.T) { } } -func TestUpdateConnections(t *testing.T) { - err := redisClient.FlushAll(context.Background()).Err() - assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err)) - - tv := newTestVariable(t, redisURL) - - cases := []struct { - desc string - configID string - id string - domainID string - token string - session smqauthn.Session - connections []string - clientErr error - channelErr error - retrieveErr error - listErr error - updateErr error - err error - event map[string]any - }{ - { - desc: "update connections successfully", - configID: config.ClientID, - token: validToken, - id: validID, - domainID: domainID, - connections: []string{config.Channels[0].ID}, - err: nil, - event: map[string]any{ - "client_id": config.ClientID, - "channels": "2", - "timestamp": time.Now().Unix(), - "operation": clientUpdateConnections, - }, - }, - { - desc: "update connections with failed channel fetch", - configID: config.ClientID, - token: validToken, - id: validID, - domainID: domainID, - connections: []string{"256"}, - channelErr: errors.NewSDKError(svcerr.ErrNotFound), - err: svcerr.ErrNotFound, - event: nil, - }, - { - desc: "update connections with failed RetrieveByID", - configID: config.ClientID, - token: validToken, - id: validID, - domainID: domainID, - connections: []string{config.Channels[0].ID}, - retrieveErr: svcerr.ErrNotFound, - err: svcerr.ErrNotFound, - event: nil, - }, - { - desc: "update connections with failed ListExisting", - configID: config.ClientID, - token: validToken, - id: validID, - domainID: domainID, - connections: []string{config.Channels[0].ID}, - listErr: svcerr.ErrNotFound, - err: svcerr.ErrNotFound, - event: nil, - }, - { - desc: "update connections with failed UpdateConnections", - configID: config.ClientID, - token: validToken, - id: validID, - domainID: domainID, - connections: []string{config.Channels[0].ID}, - updateErr: svcerr.ErrUpdateEntity, - err: svcerr.ErrUpdateEntity, - event: nil, - }, - } - - lastID := "0" - for _, tc := range cases { - tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID, DomainUserID: validID} - sdkCall := tv.sdk.On("Channel", mock.Anything, mock.Anything, tc.domainID, tc.token).Return(mgsdk.Channel{}, tc.channelErr) - repoCall := tv.boot.On("RetrieveByID", context.Background(), tc.domainID, tc.configID).Return(config, tc.retrieveErr) - repoCall1 := tv.boot.On("ListExisting", context.Background(), domainID, mock.Anything, mock.Anything).Return(config.Channels, tc.listErr) - repoCall2 := tv.boot.On("UpdateConnections", context.Background(), tc.domainID, tc.configID, mock.Anything, tc.connections).Return(tc.updateErr) - err := tv.svc.UpdateConnections(context.Background(), tc.session, tc.token, tc.configID, tc.connections) - assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - - streams := redisClient.XRead(context.Background(), &redis.XReadArgs{ - Streams: []string{streamID, lastID}, - Count: 1, - Block: time.Second, - }).Val() - - var event map[string]any - if len(streams) > 0 && len(streams[0].Messages) > 0 { - event := streams[0].Messages - lastID = event[0].ID - } - - test(t, tc.event, event, tc.desc) - sdkCall.Unset() - repoCall.Unset() - repoCall1.Unset() - repoCall2.Unset() - } -} - func TestUpdateCert(t *testing.T) { err := redisClient.FlushAll(context.Background()).Err() assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err)) @@ -523,7 +333,7 @@ func TestUpdateCert(t *testing.T) { }{ { desc: "update cert successfully", - configID: config.ClientID, + configID: config.ID, userID: validID, domainID: domainID, token: validToken, @@ -532,11 +342,10 @@ func TestUpdateCert(t *testing.T) { caCert: "caCert", err: nil, event: map[string]any{ - "client_secret": config.ClientSecret, - "client_cert": "clientCert", - "client_key": "clientKey", - "ca_cert": "caCert", - "operation": certUpdate, + "client_cert": "clientCert", + "client_key": "clientKey", + "ca_cert": "caCert", + "operation": certUpdate, }, }, { @@ -554,7 +363,7 @@ func TestUpdateCert(t *testing.T) { }, { desc: "update cert with empty client certificate", - configID: config.ClientID, + configID: config.ID, token: validToken, userID: validID, domainID: domainID, @@ -566,7 +375,7 @@ func TestUpdateCert(t *testing.T) { }, { desc: "update cert with empty client key", - configID: config.ClientID, + configID: config.ID, token: validToken, userID: validID, domainID: domainID, @@ -578,7 +387,7 @@ func TestUpdateCert(t *testing.T) { }, { desc: "update cert with empty CA certificate", - configID: config.ClientID, + configID: config.ID, token: validToken, userID: validID, domainID: domainID, @@ -588,25 +397,6 @@ func TestUpdateCert(t *testing.T) { err: nil, event: nil, }, - { - desc: "successful update without CA certificate", - configID: config.ClientID, - token: validToken, - userID: validID, - domainID: domainID, - clientCert: "clientCert", - clientKey: "clientKey", - caCert: "", - err: nil, - event: map[string]any{ - "client_secret": config.ClientSecret, - "client_cert": "clientCert", - "client_key": "clientKey", - "ca_cert": "caCert", - "operation": certUpdate, - "timestamp": time.Now().Unix(), - }, - }, } lastID := "0" @@ -642,31 +432,29 @@ func TestList(t *testing.T) { var c bootstrap.Config saved := make([]bootstrap.Config, 0) for i := 0; i < numClients; i++ { - c := config + c = config c.ExternalID = testsutil.GenerateUUID(t) c.ExternalKey = testsutil.GenerateUUID(t) c.Name = fmt.Sprintf("%s-%d", config.Name, i) if i == 41 { - c.State = bootstrap.Active + c.Status = bootstrap.Active } saved = append(saved, c) } cases := []struct { - desc string - token string - session smqauthn.Session - userID string - domainID string - config bootstrap.ConfigsPage - filter bootstrap.Filter - offset uint64 - limit uint64 - listObjectsResponse policysvc.PolicyPage - listObjectsErr error - retrieveErr error - err error - event map[string]any + desc string + token string + session smqauthn.Session + userID string + domainID string + config bootstrap.ConfigsPage + filter bootstrap.Filter + offset uint64 + limit uint64 + retrieveErr error + err error + event map[string]any }{ { desc: "list successfully as super admin", @@ -680,16 +468,14 @@ func TestList(t *testing.T) { Limit: 10, Configs: saved[0:10], }, - filter: bootstrap.Filter{}, - offset: 0, - limit: 10, - listObjectsResponse: policysvc.PolicyPage{}, - err: nil, + filter: bootstrap.Filter{}, + offset: 0, + limit: 10, + err: nil, event: map[string]any{ - "client_id": c.ClientID, + "config_id": c.ID, "domain_id": c.DomainID, "name": c.Name, - "channels": c.Channels, "external_id": c.ExternalID, "content": c.Content, "timestamp": time.Now().Unix(), @@ -708,16 +494,14 @@ func TestList(t *testing.T) { Limit: 10, Configs: saved[0:10], }, - filter: bootstrap.Filter{}, - offset: 0, - limit: 10, - listObjectsResponse: policysvc.PolicyPage{}, - err: nil, + filter: bootstrap.Filter{}, + offset: 0, + limit: 10, + err: nil, event: map[string]any{ - "client_id": c.ClientID, + "config_id": c.ID, "domain_id": c.DomainID, "name": c.Name, - "channels": c.Channels, "external_id": c.ExternalID, "content": c.Content, "timestamp": time.Now().Unix(), @@ -736,16 +520,14 @@ func TestList(t *testing.T) { Limit: 10, Configs: saved[0:10], }, - filter: bootstrap.Filter{}, - offset: 0, - limit: 10, - listObjectsResponse: policysvc.PolicyPage{}, - err: nil, + filter: bootstrap.Filter{}, + offset: 0, + limit: 10, + err: nil, event: map[string]any{ - "client_id": c.ClientID, + "config_id": c.ID, "domain_id": c.DomainID, "name": c.Name, - "channels": c.Channels, "external_id": c.ExternalID, "content": c.Content, "timestamp": time.Now().Unix(), @@ -753,73 +535,49 @@ func TestList(t *testing.T) { }, }, { - desc: "list as non admin with failed list all objects", - token: validToken, - userID: validID, - domainID: domainID, - session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, - filter: bootstrap.Filter{}, - offset: 0, - limit: 10, - listObjectsResponse: policysvc.PolicyPage{}, - listObjectsErr: svcerr.ErrNotFound, - err: svcerr.ErrNotFound, - event: nil, - }, - - { - desc: "list as super admin with failed retrieve all", - token: validToken, - userID: validID, - domainID: domainID, - session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID, SuperAdmin: true}, - filter: bootstrap.Filter{}, - offset: 0, - limit: 10, - listObjectsResponse: policysvc.PolicyPage{}, - retrieveErr: nil, - err: nil, - event: nil, + desc: "list as super admin with failed retrieve all", + token: validToken, + userID: validID, + domainID: domainID, + session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID, SuperAdmin: true}, + filter: bootstrap.Filter{}, + offset: 0, + limit: 10, + retrieveErr: nil, + err: nil, + event: nil, }, { - desc: "list as domain admin with failed retrieve all", - token: validToken, - userID: validID, - domainID: domainID, - session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID, SuperAdmin: true}, - filter: bootstrap.Filter{}, - offset: 0, - limit: 10, - listObjectsResponse: policysvc.PolicyPage{}, - retrieveErr: nil, - err: nil, - event: nil, + desc: "list as domain admin with failed retrieve all", + token: validToken, + userID: validID, + domainID: domainID, + session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID, SuperAdmin: true}, + filter: bootstrap.Filter{}, + offset: 0, + limit: 10, + retrieveErr: nil, + err: nil, + event: nil, }, { - desc: "list as non admin with failed retrieve all", - token: validToken, - userID: validID, - domainID: domainID, - session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, - filter: bootstrap.Filter{}, - offset: 0, - limit: 10, - listObjectsResponse: policysvc.PolicyPage{}, - retrieveErr: nil, - err: nil, - event: nil, + desc: "list as non admin with failed retrieve all", + token: validToken, + userID: validID, + domainID: domainID, + session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, + filter: bootstrap.Filter{}, + offset: 0, + limit: 10, + retrieveErr: nil, + err: nil, + event: nil, }, } lastID := "0" for _, tc := range cases { - policyCall := tv.policies.On("ListAllObjects", mock.Anything, policysvc.Policy{ - SubjectType: policysvc.UserType, - Subject: tc.userID, - Permission: policysvc.ViewPermission, - ObjectType: policysvc.ClientType, - }).Return(tc.listObjectsResponse, tc.listObjectsErr) - repoCall := tv.boot.On("RetrieveAll", context.Background(), mock.Anything, mock.Anything, tc.filter, tc.offset, tc.limit).Return(tc.config, tc.retrieveErr) + repoCall := tv.boot.On("RetrieveAll", context.Background(), mock.Anything, tc.filter, tc.offset, tc.limit).Return(tc.config, tc.retrieveErr) _, err := tv.svc.List(context.Background(), tc.session, tc.filter, tc.offset, tc.limit) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) @@ -838,7 +596,6 @@ func TestList(t *testing.T) { test(t, tc.event, event, tc.desc) - policyCall.Unset() repoCall.Unset() } } @@ -850,7 +607,7 @@ func TestRemove(t *testing.T) { tv := newTestVariable(t, redisURL) nonExisting := config - nonExisting.ClientID = unknownClientID + nonExisting.ID = unknownID cases := []struct { desc string @@ -865,20 +622,20 @@ func TestRemove(t *testing.T) { }{ { desc: "remove config successfully", - configID: config.ClientID, + configID: config.ID, token: validToken, userID: validID, domainID: domainID, err: nil, event: map[string]any{ - "client_id": config.ClientID, + "config_id": config.ID, "timestamp": time.Now().Unix(), "operation": configRemove, }, }, { desc: "remove config with failed removal", - configID: nonExisting.ClientID, + configID: nonExisting.ID, token: validToken, userID: validID, domainID: domainID, @@ -975,87 +732,64 @@ func TestBootstrap(t *testing.T) { } } -func TestChangeState(t *testing.T) { +func TestEnableConfig(t *testing.T) { err := redisClient.FlushAll(context.Background()).Err() assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err)) tv := newTestVariable(t, redisURL) cases := []struct { - desc string - id string - userID string - domainID string - token string - session smqauthn.Session - state bootstrap.State - authResponse smqauthn.Session - authorizeErr error - connectErr error - retrieveErr error - stateErr error - authenticateErr error - err error - event map[string]any + desc string + id string + userID string + domainID string + session smqauthn.Session + retrieveErr error + statusErr error + err error + event map[string]any }{ { - desc: "change state to active", - id: config.ClientID, - token: validToken, - userID: validID, - domainID: domainID, - state: bootstrap.Active, - authResponse: smqauthn.Session{}, - err: nil, + desc: "enable config", + id: config.ID, + userID: validID, + domainID: domainID, + err: nil, event: map[string]any{ - "client_id": config.ClientID, - "state": bootstrap.Active.String(), + "config_id": config.ID, "timestamp": time.Now().Unix(), - "operation": clientStateChange, + "operation": configEnable, }, }, { - desc: "change state with failed retrieve by ID", + desc: "enable with failed retrieve by ID", id: "", - token: validToken, userID: validID, domainID: domainID, - state: bootstrap.Active, retrieveErr: svcerr.ErrNotFound, err: svcerr.ErrNotFound, event: nil, }, { - desc: "change state with failed connect", - id: config.ClientID, - token: validToken, - userID: validID, - domainID: domainID, - state: bootstrap.Active, - connectErr: bootstrap.ErrClients, - err: bootstrap.ErrClients, - event: nil, - }, - { - desc: "change state unsuccessfully", - id: config.ClientID, - token: validToken, - userID: validID, - domainID: domainID, - state: bootstrap.Active, - stateErr: svcerr.ErrUpdateEntity, - err: svcerr.ErrUpdateEntity, - event: nil, + desc: "enable with repo status error", + id: config.ID, + userID: validID, + domainID: domainID, + statusErr: svcerr.ErrUpdateEntity, + err: svcerr.ErrUpdateEntity, + event: nil, }, } + disabledConfig := config + disabledConfig.Status = bootstrap.DisabledStatus + lastID := "0" for _, tc := range cases { tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID, DomainUserID: validID} - repoCall := tv.boot.On("RetrieveByID", context.Background(), tc.domainID, tc.id).Return(config, tc.retrieveErr) - sdkCall1 := tv.sdk.On("ConnectClients", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(errors.NewSDKError(tc.connectErr)) - repoCall1 := tv.boot.On("ChangeState", context.Background(), mock.Anything, mock.Anything, mock.Anything).Return(tc.stateErr) - err := tv.svc.ChangeState(context.Background(), tc.session, tc.token, tc.id, tc.state) + repoCall := tv.boot.On("RetrieveByID", context.Background(), tc.domainID, tc.id).Return(disabledConfig, tc.retrieveErr) + repoCall1 := tv.boot.On("ChangeStatus", context.Background(), mock.Anything, mock.Anything, mock.Anything).Return(tc.statusErr) + _, err := tv.svc.EnableConfig(context.Background(), tc.session, tc.id) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) streams := redisClient.XRead(context.Background(), &redis.XReadArgs{ @@ -1071,198 +805,67 @@ func TestChangeState(t *testing.T) { } test(t, tc.event, event, tc.desc) - sdkCall1.Unset() repoCall.Unset() repoCall1.Unset() } } -func TestUpdateChannelHandler(t *testing.T) { +func TestDisableConfig(t *testing.T) { err := redisClient.FlushAll(context.Background()).Err() assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err)) tv := newTestVariable(t, redisURL) cases := []struct { - desc string - channel bootstrap.Channel - err error - event map[string]any + desc string + id string + userID string + domainID string + session smqauthn.Session + retrieveErr error + statusErr error + err error + event map[string]any }{ { - desc: "update channel handler successfully", - channel: channel, - err: nil, - event: map[string]any{ - "channel_id": channel.ID, - "metadata": "{\"name\":\"value\"}", - "name": channel.Name, - "operation": channelUpdateHandler, - "timestamp": time.Now().UnixNano(), - "occurred_at": time.Now().UnixNano(), - }, - }, - { - desc: "update non-existing channel handler", - channel: bootstrap.Channel{ID: "unknown", Name: "NonExistingChannel"}, - err: nil, - event: nil, - }, - { - desc: "update channel handler with empty ID", - channel: bootstrap.Channel{Name: "ChannelWithEmptyID"}, - err: nil, - event: nil, - }, - { - desc: "update channel handler with empty name", - channel: bootstrap.Channel{ID: "3"}, - err: nil, - event: nil, - }, - { - desc: "update channel handler successfully with modified fields", - channel: channel, - err: nil, - event: map[string]any{ - "channel_id": channel.ID, - "metadata": "{\"name\":\"value\"}", - "name": channel.Name, - "operation": channelUpdateHandler, - "timestamp": time.Now().UnixNano(), - "occurred_at": time.Now().UnixNano(), - }, - }, - } - - lastID := "0" - for _, tc := range cases { - repoCall := tv.boot.On("UpdateChannel", context.Background(), mock.Anything).Return(tc.err) - err := tv.svc.UpdateChannelHandler(context.Background(), tc.channel) - assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - - streams := redisClient.XRead(context.Background(), &redis.XReadArgs{ - Streams: []string{streamID, lastID}, - Count: 1, - Block: time.Second, - }).Val() - - var event map[string]any - if len(streams) > 0 && len(streams[0].Messages) > 0 { - msg := streams[0].Messages[0] - event = msg.Values - event["timestamp"] = msg.ID - lastID = msg.ID - } - test(t, tc.event, event, tc.desc) - repoCall.Unset() - } -} - -func TestRemoveChannelHandler(t *testing.T) { - err := redisClient.FlushAll(context.Background()).Err() - assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err)) - - tv := newTestVariable(t, redisURL) - - cases := []struct { - desc string - channelID string - err error - event map[string]any - }{ - { - desc: "remove channel handler successfully", - channelID: channel.ID, - err: nil, - event: map[string]any{ - "config_id": channel.ID, - "operation": channelHandlerRemove, - "timestamp": time.Now().UnixNano(), - "occurred_at": time.Now().UnixNano(), - }, - }, - { - desc: "remove non-existing channel handler", - channelID: "unknown", - err: nil, - event: nil, - }, - { - desc: "remove channel handler with empty ID", - channelID: "", - err: nil, - event: nil, - }, - } - - lastID := "0" - for _, tc := range cases { - repoCall := tv.boot.On("RemoveChannel", context.Background(), mock.Anything).Return(tc.err) - err := tv.svc.RemoveChannelHandler(context.Background(), tc.channelID) - assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - - streams := redisClient.XRead(context.Background(), &redis.XReadArgs{ - Streams: []string{streamID, lastID}, - Count: 1, - Block: time.Second, - }).Val() - - var event map[string]any - if len(streams) > 0 && len(streams[0].Messages) > 0 { - msg := streams[0].Messages[0] - event = msg.Values - event["timestamp"] = msg.ID - lastID = msg.ID - } - - test(t, tc.event, event, tc.desc) - repoCall.Unset() - } -} - -func TestRemoveConfigHandler(t *testing.T) { - err := redisClient.FlushAll(context.Background()).Err() - assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err)) - - tv := newTestVariable(t, redisURL) - - cases := []struct { - desc string - configID string - err error - event map[string]any - }{ - { - desc: "remove config handler successfully", - configID: channel.ID, + desc: "disable config", + id: config.ID, + userID: validID, + domainID: domainID, err: nil, event: map[string]any{ - "config_id": channel.ID, - "operation": configHandlerRemove, - "timestamp": time.Now().UnixNano(), - "occurred_at": time.Now().UnixNano(), + "config_id": config.ID, + "timestamp": time.Now().Unix(), + "operation": configDisable, }, }, { - desc: "remove non-existing config handler", - configID: "unknown", - err: nil, - event: nil, + desc: "disable with failed retrieve by ID", + id: "", + userID: validID, + domainID: domainID, + retrieveErr: svcerr.ErrNotFound, + err: svcerr.ErrNotFound, + event: nil, }, { - desc: "remove config handler with empty ID", - configID: "", - err: nil, - event: nil, + desc: "disable with repo status error", + id: config.ID, + userID: validID, + domainID: domainID, + statusErr: svcerr.ErrUpdateEntity, + err: svcerr.ErrUpdateEntity, + event: nil, }, } lastID := "0" for _, tc := range cases { - repoCall := tv.boot.On("RemoveClient", context.Background(), mock.Anything).Return(tc.err) - err := tv.svc.RemoveConfigHandler(context.Background(), tc.configID) - assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID, DomainUserID: validID} + repoCall := tv.boot.On("RetrieveByID", context.Background(), tc.domainID, tc.id).Return(config, tc.retrieveErr) + repoCall1 := tv.boot.On("ChangeStatus", context.Background(), mock.Anything, mock.Anything, mock.Anything).Return(tc.statusErr) + _, err := tv.svc.DisableConfig(context.Background(), tc.session, tc.id) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) streams := redisClient.XRead(context.Background(), &redis.XReadArgs{ Streams: []string{streamID, lastID}, @@ -1272,172 +875,13 @@ func TestRemoveConfigHandler(t *testing.T) { var event map[string]any if len(streams) > 0 && len(streams[0].Messages) > 0 { - msg := streams[0].Messages[0] - event = msg.Values - event["timestamp"] = msg.ID - lastID = msg.ID - } - - test(t, tc.event, event, tc.desc) - repoCall.Unset() - } -} - -func TestConnectClientHandler(t *testing.T) { - err := redisClient.FlushAll(context.Background()).Err() - assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err)) - - tv := newTestVariable(t, redisURL) - - cases := []struct { - desc string - channelID string - clientID string - err error - event map[string]any - }{ - { - desc: "connect client handler successfully", - channelID: channel.ID, - clientID: "1", - err: nil, - event: map[string]any{ - "channel_id": channel.ID, - "client_id": "1", - "operation": clientConnect, - "timestamp": time.Now().UnixNano(), - "occurred_at": time.Now().UnixNano(), - }, - }, - { - desc: "connect non-existing client handler", - channelID: channel.ID, - clientID: "unknown", - err: nil, - event: nil, - }, - { - desc: "connect client handler with empty client ID", - channelID: channel.ID, - clientID: "", - err: nil, - event: nil, - }, - { - desc: "connect client handler with empty channel ID", - channelID: "", - clientID: "1", - err: nil, - event: nil, - }, - } - - lastID := "0" - for _, tc := range cases { - repoCall := tv.boot.On("ConnectClient", context.Background(), mock.Anything, mock.Anything).Return(tc.err) - err := tv.svc.ConnectClientHandler(context.Background(), tc.channelID, tc.clientID) - assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - - streams := redisClient.XRead(context.Background(), &redis.XReadArgs{ - Streams: []string{streamID, lastID}, - Count: 1, - Block: time.Second, - }).Val() - - var event map[string]any - if len(streams) > 0 && len(streams[0].Messages) > 0 { - msg := streams[0].Messages[0] - event = msg.Values - event["timestamp"] = msg.ID - lastID = msg.ID - } - - test(t, tc.event, event, tc.desc) - repoCall.Unset() - } -} - -func TestDisconnectClientHandler(t *testing.T) { - err := redisClient.FlushAll(context.Background()).Err() - assert.Nil(t, err, fmt.Sprintf("got unexpected error: %s", err)) - - tv := newTestVariable(t, redisURL) - - cases := []struct { - desc string - channelID string - clientID string - err error - event map[string]any - }{ - { - desc: "disconnect client handler successfully", - channelID: channel.ID, - clientID: "1", - err: nil, - event: map[string]any{ - "channel_id": channel.ID, - "client_id": "1", - "operation": clientDisconnect, - "timestamp": time.Now().UnixNano(), - "occurred_at": time.Now().UnixNano(), - }, - }, - { - desc: "remove non-existing client handler", - channelID: "unknown", - err: nil, - }, - { - desc: "remove client handler with empty client ID", - channelID: channel.ID, - clientID: "", - err: nil, - event: nil, - }, - { - desc: "remove client handler with empty channel ID", - channelID: "", - err: nil, - event: nil, - }, - { - desc: "remove client handler successfully", - channelID: channel.ID, - clientID: "1", - err: nil, - event: map[string]any{ - "channel_id": channel.ID, - "client_id": "1", - "operation": clientDisconnect, - "timestamp": time.Now().UnixNano(), - "occurred_at": time.Now().UnixNano(), - }, - }, - } - - lastID := "0" - for _, tc := range cases { - repoCall := tv.boot.On("DisconnectClient", context.Background(), tc.channelID, tc.clientID).Return(tc.err) - err := tv.svc.DisconnectClientHandler(context.Background(), tc.channelID, tc.clientID) - assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - - streams := redisClient.XRead(context.Background(), &redis.XReadArgs{ - Streams: []string{streamID, lastID}, - Count: 1, - Block: time.Second, - }).Val() - - var event map[string]any - if len(streams) > 0 && len(streams[0].Messages) > 0 { - msg := streams[0].Messages[0] - event = msg.Values - event["timestamp"] = msg.ID - lastID = msg.ID + event := streams[0].Messages + lastID = event[0].ID } test(t, tc.event, event, tc.desc) repoCall.Unset() + repoCall1.Unset() } } @@ -1465,17 +909,6 @@ func test(t *testing.T, expected, actual map[string]any, description string) { delete(actual, "occurred_at") } - exchs := expected["channels"].([]any) - achs := actual["channels"].([]any) - - if exchs != nil && achs != nil { - if assert.Len(t, exchs, len(achs), fmt.Sprintf("%s: got incorrect number of channels\n", description)) { - for _, exch := range exchs { - assert.Contains(t, achs, exch, fmt.Sprintf("%s: got incorrect channel\n", description)) - } - } - } - assert.Equal(t, expected, actual, fmt.Sprintf("%s: got incorrect event\n", description)) } } diff --git a/bootstrap/hasher.go b/bootstrap/hasher.go new file mode 100644 index 000000000..3460ce2f9 --- /dev/null +++ b/bootstrap/hasher.go @@ -0,0 +1,14 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package bootstrap + +// Hasher specifies an API for generating hashes of arbitrary textual content. +type Hasher interface { + // Hash generates the hashed string from plain-text. + Hash(string) (string, error) + + // Compare compares plain-text version to the hashed one. An error should + // indicate failed comparison. + Compare(string, string) error +} diff --git a/bootstrap/hasher/hasher.go b/bootstrap/hasher/hasher.go new file mode 100644 index 000000000..51bb70037 --- /dev/null +++ b/bootstrap/hasher/hasher.go @@ -0,0 +1,94 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package hasher + +import ( + "crypto/subtle" + "encoding/base64" + "strings" + + "github.com/absmach/magistrala/bootstrap" + "github.com/absmach/magistrala/pkg/errors" + "golang.org/x/crypto/bcrypt" + "golang.org/x/crypto/scrypt" +) + +const ( + cost = 10 + legacyScryptPrefix = "scrypt$" + legacyScryptKeyN = 16384 + legacyScryptKeyR = 8 + legacyScryptKeyP = 1 + legacyScryptKeySize = 32 +) + +var ( + errHashExternalKey = errors.NewServiceError("generate hash from external key failed") + errCompareExternalKey = errors.NewServiceError("compare external key and hash failed") + errInvalidHashStore = errors.New("invalid stored external key hash format") + errDecode = errors.New("failed to decode external key hash") +) + +var _ bootstrap.Hasher = (*bcryptHasher)(nil) + +type bcryptHasher struct{} + +// New instantiates a bcrypt-based hasher implementation. +func New() bootstrap.Hasher { + return &bcryptHasher{} +} + +func (*bcryptHasher) Hash(key string) (string, error) { + hash, err := bcrypt.GenerateFromPassword([]byte(key), cost) + if err != nil { + return "", errors.Wrap(errHashExternalKey, err) + } + + return string(hash), nil +} + +func (*bcryptHasher) Compare(plain, hashed string) error { + if strings.HasPrefix(hashed, legacyScryptPrefix) { + return compareLegacyScryptHash(plain, hashed) + } + + if err := bcrypt.CompareHashAndPassword([]byte(hashed), []byte(plain)); err == nil { + return nil + } + + // Legacy rows may still contain plaintext external keys. + if subtle.ConstantTimeCompare([]byte(plain), []byte(hashed)) == 1 { + return nil + } + + return bootstrap.ErrExternalKey +} + +func compareLegacyScryptHash(plain, hashed string) error { + parts := strings.Split(strings.TrimPrefix(hashed, legacyScryptPrefix), ".") + if len(parts) != 2 { + return errInvalidHashStore + } + + actualHash, err := base64.StdEncoding.DecodeString(parts[0]) + if err != nil { + return errors.Wrap(errDecode, err) + } + + salt, err := base64.StdEncoding.DecodeString(parts[1]) + if err != nil { + return errors.Wrap(errDecode, err) + } + + derivedHash, err := scrypt.Key([]byte(plain), salt, legacyScryptKeyN, legacyScryptKeyR, legacyScryptKeyP, legacyScryptKeySize) + if err != nil { + return errors.Wrap(errCompareExternalKey, err) + } + + if subtle.ConstantTimeCompare(derivedHash, actualHash) == 1 { + return nil + } + + return bootstrap.ErrExternalKey +} diff --git a/bootstrap/middleware/authorization.go b/bootstrap/middleware/authorization.go index d71a26ccf..d5fe16272 100644 --- a/bootstrap/middleware/authorization.go +++ b/bootstrap/middleware/authorization.go @@ -6,16 +6,22 @@ package middleware import ( "context" + "github.com/absmach/magistrala/auth" "github.com/absmach/magistrala/bootstrap" smqauthn "github.com/absmach/magistrala/pkg/authn" "github.com/absmach/magistrala/pkg/authz" + svcerr "github.com/absmach/magistrala/pkg/errors/service" "github.com/absmach/magistrala/pkg/policies" ) const ( - updatePermission = "update_permission" - readPermission = "read_permission" - deletePermission = "delete_permission" + createOperation = "create" + viewOperation = "view" + updateOperation = "update" + updateCertOperation = "update_cert" + listOperation = "list" + removeOperation = "remove" + changeStateOperation = "change_state" ) var _ bootstrap.Service = (*authorizationMiddleware)(nil) @@ -34,7 +40,7 @@ func AuthorizationMiddleware(svc bootstrap.Service, authz authz.Authorization) b } func (am *authorizationMiddleware) Add(ctx context.Context, session smqauthn.Session, token string, cfg bootstrap.Config) (bootstrap.Config, error) { - if err := am.authorize(ctx, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID); err != nil { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, createOperation, auth.AnyIDs); err != nil { return bootstrap.Config{}, err } @@ -42,7 +48,7 @@ func (am *authorizationMiddleware) Add(ctx context.Context, session smqauthn.Ses } func (am *authorizationMiddleware) View(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) { - if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, readPermission, policies.ClientType, id); err != nil { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, viewOperation, id); err != nil { return bootstrap.Config{}, err } @@ -50,34 +56,26 @@ func (am *authorizationMiddleware) View(ctx context.Context, session smqauthn.Se } func (am *authorizationMiddleware) Update(ctx context.Context, session smqauthn.Session, cfg bootstrap.Config) error { - if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, updatePermission, policies.ClientType, cfg.ClientID); err != nil { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateOperation, cfg.ID); err != nil { return err } return am.svc.Update(ctx, session, cfg) } -func (am *authorizationMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) { - if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, updatePermission, policies.ClientType, clientID); err != nil { +func (am *authorizationMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (bootstrap.Config, error) { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateCertOperation, id); err != nil { return bootstrap.Config{}, err } - return am.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert) -} - -func (am *authorizationMiddleware) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) error { - if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, updatePermission, policies.ClientType, id); err != nil { - return err - } - - return am.svc.UpdateConnections(ctx, session, token, id, connections) + return am.svc.UpdateCert(ctx, session, id, clientCert, clientKey, caCert) } func (am *authorizationMiddleware) List(ctx context.Context, session smqauthn.Session, filter bootstrap.Filter, offset, limit uint64) (bootstrap.ConfigsPage, error) { - if err := am.checkSuperAdmin(ctx, session.DomainUserID); err == nil { + if err := am.checkSuperAdmin(ctx, session); err == nil { session.SuperAdmin = true } - if err := am.authorize(ctx, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.AdminPermission, policies.DomainType, session.DomainID); err == nil { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.AdminPermission, policies.DomainType, session.DomainID, listOperation, auth.AnyIDs); err == nil { session.SuperAdmin = true } @@ -85,7 +83,7 @@ func (am *authorizationMiddleware) List(ctx context.Context, session smqauthn.Se } func (am *authorizationMiddleware) Remove(ctx context.Context, session smqauthn.Session, id string) error { - if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, deletePermission, policies.ClientType, id); err != nil { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, removeOperation, id); err != nil { return err } @@ -96,34 +94,92 @@ func (am *authorizationMiddleware) Bootstrap(ctx context.Context, externalKey, e return am.svc.Bootstrap(ctx, externalKey, externalID, secure) } -func (am *authorizationMiddleware) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state bootstrap.State) error { - return am.svc.ChangeState(ctx, session, token, id, state) +func (am *authorizationMiddleware) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, changeStateOperation, id); err != nil { + return bootstrap.Config{}, err + } + + return am.svc.EnableConfig(ctx, session, id) } -func (am *authorizationMiddleware) UpdateChannelHandler(ctx context.Context, channel bootstrap.Channel) error { - return am.svc.UpdateChannelHandler(ctx, channel) +func (am *authorizationMiddleware) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, changeStateOperation, id); err != nil { + return bootstrap.Config{}, err + } + + return am.svc.DisableConfig(ctx, session, id) } -func (am *authorizationMiddleware) RemoveConfigHandler(ctx context.Context, id string) error { - return am.svc.RemoveConfigHandler(ctx, id) +func (am *authorizationMiddleware) CreateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (bootstrap.Profile, error) { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, createOperation, auth.AnyIDs); err != nil { + return bootstrap.Profile{}, err + } + return am.svc.CreateProfile(ctx, session, p) } -func (am *authorizationMiddleware) RemoveChannelHandler(ctx context.Context, id string) error { - return am.svc.RemoveChannelHandler(ctx, id) +func (am *authorizationMiddleware) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (bootstrap.Profile, error) { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, viewOperation, auth.AnyIDs); err != nil { + return bootstrap.Profile{}, err + } + return am.svc.ViewProfile(ctx, session, profileID) } -func (am *authorizationMiddleware) ConnectClientHandler(ctx context.Context, channelID, clientID string) error { - return am.svc.ConnectClientHandler(ctx, channelID, clientID) +func (am *authorizationMiddleware) UpdateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) error { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateOperation, auth.AnyIDs); err != nil { + return err + } + return am.svc.UpdateProfile(ctx, session, p) } -func (am *authorizationMiddleware) DisconnectClientHandler(ctx context.Context, channelID, clientID string) error { - return am.svc.DisconnectClientHandler(ctx, channelID, clientID) +func (am *authorizationMiddleware) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (bootstrap.ProfilesPage, error) { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, listOperation, auth.AnyIDs); err != nil { + return bootstrap.ProfilesPage{}, err + } + return am.svc.ListProfiles(ctx, session, offset, limit) } -func (am *authorizationMiddleware) checkSuperAdmin(ctx context.Context, adminID string) error { +func (am *authorizationMiddleware) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, removeOperation, auth.AnyIDs); err != nil { + return err + } + return am.svc.DeleteProfile(ctx, session, profileID) +} + +func (am *authorizationMiddleware) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateOperation, configID); err != nil { + return err + } + return am.svc.AssignProfile(ctx, session, configID, profileID) +} + +func (am *authorizationMiddleware) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []bootstrap.BindingRequest) error { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateOperation, configID); err != nil { + return err + } + return am.svc.BindResources(ctx, session, token, configID, bindings) +} + +func (am *authorizationMiddleware) ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]bootstrap.BindingSnapshot, error) { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, viewOperation, configID); err != nil { + return nil, err + } + return am.svc.ListBindings(ctx, session, configID) +} + +func (am *authorizationMiddleware) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error { + if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateOperation, configID); err != nil { + return err + } + return am.svc.RefreshBindings(ctx, session, token, configID) +} + +func (am *authorizationMiddleware) checkSuperAdmin(ctx context.Context, session smqauthn.Session) error { + if session.Role != smqauthn.SuperAdminRole { + return svcerr.ErrSuperAdminAction + } if err := am.authz.Authorize(ctx, authz.PolicyReq{ SubjectType: policies.UserType, - Subject: adminID, + Subject: session.UserID, Permission: policies.AdminPermission, ObjectType: policies.PlatformType, Object: policies.MagistralaObject, @@ -133,7 +189,7 @@ func (am *authorizationMiddleware) checkSuperAdmin(ctx context.Context, adminID return nil } -func (am *authorizationMiddleware) authorize(ctx context.Context, domain, subjType, subjKind, subj, perm, objType, obj string) error { +func (am *authorizationMiddleware) authorize(ctx context.Context, session smqauthn.Session, domain, subjType, subjKind, subj, perm, objType, obj, operation, entityID string) error { req := authz.PolicyReq{ Domain: domain, SubjectType: subjType, @@ -143,7 +199,20 @@ func (am *authorizationMiddleware) authorize(ctx context.Context, domain, subjTy ObjectType: objType, Object: obj, } - if err := am.authz.Authorize(ctx, req, nil); err != nil { + + var pat *authz.PATReq + if session.PatID != "" { + pat = &authz.PATReq{ + UserID: session.UserID, + PatID: session.PatID, + EntityID: entityID, + EntityType: auth.BootstrapType.String(), + Operation: operation, + Domain: session.DomainID, + } + } + + if err := am.authz.Authorize(ctx, req, pat); err != nil { return err } return nil diff --git a/bootstrap/middleware/logging.go b/bootstrap/middleware/logging.go index 61e4f1ec1..1e023adb2 100644 --- a/bootstrap/middleware/logging.go +++ b/bootstrap/middleware/logging.go @@ -32,7 +32,7 @@ func (lm *loggingMiddleware) Add(ctx context.Context, session smqauthn.Session, defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), - slog.String("client_id", saved.ClientID), + slog.String("config_id", saved.ID), } if err != nil { args = append(args, slog.Any("error", err)) @@ -51,7 +51,7 @@ func (lm *loggingMiddleware) View(ctx context.Context, session smqauthn.Session, defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), - slog.String("client_id", id), + slog.String("config_id", id), } if err != nil { args = append(args, slog.Any("error", err)) @@ -71,7 +71,7 @@ func (lm *loggingMiddleware) Update(ctx context.Context, session smqauthn.Sessio args := []any{ slog.String("duration", time.Since(begin).String()), slog.Group("config", - slog.String("client_id", cfg.ClientID), + slog.String("config_id", cfg.ID), slog.String("name", cfg.Name), ), } @@ -86,13 +86,13 @@ func (lm *loggingMiddleware) Update(ctx context.Context, session smqauthn.Sessio return lm.svc.Update(ctx, session, cfg) } -// UpdateCert logs the update_cert request. It logs client ID and the time it took to complete the request. +// UpdateCert logs the update_cert request. It logs config ID and the time it took to complete the request. // If the request fails, it logs the error. -func (lm *loggingMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) { +func (lm *loggingMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) { defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), - slog.String("client_id", cfg.ClientID), + slog.String("config_id", cfg.ID), } if err != nil { args = append(args, slog.Any("error", err)) @@ -102,27 +102,7 @@ func (lm *loggingMiddleware) UpdateCert(ctx context.Context, session smqauthn.Se lm.logger.Info("Update bootstrap config certificate completed successfully", args...) }(time.Now()) - return lm.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert) -} - -// UpdateConnections logs the update_connections request. It logs bootstrap ID and the time it took to complete the request. -// If the request fails, it logs the error. -func (lm *loggingMiddleware) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) (err error) { - defer func(begin time.Time) { - args := []any{ - slog.String("duration", time.Since(begin).String()), - slog.String("client_id", id), - slog.Any("connections", connections), - } - if err != nil { - args = append(args, slog.Any("error", err)) - lm.logger.Warn("Update config connections failed", args...) - return - } - lm.logger.Info("Update config connections completed successfully", args...) - }(time.Now()) - - return lm.svc.UpdateConnections(ctx, session, token, id, connections) + return lm.svc.UpdateCert(ctx, session, id, clientCert, clientKey, caCert) } // List logs the list request. It logs offset, limit and the time it took to complete the request. @@ -155,7 +135,7 @@ func (lm *loggingMiddleware) Remove(ctx context.Context, session smqauthn.Sessio defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), - slog.String("client_id", id), + slog.String("config_id", id), } if err != nil { args = append(args, slog.Any("error", err)) @@ -175,7 +155,7 @@ func (lm *loggingMiddleware) Bootstrap(ctx context.Context, externalKey, externa slog.String("external_id", externalID), } if err != nil { - args = append(args, slog.Any("error", err)) + args = append(args, slog.String("error", err.Error())) lm.logger.Warn("View bootstrap config failed", args...) return } @@ -185,111 +165,191 @@ func (lm *loggingMiddleware) Bootstrap(ctx context.Context, externalKey, externa return lm.svc.Bootstrap(ctx, externalKey, externalID, secure) } -func (lm *loggingMiddleware) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state bootstrap.State) (err error) { +func (lm *loggingMiddleware) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (cfg bootstrap.Config, err error) { defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), slog.String("id", id), - slog.Any("state", state), } if err != nil { args = append(args, slog.Any("error", err)) - lm.logger.Warn("Change client state failed", args...) + lm.logger.Warn("Enable config failed", args...) return } - lm.logger.Info("Change client state completed successfully", args...) + lm.logger.Info("Enable config completed successfully", args...) }(time.Now()) - return lm.svc.ChangeState(ctx, session, token, id, state) + return lm.svc.EnableConfig(ctx, session, id) } -func (lm *loggingMiddleware) UpdateChannelHandler(ctx context.Context, channel bootstrap.Channel) (err error) { +func (lm *loggingMiddleware) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (cfg bootstrap.Config, err error) { defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), - slog.Group("channel", - slog.String("id", channel.ID), - slog.String("name", channel.Name), - slog.Any("metadata", channel.Metadata), - ), + slog.String("id", id), } if err != nil { args = append(args, slog.Any("error", err)) - lm.logger.Warn("Update channel handler failed", args...) + lm.logger.Warn("Disable config failed", args...) return } - lm.logger.Info("Update channel handler completed successfully", args...) + lm.logger.Info("Disable config completed successfully", args...) }(time.Now()) - return lm.svc.UpdateChannelHandler(ctx, channel) + return lm.svc.DisableConfig(ctx, session, id) } -func (lm *loggingMiddleware) RemoveConfigHandler(ctx context.Context, id string) (err error) { +func (lm *loggingMiddleware) CreateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (saved bootstrap.Profile, err error) { defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), - slog.String("config_id", id), + slog.String("profile_id", saved.ID), } if err != nil { args = append(args, slog.Any("error", err)) - lm.logger.Warn("Remove config handler failed", args...) + lm.logger.Warn("Create profile failed", args...) return } - lm.logger.Info("Remove config handler completed successfully", args...) + lm.logger.Info("Create profile completed successfully", args...) }(time.Now()) - return lm.svc.RemoveConfigHandler(ctx, id) + return lm.svc.CreateProfile(ctx, session, p) } -func (lm *loggingMiddleware) RemoveChannelHandler(ctx context.Context, id string) (err error) { +func (lm *loggingMiddleware) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (p bootstrap.Profile, err error) { defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), - slog.String("channel_id", id), + slog.String("profile_id", profileID), } if err != nil { args = append(args, slog.Any("error", err)) - lm.logger.Warn("Remove channel handler failed", args...) + lm.logger.Warn("View profile failed", args...) return } - lm.logger.Info("Remove channel handler completed successfully", args...) + lm.logger.Info("View profile completed successfully", args...) }(time.Now()) - return lm.svc.RemoveChannelHandler(ctx, id) + return lm.svc.ViewProfile(ctx, session, profileID) } -func (lm *loggingMiddleware) ConnectClientHandler(ctx context.Context, channelID, clientID string) (err error) { +func (lm *loggingMiddleware) UpdateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (err error) { defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), - slog.String("channel_id", channelID), - slog.String("client_id", clientID), + slog.String("profile_id", p.ID), } if err != nil { args = append(args, slog.Any("error", err)) - lm.logger.Warn("Connect client handler failed", args...) + lm.logger.Warn("Update profile failed", args...) return } - lm.logger.Info("Connect client handler completed successfully", args...) + lm.logger.Info("Update profile completed successfully", args...) }(time.Now()) - return lm.svc.ConnectClientHandler(ctx, channelID, clientID) + return lm.svc.UpdateProfile(ctx, session, p) } -func (lm *loggingMiddleware) DisconnectClientHandler(ctx context.Context, channelID, clientID string) (err error) { +func (lm *loggingMiddleware) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (page bootstrap.ProfilesPage, err error) { defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), - slog.String("channel_id", channelID), - slog.String("client_id", clientID), + slog.Uint64("offset", offset), + slog.Uint64("limit", limit), } if err != nil { args = append(args, slog.Any("error", err)) - lm.logger.Warn("Disconnect client handler failed", args...) + lm.logger.Warn("List profiles failed", args...) return } - lm.logger.Info("Disconnect client handler completed successfully", args...) + lm.logger.Info("List profiles completed successfully", args...) }(time.Now()) - return lm.svc.DisconnectClientHandler(ctx, channelID, clientID) + return lm.svc.ListProfiles(ctx, session, offset, limit) +} + +func (lm *loggingMiddleware) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) (err error) { + defer func(begin time.Time) { + args := []any{ + slog.String("duration", time.Since(begin).String()), + slog.String("profile_id", profileID), + } + if err != nil { + args = append(args, slog.Any("error", err)) + lm.logger.Warn("Delete profile failed", args...) + return + } + lm.logger.Info("Delete profile completed successfully", args...) + }(time.Now()) + + return lm.svc.DeleteProfile(ctx, session, profileID) +} + +func (lm *loggingMiddleware) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) (err error) { + defer func(begin time.Time) { + args := []any{ + slog.String("duration", time.Since(begin).String()), + slog.String("config_id", configID), + slog.String("profile_id", profileID), + } + if err != nil { + args = append(args, slog.Any("error", err)) + lm.logger.Warn("Assign profile failed", args...) + return + } + lm.logger.Info("Assign profile completed successfully", args...) + }(time.Now()) + + return lm.svc.AssignProfile(ctx, session, configID, profileID) +} + +func (lm *loggingMiddleware) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []bootstrap.BindingRequest) (err error) { + defer func(begin time.Time) { + args := []any{ + slog.String("duration", time.Since(begin).String()), + slog.String("config_id", configID), + } + if err != nil { + args = append(args, slog.Any("error", err)) + lm.logger.Warn("Bind resources failed", args...) + return + } + lm.logger.Info("Bind resources completed successfully", args...) + }(time.Now()) + + return lm.svc.BindResources(ctx, session, token, configID, bindings) +} + +func (lm *loggingMiddleware) ListBindings(ctx context.Context, session smqauthn.Session, configID string) (snapshots []bootstrap.BindingSnapshot, err error) { + defer func(begin time.Time) { + args := []any{ + slog.String("duration", time.Since(begin).String()), + slog.String("config_id", configID), + } + if err != nil { + args = append(args, slog.Any("error", err)) + lm.logger.Warn("List bindings failed", args...) + return + } + lm.logger.Info("List bindings completed successfully", args...) + }(time.Now()) + + return lm.svc.ListBindings(ctx, session, configID) +} + +func (lm *loggingMiddleware) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) (err error) { + defer func(begin time.Time) { + args := []any{ + slog.String("duration", time.Since(begin).String()), + slog.String("config_id", configID), + } + if err != nil { + args = append(args, slog.Any("error", err)) + lm.logger.Warn("Refresh bindings failed", args...) + return + } + lm.logger.Info("Refresh bindings completed successfully", args...) + }(time.Now()) + + return lm.svc.RefreshBindings(ctx, session, token, configID) } diff --git a/bootstrap/middleware/metrics.go b/bootstrap/middleware/metrics.go index b13b7ed0b..5dbe44a70 100644 --- a/bootstrap/middleware/metrics.go +++ b/bootstrap/middleware/metrics.go @@ -62,23 +62,13 @@ func (mm *metricsMiddleware) Update(ctx context.Context, session smqauthn.Sessio } // UpdateCert instruments UpdateCert method with metrics. -func (mm *metricsMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) { +func (mm *metricsMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) { defer func(begin time.Time) { mm.counter.With("method", "update_cert").Add(1) mm.latency.With("method", "update_cert").Observe(time.Since(begin).Seconds()) }(time.Now()) - return mm.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert) -} - -// UpdateConnections instruments UpdateConnections method with metrics. -func (mm *metricsMiddleware) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) (err error) { - defer func(begin time.Time) { - mm.counter.With("method", "update_connections").Add(1) - mm.latency.With("method", "update_connections").Observe(time.Since(begin).Seconds()) - }(time.Now()) - - return mm.svc.UpdateConnections(ctx, session, token, id, connections) + return mm.svc.UpdateCert(ctx, session, id, clientCert, clientKey, caCert) } // List instruments List method with metrics. @@ -111,62 +101,92 @@ func (mm *metricsMiddleware) Bootstrap(ctx context.Context, externalKey, externa return mm.svc.Bootstrap(ctx, externalKey, externalID, secure) } -// ChangeState instruments ChangeState method with metrics. -func (mm *metricsMiddleware) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state bootstrap.State) (err error) { +func (mm *metricsMiddleware) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) { defer func(begin time.Time) { - mm.counter.With("method", "change_state").Add(1) - mm.latency.With("method", "change_state").Observe(time.Since(begin).Seconds()) + mm.counter.With("method", "enable_config").Add(1) + mm.latency.With("method", "enable_config").Observe(time.Since(begin).Seconds()) }(time.Now()) - return mm.svc.ChangeState(ctx, session, token, id, state) + return mm.svc.EnableConfig(ctx, session, id) } -// UpdateChannelHandler instruments UpdateChannelHandler method with metrics. -func (mm *metricsMiddleware) UpdateChannelHandler(ctx context.Context, channel bootstrap.Channel) (err error) { +func (mm *metricsMiddleware) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) { defer func(begin time.Time) { - mm.counter.With("method", "update_channel").Add(1) - mm.latency.With("method", "update_channel").Observe(time.Since(begin).Seconds()) + mm.counter.With("method", "disable_config").Add(1) + mm.latency.With("method", "disable_config").Observe(time.Since(begin).Seconds()) }(time.Now()) - return mm.svc.UpdateChannelHandler(ctx, channel) + return mm.svc.DisableConfig(ctx, session, id) } -// RemoveConfigHandler instruments RemoveConfigHandler method with metrics. -func (mm *metricsMiddleware) RemoveConfigHandler(ctx context.Context, id string) (err error) { +func (mm *metricsMiddleware) CreateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (bootstrap.Profile, error) { defer func(begin time.Time) { - mm.counter.With("method", "remove_config").Add(1) - mm.latency.With("method", "remove_config").Observe(time.Since(begin).Seconds()) + mm.counter.With("method", "create_profile").Add(1) + mm.latency.With("method", "create_profile").Observe(time.Since(begin).Seconds()) }(time.Now()) - - return mm.svc.RemoveConfigHandler(ctx, id) + return mm.svc.CreateProfile(ctx, session, p) } -// RemoveChannelHandler instruments RemoveChannelHandler method with metrics. -func (mm *metricsMiddleware) RemoveChannelHandler(ctx context.Context, id string) (err error) { +func (mm *metricsMiddleware) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (bootstrap.Profile, error) { defer func(begin time.Time) { - mm.counter.With("method", "remove_channel").Add(1) - mm.latency.With("method", "remove_channel").Observe(time.Since(begin).Seconds()) + mm.counter.With("method", "view_profile").Add(1) + mm.latency.With("method", "view_profile").Observe(time.Since(begin).Seconds()) }(time.Now()) - - return mm.svc.RemoveChannelHandler(ctx, id) + return mm.svc.ViewProfile(ctx, session, profileID) } -// ConnectClientHandler instruments ConnectClientHandler method with metrics. -func (mm *metricsMiddleware) ConnectClientHandler(ctx context.Context, channelID, clientID string) (err error) { +func (mm *metricsMiddleware) UpdateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) error { defer func(begin time.Time) { - mm.counter.With("method", "connect_client_handler").Add(1) - mm.latency.With("method", "connect_client_handler").Observe(time.Since(begin).Seconds()) + mm.counter.With("method", "update_profile").Add(1) + mm.latency.With("method", "update_profile").Observe(time.Since(begin).Seconds()) }(time.Now()) - - return mm.svc.ConnectClientHandler(ctx, channelID, clientID) + return mm.svc.UpdateProfile(ctx, session, p) } -// DisconnectClientHandler instruments DisconnectClientHandler method with metrics. -func (mm *metricsMiddleware) DisconnectClientHandler(ctx context.Context, channelID, clientID string) (err error) { +func (mm *metricsMiddleware) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (bootstrap.ProfilesPage, error) { defer func(begin time.Time) { - mm.counter.With("method", "disconnect_client_handler").Add(1) - mm.latency.With("method", "disconnect_client_handler").Observe(time.Since(begin).Seconds()) + mm.counter.With("method", "list_profiles").Add(1) + mm.latency.With("method", "list_profiles").Observe(time.Since(begin).Seconds()) }(time.Now()) - - return mm.svc.DisconnectClientHandler(ctx, channelID, clientID) + return mm.svc.ListProfiles(ctx, session, offset, limit) +} + +func (mm *metricsMiddleware) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error { + defer func(begin time.Time) { + mm.counter.With("method", "delete_profile").Add(1) + mm.latency.With("method", "delete_profile").Observe(time.Since(begin).Seconds()) + }(time.Now()) + return mm.svc.DeleteProfile(ctx, session, profileID) +} + +func (mm *metricsMiddleware) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error { + defer func(begin time.Time) { + mm.counter.With("method", "assign_profile").Add(1) + mm.latency.With("method", "assign_profile").Observe(time.Since(begin).Seconds()) + }(time.Now()) + return mm.svc.AssignProfile(ctx, session, configID, profileID) +} + +func (mm *metricsMiddleware) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []bootstrap.BindingRequest) error { + defer func(begin time.Time) { + mm.counter.With("method", "bind_resources").Add(1) + mm.latency.With("method", "bind_resources").Observe(time.Since(begin).Seconds()) + }(time.Now()) + return mm.svc.BindResources(ctx, session, token, configID, bindings) +} + +func (mm *metricsMiddleware) ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]bootstrap.BindingSnapshot, error) { + defer func(begin time.Time) { + mm.counter.With("method", "list_bindings").Add(1) + mm.latency.With("method", "list_bindings").Observe(time.Since(begin).Seconds()) + }(time.Now()) + return mm.svc.ListBindings(ctx, session, configID) +} + +func (mm *metricsMiddleware) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error { + defer func(begin time.Time) { + mm.counter.With("method", "refresh_bindings").Add(1) + mm.latency.With("method", "refresh_bindings").Observe(time.Since(begin).Seconds()) + }(time.Now()) + return mm.svc.RefreshBindings(ctx, session, token, configID) } diff --git a/bootstrap/mocks/binding_resolver.go b/bootstrap/mocks/binding_resolver.go new file mode 100644 index 000000000..87c7122f4 --- /dev/null +++ b/bootstrap/mocks/binding_resolver.go @@ -0,0 +1,111 @@ +// Copyright (c) Abstract Machines + +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by mockery; DO NOT EDIT. +// github.com/vektra/mockery +// template: testify + +package mocks + +import ( + "context" + + "github.com/absmach/magistrala/bootstrap" + mock "github.com/stretchr/testify/mock" +) + +// NewBindingResolver creates a new instance of BindingResolver. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewBindingResolver(t interface { + mock.TestingT + Cleanup(func()) +}) *BindingResolver { + mock := &BindingResolver{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} + +// BindingResolver is an autogenerated mock type for the BindingResolver type +type BindingResolver struct { + mock.Mock +} + +type BindingResolver_Expecter struct { + mock *mock.Mock +} + +func (_m *BindingResolver) EXPECT() *BindingResolver_Expecter { + return &BindingResolver_Expecter{mock: &_m.Mock} +} + +// Resolve provides a mock function for the type BindingResolver +func (_mock *BindingResolver) Resolve(ctx context.Context, req bootstrap.ResolveRequest) ([]bootstrap.BindingSnapshot, error) { + ret := _mock.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for Resolve") + } + + var r0 []bootstrap.BindingSnapshot + var r1 error + if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.ResolveRequest) ([]bootstrap.BindingSnapshot, error)); ok { + return returnFunc(ctx, req) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.ResolveRequest) []bootstrap.BindingSnapshot); ok { + r0 = returnFunc(ctx, req) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]bootstrap.BindingSnapshot) + } + } + if returnFunc, ok := ret.Get(1).(func(context.Context, bootstrap.ResolveRequest) error); ok { + r1 = returnFunc(ctx, req) + } else { + r1 = ret.Error(1) + } + return r0, r1 +} + +// BindingResolver_Resolve_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Resolve' +type BindingResolver_Resolve_Call struct { + *mock.Call +} + +// Resolve is a helper method to define mock.On call +// - ctx context.Context +// - req bootstrap.ResolveRequest +func (_e *BindingResolver_Expecter) Resolve(ctx interface{}, req interface{}) *BindingResolver_Resolve_Call { + return &BindingResolver_Resolve_Call{Call: _e.mock.On("Resolve", ctx, req)} +} + +func (_c *BindingResolver_Resolve_Call) Run(run func(ctx context.Context, req bootstrap.ResolveRequest)) *BindingResolver_Resolve_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 bootstrap.ResolveRequest + if args[1] != nil { + arg1 = args[1].(bootstrap.ResolveRequest) + } + run( + arg0, + arg1, + ) + }) + return _c +} + +func (_c *BindingResolver_Resolve_Call) Return(bindingSnapshots []bootstrap.BindingSnapshot, err error) *BindingResolver_Resolve_Call { + _c.Call.Return(bindingSnapshots, err) + return _c +} + +func (_c *BindingResolver_Resolve_Call) RunAndReturn(run func(ctx context.Context, req bootstrap.ResolveRequest) ([]bootstrap.BindingSnapshot, error)) *BindingResolver_Resolve_Call { + _c.Call.Return(run) + return _c +} diff --git a/bootstrap/mocks/binding_store.go b/bootstrap/mocks/binding_store.go new file mode 100644 index 000000000..fb0b5857d --- /dev/null +++ b/bootstrap/mocks/binding_store.go @@ -0,0 +1,237 @@ +// Copyright (c) Abstract Machines + +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by mockery; DO NOT EDIT. +// github.com/vektra/mockery +// template: testify + +package mocks + +import ( + "context" + + "github.com/absmach/magistrala/bootstrap" + mock "github.com/stretchr/testify/mock" +) + +// NewBindingStore creates a new instance of BindingStore. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewBindingStore(t interface { + mock.TestingT + Cleanup(func()) +}) *BindingStore { + mock := &BindingStore{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} + +// BindingStore is an autogenerated mock type for the BindingStore type +type BindingStore struct { + mock.Mock +} + +type BindingStore_Expecter struct { + mock *mock.Mock +} + +func (_m *BindingStore) EXPECT() *BindingStore_Expecter { + return &BindingStore_Expecter{mock: &_m.Mock} +} + +// Delete provides a mock function for the type BindingStore +func (_mock *BindingStore) Delete(ctx context.Context, configID string, slot string) error { + ret := _mock.Called(ctx, configID, slot) + + if len(ret) == 0 { + panic("no return value specified for Delete") + } + + var r0 error + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) error); ok { + r0 = returnFunc(ctx, configID, slot) + } else { + r0 = ret.Error(0) + } + return r0 +} + +// BindingStore_Delete_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Delete' +type BindingStore_Delete_Call struct { + *mock.Call +} + +// Delete is a helper method to define mock.On call +// - ctx context.Context +// - configID string +// - slot string +func (_e *BindingStore_Expecter) Delete(ctx interface{}, configID interface{}, slot interface{}) *BindingStore_Delete_Call { + return &BindingStore_Delete_Call{Call: _e.mock.On("Delete", ctx, configID, slot)} +} + +func (_c *BindingStore_Delete_Call) Run(run func(ctx context.Context, configID string, slot string)) *BindingStore_Delete_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + run( + arg0, + arg1, + arg2, + ) + }) + return _c +} + +func (_c *BindingStore_Delete_Call) Return(err error) *BindingStore_Delete_Call { + _c.Call.Return(err) + return _c +} + +func (_c *BindingStore_Delete_Call) RunAndReturn(run func(ctx context.Context, configID string, slot string) error) *BindingStore_Delete_Call { + _c.Call.Return(run) + return _c +} + +// Retrieve provides a mock function for the type BindingStore +func (_mock *BindingStore) Retrieve(ctx context.Context, configID string) ([]bootstrap.BindingSnapshot, error) { + ret := _mock.Called(ctx, configID) + + if len(ret) == 0 { + panic("no return value specified for Retrieve") + } + + var r0 []bootstrap.BindingSnapshot + var r1 error + if returnFunc, ok := ret.Get(0).(func(context.Context, string) ([]bootstrap.BindingSnapshot, error)); ok { + return returnFunc(ctx, configID) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, string) []bootstrap.BindingSnapshot); ok { + r0 = returnFunc(ctx, configID) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]bootstrap.BindingSnapshot) + } + } + if returnFunc, ok := ret.Get(1).(func(context.Context, string) error); ok { + r1 = returnFunc(ctx, configID) + } else { + r1 = ret.Error(1) + } + return r0, r1 +} + +// BindingStore_Retrieve_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Retrieve' +type BindingStore_Retrieve_Call struct { + *mock.Call +} + +// Retrieve is a helper method to define mock.On call +// - ctx context.Context +// - configID string +func (_e *BindingStore_Expecter) Retrieve(ctx interface{}, configID interface{}) *BindingStore_Retrieve_Call { + return &BindingStore_Retrieve_Call{Call: _e.mock.On("Retrieve", ctx, configID)} +} + +func (_c *BindingStore_Retrieve_Call) Run(run func(ctx context.Context, configID string)) *BindingStore_Retrieve_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + run( + arg0, + arg1, + ) + }) + return _c +} + +func (_c *BindingStore_Retrieve_Call) Return(bindingSnapshots []bootstrap.BindingSnapshot, err error) *BindingStore_Retrieve_Call { + _c.Call.Return(bindingSnapshots, err) + return _c +} + +func (_c *BindingStore_Retrieve_Call) RunAndReturn(run func(ctx context.Context, configID string) ([]bootstrap.BindingSnapshot, error)) *BindingStore_Retrieve_Call { + _c.Call.Return(run) + return _c +} + +// Save provides a mock function for the type BindingStore +func (_mock *BindingStore) Save(ctx context.Context, configID string, bindings []bootstrap.BindingSnapshot) error { + ret := _mock.Called(ctx, configID, bindings) + + if len(ret) == 0 { + panic("no return value specified for Save") + } + + var r0 error + if returnFunc, ok := ret.Get(0).(func(context.Context, string, []bootstrap.BindingSnapshot) error); ok { + r0 = returnFunc(ctx, configID, bindings) + } else { + r0 = ret.Error(0) + } + return r0 +} + +// BindingStore_Save_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Save' +type BindingStore_Save_Call struct { + *mock.Call +} + +// Save is a helper method to define mock.On call +// - ctx context.Context +// - configID string +// - bindings []bootstrap.BindingSnapshot +func (_e *BindingStore_Expecter) Save(ctx interface{}, configID interface{}, bindings interface{}) *BindingStore_Save_Call { + return &BindingStore_Save_Call{Call: _e.mock.On("Save", ctx, configID, bindings)} +} + +func (_c *BindingStore_Save_Call) Run(run func(ctx context.Context, configID string, bindings []bootstrap.BindingSnapshot)) *BindingStore_Save_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 []bootstrap.BindingSnapshot + if args[2] != nil { + arg2 = args[2].([]bootstrap.BindingSnapshot) + } + run( + arg0, + arg1, + arg2, + ) + }) + return _c +} + +func (_c *BindingStore_Save_Call) Return(err error) *BindingStore_Save_Call { + _c.Call.Return(err) + return _c +} + +func (_c *BindingStore_Save_Call) RunAndReturn(run func(ctx context.Context, configID string, bindings []bootstrap.BindingSnapshot) error) *BindingStore_Save_Call { + _c.Call.Return(run) + return _c +} diff --git a/bootstrap/mocks/config_repository.go b/bootstrap/mocks/config_repository.go index cf6ff733d..53dcdea97 100644 --- a/bootstrap/mocks/config_repository.go +++ b/bootstrap/mocks/config_repository.go @@ -42,38 +42,38 @@ func (_m *ConfigRepository) EXPECT() *ConfigRepository_Expecter { return &ConfigRepository_Expecter{mock: &_m.Mock} } -// ChangeState provides a mock function for the type ConfigRepository -func (_mock *ConfigRepository) ChangeState(ctx context.Context, domainID string, id string, state bootstrap.State) error { - ret := _mock.Called(ctx, domainID, id, state) +// AssignProfile provides a mock function for the type ConfigRepository +func (_mock *ConfigRepository) AssignProfile(ctx context.Context, domainID string, id string, profileID string) error { + ret := _mock.Called(ctx, domainID, id, profileID) if len(ret) == 0 { - panic("no return value specified for ChangeState") + panic("no return value specified for AssignProfile") } var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, bootstrap.State) error); ok { - r0 = returnFunc(ctx, domainID, id, state) + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) error); ok { + r0 = returnFunc(ctx, domainID, id, profileID) } else { r0 = ret.Error(0) } return r0 } -// ConfigRepository_ChangeState_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ChangeState' -type ConfigRepository_ChangeState_Call struct { +// ConfigRepository_AssignProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'AssignProfile' +type ConfigRepository_AssignProfile_Call struct { *mock.Call } -// ChangeState is a helper method to define mock.On call +// AssignProfile is a helper method to define mock.On call // - ctx context.Context // - domainID string // - id string -// - state bootstrap.State -func (_e *ConfigRepository_Expecter) ChangeState(ctx interface{}, domainID interface{}, id interface{}, state interface{}) *ConfigRepository_ChangeState_Call { - return &ConfigRepository_ChangeState_Call{Call: _e.mock.On("ChangeState", ctx, domainID, id, state)} +// - profileID string +func (_e *ConfigRepository_Expecter) AssignProfile(ctx interface{}, domainID interface{}, id interface{}, profileID interface{}) *ConfigRepository_AssignProfile_Call { + return &ConfigRepository_AssignProfile_Call{Call: _e.mock.On("AssignProfile", ctx, domainID, id, profileID)} } -func (_c *ConfigRepository_ChangeState_Call) Run(run func(ctx context.Context, domainID string, id string, state bootstrap.State)) *ConfigRepository_ChangeState_Call { +func (_c *ConfigRepository_AssignProfile_Call) Run(run func(ctx context.Context, domainID string, id string, profileID string)) *ConfigRepository_AssignProfile_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { @@ -87,9 +87,9 @@ func (_c *ConfigRepository_ChangeState_Call) Run(run func(ctx context.Context, d if args[2] != nil { arg2 = args[2].(string) } - var arg3 bootstrap.State + var arg3 string if args[3] != nil { - arg3 = args[3].(bootstrap.State) + arg3 = args[3].(string) } run( arg0, @@ -101,184 +101,48 @@ func (_c *ConfigRepository_ChangeState_Call) Run(run func(ctx context.Context, d return _c } -func (_c *ConfigRepository_ChangeState_Call) Return(err error) *ConfigRepository_ChangeState_Call { +func (_c *ConfigRepository_AssignProfile_Call) Return(err error) *ConfigRepository_AssignProfile_Call { _c.Call.Return(err) return _c } -func (_c *ConfigRepository_ChangeState_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string, state bootstrap.State) error) *ConfigRepository_ChangeState_Call { +func (_c *ConfigRepository_AssignProfile_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string, profileID string) error) *ConfigRepository_AssignProfile_Call { _c.Call.Return(run) return _c } -// ConnectClient provides a mock function for the type ConfigRepository -func (_mock *ConfigRepository) ConnectClient(ctx context.Context, channelID string, clientID string) error { - ret := _mock.Called(ctx, channelID, clientID) +// ChangeStatus provides a mock function for the type ConfigRepository +func (_mock *ConfigRepository) ChangeStatus(ctx context.Context, domainID string, id string, status bootstrap.Status) error { + ret := _mock.Called(ctx, domainID, id, status) if len(ret) == 0 { - panic("no return value specified for ConnectClient") + panic("no return value specified for ChangeStatus") } var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) error); ok { - r0 = returnFunc(ctx, channelID, clientID) + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, bootstrap.Status) error); ok { + r0 = returnFunc(ctx, domainID, id, status) } else { r0 = ret.Error(0) } return r0 } -// ConfigRepository_ConnectClient_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ConnectClient' -type ConfigRepository_ConnectClient_Call struct { +// ConfigRepository_ChangeStatus_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ChangeStatus' +type ConfigRepository_ChangeStatus_Call struct { *mock.Call } -// ConnectClient is a helper method to define mock.On call -// - ctx context.Context -// - channelID string -// - clientID string -func (_e *ConfigRepository_Expecter) ConnectClient(ctx interface{}, channelID interface{}, clientID interface{}) *ConfigRepository_ConnectClient_Call { - return &ConfigRepository_ConnectClient_Call{Call: _e.mock.On("ConnectClient", ctx, channelID, clientID)} -} - -func (_c *ConfigRepository_ConnectClient_Call) Run(run func(ctx context.Context, channelID string, clientID string)) *ConfigRepository_ConnectClient_Call { - _c.Call.Run(func(args mock.Arguments) { - var arg0 context.Context - if args[0] != nil { - arg0 = args[0].(context.Context) - } - var arg1 string - if args[1] != nil { - arg1 = args[1].(string) - } - var arg2 string - if args[2] != nil { - arg2 = args[2].(string) - } - run( - arg0, - arg1, - arg2, - ) - }) - return _c -} - -func (_c *ConfigRepository_ConnectClient_Call) Return(err error) *ConfigRepository_ConnectClient_Call { - _c.Call.Return(err) - return _c -} - -func (_c *ConfigRepository_ConnectClient_Call) RunAndReturn(run func(ctx context.Context, channelID string, clientID string) error) *ConfigRepository_ConnectClient_Call { - _c.Call.Return(run) - return _c -} - -// DisconnectClient provides a mock function for the type ConfigRepository -func (_mock *ConfigRepository) DisconnectClient(ctx context.Context, channelID string, clientID string) error { - ret := _mock.Called(ctx, channelID, clientID) - - if len(ret) == 0 { - panic("no return value specified for DisconnectClient") - } - - var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) error); ok { - r0 = returnFunc(ctx, channelID, clientID) - } else { - r0 = ret.Error(0) - } - return r0 -} - -// ConfigRepository_DisconnectClient_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DisconnectClient' -type ConfigRepository_DisconnectClient_Call struct { - *mock.Call -} - -// DisconnectClient is a helper method to define mock.On call -// - ctx context.Context -// - channelID string -// - clientID string -func (_e *ConfigRepository_Expecter) DisconnectClient(ctx interface{}, channelID interface{}, clientID interface{}) *ConfigRepository_DisconnectClient_Call { - return &ConfigRepository_DisconnectClient_Call{Call: _e.mock.On("DisconnectClient", ctx, channelID, clientID)} -} - -func (_c *ConfigRepository_DisconnectClient_Call) Run(run func(ctx context.Context, channelID string, clientID string)) *ConfigRepository_DisconnectClient_Call { - _c.Call.Run(func(args mock.Arguments) { - var arg0 context.Context - if args[0] != nil { - arg0 = args[0].(context.Context) - } - var arg1 string - if args[1] != nil { - arg1 = args[1].(string) - } - var arg2 string - if args[2] != nil { - arg2 = args[2].(string) - } - run( - arg0, - arg1, - arg2, - ) - }) - return _c -} - -func (_c *ConfigRepository_DisconnectClient_Call) Return(err error) *ConfigRepository_DisconnectClient_Call { - _c.Call.Return(err) - return _c -} - -func (_c *ConfigRepository_DisconnectClient_Call) RunAndReturn(run func(ctx context.Context, channelID string, clientID string) error) *ConfigRepository_DisconnectClient_Call { - _c.Call.Return(run) - return _c -} - -// ListExisting provides a mock function for the type ConfigRepository -func (_mock *ConfigRepository) ListExisting(ctx context.Context, domainID string, ids []string) ([]bootstrap.Channel, error) { - ret := _mock.Called(ctx, domainID, ids) - - if len(ret) == 0 { - panic("no return value specified for ListExisting") - } - - var r0 []bootstrap.Channel - var r1 error - if returnFunc, ok := ret.Get(0).(func(context.Context, string, []string) ([]bootstrap.Channel, error)); ok { - return returnFunc(ctx, domainID, ids) - } - if returnFunc, ok := ret.Get(0).(func(context.Context, string, []string) []bootstrap.Channel); ok { - r0 = returnFunc(ctx, domainID, ids) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).([]bootstrap.Channel) - } - } - if returnFunc, ok := ret.Get(1).(func(context.Context, string, []string) error); ok { - r1 = returnFunc(ctx, domainID, ids) - } else { - r1 = ret.Error(1) - } - return r0, r1 -} - -// ConfigRepository_ListExisting_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListExisting' -type ConfigRepository_ListExisting_Call struct { - *mock.Call -} - -// ListExisting is a helper method to define mock.On call +// ChangeStatus is a helper method to define mock.On call // - ctx context.Context // - domainID string -// - ids []string -func (_e *ConfigRepository_Expecter) ListExisting(ctx interface{}, domainID interface{}, ids interface{}) *ConfigRepository_ListExisting_Call { - return &ConfigRepository_ListExisting_Call{Call: _e.mock.On("ListExisting", ctx, domainID, ids)} +// - id string +// - status bootstrap.Status +func (_e *ConfigRepository_Expecter) ChangeStatus(ctx interface{}, domainID interface{}, id interface{}, status interface{}) *ConfigRepository_ChangeStatus_Call { + return &ConfigRepository_ChangeStatus_Call{Call: _e.mock.On("ChangeStatus", ctx, domainID, id, status)} } -func (_c *ConfigRepository_ListExisting_Call) Run(run func(ctx context.Context, domainID string, ids []string)) *ConfigRepository_ListExisting_Call { +func (_c *ConfigRepository_ChangeStatus_Call) Run(run func(ctx context.Context, domainID string, id string, status bootstrap.Status)) *ConfigRepository_ChangeStatus_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { @@ -288,25 +152,30 @@ func (_c *ConfigRepository_ListExisting_Call) Run(run func(ctx context.Context, if args[1] != nil { arg1 = args[1].(string) } - var arg2 []string + var arg2 string if args[2] != nil { - arg2 = args[2].([]string) + arg2 = args[2].(string) + } + var arg3 bootstrap.Status + if args[3] != nil { + arg3 = args[3].(bootstrap.Status) } run( arg0, arg1, arg2, + arg3, ) }) return _c } -func (_c *ConfigRepository_ListExisting_Call) Return(channels []bootstrap.Channel, err error) *ConfigRepository_ListExisting_Call { - _c.Call.Return(channels, err) +func (_c *ConfigRepository_ChangeStatus_Call) Return(err error) *ConfigRepository_ChangeStatus_Call { + _c.Call.Return(err) return _c } -func (_c *ConfigRepository_ListExisting_Call) RunAndReturn(run func(ctx context.Context, domainID string, ids []string) ([]bootstrap.Channel, error)) *ConfigRepository_ListExisting_Call { +func (_c *ConfigRepository_ChangeStatus_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string, status bootstrap.Status) error) *ConfigRepository_ChangeStatus_Call { _c.Call.Return(run) return _c } @@ -374,131 +243,17 @@ func (_c *ConfigRepository_Remove_Call) RunAndReturn(run func(ctx context.Contex return _c } -// RemoveChannel provides a mock function for the type ConfigRepository -func (_mock *ConfigRepository) RemoveChannel(ctx context.Context, id string) error { - ret := _mock.Called(ctx, id) - - if len(ret) == 0 { - panic("no return value specified for RemoveChannel") - } - - var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, string) error); ok { - r0 = returnFunc(ctx, id) - } else { - r0 = ret.Error(0) - } - return r0 -} - -// ConfigRepository_RemoveChannel_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoveChannel' -type ConfigRepository_RemoveChannel_Call struct { - *mock.Call -} - -// RemoveChannel is a helper method to define mock.On call -// - ctx context.Context -// - id string -func (_e *ConfigRepository_Expecter) RemoveChannel(ctx interface{}, id interface{}) *ConfigRepository_RemoveChannel_Call { - return &ConfigRepository_RemoveChannel_Call{Call: _e.mock.On("RemoveChannel", ctx, id)} -} - -func (_c *ConfigRepository_RemoveChannel_Call) Run(run func(ctx context.Context, id string)) *ConfigRepository_RemoveChannel_Call { - _c.Call.Run(func(args mock.Arguments) { - var arg0 context.Context - if args[0] != nil { - arg0 = args[0].(context.Context) - } - var arg1 string - if args[1] != nil { - arg1 = args[1].(string) - } - run( - arg0, - arg1, - ) - }) - return _c -} - -func (_c *ConfigRepository_RemoveChannel_Call) Return(err error) *ConfigRepository_RemoveChannel_Call { - _c.Call.Return(err) - return _c -} - -func (_c *ConfigRepository_RemoveChannel_Call) RunAndReturn(run func(ctx context.Context, id string) error) *ConfigRepository_RemoveChannel_Call { - _c.Call.Return(run) - return _c -} - -// RemoveClient provides a mock function for the type ConfigRepository -func (_mock *ConfigRepository) RemoveClient(ctx context.Context, id string) error { - ret := _mock.Called(ctx, id) - - if len(ret) == 0 { - panic("no return value specified for RemoveClient") - } - - var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, string) error); ok { - r0 = returnFunc(ctx, id) - } else { - r0 = ret.Error(0) - } - return r0 -} - -// ConfigRepository_RemoveClient_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoveClient' -type ConfigRepository_RemoveClient_Call struct { - *mock.Call -} - -// RemoveClient is a helper method to define mock.On call -// - ctx context.Context -// - id string -func (_e *ConfigRepository_Expecter) RemoveClient(ctx interface{}, id interface{}) *ConfigRepository_RemoveClient_Call { - return &ConfigRepository_RemoveClient_Call{Call: _e.mock.On("RemoveClient", ctx, id)} -} - -func (_c *ConfigRepository_RemoveClient_Call) Run(run func(ctx context.Context, id string)) *ConfigRepository_RemoveClient_Call { - _c.Call.Run(func(args mock.Arguments) { - var arg0 context.Context - if args[0] != nil { - arg0 = args[0].(context.Context) - } - var arg1 string - if args[1] != nil { - arg1 = args[1].(string) - } - run( - arg0, - arg1, - ) - }) - return _c -} - -func (_c *ConfigRepository_RemoveClient_Call) Return(err error) *ConfigRepository_RemoveClient_Call { - _c.Call.Return(err) - return _c -} - -func (_c *ConfigRepository_RemoveClient_Call) RunAndReturn(run func(ctx context.Context, id string) error) *ConfigRepository_RemoveClient_Call { - _c.Call.Return(run) - return _c -} - // RetrieveAll provides a mock function for the type ConfigRepository -func (_mock *ConfigRepository) RetrieveAll(ctx context.Context, domainID string, clientIDs []string, filter bootstrap.Filter, offset uint64, limit uint64) bootstrap.ConfigsPage { - ret := _mock.Called(ctx, domainID, clientIDs, filter, offset, limit) +func (_mock *ConfigRepository) RetrieveAll(ctx context.Context, domainID string, filter bootstrap.Filter, offset uint64, limit uint64) bootstrap.ConfigsPage { + ret := _mock.Called(ctx, domainID, filter, offset, limit) if len(ret) == 0 { panic("no return value specified for RetrieveAll") } var r0 bootstrap.ConfigsPage - if returnFunc, ok := ret.Get(0).(func(context.Context, string, []string, bootstrap.Filter, uint64, uint64) bootstrap.ConfigsPage); ok { - r0 = returnFunc(ctx, domainID, clientIDs, filter, offset, limit) + if returnFunc, ok := ret.Get(0).(func(context.Context, string, bootstrap.Filter, uint64, uint64) bootstrap.ConfigsPage); ok { + r0 = returnFunc(ctx, domainID, filter, offset, limit) } else { r0 = ret.Get(0).(bootstrap.ConfigsPage) } @@ -513,15 +268,14 @@ type ConfigRepository_RetrieveAll_Call struct { // RetrieveAll is a helper method to define mock.On call // - ctx context.Context // - domainID string -// - clientIDs []string // - filter bootstrap.Filter // - offset uint64 // - limit uint64 -func (_e *ConfigRepository_Expecter) RetrieveAll(ctx interface{}, domainID interface{}, clientIDs interface{}, filter interface{}, offset interface{}, limit interface{}) *ConfigRepository_RetrieveAll_Call { - return &ConfigRepository_RetrieveAll_Call{Call: _e.mock.On("RetrieveAll", ctx, domainID, clientIDs, filter, offset, limit)} +func (_e *ConfigRepository_Expecter) RetrieveAll(ctx interface{}, domainID interface{}, filter interface{}, offset interface{}, limit interface{}) *ConfigRepository_RetrieveAll_Call { + return &ConfigRepository_RetrieveAll_Call{Call: _e.mock.On("RetrieveAll", ctx, domainID, filter, offset, limit)} } -func (_c *ConfigRepository_RetrieveAll_Call) Run(run func(ctx context.Context, domainID string, clientIDs []string, filter bootstrap.Filter, offset uint64, limit uint64)) *ConfigRepository_RetrieveAll_Call { +func (_c *ConfigRepository_RetrieveAll_Call) Run(run func(ctx context.Context, domainID string, filter bootstrap.Filter, offset uint64, limit uint64)) *ConfigRepository_RetrieveAll_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { @@ -531,29 +285,24 @@ func (_c *ConfigRepository_RetrieveAll_Call) Run(run func(ctx context.Context, d if args[1] != nil { arg1 = args[1].(string) } - var arg2 []string + var arg2 bootstrap.Filter if args[2] != nil { - arg2 = args[2].([]string) + arg2 = args[2].(bootstrap.Filter) } - var arg3 bootstrap.Filter + var arg3 uint64 if args[3] != nil { - arg3 = args[3].(bootstrap.Filter) + arg3 = args[3].(uint64) } var arg4 uint64 if args[4] != nil { arg4 = args[4].(uint64) } - var arg5 uint64 - if args[5] != nil { - arg5 = args[5].(uint64) - } run( arg0, arg1, arg2, arg3, arg4, - arg5, ) }) return _c @@ -564,7 +313,7 @@ func (_c *ConfigRepository_RetrieveAll_Call) Return(configsPage bootstrap.Config return _c } -func (_c *ConfigRepository_RetrieveAll_Call) RunAndReturn(run func(ctx context.Context, domainID string, clientIDs []string, filter bootstrap.Filter, offset uint64, limit uint64) bootstrap.ConfigsPage) *ConfigRepository_RetrieveAll_Call { +func (_c *ConfigRepository_RetrieveAll_Call) RunAndReturn(run func(ctx context.Context, domainID string, filter bootstrap.Filter, offset uint64, limit uint64) bootstrap.ConfigsPage) *ConfigRepository_RetrieveAll_Call { _c.Call.Return(run) return _c } @@ -708,8 +457,8 @@ func (_c *ConfigRepository_RetrieveByID_Call) RunAndReturn(run func(ctx context. } // Save provides a mock function for the type ConfigRepository -func (_mock *ConfigRepository) Save(ctx context.Context, cfg bootstrap.Config, chsConnIDs []string) (string, error) { - ret := _mock.Called(ctx, cfg, chsConnIDs) +func (_mock *ConfigRepository) Save(ctx context.Context, cfg bootstrap.Config) (string, error) { + ret := _mock.Called(ctx, cfg) if len(ret) == 0 { panic("no return value specified for Save") @@ -717,16 +466,16 @@ func (_mock *ConfigRepository) Save(ctx context.Context, cfg bootstrap.Config, c var r0 string var r1 error - if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Config, []string) (string, error)); ok { - return returnFunc(ctx, cfg, chsConnIDs) + if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Config) (string, error)); ok { + return returnFunc(ctx, cfg) } - if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Config, []string) string); ok { - r0 = returnFunc(ctx, cfg, chsConnIDs) + if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Config) string); ok { + r0 = returnFunc(ctx, cfg) } else { r0 = ret.Get(0).(string) } - if returnFunc, ok := ret.Get(1).(func(context.Context, bootstrap.Config, []string) error); ok { - r1 = returnFunc(ctx, cfg, chsConnIDs) + if returnFunc, ok := ret.Get(1).(func(context.Context, bootstrap.Config) error); ok { + r1 = returnFunc(ctx, cfg) } else { r1 = ret.Error(1) } @@ -741,12 +490,11 @@ type ConfigRepository_Save_Call struct { // Save is a helper method to define mock.On call // - ctx context.Context // - cfg bootstrap.Config -// - chsConnIDs []string -func (_e *ConfigRepository_Expecter) Save(ctx interface{}, cfg interface{}, chsConnIDs interface{}) *ConfigRepository_Save_Call { - return &ConfigRepository_Save_Call{Call: _e.mock.On("Save", ctx, cfg, chsConnIDs)} +func (_e *ConfigRepository_Expecter) Save(ctx interface{}, cfg interface{}) *ConfigRepository_Save_Call { + return &ConfigRepository_Save_Call{Call: _e.mock.On("Save", ctx, cfg)} } -func (_c *ConfigRepository_Save_Call) Run(run func(ctx context.Context, cfg bootstrap.Config, chsConnIDs []string)) *ConfigRepository_Save_Call { +func (_c *ConfigRepository_Save_Call) Run(run func(ctx context.Context, cfg bootstrap.Config)) *ConfigRepository_Save_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { @@ -756,14 +504,9 @@ func (_c *ConfigRepository_Save_Call) Run(run func(ctx context.Context, cfg boot if args[1] != nil { arg1 = args[1].(bootstrap.Config) } - var arg2 []string - if args[2] != nil { - arg2 = args[2].([]string) - } run( arg0, arg1, - arg2, ) }) return _c @@ -774,7 +517,7 @@ func (_c *ConfigRepository_Save_Call) Return(s string, err error) *ConfigReposit return _c } -func (_c *ConfigRepository_Save_Call) RunAndReturn(run func(ctx context.Context, cfg bootstrap.Config, chsConnIDs []string) (string, error)) *ConfigRepository_Save_Call { +func (_c *ConfigRepository_Save_Call) RunAndReturn(run func(ctx context.Context, cfg bootstrap.Config) (string, error)) *ConfigRepository_Save_Call { _c.Call.Return(run) return _c } @@ -837,8 +580,8 @@ func (_c *ConfigRepository_Update_Call) RunAndReturn(run func(ctx context.Contex } // UpdateCert provides a mock function for the type ConfigRepository -func (_mock *ConfigRepository) UpdateCert(ctx context.Context, domainID string, clientID string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error) { - ret := _mock.Called(ctx, domainID, clientID, clientCert, clientKey, caCert) +func (_mock *ConfigRepository) UpdateCert(ctx context.Context, domainID string, id string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error) { + ret := _mock.Called(ctx, domainID, id, clientCert, clientKey, caCert) if len(ret) == 0 { panic("no return value specified for UpdateCert") @@ -847,15 +590,15 @@ func (_mock *ConfigRepository) UpdateCert(ctx context.Context, domainID string, var r0 bootstrap.Config var r1 error if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string, string, string) (bootstrap.Config, error)); ok { - return returnFunc(ctx, domainID, clientID, clientCert, clientKey, caCert) + return returnFunc(ctx, domainID, id, clientCert, clientKey, caCert) } if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string, string, string) bootstrap.Config); ok { - r0 = returnFunc(ctx, domainID, clientID, clientCert, clientKey, caCert) + r0 = returnFunc(ctx, domainID, id, clientCert, clientKey, caCert) } else { r0 = ret.Get(0).(bootstrap.Config) } if returnFunc, ok := ret.Get(1).(func(context.Context, string, string, string, string, string) error); ok { - r1 = returnFunc(ctx, domainID, clientID, clientCert, clientKey, caCert) + r1 = returnFunc(ctx, domainID, id, clientCert, clientKey, caCert) } else { r1 = ret.Error(1) } @@ -870,15 +613,15 @@ type ConfigRepository_UpdateCert_Call struct { // UpdateCert is a helper method to define mock.On call // - ctx context.Context // - domainID string -// - clientID string +// - id string // - clientCert string // - clientKey string // - caCert string -func (_e *ConfigRepository_Expecter) UpdateCert(ctx interface{}, domainID interface{}, clientID interface{}, clientCert interface{}, clientKey interface{}, caCert interface{}) *ConfigRepository_UpdateCert_Call { - return &ConfigRepository_UpdateCert_Call{Call: _e.mock.On("UpdateCert", ctx, domainID, clientID, clientCert, clientKey, caCert)} +func (_e *ConfigRepository_Expecter) UpdateCert(ctx interface{}, domainID interface{}, id interface{}, clientCert interface{}, clientKey interface{}, caCert interface{}) *ConfigRepository_UpdateCert_Call { + return &ConfigRepository_UpdateCert_Call{Call: _e.mock.On("UpdateCert", ctx, domainID, id, clientCert, clientKey, caCert)} } -func (_c *ConfigRepository_UpdateCert_Call) Run(run func(ctx context.Context, domainID string, clientID string, clientCert string, clientKey string, caCert string)) *ConfigRepository_UpdateCert_Call { +func (_c *ConfigRepository_UpdateCert_Call) Run(run func(ctx context.Context, domainID string, id string, clientCert string, clientKey string, caCert string)) *ConfigRepository_UpdateCert_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { @@ -921,139 +664,7 @@ func (_c *ConfigRepository_UpdateCert_Call) Return(config bootstrap.Config, err return _c } -func (_c *ConfigRepository_UpdateCert_Call) RunAndReturn(run func(ctx context.Context, domainID string, clientID string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error)) *ConfigRepository_UpdateCert_Call { - _c.Call.Return(run) - return _c -} - -// UpdateChannel provides a mock function for the type ConfigRepository -func (_mock *ConfigRepository) UpdateChannel(ctx context.Context, c bootstrap.Channel) error { - ret := _mock.Called(ctx, c) - - if len(ret) == 0 { - panic("no return value specified for UpdateChannel") - } - - var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Channel) error); ok { - r0 = returnFunc(ctx, c) - } else { - r0 = ret.Error(0) - } - return r0 -} - -// ConfigRepository_UpdateChannel_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'UpdateChannel' -type ConfigRepository_UpdateChannel_Call struct { - *mock.Call -} - -// UpdateChannel is a helper method to define mock.On call -// - ctx context.Context -// - c bootstrap.Channel -func (_e *ConfigRepository_Expecter) UpdateChannel(ctx interface{}, c interface{}) *ConfigRepository_UpdateChannel_Call { - return &ConfigRepository_UpdateChannel_Call{Call: _e.mock.On("UpdateChannel", ctx, c)} -} - -func (_c *ConfigRepository_UpdateChannel_Call) Run(run func(ctx context.Context, c bootstrap.Channel)) *ConfigRepository_UpdateChannel_Call { - _c.Call.Run(func(args mock.Arguments) { - var arg0 context.Context - if args[0] != nil { - arg0 = args[0].(context.Context) - } - var arg1 bootstrap.Channel - if args[1] != nil { - arg1 = args[1].(bootstrap.Channel) - } - run( - arg0, - arg1, - ) - }) - return _c -} - -func (_c *ConfigRepository_UpdateChannel_Call) Return(err error) *ConfigRepository_UpdateChannel_Call { - _c.Call.Return(err) - return _c -} - -func (_c *ConfigRepository_UpdateChannel_Call) RunAndReturn(run func(ctx context.Context, c bootstrap.Channel) error) *ConfigRepository_UpdateChannel_Call { - _c.Call.Return(run) - return _c -} - -// UpdateConnections provides a mock function for the type ConfigRepository -func (_mock *ConfigRepository) UpdateConnections(ctx context.Context, domainID string, id string, channels []bootstrap.Channel, connections []string) error { - ret := _mock.Called(ctx, domainID, id, channels, connections) - - if len(ret) == 0 { - panic("no return value specified for UpdateConnections") - } - - var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, []bootstrap.Channel, []string) error); ok { - r0 = returnFunc(ctx, domainID, id, channels, connections) - } else { - r0 = ret.Error(0) - } - return r0 -} - -// ConfigRepository_UpdateConnections_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'UpdateConnections' -type ConfigRepository_UpdateConnections_Call struct { - *mock.Call -} - -// UpdateConnections is a helper method to define mock.On call -// - ctx context.Context -// - domainID string -// - id string -// - channels []bootstrap.Channel -// - connections []string -func (_e *ConfigRepository_Expecter) UpdateConnections(ctx interface{}, domainID interface{}, id interface{}, channels interface{}, connections interface{}) *ConfigRepository_UpdateConnections_Call { - return &ConfigRepository_UpdateConnections_Call{Call: _e.mock.On("UpdateConnections", ctx, domainID, id, channels, connections)} -} - -func (_c *ConfigRepository_UpdateConnections_Call) Run(run func(ctx context.Context, domainID string, id string, channels []bootstrap.Channel, connections []string)) *ConfigRepository_UpdateConnections_Call { - _c.Call.Run(func(args mock.Arguments) { - var arg0 context.Context - if args[0] != nil { - arg0 = args[0].(context.Context) - } - var arg1 string - if args[1] != nil { - arg1 = args[1].(string) - } - var arg2 string - if args[2] != nil { - arg2 = args[2].(string) - } - var arg3 []bootstrap.Channel - if args[3] != nil { - arg3 = args[3].([]bootstrap.Channel) - } - var arg4 []string - if args[4] != nil { - arg4 = args[4].([]string) - } - run( - arg0, - arg1, - arg2, - arg3, - arg4, - ) - }) - return _c -} - -func (_c *ConfigRepository_UpdateConnections_Call) Return(err error) *ConfigRepository_UpdateConnections_Call { - _c.Call.Return(err) - return _c -} - -func (_c *ConfigRepository_UpdateConnections_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string, channels []bootstrap.Channel, connections []string) error) *ConfigRepository_UpdateConnections_Call { +func (_c *ConfigRepository_UpdateCert_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error)) *ConfigRepository_UpdateCert_Call { _c.Call.Return(run) return _c } diff --git a/bootstrap/mocks/profile_repository.go b/bootstrap/mocks/profile_repository.go new file mode 100644 index 000000000..b6b1013df --- /dev/null +++ b/bootstrap/mocks/profile_repository.go @@ -0,0 +1,379 @@ +// Copyright (c) Abstract Machines + +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by mockery; DO NOT EDIT. +// github.com/vektra/mockery +// template: testify + +package mocks + +import ( + "context" + + "github.com/absmach/magistrala/bootstrap" + mock "github.com/stretchr/testify/mock" +) + +// NewProfileRepository creates a new instance of ProfileRepository. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewProfileRepository(t interface { + mock.TestingT + Cleanup(func()) +}) *ProfileRepository { + mock := &ProfileRepository{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} + +// ProfileRepository is an autogenerated mock type for the ProfileRepository type +type ProfileRepository struct { + mock.Mock +} + +type ProfileRepository_Expecter struct { + mock *mock.Mock +} + +func (_m *ProfileRepository) EXPECT() *ProfileRepository_Expecter { + return &ProfileRepository_Expecter{mock: &_m.Mock} +} + +// Delete provides a mock function for the type ProfileRepository +func (_mock *ProfileRepository) Delete(ctx context.Context, domainID string, id string) error { + ret := _mock.Called(ctx, domainID, id) + + if len(ret) == 0 { + panic("no return value specified for Delete") + } + + var r0 error + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) error); ok { + r0 = returnFunc(ctx, domainID, id) + } else { + r0 = ret.Error(0) + } + return r0 +} + +// ProfileRepository_Delete_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Delete' +type ProfileRepository_Delete_Call struct { + *mock.Call +} + +// Delete is a helper method to define mock.On call +// - ctx context.Context +// - domainID string +// - id string +func (_e *ProfileRepository_Expecter) Delete(ctx interface{}, domainID interface{}, id interface{}) *ProfileRepository_Delete_Call { + return &ProfileRepository_Delete_Call{Call: _e.mock.On("Delete", ctx, domainID, id)} +} + +func (_c *ProfileRepository_Delete_Call) Run(run func(ctx context.Context, domainID string, id string)) *ProfileRepository_Delete_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + run( + arg0, + arg1, + arg2, + ) + }) + return _c +} + +func (_c *ProfileRepository_Delete_Call) Return(err error) *ProfileRepository_Delete_Call { + _c.Call.Return(err) + return _c +} + +func (_c *ProfileRepository_Delete_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string) error) *ProfileRepository_Delete_Call { + _c.Call.Return(run) + return _c +} + +// RetrieveAll provides a mock function for the type ProfileRepository +func (_mock *ProfileRepository) RetrieveAll(ctx context.Context, domainID string, offset uint64, limit uint64) (bootstrap.ProfilesPage, error) { + ret := _mock.Called(ctx, domainID, offset, limit) + + if len(ret) == 0 { + panic("no return value specified for RetrieveAll") + } + + var r0 bootstrap.ProfilesPage + var r1 error + if returnFunc, ok := ret.Get(0).(func(context.Context, string, uint64, uint64) (bootstrap.ProfilesPage, error)); ok { + return returnFunc(ctx, domainID, offset, limit) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, string, uint64, uint64) bootstrap.ProfilesPage); ok { + r0 = returnFunc(ctx, domainID, offset, limit) + } else { + r0 = ret.Get(0).(bootstrap.ProfilesPage) + } + if returnFunc, ok := ret.Get(1).(func(context.Context, string, uint64, uint64) error); ok { + r1 = returnFunc(ctx, domainID, offset, limit) + } else { + r1 = ret.Error(1) + } + return r0, r1 +} + +// ProfileRepository_RetrieveAll_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RetrieveAll' +type ProfileRepository_RetrieveAll_Call struct { + *mock.Call +} + +// RetrieveAll is a helper method to define mock.On call +// - ctx context.Context +// - domainID string +// - offset uint64 +// - limit uint64 +func (_e *ProfileRepository_Expecter) RetrieveAll(ctx interface{}, domainID interface{}, offset interface{}, limit interface{}) *ProfileRepository_RetrieveAll_Call { + return &ProfileRepository_RetrieveAll_Call{Call: _e.mock.On("RetrieveAll", ctx, domainID, offset, limit)} +} + +func (_c *ProfileRepository_RetrieveAll_Call) Run(run func(ctx context.Context, domainID string, offset uint64, limit uint64)) *ProfileRepository_RetrieveAll_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 uint64 + if args[2] != nil { + arg2 = args[2].(uint64) + } + var arg3 uint64 + if args[3] != nil { + arg3 = args[3].(uint64) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *ProfileRepository_RetrieveAll_Call) Return(profilesPage bootstrap.ProfilesPage, err error) *ProfileRepository_RetrieveAll_Call { + _c.Call.Return(profilesPage, err) + return _c +} + +func (_c *ProfileRepository_RetrieveAll_Call) RunAndReturn(run func(ctx context.Context, domainID string, offset uint64, limit uint64) (bootstrap.ProfilesPage, error)) *ProfileRepository_RetrieveAll_Call { + _c.Call.Return(run) + return _c +} + +// RetrieveByID provides a mock function for the type ProfileRepository +func (_mock *ProfileRepository) RetrieveByID(ctx context.Context, domainID string, id string) (bootstrap.Profile, error) { + ret := _mock.Called(ctx, domainID, id) + + if len(ret) == 0 { + panic("no return value specified for RetrieveByID") + } + + var r0 bootstrap.Profile + var r1 error + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) (bootstrap.Profile, error)); ok { + return returnFunc(ctx, domainID, id) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) bootstrap.Profile); ok { + r0 = returnFunc(ctx, domainID, id) + } else { + r0 = ret.Get(0).(bootstrap.Profile) + } + if returnFunc, ok := ret.Get(1).(func(context.Context, string, string) error); ok { + r1 = returnFunc(ctx, domainID, id) + } else { + r1 = ret.Error(1) + } + return r0, r1 +} + +// ProfileRepository_RetrieveByID_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RetrieveByID' +type ProfileRepository_RetrieveByID_Call struct { + *mock.Call +} + +// RetrieveByID is a helper method to define mock.On call +// - ctx context.Context +// - domainID string +// - id string +func (_e *ProfileRepository_Expecter) RetrieveByID(ctx interface{}, domainID interface{}, id interface{}) *ProfileRepository_RetrieveByID_Call { + return &ProfileRepository_RetrieveByID_Call{Call: _e.mock.On("RetrieveByID", ctx, domainID, id)} +} + +func (_c *ProfileRepository_RetrieveByID_Call) Run(run func(ctx context.Context, domainID string, id string)) *ProfileRepository_RetrieveByID_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + run( + arg0, + arg1, + arg2, + ) + }) + return _c +} + +func (_c *ProfileRepository_RetrieveByID_Call) Return(profile bootstrap.Profile, err error) *ProfileRepository_RetrieveByID_Call { + _c.Call.Return(profile, err) + return _c +} + +func (_c *ProfileRepository_RetrieveByID_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string) (bootstrap.Profile, error)) *ProfileRepository_RetrieveByID_Call { + _c.Call.Return(run) + return _c +} + +// Save provides a mock function for the type ProfileRepository +func (_mock *ProfileRepository) Save(ctx context.Context, p bootstrap.Profile) (bootstrap.Profile, error) { + ret := _mock.Called(ctx, p) + + if len(ret) == 0 { + panic("no return value specified for Save") + } + + var r0 bootstrap.Profile + var r1 error + if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Profile) (bootstrap.Profile, error)); ok { + return returnFunc(ctx, p) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Profile) bootstrap.Profile); ok { + r0 = returnFunc(ctx, p) + } else { + r0 = ret.Get(0).(bootstrap.Profile) + } + if returnFunc, ok := ret.Get(1).(func(context.Context, bootstrap.Profile) error); ok { + r1 = returnFunc(ctx, p) + } else { + r1 = ret.Error(1) + } + return r0, r1 +} + +// ProfileRepository_Save_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Save' +type ProfileRepository_Save_Call struct { + *mock.Call +} + +// Save is a helper method to define mock.On call +// - ctx context.Context +// - p bootstrap.Profile +func (_e *ProfileRepository_Expecter) Save(ctx interface{}, p interface{}) *ProfileRepository_Save_Call { + return &ProfileRepository_Save_Call{Call: _e.mock.On("Save", ctx, p)} +} + +func (_c *ProfileRepository_Save_Call) Run(run func(ctx context.Context, p bootstrap.Profile)) *ProfileRepository_Save_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 bootstrap.Profile + if args[1] != nil { + arg1 = args[1].(bootstrap.Profile) + } + run( + arg0, + arg1, + ) + }) + return _c +} + +func (_c *ProfileRepository_Save_Call) Return(profile bootstrap.Profile, err error) *ProfileRepository_Save_Call { + _c.Call.Return(profile, err) + return _c +} + +func (_c *ProfileRepository_Save_Call) RunAndReturn(run func(ctx context.Context, p bootstrap.Profile) (bootstrap.Profile, error)) *ProfileRepository_Save_Call { + _c.Call.Return(run) + return _c +} + +// Update provides a mock function for the type ProfileRepository +func (_mock *ProfileRepository) Update(ctx context.Context, p bootstrap.Profile) error { + ret := _mock.Called(ctx, p) + + if len(ret) == 0 { + panic("no return value specified for Update") + } + + var r0 error + if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Profile) error); ok { + r0 = returnFunc(ctx, p) + } else { + r0 = ret.Error(0) + } + return r0 +} + +// ProfileRepository_Update_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Update' +type ProfileRepository_Update_Call struct { + *mock.Call +} + +// Update is a helper method to define mock.On call +// - ctx context.Context +// - p bootstrap.Profile +func (_e *ProfileRepository_Expecter) Update(ctx interface{}, p interface{}) *ProfileRepository_Update_Call { + return &ProfileRepository_Update_Call{Call: _e.mock.On("Update", ctx, p)} +} + +func (_c *ProfileRepository_Update_Call) Run(run func(ctx context.Context, p bootstrap.Profile)) *ProfileRepository_Update_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 bootstrap.Profile + if args[1] != nil { + arg1 = args[1].(bootstrap.Profile) + } + run( + arg0, + arg1, + ) + }) + return _c +} + +func (_c *ProfileRepository_Update_Call) Return(err error) *ProfileRepository_Update_Call { + _c.Call.Return(err) + return _c +} + +func (_c *ProfileRepository_Update_Call) RunAndReturn(run func(ctx context.Context, p bootstrap.Profile) error) *ProfileRepository_Update_Call { + _c.Call.Return(run) + return _c +} diff --git a/bootstrap/mocks/renderer.go b/bootstrap/mocks/renderer.go new file mode 100644 index 000000000..aae3f7e96 --- /dev/null +++ b/bootstrap/mocks/renderer.go @@ -0,0 +1,115 @@ +// Copyright (c) Abstract Machines + +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by mockery; DO NOT EDIT. +// github.com/vektra/mockery +// template: testify + +package mocks + +import ( + "github.com/absmach/magistrala/bootstrap" + mock "github.com/stretchr/testify/mock" +) + +// NewRenderer creates a new instance of Renderer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewRenderer(t interface { + mock.TestingT + Cleanup(func()) +}) *Renderer { + mock := &Renderer{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} + +// Renderer is an autogenerated mock type for the Renderer type +type Renderer struct { + mock.Mock +} + +type Renderer_Expecter struct { + mock *mock.Mock +} + +func (_m *Renderer) EXPECT() *Renderer_Expecter { + return &Renderer_Expecter{mock: &_m.Mock} +} + +// Render provides a mock function for the type Renderer +func (_mock *Renderer) Render(profile bootstrap.Profile, enrollment bootstrap.Config, bindings []bootstrap.BindingSnapshot) ([]byte, error) { + ret := _mock.Called(profile, enrollment, bindings) + + if len(ret) == 0 { + panic("no return value specified for Render") + } + + var r0 []byte + var r1 error + if returnFunc, ok := ret.Get(0).(func(bootstrap.Profile, bootstrap.Config, []bootstrap.BindingSnapshot) ([]byte, error)); ok { + return returnFunc(profile, enrollment, bindings) + } + if returnFunc, ok := ret.Get(0).(func(bootstrap.Profile, bootstrap.Config, []bootstrap.BindingSnapshot) []byte); ok { + r0 = returnFunc(profile, enrollment, bindings) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]byte) + } + } + if returnFunc, ok := ret.Get(1).(func(bootstrap.Profile, bootstrap.Config, []bootstrap.BindingSnapshot) error); ok { + r1 = returnFunc(profile, enrollment, bindings) + } else { + r1 = ret.Error(1) + } + return r0, r1 +} + +// Renderer_Render_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Render' +type Renderer_Render_Call struct { + *mock.Call +} + +// Render is a helper method to define mock.On call +// - profile bootstrap.Profile +// - enrollment bootstrap.Config +// - bindings []bootstrap.BindingSnapshot +func (_e *Renderer_Expecter) Render(profile interface{}, enrollment interface{}, bindings interface{}) *Renderer_Render_Call { + return &Renderer_Render_Call{Call: _e.mock.On("Render", profile, enrollment, bindings)} +} + +func (_c *Renderer_Render_Call) Run(run func(profile bootstrap.Profile, enrollment bootstrap.Config, bindings []bootstrap.BindingSnapshot)) *Renderer_Render_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 bootstrap.Profile + if args[0] != nil { + arg0 = args[0].(bootstrap.Profile) + } + var arg1 bootstrap.Config + if args[1] != nil { + arg1 = args[1].(bootstrap.Config) + } + var arg2 []bootstrap.BindingSnapshot + if args[2] != nil { + arg2 = args[2].([]bootstrap.BindingSnapshot) + } + run( + arg0, + arg1, + arg2, + ) + }) + return _c +} + +func (_c *Renderer_Render_Call) Return(bytes []byte, err error) *Renderer_Render_Call { + _c.Call.Return(bytes, err) + return _c +} + +func (_c *Renderer_Render_Call) RunAndReturn(run func(profile bootstrap.Profile, enrollment bootstrap.Config, bindings []bootstrap.BindingSnapshot) ([]byte, error)) *Renderer_Render_Call { + _c.Call.Return(run) + return _c +} diff --git a/bootstrap/mocks/service.go b/bootstrap/mocks/service.go index f956ba197..00d4c4b3f 100644 --- a/bootstrap/mocks/service.go +++ b/bootstrap/mocks/service.go @@ -121,6 +121,150 @@ func (_c *Service_Add_Call) RunAndReturn(run func(ctx context.Context, session a return _c } +// AssignProfile provides a mock function for the type Service +func (_mock *Service) AssignProfile(ctx context.Context, session authn.Session, configID string, profileID string) error { + ret := _mock.Called(ctx, session, configID, profileID) + + if len(ret) == 0 { + panic("no return value specified for AssignProfile") + } + + var r0 error + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string, string) error); ok { + r0 = returnFunc(ctx, session, configID, profileID) + } else { + r0 = ret.Error(0) + } + return r0 +} + +// Service_AssignProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'AssignProfile' +type Service_AssignProfile_Call struct { + *mock.Call +} + +// AssignProfile is a helper method to define mock.On call +// - ctx context.Context +// - session authn.Session +// - configID string +// - profileID string +func (_e *Service_Expecter) AssignProfile(ctx interface{}, session interface{}, configID interface{}, profileID interface{}) *Service_AssignProfile_Call { + return &Service_AssignProfile_Call{Call: _e.mock.On("AssignProfile", ctx, session, configID, profileID)} +} + +func (_c *Service_AssignProfile_Call) Run(run func(ctx context.Context, session authn.Session, configID string, profileID string)) *Service_AssignProfile_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 authn.Session + if args[1] != nil { + arg1 = args[1].(authn.Session) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *Service_AssignProfile_Call) Return(err error) *Service_AssignProfile_Call { + _c.Call.Return(err) + return _c +} + +func (_c *Service_AssignProfile_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, configID string, profileID string) error) *Service_AssignProfile_Call { + _c.Call.Return(run) + return _c +} + +// BindResources provides a mock function for the type Service +func (_mock *Service) BindResources(ctx context.Context, session authn.Session, token string, configID string, bindings []bootstrap.BindingRequest) error { + ret := _mock.Called(ctx, session, token, configID, bindings) + + if len(ret) == 0 { + panic("no return value specified for BindResources") + } + + var r0 error + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string, string, []bootstrap.BindingRequest) error); ok { + r0 = returnFunc(ctx, session, token, configID, bindings) + } else { + r0 = ret.Error(0) + } + return r0 +} + +// Service_BindResources_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'BindResources' +type Service_BindResources_Call struct { + *mock.Call +} + +// BindResources is a helper method to define mock.On call +// - ctx context.Context +// - session authn.Session +// - token string +// - configID string +// - bindings []bootstrap.BindingRequest +func (_e *Service_Expecter) BindResources(ctx interface{}, session interface{}, token interface{}, configID interface{}, bindings interface{}) *Service_BindResources_Call { + return &Service_BindResources_Call{Call: _e.mock.On("BindResources", ctx, session, token, configID, bindings)} +} + +func (_c *Service_BindResources_Call) Run(run func(ctx context.Context, session authn.Session, token string, configID string, bindings []bootstrap.BindingRequest)) *Service_BindResources_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 authn.Session + if args[1] != nil { + arg1 = args[1].(authn.Session) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + var arg4 []bootstrap.BindingRequest + if args[4] != nil { + arg4 = args[4].([]bootstrap.BindingRequest) + } + run( + arg0, + arg1, + arg2, + arg3, + arg4, + ) + }) + return _c +} + +func (_c *Service_BindResources_Call) Return(err error) *Service_BindResources_Call { + _c.Call.Return(err) + return _c +} + +func (_c *Service_BindResources_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, token string, configID string, bindings []bootstrap.BindingRequest) error) *Service_BindResources_Call { + _c.Call.Return(run) + return _c +} + // Bootstrap provides a mock function for the type Service func (_mock *Service) Bootstrap(ctx context.Context, externalKey string, externalID string, secure bool) (bootstrap.Config, error) { ret := _mock.Called(ctx, externalKey, externalID, secure) @@ -199,39 +343,109 @@ func (_c *Service_Bootstrap_Call) RunAndReturn(run func(ctx context.Context, ext return _c } -// ChangeState provides a mock function for the type Service -func (_mock *Service) ChangeState(ctx context.Context, session authn.Session, token string, id string, state bootstrap.State) error { - ret := _mock.Called(ctx, session, token, id, state) +// CreateProfile provides a mock function for the type Service +func (_mock *Service) CreateProfile(ctx context.Context, session authn.Session, p bootstrap.Profile) (bootstrap.Profile, error) { + ret := _mock.Called(ctx, session, p) if len(ret) == 0 { - panic("no return value specified for ChangeState") + panic("no return value specified for CreateProfile") + } + + var r0 bootstrap.Profile + var r1 error + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, bootstrap.Profile) (bootstrap.Profile, error)); ok { + return returnFunc(ctx, session, p) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, bootstrap.Profile) bootstrap.Profile); ok { + r0 = returnFunc(ctx, session, p) + } else { + r0 = ret.Get(0).(bootstrap.Profile) + } + if returnFunc, ok := ret.Get(1).(func(context.Context, authn.Session, bootstrap.Profile) error); ok { + r1 = returnFunc(ctx, session, p) + } else { + r1 = ret.Error(1) + } + return r0, r1 +} + +// Service_CreateProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'CreateProfile' +type Service_CreateProfile_Call struct { + *mock.Call +} + +// CreateProfile is a helper method to define mock.On call +// - ctx context.Context +// - session authn.Session +// - p bootstrap.Profile +func (_e *Service_Expecter) CreateProfile(ctx interface{}, session interface{}, p interface{}) *Service_CreateProfile_Call { + return &Service_CreateProfile_Call{Call: _e.mock.On("CreateProfile", ctx, session, p)} +} + +func (_c *Service_CreateProfile_Call) Run(run func(ctx context.Context, session authn.Session, p bootstrap.Profile)) *Service_CreateProfile_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 authn.Session + if args[1] != nil { + arg1 = args[1].(authn.Session) + } + var arg2 bootstrap.Profile + if args[2] != nil { + arg2 = args[2].(bootstrap.Profile) + } + run( + arg0, + arg1, + arg2, + ) + }) + return _c +} + +func (_c *Service_CreateProfile_Call) Return(profile bootstrap.Profile, err error) *Service_CreateProfile_Call { + _c.Call.Return(profile, err) + return _c +} + +func (_c *Service_CreateProfile_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, p bootstrap.Profile) (bootstrap.Profile, error)) *Service_CreateProfile_Call { + _c.Call.Return(run) + return _c +} + +// DeleteProfile provides a mock function for the type Service +func (_mock *Service) DeleteProfile(ctx context.Context, session authn.Session, profileID string) error { + ret := _mock.Called(ctx, session, profileID) + + if len(ret) == 0 { + panic("no return value specified for DeleteProfile") } var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string, string, bootstrap.State) error); ok { - r0 = returnFunc(ctx, session, token, id, state) + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string) error); ok { + r0 = returnFunc(ctx, session, profileID) } else { r0 = ret.Error(0) } return r0 } -// Service_ChangeState_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ChangeState' -type Service_ChangeState_Call struct { +// Service_DeleteProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DeleteProfile' +type Service_DeleteProfile_Call struct { *mock.Call } -// ChangeState is a helper method to define mock.On call +// DeleteProfile is a helper method to define mock.On call // - ctx context.Context // - session authn.Session -// - token string -// - id string -// - state bootstrap.State -func (_e *Service_Expecter) ChangeState(ctx interface{}, session interface{}, token interface{}, id interface{}, state interface{}) *Service_ChangeState_Call { - return &Service_ChangeState_Call{Call: _e.mock.On("ChangeState", ctx, session, token, id, state)} +// - profileID string +func (_e *Service_Expecter) DeleteProfile(ctx interface{}, session interface{}, profileID interface{}) *Service_DeleteProfile_Call { + return &Service_DeleteProfile_Call{Call: _e.mock.On("DeleteProfile", ctx, session, profileID)} } -func (_c *Service_ChangeState_Call) Run(run func(ctx context.Context, session authn.Session, token string, id string, state bootstrap.State)) *Service_ChangeState_Call { +func (_c *Service_DeleteProfile_Call) Run(run func(ctx context.Context, session authn.Session, profileID string)) *Service_DeleteProfile_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { @@ -245,74 +459,73 @@ func (_c *Service_ChangeState_Call) Run(run func(ctx context.Context, session au if args[2] != nil { arg2 = args[2].(string) } - var arg3 string - if args[3] != nil { - arg3 = args[3].(string) - } - var arg4 bootstrap.State - if args[4] != nil { - arg4 = args[4].(bootstrap.State) - } run( arg0, arg1, arg2, - arg3, - arg4, ) }) return _c } -func (_c *Service_ChangeState_Call) Return(err error) *Service_ChangeState_Call { +func (_c *Service_DeleteProfile_Call) Return(err error) *Service_DeleteProfile_Call { _c.Call.Return(err) return _c } -func (_c *Service_ChangeState_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, token string, id string, state bootstrap.State) error) *Service_ChangeState_Call { +func (_c *Service_DeleteProfile_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, profileID string) error) *Service_DeleteProfile_Call { _c.Call.Return(run) return _c } -// ConnectClientHandler provides a mock function for the type Service -func (_mock *Service) ConnectClientHandler(ctx context.Context, channelID string, clientID string) error { - ret := _mock.Called(ctx, channelID, clientID) +// DisableConfig provides a mock function for the type Service +func (_mock *Service) DisableConfig(ctx context.Context, session authn.Session, id string) (bootstrap.Config, error) { + ret := _mock.Called(ctx, session, id) if len(ret) == 0 { - panic("no return value specified for ConnectClientHandler") + panic("no return value specified for DisableConfig") } - var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) error); ok { - r0 = returnFunc(ctx, channelID, clientID) - } else { - r0 = ret.Error(0) + var r0 bootstrap.Config + var r1 error + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string) (bootstrap.Config, error)); ok { + return returnFunc(ctx, session, id) } - return r0 + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string) bootstrap.Config); ok { + r0 = returnFunc(ctx, session, id) + } else { + r0 = ret.Get(0).(bootstrap.Config) + } + if returnFunc, ok := ret.Get(1).(func(context.Context, authn.Session, string) error); ok { + r1 = returnFunc(ctx, session, id) + } else { + r1 = ret.Error(1) + } + return r0, r1 } -// Service_ConnectClientHandler_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ConnectClientHandler' -type Service_ConnectClientHandler_Call struct { +// Service_DisableConfig_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DisableConfig' +type Service_DisableConfig_Call struct { *mock.Call } -// ConnectClientHandler is a helper method to define mock.On call +// DisableConfig is a helper method to define mock.On call // - ctx context.Context -// - channelID string -// - clientID string -func (_e *Service_Expecter) ConnectClientHandler(ctx interface{}, channelID interface{}, clientID interface{}) *Service_ConnectClientHandler_Call { - return &Service_ConnectClientHandler_Call{Call: _e.mock.On("ConnectClientHandler", ctx, channelID, clientID)} +// - session authn.Session +// - id string +func (_e *Service_Expecter) DisableConfig(ctx interface{}, session interface{}, id interface{}) *Service_DisableConfig_Call { + return &Service_DisableConfig_Call{Call: _e.mock.On("DisableConfig", ctx, session, id)} } -func (_c *Service_ConnectClientHandler_Call) Run(run func(ctx context.Context, channelID string, clientID string)) *Service_ConnectClientHandler_Call { +func (_c *Service_DisableConfig_Call) Run(run func(ctx context.Context, session authn.Session, id string)) *Service_DisableConfig_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { arg0 = args[0].(context.Context) } - var arg1 string + var arg1 authn.Session if args[1] != nil { - arg1 = args[1].(string) + arg1 = args[1].(authn.Session) } var arg2 string if args[2] != nil { @@ -327,55 +540,64 @@ func (_c *Service_ConnectClientHandler_Call) Run(run func(ctx context.Context, c return _c } -func (_c *Service_ConnectClientHandler_Call) Return(err error) *Service_ConnectClientHandler_Call { - _c.Call.Return(err) +func (_c *Service_DisableConfig_Call) Return(config bootstrap.Config, err error) *Service_DisableConfig_Call { + _c.Call.Return(config, err) return _c } -func (_c *Service_ConnectClientHandler_Call) RunAndReturn(run func(ctx context.Context, channelID string, clientID string) error) *Service_ConnectClientHandler_Call { +func (_c *Service_DisableConfig_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, id string) (bootstrap.Config, error)) *Service_DisableConfig_Call { _c.Call.Return(run) return _c } -// DisconnectClientHandler provides a mock function for the type Service -func (_mock *Service) DisconnectClientHandler(ctx context.Context, channelID string, clientID string) error { - ret := _mock.Called(ctx, channelID, clientID) +// EnableConfig provides a mock function for the type Service +func (_mock *Service) EnableConfig(ctx context.Context, session authn.Session, id string) (bootstrap.Config, error) { + ret := _mock.Called(ctx, session, id) if len(ret) == 0 { - panic("no return value specified for DisconnectClientHandler") + panic("no return value specified for EnableConfig") } - var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) error); ok { - r0 = returnFunc(ctx, channelID, clientID) - } else { - r0 = ret.Error(0) + var r0 bootstrap.Config + var r1 error + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string) (bootstrap.Config, error)); ok { + return returnFunc(ctx, session, id) } - return r0 + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string) bootstrap.Config); ok { + r0 = returnFunc(ctx, session, id) + } else { + r0 = ret.Get(0).(bootstrap.Config) + } + if returnFunc, ok := ret.Get(1).(func(context.Context, authn.Session, string) error); ok { + r1 = returnFunc(ctx, session, id) + } else { + r1 = ret.Error(1) + } + return r0, r1 } -// Service_DisconnectClientHandler_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DisconnectClientHandler' -type Service_DisconnectClientHandler_Call struct { +// Service_EnableConfig_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'EnableConfig' +type Service_EnableConfig_Call struct { *mock.Call } -// DisconnectClientHandler is a helper method to define mock.On call +// EnableConfig is a helper method to define mock.On call // - ctx context.Context -// - channelID string -// - clientID string -func (_e *Service_Expecter) DisconnectClientHandler(ctx interface{}, channelID interface{}, clientID interface{}) *Service_DisconnectClientHandler_Call { - return &Service_DisconnectClientHandler_Call{Call: _e.mock.On("DisconnectClientHandler", ctx, channelID, clientID)} +// - session authn.Session +// - id string +func (_e *Service_Expecter) EnableConfig(ctx interface{}, session interface{}, id interface{}) *Service_EnableConfig_Call { + return &Service_EnableConfig_Call{Call: _e.mock.On("EnableConfig", ctx, session, id)} } -func (_c *Service_DisconnectClientHandler_Call) Run(run func(ctx context.Context, channelID string, clientID string)) *Service_DisconnectClientHandler_Call { +func (_c *Service_EnableConfig_Call) Run(run func(ctx context.Context, session authn.Session, id string)) *Service_EnableConfig_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { arg0 = args[0].(context.Context) } - var arg1 string + var arg1 authn.Session if args[1] != nil { - arg1 = args[1].(string) + arg1 = args[1].(authn.Session) } var arg2 string if args[2] != nil { @@ -390,12 +612,12 @@ func (_c *Service_DisconnectClientHandler_Call) Run(run func(ctx context.Context return _c } -func (_c *Service_DisconnectClientHandler_Call) Return(err error) *Service_DisconnectClientHandler_Call { - _c.Call.Return(err) +func (_c *Service_EnableConfig_Call) Return(config bootstrap.Config, err error) *Service_EnableConfig_Call { + _c.Call.Return(config, err) return _c } -func (_c *Service_DisconnectClientHandler_Call) RunAndReturn(run func(ctx context.Context, channelID string, clientID string) error) *Service_DisconnectClientHandler_Call { +func (_c *Service_EnableConfig_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, id string) (bootstrap.Config, error)) *Service_EnableConfig_Call { _c.Call.Return(run) return _c } @@ -484,6 +706,227 @@ func (_c *Service_List_Call) RunAndReturn(run func(ctx context.Context, session return _c } +// ListBindings provides a mock function for the type Service +func (_mock *Service) ListBindings(ctx context.Context, session authn.Session, configID string) ([]bootstrap.BindingSnapshot, error) { + ret := _mock.Called(ctx, session, configID) + + if len(ret) == 0 { + panic("no return value specified for ListBindings") + } + + var r0 []bootstrap.BindingSnapshot + var r1 error + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string) ([]bootstrap.BindingSnapshot, error)); ok { + return returnFunc(ctx, session, configID) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string) []bootstrap.BindingSnapshot); ok { + r0 = returnFunc(ctx, session, configID) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]bootstrap.BindingSnapshot) + } + } + if returnFunc, ok := ret.Get(1).(func(context.Context, authn.Session, string) error); ok { + r1 = returnFunc(ctx, session, configID) + } else { + r1 = ret.Error(1) + } + return r0, r1 +} + +// Service_ListBindings_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListBindings' +type Service_ListBindings_Call struct { + *mock.Call +} + +// ListBindings is a helper method to define mock.On call +// - ctx context.Context +// - session authn.Session +// - configID string +func (_e *Service_Expecter) ListBindings(ctx interface{}, session interface{}, configID interface{}) *Service_ListBindings_Call { + return &Service_ListBindings_Call{Call: _e.mock.On("ListBindings", ctx, session, configID)} +} + +func (_c *Service_ListBindings_Call) Run(run func(ctx context.Context, session authn.Session, configID string)) *Service_ListBindings_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 authn.Session + if args[1] != nil { + arg1 = args[1].(authn.Session) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + run( + arg0, + arg1, + arg2, + ) + }) + return _c +} + +func (_c *Service_ListBindings_Call) Return(bindingSnapshots []bootstrap.BindingSnapshot, err error) *Service_ListBindings_Call { + _c.Call.Return(bindingSnapshots, err) + return _c +} + +func (_c *Service_ListBindings_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, configID string) ([]bootstrap.BindingSnapshot, error)) *Service_ListBindings_Call { + _c.Call.Return(run) + return _c +} + +// ListProfiles provides a mock function for the type Service +func (_mock *Service) ListProfiles(ctx context.Context, session authn.Session, offset uint64, limit uint64) (bootstrap.ProfilesPage, error) { + ret := _mock.Called(ctx, session, offset, limit) + + if len(ret) == 0 { + panic("no return value specified for ListProfiles") + } + + var r0 bootstrap.ProfilesPage + var r1 error + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, uint64, uint64) (bootstrap.ProfilesPage, error)); ok { + return returnFunc(ctx, session, offset, limit) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, uint64, uint64) bootstrap.ProfilesPage); ok { + r0 = returnFunc(ctx, session, offset, limit) + } else { + r0 = ret.Get(0).(bootstrap.ProfilesPage) + } + if returnFunc, ok := ret.Get(1).(func(context.Context, authn.Session, uint64, uint64) error); ok { + r1 = returnFunc(ctx, session, offset, limit) + } else { + r1 = ret.Error(1) + } + return r0, r1 +} + +// Service_ListProfiles_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListProfiles' +type Service_ListProfiles_Call struct { + *mock.Call +} + +// ListProfiles is a helper method to define mock.On call +// - ctx context.Context +// - session authn.Session +// - offset uint64 +// - limit uint64 +func (_e *Service_Expecter) ListProfiles(ctx interface{}, session interface{}, offset interface{}, limit interface{}) *Service_ListProfiles_Call { + return &Service_ListProfiles_Call{Call: _e.mock.On("ListProfiles", ctx, session, offset, limit)} +} + +func (_c *Service_ListProfiles_Call) Run(run func(ctx context.Context, session authn.Session, offset uint64, limit uint64)) *Service_ListProfiles_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 authn.Session + if args[1] != nil { + arg1 = args[1].(authn.Session) + } + var arg2 uint64 + if args[2] != nil { + arg2 = args[2].(uint64) + } + var arg3 uint64 + if args[3] != nil { + arg3 = args[3].(uint64) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *Service_ListProfiles_Call) Return(profilesPage bootstrap.ProfilesPage, err error) *Service_ListProfiles_Call { + _c.Call.Return(profilesPage, err) + return _c +} + +func (_c *Service_ListProfiles_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, offset uint64, limit uint64) (bootstrap.ProfilesPage, error)) *Service_ListProfiles_Call { + _c.Call.Return(run) + return _c +} + +// RefreshBindings provides a mock function for the type Service +func (_mock *Service) RefreshBindings(ctx context.Context, session authn.Session, token string, configID string) error { + ret := _mock.Called(ctx, session, token, configID) + + if len(ret) == 0 { + panic("no return value specified for RefreshBindings") + } + + var r0 error + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string, string) error); ok { + r0 = returnFunc(ctx, session, token, configID) + } else { + r0 = ret.Error(0) + } + return r0 +} + +// Service_RefreshBindings_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RefreshBindings' +type Service_RefreshBindings_Call struct { + *mock.Call +} + +// RefreshBindings is a helper method to define mock.On call +// - ctx context.Context +// - session authn.Session +// - token string +// - configID string +func (_e *Service_Expecter) RefreshBindings(ctx interface{}, session interface{}, token interface{}, configID interface{}) *Service_RefreshBindings_Call { + return &Service_RefreshBindings_Call{Call: _e.mock.On("RefreshBindings", ctx, session, token, configID)} +} + +func (_c *Service_RefreshBindings_Call) Run(run func(ctx context.Context, session authn.Session, token string, configID string)) *Service_RefreshBindings_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 authn.Session + if args[1] != nil { + arg1 = args[1].(authn.Session) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *Service_RefreshBindings_Call) Return(err error) *Service_RefreshBindings_Call { + _c.Call.Return(err) + return _c +} + +func (_c *Service_RefreshBindings_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, token string, configID string) error) *Service_RefreshBindings_Call { + _c.Call.Return(run) + return _c +} + // Remove provides a mock function for the type Service func (_mock *Service) Remove(ctx context.Context, session authn.Session, id string) error { ret := _mock.Called(ctx, session, id) @@ -547,120 +990,6 @@ func (_c *Service_Remove_Call) RunAndReturn(run func(ctx context.Context, sessio return _c } -// RemoveChannelHandler provides a mock function for the type Service -func (_mock *Service) RemoveChannelHandler(ctx context.Context, id string) error { - ret := _mock.Called(ctx, id) - - if len(ret) == 0 { - panic("no return value specified for RemoveChannelHandler") - } - - var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, string) error); ok { - r0 = returnFunc(ctx, id) - } else { - r0 = ret.Error(0) - } - return r0 -} - -// Service_RemoveChannelHandler_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoveChannelHandler' -type Service_RemoveChannelHandler_Call struct { - *mock.Call -} - -// RemoveChannelHandler is a helper method to define mock.On call -// - ctx context.Context -// - id string -func (_e *Service_Expecter) RemoveChannelHandler(ctx interface{}, id interface{}) *Service_RemoveChannelHandler_Call { - return &Service_RemoveChannelHandler_Call{Call: _e.mock.On("RemoveChannelHandler", ctx, id)} -} - -func (_c *Service_RemoveChannelHandler_Call) Run(run func(ctx context.Context, id string)) *Service_RemoveChannelHandler_Call { - _c.Call.Run(func(args mock.Arguments) { - var arg0 context.Context - if args[0] != nil { - arg0 = args[0].(context.Context) - } - var arg1 string - if args[1] != nil { - arg1 = args[1].(string) - } - run( - arg0, - arg1, - ) - }) - return _c -} - -func (_c *Service_RemoveChannelHandler_Call) Return(err error) *Service_RemoveChannelHandler_Call { - _c.Call.Return(err) - return _c -} - -func (_c *Service_RemoveChannelHandler_Call) RunAndReturn(run func(ctx context.Context, id string) error) *Service_RemoveChannelHandler_Call { - _c.Call.Return(run) - return _c -} - -// RemoveConfigHandler provides a mock function for the type Service -func (_mock *Service) RemoveConfigHandler(ctx context.Context, id string) error { - ret := _mock.Called(ctx, id) - - if len(ret) == 0 { - panic("no return value specified for RemoveConfigHandler") - } - - var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, string) error); ok { - r0 = returnFunc(ctx, id) - } else { - r0 = ret.Error(0) - } - return r0 -} - -// Service_RemoveConfigHandler_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoveConfigHandler' -type Service_RemoveConfigHandler_Call struct { - *mock.Call -} - -// RemoveConfigHandler is a helper method to define mock.On call -// - ctx context.Context -// - id string -func (_e *Service_Expecter) RemoveConfigHandler(ctx interface{}, id interface{}) *Service_RemoveConfigHandler_Call { - return &Service_RemoveConfigHandler_Call{Call: _e.mock.On("RemoveConfigHandler", ctx, id)} -} - -func (_c *Service_RemoveConfigHandler_Call) Run(run func(ctx context.Context, id string)) *Service_RemoveConfigHandler_Call { - _c.Call.Run(func(args mock.Arguments) { - var arg0 context.Context - if args[0] != nil { - arg0 = args[0].(context.Context) - } - var arg1 string - if args[1] != nil { - arg1 = args[1].(string) - } - run( - arg0, - arg1, - ) - }) - return _c -} - -func (_c *Service_RemoveConfigHandler_Call) Return(err error) *Service_RemoveConfigHandler_Call { - _c.Call.Return(err) - return _c -} - -func (_c *Service_RemoveConfigHandler_Call) RunAndReturn(run func(ctx context.Context, id string) error) *Service_RemoveConfigHandler_Call { - _c.Call.Return(run) - return _c -} - // Update provides a mock function for the type Service func (_mock *Service) Update(ctx context.Context, session authn.Session, cfg bootstrap.Config) error { ret := _mock.Called(ctx, session, cfg) @@ -725,8 +1054,8 @@ func (_c *Service_Update_Call) RunAndReturn(run func(ctx context.Context, sessio } // UpdateCert provides a mock function for the type Service -func (_mock *Service) UpdateCert(ctx context.Context, session authn.Session, clientID string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error) { - ret := _mock.Called(ctx, session, clientID, clientCert, clientKey, caCert) +func (_mock *Service) UpdateCert(ctx context.Context, session authn.Session, id string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error) { + ret := _mock.Called(ctx, session, id, clientCert, clientKey, caCert) if len(ret) == 0 { panic("no return value specified for UpdateCert") @@ -735,15 +1064,15 @@ func (_mock *Service) UpdateCert(ctx context.Context, session authn.Session, cli var r0 bootstrap.Config var r1 error if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string, string, string, string) (bootstrap.Config, error)); ok { - return returnFunc(ctx, session, clientID, clientCert, clientKey, caCert) + return returnFunc(ctx, session, id, clientCert, clientKey, caCert) } if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string, string, string, string) bootstrap.Config); ok { - r0 = returnFunc(ctx, session, clientID, clientCert, clientKey, caCert) + r0 = returnFunc(ctx, session, id, clientCert, clientKey, caCert) } else { r0 = ret.Get(0).(bootstrap.Config) } if returnFunc, ok := ret.Get(1).(func(context.Context, authn.Session, string, string, string, string) error); ok { - r1 = returnFunc(ctx, session, clientID, clientCert, clientKey, caCert) + r1 = returnFunc(ctx, session, id, clientCert, clientKey, caCert) } else { r1 = ret.Error(1) } @@ -758,15 +1087,15 @@ type Service_UpdateCert_Call struct { // UpdateCert is a helper method to define mock.On call // - ctx context.Context // - session authn.Session -// - clientID string +// - id string // - clientCert string // - clientKey string // - caCert string -func (_e *Service_Expecter) UpdateCert(ctx interface{}, session interface{}, clientID interface{}, clientCert interface{}, clientKey interface{}, caCert interface{}) *Service_UpdateCert_Call { - return &Service_UpdateCert_Call{Call: _e.mock.On("UpdateCert", ctx, session, clientID, clientCert, clientKey, caCert)} +func (_e *Service_Expecter) UpdateCert(ctx interface{}, session interface{}, id interface{}, clientCert interface{}, clientKey interface{}, caCert interface{}) *Service_UpdateCert_Call { + return &Service_UpdateCert_Call{Call: _e.mock.On("UpdateCert", ctx, session, id, clientCert, clientKey, caCert)} } -func (_c *Service_UpdateCert_Call) Run(run func(ctx context.Context, session authn.Session, clientID string, clientCert string, clientKey string, caCert string)) *Service_UpdateCert_Call { +func (_c *Service_UpdateCert_Call) Run(run func(ctx context.Context, session authn.Session, id string, clientCert string, clientKey string, caCert string)) *Service_UpdateCert_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { @@ -809,101 +1138,42 @@ func (_c *Service_UpdateCert_Call) Return(config bootstrap.Config, err error) *S return _c } -func (_c *Service_UpdateCert_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, clientID string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error)) *Service_UpdateCert_Call { +func (_c *Service_UpdateCert_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, id string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error)) *Service_UpdateCert_Call { _c.Call.Return(run) return _c } -// UpdateChannelHandler provides a mock function for the type Service -func (_mock *Service) UpdateChannelHandler(ctx context.Context, channel bootstrap.Channel) error { - ret := _mock.Called(ctx, channel) +// UpdateProfile provides a mock function for the type Service +func (_mock *Service) UpdateProfile(ctx context.Context, session authn.Session, p bootstrap.Profile) error { + ret := _mock.Called(ctx, session, p) if len(ret) == 0 { - panic("no return value specified for UpdateChannelHandler") + panic("no return value specified for UpdateProfile") } var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Channel) error); ok { - r0 = returnFunc(ctx, channel) + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, bootstrap.Profile) error); ok { + r0 = returnFunc(ctx, session, p) } else { r0 = ret.Error(0) } return r0 } -// Service_UpdateChannelHandler_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'UpdateChannelHandler' -type Service_UpdateChannelHandler_Call struct { +// Service_UpdateProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'UpdateProfile' +type Service_UpdateProfile_Call struct { *mock.Call } -// UpdateChannelHandler is a helper method to define mock.On call -// - ctx context.Context -// - channel bootstrap.Channel -func (_e *Service_Expecter) UpdateChannelHandler(ctx interface{}, channel interface{}) *Service_UpdateChannelHandler_Call { - return &Service_UpdateChannelHandler_Call{Call: _e.mock.On("UpdateChannelHandler", ctx, channel)} -} - -func (_c *Service_UpdateChannelHandler_Call) Run(run func(ctx context.Context, channel bootstrap.Channel)) *Service_UpdateChannelHandler_Call { - _c.Call.Run(func(args mock.Arguments) { - var arg0 context.Context - if args[0] != nil { - arg0 = args[0].(context.Context) - } - var arg1 bootstrap.Channel - if args[1] != nil { - arg1 = args[1].(bootstrap.Channel) - } - run( - arg0, - arg1, - ) - }) - return _c -} - -func (_c *Service_UpdateChannelHandler_Call) Return(err error) *Service_UpdateChannelHandler_Call { - _c.Call.Return(err) - return _c -} - -func (_c *Service_UpdateChannelHandler_Call) RunAndReturn(run func(ctx context.Context, channel bootstrap.Channel) error) *Service_UpdateChannelHandler_Call { - _c.Call.Return(run) - return _c -} - -// UpdateConnections provides a mock function for the type Service -func (_mock *Service) UpdateConnections(ctx context.Context, session authn.Session, token string, id string, connections []string) error { - ret := _mock.Called(ctx, session, token, id, connections) - - if len(ret) == 0 { - panic("no return value specified for UpdateConnections") - } - - var r0 error - if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string, string, []string) error); ok { - r0 = returnFunc(ctx, session, token, id, connections) - } else { - r0 = ret.Error(0) - } - return r0 -} - -// Service_UpdateConnections_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'UpdateConnections' -type Service_UpdateConnections_Call struct { - *mock.Call -} - -// UpdateConnections is a helper method to define mock.On call +// UpdateProfile is a helper method to define mock.On call // - ctx context.Context // - session authn.Session -// - token string -// - id string -// - connections []string -func (_e *Service_Expecter) UpdateConnections(ctx interface{}, session interface{}, token interface{}, id interface{}, connections interface{}) *Service_UpdateConnections_Call { - return &Service_UpdateConnections_Call{Call: _e.mock.On("UpdateConnections", ctx, session, token, id, connections)} +// - p bootstrap.Profile +func (_e *Service_Expecter) UpdateProfile(ctx interface{}, session interface{}, p interface{}) *Service_UpdateProfile_Call { + return &Service_UpdateProfile_Call{Call: _e.mock.On("UpdateProfile", ctx, session, p)} } -func (_c *Service_UpdateConnections_Call) Run(run func(ctx context.Context, session authn.Session, token string, id string, connections []string)) *Service_UpdateConnections_Call { +func (_c *Service_UpdateProfile_Call) Run(run func(ctx context.Context, session authn.Session, p bootstrap.Profile)) *Service_UpdateProfile_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { @@ -913,35 +1183,25 @@ func (_c *Service_UpdateConnections_Call) Run(run func(ctx context.Context, sess if args[1] != nil { arg1 = args[1].(authn.Session) } - var arg2 string + var arg2 bootstrap.Profile if args[2] != nil { - arg2 = args[2].(string) - } - var arg3 string - if args[3] != nil { - arg3 = args[3].(string) - } - var arg4 []string - if args[4] != nil { - arg4 = args[4].([]string) + arg2 = args[2].(bootstrap.Profile) } run( arg0, arg1, arg2, - arg3, - arg4, ) }) return _c } -func (_c *Service_UpdateConnections_Call) Return(err error) *Service_UpdateConnections_Call { +func (_c *Service_UpdateProfile_Call) Return(err error) *Service_UpdateProfile_Call { _c.Call.Return(err) return _c } -func (_c *Service_UpdateConnections_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, token string, id string, connections []string) error) *Service_UpdateConnections_Call { +func (_c *Service_UpdateProfile_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, p bootstrap.Profile) error) *Service_UpdateProfile_Call { _c.Call.Return(run) return _c } @@ -1017,3 +1277,75 @@ func (_c *Service_View_Call) RunAndReturn(run func(ctx context.Context, session _c.Call.Return(run) return _c } + +// ViewProfile provides a mock function for the type Service +func (_mock *Service) ViewProfile(ctx context.Context, session authn.Session, profileID string) (bootstrap.Profile, error) { + ret := _mock.Called(ctx, session, profileID) + + if len(ret) == 0 { + panic("no return value specified for ViewProfile") + } + + var r0 bootstrap.Profile + var r1 error + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string) (bootstrap.Profile, error)); ok { + return returnFunc(ctx, session, profileID) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, authn.Session, string) bootstrap.Profile); ok { + r0 = returnFunc(ctx, session, profileID) + } else { + r0 = ret.Get(0).(bootstrap.Profile) + } + if returnFunc, ok := ret.Get(1).(func(context.Context, authn.Session, string) error); ok { + r1 = returnFunc(ctx, session, profileID) + } else { + r1 = ret.Error(1) + } + return r0, r1 +} + +// Service_ViewProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ViewProfile' +type Service_ViewProfile_Call struct { + *mock.Call +} + +// ViewProfile is a helper method to define mock.On call +// - ctx context.Context +// - session authn.Session +// - profileID string +func (_e *Service_Expecter) ViewProfile(ctx interface{}, session interface{}, profileID interface{}) *Service_ViewProfile_Call { + return &Service_ViewProfile_Call{Call: _e.mock.On("ViewProfile", ctx, session, profileID)} +} + +func (_c *Service_ViewProfile_Call) Run(run func(ctx context.Context, session authn.Session, profileID string)) *Service_ViewProfile_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 authn.Session + if args[1] != nil { + arg1 = args[1].(authn.Session) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + run( + arg0, + arg1, + arg2, + ) + }) + return _c +} + +func (_c *Service_ViewProfile_Call) Return(profile bootstrap.Profile, err error) *Service_ViewProfile_Call { + _c.Call.Return(profile, err) + return _c +} + +func (_c *Service_ViewProfile_Call) RunAndReturn(run func(ctx context.Context, session authn.Session, profileID string) (bootstrap.Profile, error)) *Service_ViewProfile_Call { + _c.Call.Return(run) + return _c +} diff --git a/bootstrap/postgres/bindings.go b/bootstrap/postgres/bindings.go new file mode 100644 index 000000000..77bacba07 --- /dev/null +++ b/bootstrap/postgres/bindings.go @@ -0,0 +1,146 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package postgres + +import ( + "context" + "encoding/json" + "fmt" + "log/slog" + "time" + + "github.com/absmach/magistrala/bootstrap" + "github.com/absmach/magistrala/pkg/errors" + repoerr "github.com/absmach/magistrala/pkg/errors/repository" + "github.com/absmach/magistrala/pkg/postgres" +) + +var _ bootstrap.BindingStore = (*bindingRepository)(nil) + +type bindingRepository struct { + db postgres.Database + log *slog.Logger +} + +// NewBindingRepository instantiates a PostgreSQL implementation of BindingStore. +func NewBindingRepository(db postgres.Database, log *slog.Logger) bootstrap.BindingStore { + return &bindingRepository{db: db, log: log} +} + +func (br bindingRepository) Save(ctx context.Context, configID string, bindings []bootstrap.BindingSnapshot) error { + if len(bindings) == 0 { + return nil + } + q := `INSERT INTO bindings (config_id, slot, type, resource_id, snapshot, secret_snapshot, updated_at) + VALUES (:config_id, :slot, :type, :resource_id, :snapshot, :secret_snapshot, :updated_at) + ON CONFLICT (config_id, slot) DO UPDATE SET + type = EXCLUDED.type, + resource_id = EXCLUDED.resource_id, + snapshot = EXCLUDED.snapshot, + secret_snapshot = EXCLUDED.secret_snapshot, + updated_at = EXCLUDED.updated_at` + + now := time.Now().UTC() + dbBindings := make([]dbBindingSnapshot, 0, len(bindings)) + for _, b := range bindings { + b.ConfigID = configID + b.UpdatedAt = now + dbb, err := toDBBindingSnapshot(b) + if err != nil { + return errors.Wrap(repoerr.ErrCreateEntity, err) + } + dbBindings = append(dbBindings, dbb) + } + + if _, err := br.db.NamedExecContext(ctx, q, dbBindings); err != nil { + return errors.Wrap(repoerr.ErrCreateEntity, err) + } + return nil +} + +func (br bindingRepository) Retrieve(ctx context.Context, configID string) ([]bootstrap.BindingSnapshot, error) { + q := `SELECT config_id, slot, type, resource_id, snapshot, secret_snapshot, updated_at + FROM bindings WHERE config_id = $1 ORDER BY slot` + + rows, err := br.db.QueryxContext(ctx, q, configID) + if err != nil { + return nil, errors.Wrap(repoerr.ErrViewEntity, err) + } + defer rows.Close() + + var snapshots []bootstrap.BindingSnapshot + for rows.Next() { + var dbb dbBindingSnapshot + if err := rows.StructScan(&dbb); err != nil { + br.log.Error(fmt.Sprintf("failed to scan binding snapshot: %s", err)) + return nil, errors.Wrap(repoerr.ErrViewEntity, err) + } + b, err := toBindingSnapshot(dbb) + if err != nil { + return nil, errors.Wrap(repoerr.ErrViewEntity, err) + } + snapshots = append(snapshots, b) + } + return snapshots, nil +} + +func (br bindingRepository) Delete(ctx context.Context, configID, slot string) error { + q := `DELETE FROM bindings WHERE config_id = $1 AND slot = $2` + if _, err := br.db.ExecContext(ctx, q, configID, slot); err != nil { + return errors.Wrap(repoerr.ErrRemoveEntity, err) + } + return nil +} + +// dbBindingSnapshot is the database representation of a BindingSnapshot. +type dbBindingSnapshot struct { + ConfigID string `db:"config_id"` + Slot string `db:"slot"` + Type string `db:"type"` + ResourceID string `db:"resource_id"` + Snapshot []byte `db:"snapshot"` + SecretSnapshot []byte `db:"secret_snapshot"` + UpdatedAt time.Time `db:"updated_at"` +} + +func toDBBindingSnapshot(b bootstrap.BindingSnapshot) (dbBindingSnapshot, error) { + snap, err := json.Marshal(b.Snapshot) + if err != nil { + return dbBindingSnapshot{}, err + } + secret, err := json.Marshal(b.SecretSnapshot) + if err != nil { + return dbBindingSnapshot{}, err + } + return dbBindingSnapshot{ + ConfigID: b.ConfigID, + Slot: b.Slot, + Type: b.Type, + ResourceID: b.ResourceID, + Snapshot: snap, + SecretSnapshot: secret, + UpdatedAt: b.UpdatedAt, + }, nil +} + +func toBindingSnapshot(dbb dbBindingSnapshot) (bootstrap.BindingSnapshot, error) { + b := bootstrap.BindingSnapshot{ + ConfigID: dbb.ConfigID, + Slot: dbb.Slot, + Type: dbb.Type, + ResourceID: dbb.ResourceID, + UpdatedAt: dbb.UpdatedAt, + } + if len(dbb.Snapshot) > 0 && string(dbb.Snapshot) != jsonNull { + if err := json.Unmarshal(dbb.Snapshot, &b.Snapshot); err != nil { + return bootstrap.BindingSnapshot{}, err + } + } + if len(dbb.SecretSnapshot) > 0 && string(dbb.SecretSnapshot) != jsonNull { + if err := json.Unmarshal(dbb.SecretSnapshot, &b.SecretSnapshot); err != nil { + return bootstrap.BindingSnapshot{}, err + } + } + return b, nil +} diff --git a/bootstrap/postgres/configs.go b/bootstrap/postgres/configs.go index 63facef0c..290352817 100644 --- a/bootstrap/postgres/configs.go +++ b/bootstrap/postgres/configs.go @@ -10,30 +10,16 @@ import ( "fmt" "log/slog" "strings" - "time" "github.com/absmach/magistrala/bootstrap" - "github.com/absmach/magistrala/clients" "github.com/absmach/magistrala/pkg/errors" repoerr "github.com/absmach/magistrala/pkg/errors/repository" "github.com/absmach/magistrala/pkg/postgres" "github.com/jackc/pgerrcode" - "github.com/jackc/pgtype" "github.com/jackc/pgx/v5/pgconn" - "github.com/jmoiron/sqlx" ) -var ( - errSaveChannels = errors.New("failed to insert channels to database") - errSaveConnections = errors.New("failed to insert connections to database") - errUpdateChannels = errors.New("failed to update channels in bootstrap configuration database") - errRemoveChannels = errors.New("failed to remove channels from bootstrap configuration in database") - errConnectClient = errors.New("failed to connect client in bootstrap configuration in database") - errDisconnectClient = errors.New("failed to disconnect client in bootstrap configuration in database") -) - -const cleanupQuery = `DELETE FROM channels ch WHERE NOT EXISTS ( - SELECT channel_id FROM connections c WHERE ch.magistrala_channel = c.channel_id);` +const jsonNull = "null" var _ bootstrap.ConfigRepository = (*configRepository)(nil) @@ -48,54 +34,34 @@ func NewConfigRepository(db postgres.Database, log *slog.Logger) bootstrap.Confi return &configRepository{db: db, log: log} } -func (cr configRepository) Save(ctx context.Context, cfg bootstrap.Config, chsConnIDs []string) (clientID string, err error) { - q := `INSERT INTO configs (magistrala_client, domain_id, name, client_cert, client_key, ca_cert, magistrala_secret, external_id, external_key, content, state) - VALUES (:magistrala_client, :domain_id, :name, :client_cert, :client_key, :ca_cert, :magistrala_secret, :external_id, :external_key, :content, :state)` +func (cr configRepository) Save(ctx context.Context, cfg bootstrap.Config) (string, error) { + q := `INSERT INTO configs (id, domain_id, name, client_cert, client_key, ca_cert, external_id, external_key, content, status, profile_id, render_context) + VALUES (:id, :domain_id, :name, :client_cert, :client_key, :ca_cert, :external_id, :external_key, :content, :status, :profile_id, :render_context)` - tx, err := cr.db.BeginTxx(ctx, nil) + dbcfg, err := toDBConfig(cfg) if err != nil { return "", errors.Wrap(repoerr.ErrCreateEntity, err) } - dbcfg := toDBConfig(cfg) - - defer func() { - if err != nil { - err = cr.rollback("Save method", err, tx) - } - }() - - if _, err := tx.NamedExec(q, dbcfg); err != nil { + if _, err := cr.db.NamedExecContext(ctx, q, dbcfg); err != nil { switch pgErr := err.(type) { case *pgconn.PgError: if pgErr.Code == pgerrcode.UniqueViolation { - err = repoerr.ErrConflict + return "", repoerr.ErrConflict } } - return "", err + return "", errors.Wrap(repoerr.ErrCreateEntity, err) } - if err := insertChannels(cfg.DomainID, cfg.Channels, tx); err != nil { - return "", errors.Wrap(errSaveChannels, err) - } - - if err := insertConnections(ctx, cfg, chsConnIDs, tx); err != nil { - return "", errors.Wrap(errSaveConnections, err) - } - - if commitErr := tx.Commit(); commitErr != nil { - return "", commitErr - } - - return cfg.ClientID, nil + return cfg.ID, nil } func (cr configRepository) RetrieveByID(ctx context.Context, domainID, id string) (bootstrap.Config, error) { - q := `SELECT magistrala_client, magistrala_secret, external_id, external_key, name, content, state, client_cert, ca_cert + q := `SELECT id, external_id, name, content, status, client_cert, client_key, ca_cert, profile_id, render_context FROM configs - WHERE magistrala_client = :magistrala_client AND domain_id = :domain_id` + WHERE id = :id AND domain_id = :domain_id` dbcfg := dbConfig{ - ClientID: id, + ID: id, DomainID: domainID, } row, err := cr.db.NamedQueryContext(ctx, q, dbcfg) @@ -111,46 +77,19 @@ func (cr configRepository) RetrieveByID(ctx context.Context, domainID, id string return bootstrap.Config{}, err } - q = `SELECT magistrala_channel, name, metadata FROM channels ch - INNER JOIN connections conn - ON ch.magistrala_channel = conn.channel_id AND ch.domain_id = conn.domain_id - WHERE conn.config_id = :magistrala_client AND conn.domain_id = :domain_id` - - rows, err := cr.db.NamedQueryContext(ctx, q, dbcfg) + cfg, err := toConfig(dbcfg) if err != nil { - cr.log.Error(fmt.Sprintf("Failed to retrieve connected due to %s", err)) - return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err) + return bootstrap.Config{}, err } - defer rows.Close() - - chans := []bootstrap.Channel{} - for rows.Next() { - dbch := dbChannel{} - if err := rows.StructScan(&dbch); err != nil { - cr.log.Error(fmt.Sprintf("Failed to read connected client due to %s", err)) - return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err) - } - dbch.DomainID = nullString(dbcfg.DomainID) - - ch, err := toChannel(dbch) - if err != nil { - return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err) - } - chans = append(chans, ch) - } - - cfg := toConfig(dbcfg) - cfg.Channels = chans - return cfg, nil } -func (cr configRepository) RetrieveAll(ctx context.Context, domainID string, clientIDs []string, filter bootstrap.Filter, offset, limit uint64) bootstrap.ConfigsPage { - search, params := buildRetrieveQueryParams(domainID, clientIDs, filter) +func (cr configRepository) RetrieveAll(ctx context.Context, domainID string, filter bootstrap.Filter, offset, limit uint64) bootstrap.ConfigsPage { + search, params := buildRetrieveQueryParams(domainID, filter) n := len(params) - q := `SELECT magistrala_client, magistrala_secret, external_id, external_key, name, content, state - FROM configs %s ORDER BY magistrala_client LIMIT $%d OFFSET $%d` + q := `SELECT id, external_id, name, content, status, profile_id, render_context + FROM configs %s ORDER BY id LIMIT $%d OFFSET $%d` q = fmt.Sprintf(q, search, n+1, n+2) rows, err := cr.db.QueryContext(ctx, q, append(params, limit, offset)...) @@ -160,18 +99,28 @@ func (cr configRepository) RetrieveAll(ctx context.Context, domainID string, cli } defer rows.Close() - var name, content sql.NullString + var name, content, profileID sql.NullString + var renderContext []byte configs := []bootstrap.Config{} for rows.Next() { c := bootstrap.Config{DomainID: domainID} - if err := rows.Scan(&c.ClientID, &c.ClientSecret, &c.ExternalID, &c.ExternalKey, &name, &content, &c.State); err != nil { + if err := rows.Scan(&c.ID, &c.ExternalID, &name, &content, &c.Status, &profileID, &renderContext); err != nil { cr.log.Error(fmt.Sprintf("Failed to read retrieved config due to %s", err)) return bootstrap.ConfigsPage{} } c.Name = name.String c.Content = content.String + if profileID.Valid { + c.ProfileID = profileID.String + } + if len(renderContext) > 0 && string(renderContext) != jsonNull { + if err := json.Unmarshal(renderContext, &c.RenderContext); err != nil { + cr.log.Error(fmt.Sprintf("Failed to decode render context due to %s", err)) + return bootstrap.ConfigsPage{} + } + } configs = append(configs, c) } @@ -192,7 +141,7 @@ func (cr configRepository) RetrieveAll(ctx context.Context, domainID string, cli } func (cr configRepository) RetrieveByExternalID(ctx context.Context, externalID string) (bootstrap.Config, error) { - q := `SELECT magistrala_client, magistrala_secret, external_key, domain_id, name, client_cert, client_key, ca_cert, content, state + q := `SELECT id, external_key, domain_id, name, client_cert, client_key, ca_cert, content, status, profile_id, render_context FROM configs WHERE external_id = :external_id` dbcfg := dbConfig{ @@ -212,48 +161,20 @@ func (cr configRepository) RetrieveByExternalID(ctx context.Context, externalID return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err) } - q = `SELECT magistrala_channel, name, metadata FROM channels ch - INNER JOIN connections conn - ON ch.magistrala_channel = conn.channel_id AND ch.domain_id = conn.domain_id - WHERE conn.config_id = :magistrala_client AND conn.domain_id = :domain_id` - - rows, err := cr.db.NamedQueryContext(ctx, q, dbcfg) + cfg, err := toConfig(dbcfg) if err != nil { - cr.log.Error(fmt.Sprintf("Failed to retrieve connected due to %s", err)) - return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err) + return bootstrap.Config{}, err } - defer rows.Close() - - channels := []bootstrap.Channel{} - for rows.Next() { - dbch := dbChannel{} - if err := rows.StructScan(&dbch); err != nil { - cr.log.Error(fmt.Sprintf("Failed to read connected client due to %s", err)) - return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err) - } - - ch, err := toChannel(dbch) - if err != nil { - cr.log.Error(fmt.Sprintf("Failed to deserialize channel due to %s", err)) - return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err) - } - - channels = append(channels, ch) - } - - cfg := toConfig(dbcfg) - cfg.Channels = channels - return cfg, nil } func (cr configRepository) Update(ctx context.Context, cfg bootstrap.Config) error { - q := `UPDATE configs SET name = :name, content = :content WHERE magistrala_client = :magistrala_client AND domain_id = :domain_id ` + q := `UPDATE configs SET name = :name, content = :content WHERE id = :id AND domain_id = :domain_id ` dbcfg := dbConfig{ Name: nullString(cfg.Name), Content: nullString(cfg.Content), - ClientID: cfg.ClientID, + ID: cfg.ID, DomainID: cfg.DomainID, } @@ -274,12 +195,38 @@ func (cr configRepository) Update(ctx context.Context, cfg bootstrap.Config) err return nil } -func (cr configRepository) UpdateCert(ctx context.Context, domainID, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) { - q := `UPDATE configs SET client_cert = :client_cert, client_key = :client_key, ca_cert = :ca_cert WHERE magistrala_client = :magistrala_client AND domain_id = :domain_id - RETURNING magistrala_client, client_cert, client_key, ca_cert` +func (cr configRepository) AssignProfile(ctx context.Context, domainID, id, profileID string) error { + q := `UPDATE configs SET profile_id = :profile_id WHERE id = :id AND domain_id = :domain_id` dbcfg := dbConfig{ - ClientID: clientID, + ID: id, + DomainID: domainID, + ProfileID: nullString(profileID), + } + + res, err := cr.db.NamedExecContext(ctx, q, dbcfg) + if err != nil { + return errors.Wrap(repoerr.ErrUpdateEntity, err) + } + + cnt, err := res.RowsAffected() + if err != nil { + return errors.Wrap(repoerr.ErrUpdateEntity, err) + } + + if cnt == 0 { + return repoerr.ErrNotFound + } + + return nil +} + +func (cr configRepository) UpdateCert(ctx context.Context, domainID, id, clientCert, clientKey, caCert string) (bootstrap.Config, error) { + q := `UPDATE configs SET client_cert = :client_cert, client_key = :client_key, ca_cert = :ca_cert WHERE id = :id AND domain_id = :domain_id + RETURNING id, client_cert, client_key, ca_cert, domain_id` + + dbcfg := dbConfig{ + ID: id, ClientCert: nullString(clientCert), DomainID: domainID, ClientKey: nullString(clientKey), @@ -300,47 +247,17 @@ func (cr configRepository) UpdateCert(ctx context.Context, domainID, clientID, c return bootstrap.Config{}, err } - return toConfig(dbcfg), nil -} - -func (cr configRepository) UpdateConnections(ctx context.Context, domainID, id string, channels []bootstrap.Channel, connections []string) (err error) { - tx, err := cr.db.BeginTxx(ctx, nil) + cfg, err := toConfig(dbcfg) if err != nil { - return errors.Wrap(repoerr.ErrUpdateEntity, err) + return bootstrap.Config{}, err } - - defer func() { - if err != nil { - err = cr.rollback("UpdateConnections method", err, tx) - } else { - if commitErr := tx.Commit(); commitErr != nil { - err = commitErr - } - } - }() - - if err = insertChannels(domainID, channels, tx); err != nil { - err = errors.Wrap(repoerr.ErrUpdateEntity, err) - return err - } - - if err = updateConnections(domainID, id, connections, tx); err != nil { - if e, ok := err.(*pgconn.PgError); ok { - if e.Code == pgerrcode.ForeignKeyViolation { - err = repoerr.ErrNotFound - } - } - err = errors.Wrap(repoerr.ErrUpdateEntity, err) - return err - } - - return nil + return cfg, nil } func (cr configRepository) Remove(ctx context.Context, domainID, id string) error { - q := `DELETE FROM configs WHERE magistrala_client = :magistrala_client AND domain_id = :domain_id` + q := `DELETE FROM configs WHERE id = :id AND domain_id = :domain_id` dbcfg := dbConfig{ - ClientID: id, + ID: id, DomainID: domainID, } @@ -348,19 +265,15 @@ func (cr configRepository) Remove(ctx context.Context, domainID, id string) erro return errors.Wrap(repoerr.ErrRemoveEntity, err) } - if _, err := cr.db.ExecContext(ctx, cleanupQuery); err != nil { - cr.log.Warn("Failed to clean dangling channels after removal") - } - return nil } -func (cr configRepository) ChangeState(ctx context.Context, domainID, id string, state bootstrap.State) error { - q := `UPDATE configs SET state = :state WHERE magistrala_client = :magistrala_client AND domain_id = :domain_id;` +func (cr configRepository) ChangeStatus(ctx context.Context, domainID, id string, status bootstrap.Status) error { + q := `UPDATE configs SET status = :status WHERE id = :id AND domain_id = :domain_id;` dbcfg := dbConfig{ - ClientID: id, - State: state, + ID: id, + Status: status, DomainID: domainID, } @@ -381,117 +294,30 @@ func (cr configRepository) ChangeState(ctx context.Context, domainID, id string, return nil } -func (cr configRepository) ListExisting(ctx context.Context, domainID string, ids []string) ([]bootstrap.Channel, error) { - var channels []bootstrap.Channel - if len(ids) == 0 { - return channels, nil - } - - var chans pgtype.TextArray - if err := chans.Set(ids); err != nil { - return []bootstrap.Channel{}, err - } - - q := "SELECT magistrala_channel, name, metadata FROM channels WHERE domain_id = $1 AND magistrala_channel = ANY ($2)" - rows, err := cr.db.QueryxContext(ctx, q, domainID, chans) - if err != nil { - return []bootstrap.Channel{}, errors.Wrap(repoerr.ErrViewEntity, err) - } - - for rows.Next() { - var dbch dbChannel - if err := rows.StructScan(&dbch); err != nil { - cr.log.Error(fmt.Sprintf("Failed to read retrieved channels due to %s", err)) - return []bootstrap.Channel{}, errors.Wrap(repoerr.ErrViewEntity, err) - } - - ch, err := toChannel(dbch) - if err != nil { - cr.log.Error(fmt.Sprintf("Failed to deserialize channel due to %s", err)) - return []bootstrap.Channel{}, err - } - - channels = append(channels, ch) - } - - return channels, nil -} - -func (cr configRepository) RemoveClient(ctx context.Context, id string) error { - q := `DELETE FROM configs WHERE magistrala_client = $1` - _, err := cr.db.ExecContext(ctx, q, id) - - if _, err := cr.db.ExecContext(ctx, cleanupQuery); err != nil { - cr.log.Warn("Failed to clean dangling channels after removal") - } - if err != nil { - return errors.Wrap(repoerr.ErrRemoveEntity, err) - } - return nil -} - -func (cr configRepository) UpdateChannel(ctx context.Context, c bootstrap.Channel) error { - dbch, err := toDBChannel("", c) - if err != nil { - return errors.Wrap(repoerr.ErrUpdateEntity, err) - } - - q := `UPDATE channels SET name = :name, metadata = :metadata, updated_at = :updated_at, updated_by = :updated_by - WHERE magistrala_channel = :magistrala_channel` - if _, err = cr.db.NamedExecContext(ctx, q, dbch); err != nil { - return errors.Wrap(errUpdateChannels, err) - } - return nil -} - -func (cr configRepository) RemoveChannel(ctx context.Context, id string) error { - q := `DELETE FROM channels WHERE magistrala_channel = $1` - if _, err := cr.db.ExecContext(ctx, q, id); err != nil { - return errors.Wrap(errRemoveChannels, err) - } - return nil -} - -func (cr configRepository) ConnectClient(ctx context.Context, channelID, clientID string) error { - q := `UPDATE configs SET state = $1 - WHERE magistrala_client = $2 - AND EXISTS (SELECT 1 FROM connections WHERE config_id = $2 AND channel_id = $3)` - - result, err := cr.db.ExecContext(ctx, q, bootstrap.Active, clientID, channelID) - if err != nil { - return errors.Wrap(errConnectClient, err) - } - if rows, _ := result.RowsAffected(); rows == 0 { - return repoerr.ErrNotFound - } - return nil -} - -func (cr configRepository) DisconnectClient(ctx context.Context, channelID, clientID string) error { - q := `UPDATE configs SET state = $1 - WHERE magistrala_client = $2 - AND EXISTS (SELECT 1 FROM connections WHERE config_id = $2 AND channel_id = $3)` - _, err := cr.db.ExecContext(ctx, q, bootstrap.Inactive, clientID, channelID) - if err != nil { - return errors.Wrap(errDisconnectClient, err) - } - return nil -} - -func buildRetrieveQueryParams(domainID string, clientIDs []string, filter bootstrap.Filter) (string, []any) { +func buildRetrieveQueryParams(domainID string, filter bootstrap.Filter) (string, []any) { params := []any{} queries := []string{} - if len(clientIDs) != 0 { - queries = append(queries, fmt.Sprintf("magistrala_client IN ('%s')", strings.Join(clientIDs, "','"))) - } else if domainID != "" { + if domainID != "" { params = append(params, domainID) queries = append(queries, fmt.Sprintf("domain_id = $%d", len(params))) } - // Adjust the starting point for placeholders based on the current length of params counter := len(params) + 1 for k, v := range filter.FullMatch { + if k == "status" { + status, err := bootstrap.ToStatus(v) + if err != nil { + return "", nil + } + if status == bootstrap.AllStatus { + continue + } + params = append(params, status) + queries = append(queries, fmt.Sprintf("%s = $%d", k, counter)) + counter++ + continue + } params = append(params, v) queries = append(queries, fmt.Sprintf("%s = $%d", k, counter)) counter++ @@ -508,264 +334,81 @@ func buildRetrieveQueryParams(domainID string, clientIDs []string, filter bootst return "", params } -func (cr configRepository) rollback(content string, defErr error, tx *sqlx.Tx) error { - if err := tx.Rollback(); err != nil { - return errors.Wrap(defErr, errors.Wrap(errors.New("failed to rollback at "+content), err)) - } - - return defErr -} - -func insertChannels(domainID string, channels []bootstrap.Channel, tx *sqlx.Tx) error { - if len(channels) == 0 { - return nil - } - - var chans []dbChannel - for _, ch := range channels { - dbch, err := toDBChannel(domainID, ch) - if err != nil { - return err - } - chans = append(chans, dbch) - } - q := `INSERT INTO channels (magistrala_channel, domain_id, name, metadata, parent_id, description, created_at, updated_at, updated_by, status) - VALUES (:magistrala_channel, :domain_id, :name, :metadata, :parent_id, :description, :created_at, :updated_at, :updated_by, :status)` - if _, err := tx.NamedExec(q, chans); err != nil { - e := err - if pqErr, ok := err.(*pgconn.PgError); ok && pqErr.Code == pgerrcode.UniqueViolation { - e = repoerr.ErrConflict - } - return e - } - - return nil -} - -func insertConnections(_ context.Context, cfg bootstrap.Config, connections []string, tx *sqlx.Tx) error { - if len(connections) == 0 { - return nil - } - - q := `INSERT INTO connections (config_id, channel_id, domain_id) - VALUES (:config_id, :channel_id, :domain_id)` - - conns := []dbConnection{} - for _, conn := range connections { - dbconn := dbConnection{ - Config: cfg.ClientID, - Channel: conn, - DomainID: cfg.DomainID, - } - conns = append(conns, dbconn) - } - _, err := tx.NamedExec(q, conns) - - return err -} - -func updateConnections(domainID, id string, connections []string, tx *sqlx.Tx) error { - if len(connections) == 0 { - return nil - } - - q := `DELETE FROM connections - WHERE config_id = $1 AND domain_id = $2 - AND channel_id NOT IN ($3)` - - var conn pgtype.TextArray - if err := conn.Set(connections); err != nil { - return err - } - - res, err := tx.Exec(q, id, domainID, conn) - if err != nil { - return err - } - - cnt, err := res.RowsAffected() - if err != nil { - return err - } - - q = `INSERT INTO connections (config_id, channel_id, domain_id) - VALUES (:config_id, :channel_id, :domain_id)` - - conns := []dbConnection{} - for _, conn := range connections { - dbconn := dbConnection{ - Config: id, - Channel: conn, - DomainID: domainID, - } - conns = append(conns, dbconn) - } - - if _, err := tx.NamedExec(q, conns); err != nil { - return err - } - - if cnt == 0 { - return nil - } - - _, err = tx.Exec(cleanupQuery) - - return err -} - func nullString(s string) sql.NullString { if s == "" { return sql.NullString{} } - - return sql.NullString{ - String: s, - Valid: true, - } -} - -func nullTime(t time.Time) sql.NullTime { - if t.IsZero() { - return sql.NullTime{} - } - - return sql.NullTime{ - Time: t, - Valid: true, - } + return sql.NullString{String: s, Valid: true} } type dbConfig struct { - DomainID string `db:"domain_id"` - ClientID string `db:"magistrala_client"` - ClientSecret string `db:"magistrala_secret"` - Name sql.NullString `db:"name"` - ClientCert sql.NullString `db:"client_cert"` - ClientKey sql.NullString `db:"client_key"` - CaCert sql.NullString `db:"ca_cert"` - ExternalID string `db:"external_id"` - ExternalKey string `db:"external_key"` - Content sql.NullString `db:"content"` - State bootstrap.State `db:"state"` + DomainID string `db:"domain_id"` + ID string `db:"id"` + Name sql.NullString `db:"name"` + ClientCert sql.NullString `db:"client_cert"` + ClientKey sql.NullString `db:"client_key"` + CaCert sql.NullString `db:"ca_cert"` + ExternalID string `db:"external_id"` + ExternalKey string `db:"external_key"` + Content sql.NullString `db:"content"` + Status bootstrap.Status `db:"status"` + ProfileID sql.NullString `db:"profile_id"` + RenderContext []byte `db:"render_context"` } -func toDBConfig(cfg bootstrap.Config) dbConfig { - return dbConfig{ - ClientID: cfg.ClientID, - ClientSecret: cfg.ClientSecret, - DomainID: cfg.DomainID, - Name: nullString(cfg.Name), - ClientCert: nullString(cfg.ClientCert), - ClientKey: nullString(cfg.ClientKey), - CaCert: nullString(cfg.CACert), - ExternalID: cfg.ExternalID, - ExternalKey: cfg.ExternalKey, - Content: nullString(cfg.Content), - State: cfg.State, +func toDBConfig(cfg bootstrap.Config) (dbConfig, error) { + renderContext, err := json.Marshal(cfg.RenderContext) + if err != nil { + return dbConfig{}, err } + + return dbConfig{ + ID: cfg.ID, + DomainID: cfg.DomainID, + Name: nullString(cfg.Name), + ClientCert: nullString(cfg.ClientCert), + ClientKey: nullString(cfg.ClientKey), + CaCert: nullString(cfg.CACert), + ExternalID: cfg.ExternalID, + ExternalKey: cfg.ExternalKey, + Content: nullString(cfg.Content), + Status: cfg.Status, + ProfileID: nullString(cfg.ProfileID), + RenderContext: renderContext, + }, nil } -func toConfig(dbcfg dbConfig) bootstrap.Config { +func toConfig(dbcfg dbConfig) (bootstrap.Config, error) { cfg := bootstrap.Config{ - ClientID: dbcfg.ClientID, - ClientSecret: dbcfg.ClientSecret, - DomainID: dbcfg.DomainID, - ExternalID: dbcfg.ExternalID, - ExternalKey: dbcfg.ExternalKey, - State: dbcfg.State, + ID: dbcfg.ID, + DomainID: dbcfg.DomainID, + ExternalID: dbcfg.ExternalID, + ExternalKey: dbcfg.ExternalKey, + Status: dbcfg.Status, + } + if dbcfg.ProfileID.Valid { + cfg.ProfileID = dbcfg.ProfileID.String } if dbcfg.Name.Valid { cfg.Name = dbcfg.Name.String } - if dbcfg.Content.Valid { cfg.Content = dbcfg.Content.String } - + if len(dbcfg.RenderContext) > 0 && string(dbcfg.RenderContext) != jsonNull { + if err := json.Unmarshal(dbcfg.RenderContext, &cfg.RenderContext); err != nil { + return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err) + } + } if dbcfg.ClientCert.Valid { cfg.ClientCert = dbcfg.ClientCert.String } - if dbcfg.ClientKey.Valid { cfg.ClientKey = dbcfg.ClientKey.String } - if dbcfg.CaCert.Valid { cfg.CACert = dbcfg.CaCert.String } - return cfg -} - -type dbChannel struct { - ID string `db:"magistrala_channel"` - Name sql.NullString `db:"name"` - DomainID sql.NullString `db:"domain_id"` - Metadata string `db:"metadata"` - Parent sql.NullString `db:"parent_id,omitempty"` - Description string `db:"description,omitempty"` - CreatedAt time.Time `db:"created_at"` - UpdatedAt sql.NullTime `db:"updated_at,omitempty"` - UpdatedBy sql.NullString `db:"updated_by,omitempty"` - Status clients.Status `db:"status"` -} - -func toDBChannel(domainID string, ch bootstrap.Channel) (dbChannel, error) { - dbch := dbChannel{ - ID: ch.ID, - Name: nullString(ch.Name), - DomainID: nullString(domainID), - Parent: nullString(ch.Parent), - Description: ch.Description, - CreatedAt: ch.CreatedAt, - UpdatedAt: nullTime(ch.UpdatedAt), - UpdatedBy: nullString(ch.UpdatedBy), - Status: ch.Status, - } - - metadata, err := json.Marshal(ch.Metadata) - if err != nil { - return dbChannel{}, errors.Wrap(errors.ErrMalformedEntity, err) - } - - dbch.Metadata = string(metadata) - return dbch, nil -} - -func toChannel(dbch dbChannel) (bootstrap.Channel, error) { - ch := bootstrap.Channel{ - ID: dbch.ID, - Description: dbch.Description, - CreatedAt: dbch.CreatedAt, - Status: dbch.Status, - } - - if dbch.Name.Valid { - ch.Name = dbch.Name.String - } - if dbch.DomainID.Valid { - ch.DomainID = dbch.DomainID.String - } - if dbch.Parent.Valid { - ch.Parent = dbch.Parent.String - } - if dbch.UpdatedBy.Valid { - ch.UpdatedBy = dbch.UpdatedBy.String - } - if dbch.UpdatedAt.Valid { - ch.UpdatedAt = dbch.UpdatedAt.Time - } - - if err := json.Unmarshal([]byte(dbch.Metadata), &ch.Metadata); err != nil { - return bootstrap.Channel{}, errors.Wrap(errors.ErrMalformedEntity, err) - } - - return ch, nil -} - -type dbConnection struct { - Config string `db:"config_id"` - Channel string `db:"channel_id"` - DomainID string `db:"domain_id"` + return cfg, nil } diff --git a/bootstrap/postgres/configs_test.go b/bootstrap/postgres/configs_test.go index e5d1522c5..6f0a18237 100644 --- a/bootstrap/postgres/configs_test.go +++ b/bootstrap/postgres/configs_test.go @@ -21,100 +21,67 @@ import ( const numConfigs = 10 -var ( - config = bootstrap.Config{ - ClientID: "mg-client", - ClientSecret: "mg-key", - ExternalID: "external-id", - ExternalKey: "external-key", - DomainID: testsutil.GenerateUUID(&testing.T{}), - Channels: []bootstrap.Channel{ - {ID: "1", Name: "name 1", Metadata: map[string]any{"meta": 1.0}}, - {ID: "2", Name: "name 2", Metadata: map[string]any{"meta": 2.0}}, - }, - Content: "content", - State: bootstrap.Inactive, - } - - channels = []string{"1", "2"} -) +var config = bootstrap.Config{ + ID: "mg-client", + ExternalID: "external-id", + ExternalKey: "external-key", + DomainID: testsutil.GenerateUUID(&testing.T{}), + Content: "content", + Status: bootstrap.Inactive, +} func TestSave(t *testing.T) { repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") diff := "different" duplicateClient := config duplicateClient.ExternalID = diff - duplicateClient.ClientSecret = diff - duplicateClient.Channels = []bootstrap.Channel{} duplicateExternal := config - duplicateExternal.ClientID = diff - duplicateExternal.ClientSecret = diff - duplicateExternal.Channels = []bootstrap.Channel{} - - duplicateChannels := config - duplicateChannels.ExternalID = diff - duplicateChannels.ClientSecret = diff - duplicateChannels.ClientID = diff + duplicateExternal.ID = diff cases := []struct { - desc string - config bootstrap.Config - connections []string - err error + desc string + config bootstrap.Config + err error }{ { - desc: "save a config", - config: config, - connections: channels, - err: nil, + desc: "save a config", + config: config, + err: nil, }, { - desc: "save config with same Client ID", - config: duplicateClient, - connections: nil, - err: repoerr.ErrConflict, + desc: "save config with same Client ID", + config: duplicateClient, + err: repoerr.ErrConflict, }, { - desc: "save config with same external ID", - config: duplicateExternal, - connections: nil, - err: repoerr.ErrConflict, - }, - { - desc: "save config with same Channels", - config: duplicateChannels, - connections: channels, - err: repoerr.ErrConflict, + desc: "save config with same external ID", + config: duplicateExternal, + err: repoerr.ErrConflict, }, } for _, tc := range cases { - id, err := repo.Save(context.Background(), tc.config, tc.connections) + id, err := repo.Save(context.Background(), tc.config) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) if err == nil { - assert.Equal(t, id, tc.config.ClientID, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.config.ClientID, id)) + assert.Equal(t, id, tc.config.ID, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.config.ID, id)) } } } func TestRetrieveByID(t *testing.T) { repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") c := config // Use UUID to prevent conflicts. uid, err := uuid.NewV4() require.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() + c.ID = uid.String() c.ExternalID = uid.String() c.ExternalKey = uid.String() - id, err := repo.Save(context.Background(), c, channels) + id, err := repo.Save(context.Background(), c) require.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) nonexistentConfID, err := uuid.NewV4() @@ -159,10 +126,6 @@ func TestRetrieveByID(t *testing.T) { func TestRetrieveAll(t *testing.T) { repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") - - clientIDs := make([]string, numConfigs) for i := 0; i < numConfigs; i++ { c := config @@ -172,26 +135,18 @@ func TestRetrieveAll(t *testing.T) { require.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) c.ExternalID = uid.String() c.Name = fmt.Sprintf("name %d", i) - c.ClientID = uid.String() - c.ClientSecret = uid.String() - - clientIDs[i] = c.ClientID + c.ID = uid.String() if i%2 == 0 { - c.State = bootstrap.Active + c.Status = bootstrap.Active } - if i > 0 { - c.Channels = nil - } - - _, err = repo.Save(context.Background(), c, channels) + _, err = repo.Save(context.Background(), c) require.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) } cases := []struct { desc string domainID string - clientID []string offset uint64 limit uint64 filter bootstrap.Filter @@ -200,7 +155,6 @@ func TestRetrieveAll(t *testing.T) { { desc: "retrieve all configs", domainID: config.DomainID, - clientID: []string{}, offset: 0, limit: uint64(numConfigs), size: numConfigs, @@ -208,7 +162,6 @@ func TestRetrieveAll(t *testing.T) { { desc: "retrieve a subset of configs", domainID: config.DomainID, - clientID: []string{}, offset: 5, limit: uint64(numConfigs - 5), size: numConfigs - 5, @@ -216,7 +169,6 @@ func TestRetrieveAll(t *testing.T) { { desc: "retrieve with wrong domain ID ", domainID: "2", - clientID: []string{}, offset: 0, limit: uint64(numConfigs), size: 0, @@ -224,16 +176,14 @@ func TestRetrieveAll(t *testing.T) { { desc: "retrieve all active configs ", domainID: config.DomainID, - clientID: []string{}, offset: 0, limit: uint64(numConfigs), - filter: bootstrap.Filter{FullMatch: map[string]string{"state": bootstrap.Active.String()}}, + filter: bootstrap.Filter{FullMatch: map[string]string{"status": bootstrap.Active.String()}}, size: numConfigs / 2, }, { desc: "retrieve all with partial match filter", domainID: config.DomainID, - clientID: []string{}, offset: 0, limit: uint64(numConfigs), filter: bootstrap.Filter{PartialMatch: map[string]string{"name": "1"}}, @@ -242,31 +192,14 @@ func TestRetrieveAll(t *testing.T) { { desc: "retrieve search by name", domainID: config.DomainID, - clientID: []string{}, offset: 0, limit: uint64(numConfigs), filter: bootstrap.Filter{PartialMatch: map[string]string{"name": "1"}}, size: 1, }, - { - desc: "retrieve by valid clientIDs", - domainID: config.DomainID, - clientID: clientIDs, - offset: 0, - limit: uint64(numConfigs), - size: 10, - }, - { - desc: "retrieve by non-existing clientID", - domainID: config.DomainID, - clientID: []string{"non-existing"}, - offset: 0, - limit: uint64(numConfigs), - size: 0, - }, } for _, tc := range cases { - ret := repo.RetrieveAll(context.Background(), tc.domainID, tc.clientID, tc.filter, tc.offset, tc.limit) + ret := repo.RetrieveAll(context.Background(), tc.domainID, tc.filter, tc.offset, tc.limit) size := len(ret.Configs) assert.Equal(t, tc.size, size, fmt.Sprintf("%s: expected %d got %d\n", tc.desc, tc.size, size)) } @@ -274,18 +207,15 @@ func TestRetrieveAll(t *testing.T) { func TestRetrieveByExternalID(t *testing.T) { repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") c := config // Use UUID to prevent conflicts. uid, err := uuid.NewV4() assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() + c.ID = uid.String() c.ExternalID = uid.String() c.ExternalKey = uid.String() - _, err = repo.Save(context.Background(), c, channels) + _, err = repo.Save(context.Background(), c) assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) cases := []struct { @@ -312,18 +242,15 @@ func TestRetrieveByExternalID(t *testing.T) { func TestUpdate(t *testing.T) { repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") c := config // Use UUID to prevent conflicts. uid, err := uuid.NewV4() assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() + c.ID = uid.String() c.ExternalID = uid.String() c.ExternalKey = uid.String() - _, err = repo.Save(context.Background(), c, channels) + _, err = repo.Save(context.Background(), c) assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) c.Content = "new content" @@ -357,18 +284,15 @@ func TestUpdate(t *testing.T) { func TestUpdateCert(t *testing.T) { repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") c := config // Use UUID to prevent conflicts. uid, err := uuid.NewV4() assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() + c.ID = uid.String() c.ExternalID = uid.String() c.ExternalKey = uid.String() - _, err = repo.Save(context.Background(), c, channels) + _, err = repo.Save(context.Background(), c) assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) c.Content = "new content" @@ -379,7 +303,7 @@ func TestUpdateCert(t *testing.T) { cases := []struct { desc string - clientID string + configID string domainID string cert string certKey string @@ -389,7 +313,7 @@ func TestUpdateCert(t *testing.T) { }{ { desc: "update with wrong domain ID ", - clientID: "", + configID: "", cert: "cert", certKey: "certKey", ca: "", @@ -399,13 +323,13 @@ func TestUpdateCert(t *testing.T) { }, { desc: "update a config", - clientID: c.ClientID, + configID: c.ID, cert: "cert", certKey: "certKey", ca: "ca", domainID: c.DomainID, expectedConfig: bootstrap.Config{ - ClientID: c.ClientID, + ID: c.ID, ClientCert: "cert", CACert: "ca", ClientKey: "certKey", @@ -415,99 +339,23 @@ func TestUpdateCert(t *testing.T) { }, } for _, tc := range cases { - cfg, err := repo.UpdateCert(context.Background(), tc.domainID, tc.clientID, tc.cert, tc.certKey, tc.ca) + cfg, err := repo.UpdateCert(context.Background(), tc.domainID, tc.configID, tc.cert, tc.certKey, tc.ca) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) assert.Equal(t, tc.expectedConfig, cfg, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.expectedConfig, cfg)) } } -func TestUpdateConnections(t *testing.T) { - repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") - - c := config - // Use UUID to prevent conflicts. - uid, err := uuid.NewV4() - assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() - c.ExternalID = uid.String() - c.ExternalKey = uid.String() - _, err = repo.Save(context.Background(), c, channels) - assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) - // Use UUID to prevent conflicts. - uid, err = uuid.NewV4() - assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() - c.ExternalID = uid.String() - c.ExternalKey = uid.String() - c.Channels = []bootstrap.Channel{} - c2, err := repo.Save(context.Background(), c, []string{channels[0]}) - assert.Nil(t, err, fmt.Sprintf("Saving a config expected to succeed: %s.\n", err)) - - cases := []struct { - desc string - domainID string - id string - channels []bootstrap.Channel - connections []string - err error - }{ - { - desc: "update connections of non-existing config", - domainID: config.DomainID, - id: "unknown", - channels: nil, - connections: []string{channels[1]}, - err: repoerr.ErrNotFound, - }, - { - desc: "update connections", - domainID: config.DomainID, - id: c.ClientID, - channels: nil, - connections: []string{channels[1]}, - err: nil, - }, - { - desc: "update connections with existing channels", - domainID: config.DomainID, - id: c2, - channels: nil, - connections: channels, - err: nil, - }, - { - desc: "update connections no channels", - domainID: config.DomainID, - id: c.ClientID, - channels: nil, - connections: nil, - err: nil, - }, - } - for _, tc := range cases { - err := repo.UpdateConnections(context.Background(), tc.domainID, tc.id, tc.channels, tc.connections) - assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - } -} - func TestRemove(t *testing.T) { repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") c := config // Use UUID to prevent conflicts. uid, err := uuid.NewV4() assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() + c.ID = uid.String() c.ExternalID = uid.String() c.ExternalKey = uid.String() - id, err := repo.Save(context.Background(), c, channels) + id, err := repo.Save(context.Background(), c) assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) // Removal works the same for both existing and non-existing @@ -521,393 +369,86 @@ func TestRemove(t *testing.T) { } } -func TestChangeState(t *testing.T) { +func TestChangeStatus(t *testing.T) { repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") c := config // Use UUID to prevent conflicts. uid, err := uuid.NewV4() assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() + c.ID = uid.String() c.ExternalID = uid.String() c.ExternalKey = uid.String() - saved, err := repo.Save(context.Background(), c, channels) + saved, err := repo.Save(context.Background(), c) assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) cases := []struct { desc string domainID string id string - state bootstrap.State + status bootstrap.Status err error }{ { - desc: "change state with wrong domain ID ", + desc: "change status with wrong domain ID ", id: saved, domainID: "2", err: repoerr.ErrNotFound, }, { - desc: "change state with wrong id", + desc: "change status with wrong id", id: "wrong", domainID: c.DomainID, err: repoerr.ErrNotFound, }, { - desc: "change state to Active", + desc: "change status to Active", id: saved, domainID: c.DomainID, - state: bootstrap.Active, + status: bootstrap.Active, err: nil, }, { - desc: "change state to Inactive", + desc: "change status to Inactive", id: saved, domainID: c.DomainID, - state: bootstrap.Inactive, + status: bootstrap.Inactive, err: nil, }, } for _, tc := range cases { - err := repo.ChangeState(context.Background(), tc.domainID, tc.id, tc.state) + err := repo.ChangeStatus(context.Background(), tc.domainID, tc.id, tc.status) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) } } -func TestListExisting(t *testing.T) { - repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") - - c := config - // Use UUID to prevent conflicts. - uid, err := uuid.NewV4() - assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() - c.ExternalID = uid.String() - c.ExternalKey = uid.String() - _, err = repo.Save(context.Background(), c, channels) - assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) - - var chs []bootstrap.Channel - chs = append(chs, config.Channels...) - - cases := []struct { - desc string - domainID string - connections []string - existing []bootstrap.Channel - }{ - { - desc: "list all existing channels", - domainID: c.DomainID, - connections: channels, - existing: chs, - }, - { - desc: "list a subset of existing channels", - domainID: c.DomainID, - connections: []string{channels[0], "5"}, - existing: []bootstrap.Channel{chs[0]}, - }, - { - desc: "list a subset of existing channels empty", - domainID: c.DomainID, - connections: []string{"5", "6"}, - existing: []bootstrap.Channel{}, - }, - } - for _, tc := range cases { - existing, err := repo.ListExisting(context.Background(), tc.domainID, tc.connections) - assert.Nil(t, err, fmt.Sprintf("%s: unexpected error: %s", tc.desc, err)) - assert.ElementsMatch(t, tc.existing, existing, fmt.Sprintf("%s: Got non-matching elements.", tc.desc)) - } -} - -func TestRemoveClient(t *testing.T) { - repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") - - c := config - // Use UUID to prevent conflicts. - uid, err := uuid.NewV4() - assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() - c.ExternalID = uid.String() - c.ExternalKey = uid.String() - saved, err := repo.Save(context.Background(), c, channels) - assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) - for i := 0; i < 2; i++ { - err := repo.RemoveClient(context.Background(), saved) - assert.Nil(t, err, fmt.Sprintf("an unexpected error occurred: %s\n", err)) - } -} - -func TestUpdateChannel(t *testing.T) { - repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") - - c := config - // Use UUID to prevent conflicts. - uid, err := uuid.NewV4() - assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() - c.ExternalID = uid.String() - c.ExternalKey = uid.String() - _, err = repo.Save(context.Background(), c, channels) - assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) - - id := c.Channels[0].ID - update := bootstrap.Channel{ - ID: id, - Name: "update name", - Metadata: map[string]any{"update": "metadata update"}, - } - err = repo.UpdateChannel(context.Background(), update) - assert.Nil(t, err, fmt.Sprintf("updating config expected to succeed: %s.\n", err)) - - cfg, err := repo.RetrieveByID(context.Background(), c.DomainID, c.ClientID) - assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err)) - var retrieved bootstrap.Channel - for _, c := range cfg.Channels { - if c.ID == id { - retrieved = c - break - } - } - update.DomainID = retrieved.DomainID - assert.Equal(t, update, retrieved, fmt.Sprintf("expected %s, go %s", update, retrieved)) -} - -func TestRemoveChannel(t *testing.T) { - repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") +func TestAssignProfile(t *testing.T) { + configRepo := postgres.NewConfigRepository(db, testLog) + profileRepo := postgres.NewProfileRepository(db, testLog) c := config uid, err := uuid.NewV4() - assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() + require.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) + c.ID = uid.String() c.ExternalID = uid.String() c.ExternalKey = uid.String() - _, err = repo.Save(context.Background(), c, channels) - assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) + saved, err := configRepo.Save(context.Background(), c) + require.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) - err = repo.RemoveChannel(context.Background(), c.Channels[0].ID) - assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err)) + profileID := testsutil.GenerateUUID(t) + _, err = profileRepo.Save(context.Background(), bootstrap.Profile{ + ID: profileID, + DomainID: c.DomainID, + Name: "edge-gateway", + TemplateFormat: bootstrap.TemplateFormatGoTemplate, + Version: 1, + }) + require.Nil(t, err, fmt.Sprintf("Saving profile expected to succeed: %s.\n", err)) - cfg, err := repo.RetrieveByID(context.Background(), c.DomainID, c.ClientID) - assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err)) - assert.NotContains(t, cfg.Channels, c.Channels[0], fmt.Sprintf("expected to remove channel %s from %s", c.Channels[0], cfg.Channels)) -} - -func TestConnectClient(t *testing.T) { - repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") - - c := config - // Use UUID to prevent conflicts. - uid, err := uuid.NewV4() - assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() - c.ExternalID = uid.String() - c.ExternalKey = uid.String() - c.State = bootstrap.Inactive - saved, err := repo.Save(context.Background(), c, channels) - assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) - - wrongID := testsutil.GenerateUUID(&testing.T{}) - - connectedClient := c - - randomClient := c - randomClientID, _ := uuid.NewV4() - randomClient.ClientID = randomClientID.String() - - emptyClient := c - emptyClient.ClientID = "" - - cases := []struct { - desc string - domainID string - id string - state bootstrap.State - channels []bootstrap.Channel - connections []string - err error - }{ - { - desc: "connect disconnected client", - domainID: c.DomainID, - id: saved, - state: bootstrap.Inactive, - channels: c.Channels, - connections: channels, - err: nil, - }, - { - desc: "connect already connected client", - domainID: c.DomainID, - id: connectedClient.ClientID, - state: connectedClient.State, - channels: c.Channels, - connections: channels, - err: nil, - }, - { - desc: "connect non-existent client", - domainID: c.DomainID, - id: wrongID, - channels: c.Channels, - connections: channels, - err: repoerr.ErrNotFound, - }, - { - desc: "connect random client", - domainID: c.DomainID, - id: randomClient.ClientID, - channels: c.Channels, - connections: channels, - err: repoerr.ErrNotFound, - }, - { - desc: "connect empty client", - domainID: c.DomainID, - id: emptyClient.ClientID, - channels: c.Channels, - connections: channels, - err: repoerr.ErrNotFound, - }, - } - for _, tc := range cases { - for i, ch := range tc.channels { - if i == 0 { - err = repo.ConnectClient(context.Background(), ch.ID, tc.id) - assert.Equal(t, tc.err, err, fmt.Sprintf("%s: Expected error: %s, got: %s.\n", tc.desc, tc.err, err)) - cfg, err := repo.RetrieveByID(context.Background(), c.DomainID, c.ClientID) - assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err)) - assert.Equal(t, cfg.State, bootstrap.Active, fmt.Sprintf("expected to be active when a connection is added from %s", cfg)) - } else { - _ = repo.ConnectClient(context.Background(), ch.ID, tc.id) - } - } - - cfg, err := repo.RetrieveByID(context.Background(), c.DomainID, c.ClientID) - assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err)) - assert.Equal(t, cfg.State, bootstrap.Active, fmt.Sprintf("expected to be active when a connection is added from %s", cfg)) - } -} - -func TestDisconnectClient(t *testing.T) { - repo := postgres.NewConfigRepository(db, testLog) - err := deleteChannels(context.Background(), repo) - require.Nil(t, err, "Channels cleanup expected to succeed.") - - c := config - // Use UUID to prevent conflicts. - uid, err := uuid.NewV4() - assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err)) - c.ClientSecret = uid.String() - c.ClientID = uid.String() - c.ExternalID = uid.String() - c.ExternalKey = uid.String() - c.State = bootstrap.Inactive - saved, err := repo.Save(context.Background(), c, channels) - assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err)) - - wrongID := testsutil.GenerateUUID(&testing.T{}) - - connectedClient := c - - randomClient := c - randomClientID, _ := uuid.NewV4() - randomClient.ClientID = randomClientID.String() - - emptyClient := c - emptyClient.ClientID = "" - - cases := []struct { - desc string - domainID string - id string - state bootstrap.State - channels []bootstrap.Channel - connections []string - err error - }{ - { - desc: "disconnect connected client", - domainID: c.DomainID, - id: connectedClient.ClientID, - state: connectedClient.State, - channels: c.Channels, - connections: channels, - err: nil, - }, - { - desc: "disconnect already disconnected client", - domainID: c.DomainID, - id: saved, - state: bootstrap.Inactive, - channels: c.Channels, - connections: channels, - err: nil, - }, - { - desc: "disconnect invalid client", - domainID: c.DomainID, - id: wrongID, - channels: c.Channels, - connections: channels, - err: nil, - }, - { - desc: "disconnect random client", - domainID: c.DomainID, - id: randomClient.ClientID, - channels: c.Channels, - connections: channels, - err: nil, - }, - { - desc: "disconnect empty client", - domainID: c.DomainID, - id: emptyClient.ClientID, - channels: c.Channels, - connections: channels, - err: nil, - }, - } - - for _, tc := range cases { - for _, ch := range tc.channels { - err = repo.DisconnectClient(context.Background(), ch.ID, tc.id) - assert.Equal(t, tc.err, err, fmt.Sprintf("%s: Expected error: %s, got: %s.\n", tc.desc, tc.err, err)) - } - - cfg, err := repo.RetrieveByID(context.Background(), c.DomainID, c.ClientID) - assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err)) - assert.Equal(t, cfg.State, bootstrap.Inactive, fmt.Sprintf("expected to be inactive when a connection is removed from %s", cfg)) - } -} - -func deleteChannels(ctx context.Context, repo bootstrap.ConfigRepository) error { - for _, ch := range channels { - if err := repo.RemoveChannel(ctx, ch); err != nil { - return err - } - } - - return nil + err = configRepo.AssignProfile(context.Background(), c.DomainID, saved, profileID) + require.Nil(t, err, fmt.Sprintf("Assigning profile expected to succeed: %s.\n", err)) + + stored, err := configRepo.RetrieveByID(context.Background(), c.DomainID, saved) + require.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err)) + assert.Equal(t, profileID, stored.ProfileID, "expected profile assignment to round-trip through the repository") } diff --git a/bootstrap/postgres/init.go b/bootstrap/postgres/init.go index 5ab55938d..47954c546 100644 --- a/bootstrap/postgres/init.go +++ b/bootstrap/postgres/init.go @@ -103,6 +103,218 @@ func Migration() *migrate.MemoryMigrationSource { `ALTER TABLE IF EXISTS connections ADD FOREIGN KEY (config_id, domain_id) REFERENCES configs (magistrala_client, domain_id) ON DELETE CASCADE ON UPDATE CASCADE`, }, }, + { + Id: "configs_7", + Up: []string{ + `ALTER TABLE IF EXISTS configs RENAME COLUMN magistrala_client TO client_id`, + `ALTER TABLE IF EXISTS configs RENAME COLUMN magistrala_secret TO client_secret`, + `CREATE UNIQUE INDEX IF NOT EXISTS configs_client_id_key ON configs (client_id)`, + `CREATE UNIQUE INDEX IF NOT EXISTS configs_client_id_domain_id_key ON configs (client_id, domain_id)`, + `DROP TABLE IF EXISTS connections`, + `DROP TABLE IF EXISTS channels`, + }, + Down: []string{ + `ALTER TABLE IF EXISTS configs RENAME COLUMN client_id TO magistrala_client`, + `ALTER TABLE IF EXISTS configs RENAME COLUMN client_secret TO magistrala_secret`, + }, + }, + { + Id: "configs_8", + Up: []string{ + `DO $$ + BEGIN + IF EXISTS ( + SELECT 1 + FROM information_schema.columns + WHERE table_name = 'configs' AND column_name = 'client_id' + ) AND NOT EXISTS ( + SELECT 1 + FROM information_schema.columns + WHERE table_name = 'configs' AND column_name = 'id' + ) THEN + ALTER TABLE configs RENAME COLUMN client_id TO id; + END IF; + END $$`, + `ALTER TABLE IF EXISTS configs DROP COLUMN IF EXISTS client_secret`, + }, + Down: []string{ + `ALTER TABLE IF EXISTS configs ADD COLUMN IF NOT EXISTS client_secret TEXT`, + `DO $$ + BEGIN + IF EXISTS ( + SELECT 1 + FROM information_schema.columns + WHERE table_name = 'configs' AND column_name = 'id' + ) AND NOT EXISTS ( + SELECT 1 + FROM information_schema.columns + WHERE table_name = 'configs' AND column_name = 'client_id' + ) THEN + ALTER TABLE configs RENAME COLUMN id TO client_id; + END IF; + END $$`, + }, + }, + { + Id: "configs_10", + Up: []string{ + `CREATE TABLE IF NOT EXISTS profiles ( + id VARCHAR(36) PRIMARY KEY, + domain_id VARCHAR(36) NOT NULL, + name VARCHAR(1024) NOT NULL, + description TEXT, + template_format VARCHAR(64) NOT NULL DEFAULT 'go-template', + content_template TEXT, + defaults JSONB, + binding_slots JSONB, + version INT NOT NULL DEFAULT 1, + created_at TIMESTAMP NOT NULL DEFAULT NOW(), + updated_at TIMESTAMP NOT NULL DEFAULT NOW(), + UNIQUE (domain_id, name) + )`, + `CREATE INDEX IF NOT EXISTS idx_profiles_domain_id ON profiles (domain_id)`, + }, + Down: []string{ + `DROP TABLE IF EXISTS profiles`, + }, + }, + { + Id: "configs_11", + Up: []string{ + `ALTER TABLE IF EXISTS configs ADD COLUMN IF NOT EXISTS profile_id VARCHAR(36) REFERENCES profiles (id) ON DELETE SET NULL`, + `ALTER TABLE IF EXISTS configs ADD COLUMN IF NOT EXISTS render_context JSONB`, + }, + Down: []string{ + `ALTER TABLE IF EXISTS configs DROP COLUMN IF EXISTS render_context`, + `ALTER TABLE IF EXISTS configs DROP COLUMN IF EXISTS profile_id`, + }, + }, + { + Id: "configs_12", + Up: []string{ + `CREATE TABLE IF NOT EXISTS bindings ( + config_id TEXT NOT NULL, + slot VARCHAR(256) NOT NULL, + type VARCHAR(64) NOT NULL, + resource_id TEXT NOT NULL, + snapshot JSONB, + secret_snapshot BYTEA, + updated_at TIMESTAMP NOT NULL DEFAULT NOW(), + PRIMARY KEY (config_id, slot) + )`, + `CREATE INDEX IF NOT EXISTS idx_bindings_config_id ON bindings (config_id)`, + }, + Down: []string{ + `DROP TABLE IF EXISTS bindings`, + }, + }, + { + Id: "configs_13", + Up: []string{ + `DO $$ + BEGIN + IF EXISTS ( + SELECT 1 + FROM information_schema.columns + WHERE table_name = 'configs' AND column_name = 'state' + ) AND NOT EXISTS ( + SELECT 1 + FROM information_schema.columns + WHERE table_name = 'configs' AND column_name = 'status' + ) THEN + ALTER TABLE configs RENAME COLUMN state TO status; + END IF; + END $$`, + }, + Down: []string{ + `DO $$ + BEGIN + IF EXISTS ( + SELECT 1 + FROM information_schema.columns + WHERE table_name = 'configs' AND column_name = 'status' + ) AND NOT EXISTS ( + SELECT 1 + FROM information_schema.columns + WHERE table_name = 'configs' AND column_name = 'state' + ) THEN + ALTER TABLE configs RENAME COLUMN status TO state; + END IF; + END $$`, + }, + }, + { + Id: "configs_14", + Up: []string{ + `DO $$ + BEGIN + IF EXISTS ( + SELECT 1 + FROM information_schema.tables + WHERE table_name = 'binding_snapshots' + ) AND NOT EXISTS ( + SELECT 1 + FROM information_schema.tables + WHERE table_name = 'bindings' + ) THEN + ALTER TABLE binding_snapshots RENAME TO bindings; + END IF; + END $$`, + `DO $$ + BEGIN + IF EXISTS ( + SELECT 1 + FROM pg_class + WHERE relname = 'idx_binding_snapshots_config_id' + ) AND NOT EXISTS ( + SELECT 1 + FROM pg_class + WHERE relname = 'idx_bindings_config_id' + ) THEN + ALTER INDEX idx_binding_snapshots_config_id RENAME TO idx_bindings_config_id; + END IF; + END $$`, + }, + Down: []string{ + `DO $$ + BEGIN + IF EXISTS ( + SELECT 1 + FROM information_schema.tables + WHERE table_name = 'bindings' + ) AND NOT EXISTS ( + SELECT 1 + FROM information_schema.tables + WHERE table_name = 'binding_snapshots' + ) THEN + ALTER TABLE bindings RENAME TO binding_snapshots; + END IF; + END $$`, + `DO $$ + BEGIN + IF EXISTS ( + SELECT 1 + FROM pg_class + WHERE relname = 'idx_bindings_config_id' + ) AND NOT EXISTS ( + SELECT 1 + FROM pg_class + WHERE relname = 'idx_binding_snapshots_config_id' + ) THEN + ALTER INDEX idx_bindings_config_id RENAME TO idx_binding_snapshots_config_id; + END IF; + END $$`, + }, + }, + { + Id: "configs_15", + Up: []string{ + `ALTER TABLE IF EXISTS profiles ADD COLUMN IF NOT EXISTS binding_slots JSONB`, + }, + Down: []string{ + `ALTER TABLE IF EXISTS profiles DROP COLUMN IF EXISTS binding_slots`, + }, + }, }, } } diff --git a/bootstrap/postgres/profiles.go b/bootstrap/postgres/profiles.go new file mode 100644 index 000000000..3c201bc42 --- /dev/null +++ b/bootstrap/postgres/profiles.go @@ -0,0 +1,209 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package postgres + +import ( + "context" + "database/sql" + "encoding/json" + "fmt" + "log/slog" + "time" + + "github.com/absmach/magistrala/bootstrap" + "github.com/absmach/magistrala/pkg/errors" + repoerr "github.com/absmach/magistrala/pkg/errors/repository" + "github.com/absmach/magistrala/pkg/postgres" + "github.com/jackc/pgerrcode" + "github.com/jackc/pgx/v5/pgconn" +) + +var _ bootstrap.ProfileRepository = (*profileRepository)(nil) + +type profileRepository struct { + db postgres.Database + log *slog.Logger +} + +// NewProfileRepository instantiates a PostgreSQL implementation of ProfileRepository. +func NewProfileRepository(db postgres.Database, log *slog.Logger) bootstrap.ProfileRepository { + return &profileRepository{db: db, log: log} +} + +func (pr profileRepository) Save(ctx context.Context, p bootstrap.Profile) (bootstrap.Profile, error) { + q := `INSERT INTO profiles (id, domain_id, name, description, template_format, content_template, defaults, binding_slots, version, created_at, updated_at) + VALUES (:id, :domain_id, :name, :description, :template_format, :content_template, :defaults, :binding_slots, :version, :created_at, :updated_at)` + + now := time.Now().UTC() + p.CreatedAt = now + p.UpdatedAt = now + + dbp, err := toDBProfile(p) + if err != nil { + return bootstrap.Profile{}, errors.Wrap(repoerr.ErrCreateEntity, err) + } + + if _, err = pr.db.NamedExecContext(ctx, q, dbp); err != nil { + if pgErr, ok := err.(*pgconn.PgError); ok && pgErr.Code == pgerrcode.UniqueViolation { + return bootstrap.Profile{}, repoerr.ErrConflict + } + return bootstrap.Profile{}, errors.Wrap(repoerr.ErrCreateEntity, err) + } + + return p, nil +} + +func (pr profileRepository) RetrieveByID(ctx context.Context, domainID, id string) (bootstrap.Profile, error) { + q := `SELECT id, domain_id, name, description, template_format, content_template, defaults, binding_slots, version, created_at, updated_at + FROM profiles WHERE id = $1 AND domain_id = $2` + + var dbp dbProfile + if err := pr.db.QueryRowxContext(ctx, q, id, domainID).StructScan(&dbp); err != nil { + if err == sql.ErrNoRows { + return bootstrap.Profile{}, repoerr.ErrNotFound + } + return bootstrap.Profile{}, errors.Wrap(repoerr.ErrViewEntity, err) + } + + return toProfile(dbp) +} + +func (pr profileRepository) RetrieveAll(ctx context.Context, domainID string, offset, limit uint64) (bootstrap.ProfilesPage, error) { + q := `SELECT id, domain_id, name, description, template_format, content_template, defaults, binding_slots, version, created_at, updated_at + FROM profiles WHERE domain_id = $1 ORDER BY created_at DESC LIMIT $2 OFFSET $3` + + rows, err := pr.db.QueryxContext(ctx, q, domainID, limit, offset) + if err != nil { + return bootstrap.ProfilesPage{}, errors.Wrap(repoerr.ErrViewEntity, err) + } + defer rows.Close() + + var profiles []bootstrap.Profile + for rows.Next() { + var dbp dbProfile + if err := rows.StructScan(&dbp); err != nil { + pr.log.Error(fmt.Sprintf("failed to scan profile row: %s", err)) + return bootstrap.ProfilesPage{}, errors.Wrap(repoerr.ErrViewEntity, err) + } + p, err := toProfile(dbp) + if err != nil { + return bootstrap.ProfilesPage{}, errors.Wrap(repoerr.ErrViewEntity, err) + } + profiles = append(profiles, p) + } + + var total uint64 + if err := pr.db.QueryRowxContext(ctx, `SELECT COUNT(*) FROM profiles WHERE domain_id = $1`, domainID).Scan(&total); err != nil { + return bootstrap.ProfilesPage{}, errors.Wrap(repoerr.ErrViewEntity, err) + } + + return bootstrap.ProfilesPage{ + Total: total, + Offset: offset, + Limit: limit, + Profiles: profiles, + }, nil +} + +func (pr profileRepository) Update(ctx context.Context, p bootstrap.Profile) error { + q := `UPDATE profiles SET name = :name, description = :description, template_format = :template_format, + content_template = :content_template, defaults = :defaults, binding_slots = :binding_slots, version = version + 1, updated_at = :updated_at + WHERE id = :id AND domain_id = :domain_id` + + p.UpdatedAt = time.Now().UTC() + dbp, err := toDBProfile(p) + if err != nil { + return errors.Wrap(repoerr.ErrUpdateEntity, err) + } + + res, err := pr.db.NamedExecContext(ctx, q, dbp) + if err != nil { + return errors.Wrap(repoerr.ErrUpdateEntity, err) + } + cnt, err := res.RowsAffected() + if err != nil { + return errors.Wrap(repoerr.ErrUpdateEntity, err) + } + if cnt == 0 { + return repoerr.ErrNotFound + } + + return nil +} + +func (pr profileRepository) Delete(ctx context.Context, domainID, id string) error { + q := `DELETE FROM profiles WHERE id = $1 AND domain_id = $2` + if _, err := pr.db.ExecContext(ctx, q, id, domainID); err != nil { + return errors.Wrap(repoerr.ErrRemoveEntity, err) + } + return nil +} + +// dbProfile is the database representation of a Profile. +type dbProfile struct { + ID string `db:"id"` + DomainID string `db:"domain_id"` + Name string `db:"name"` + Description sql.NullString `db:"description"` + TemplateFormat string `db:"template_format"` + ContentTemplate sql.NullString `db:"content_template"` + Defaults []byte `db:"defaults"` + BindingSlots []byte `db:"binding_slots"` + Version int `db:"version"` + CreatedAt time.Time `db:"created_at"` + UpdatedAt time.Time `db:"updated_at"` +} + +func toDBProfile(p bootstrap.Profile) (dbProfile, error) { + defaults, err := json.Marshal(p.Defaults) + if err != nil { + return dbProfile{}, err + } + bindingSlots, err := json.Marshal(p.BindingSlots) + if err != nil { + return dbProfile{}, err + } + return dbProfile{ + ID: p.ID, + DomainID: p.DomainID, + Name: p.Name, + Description: nullString(p.Description), + TemplateFormat: string(p.TemplateFormat), + ContentTemplate: nullString(p.ContentTemplate), + Defaults: defaults, + BindingSlots: bindingSlots, + Version: p.Version, + CreatedAt: p.CreatedAt, + UpdatedAt: p.UpdatedAt, + }, nil +} + +func toProfile(dbp dbProfile) (bootstrap.Profile, error) { + p := bootstrap.Profile{ + ID: dbp.ID, + DomainID: dbp.DomainID, + Name: dbp.Name, + TemplateFormat: bootstrap.TemplateFormat(dbp.TemplateFormat), + Version: dbp.Version, + CreatedAt: dbp.CreatedAt, + UpdatedAt: dbp.UpdatedAt, + } + if dbp.Description.Valid { + p.Description = dbp.Description.String + } + if dbp.ContentTemplate.Valid { + p.ContentTemplate = dbp.ContentTemplate.String + } + if len(dbp.Defaults) > 0 && string(dbp.Defaults) != jsonNull { + if err := json.Unmarshal(dbp.Defaults, &p.Defaults); err != nil { + return bootstrap.Profile{}, err + } + } + if len(dbp.BindingSlots) > 0 && string(dbp.BindingSlots) != jsonNull { + if err := json.Unmarshal(dbp.BindingSlots, &p.BindingSlots); err != nil { + return bootstrap.Profile{}, err + } + } + return p, nil +} diff --git a/bootstrap/postgres/setup_test.go b/bootstrap/postgres/setup_test.go index 3848cd499..9c7d3a983 100644 --- a/bootstrap/postgres/setup_test.go +++ b/bootstrap/postgres/setup_test.go @@ -70,7 +70,9 @@ func TestMain(m *testing.M) { SSLRootCert: "", } - if db, err = pgclient.Setup(dbConfig, *postgres.Migration()); err != nil { + migration := postgres.Migration() + + if db, err = pgclient.Setup(dbConfig, *migration); err != nil { testLog.Error(fmt.Sprintf("Could not setup test DB connection: %s", err)) } diff --git a/bootstrap/profiles.go b/bootstrap/profiles.go new file mode 100644 index 000000000..58d9cca6f --- /dev/null +++ b/bootstrap/profiles.go @@ -0,0 +1,69 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package bootstrap + +import ( + "context" + "time" +) + +// TemplateFormat enumerates supported content template formats. +type TemplateFormat string + +const ( + TemplateFormatGoTemplate TemplateFormat = "go-template" + TemplateFormatRaw TemplateFormat = "raw" + TemplateFormatJSON TemplateFormat = "json" + TemplateFormatYAML TemplateFormat = "yaml" + TemplateFormatTOML TemplateFormat = "toml" +) + +// Profile is a user-managed device configuration template. +type Profile struct { + ID string `json:"id"` + DomainID string `json:"domain_id,omitempty"` + Name string `json:"name"` + Description string `json:"description,omitempty"` + TemplateFormat TemplateFormat `json:"template_format"` + ContentTemplate string `json:"content_template,omitempty"` + Defaults map[string]any `json:"defaults,omitempty"` + BindingSlots []BindingSlot `json:"binding_slots,omitempty"` + Version int `json:"version,omitempty"` + CreatedAt time.Time `json:"created_at,omitempty"` + UpdatedAt time.Time `json:"updated_at,omitempty"` +} + +// BindingSlot declares a named resource placeholder that a profile template can use. +type BindingSlot struct { + Name string `json:"name"` + Type string `json:"type"` + Required bool `json:"required"` + Fields []string `json:"fields,omitempty"` +} + +// ProfilesPage contains pagination metadata and a slice of Profiles. +type ProfilesPage struct { + Total uint64 `json:"total"` + Offset uint64 `json:"offset"` + Limit uint64 `json:"limit"` + Profiles []Profile `json:"profiles"` +} + +// ProfileRepository specifies the persistence API for Profiles. +type ProfileRepository interface { + // Save persists a new Profile and returns it with server-assigned fields set. + Save(ctx context.Context, p Profile) (Profile, error) + + // RetrieveByID returns the Profile with the given ID inside the given domain. + RetrieveByID(ctx context.Context, domainID, id string) (Profile, error) + + // RetrieveAll returns a page of Profiles belonging to the given domain. + RetrieveAll(ctx context.Context, domainID string, offset, limit uint64) (ProfilesPage, error) + + // Update updates editable fields of the given Profile. + Update(ctx context.Context, p Profile) error + + // Delete removes the Profile with the given ID from the given domain. + Delete(ctx context.Context, domainID, id string) error +} diff --git a/bootstrap/reader.go b/bootstrap/reader.go index 9e3ca54f1..1fd5a237b 100644 --- a/bootstrap/reader.go +++ b/bootstrap/reader.go @@ -12,23 +12,15 @@ import ( "net/http" ) -// bootstrapRes represent Magistrala Response to the Bootatrap request. +// bootstrapRes represent Magistrala Response to the Bootstrap request. // This is used as a response from ConfigReader and can easily be -// replace with any other response format. +// replaced with any other response format. type bootstrapRes struct { - ClientID string `json:"client_id"` - ClientSecret string `json:"client_secret"` - Channels []channelRes `json:"channels"` - Content string `json:"content,omitempty"` - ClientCert string `json:"client_cert,omitempty"` - ClientKey string `json:"client_key,omitempty"` - CACert string `json:"ca_cert,omitempty"` -} - -type channelRes struct { - ID string `json:"id"` - Name string `json:"name,omitempty"` - Metadata any `json:"metadata,omitempty"` + ID string `json:"id,omitempty"` + Content string `json:"content,omitempty"` + ClientCert string `json:"client_cert,omitempty"` + ClientKey string `json:"client_key,omitempty"` + CACert string `json:"ca_cert,omitempty"` } func (res bootstrapRes) Code() int { @@ -54,19 +46,12 @@ func NewConfigReader(encKey []byte) ConfigReader { } func (r reader) ReadConfig(cfg Config, secure bool) (any, error) { - var channels []channelRes - for _, ch := range cfg.Channels { - channels = append(channels, channelRes{ID: ch.ID, Name: ch.Name, Metadata: ch.Metadata}) - } - res := bootstrapRes{ - ClientID: cfg.ClientID, - ClientSecret: cfg.ClientSecret, - Channels: channels, - Content: cfg.Content, - ClientCert: cfg.ClientCert, - ClientKey: cfg.ClientKey, - CACert: cfg.CACert, + ID: cfg.ID, + Content: cfg.Content, + ClientCert: cfg.ClientCert, + ClientKey: cfg.ClientKey, + CACert: cfg.CACert, } if secure { b, err := json.Marshal(res) diff --git a/bootstrap/reader_test.go b/bootstrap/reader_test.go index bfe7f64d2..e61c6122f 100644 --- a/bootstrap/reader_test.go +++ b/bootstrap/reader_test.go @@ -17,20 +17,12 @@ import ( "github.com/stretchr/testify/assert" ) -type readChan struct { - ID string `json:"id"` - Name string `json:"name,omitempty"` - Metadata any `json:"metadata,omitempty"` -} - type readResp struct { - ClientID string `json:"client_id"` - ClientSecret string `json:"client_secret"` - Channels []readChan `json:"channels"` - Content string `json:"content,omitempty"` - ClientCert string `json:"client_cert,omitempty"` - ClientKey string `json:"client_key,omitempty"` - CACert string `json:"ca_cert,omitempty"` + ID string `json:"id"` + Content string `json:"content,omitempty"` + ClientCert string `json:"client_cert,omitempty"` + ClientKey string `json:"client_key,omitempty"` + CACert string `json:"ca_cert,omitempty"` } func dec(in []byte) ([]byte, error) { @@ -50,30 +42,14 @@ func dec(in []byte) ([]byte, error) { func TestReadConfig(t *testing.T) { cfg := bootstrap.Config{ - ClientID: "smq_id", - ClientCert: "client_cert", - ClientKey: "client_key", - CACert: "ca_cert", - ClientSecret: "smq_key", - Channels: []bootstrap.Channel{ - { - ID: "smq_id", - Name: "smq_name", - Metadata: map[string]any{"key": "value}"}, - }, - }, - Content: "content", + ID: "smq_id", + ClientCert: "client_cert", + ClientKey: "client_key", + CACert: "ca_cert", + Content: "content", } ret := readResp{ - ClientID: "smq_id", - ClientSecret: "smq_key", - Channels: []readChan{ - { - ID: "smq_id", - Name: "smq_name", - Metadata: map[string]any{"key": "value}"}, - }, - }, + ID: "smq_id", Content: "content", ClientCert: "client_cert", ClientKey: "client_key", diff --git a/bootstrap/renderer.go b/bootstrap/renderer.go new file mode 100644 index 000000000..886df5cc1 --- /dev/null +++ b/bootstrap/renderer.go @@ -0,0 +1,151 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package bootstrap + +import ( + "bytes" + "encoding/json" + "fmt" + "text/template" + + "github.com/absmach/magistrala/pkg/errors" + "github.com/pelletier/go-toml/v2" + "gopkg.in/yaml.v3" +) + +// Renderer renders a Profile's content template into a concrete device +// configuration. All input data must already be stored in Bootstrap — no +// external service calls are allowed inside Render. +type Renderer interface { + Render(profile Profile, enrollment Config, bindings []BindingSnapshot) ([]byte, error) +} + +// ErrRenderFailed is returned when template execution or output validation fails. +var ErrRenderFailed = errors.New("failed to render profile template") + +type renderer struct{} + +// NewRenderer returns the default Renderer implementation using Go text/template. +func NewRenderer() Renderer { + return renderer{} +} + +func (r renderer) Render(profile Profile, enrollment Config, bindings []BindingSnapshot) ([]byte, error) { + rctx := buildRenderContext(profile, enrollment, bindings) + + switch profile.TemplateFormat { + case TemplateFormatRaw: + return []byte(profile.ContentTemplate), nil + case TemplateFormatGoTemplate, TemplateFormatJSON, TemplateFormatYAML, TemplateFormatTOML, "": + return r.renderTemplate(profile, rctx) + default: + return nil, fmt.Errorf("%w: unsupported template format %q", ErrRenderFailed, profile.TemplateFormat) + } +} + +func (r renderer) renderTemplate(profile Profile, rctx RenderContext) ([]byte, error) { + t, err := template.New("bootstrap"). + Option("missingkey=error"). + Funcs(allowlistedFuncs()). + Parse(profile.ContentTemplate) + if err != nil { + return nil, fmt.Errorf("%w: %w", ErrRenderFailed, err) + } + + var buf bytes.Buffer + if err := t.Execute(&buf, rctx); err != nil { + return nil, fmt.Errorf("%w: %w", ErrRenderFailed, err) + } + + out, err := validateRenderedOutput(buf.Bytes(), profile.TemplateFormat) + if err != nil { + return nil, err + } + + return out, nil +} + +// validateRenderedOutput checks that the rendered bytes are valid for the +// declared output format. It returns the original bytes on success and wraps +// ErrRenderFailed on failure. +func validateRenderedOutput(out []byte, format TemplateFormat) ([]byte, error) { + // Unrecognised formats are passed through. Recognised structured formats + // must parse successfully so broken templates fail before reaching devices. + switch format { + case TemplateFormatJSON: + var v any + if err := json.Unmarshal(out, &v); err != nil { + return nil, fmt.Errorf("%w: invalid json output: %w", ErrRenderFailed, err) + } + case TemplateFormatYAML: + var v any + if err := yaml.Unmarshal(out, &v); err != nil { + return nil, fmt.Errorf("%w: invalid yaml output: %w", ErrRenderFailed, err) + } + case TemplateFormatTOML: + var v any + if err := toml.Unmarshal(out, &v); err != nil { + return nil, fmt.Errorf("%w: invalid toml output: %w", ErrRenderFailed, err) + } + } + return out, nil +} + +// buildRenderContext constructs the typed RenderContext from stored data. +// No external calls are made here. +func buildRenderContext(profile Profile, enrollment Config, bindings []BindingSnapshot) RenderContext { + vars := make(map[string]any) + for k, v := range profile.Defaults { + vars[k] = v + } + for k, v := range enrollment.RenderContext { + vars[k] = v + } + + bctx := make(map[string]BindingContext, len(bindings)) + for _, b := range bindings { + bctx[b.Slot] = BindingContext{ + Type: b.Type, + ID: b.ResourceID, + Snapshot: b.Snapshot, + Secret: b.SecretSnapshot, + } + } + + return RenderContext{ + Device: DeviceContext{ + ID: enrollment.ID, + ExternalID: enrollment.ExternalID, + DomainID: enrollment.DomainID, + }, + Vars: vars, + Bindings: bctx, + } +} + +// allowlistedFuncs returns the safe set of template helper functions. +// No function in this map may call an external service or perform I/O. +func allowlistedFuncs() template.FuncMap { + return template.FuncMap{ + "toJSON": func(v any) (string, error) { + b, err := json.Marshal(v) + if err != nil { + return "", err + } + return string(b), nil + }, + "default": func(def, val any) any { + if val == nil || val == "" { + return def + } + return val + }, + "required": func(key string, val any) (any, error) { + if val == nil || val == "" { + return nil, fmt.Errorf("required value %q is missing", key) + } + return val, nil + }, + } +} diff --git a/bootstrap/renderer_test.go b/bootstrap/renderer_test.go new file mode 100644 index 000000000..8aea4a2ff --- /dev/null +++ b/bootstrap/renderer_test.go @@ -0,0 +1,72 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package bootstrap_test + +import ( + "fmt" + "testing" + + "github.com/absmach/magistrala/bootstrap" + "github.com/absmach/magistrala/pkg/errors" + "github.com/stretchr/testify/assert" +) + +func TestRendererStructuredOutputValidation(t *testing.T) { + renderer := bootstrap.NewRenderer() + + cases := []struct { + desc string + format bootstrap.TemplateFormat + template string + err error + }{ + { + desc: "valid JSON output", + format: bootstrap.TemplateFormatJSON, + template: `{"device_id":"{{ .Device.ID }}"}`, + }, + { + desc: "invalid JSON output", + format: bootstrap.TemplateFormatJSON, + template: `{"device_id":`, + err: bootstrap.ErrRenderFailed, + }, + { + desc: "valid YAML output", + format: bootstrap.TemplateFormatYAML, + template: "device_id: {{ .Device.ID }}", + }, + { + desc: "invalid YAML output", + format: bootstrap.TemplateFormatYAML, + template: "device_id: [", + err: bootstrap.ErrRenderFailed, + }, + { + desc: "valid TOML output", + format: bootstrap.TemplateFormatTOML, + template: `device_id = "{{ .Device.ID }}"`, + }, + { + desc: "invalid TOML output", + format: bootstrap.TemplateFormatTOML, + template: `device_id = `, + err: bootstrap.ErrRenderFailed, + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + _, err := renderer.Render( + bootstrap.Profile{ + TemplateFormat: tc.format, + ContentTemplate: tc.template, + }, + bootstrap.Config{ID: "config-id"}, + nil, + ) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v got %v", tc.desc, tc.err, err)) + }) + } +} diff --git a/bootstrap/sdk_resolver.go b/bootstrap/sdk_resolver.go new file mode 100644 index 000000000..35d8cd903 --- /dev/null +++ b/bootstrap/sdk_resolver.go @@ -0,0 +1,115 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package bootstrap + +import ( + "context" + "fmt" + "time" + + "github.com/absmach/magistrala/pkg/errors" + svcerr "github.com/absmach/magistrala/pkg/errors/service" + mgsdk "github.com/absmach/magistrala/pkg/sdk" +) + +var _ BindingResolver = (*sdkResolver)(nil) + +type sdkResolver struct { + sdk mgsdk.SDK +} + +// NewSDKResolver returns a BindingResolver that validates resources against +// the Magistrala clients and channels services using the SDK. This resolver +// is called only at binding time; the render path must never call it. +func NewSDKResolver(sdk mgsdk.SDK) BindingResolver { + return &sdkResolver{sdk: sdk} +} + +func (r *sdkResolver) Resolve(ctx context.Context, req ResolveRequest) ([]BindingSnapshot, error) { + var snapshots []BindingSnapshot + + for _, br := range req.Requested { + snap, err := r.resolveOne(ctx, req.Enrollment.DomainID, req.Token, br) + if err != nil { + return nil, err + } + snapshots = append(snapshots, snap) + } + + return snapshots, nil +} + +func (r *sdkResolver) resolveOne(ctx context.Context, domainID, token string, br BindingRequest) (BindingSnapshot, error) { + switch br.Type { + case "client": + return r.resolveClient(ctx, domainID, token, br) + case "channel": + return r.resolveChannel(ctx, domainID, token, br) + default: + return BindingSnapshot{}, fmt.Errorf("unsupported binding type %q", br.Type) + } +} + +func (r *sdkResolver) resolveClient(ctx context.Context, domainID, token string, br BindingRequest) (BindingSnapshot, error) { + client, sdkErr := r.sdk.Client(ctx, br.ResourceID, domainID, token) + if sdkErr != nil { + return BindingSnapshot{}, errors.Wrap(svcerr.ErrNotFound, + fmt.Errorf("client %q not found: %s", br.ResourceID, sdkErr)) + } + + snapshot := map[string]any{ + "id": client.ID, + "name": client.Name, + } + if client.Credentials.Identity != "" { + snapshot["identity"] = client.Credentials.Identity + } + if client.DomainID != "" { + snapshot["domain_id"] = client.DomainID + } + + secret := map[string]any{} + if client.Credentials.Secret != "" { + secret["secret"] = client.Credentials.Secret + } + + return BindingSnapshot{ + Slot: br.Slot, + Type: br.Type, + ResourceID: br.ResourceID, + Snapshot: snapshot, + SecretSnapshot: secret, + UpdatedAt: time.Now().UTC(), + }, nil +} + +func (r *sdkResolver) resolveChannel(ctx context.Context, domainID, token string, br BindingRequest) (BindingSnapshot, error) { + channel, sdkErr := r.sdk.Channel(ctx, br.ResourceID, domainID, token) + if sdkErr != nil { + return BindingSnapshot{}, errors.Wrap(svcerr.ErrNotFound, + fmt.Errorf("channel %q not found: %s", br.ResourceID, sdkErr)) + } + + snapshot := map[string]any{ + "id": channel.ID, + "name": channel.Name, + } + if channel.Route != "" { + snapshot["topic"] = channel.Route + } + if channel.DomainID != "" { + snapshot["domain_id"] = channel.DomainID + } + if channel.Metadata != nil { + snapshot["metadata"] = channel.Metadata + } + + return BindingSnapshot{ + Slot: br.Slot, + Type: br.Type, + ResourceID: br.ResourceID, + Snapshot: snapshot, + UpdatedAt: time.Now().UTC(), + }, nil +} diff --git a/bootstrap/secret_snapshots.go b/bootstrap/secret_snapshots.go new file mode 100644 index 000000000..01d57a8af --- /dev/null +++ b/bootstrap/secret_snapshots.go @@ -0,0 +1,100 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package bootstrap + +import ( + "crypto/aes" + "crypto/cipher" + "crypto/rand" + "encoding/hex" + "encoding/json" +) + +const secretSnapshotCiphertextKey = "ciphertext" + +func (bs bootstrapService) encryptSecretSnapshots(bindings []BindingSnapshot) ([]BindingSnapshot, error) { + encrypted := make([]BindingSnapshot, len(bindings)) + for i, binding := range bindings { + encrypted[i] = binding + if len(binding.SecretSnapshot) == 0 { + continue + } + secret, err := json.Marshal(binding.SecretSnapshot) + if err != nil { + return nil, err + } + ciphertext, err := bs.encrypt(secret) + if err != nil { + return nil, err + } + encrypted[i].SecretSnapshot = map[string]any{ + secretSnapshotCiphertextKey: ciphertext, + } + } + return encrypted, nil +} + +func (bs bootstrapService) decryptSecretSnapshots(bindings []BindingSnapshot) ([]BindingSnapshot, error) { + decrypted := make([]BindingSnapshot, len(bindings)) + for i, binding := range bindings { + decrypted[i] = binding + ciphertext, ok := binding.SecretSnapshot[secretSnapshotCiphertextKey].(string) + if !ok { + continue + } + plain, err := bs.decrypt(ciphertext) + if err != nil { + return nil, err + } + var secret map[string]any + if err := json.Unmarshal(plain, &secret); err != nil { + return nil, err + } + decrypted[i].SecretSnapshot = secret + } + return decrypted, nil +} + +func hideSecretSnapshots(bindings []BindingSnapshot) []BindingSnapshot { + hidden := make([]BindingSnapshot, len(bindings)) + for i, binding := range bindings { + hidden[i] = binding + hidden[i].SecretSnapshot = nil + } + return hidden +} + +func (bs bootstrapService) encrypt(plain []byte) (string, error) { + block, err := aes.NewCipher(bs.encKey) + if err != nil { + return "", err + } + ciphertext := make([]byte, aes.BlockSize+len(plain)) + iv := ciphertext[:aes.BlockSize] + if _, err := rand.Read(iv); err != nil { + return "", err + } + stream := cipher.NewCFBEncrypter(block, iv) + stream.XORKeyStream(ciphertext[aes.BlockSize:], plain) + return hex.EncodeToString(ciphertext), nil +} + +func (bs bootstrapService) decrypt(in string) ([]byte, error) { + ciphertext, err := hex.DecodeString(in) + if err != nil { + return nil, err + } + block, err := aes.NewCipher(bs.encKey) + if err != nil { + return nil, err + } + if len(ciphertext) < aes.BlockSize { + return nil, ErrExternalKeySecure + } + iv := ciphertext[:aes.BlockSize] + ciphertext = ciphertext[aes.BlockSize:] + stream := cipher.NewCFBDecrypter(block, iv) + stream.XORKeyStream(ciphertext, ciphertext) + return ciphertext, nil +} diff --git a/bootstrap/service.go b/bootstrap/service.go index 542bc8dcb..77c806898 100644 --- a/bootstrap/service.go +++ b/bootstrap/service.go @@ -14,15 +14,10 @@ import ( "github.com/absmach/magistrala/pkg/errors" repoerr "github.com/absmach/magistrala/pkg/errors/repository" svcerr "github.com/absmach/magistrala/pkg/errors/service" - "github.com/absmach/magistrala/pkg/policies" mgsdk "github.com/absmach/magistrala/pkg/sdk" ) var ( - // ErrClients indicates failure to communicate with Magistrala Clients service. - // It can be due to networking error or invalid/unauthenticated request. - ErrClients = errors.New("failed to receive response from Clients service") - // ErrExternalKey indicates a non-existent bootstrap configuration for given external key. ErrExternalKey = errors.NewAuthZError("failed to get bootstrap configuration for given external key") @@ -35,25 +30,24 @@ var ( // ErrAddBootstrap indicates error in adding bootstrap configuration. ErrAddBootstrap = errors.NewServiceError("failed to add bootstrap configuration") - // ErrBootstrapState indicates an invalid bootstrap state. - ErrBootstrapState = errors.NewRequestError("invalid bootstrap state") + // ErrBootstrapStatus indicates an invalid bootstrap status. + ErrBootstrapStatus = errors.NewRequestError("invalid bootstrap status") - // ErrNotInSameDomain indicates entities are not in the same domain. - errNotInSameDomain = errors.New("entities are not in the same domain") + errRemoveBootstrap = errors.New("failed to remove bootstrap configuration") + errEnableConfig = errors.New("failed to enable bootstrap configuration") + errDisableConfig = errors.New("failed to disable bootstrap configuration") + errUpdateCert = errors.New("failed to update cert") - errUpdateConnections = errors.New("failed to update connections") - errRemoveBootstrap = errors.New("failed to remove bootstrap configuration") - errChangeState = errors.New("failed to change state of bootstrap configuration") - errUpdateChannel = errors.New("failed to update channel") - errRemoveConfig = errors.New("failed to remove bootstrap configuration") - errRemoveChannel = errors.New("failed to remove channel") - errCreateClient = errors.New("failed to create client") - errConnectClient = errors.New("failed to connect client") - errDisconnectClient = errors.New("failed to disconnect client") - errCheckChannels = errors.New("failed to check if channels exists") - errConnectionChannels = errors.New("failed to check channels connections") - errClientNotFound = errors.New("failed to find client") - errUpdateCert = errors.New("failed to update cert") + errCreateProfile = errors.New("failed to create profile") + errViewProfile = errors.New("failed to view profile") + errUpdateProfile = errors.New("failed to update profile") + errDeleteProfile = errors.New("failed to delete profile") + errListProfiles = errors.New("failed to list profiles") + errAssignProfile = errors.New("failed to assign profile to enrollment") + errBindResources = errors.New("failed to bind resources") + errListBindings = errors.New("failed to list bindings") + errRefreshBinding = errors.New("failed to refresh bindings") + errRenderBootstrap = errors.New("failed to render bootstrap configuration") ) var _ Service = (*bootstrapService)(nil) @@ -72,10 +66,7 @@ type Service interface { // UpdateCert updates an existing Config certificate and token. // A non-nil error is returned to indicate operation failure. - UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (Config, error) - - // UpdateConnections updates list of Channels related to given Config. - UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) error + UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (Config, error) // List returns subset of Configs with given search params that belong to the // user identified by the given token. @@ -87,26 +78,41 @@ type Service interface { // Bootstrap returns Config to the Client with provided external ID using external key. Bootstrap(ctx context.Context, externalKey, externalID string, secure bool) (Config, error) - // ChangeState changes state of the Client with given client ID and domain ID. - ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state State) error + // EnableConfig enables the Config so its device can successfully bootstrap. + EnableConfig(ctx context.Context, session smqauthn.Session, id string) (Config, error) - // Methods RemoveConfig, UpdateChannel, and RemoveChannel are used as - // handlers for events. That's why these methods surpass ownership check. + // DisableConfig disables the Config, preventing its device from bootstrapping. + DisableConfig(ctx context.Context, session smqauthn.Session, id string) (Config, error) - // UpdateChannelHandler updates Channel with data received from an event. - UpdateChannelHandler(ctx context.Context, channel Channel) error + // CreateProfile persists a new device Profile. + CreateProfile(ctx context.Context, session smqauthn.Session, p Profile) (Profile, error) - // RemoveConfigHandler removes Configuration with id received from an event. - RemoveConfigHandler(ctx context.Context, id string) error + // ViewProfile returns the Profile with the given ID. + ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (Profile, error) - // RemoveChannelHandler removes Channel with id received from an event. - RemoveChannelHandler(ctx context.Context, id string) error + // UpdateProfile updates editable fields of the given Profile. + UpdateProfile(ctx context.Context, session smqauthn.Session, p Profile) error - // ConnectClientHandler changes state of the Config to active when connect event occurs. - ConnectClientHandler(ctx context.Context, channelID, clientID string) error + // ListProfiles returns a page of Profiles belonging to the domain. + ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (ProfilesPage, error) - // DisconnectClientHandler changes state of the Config to inactive when disconnect event occurs. - DisconnectClientHandler(ctx context.Context, channelID, clientID string) error + // DeleteProfile removes the Profile with the given ID. + DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error + + // AssignProfile sets the ProfileID on an existing enrollment (Config). + AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error + + // BindResources resolves the requested bindings through their owning services, + // stores snapshots, and marks the enrollment renderable when all required slots + // are satisfied. + BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []BindingRequest) error + + // ListBindings returns all stored binding snapshots for an enrollment. + ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]BindingSnapshot, error) + + // RefreshBindings re-resolves all existing bindings for an enrollment and + // updates the stored snapshots. + RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error } // ConfigReader is used to parse Config into format which will be encoded @@ -118,70 +124,67 @@ type ConfigReader interface { } type bootstrapService struct { - policies policies.Service configs ConfigRepository + profiles ProfileRepository + bindings BindingStore + resolver BindingResolver + renderer Renderer + hasher Hasher sdk mgsdk.SDK encKey []byte idProvider magistrala.IDProvider } // New returns new Bootstrap service. -func New(policyService policies.Service, configs ConfigRepository, sdk mgsdk.SDK, encKey []byte, idp magistrala.IDProvider) Service { +func New( + configs ConfigRepository, + profiles ProfileRepository, + bindings BindingStore, + resolver BindingResolver, + renderer Renderer, + sdk mgsdk.SDK, + hasher Hasher, + encKey []byte, + idp magistrala.IDProvider, +) Service { return &bootstrapService{ configs: configs, + profiles: profiles, + bindings: bindings, + resolver: resolver, + renderer: renderer, + hasher: hasher, sdk: sdk, - policies: policyService, encKey: encKey, idProvider: idp, } } func (bs bootstrapService) Add(ctx context.Context, session smqauthn.Session, token string, cfg Config) (Config, error) { - toConnect := bs.toIDList(cfg.Channels) - - // Check if channels exist. This is the way to prevent fetching channels that already exist. - existing, err := bs.configs.ListExisting(ctx, session.DomainID, toConnect) + id, err := bs.idProvider.ID() if err != nil { - return Config{}, errors.Wrap(errCheckChannels, err) + return Config{}, errors.Wrap(ErrAddBootstrap, err) } - cfg.Channels, err = bs.connectionChannels(ctx, toConnect, bs.toIDList(existing), session.DomainID, token) + hashedKey, err := bs.hasher.Hash(cfg.ExternalKey) if err != nil { - return Config{}, errors.Wrap(errConnectionChannels, err) + return Config{}, errors.Wrap(ErrAddBootstrap, err) } - id := cfg.ClientID - mgClient, err := bs.client(ctx, session.DomainID, id, token) - if err != nil { - return Config{}, errors.Wrap(errClientNotFound, err) - } - - for _, channel := range cfg.Channels { - if channel.DomainID != mgClient.DomainID { - return Config{}, errors.Wrap(svcerr.ErrMalformedEntity, errNotInSameDomain) - } - } - - cfg.ClientID = mgClient.ID + cfg.ID = id cfg.DomainID = session.DomainID - cfg.State = Inactive - cfg.ClientSecret = mgClient.Credentials.Secret + cfg.Status = Active + cfg.ExternalKey = hashedKey - saved, err := bs.configs.Save(ctx, cfg, toConnect) + saved, err := bs.configs.Save(ctx, cfg) if err != nil { - // If id is empty, then a new client has been created function - bs.client(id, token) - // So, on bootstrap config save error , delete the newly created client. - if id == "" { - if errT := bs.sdk.DeleteClient(ctx, cfg.ClientID, cfg.DomainID, token); errT != nil { - err = errors.Wrap(err, errT) - } + if errors.Contains(err, repoerr.ErrConflict) { + return Config{}, errors.Wrap(svcerr.ErrConflict, err) } return Config{}, errors.Wrap(ErrAddBootstrap, err) } - cfg.ClientID = saved - cfg.Channels = append(cfg.Channels, existing...) - + cfg.ID = saved return cfg, nil } @@ -196,105 +199,21 @@ func (bs bootstrapService) View(ctx context.Context, session smqauthn.Session, i func (bs bootstrapService) Update(ctx context.Context, session smqauthn.Session, cfg Config) error { cfg.DomainID = session.DomainID if err := bs.configs.Update(ctx, cfg); err != nil { - return errors.Wrap(errUpdateConnections, err) + return errors.Wrap(svcerr.ErrUpdateEntity, err) } return nil } -func (bs bootstrapService) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (Config, error) { - cfg, err := bs.configs.UpdateCert(ctx, session.DomainID, clientID, clientCert, clientKey, caCert) +func (bs bootstrapService) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (Config, error) { + cfg, err := bs.configs.UpdateCert(ctx, session.DomainID, id, clientCert, clientKey, caCert) if err != nil { return Config{}, errors.Wrap(errUpdateCert, err) } return cfg, nil } -func (bs bootstrapService) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) error { - cfg, err := bs.configs.RetrieveByID(ctx, session.DomainID, id) - if err != nil { - return errors.Wrap(errUpdateConnections, err) - } - - add, remove := bs.updateList(cfg, connections) - - // Check if channels exist. This is the way to prevent fetching channels that already exist. - existing, err := bs.configs.ListExisting(ctx, session.DomainID, connections) - if err != nil { - return errors.Wrap(errUpdateConnections, err) - } - - channels, err := bs.connectionChannels(ctx, connections, bs.toIDList(existing), session.DomainID, token) - if err != nil { - return errors.Wrap(errUpdateConnections, err) - } - - cfg.Channels = channels - var connect, disconnect []string - - if cfg.State == Active { - connect = add - disconnect = remove - } - - for _, c := range disconnect { - if err := bs.sdk.DisconnectClients(ctx, c, []string{id}, []string{"Publish", "Subscribe"}, session.DomainID, token); err != nil { - if errors.Contains(err, repoerr.ErrNotFound) { - continue - } - return ErrClients - } - } - - for _, c := range connect { - conIDs := mgsdk.Connection{ - ChannelIDs: []string{c}, - ClientIDs: []string{id}, - Types: []string{"Publish", "Subscribe"}, - } - if err := bs.sdk.Connect(ctx, conIDs, session.DomainID, token); err != nil { - return ErrClients - } - } - if err := bs.configs.UpdateConnections(ctx, session.DomainID, id, channels, connections); err != nil { - return errors.Wrap(errUpdateConnections, err) - } - return nil -} - -func (bs bootstrapService) listClientIDs(ctx context.Context, userID string) ([]string, error) { - tids, err := bs.policies.ListAllObjects(ctx, policies.Policy{ - SubjectType: policies.UserType, - Subject: userID, - Permission: policies.ViewPermission, - ObjectType: policies.ClientType, - }) - if err != nil { - return nil, errors.Wrap(svcerr.ErrNotFound, err) - } - return tids.Policies, nil -} - func (bs bootstrapService) List(ctx context.Context, session smqauthn.Session, filter Filter, offset, limit uint64) (ConfigsPage, error) { - if session.SuperAdmin { - return bs.configs.RetrieveAll(ctx, session.DomainID, []string{}, filter, offset, limit), nil - } - - // Handle non-admin users - clientIDs, err := bs.listClientIDs(ctx, session.DomainUserID) - if err != nil { - return ConfigsPage{}, errors.Wrap(svcerr.ErrNotFound, err) - } - - if len(clientIDs) == 0 { - return ConfigsPage{ - Total: 0, - Offset: offset, - Limit: limit, - Configs: []Config{}, - }, nil - } - - return bs.configs.RetrieveAll(ctx, session.DomainID, clientIDs, filter, offset, limit), nil + return bs.configs.RetrieveAll(ctx, session.DomainID, filter, offset, limit), nil } func (bs bootstrapService) Remove(ctx context.Context, session smqauthn.Session, id string) error { @@ -316,171 +235,283 @@ func (bs bootstrapService) Bootstrap(ctx context.Context, externalKey, externalI } externalKey = dec } - if cfg.ExternalKey != externalKey { + + if err := bs.hasher.Compare(externalKey, cfg.ExternalKey); err != nil { return Config{}, ErrExternalKey } + if cfg.Status == DisabledStatus { + return Config{}, ErrBootstrap + } + + cfg, err = bs.renderBootstrapConfig(ctx, cfg) + if err != nil { + return Config{}, errors.Wrap(ErrBootstrap, err) + } return cfg, nil } -func (bs bootstrapService) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state State) error { - cfg, err := bs.configs.RetrieveByID(ctx, session.DomainID, id) - if err != nil { - return errors.Wrap(errChangeState, err) +func (bs bootstrapService) renderBootstrapConfig(ctx context.Context, cfg Config) (Config, error) { + if cfg.ProfileID == "" { + return cfg, nil + } + if bs.profiles == nil || bs.bindings == nil || bs.renderer == nil { + return Config{}, errors.Wrap(errRenderBootstrap, errors.New("profile rendering support not configured")) } - if cfg.State == state { + profile, err := bs.profiles.RetrieveByID(ctx, cfg.DomainID, cfg.ProfileID) + if err != nil { + return Config{}, errors.Wrap(errRenderBootstrap, err) + } + + bindings, err := bs.bindings.Retrieve(ctx, cfg.ID) + if err != nil { + return Config{}, errors.Wrap(errRenderBootstrap, err) + } + if err := validateRequiredBindings(profile, bindings); err != nil { + return Config{}, errors.Wrap(errRenderBootstrap, err) + } + bindings, err = bs.decryptSecretSnapshots(bindings) + if err != nil { + return Config{}, errors.Wrap(errRenderBootstrap, err) + } + + rendered, err := bs.renderer.Render(profile, cfg, bindings) + if err != nil { + return Config{}, errors.Wrap(errRenderBootstrap, err) + } + + cfg.Content = string(rendered) + return cfg, nil +} + +func (bs bootstrapService) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (Config, error) { + cfg, err := bs.changeConfigStatus(ctx, session.DomainID, id, EnabledStatus) + if err != nil { + return Config{}, errors.Wrap(errEnableConfig, err) + } + return cfg, nil +} + +func (bs bootstrapService) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (Config, error) { + cfg, err := bs.changeConfigStatus(ctx, session.DomainID, id, DisabledStatus) + if err != nil { + return Config{}, errors.Wrap(errDisableConfig, err) + } + return cfg, nil +} + +func (bs bootstrapService) changeConfigStatus(ctx context.Context, domainID, id string, status Status) (Config, error) { + cfg, err := bs.configs.RetrieveByID(ctx, domainID, id) + if err != nil { + return Config{}, errors.Wrap(svcerr.ErrViewEntity, err) + } + if cfg.Status == status { + return cfg, nil + } + if err := bs.configs.ChangeStatus(ctx, domainID, id, status); err != nil { + return Config{}, errors.Wrap(svcerr.ErrUpdateEntity, err) + } + cfg.Status = status + return cfg, nil +} + +// --- Profile management --- + +func (bs bootstrapService) CreateProfile(ctx context.Context, session smqauthn.Session, p Profile) (Profile, error) { + if bs.profiles == nil { + return Profile{}, errors.Wrap(errCreateProfile, errors.New("profile repository not configured")) + } + id, err := bs.idProvider.ID() + if err != nil { + return Profile{}, errors.Wrap(errCreateProfile, err) + } + p.ID = id + p.DomainID = session.DomainID + if p.TemplateFormat == "" { + p.TemplateFormat = TemplateFormatGoTemplate + } + p.Version = 1 + if err := validateProfileBindingSlots(p); err != nil { + return Profile{}, errors.Wrap(errCreateProfile, err) + } + if err := validateProfileTemplate(p); err != nil { + return Profile{}, errors.Wrap(errCreateProfile, err) + } + saved, err := bs.profiles.Save(ctx, p) + if err != nil { + return Profile{}, errors.Wrap(errCreateProfile, err) + } + return saved, nil +} + +func (bs bootstrapService) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (Profile, error) { + if bs.profiles == nil { + return Profile{}, errors.Wrap(errViewProfile, errors.New("profile repository not configured")) + } + p, err := bs.profiles.RetrieveByID(ctx, session.DomainID, profileID) + if err != nil { + return Profile{}, errors.Wrap(errViewProfile, err) + } + return p, nil +} + +func (bs bootstrapService) UpdateProfile(ctx context.Context, session smqauthn.Session, p Profile) error { + if bs.profiles == nil { + return errors.Wrap(errUpdateProfile, errors.New("profile repository not configured")) + } + p.DomainID = session.DomainID + if p.TemplateFormat == "" { + p.TemplateFormat = TemplateFormatGoTemplate + } + if err := validateProfileBindingSlots(p); err != nil { + return errors.Wrap(errUpdateProfile, err) + } + if err := validateProfileTemplate(p); err != nil { + return errors.Wrap(errUpdateProfile, err) + } + if err := bs.profiles.Update(ctx, p); err != nil { + return errors.Wrap(errUpdateProfile, err) + } + return nil +} + +func (bs bootstrapService) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (ProfilesPage, error) { + if bs.profiles == nil { + return ProfilesPage{}, errors.Wrap(errListProfiles, errors.New("profile repository not configured")) + } + page, err := bs.profiles.RetrieveAll(ctx, session.DomainID, offset, limit) + if err != nil { + return ProfilesPage{}, errors.Wrap(errListProfiles, err) + } + return page, nil +} + +func (bs bootstrapService) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error { + if bs.profiles == nil { + return errors.Wrap(errDeleteProfile, errors.New("profile repository not configured")) + } + if err := bs.profiles.Delete(ctx, session.DomainID, profileID); err != nil { + return errors.Wrap(errDeleteProfile, err) + } + return nil +} + +// --- Enrollment-profile assignment --- + +func (bs bootstrapService) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error { + if bs.profiles == nil { + return errors.Wrap(errAssignProfile, errors.New("profile repository not configured")) + } + // Validate profile exists in domain. + if _, err := bs.profiles.RetrieveByID(ctx, session.DomainID, profileID); err != nil { + return errors.Wrap(errAssignProfile, err) + } + if err := bs.configs.AssignProfile(ctx, session.DomainID, configID, profileID); err != nil { + return errors.Wrap(errAssignProfile, err) + } + return nil +} + +// --- Binding management --- + +func (bs bootstrapService) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, requested []BindingRequest) error { + if bs.profiles == nil || bs.bindings == nil || bs.resolver == nil { + return errors.Wrap(errBindResources, errors.New("binding support not configured")) + } + cfg, err := bs.configs.RetrieveByID(ctx, session.DomainID, configID) + if err != nil { + return errors.Wrap(errBindResources, err) + } + profile, err := bs.profiles.RetrieveByID(ctx, session.DomainID, cfg.ProfileID) + if err != nil { + return errors.Wrap(errBindResources, err) + } + if err := validateRequestedBindings(profile, requested); err != nil { + return errors.Wrap(errBindResources, err) + } + snapshots, err := bs.resolver.Resolve(ctx, ResolveRequest{ + Enrollment: cfg, + Token: token, + Requested: requested, + }) + if err != nil { + return errors.Wrap(errBindResources, err) + } + existing, err := bs.bindings.Retrieve(ctx, configID) + if err != nil { + return errors.Wrap(errBindResources, err) + } + if err := validateRequiredBindings(profile, mergeBindingSnapshots(existing, snapshots)); err != nil { + return errors.Wrap(errBindResources, err) + } + snapshots, err = bs.encryptSecretSnapshots(snapshots) + if err != nil { + return errors.Wrap(errBindResources, err) + } + if err := bs.bindings.Save(ctx, configID, snapshots); err != nil { + return errors.Wrap(errBindResources, err) + } + return nil +} + +func (bs bootstrapService) ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]BindingSnapshot, error) { + if bs.bindings == nil { + return nil, errors.Wrap(errListBindings, errors.New("binding support not configured")) + } + if _, err := bs.configs.RetrieveByID(ctx, session.DomainID, configID); err != nil { + return nil, errors.Wrap(errListBindings, err) + } + snapshots, err := bs.bindings.Retrieve(ctx, configID) + if err != nil { + return nil, errors.Wrap(errListBindings, err) + } + return hideSecretSnapshots(snapshots), nil +} + +func (bs bootstrapService) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error { + if bs.profiles == nil || bs.bindings == nil || bs.resolver == nil { + return errors.Wrap(errRefreshBinding, errors.New("binding support not configured")) + } + cfg, err := bs.configs.RetrieveByID(ctx, session.DomainID, configID) + if err != nil { + return errors.Wrap(errRefreshBinding, err) + } + profile, err := bs.profiles.RetrieveByID(ctx, session.DomainID, cfg.ProfileID) + if err != nil { + return errors.Wrap(errRefreshBinding, err) + } + existing, err := bs.bindings.Retrieve(ctx, configID) + if err != nil { + return errors.Wrap(errRefreshBinding, err) + } + if len(existing) == 0 { return nil } - - switch state { - case Active: - for _, c := range cfg.Channels { - if err := bs.sdk.ConnectClients(ctx, c.ID, []string{cfg.ClientID}, []string{"Publish", "Subscribe"}, session.DomainID, token); err != nil { - // Ignore conflict errors as they indicate the connection already exists. - if errors.Contains(err, svcerr.ErrConflict) { - continue - } - return ErrClients - } - } - case Inactive: - for _, c := range cfg.Channels { - if err := bs.sdk.DisconnectClients(ctx, c.ID, []string{cfg.ClientID}, []string{"Publish", "Subscribe"}, session.DomainID, token); err != nil { - if errors.Contains(err, repoerr.ErrNotFound) { - continue - } - return ErrClients - } - } + // Re-resolve every existing binding to refresh its snapshot. + requested := make([]BindingRequest, len(existing)) + for i, b := range existing { + requested[i] = BindingRequest{Slot: b.Slot, Type: b.Type, ResourceID: b.ResourceID} } - if err := bs.configs.ChangeState(ctx, session.DomainID, id, state); err != nil { - return errors.Wrap(errChangeState, err) + if err := validateRequestedBindings(profile, requested); err != nil { + return errors.Wrap(errRefreshBinding, err) } - return nil -} - -func (bs bootstrapService) UpdateChannelHandler(ctx context.Context, channel Channel) error { - if err := bs.configs.UpdateChannel(ctx, channel); err != nil { - return errors.Wrap(errUpdateChannel, err) + refreshed, err := bs.resolver.Resolve(ctx, ResolveRequest{ + Enrollment: cfg, + Token: token, + Requested: requested, + }) + if err != nil { + return errors.Wrap(errRefreshBinding, err) } - return nil -} - -func (bs bootstrapService) RemoveConfigHandler(ctx context.Context, id string) error { - if err := bs.configs.RemoveClient(ctx, id); err != nil { - return errors.Wrap(errRemoveConfig, err) + if err := validateRequiredBindings(profile, refreshed); err != nil { + return errors.Wrap(errRefreshBinding, err) } - return nil -} - -func (bs bootstrapService) RemoveChannelHandler(ctx context.Context, id string) error { - if err := bs.configs.RemoveChannel(ctx, id); err != nil { - return errors.Wrap(errRemoveChannel, err) + refreshed, err = bs.encryptSecretSnapshots(refreshed) + if err != nil { + return errors.Wrap(errRefreshBinding, err) } - return nil -} - -func (bs bootstrapService) ConnectClientHandler(ctx context.Context, channelID, clientID string) error { - if err := bs.configs.ConnectClient(ctx, channelID, clientID); err != nil { - return errors.Wrap(errConnectClient, err) - } - return nil -} - -func (bs bootstrapService) DisconnectClientHandler(ctx context.Context, channelID, clientID string) error { - if err := bs.configs.DisconnectClient(ctx, channelID, clientID); err != nil { - return errors.Wrap(errDisconnectClient, err) - } - return nil -} - -// Method client retrieves Magistrala Client creating one if an empty ID is passed. -func (bs bootstrapService) client(ctx context.Context, domainID, id, token string) (mgsdk.Client, error) { - // If Client ID is not provided, then create new client. - if id == "" { - id, err := bs.idProvider.ID() - if err != nil { - return mgsdk.Client{}, errors.Wrap(errCreateClient, err) - } - client, sdkErr := bs.sdk.CreateClient(ctx, mgsdk.Client{ID: id, Name: "Bootstrapped Client " + id}, domainID, token) - if sdkErr != nil { - return mgsdk.Client{}, errors.Wrap(errCreateClient, sdkErr) - } - return client, nil - } - // If Client ID is provided, then retrieve client - client, sdkErr := bs.sdk.Client(ctx, id, domainID, token) - if sdkErr != nil { - return mgsdk.Client{}, errors.Wrap(ErrClients, sdkErr) - } - return client, nil -} - -func (bs bootstrapService) connectionChannels(ctx context.Context, channels, existing []string, domainID, token string) ([]Channel, error) { - add := make(map[string]bool, len(channels)) - for _, ch := range channels { - add[ch] = true - } - - for _, ch := range existing { - if add[ch] { - delete(add, ch) - } - } - - var ret []Channel - for id := range add { - ch, err := bs.sdk.Channel(ctx, id, domainID, token) - if err != nil { - return nil, errors.Wrap(errors.ErrMalformedEntity, err) - } - - ret = append(ret, Channel{ - ID: ch.ID, - Name: ch.Name, - Metadata: ch.Metadata, - DomainID: ch.DomainID, - }) - } - - return ret, nil -} - -// Method updateList accepts config and channel IDs and returns three lists: -// 1) IDs of Channels to be added -// 2) IDs of Channels to be removed -// 3) IDs of common Channels for these two configs. -func (bs bootstrapService) updateList(cfg Config, connections []string) (add, remove []string) { - disconnect := make(map[string]bool, len(cfg.Channels)) - for _, c := range cfg.Channels { - disconnect[c.ID] = true - } - - for _, c := range connections { - if disconnect[c] { - // Don't disconnect common elements. - delete(disconnect, c) - continue - } - // Connect new elements. - add = append(add, c) - } - - for v := range disconnect { - remove = append(remove, v) - } - - return -} - -func (bs bootstrapService) toIDList(channels []Channel) []string { - var ret []string - for _, ch := range channels { - ret = append(ret, ch.ID) - } - - return ret + return bs.bindings.Save(ctx, configID, refreshed) } func (bs bootstrapService) dec(in string) (string, error) { diff --git a/bootstrap/service_test.go b/bootstrap/service_test.go index 92c45139d..88dbe4667 100644 --- a/bootstrap/service_test.go +++ b/bootstrap/service_test.go @@ -11,18 +11,15 @@ import ( "encoding/hex" "fmt" "io" - "sort" "testing" "github.com/absmach/magistrala/bootstrap" + bootstraphasher "github.com/absmach/magistrala/bootstrap/hasher" mocks "github.com/absmach/magistrala/bootstrap/mocks" "github.com/absmach/magistrala/internal/testsutil" smqauthn "github.com/absmach/magistrala/pkg/authn" "github.com/absmach/magistrala/pkg/errors" svcerr "github.com/absmach/magistrala/pkg/errors/service" - policysvc "github.com/absmach/magistrala/pkg/policies" - policymocks "github.com/absmach/magistrala/pkg/policies/mocks" - mgsdk "github.com/absmach/magistrala/pkg/sdk" sdkmocks "github.com/absmach/magistrala/pkg/sdk/mocks" "github.com/absmach/magistrala/pkg/uuid" "github.com/stretchr/testify/assert" @@ -31,46 +28,41 @@ import ( const ( validToken = "validToken" - invalidToken = "invalid" invalidDomainID = "invalid" - email = "test@example.com" unknown = "unknown" - channelsNum = 3 - instanceID = "5de9b29a-feb9-11ed-be56-0242ac120002" validID = "d4ebb847-5d0e-4e46-bdd9-b6aceaaa3a22" ) var ( encKey = []byte("1234567891011121") domainID = testsutil.GenerateUUID(&testing.T{}) - channel = bootstrap.Channel{ - ID: testsutil.GenerateUUID(&testing.T{}), - Name: "name", - Metadata: map[string]any{"name": "value"}, - } config = bootstrap.Config{ - ClientID: testsutil.GenerateUUID(&testing.T{}), - ClientSecret: testsutil.GenerateUUID(&testing.T{}), - ExternalID: testsutil.GenerateUUID(&testing.T{}), - ExternalKey: testsutil.GenerateUUID(&testing.T{}), - Channels: []bootstrap.Channel{channel}, - Content: "config", + ID: testsutil.GenerateUUID(&testing.T{}), + ExternalID: testsutil.GenerateUUID(&testing.T{}), + ExternalKey: testsutil.GenerateUUID(&testing.T{}), + Content: "config", } ) var ( - boot *mocks.ConfigRepository - policies *policymocks.Service - sdk *sdkmocks.SDK + boot *mocks.ConfigRepository + sdk *sdkmocks.SDK + profileRepo *mocks.ProfileRepository + bindingStore *mocks.BindingStore + resolver *mocks.BindingResolver + renderer *mocks.Renderer ) func newService() bootstrap.Service { boot = new(mocks.ConfigRepository) - policies = new(policymocks.Service) sdk = new(sdkmocks.SDK) + profileRepo = new(mocks.ProfileRepository) + bindingStore = new(mocks.BindingStore) + resolver = new(mocks.BindingResolver) + renderer = new(mocks.Renderer) idp := uuid.NewMock() - return bootstrap.New(policies, boot, sdk, encKey, idp) + return bootstrap.New(boot, profileRepo, bindingStore, resolver, renderer, sdk, bootstraphasher.New(), encKey, idp) } func enc(in []byte) ([]byte, error) { @@ -92,27 +84,17 @@ func TestAdd(t *testing.T) { svc := newService() neID := config - neID.ClientID = "non-existent" - - wrongChannels := config - ch := channel - ch.ID = "invalid" - wrongChannels.Channels = append(wrongChannels.Channels, ch) + neID.ID = "non-existent" cases := []struct { - desc string - config bootstrap.Config - token string - session smqauthn.Session - userID string - domainID string - clientErr error - createClientErr error - channelErr error - listExistingErr error - saveErr error - deleteClientErr error - err error + desc string + config bootstrap.Config + token string + session smqauthn.Session + userID string + domainID string + saveErr error + err error }{ { desc: "add a new config", @@ -123,22 +105,12 @@ func TestAdd(t *testing.T) { err: nil, }, { - desc: "add a config with an invalid ID", - config: neID, - token: validToken, - userID: validID, - domainID: domainID, - clientErr: errors.NewSDKError(svcerr.ErrNotFound), - err: svcerr.ErrNotFound, - }, - { - desc: "add a config with invalid list of channels", - config: wrongChannels, - token: validToken, - userID: validID, - domainID: domainID, - listExistingErr: svcerr.ErrMalformedEntity, - err: svcerr.ErrMalformedEntity, + desc: "add a config with an invalid ID", + config: neID, + token: validToken, + userID: validID, + domainID: domainID, + err: nil, }, { desc: "add empty config", @@ -152,18 +124,10 @@ func TestAdd(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { tc.session = smqauthn.Session{UserID: tc.userID, DomainID: tc.domainID, DomainUserID: validID} - repoCall := sdk.On("Client", mock.Anything, tc.config.ClientID, mock.Anything, tc.token).Return(mgsdk.Client{ID: tc.config.ClientID, Credentials: mgsdk.ClientCredentials{Secret: tc.config.ClientSecret}}, tc.clientErr) - repoCall1 := sdk.On("CreateClient", mock.Anything, mock.Anything, tc.domainID, tc.token).Return(mgsdk.Client{}, tc.createClientErr) - repoCall2 := sdk.On("DeleteClient", mock.Anything, tc.config.ClientID, tc.domainID, tc.token).Return(tc.deleteClientErr) - repoCall3 := boot.On("ListExisting", context.Background(), tc.domainID, mock.Anything).Return(tc.config.Channels, tc.listExistingErr) - repoCall4 := boot.On("Save", context.Background(), mock.Anything, mock.Anything).Return(mock.Anything, tc.saveErr) + repoCall3 := boot.On("Save", context.Background(), mock.Anything).Return(mock.Anything, tc.saveErr) _, err := svc.Add(context.Background(), tc.session, tc.token, tc.config) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - repoCall.Unset() - repoCall1.Unset() - repoCall2.Unset() repoCall3.Unset() - repoCall4.Unset() }) } } @@ -186,7 +150,7 @@ func TestView(t *testing.T) { }{ { desc: "view an existing config", - configID: config.ClientID, + configID: config.ID, userID: validID, clientDomain: domainID, domain: domainID, @@ -205,7 +169,7 @@ func TestView(t *testing.T) { }, { desc: "view a config with invalid domain", - configID: config.ClientID, + configID: config.ID, userID: validID, clientDomain: invalidDomainID, domain: invalidDomainID, @@ -230,16 +194,13 @@ func TestUpdate(t *testing.T) { svc := newService() c := config - ch := channel - ch.ID = "2" - c.Channels = append(c.Channels, ch) modifiedCreated := c modifiedCreated.Content = "new-config" modifiedCreated.Name = "new name" nonExisting := c - nonExisting.ClientID = unknown + nonExisting.ID = unknown cases := []struct { desc string @@ -252,7 +213,7 @@ func TestUpdate(t *testing.T) { err error }{ { - desc: "update a config with state Created", + desc: "update a config with status Created", config: modifiedCreated, token: validToken, userID: validID, @@ -294,9 +255,6 @@ func TestUpdateCert(t *testing.T) { svc := newService() c := config - ch := channel - ch.ID = "2" - c.Channels = append(c.Channels, ch) cases := []struct { desc string @@ -304,7 +262,7 @@ func TestUpdateCert(t *testing.T) { session smqauthn.Session userID string domainID string - clientID string + configID string clientCert string clientKey string caCert string @@ -318,24 +276,22 @@ func TestUpdateCert(t *testing.T) { desc: "update certs for the valid config", userID: validID, domainID: domainID, - clientID: c.ClientID, + configID: c.ID, clientCert: "newCert", clientKey: "newKey", caCert: "newCert", token: validToken, expectedConfig: bootstrap.Config{ - Name: c.Name, - ClientSecret: c.ClientSecret, - Channels: c.Channels, - ExternalID: c.ExternalID, - ExternalKey: c.ExternalKey, - Content: c.Content, - State: c.State, - DomainID: c.DomainID, - ClientID: c.ClientID, - ClientCert: "newCert", - CACert: "newCert", - ClientKey: "newKey", + Name: c.Name, + ExternalID: c.ExternalID, + ExternalKey: c.ExternalKey, + Content: c.Content, + Status: c.Status, + DomainID: c.DomainID, + ID: c.ID, + ClientCert: "newCert", + CACert: "newCert", + ClientKey: "newKey", }, err: nil, }, @@ -343,7 +299,7 @@ func TestUpdateCert(t *testing.T) { desc: "update cert for a non-existing config", userID: validID, domainID: domainID, - clientID: "empty", + configID: "empty", clientCert: "newCert", clientKey: "newKey", caCert: "newCert", @@ -358,96 +314,14 @@ func TestUpdateCert(t *testing.T) { t.Run(tc.desc, func(t *testing.T) { tc.session = smqauthn.Session{UserID: tc.userID, DomainID: tc.domainID, DomainUserID: validID} repoCall := boot.On("UpdateCert", context.Background(), mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.expectedConfig, tc.updateErr) - cfg, err := svc.UpdateCert(context.Background(), tc.session, tc.clientID, tc.clientCert, tc.clientKey, tc.caCert) + cfg, err := svc.UpdateCert(context.Background(), tc.session, tc.configID, tc.clientCert, tc.clientKey, tc.caCert) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - sort.Slice(cfg.Channels, func(i, j int) bool { - return cfg.Channels[i].ID < cfg.Channels[j].ID - }) - sort.Slice(tc.expectedConfig.Channels, func(i, j int) bool { - return tc.expectedConfig.Channels[i].ID < tc.expectedConfig.Channels[j].ID - }) assert.Equal(t, tc.expectedConfig, cfg, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.expectedConfig, cfg)) repoCall.Unset() }) } } -func TestUpdateConnections(t *testing.T) { - svc := newService() - - c := config - c.State = bootstrap.Inactive - - activeConf := config - activeConf.State = bootstrap.Active - - ch := channel - - cases := []struct { - desc string - token string - session smqauthn.Session - id string - state bootstrap.State - userID string - domainID string - connections []string - updateErr error - clientErr error - channelErr error - retrieveErr error - listErr error - err error - }{ - { - desc: "update connections for config with state Inactive", - token: validToken, - userID: validID, - domainID: domainID, - id: c.ClientID, - state: c.State, - connections: []string{ch.ID}, - err: nil, - }, - { - desc: "update connections for config with state Active", - token: validToken, - userID: validID, - domainID: domainID, - id: activeConf.ClientID, - state: activeConf.State, - connections: []string{ch.ID}, - err: nil, - }, - { - desc: "update connections with invalid channels", - token: validToken, - userID: validID, - domainID: domainID, - id: c.ClientID, - connections: []string{"wrong"}, - channelErr: errors.NewSDKError(svcerr.ErrNotFound), - err: svcerr.ErrNotFound, - }, - } - - for _, tc := range cases { - t.Run(tc.desc, func(t *testing.T) { - tc.session = smqauthn.Session{UserID: tc.userID, DomainID: tc.domainID, DomainUserID: validID} - sdkCall := sdk.On("Channel", mock.Anything, mock.Anything, tc.domainID, tc.token).Return(mgsdk.Channel{}, tc.channelErr) - repoCall := boot.On("RetrieveByID", context.Background(), tc.domainID, tc.id).Return(c, tc.retrieveErr) - repoCall1 := boot.On("ListExisting", context.Background(), mock.Anything, mock.Anything, mock.Anything).Return(c.Channels, tc.listErr) - repoCall2 := boot.On("UpdateConnections", context.Background(), mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.updateErr) - err := svc.UpdateConnections(context.Background(), tc.session, tc.token, tc.id, tc.connections) - assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - sdkCall.Unset() - repoCall.Unset() - repoCall1.Unset() - repoCall2.Unset() - }) - } -} - func TestList(t *testing.T) { svc := newService() @@ -459,24 +333,22 @@ func TestList(t *testing.T) { c.ExternalKey = testsutil.GenerateUUID(t) c.Name = fmt.Sprintf("%s-%d", config.Name, i) if i == 41 { - c.State = bootstrap.Active + c.Status = bootstrap.Active } saved = append(saved, c) } cases := []struct { - desc string - config bootstrap.ConfigsPage - filter bootstrap.Filter - offset uint64 - limit uint64 - token string - session smqauthn.Session - userID string - domainID string - listObjectsResponse policysvc.PolicyPage - listObjectsErr error - retrieveErr error - err error + desc string + config bootstrap.ConfigsPage + filter bootstrap.Filter + offset uint64 + limit uint64 + token string + session smqauthn.Session + userID string + domainID string + retrieveErr error + err error }{ { desc: "list configs successfully as super admin", @@ -496,17 +368,16 @@ func TestList(t *testing.T) { err: nil, }, { - desc: "list configs with failed super admin check", - config: bootstrap.ConfigsPage{}, - filter: bootstrap.Filter{}, - token: validID, - session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, - userID: validID, - domainID: domainID, - listObjectsResponse: policysvc.PolicyPage{}, - offset: 0, - limit: 10, - err: nil, + desc: "list configs with failed super admin check", + config: bootstrap.ConfigsPage{}, + filter: bootstrap.Filter{}, + token: validID, + session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, + userID: validID, + domainID: domainID, + offset: 0, + limit: 10, + err: nil, }, { desc: "list configs successfully as domain admin", @@ -516,15 +387,14 @@ func TestList(t *testing.T) { Limit: 10, Configs: saved[0:10], }, - filter: bootstrap.Filter{}, - token: validToken, - userID: validID, - domainID: domainID, - session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID, SuperAdmin: true}, - listObjectsResponse: policysvc.PolicyPage{}, - offset: 0, - limit: 10, - err: nil, + filter: bootstrap.Filter{}, + token: validToken, + userID: validID, + domainID: domainID, + session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID, SuperAdmin: true}, + offset: 0, + limit: 10, + err: nil, }, { desc: "list configs successfully as non admin", @@ -534,15 +404,14 @@ func TestList(t *testing.T) { Limit: 10, Configs: saved[0:10], }, - filter: bootstrap.Filter{}, - token: validToken, - userID: validID, - domainID: domainID, - session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, - listObjectsResponse: policysvc.PolicyPage{Policies: []string{"test", "test"}}, - offset: 0, - limit: 10, - err: nil, + filter: bootstrap.Filter{}, + token: validToken, + userID: validID, + domainID: domainID, + session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, + offset: 0, + limit: 10, + err: nil, }, { desc: "list configs with specified name as super admin", @@ -586,15 +455,14 @@ func TestList(t *testing.T) { Limit: 100, Configs: saved[95:96], }, - filter: bootstrap.Filter{PartialMatch: map[string]string{"name": "95"}}, - token: validToken, - userID: validID, - domainID: domainID, - session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, - listObjectsResponse: policysvc.PolicyPage{Policies: []string{"test", "test"}}, - offset: 0, - limit: 100, - err: nil, + filter: bootstrap.Filter{PartialMatch: map[string]string{"name": "95"}}, + token: validToken, + userID: validID, + domainID: domainID, + session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, + offset: 0, + limit: 100, + err: nil, }, { desc: "list last page as super admin", @@ -638,25 +506,24 @@ func TestList(t *testing.T) { Limit: 10, Configs: saved[95:], }, - filter: bootstrap.Filter{}, - token: validToken, - userID: validID, - domainID: domainID, - session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, - listObjectsResponse: policysvc.PolicyPage{Policies: []string{"test", "test"}}, - offset: 95, - limit: 10, - err: nil, + filter: bootstrap.Filter{}, + token: validToken, + userID: validID, + domainID: domainID, + session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, + offset: 95, + limit: 10, + err: nil, }, { - desc: "list configs with Active state as super admin", + desc: "list configs with Active status as super admin", config: bootstrap.ConfigsPage{ Total: 1, Offset: 35, Limit: 20, Configs: []bootstrap.Config{saved[41]}, }, - filter: bootstrap.Filter{FullMatch: map[string]string{"state": bootstrap.Active.String()}}, + filter: bootstrap.Filter{FullMatch: map[string]string{"status": bootstrap.Active.String()}}, token: validToken, userID: validID, domainID: domainID, @@ -666,14 +533,14 @@ func TestList(t *testing.T) { err: nil, }, { - desc: "list configs with Active state as domain admin", + desc: "list configs with Active status as domain admin", config: bootstrap.ConfigsPage{ Total: 1, Offset: 35, Limit: 20, Configs: []bootstrap.Config{saved[41]}, }, - filter: bootstrap.Filter{FullMatch: map[string]string{"state": bootstrap.Active.String()}}, + filter: bootstrap.Filter{FullMatch: map[string]string{"status": bootstrap.Active.String()}}, token: validToken, userID: validID, domainID: domainID, @@ -683,54 +550,44 @@ func TestList(t *testing.T) { err: nil, }, { - desc: "list configs with Active state as non admin", + desc: "list configs with Active status as non admin", config: bootstrap.ConfigsPage{ Total: 1, Offset: 35, Limit: 20, Configs: []bootstrap.Config{saved[41]}, }, - filter: bootstrap.Filter{FullMatch: map[string]string{"state": bootstrap.Active.String()}}, - token: validToken, - userID: validID, - domainID: domainID, - session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, - listObjectsResponse: policysvc.PolicyPage{Policies: []string{"test", "test"}}, - offset: 35, - limit: 20, - err: nil, + filter: bootstrap.Filter{FullMatch: map[string]string{"status": bootstrap.Active.String()}}, + token: validToken, + userID: validID, + domainID: domainID, + session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, + offset: 35, + limit: 20, + err: nil, }, { - desc: "list configs with failed to list objects", - config: bootstrap.ConfigsPage{}, - filter: bootstrap.Filter{}, - offset: 0, - limit: 10, - token: validToken, - userID: validID, - domainID: domainID, - session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, - listObjectsResponse: policysvc.PolicyPage{}, - listObjectsErr: svcerr.ErrNotFound, - err: svcerr.ErrNotFound, + desc: "list configs with empty result", + config: bootstrap.ConfigsPage{}, + filter: bootstrap.Filter{}, + offset: 0, + limit: 10, + token: validToken, + userID: validID, + domainID: domainID, + session: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID}, + err: nil, }, } for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { - policyCall := policies.On("ListAllObjects", mock.Anything, policysvc.Policy{ - SubjectType: policysvc.UserType, - Subject: tc.userID, - Permission: policysvc.ViewPermission, - ObjectType: policysvc.ClientType, - }).Return(tc.listObjectsResponse, tc.listObjectsErr) - repoCall := boot.On("RetrieveAll", context.Background(), mock.Anything, mock.Anything, tc.filter, tc.offset, tc.limit).Return(tc.config, tc.retrieveErr) + repoCall := boot.On("RetrieveAll", context.Background(), mock.Anything, tc.filter, tc.offset, tc.limit).Return(tc.config, tc.retrieveErr) result, err := svc.List(context.Background(), tc.session, tc.filter, tc.offset, tc.limit) assert.ElementsMatch(t, tc.config.Configs, result.Configs, fmt.Sprintf("%s: expected %v got %v", tc.desc, tc.config.Configs, result.Configs)) assert.Equal(t, tc.config.Total, result.Total, fmt.Sprintf("%s: expected %v got %v", tc.desc, tc.config.Total, result.Total)) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - policyCall.Unset() repoCall.Unset() }) } @@ -752,7 +609,7 @@ func TestRemove(t *testing.T) { }{ { desc: "remove an existing config", - id: c.ClientID, + id: c.ID, token: validToken, userID: validID, domainID: domainID, @@ -760,7 +617,7 @@ func TestRemove(t *testing.T) { }, { desc: "remove removed config", - id: c.ClientID, + id: c.ID, token: validToken, userID: validID, domainID: domainID, @@ -768,7 +625,7 @@ func TestRemove(t *testing.T) { }, { desc: "remove a config with failed remove", - id: c.ClientID, + id: c.ID, token: validToken, userID: validID, domainID: domainID, @@ -792,6 +649,7 @@ func TestBootstrap(t *testing.T) { svc := newService() c := config + c.Status = bootstrap.Active e, err := enc([]byte(c.ExternalKey)) assert.Nil(t, err, fmt.Sprintf("Encrypting external key expected to succeed: %s.\n", err)) @@ -858,256 +716,899 @@ func TestBootstrap(t *testing.T) { } } -func TestChangeState(t *testing.T) { +func TestBootstrapRender(t *testing.T) { + profile := bootstrap.Profile{ + ID: testsutil.GenerateUUID(&testing.T{}), + DomainID: domainID, + Name: "gateway-profile", + TemplateFormat: bootstrap.TemplateFormatGoTemplate, + ContentTemplate: `{"mode":"profile"}`, + } + bindings := []bootstrap.BindingSnapshot{ + { + ConfigID: config.ID, + Slot: "mqtt_client", + Type: "client", + ResourceID: config.ID, + Snapshot: map[string]any{ + "id": config.ID, + }, + }, + } + + cases := []struct { + desc string + cfg bootstrap.Config + rendererOut []byte + rendererErr error + rendered string + err error + }{ + { + desc: "bootstrap renders assigned profile content", + cfg: func() bootstrap.Config { + cfg := config + cfg.DomainID = domainID + cfg.ProfileID = profile.ID + cfg.Status = bootstrap.Active + cfg.Content = "legacy" + return cfg + }(), + rendererOut: []byte(`{"mode":"profile"}`), + rendered: `{"mode":"profile"}`, + }, + { + desc: "bootstrap falls back to legacy content when no profile is assigned", + cfg: func() bootstrap.Config { + cfg := config + cfg.DomainID = domainID + cfg.Status = bootstrap.Active + cfg.Content = "legacy" + return cfg + }(), + rendered: "legacy", + }, + { + desc: "bootstrap fails when renderer fails", + cfg: func() bootstrap.Config { + cfg := config + cfg.DomainID = domainID + cfg.ProfileID = profile.ID + cfg.Status = bootstrap.Active + return cfg + }(), + rendererErr: errors.New("render failed"), + err: errors.New("render failed"), + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + svc := newService() + repoCall := boot.On("RetrieveByExternalID", context.Background(), tc.cfg.ExternalID).Return(tc.cfg, nil) + + var prCall, bsCall, rndCall *mock.Call + if tc.cfg.ProfileID != "" { + prCall = profileRepo.On("RetrieveByID", context.Background(), tc.cfg.DomainID, tc.cfg.ProfileID).Return(profile, nil) + bsCall = bindingStore.On("Retrieve", context.Background(), tc.cfg.ID).Return(bindings, nil) + rndCall = renderer.On("Render", mock.Anything, mock.Anything, mock.Anything).Return(tc.rendererOut, tc.rendererErr) + } + + res, err := svc.Bootstrap(context.Background(), tc.cfg.ExternalKey, tc.cfg.ExternalID, false) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.err, err)) + if tc.err == nil { + assert.Equal(t, tc.rendered, res.Content, fmt.Sprintf("%s: expected rendered content %q got %q\n", tc.desc, tc.rendered, res.Content)) + } + + repoCall.Unset() + if prCall != nil { + prCall.Unset() + } + if bsCall != nil { + bsCall.Unset() + } + if rndCall != nil { + rndCall.Unset() + } + }) + } +} + +func TestEnableConfig(t *testing.T) { svc := newService() c := config + activeConfig := config + activeConfig.Status = bootstrap.Active + inactiveConfig := config + inactiveConfig.Status = bootstrap.Inactive + cases := []struct { - desc string - state bootstrap.State - id string - token string - session smqauthn.Session - userID string - domainID string - retrieveErr error - connectErr errors.SDKError - disconenctErr error - stateErr error - err error + desc string + config bootstrap.Config + id string + session smqauthn.Session + userID string + domainID string + retrieveErr error + statusErr error + err error }{ { - desc: "change state of non-existing config", - state: bootstrap.Active, + desc: "enable non-existing config", + config: c, id: unknown, - token: validToken, userID: validID, domainID: domainID, retrieveErr: svcerr.ErrNotFound, err: svcerr.ErrNotFound, }, { - desc: "change state to Active", - state: bootstrap.Active, - id: c.ClientID, - token: validToken, + desc: "enable inactive config", + config: inactiveConfig, + id: c.ID, userID: validID, domainID: domainID, err: nil, }, { - desc: "change state to current state", - state: bootstrap.Active, - id: c.ClientID, - token: validToken, + desc: "enable already active config", + config: activeConfig, + id: c.ID, userID: validID, domainID: domainID, err: nil, }, { - desc: "change state to Inactive", - state: bootstrap.Inactive, - id: c.ClientID, - token: validToken, - userID: validID, - domainID: domainID, - err: nil, - }, - { - desc: "change state with failed Connect", - state: bootstrap.Active, - id: c.ClientID, - token: validToken, - userID: validID, - domainID: domainID, - connectErr: errors.NewSDKError(bootstrap.ErrClients), - err: bootstrap.ErrClients, - }, - { - desc: "change state with invalid state", - state: bootstrap.State(2), - id: c.ClientID, - token: validToken, - userID: validID, - domainID: domainID, - stateErr: svcerr.ErrMalformedEntity, - err: svcerr.ErrMalformedEntity, + desc: "enable with repo error", + config: inactiveConfig, + id: c.ID, + userID: validID, + domainID: domainID, + statusErr: svcerr.ErrUpdateEntity, + err: svcerr.ErrUpdateEntity, }, } for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { tc.session = smqauthn.Session{UserID: tc.userID, DomainID: tc.domainID, DomainUserID: validID} - repoCall := boot.On("RetrieveByID", context.Background(), tc.domainID, tc.id).Return(c, tc.retrieveErr) - sdkCall := sdk.On("ConnectClients", mock.Anything, mock.Anything, mock.Anything, []string{"Publish", "Subscribe"}, mock.Anything, tc.token).Return(tc.connectErr) - repoCall1 := boot.On("ChangeState", context.Background(), mock.Anything, mock.Anything, mock.Anything).Return(tc.stateErr) - err := svc.ChangeState(context.Background(), tc.session, tc.token, tc.id, tc.state) + repoCall := boot.On("RetrieveByID", context.Background(), tc.domainID, tc.id).Return(tc.config, tc.retrieveErr) + repoCall1 := boot.On("ChangeStatus", context.Background(), mock.Anything, mock.Anything, mock.Anything).Return(tc.statusErr) + _, err := svc.EnableConfig(context.Background(), tc.session, tc.id) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - sdkCall.Unset() repoCall.Unset() repoCall1.Unset() }) } } -func TestUpdateChannelHandler(t *testing.T) { +func TestDisableConfig(t *testing.T) { svc := newService() - ch := bootstrap.Channel{ - ID: channel.ID, - Name: "new name", - Metadata: map[string]any{"meta": "new"}, + c := config + activeConfig := config + activeConfig.Status = bootstrap.Active + inactiveConfig := config + inactiveConfig.Status = bootstrap.Inactive + + cases := []struct { + desc string + config bootstrap.Config + id string + session smqauthn.Session + userID string + domainID string + retrieveErr error + statusErr error + err error + }{ + { + desc: "disable non-existing config", + config: c, + id: unknown, + userID: validID, + domainID: domainID, + retrieveErr: svcerr.ErrNotFound, + err: svcerr.ErrNotFound, + }, + { + desc: "disable active config", + config: activeConfig, + id: c.ID, + userID: validID, + domainID: domainID, + err: nil, + }, + { + desc: "disable already inactive config", + config: inactiveConfig, + id: c.ID, + userID: validID, + domainID: domainID, + err: nil, + }, + { + desc: "disable with repo error", + config: activeConfig, + id: c.ID, + userID: validID, + domainID: domainID, + statusErr: svcerr.ErrUpdateEntity, + err: svcerr.ErrUpdateEntity, + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + tc.session = smqauthn.Session{UserID: tc.userID, DomainID: tc.domainID, DomainUserID: validID} + repoCall := boot.On("RetrieveByID", context.Background(), tc.domainID, tc.id).Return(tc.config, tc.retrieveErr) + repoCall1 := boot.On("ChangeStatus", context.Background(), mock.Anything, mock.Anything, mock.Anything).Return(tc.statusErr) + _, err := svc.DisableConfig(context.Background(), tc.session, tc.id) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) + repoCall.Unset() + repoCall1.Unset() + }) + } +} + +func TestAssignProfile(t *testing.T) { + profile := bootstrap.Profile{ + ID: testsutil.GenerateUUID(t), + DomainID: domainID, + Name: "gateway-profile", + TemplateFormat: bootstrap.TemplateFormatGoTemplate, + Version: 1, + } + + cases := []struct { + desc string + configID string + profileID string + retrieveErr error + assignErr error + expectedErr error + expectAssign bool + }{ + { + desc: "assign profile to enrollment", + configID: config.ID, + profileID: profile.ID, + expectAssign: true, + }, + { + desc: "assign profile with missing profile", + configID: config.ID, + profileID: profile.ID, + retrieveErr: svcerr.ErrNotFound, + expectedErr: svcerr.ErrNotFound, + }, + { + desc: "assign profile with repository error", + configID: config.ID, + profileID: profile.ID, + assignErr: svcerr.ErrUpdateEntity, + expectedErr: svcerr.ErrUpdateEntity, + expectAssign: true, + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + svc := newService() + session := smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID} + + prCall := profileRepo.On("RetrieveByID", context.Background(), domainID, tc.profileID).Return(profile, tc.retrieveErr) + + var assignCall *mock.Call + if tc.expectAssign { + assignCall = boot.On("AssignProfile", context.Background(), domainID, tc.configID, tc.profileID).Return(tc.assignErr) + } + + err := svc.AssignProfile(context.Background(), session, tc.configID, tc.profileID) + assert.True(t, errors.Contains(err, tc.expectedErr), fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.expectedErr, err)) + + prCall.Unset() + if assignCall != nil { + assignCall.Unset() + } + }) + } +} + +func TestCreateProfile(t *testing.T) { + session := smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID} + + validProfile := bootstrap.Profile{ + Name: "test-profile", + TemplateFormat: bootstrap.TemplateFormatGoTemplate, } cases := []struct { desc string - channel bootstrap.Channel + profile bootstrap.Profile + saveErr error err error }{ { - desc: "update an existing channel", - channel: ch, - err: nil, + desc: "create profile successfully", + profile: validProfile, }, { - desc: "update a non-existing channel", - channel: bootstrap.Channel{ID: ""}, - err: nil, + desc: "create profile defaults to go-template format", + profile: bootstrap.Profile{Name: "no-format"}, + }, + { + desc: "create profile with invalid slot: empty name", + profile: bootstrap.Profile{ + Name: "test", + BindingSlots: []bootstrap.BindingSlot{{Name: "", Type: "client"}}, + }, + err: errors.New("invalid binding slot: slot name is required"), + }, + { + desc: "create profile with invalid slot: empty type", + profile: bootstrap.Profile{ + Name: "test", + BindingSlots: []bootstrap.BindingSlot{{Name: "mqtt", Type: ""}}, + }, + err: errors.New("invalid binding slot: slot \"mqtt\" type is required"), + }, + { + desc: "create profile with duplicate slot names", + profile: bootstrap.Profile{ + Name: "test", + BindingSlots: []bootstrap.BindingSlot{ + {Name: "mqtt", Type: "client"}, + {Name: "mqtt", Type: "channel"}, + }, + }, + err: errors.New("invalid binding slot: duplicate slot \"mqtt\""), + }, + { + desc: "create profile with invalid template syntax", + profile: bootstrap.Profile{ + Name: "test", + ContentTemplate: `{{ index .Vars \"mqtt_url\" }}`, + }, + err: bootstrap.ErrRenderFailed, + }, + { + desc: "create profile with repository save error", + profile: validProfile, + saveErr: svcerr.ErrCreateEntity, + err: svcerr.ErrCreateEntity, }, } for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { - repoCall := boot.On("UpdateChannel", context.Background(), mock.Anything).Return(tc.err) - err := svc.UpdateChannelHandler(context.Background(), tc.channel) - assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - repoCall.Unset() + svc := newService() + saveCall := profileRepo.EXPECT().Save(mock.Anything, mock.Anything).RunAndReturn( + func(_ context.Context, p bootstrap.Profile) (bootstrap.Profile, error) { + return p, tc.saveErr + }) + saved, err := svc.CreateProfile(context.Background(), session, tc.profile) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.err, err)) + if tc.err == nil { + assert.NotEmpty(t, saved.ID, fmt.Sprintf("%s: expected non-empty profile ID\n", tc.desc)) + assert.Equal(t, domainID, saved.DomainID, fmt.Sprintf("%s: expected domain ID %s got %s\n", tc.desc, domainID, saved.DomainID)) + assert.Equal(t, bootstrap.TemplateFormatGoTemplate, saved.TemplateFormat, fmt.Sprintf("%s: expected go-template format\n", tc.desc)) + assert.Equal(t, 1, saved.Version, fmt.Sprintf("%s: expected version 1\n", tc.desc)) + } + saveCall.Unset() }) } } -func TestRemoveChannelHandler(t *testing.T) { - svc := newService() +func TestViewProfile(t *testing.T) { + session := smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID} + + profile := bootstrap.Profile{ + ID: testsutil.GenerateUUID(t), + DomainID: domainID, + Name: "view-profile", + TemplateFormat: bootstrap.TemplateFormatGoTemplate, + Version: 1, + } cases := []struct { - desc string - id string - err error + desc string + profileID string + retrieveErr error + err error }{ { - desc: "remove an existing channel", - id: config.Channels[0].ID, - err: nil, + desc: "view profile successfully", + profileID: profile.ID, }, { - desc: "remove a non-existing channel", - id: "unknown", - err: nil, + desc: "view non-existing profile", + profileID: unknown, + retrieveErr: svcerr.ErrNotFound, + err: svcerr.ErrNotFound, }, } for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { - repoCall := boot.On("RemoveChannel", context.Background(), mock.Anything).Return(tc.err) - err := svc.RemoveChannelHandler(context.Background(), tc.id) - assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - repoCall.Unset() + svc := newService() + prCall := profileRepo.On("RetrieveByID", context.Background(), domainID, tc.profileID).Return(profile, tc.retrieveErr) + got, err := svc.ViewProfile(context.Background(), session, tc.profileID) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.err, err)) + if tc.err == nil { + assert.Equal(t, profile, got, fmt.Sprintf("%s: expected profile %v got %v\n", tc.desc, profile, got)) + } + prCall.Unset() }) } } -func TestRemoveConfigHandler(t *testing.T) { - svc := newService() +func TestUpdateProfile(t *testing.T) { + session := smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID} - cases := []struct { - desc string - id string - err error - }{ - { - desc: "remove an existing config", - id: config.ClientID, - err: nil, - }, - { - desc: "remove a non-existing channel", - id: "unknown", - err: nil, - }, + validProfile := bootstrap.Profile{ + ID: testsutil.GenerateUUID(t), + DomainID: domainID, + Name: "updated-profile", + TemplateFormat: bootstrap.TemplateFormatGoTemplate, } - for _, tc := range cases { - t.Run(tc.desc, func(t *testing.T) { - repoCall := boot.On("RemoveClient", context.Background(), mock.Anything).Return(tc.err) - err := svc.RemoveConfigHandler(context.Background(), tc.id) - assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - repoCall.Unset() - }) - } -} - -func TestConnectClientHandler(t *testing.T) { - svc := newService() - cases := []struct { desc string - clientID string - channelID string + profile bootstrap.Profile + updateErr error err error }{ { - desc: "connect", - channelID: channel.ID, - clientID: config.ClientID, - err: nil, + desc: "update profile successfully", + profile: validProfile, }, { - desc: "connect connected", - channelID: channel.ID, - clientID: config.ClientID, - err: svcerr.ErrAddPolicies, + desc: "update profile defaults to go-template format", + profile: bootstrap.Profile{ID: validProfile.ID, Name: "no-format"}, + }, + { + desc: "update profile with invalid slot: empty type", + profile: bootstrap.Profile{ + ID: validProfile.ID, + Name: "test", + BindingSlots: []bootstrap.BindingSlot{{Name: "mqtt", Type: ""}}, + }, + err: errors.New("invalid binding slot: slot \"mqtt\" type is required"), + }, + { + desc: "update profile with duplicate slot names", + profile: bootstrap.Profile{ + ID: validProfile.ID, + Name: "test", + BindingSlots: []bootstrap.BindingSlot{ + {Name: "slot1", Type: "client"}, + {Name: "slot1", Type: "channel"}, + }, + }, + err: errors.New("invalid binding slot: duplicate slot \"slot1\""), + }, + { + desc: "update profile with invalid template syntax", + profile: bootstrap.Profile{ + ID: validProfile.ID, + Name: "test", + ContentTemplate: `{{ index .Vars \"mqtt_url\" }}`, + }, + err: bootstrap.ErrRenderFailed, + }, + { + desc: "update profile with repository error", + profile: validProfile, + updateErr: svcerr.ErrUpdateEntity, + err: svcerr.ErrUpdateEntity, }, } for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { - repoCall := boot.On("ConnectClient", context.Background(), mock.Anything, mock.Anything).Return(tc.err) - err := svc.ConnectClientHandler(context.Background(), tc.channelID, tc.clientID) - assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - repoCall.Unset() + svc := newService() + updateCall := profileRepo.On("Update", context.Background(), mock.Anything).Return(tc.updateErr) + err := svc.UpdateProfile(context.Background(), session, tc.profile) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.err, err)) + updateCall.Unset() }) } } -func TestDisconnectClientsHandler(t *testing.T) { - svc := newService() +func TestListProfiles(t *testing.T) { + session := smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID} + + profiles := []bootstrap.Profile{ + {ID: testsutil.GenerateUUID(t), DomainID: domainID, Name: "p1", TemplateFormat: bootstrap.TemplateFormatGoTemplate, Version: 1}, + {ID: testsutil.GenerateUUID(t), DomainID: domainID, Name: "p2", TemplateFormat: bootstrap.TemplateFormatGoTemplate, Version: 1}, + } + page := bootstrap.ProfilesPage{Total: 2, Offset: 0, Limit: 10, Profiles: profiles} + + cases := []struct { + desc string + offset uint64 + limit uint64 + page bootstrap.ProfilesPage + listErr error + err error + }{ + { + desc: "list profiles successfully", + limit: 10, + page: page, + }, + { + desc: "list profiles with repository error", + limit: 10, + listErr: svcerr.ErrViewEntity, + err: svcerr.ErrViewEntity, + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + svc := newService() + listCall := profileRepo.On("RetrieveAll", context.Background(), domainID, tc.offset, tc.limit).Return(tc.page, tc.listErr) + got, err := svc.ListProfiles(context.Background(), session, tc.offset, tc.limit) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.err, err)) + if tc.err == nil { + assert.Equal(t, tc.page, got, fmt.Sprintf("%s: expected page %v got %v\n", tc.desc, tc.page, got)) + } + listCall.Unset() + }) + } +} + +func TestDeleteProfile(t *testing.T) { + session := smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID} + profileID := testsutil.GenerateUUID(t) cases := []struct { desc string - clientID string - channelID string + profileID string + deleteErr error err error }{ { - desc: "disconnect", - channelID: channel.ID, - clientID: config.ClientID, - err: nil, + desc: "delete profile successfully", + profileID: profileID, }, { - desc: "disconnect disconnected", - channelID: channel.ID, - clientID: config.ClientID, - err: nil, + desc: "delete profile with repository error", + profileID: profileID, + deleteErr: svcerr.ErrRemoveEntity, + err: svcerr.ErrRemoveEntity, }, } for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { - repoCall := boot.On("DisconnectClient", context.Background(), mock.Anything, mock.Anything).Return(tc.err) - err := svc.DisconnectClientHandler(context.Background(), tc.channelID, tc.clientID) - assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) - repoCall.Unset() + svc := newService() + deleteCall := profileRepo.On("Delete", context.Background(), domainID, tc.profileID).Return(tc.deleteErr) + err := svc.DeleteProfile(context.Background(), session, tc.profileID) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.err, err)) + deleteCall.Unset() + }) + } +} + +func TestBindResources(t *testing.T) { + session := smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID} + + profile := bootstrap.Profile{ + ID: testsutil.GenerateUUID(t), + DomainID: domainID, + Name: "bind-profile", + BindingSlots: []bootstrap.BindingSlot{ + {Name: "mqtt", Type: "client", Required: true}, + }, + } + + channelProfile := bootstrap.Profile{ + ID: testsutil.GenerateUUID(t), + DomainID: domainID, + Name: "channel-profile", + BindingSlots: []bootstrap.BindingSlot{ + {Name: "data", Type: "channel", Required: true}, + }, + } + + cfg := bootstrap.Config{ + ID: config.ID, + DomainID: domainID, + ProfileID: profile.ID, + } + + channelCfg := bootstrap.Config{ + ID: config.ID, + DomainID: domainID, + ProfileID: channelProfile.ID, + } + + snapshot := bootstrap.BindingSnapshot{ + ConfigID: config.ID, + Slot: "mqtt", + Type: "client", + ResourceID: validID, + Snapshot: map[string]any{"id": validID}, + } + + channelSnapshot := bootstrap.BindingSnapshot{ + ConfigID: config.ID, + Slot: "data", + Type: "channel", + ResourceID: validID, + Snapshot: map[string]any{"id": validID}, + } + + requested := []bootstrap.BindingRequest{ + {Slot: "mqtt", Type: "client", ResourceID: validID}, + } + + channelRequested := []bootstrap.BindingRequest{ + {Slot: "data", Type: "channel", ResourceID: validID}, + } + + cases := []struct { + desc string + configID string + bindings []bootstrap.BindingRequest + cfgErr error + prErr error + resolveErr error + retrieveErr error + saveErr error + snapshots []bootstrap.BindingSnapshot + useChannel bool + err error + }{ + { + desc: "bind resources with config not found", + configID: config.ID, + bindings: requested, + cfgErr: svcerr.ErrNotFound, + err: svcerr.ErrNotFound, + }, + { + desc: "bind resources with profile not found", + configID: config.ID, + bindings: requested, + prErr: svcerr.ErrNotFound, + err: svcerr.ErrNotFound, + }, + { + desc: "bind resources with unknown slot", + configID: config.ID, + bindings: []bootstrap.BindingRequest{{Slot: "unknown", Type: "client", ResourceID: validID}}, + err: errors.New("invalid binding slot: unknown slot \"unknown\""), + }, + { + desc: "bind resources with wrong slot type", + configID: config.ID, + bindings: []bootstrap.BindingRequest{{Slot: "mqtt", Type: "channel", ResourceID: validID}}, + err: errors.New("invalid binding slot: slot \"mqtt\" expects \"client\", got \"channel\""), + }, + { + desc: "bind resources with resolver error", + configID: config.ID, + bindings: requested, + resolveErr: errors.New("resolve failed"), + err: errors.New("resolve failed"), + }, + { + desc: "bind resources with binding store retrieve error", + configID: config.ID, + bindings: requested, + snapshots: []bootstrap.BindingSnapshot{snapshot}, + retrieveErr: svcerr.ErrViewEntity, + err: svcerr.ErrViewEntity, + }, + { + desc: "bind resources with required slot not satisfied", + configID: config.ID, + bindings: requested, + snapshots: []bootstrap.BindingSnapshot{ + {ConfigID: config.ID, Slot: "mqtt", Type: "channel", ResourceID: validID}, + }, + err: errors.New("invalid binding slot: slot \"mqtt\" expects \"client\", got \"channel\""), + }, + { + desc: "bind resources with save error", + configID: config.ID, + bindings: requested, + snapshots: []bootstrap.BindingSnapshot{snapshot}, + saveErr: svcerr.ErrCreateEntity, + err: svcerr.ErrCreateEntity, + }, + { + desc: "bind resources successfully", + configID: config.ID, + bindings: requested, + snapshots: []bootstrap.BindingSnapshot{snapshot}, + }, + { + desc: "bind channel resource successfully", + configID: config.ID, + bindings: channelRequested, + snapshots: []bootstrap.BindingSnapshot{channelSnapshot}, + useChannel: true, + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + svc := newService() + activeCfg, activeProfile := cfg, profile + if tc.useChannel { + activeCfg = channelCfg + activeProfile = channelProfile + } + boot.On("RetrieveByID", context.Background(), domainID, tc.configID).Return(activeCfg, tc.cfgErr) + profileRepo.On("RetrieveByID", context.Background(), domainID, activeProfile.ID).Return(activeProfile, tc.prErr) + resolver.On("Resolve", context.Background(), mock.Anything).Return(tc.snapshots, tc.resolveErr) + bindingStore.On("Retrieve", context.Background(), tc.configID).Return([]bootstrap.BindingSnapshot{}, tc.retrieveErr) + bindingStore.On("Save", context.Background(), tc.configID, mock.Anything).Return(tc.saveErr) + + err := svc.BindResources(context.Background(), session, validToken, tc.configID, tc.bindings) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.err, err)) + }) + } +} + +func TestListBindings(t *testing.T) { + session := smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID} + + snapshots := []bootstrap.BindingSnapshot{ + {ConfigID: config.ID, Slot: "mqtt", Type: "client", ResourceID: validID, Snapshot: map[string]any{"id": validID}}, + } + + cases := []struct { + desc string + configID string + cfgErr error + bindings []bootstrap.BindingSnapshot + retrieveErr error + err error + }{ + { + desc: "list bindings with config not found", + configID: config.ID, + cfgErr: svcerr.ErrNotFound, + err: svcerr.ErrNotFound, + }, + { + desc: "list bindings with retrieve error", + configID: config.ID, + retrieveErr: svcerr.ErrViewEntity, + err: svcerr.ErrViewEntity, + }, + { + desc: "list bindings successfully", + configID: config.ID, + bindings: snapshots, + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + svc := newService() + boot.On("RetrieveByID", context.Background(), domainID, tc.configID).Return(config, tc.cfgErr) + bindingStore.On("Retrieve", context.Background(), tc.configID).Return(tc.bindings, tc.retrieveErr) + + got, err := svc.ListBindings(context.Background(), session, tc.configID) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.err, err)) + if tc.err == nil { + assert.Len(t, got, len(tc.bindings), fmt.Sprintf("%s: expected %d bindings got %d\n", tc.desc, len(tc.bindings), len(got))) + } + }) + } +} + +func TestRefreshBindings(t *testing.T) { + session := smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: validID} + + profile := bootstrap.Profile{ + ID: testsutil.GenerateUUID(t), + DomainID: domainID, + Name: "refresh-profile", + BindingSlots: []bootstrap.BindingSlot{ + {Name: "mqtt", Type: "client", Required: true}, + }, + } + + cfg := bootstrap.Config{ + ID: config.ID, + DomainID: domainID, + ProfileID: profile.ID, + } + + existing := []bootstrap.BindingSnapshot{ + {ConfigID: config.ID, Slot: "mqtt", Type: "client", ResourceID: validID}, + } + + refreshed := []bootstrap.BindingSnapshot{ + {ConfigID: config.ID, Slot: "mqtt", Type: "client", ResourceID: validID, Snapshot: map[string]any{"id": validID}}, + } + + cases := []struct { + desc string + configID string + cfgErr error + prErr error + existing []bootstrap.BindingSnapshot + retrieveErr error + snapshots []bootstrap.BindingSnapshot + resolveErr error + saveErr error + err error + }{ + { + desc: "refresh bindings with config not found", + configID: config.ID, + cfgErr: svcerr.ErrNotFound, + err: svcerr.ErrNotFound, + }, + { + desc: "refresh bindings with profile not found", + configID: config.ID, + prErr: svcerr.ErrNotFound, + err: svcerr.ErrNotFound, + }, + { + desc: "refresh bindings with retrieve error", + configID: config.ID, + retrieveErr: svcerr.ErrViewEntity, + err: svcerr.ErrViewEntity, + }, + { + desc: "refresh bindings with no existing bindings is a no-op", + configID: config.ID, + }, + { + desc: "refresh bindings with resolver error", + configID: config.ID, + existing: existing, + resolveErr: errors.New("resolve failed"), + err: errors.New("resolve failed"), + }, + { + desc: "refresh bindings with required binding missing after refresh", + configID: config.ID, + existing: existing, + snapshots: []bootstrap.BindingSnapshot{ + {ConfigID: config.ID, Slot: "mqtt", Type: "channel", ResourceID: validID}, + }, + err: errors.New("invalid binding slot: slot \"mqtt\" expects \"client\", got \"channel\""), + }, + { + desc: "refresh bindings with save error", + configID: config.ID, + existing: existing, + snapshots: refreshed, + saveErr: svcerr.ErrCreateEntity, + err: svcerr.ErrCreateEntity, + }, + { + desc: "refresh bindings successfully", + configID: config.ID, + existing: existing, + snapshots: refreshed, + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + svc := newService() + boot.On("RetrieveByID", context.Background(), domainID, tc.configID).Return(cfg, tc.cfgErr) + profileRepo.On("RetrieveByID", context.Background(), domainID, profile.ID).Return(profile, tc.prErr) + bindingStore.On("Retrieve", context.Background(), tc.configID).Return(tc.existing, tc.retrieveErr) + resolver.On("Resolve", context.Background(), mock.Anything).Return(tc.snapshots, tc.resolveErr) + bindingStore.On("Save", context.Background(), tc.configID, mock.Anything).Return(tc.saveErr) + + err := svc.RefreshBindings(context.Background(), session, validToken, tc.configID) + assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.err, err)) }) } } diff --git a/bootstrap/state.go b/bootstrap/state.go deleted file mode 100644 index ec230a8dc..000000000 --- a/bootstrap/state.go +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright (c) Abstract Machines -// SPDX-License-Identifier: Apache-2.0 - -package bootstrap - -import "strconv" - -const ( - // Inactive Client is created, but not able to exchange messages using Magistrala. - Inactive State = iota - // Active Client is created, configured, and whitelisted. - Active -) - -// State represents corresponding Magistrala Client state. The possible Config States -// as well as description of what that State represents are given in the table: -// | State | What it means | -// |----------+--------------------------------------------------------------------------------| -// | Inactive | Client is created, but isn't able to communicate over Magistrala | -// | Active | Client is able to communicate using Magistrala |. -type State int - -// String returns string representation of State. -func (s State) String() string { - return strconv.Itoa(int(s)) -} diff --git a/bootstrap/status.go b/bootstrap/status.go new file mode 100644 index 000000000..9ef4a3c24 --- /dev/null +++ b/bootstrap/status.go @@ -0,0 +1,101 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package bootstrap + +import ( + "encoding/json" + "strconv" + "strings" + + svcerr "github.com/absmach/magistrala/pkg/errors/service" +) + +// Status represents bootstrap enrollment availability. +type Status uint8 + +// Possible bootstrap enrollment statuses. +const ( + EnabledStatus Status = iota + DisabledStatus + // AllStatus is used for querying purposes to list configs irrespective + // of their status. It is never stored in the database. + AllStatus +) + +// String representation of bootstrap status values. +const ( + Disabled = "disabled" + Enabled = "enabled" + All = "all" + Unknown = "unknown" +) + +// Backward-compatible aliases kept while callers move off the old names. +const ( + Inactive = DisabledStatus + Active = EnabledStatus +) + +// String returns string representation of Status. +func (s Status) String() string { + switch s { + case DisabledStatus: + return Disabled + case EnabledStatus: + return Enabled + case AllStatus: + return All + default: + return Unknown + } +} + +// ToStatus converts a string or legacy numeric string value to Status. +func ToStatus(status string) (Status, error) { + switch strings.ToLower(status) { + case "", Enabled, "0": + return EnabledStatus, nil + case Disabled, "1": + return DisabledStatus, nil + case All: + return AllStatus, nil + } + return Status(0), svcerr.ErrInvalidStatus +} + +// MarshalJSON renders bootstrap status as a string literal. +func (s Status) MarshalJSON() ([]byte, error) { + return json.Marshal(s.String()) +} + +// UnmarshalJSON accepts both string and legacy numeric bootstrap statuses. +func (s *Status) UnmarshalJSON(data []byte) error { + if len(data) == 0 || string(data) == "null" { + return nil + } + + if data[0] != '"' { + var n int + if err := json.Unmarshal(data, &n); err != nil { + return err + } + parsed, err := ToStatus(strconv.Itoa(n)) + if err != nil { + return err + } + *s = parsed + return nil + } + + var status string + if err := json.Unmarshal(data, &status); err != nil { + return err + } + parsed, err := ToStatus(status) + if err != nil { + return err + } + *s = parsed + return nil +} diff --git a/bootstrap/tracing/tracing.go b/bootstrap/tracing/tracing.go index 0ab72a464..c1008f60e 100644 --- a/bootstrap/tracing/tracing.go +++ b/bootstrap/tracing/tracing.go @@ -27,12 +27,12 @@ func New(svc bootstrap.Service, tracer trace.Tracer) bootstrap.Service { // Add traces the "Add" operation of the wrapped bootstrap.Service. func (tm *tracingMiddleware) Add(ctx context.Context, session smqauthn.Session, token string, cfg bootstrap.Config) (bootstrap.Config, error) { ctx, span := tm.tracer.Start(ctx, "svc_register_user", trace.WithAttributes( - attribute.String("client_id", cfg.ClientID), + attribute.String("config_id", cfg.ID), attribute.String("domain_id ", cfg.DomainID), attribute.String("name", cfg.Name), attribute.String("external_id", cfg.ExternalID), attribute.String("content", cfg.Content), - attribute.String("state", cfg.State.String()), + attribute.String("status", cfg.Status.String()), )) defer span.End() @@ -54,7 +54,7 @@ func (tm *tracingMiddleware) Update(ctx context.Context, session smqauthn.Sessio ctx, span := tm.tracer.Start(ctx, "svc_update_user", trace.WithAttributes( attribute.String("name", cfg.Name), attribute.String("content", cfg.Content), - attribute.String("client_id", cfg.ClientID), + attribute.String("config_id", cfg.ID), attribute.String("domain_id ", cfg.DomainID), )) defer span.End() @@ -63,24 +63,13 @@ func (tm *tracingMiddleware) Update(ctx context.Context, session smqauthn.Sessio } // UpdateCert traces the "UpdateCert" operation of the wrapped bootstrap.Service. -func (tm *tracingMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) { +func (tm *tracingMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (bootstrap.Config, error) { ctx, span := tm.tracer.Start(ctx, "svc_update_cert", trace.WithAttributes( - attribute.String("client_id", clientID), + attribute.String("config_id", id), )) defer span.End() - return tm.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert) -} - -// UpdateConnections traces the "UpdateConnections" operation of the wrapped bootstrap.Service. -func (tm *tracingMiddleware) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) error { - ctx, span := tm.tracer.Start(ctx, "svc_update_connections", trace.WithAttributes( - attribute.String("id", id), - attribute.StringSlice("connections", connections), - )) - defer span.End() - - return tm.svc.UpdateConnections(ctx, session, token, id, connections) + return tm.svc.UpdateCert(ctx, session, id, clientCert, clientKey, caCert) } // List traces the "List" operation of the wrapped bootstrap.Service. @@ -107,7 +96,6 @@ func (tm *tracingMiddleware) Remove(ctx context.Context, session smqauthn.Sessio // Bootstrap traces the "Bootstrap" operation of the wrapped bootstrap.Service. func (tm *tracingMiddleware) Bootstrap(ctx context.Context, externalKey, externalID string, secure bool) (bootstrap.Config, error) { ctx, span := tm.tracer.Start(ctx, "svc_bootstrap_user", trace.WithAttributes( - attribute.String("external_key", externalKey), attribute.String("external_id", externalID), attribute.Bool("secure", secure), )) @@ -116,67 +104,95 @@ func (tm *tracingMiddleware) Bootstrap(ctx context.Context, externalKey, externa return tm.svc.Bootstrap(ctx, externalKey, externalID, secure) } -// ChangeState traces the "ChangeState" operation of the wrapped bootstrap.Service. -func (tm *tracingMiddleware) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state bootstrap.State) error { - ctx, span := tm.tracer.Start(ctx, "svc_change_state", trace.WithAttributes( - attribute.String("id", id), - attribute.String("state", state.String()), - )) - defer span.End() - - return tm.svc.ChangeState(ctx, session, token, id, state) -} - -// UpdateChannelHandler traces the "UpdateChannelHandler" operation of the wrapped bootstrap.Service. -func (tm *tracingMiddleware) UpdateChannelHandler(ctx context.Context, channel bootstrap.Channel) error { - ctx, span := tm.tracer.Start(ctx, "svc_update_channel_handler", trace.WithAttributes( - attribute.String("id", channel.ID), - attribute.String("name", channel.Name), - attribute.String("description", channel.Description), - )) - defer span.End() - - return tm.svc.UpdateChannelHandler(ctx, channel) -} - -// RemoveConfigHandler traces the "RemoveConfigHandler" operation of the wrapped bootstrap.Service. -func (tm *tracingMiddleware) RemoveConfigHandler(ctx context.Context, id string) error { - ctx, span := tm.tracer.Start(ctx, "svc_remove_config_handler", trace.WithAttributes( +func (tm *tracingMiddleware) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) { + ctx, span := tm.tracer.Start(ctx, "svc_enable_config", trace.WithAttributes( attribute.String("id", id), )) defer span.End() - return tm.svc.RemoveConfigHandler(ctx, id) + return tm.svc.EnableConfig(ctx, session, id) } -// RemoveChannelHandler traces the "RemoveChannelHandler" operation of the wrapped bootstrap.Service. -func (tm *tracingMiddleware) RemoveChannelHandler(ctx context.Context, id string) error { - ctx, span := tm.tracer.Start(ctx, "svc_remove_channel_handler", trace.WithAttributes( +func (tm *tracingMiddleware) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) { + ctx, span := tm.tracer.Start(ctx, "svc_disable_config", trace.WithAttributes( attribute.String("id", id), )) defer span.End() - return tm.svc.RemoveChannelHandler(ctx, id) + return tm.svc.DisableConfig(ctx, session, id) } -// ConnectClientHandler traces the "ConnectClientHandler" operation of the wrapped bootstrap.Service. -func (tm *tracingMiddleware) ConnectClientHandler(ctx context.Context, channelID, clientID string) error { - ctx, span := tm.tracer.Start(ctx, "svc_connect_client_handler", trace.WithAttributes( - attribute.String("channel_id", channelID), - attribute.String("client_id", clientID), +func (tm *tracingMiddleware) CreateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (bootstrap.Profile, error) { + ctx, span := tm.tracer.Start(ctx, "svc_create_profile", trace.WithAttributes( + attribute.String("name", p.Name), + attribute.String("domain_id", p.DomainID), )) defer span.End() - - return tm.svc.ConnectClientHandler(ctx, channelID, clientID) + return tm.svc.CreateProfile(ctx, session, p) } -// DisconnectClientHandler traces the "DisconnectClientHandler" operation of the wrapped bootstrap.Service. -func (tm *tracingMiddleware) DisconnectClientHandler(ctx context.Context, channelID, clientID string) error { - ctx, span := tm.tracer.Start(ctx, "svc_disconnect_client_handler", trace.WithAttributes( - attribute.String("channel_id", channelID), - attribute.String("client_id", clientID), +func (tm *tracingMiddleware) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (bootstrap.Profile, error) { + ctx, span := tm.tracer.Start(ctx, "svc_view_profile", trace.WithAttributes( + attribute.String("profile_id", profileID), )) defer span.End() - - return tm.svc.DisconnectClientHandler(ctx, channelID, clientID) + return tm.svc.ViewProfile(ctx, session, profileID) +} + +func (tm *tracingMiddleware) UpdateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) error { + ctx, span := tm.tracer.Start(ctx, "svc_update_profile", trace.WithAttributes( + attribute.String("profile_id", p.ID), + )) + defer span.End() + return tm.svc.UpdateProfile(ctx, session, p) +} + +func (tm *tracingMiddleware) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (bootstrap.ProfilesPage, error) { + ctx, span := tm.tracer.Start(ctx, "svc_list_profiles", trace.WithAttributes( + attribute.Int64("offset", int64(offset)), + attribute.Int64("limit", int64(limit)), + )) + defer span.End() + return tm.svc.ListProfiles(ctx, session, offset, limit) +} + +func (tm *tracingMiddleware) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error { + ctx, span := tm.tracer.Start(ctx, "svc_delete_profile", trace.WithAttributes( + attribute.String("profile_id", profileID), + )) + defer span.End() + return tm.svc.DeleteProfile(ctx, session, profileID) +} + +func (tm *tracingMiddleware) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error { + ctx, span := tm.tracer.Start(ctx, "svc_assign_profile", trace.WithAttributes( + attribute.String("config_id", configID), + attribute.String("profile_id", profileID), + )) + defer span.End() + return tm.svc.AssignProfile(ctx, session, configID, profileID) +} + +func (tm *tracingMiddleware) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []bootstrap.BindingRequest) error { + ctx, span := tm.tracer.Start(ctx, "svc_bind_resources", trace.WithAttributes( + attribute.String("config_id", configID), + )) + defer span.End() + return tm.svc.BindResources(ctx, session, token, configID, bindings) +} + +func (tm *tracingMiddleware) ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]bootstrap.BindingSnapshot, error) { + ctx, span := tm.tracer.Start(ctx, "svc_list_bindings", trace.WithAttributes( + attribute.String("config_id", configID), + )) + defer span.End() + return tm.svc.ListBindings(ctx, session, configID) +} + +func (tm *tracingMiddleware) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error { + ctx, span := tm.tracer.Start(ctx, "svc_refresh_bindings", trace.WithAttributes( + attribute.String("config_id", configID), + )) + defer span.End() + return tm.svc.RefreshBindings(ctx, session, token, configID) } diff --git a/channels/middleware/authorization.go b/channels/middleware/authorization.go index 03860dfdc..f3deea458 100644 --- a/channels/middleware/authorization.go +++ b/channels/middleware/authorization.go @@ -344,7 +344,7 @@ func (am *authorizationMiddleware) authorize(ctx context.Context, session authn. UserID: session.UserID, PatID: session.PatID, EntityID: entityID, - EntityType: auth.ChannelsType.String(), + EntityType: patEntityType(entityType), Operation: opName, Domain: session.DomainID, } @@ -357,6 +357,15 @@ func (am *authorizationMiddleware) authorize(ctx context.Context, session authn. return nil } +func patEntityType(entityType string) string { + switch entityType { + case policies.ClientType: + return auth.ClientsType.String() + default: + return auth.ChannelsType.String() + } +} + func (am *authorizationMiddleware) checkSuperAdmin(ctx context.Context, session authn.Session) error { if session.Role != authn.SuperAdminRole { return svcerr.ErrSuperAdminAction diff --git a/cli/bootstrap.go b/cli/bootstrap.go index 342ec6235..cd3d37a0a 100644 --- a/cli/bootstrap.go +++ b/cli/bootstrap.go @@ -14,7 +14,7 @@ var cmdBootstrap = []cobra.Command{ { Use: "create ", Short: "Create config", - Long: `Create new Client Bootstrap Config to the user identified by the provided key`, + Long: `Create a new bootstrap enrollment in the given domain`, Run: func(cmd *cobra.Command, args []string) { if len(args) != 3 { logUsageCmd(*cmd, cmd.Use) @@ -37,11 +37,11 @@ var cmdBootstrap = []cobra.Command{ }, }, { - Use: "get [all | ] ", + Use: "get [all | ] ", Short: "Get config", - Long: `Get Client Config with given ID belonging to the user identified by the given key. + Long: `Get bootstrap enrollment with given ID belonging to the user identified by the given key. all - lists all config - - view config of `, + - view config of `, Run: func(cmd *cobra.Command, args []string) { if len(args) != 3 { logUsageCmd(*cmd, cmd.Use) @@ -50,7 +50,7 @@ var cmdBootstrap = []cobra.Command{ pageMetadata := mgsdk.PageMetadata{ Offset: Offset, Limit: Limit, - State: State, + Status: Status, Name: Name, } if args[0] == all { @@ -77,8 +77,7 @@ var cmdBootstrap = []cobra.Command{ Short: "Update config", Long: `Updates editable fields of the provided Config. config - Updates editable fields of the provided Config. - connection - Updates connections performs update of the channel list corresponding Client is connected to. - channel_ids - '["channel_id1", ...]' + connection - Unsupported legacy operation kept for compatibility. certs - Update bootstrap config certificates.`, Run: func(cmd *cobra.Command, args []string) { if len(args) < 4 { @@ -92,7 +91,7 @@ var cmdBootstrap = []cobra.Command{ return } - if err := sdk.UpdateBootstrap(cmd.Context(), cfg, args[1], args[2]); err != nil { + if err := sdk.UpdateBootstrap(cmd.Context(), cfg, args[2], args[3]); err != nil { logErrorCmd(*cmd, err) return } @@ -115,7 +114,7 @@ var cmdBootstrap = []cobra.Command{ return } if args[0] == "certs" { - cfg, err := sdk.UpdateBootstrapCerts(cmd.Context(), args[0], args[1], args[2], args[3], args[4], args[5]) + cfg, err := sdk.UpdateBootstrapCerts(cmd.Context(), args[1], args[2], args[3], args[4], args[5], args[6]) if err != nil { logErrorCmd(*cmd, err) return @@ -128,7 +127,7 @@ var cmdBootstrap = []cobra.Command{ }, }, { - Use: "remove ", + Use: "remove ", Short: "Remove config", Long: `Removes Config with specified key that belongs to the user identified by the given key`, Run: func(cmd *cobra.Command, args []string) { @@ -177,7 +176,7 @@ var cmdBootstrap = []cobra.Command{ { Use: "whitelist ", Short: "Whitelist config", - Long: `Whitelist updates client state config with given id from the authenticated user`, + Long: `Whitelist updates bootstrap status for the given enrollment`, Run: func(cmd *cobra.Command, args []string) { if len(args) != 3 { logUsageCmd(*cmd, cmd.Use) @@ -190,7 +189,7 @@ var cmdBootstrap = []cobra.Command{ return } - if err := sdk.Whitelist(cmd.Context(), cfg.ClientID, cfg.State, args[1], args[2]); err != nil { + if err := sdk.Whitelist(cmd.Context(), cfg.ID, cfg.Status, args[1], args[2]); err != nil { logErrorCmd(*cmd, err) return } @@ -198,14 +197,187 @@ var cmdBootstrap = []cobra.Command{ logOKCmd(*cmd) }, }, + { + Use: "profiles [create | get [all | ] | update | remove ]", + Short: "Manage bootstrap profiles", + Long: `Manage bootstrap profiles. + create - Create a bootstrap profile. + get all - List bootstrap profiles. + get - View bootstrap profile. + update - Update bootstrap profile. + remove - Remove bootstrap profile.`, + Run: func(cmd *cobra.Command, args []string) { + if len(args) == 0 { + logUsageCmd(*cmd, cmd.Use) + return + } + + switch args[0] { + case create: + if len(args) != 4 { + logUsageCmd(*cmd, cmd.Use) + return + } + + var profile mgsdk.BootstrapProfile + if err := json.Unmarshal([]byte(args[1]), &profile); err != nil { + logErrorCmd(*cmd, err) + return + } + + profile, err := sdk.CreateBootstrapProfile(cmd.Context(), profile, args[2], args[3]) + if err != nil { + logErrorCmd(*cmd, err) + return + } + + logJSONCmd(*cmd, profile) + case get: + if len(args) != 4 { + logUsageCmd(*cmd, cmd.Use) + return + } + + if args[1] == all { + pageMetadata := mgsdk.PageMetadata{ + Offset: Offset, + Limit: Limit, + } + profiles, err := sdk.BootstrapProfiles(cmd.Context(), pageMetadata, args[2], args[3]) + if err != nil { + logErrorCmd(*cmd, err) + return + } + + logJSONCmd(*cmd, profiles) + return + } + + profile, err := sdk.ViewBootstrapProfile(cmd.Context(), args[1], args[2], args[3]) + if err != nil { + logErrorCmd(*cmd, err) + return + } + + logJSONCmd(*cmd, profile) + case update: + if len(args) != 4 { + logUsageCmd(*cmd, cmd.Use) + return + } + + var profile mgsdk.BootstrapProfile + if err := json.Unmarshal([]byte(args[1]), &profile); err != nil { + logErrorCmd(*cmd, err) + return + } + + if err := sdk.UpdateBootstrapProfile(cmd.Context(), profile, args[2], args[3]); err != nil { + logErrorCmd(*cmd, err) + return + } + + logOKCmd(*cmd) + case "remove": + if len(args) != 4 { + logUsageCmd(*cmd, cmd.Use) + return + } + + if err := sdk.RemoveBootstrapProfile(cmd.Context(), args[1], args[2], args[3]); err != nil { + logErrorCmd(*cmd, err) + return + } + + logOKCmd(*cmd) + default: + logUsageCmd(*cmd, cmd.Use) + } + }, + }, + { + Use: "enrollments [assign-profile | bind | get-bindings | refresh-bindings ]", + Short: "Manage bootstrap enrollment bindings", + Long: `Manage bootstrap enrollment profile assignments and bindings. + assign-profile - Assign a profile to an enrollment. + bind - Bind concrete resources to an enrollment. + get-bindings - List stored binding snapshots for an enrollment. + refresh-bindings - Refresh stored binding snapshots for an enrollment.`, + Run: func(cmd *cobra.Command, args []string) { + if len(args) == 0 { + logUsageCmd(*cmd, cmd.Use) + return + } + + switch args[0] { + case "assign-profile": + if len(args) != 5 { + logUsageCmd(*cmd, cmd.Use) + return + } + + if err := sdk.AssignBootstrapProfile(cmd.Context(), args[1], args[2], args[3], args[4]); err != nil { + logErrorCmd(*cmd, err) + return + } + + logOKCmd(*cmd) + case "bind": + if len(args) != 5 { + logUsageCmd(*cmd, cmd.Use) + return + } + + var bindings []mgsdk.BootstrapBindingRequest + if err := json.Unmarshal([]byte(args[2]), &bindings); err != nil { + logErrorCmd(*cmd, err) + return + } + + if err := sdk.BindBootstrapResources(cmd.Context(), args[1], bindings, args[3], args[4]); err != nil { + logErrorCmd(*cmd, err) + return + } + + logOKCmd(*cmd) + case "get-bindings": + if len(args) != 4 { + logUsageCmd(*cmd, cmd.Use) + return + } + + bindings, err := sdk.BootstrapBindings(cmd.Context(), args[1], args[2], args[3]) + if err != nil { + logErrorCmd(*cmd, err) + return + } + + logJSONCmd(*cmd, bindings) + case "refresh-bindings": + if len(args) != 4 { + logUsageCmd(*cmd, cmd.Use) + return + } + + if err := sdk.RefreshBootstrapBindings(cmd.Context(), args[1], args[2], args[3]); err != nil { + logErrorCmd(*cmd, err) + return + } + + logOKCmd(*cmd) + default: + logUsageCmd(*cmd, cmd.Use) + } + }, + }, } // NewBootstrapCmd returns bootstrap command. func NewBootstrapCmd() *cobra.Command { cmd := cobra.Command{ - Use: "bootstrap [create | get | update | remove | bootstrap | whitelist]", + Use: "bootstrap [create | get | update | remove | bootstrap | whitelist | profiles | enrollments]", Short: "Bootstrap management", - Long: `Bootstrap management: create, get, update, delete or whitelist Bootstrap config`, + Long: `Bootstrap management: create, get, update, delete, whitelist, profiles, and enrollment bindings`, } for i := range cmdBootstrap { diff --git a/cli/bootstrap_test.go b/cli/bootstrap_test.go index 02a9f8ca6..1172ad2e7 100644 --- a/cli/bootstrap_test.go +++ b/cli/bootstrap_test.go @@ -24,13 +24,21 @@ var ( clientID = testsutil.GenerateUUID(&testing.T{}) channelID = testsutil.GenerateUUID(&testing.T{}) domainID = testsutil.GenerateUUID(&testing.T{}) + profileID = testsutil.GenerateUUID(&testing.T{}) bootConfig = mgsdk.BootstrapConfig{ - ClientID: clientID, - Channels: []string{channelID}, + ID: clientID, Name: "Test Bootstrap", ExternalID: "09:6:0:sb:sa", ExternalKey: "key", } + bootProfile = mgsdk.BootstrapProfile{ + ID: profileID, + Name: "Test Profile", + Description: "Test profile", + TemplateFormat: "go-template", + ContentTemplate: "{\"device_id\":\"{{ .Device.ID }}\"}", + Version: 1, + } validToken = "validToken" invalidToken = "invalidToken" extraArg = "extra-arg" @@ -44,8 +52,8 @@ func TestCreateBootstrapConfigCmd(t *testing.T) { bootCmd := cli.NewBootstrapCmd() rootCmd := setFlags(bootCmd) - jsonConfig := fmt.Sprintf("{\"external_id\":\"09:6:0:sb:sa\", \"client_id\": \"%s\", \"external_key\":\"key\", \"name\": \"%s\", \"channels\":[\"%s\"]}", clientID, "Test Bootstrap", channelID) - invalidJson := fmt.Sprintf("{\"external_id\":\"09:6:0:sb:sa\", \"client_id\": \"%s\", \"external_key\":\"key\", \"name\": \"%s\", \"channels\":[\"%s\"]", clientID, "Test Bootstrap", channelID) + jsonConfig := fmt.Sprintf("{\"external_id\":\"09:6:0:sb:sa\", \"external_key\":\"key\", \"name\": \"%s\"}", "Test Bootstrap") + invalidJson := fmt.Sprintf("{\"external_id\":\"09:6:0:sb:sa\", \"external_key\":\"key\", \"name\": \"%s\"", "Test Bootstrap") cases := []struct { desc string args []string @@ -473,7 +481,7 @@ func TestWhitelistConfigCmd(t *testing.T) { bootCmd := cli.NewBootstrapCmd() rootCmd := setFlags(bootCmd) - jsonConfig := fmt.Sprintf("{\"client_id\": \"%s\", \"state\":%d}", clientID, 1) + jsonConfig := fmt.Sprintf("{\"client_id\": \"%s\", \"status\":%d}", clientID, 1) cases := []struct { desc string @@ -504,7 +512,7 @@ func TestWhitelistConfigCmd(t *testing.T) { { desc: "whitelist config with invalid json", args: []string{ - fmt.Sprintf("{\"client_id\": \"%s\", \"state\":%d", clientID, 1), + fmt.Sprintf("{\"client_id\": \"%s\", \"status\":%d", clientID, 1), domainID, validToken, }, @@ -631,3 +639,233 @@ func TestBootstrapConfigCmd(t *testing.T) { }) } } + +func TestBootstrapProfilesCmd(t *testing.T) { + sdkMock := new(sdkmocks.SDK) + cli.SetSDK(sdkMock) + bootCmd := cli.NewBootstrapCmd() + rootCmd := setFlags(bootCmd) + + profilePayload, err := json.Marshal(bootProfile) + assert.Nil(t, err) + jsonProfile := string(profilePayload) + + cases := []struct { + desc string + args []string + profile mgsdk.BootstrapProfile + page mgsdk.BootstrapProfilesPage + sdkErr errors.SDKError + logType outputLog + errLogMessage string + }{ + { + desc: "create bootstrap profile successfully", + args: []string{ + "create", + jsonProfile, + domainID, + validToken, + }, + profile: bootProfile, + logType: entityLog, + }, + { + desc: "get all bootstrap profiles successfully", + args: []string{ + "get", + all, + domainID, + validToken, + }, + page: mgsdk.BootstrapProfilesPage{ + PageRes: mgsdk.PageRes{ + Total: 1, + Offset: 0, + Limit: 10, + }, + Profiles: []mgsdk.BootstrapProfile{bootProfile}, + }, + logType: entityLog, + }, + { + desc: "view bootstrap profile successfully", + args: []string{ + "get", + profileID, + domainID, + validToken, + }, + profile: bootProfile, + logType: entityLog, + }, + { + desc: "update bootstrap profile successfully", + args: []string{ + "update", + jsonProfile, + domainID, + validToken, + }, + logType: okLog, + }, + { + desc: "remove bootstrap profile successfully", + args: []string{ + "remove", + profileID, + domainID, + validToken, + }, + logType: okLog, + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + var gotProfile mgsdk.BootstrapProfile + var gotPage mgsdk.BootstrapProfilesPage + + createCall := sdkMock.On("CreateBootstrapProfile", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.profile, tc.sdkErr) + listCall := sdkMock.On("BootstrapProfiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.page, tc.sdkErr) + viewCall := sdkMock.On("ViewBootstrapProfile", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.profile, tc.sdkErr) + updateCall := sdkMock.On("UpdateBootstrapProfile", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.sdkErr) + removeCall := sdkMock.On("RemoveBootstrapProfile", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.sdkErr) + + out := executeCommand(t, rootCmd, append([]string{"profiles"}, tc.args...)...) + + switch tc.logType { + case entityLog: + if tc.args[0] == "get" && tc.args[1] == all { + err := json.Unmarshal([]byte(out), &gotPage) + assert.Nil(t, err) + assert.Equal(t, tc.page, gotPage, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.page, gotPage)) + } else { + err := json.Unmarshal([]byte(out), &gotProfile) + assert.Nil(t, err) + assert.Equal(t, tc.profile, gotProfile, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.profile, gotProfile)) + } + case okLog: + assert.True(t, strings.Contains(out, "ok"), fmt.Sprintf("%s unexpected response: expected success message, got: %v", tc.desc, out)) + case errLog: + assert.Equal(t, tc.errLogMessage, out, fmt.Sprintf("%s unexpected error response: expected %s got errLogMessage:%s", tc.desc, tc.errLogMessage, out)) + case usageLog: + assert.False(t, strings.Contains(out, rootCmd.Use), fmt.Sprintf("%s invalid usage: %s", tc.desc, out)) + } + + createCall.Unset() + listCall.Unset() + viewCall.Unset() + updateCall.Unset() + removeCall.Unset() + }) + } +} + +func TestBootstrapEnrollmentsCmd(t *testing.T) { + sdkMock := new(sdkmocks.SDK) + cli.SetSDK(sdkMock) + bootCmd := cli.NewBootstrapCmd() + rootCmd := setFlags(bootCmd) + + bindings := []mgsdk.BootstrapBindingRequest{ + { + Slot: "mqtt_client", + Type: "client", + ResourceID: clientID, + }, + } + snapshots := []mgsdk.BootstrapBindingSnapshot{ + { + ConfigID: clientID, + Slot: "mqtt_client", + Type: "client", + ResourceID: clientID, + }, + } + jsonBindings := fmt.Sprintf("[{\"slot\":\"%s\",\"type\":\"%s\",\"resource_id\":\"%s\"}]", bindings[0].Slot, bindings[0].Type, bindings[0].ResourceID) + + cases := []struct { + desc string + args []string + snapshots []mgsdk.BootstrapBindingSnapshot + sdkErr errors.SDKError + logType outputLog + errLogMessage string + }{ + { + desc: "assign bootstrap profile successfully", + args: []string{ + "assign-profile", + clientID, + profileID, + domainID, + validToken, + }, + logType: okLog, + }, + { + desc: "bind bootstrap resources successfully", + args: []string{ + "bind", + clientID, + jsonBindings, + domainID, + validToken, + }, + logType: okLog, + }, + { + desc: "get bootstrap bindings successfully", + args: []string{ + "get-bindings", + clientID, + domainID, + validToken, + }, + snapshots: snapshots, + logType: entityLog, + }, + { + desc: "refresh bootstrap bindings successfully", + args: []string{ + "refresh-bindings", + clientID, + domainID, + validToken, + }, + logType: okLog, + }, + } + + for _, tc := range cases { + t.Run(tc.desc, func(t *testing.T) { + var gotSnapshots []mgsdk.BootstrapBindingSnapshot + + assignCall := sdkMock.On("AssignBootstrapProfile", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.sdkErr) + bindCall := sdkMock.On("BindBootstrapResources", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.sdkErr) + listCall := sdkMock.On("BootstrapBindings", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.snapshots, tc.sdkErr) + refreshCall := sdkMock.On("RefreshBootstrapBindings", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.sdkErr) + + out := executeCommand(t, rootCmd, append([]string{"enrollments"}, tc.args...)...) + + switch tc.logType { + case entityLog: + err := json.Unmarshal([]byte(out), &gotSnapshots) + assert.Nil(t, err) + assert.Equal(t, tc.snapshots, gotSnapshots, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.snapshots, gotSnapshots)) + case okLog: + assert.True(t, strings.Contains(out, "ok"), fmt.Sprintf("%s unexpected response: expected success message, got: %v", tc.desc, out)) + case errLog: + assert.Equal(t, tc.errLogMessage, out, fmt.Sprintf("%s unexpected error response: expected %s got errLogMessage:%s", tc.desc, tc.errLogMessage, out)) + case usageLog: + assert.False(t, strings.Contains(out, rootCmd.Use), fmt.Sprintf("%s invalid usage: %s", tc.desc, out)) + } + + assignCall.Unset() + bindCall.Unset() + listCall.Unset() + refreshCall.Unset() + }) + } +} diff --git a/cli/utils.go b/cli/utils.go index 74fcbed3b..47e8ccd03 100644 --- a/cli/utils.go +++ b/cli/utils.go @@ -30,8 +30,6 @@ var ( Status string = "" // ConfigPath config path parameter. ConfigPath string = "" - // State query parameter. - State string = "" // Topic query parameter. Topic string = "" // Contact query parameter. diff --git a/cmd/bootstrap/main.go b/cmd/bootstrap/main.go index 4f6bc82ef..5e815df57 100644 --- a/cmd/bootstrap/main.go +++ b/cmd/bootstrap/main.go @@ -16,8 +16,8 @@ import ( "github.com/absmach/magistrala" "github.com/absmach/magistrala/bootstrap" httpapi "github.com/absmach/magistrala/bootstrap/api" - "github.com/absmach/magistrala/bootstrap/events/consumer" "github.com/absmach/magistrala/bootstrap/events/producer" + bootstraphasher "github.com/absmach/magistrala/bootstrap/hasher" "github.com/absmach/magistrala/bootstrap/middleware" bootstrappg "github.com/absmach/magistrala/bootstrap/postgres" "github.com/absmach/magistrala/bootstrap/tracing" @@ -27,26 +27,18 @@ import ( smqauthz "github.com/absmach/magistrala/pkg/authz" authsvcAuthz "github.com/absmach/magistrala/pkg/authz/authsvc" domainsAuthz "github.com/absmach/magistrala/pkg/domains/grpcclient" - "github.com/absmach/magistrala/pkg/events" "github.com/absmach/magistrala/pkg/events/store" "github.com/absmach/magistrala/pkg/grpcclient" "github.com/absmach/magistrala/pkg/jaeger" - "github.com/absmach/magistrala/pkg/policies" - "github.com/absmach/magistrala/pkg/policies/spicedb" pgclient "github.com/absmach/magistrala/pkg/postgres" "github.com/absmach/magistrala/pkg/prometheus" mgsdk "github.com/absmach/magistrala/pkg/sdk" "github.com/absmach/magistrala/pkg/server" httpserver "github.com/absmach/magistrala/pkg/server/http" "github.com/absmach/magistrala/pkg/uuid" - "github.com/authzed/authzed-go/v1" - "github.com/authzed/grpcutil" "github.com/caarlos0/env/v11" - "github.com/jmoiron/sqlx" "go.opentelemetry.io/otel/trace" "golang.org/x/sync/errgroup" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" ) const ( @@ -57,9 +49,6 @@ const ( envPrefixDomains = "MG_DOMAINS_GRPC_" defDB = "bootstrap" defSvcHTTPPort = "9013" - - stream = "events.magistrala.clients" - streamID = "magistrala.bootstrap" ) type config struct { @@ -108,7 +97,9 @@ func main() { if err := env.ParseWithOptions(&dbConfig, env.Options{Prefix: envPrefixDB}); err != nil { logger.Error(err.Error()) } - db, err := pgclient.Setup(dbConfig, *bootstrappg.Migration()) + migration := bootstrappg.Migration() + + db, err := pgclient.Setup(dbConfig, *migration) if err != nil { logger.Error(err.Error()) exitCode = 1 @@ -116,14 +107,6 @@ func main() { } defer db.Close() - policySvc, err := newPolicyService(cfg, logger) - if err != nil { - logger.Error(err.Error()) - exitCode = 1 - return - } - logger.Info("Policy client successfully connected to spicedb gRPC server") - tp, err := jaeger.NewProvider(ctx, svcName, cfg.JaegerURL, cfg.InstanceID, cfg.TraceRatio) if err != nil { logger.Error(fmt.Sprintf("failed to init Jaeger: %s", err)) @@ -176,22 +159,16 @@ func main() { defer authzClient.Close() logger.Info("AuthZ successfully connected to auth gRPC server " + authzClient.Secure()) + database := pgclient.NewDatabase(db, dbConfig, tracer) + // Create new service - svc, err := newService(ctx, authz, policySvc, db, tracer, logger, cfg, dbConfig) + svc, err := newService(ctx, authz, database, tracer, logger, cfg) if err != nil { logger.Error(fmt.Sprintf("failed to create %s service: %s", svcName, err)) exitCode = 1 return } - if err = subscribeToClientsES(ctx, svc, cfg, logger); err != nil { - logger.Error(fmt.Sprintf("failed to subscribe to clients event store: %s", err)) - exitCode = 1 - return - } - - logger.Info("Subscribed to Event Store") - httpServerConfig := server.Config{Port: defSvcHTTPPort} if err := env.ParseWithOptions(&httpServerConfig, env.Options{Prefix: envPrefixHTTP}); err != nil { logger.Error(fmt.Sprintf("failed to load %s HTTP server configuration : %s", svcName, err)) @@ -218,10 +195,10 @@ func main() { } } -func newService(ctx context.Context, authz smqauthz.Authorization, policySvc policies.Service, db *sqlx.DB, tracer trace.Tracer, logger *slog.Logger, cfg config, dbConfig pgclient.Config) (bootstrap.Service, error) { - database := pgclient.NewDatabase(db, dbConfig, tracer) - +func newService(ctx context.Context, authz smqauthz.Authorization, database pgclient.Database, tracer trace.Tracer, logger *slog.Logger, cfg config) (bootstrap.Service, error) { repoConfig := bootstrappg.NewConfigRepository(database, logger) + repoProfile := bootstrappg.NewProfileRepository(database, logger) + repoBindings := bootstrappg.NewBindingRepository(database, logger) config := mgsdk.Config{ ClientsURL: cfg.ClientsURL, @@ -230,8 +207,20 @@ func newService(ctx context.Context, authz smqauthz.Authorization, policySvc pol sdk := mgsdk.NewSDK(config) idp := uuid.New() + resolver := bootstrap.NewSDKResolver(sdk) + renderer := bootstrap.NewRenderer() - svc := bootstrap.New(policySvc, repoConfig, sdk, []byte(cfg.EncKey), idp) + svc := bootstrap.New( + repoConfig, + repoProfile, + repoBindings, + resolver, + renderer, + sdk, + bootstraphasher.New(), + []byte(cfg.EncKey), + idp, + ) publisher, err := store.NewPublisher(ctx, cfg.ESURL, "bootstrap-es-pub") if err != nil { @@ -247,31 +236,3 @@ func newService(ctx context.Context, authz smqauthz.Authorization, policySvc pol return svc, nil } - -func subscribeToClientsES(ctx context.Context, svc bootstrap.Service, cfg config, logger *slog.Logger) error { - subscriber, err := store.NewSubscriber(ctx, cfg.ESURL, "bootstrap-es-sub", logger) - if err != nil { - return err - } - - subConfig := events.SubscriberConfig{ - Stream: stream, - Consumer: cfg.ESConsumerName, - Handler: consumer.NewEventHandler(svc), - } - return subscriber.Subscribe(ctx, subConfig) -} - -func newPolicyService(cfg config, logger *slog.Logger) (policies.Service, error) { - client, err := authzed.NewClientWithExperimentalAPIs( - fmt.Sprintf("%s:%s", cfg.SpicedbHost, cfg.SpicedbPort), - grpc.WithTransportCredentials(insecure.NewCredentials()), - grpcutil.WithInsecureBearerToken(cfg.SpicedbPreSharedKey), - ) - if err != nil { - return nil, err - } - policySvc := spicedb.NewPolicyService(client, logger) - - return policySvc, nil -} diff --git a/docker/addons/provision/configs/config.toml b/docker/addons/provision/configs/config.toml index d40a4d663..6ac19318d 100644 --- a/docker/addons/provision/configs/config.toml +++ b/docker/addons/provision/configs/config.toml @@ -3,9 +3,6 @@ [bootstrap] [bootstrap.content] - [bootstrap.content.agent.edgex] - url = "http://localhost:48090/api/v1/" - [bootstrap.content.agent.log] level = "info" @@ -17,7 +14,7 @@ url = "localhost:1883" [bootstrap.content.agent.server] - nats_url = "localhost:4222" + fluxmq_url = "amqp://guest:guest@localhost:5682/" port = "9000" [bootstrap.content.agent.heartbeat] @@ -29,7 +26,7 @@ [bootstrap.content.export.exp] log_level = "debug" - nats = "nats://localhost:4222" + fluxmq = "amqp://guest:guest@localhost:5682/" port = "8172" cache_url = "localhost:6379" cache_pass = "" @@ -37,12 +34,12 @@ [bootstrap.content.export.mqtt] ca_path = "ca.crt" - cert_path = "thing.crt" + cert_path = "client.crt" channel = "" host = "tcp://localhost:1883" mtls = false password = "" - priv_key_path = "thing.key" + priv_key_path = "client.key" qos = 0 retain = false skip_tls_ver = false @@ -50,7 +47,7 @@ [[bootstrap.content.export.routes]] mqtt_topic = "" - nats_topic = ">" + fluxmq_topic = "#" subtopic = "" type = "plain" workers = 10 diff --git a/docker/openbao-entrypoint.sh b/docker/openbao-entrypoint.sh index c3f3d59bf..c6adff838 100755 --- a/docker/openbao-entrypoint.sh +++ b/docker/openbao-entrypoint.sh @@ -27,6 +27,33 @@ EOF export BAO_ADDR=http://127.0.0.1:8200 +wait_for_bao() { + local retries=30 + while [ "$retries" -gt 0 ]; do + local code=0 + bao status -format=json >/dev/null 2>&1 || code=$? + # exit 0 = unsealed, exit 2 = sealed — both mean the server is up and responding + if [ "$code" -eq 0 ] || [ "$code" -eq 2 ]; then + return 0 + fi + retries=$((retries - 1)) + sleep 2 + done + echo "ERROR: OpenBao server did not become ready in time" >&2 + exit 1 +} + +unseal_bao() { + local key1="$1" key2="$2" key3="$3" + if [ -z "$key1" ] || [ -z "$key2" ] || [ -z "$key3" ]; then + echo "ERROR: One or more unseal keys are empty — cannot unseal" >&2 + exit 1 + fi + bao operator unseal "$key1" + bao operator unseal "$key2" + bao operator unseal "$key3" +} + create_pki_policy() { cat > /opt/openbao/config/pki-policy.hcl << EOF path "pki_int/issue/${MG_CERTS_OPENBAO_PKI_ROLE}" { @@ -92,12 +119,10 @@ if [ -n "$MG_CERTS_OPENBAO_UNSEAL_KEY_1" ] && [ -n "$MG_CERTS_OPENBAO_UNSEAL_KEY echo "Using pre-configured unseal keys and root token..." bao server -config=/opt/openbao/config/config.hcl > /opt/openbao/logs/server.log 2>&1 & BAO_PID=$! - sleep 5 - - bao operator unseal "$MG_CERTS_OPENBAO_UNSEAL_KEY_1" - bao operator unseal "$MG_CERTS_OPENBAO_UNSEAL_KEY_2" - bao operator unseal "$MG_CERTS_OPENBAO_UNSEAL_KEY_3" - + wait_for_bao + + unseal_bao "$MG_CERTS_OPENBAO_UNSEAL_KEY_1" "$MG_CERTS_OPENBAO_UNSEAL_KEY_2" "$MG_CERTS_OPENBAO_UNSEAL_KEY_3" + export BAO_TOKEN=$MG_CERTS_OPENBAO_ROOT_TOKEN else # Initialize OpenBao if not already done @@ -105,21 +130,18 @@ else echo "Initializing OpenBao for the first time..." bao server -config=/opt/openbao/config/config.hcl > /opt/openbao/logs/server.log 2>&1 & BAO_PID=$! - sleep 5 + wait_for_bao # Initialize with 5 key shares and threshold of 3 bao operator init -key-shares=5 -key-threshold=3 -format=json > /opt/openbao/data/init.json # Extract unseal keys and root token - UNSEAL_KEY_1=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[0]') - UNSEAL_KEY_2=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[1]') - UNSEAL_KEY_3=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[2]') - ROOT_TOKEN=$(cat /opt/openbao/data/init.json | jq -r '.root_token') + UNSEAL_KEY_1=$(jq -r '.unseal_keys_b64[0]' /opt/openbao/data/init.json) + UNSEAL_KEY_2=$(jq -r '.unseal_keys_b64[1]' /opt/openbao/data/init.json) + UNSEAL_KEY_3=$(jq -r '.unseal_keys_b64[2]' /opt/openbao/data/init.json) + ROOT_TOKEN=$(jq -r '.root_token' /opt/openbao/data/init.json) - # Unseal OpenBao - bao operator unseal "$UNSEAL_KEY_1" - bao operator unseal "$UNSEAL_KEY_2" - bao operator unseal "$UNSEAL_KEY_3" + unseal_bao "$UNSEAL_KEY_1" "$UNSEAL_KEY_2" "$UNSEAL_KEY_3" export BAO_TOKEN=$ROOT_TOKEN echo "OpenBao initialized successfully!" @@ -127,24 +149,22 @@ else echo "OpenBao already initialized, starting server..." bao server -config=/opt/openbao/config/config.hcl > /opt/openbao/logs/server.log 2>&1 & BAO_PID=$! - sleep 5 + wait_for_bao # Check if OpenBao is sealed and unseal if necessary - if bao status -format=json | jq -e '.sealed == true' >/dev/null; then + if bao status -format=json | jq -e '.sealed == true' >/dev/null 2>&1; then echo "OpenBao is sealed, unsealing..." - UNSEAL_KEY_1=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[0]') - UNSEAL_KEY_2=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[1]') - UNSEAL_KEY_3=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[2]') + UNSEAL_KEY_1=$(jq -r '.unseal_keys_b64[0]' /opt/openbao/data/init.json) + UNSEAL_KEY_2=$(jq -r '.unseal_keys_b64[1]' /opt/openbao/data/init.json) + UNSEAL_KEY_3=$(jq -r '.unseal_keys_b64[2]' /opt/openbao/data/init.json) - bao operator unseal "$UNSEAL_KEY_1" - bao operator unseal "$UNSEAL_KEY_2" - bao operator unseal "$UNSEAL_KEY_3" + unseal_bao "$UNSEAL_KEY_1" "$UNSEAL_KEY_2" "$UNSEAL_KEY_3" echo "OpenBao unsealed successfully!" else echo "OpenBao is already unsealed!" fi - ROOT_TOKEN=$(cat /opt/openbao/data/init.json | jq -r '.root_token') + ROOT_TOKEN=$(jq -r '.root_token' /opt/openbao/data/init.json) export BAO_TOKEN=$ROOT_TOKEN fi fi diff --git a/go.mod b/go.mod index 43a260132..1b60094e1 100644 --- a/go.mod +++ b/go.mod @@ -156,7 +156,7 @@ require ( github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect github.com/opencontainers/runc v1.2.8 // indirect - github.com/pelletier/go-toml/v2 v2.3.0 // indirect + github.com/pelletier/go-toml/v2 v2.3.0 github.com/pion/dtls/v3 v3.1.2 // indirect github.com/pion/logging v0.2.4 // indirect github.com/pion/transport/v4 v4.0.1 // indirect diff --git a/pkg/bootstrap/events/consumer/doc.go b/pkg/bootstrap/events/consumer/doc.go new file mode 100644 index 000000000..ac76e55de --- /dev/null +++ b/pkg/bootstrap/events/consumer/doc.go @@ -0,0 +1,6 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +// Package consumer contains events consumer for client and channel events +// consumed by the Bootstrap service. +package consumer diff --git a/pkg/bootstrap/events/consumer/streams.go b/pkg/bootstrap/events/consumer/streams.go new file mode 100644 index 000000000..96d673923 --- /dev/null +++ b/pkg/bootstrap/events/consumer/streams.go @@ -0,0 +1,46 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package consumer + +import ( + "context" + "log/slog" + + "github.com/absmach/magistrala/bootstrap" + "github.com/absmach/magistrala/pkg/events" + "github.com/absmach/magistrala/pkg/events/store" +) + +const stream = "events.magistrala.*.*" + +type eventHandler struct { + svc bootstrap.Service +} + +// BootstrapEventsSubscribe subscribes bootstrap config-state handlers to the event store. +func BootstrapEventsSubscribe(ctx context.Context, svc bootstrap.Service, esURL, esConsumerName string, logger *slog.Logger) error { + subscriber, err := store.NewSubscriber(ctx, esURL, "bootstrap-es-sub", logger) + if err != nil { + return err + } + + subConfig := events.SubscriberConfig{ + Stream: stream, + Consumer: esConsumerName, + Handler: NewEventHandler(svc), + Ordered: true, + } + return subscriber.Subscribe(ctx, subConfig) +} + +// NewEventHandler returns bootstrap events handler. +func NewEventHandler(svc bootstrap.Service) events.EventHandler { + return &eventHandler{ + svc: svc, + } +} + +func (es *eventHandler) Handle(_ context.Context, _ events.Event) error { + return nil +} diff --git a/pkg/bootstrap/events/doc.go b/pkg/bootstrap/events/doc.go new file mode 100644 index 000000000..61cd808b0 --- /dev/null +++ b/pkg/bootstrap/events/doc.go @@ -0,0 +1,6 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +// Package events provides the events sourcing of bootstrap +// provide replication in other service and definitions needed to support it +package events diff --git a/pkg/sdk/bootstrap.go b/pkg/sdk/bootstrap.go index b1c0f502f..5e895125c 100644 --- a/pkg/sdk/bootstrap.go +++ b/pkg/sdk/bootstrap.go @@ -14,86 +14,138 @@ import ( "io" "net/http" "strings" + "time" apiutil "github.com/absmach/magistrala/api/http/util" "github.com/absmach/magistrala/pkg/errors" ) const ( - configsEndpoint = "clients/configs" - bootstrapEndpoint = "clients/bootstrap" - whitelistEndpoint = "clients/state" - bootstrapCertsEndpoint = "clients/configs/certs" - bootstrapConnEndpoint = "clients/configs/connections" - secureEndpoint = "secure" + configsEndpoint = "clients/configs" + bootstrapEndpoint = "clients/bootstrap" + bootstrapCertsEndpoint = "clients/configs/certs" + bootstrapProfilesPath = "clients/bootstrap/profiles" + bootstrapEnrollmentsPath = "clients/bootstrap/enrollments" + secureEndpoint = "secure" ) -// BootstrapConfig represents Configuration entity. It wraps information about external entity -// as well as info about corresponding Magistrala entities. -// MGClient represents corresponding Magistrala Client ID. -// MGKey is key of corresponding Magistrala Client. -// MGChannels is a list of Magistrala Channels corresponding Magistrala Client connects to. -type BootstrapConfig struct { - Channels any `json:"channels,omitempty"` - ExternalID string `json:"external_id,omitempty"` - ExternalKey string `json:"external_key,omitempty"` - ClientID string `json:"client_id,omitempty"` - ClientSecret string `json:"client_secret,omitempty"` - Name string `json:"name,omitempty"` - ClientCert string `json:"client_cert,omitempty"` - ClientKey string `json:"client_key,omitempty"` - CACert string `json:"ca_cert,omitempty"` - Content string `json:"content,omitempty"` - State int `json:"state,omitempty"` +var ( + errInvalidBootstrapStatus = errors.New("invalid bootstrap status") + errBootstrapConnectionsDisabled = errors.New("bootstrap connection updates are no longer supported") +) + +type BootstrapStatus string + +const ( + BootstrapDisabledStatus BootstrapStatus = DisabledStatus + BootstrapEnabledStatus BootstrapStatus = EnabledStatus +) + +func (s BootstrapStatus) String() string { + return string(s) } -func (ts *BootstrapConfig) UnmarshalJSON(data []byte) error { - var rawData map[string]json.RawMessage - if err := json.Unmarshal(data, &rawData); err != nil { - return err +func (s BootstrapStatus) MarshalJSON() ([]byte, error) { + return json.Marshal(string(s)) +} + +func (s *BootstrapStatus) UnmarshalJSON(data []byte) error { + if len(data) == 0 || string(data) == "null" { + return nil } - if channelData, ok := rawData["channels"]; ok { - var stringData []string - if err := json.Unmarshal(channelData, &stringData); err == nil { - ts.Channels = stringData - } else { - var channels []Channel - if err := json.Unmarshal(channelData, &channels); err == nil { - ts.Channels = channels - } else { - return fmt.Errorf("unsupported channel data type") - } + if data[0] != '"' { + var n int + if err := json.Unmarshal(data, &n); err != nil { + return err + } + switch n { + case 0: + *s = BootstrapDisabledStatus + return nil + case 1: + *s = BootstrapEnabledStatus + return nil + default: + return errInvalidBootstrapStatus } } - if err := json.Unmarshal(data, &struct { - ExternalID *string `json:"external_id,omitempty"` - ExternalKey *string `json:"external_key,omitempty"` - ClientID *string `json:"client_id,omitempty"` - ClientSecret *string `json:"client_secret,omitempty"` - Name *string `json:"name,omitempty"` - ClientCert *string `json:"client_cert,omitempty"` - ClientKey *string `json:"client_key,omitempty"` - CACert *string `json:"ca_cert,omitempty"` - Content *string `json:"content,omitempty"` - State *int `json:"state,omitempty"` - }{ - ExternalID: &ts.ExternalID, - ExternalKey: &ts.ExternalKey, - ClientID: &ts.ClientID, - ClientSecret: &ts.ClientSecret, - Name: &ts.Name, - ClientCert: &ts.ClientCert, - ClientKey: &ts.ClientKey, - CACert: &ts.CACert, - Content: &ts.Content, - State: &ts.State, - }); err != nil { + var status string + if err := json.Unmarshal(data, &status); err != nil { return err } - return nil + switch strings.ToLower(status) { + case DisabledStatus: + *s = BootstrapDisabledStatus + return nil + case EnabledStatus: + *s = BootstrapEnabledStatus + return nil + default: + return errInvalidBootstrapStatus + } +} + +// BootstrapConfig represents a bootstrap enrollment. +type BootstrapConfig struct { + ID string `json:"id,omitempty"` + ExternalID string `json:"external_id,omitempty"` + ExternalKey string `json:"external_key,omitempty"` + Name string `json:"name,omitempty"` + ClientCert string `json:"client_cert,omitempty"` + ClientKey string `json:"client_key,omitempty"` + CACert string `json:"ca_cert,omitempty"` + Content string `json:"content,omitempty"` + Status BootstrapStatus `json:"status,omitempty"` + ProfileID string `json:"profile_id,omitempty"` + RenderContext map[string]any `json:"render_context,omitempty"` +} + +// BootstrapProfile represents a bootstrap profile template. +type BootstrapProfile struct { + ID string `json:"id,omitempty"` + DomainID string `json:"domain_id,omitempty"` + Name string `json:"name,omitempty"` + Description string `json:"description,omitempty"` + TemplateFormat string `json:"template_format,omitempty"` + ContentTemplate string `json:"content_template,omitempty"` + Defaults map[string]any `json:"defaults,omitempty"` + BindingSlots []BindingSlot `json:"binding_slots,omitempty"` + Version int `json:"version,omitempty"` + CreatedAt time.Time `json:"created_at,omitempty"` + UpdatedAt time.Time `json:"updated_at,omitempty"` +} + +// BindingSlot declares a named resource placeholder for a bootstrap profile. +type BindingSlot struct { + Name string `json:"name"` + Type string `json:"type"` + Required bool `json:"required"` + Fields []string `json:"fields,omitempty"` +} + +// BootstrapBindingRequest binds a profile slot to a concrete resource. +type BootstrapBindingRequest struct { + Slot string `json:"slot"` + Type string `json:"type"` + ResourceID string `json:"resource_id"` +} + +// BootstrapBindingSnapshot contains a stored enrollment binding snapshot. +type BootstrapBindingSnapshot struct { + ConfigID string `json:"config_id"` + Slot string `json:"slot"` + Type string `json:"type"` + ResourceID string `json:"resource_id"` + Snapshot map[string]any `json:"snapshot,omitempty"` + SecretSnapshot map[string]any `json:"secret_snapshot,omitempty"` + UpdatedAt time.Time `json:"updated_at,omitempty"` +} + +type bootstrapBindingsRes struct { + Bindings []BootstrapBindingSnapshot `json:"bindings"` } func (sdk mgSDK) AddBootstrap(ctx context.Context, cfg BootstrapConfig, domainID, token string) (string, errors.SDKError) { @@ -114,6 +166,26 @@ func (sdk mgSDK) AddBootstrap(ctx context.Context, cfg BootstrapConfig, domainID return id, nil } +func (sdk mgSDK) CreateBootstrapProfile(ctx context.Context, profile BootstrapProfile, domainID, token string) (BootstrapProfile, errors.SDKError) { + data, err := json.Marshal(profile) + if err != nil { + return BootstrapProfile{}, errors.NewSDKError(err) + } + + url := fmt.Sprintf("%s/%s/%s", sdk.bootstrapURL, domainID, bootstrapProfilesPath) + _, body, sdkerr := sdk.processRequest(ctx, http.MethodPost, url, token, data, nil, http.StatusOK, http.StatusCreated) + if sdkerr != nil { + return BootstrapProfile{}, sdkerr + } + + var saved BootstrapProfile + if err := json.Unmarshal(body, &saved); err != nil { + return BootstrapProfile{}, errors.NewSDKError(err) + } + + return saved, nil +} + func (sdk mgSDK) Bootstraps(ctx context.Context, pm PageMetadata, domainID, token string) (BootstrapPage, errors.SDKError) { endpoint := fmt.Sprintf("%s/%s", domainID, configsEndpoint) url, err := sdk.withQueryParams(sdk.bootstrapURL, endpoint, pm) @@ -134,19 +206,44 @@ func (sdk mgSDK) Bootstraps(ctx context.Context, pm PageMetadata, domainID, toke return bb, nil } -func (sdk mgSDK) Whitelist(ctx context.Context, clientID string, state int, domainID, token string) errors.SDKError { - if clientID == "" { +func (sdk mgSDK) BootstrapProfiles(ctx context.Context, pm PageMetadata, domainID, token string) (BootstrapProfilesPage, errors.SDKError) { + endpoint := fmt.Sprintf("%s/%s", domainID, bootstrapProfilesPath) + url, err := sdk.withQueryParams(sdk.bootstrapURL, endpoint, pm) + if err != nil { + return BootstrapProfilesPage{}, errors.NewSDKError(err) + } + + _, body, sdkerr := sdk.processRequest(ctx, http.MethodGet, url, token, nil, nil, http.StatusOK) + if sdkerr != nil { + return BootstrapProfilesPage{}, sdkerr + } + + var page BootstrapProfilesPage + if err := json.Unmarshal(body, &page); err != nil { + return BootstrapProfilesPage{}, errors.NewSDKError(err) + } + + return page, nil +} + +func (sdk mgSDK) Whitelist(ctx context.Context, id string, status BootstrapStatus, domainID, token string) errors.SDKError { + if id == "" { return errors.NewSDKError(apiutil.ErrMissingID) } - data, err := json.Marshal(BootstrapConfig{State: state}) - if err != nil { - return errors.NewSDKError(err) + var action string + switch status { + case BootstrapEnabledStatus: + action = enableEndpoint + case BootstrapDisabledStatus: + action = disableEndpoint + default: + return errors.NewSDKErrorWithStatus(errInvalidBootstrapStatus, http.StatusBadRequest) } - url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, whitelistEndpoint, clientID) + url := fmt.Sprintf("%s/%s/%s/%s/%s", sdk.bootstrapURL, domainID, configsEndpoint, id, action) - _, _, sdkerr := sdk.processRequest(ctx, http.MethodPut, url, token, data, nil, http.StatusCreated, http.StatusOK) + _, _, sdkerr := sdk.processRequest(ctx, http.MethodPost, url, token, nil, nil, http.StatusOK) return sdkerr } @@ -170,22 +267,56 @@ func (sdk mgSDK) ViewBootstrap(ctx context.Context, id, domainID, token string) return bc, nil } +func (sdk mgSDK) ViewBootstrapProfile(ctx context.Context, id, domainID, token string) (BootstrapProfile, errors.SDKError) { + if id == "" { + return BootstrapProfile{}, errors.NewSDKError(apiutil.ErrMissingID) + } + + url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, bootstrapProfilesPath, id) + _, body, sdkerr := sdk.processRequest(ctx, http.MethodGet, url, token, nil, nil, http.StatusOK) + if sdkerr != nil { + return BootstrapProfile{}, sdkerr + } + + var profile BootstrapProfile + if err := json.Unmarshal(body, &profile); err != nil { + return BootstrapProfile{}, errors.NewSDKError(err) + } + + return profile, nil +} + func (sdk mgSDK) UpdateBootstrap(ctx context.Context, cfg BootstrapConfig, domainID, token string) errors.SDKError { - if cfg.ClientID == "" { + if cfg.ID == "" { return errors.NewSDKError(apiutil.ErrMissingID) } - url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, configsEndpoint, cfg.ClientID) + url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, configsEndpoint, cfg.ID) data, err := json.Marshal(cfg) if err != nil { return errors.NewSDKError(err) } - _, _, sdkerr := sdk.processRequest(ctx, http.MethodPut, url, token, data, nil, http.StatusOK) + _, _, sdkerr := sdk.processRequest(ctx, http.MethodPatch, url, token, data, nil, http.StatusOK) return sdkerr } +func (sdk mgSDK) UpdateBootstrapProfile(ctx context.Context, profile BootstrapProfile, domainID, token string) errors.SDKError { + if profile.ID == "" { + return errors.NewSDKError(apiutil.ErrMissingID) + } + + url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, bootstrapProfilesPath, profile.ID) + data, err := json.Marshal(profile) + if err != nil { + return errors.NewSDKError(err) + } + + _, _, sdkerr := sdk.processRequest(ctx, http.MethodPatch, url, token, data, nil, http.StatusOK) + return sdkerr +} + func (sdk mgSDK) UpdateBootstrapCerts(ctx context.Context, id, clientCert, clientKey, ca, domainID, token string) (BootstrapConfig, errors.SDKError) { if id == "" { return BootstrapConfig{}, errors.NewSDKError(apiutil.ErrMissingID) @@ -219,17 +350,12 @@ func (sdk mgSDK) UpdateBootstrapConnection(ctx context.Context, id string, chann if id == "" { return errors.NewSDKError(apiutil.ErrMissingID) } - url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, bootstrapConnEndpoint, id) - request := map[string][]string{ - "channels": channels, - } - data, err := json.Marshal(request) - if err != nil { - return errors.NewSDKError(err) - } + _ = ctx + _ = channels + _ = domainID + _ = token - _, _, sdkerr := sdk.processRequest(ctx, http.MethodPut, url, token, data, nil, http.StatusOK) - return sdkerr + return errors.NewSDKError(errBootstrapConnectionsDisabled) } func (sdk mgSDK) RemoveBootstrap(ctx context.Context, id, domainID, token string) errors.SDKError { @@ -242,6 +368,88 @@ func (sdk mgSDK) RemoveBootstrap(ctx context.Context, id, domainID, token string return err } +func (sdk mgSDK) RemoveBootstrapProfile(ctx context.Context, id, domainID, token string) errors.SDKError { + if id == "" { + return errors.NewSDKError(apiutil.ErrMissingID) + } + + url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, bootstrapProfilesPath, id) + _, _, sdkerr := sdk.processRequest(ctx, http.MethodDelete, url, token, nil, nil, http.StatusNoContent) + return sdkerr +} + +func (sdk mgSDK) AssignBootstrapProfile(ctx context.Context, configID, profileID, domainID, token string) errors.SDKError { + if configID == "" || profileID == "" { + return errors.NewSDKError(apiutil.ErrMissingID) + } + + url := fmt.Sprintf("%s/%s/%s/%s/profile", sdk.bootstrapURL, domainID, bootstrapEnrollmentsPath, configID) + request := struct { + ProfileID string `json:"profile_id"` + }{ + ProfileID: profileID, + } + data, err := json.Marshal(request) + if err != nil { + return errors.NewSDKError(err) + } + + _, _, sdkerr := sdk.processRequest(ctx, http.MethodPatch, url, token, data, nil, http.StatusNoContent) + return sdkerr +} + +func (sdk mgSDK) BindBootstrapResources(ctx context.Context, configID string, bindings []BootstrapBindingRequest, domainID, token string) errors.SDKError { + if configID == "" { + return errors.NewSDKError(apiutil.ErrMissingID) + } + + url := fmt.Sprintf("%s/%s/%s/%s/bindings", sdk.bootstrapURL, domainID, bootstrapEnrollmentsPath, configID) + request := struct { + Bindings []BootstrapBindingRequest `json:"bindings"` + }{ + Bindings: bindings, + } + data, err := json.Marshal(request) + if err != nil { + return errors.NewSDKError(err) + } + + _, _, sdkerr := sdk.processRequest(ctx, http.MethodPut, url, token, data, nil, http.StatusNoContent) + return sdkerr +} + +func (sdk mgSDK) BootstrapBindings(ctx context.Context, configID, domainID, token string) ([]BootstrapBindingSnapshot, errors.SDKError) { + if configID == "" { + return nil, errors.NewSDKError(apiutil.ErrMissingID) + } + + url := fmt.Sprintf("%s/%s/%s/%s/bindings", sdk.bootstrapURL, domainID, bootstrapEnrollmentsPath, configID) + _, body, sdkerr := sdk.processRequest(ctx, http.MethodGet, url, token, nil, nil, http.StatusOK) + if sdkerr != nil { + return nil, sdkerr + } + + var res bootstrapBindingsRes + if err := json.Unmarshal(body, &res); err != nil { + return nil, errors.NewSDKError(err) + } + if res.Bindings == nil { + return []BootstrapBindingSnapshot{}, nil + } + + return res.Bindings, nil +} + +func (sdk mgSDK) RefreshBootstrapBindings(ctx context.Context, configID, domainID, token string) errors.SDKError { + if configID == "" { + return errors.NewSDKError(apiutil.ErrMissingID) + } + + url := fmt.Sprintf("%s/%s/%s/%s/bindings/refresh", sdk.bootstrapURL, domainID, bootstrapEnrollmentsPath, configID) + _, _, sdkerr := sdk.processRequest(ctx, http.MethodPost, url, token, nil, nil, http.StatusNoContent) + return sdkerr +} + func (sdk mgSDK) Bootstrap(ctx context.Context, externalID, externalKey string) (BootstrapConfig, errors.SDKError) { if externalID == "" { return BootstrapConfig{}, errors.NewSDKError(apiutil.ErrMissingID) diff --git a/pkg/sdk/bootstrap_test.go b/pkg/sdk/bootstrap_test.go index 2264d6be1..bbec3178e 100644 --- a/pkg/sdk/bootstrap_test.go +++ b/pkg/sdk/bootstrap_test.go @@ -31,85 +31,74 @@ import ( ) var ( - externalId = testsutil.GenerateUUID(&testing.T{}) - externalKey = testsutil.GenerateUUID(&testing.T{}) - clientId = testsutil.GenerateUUID(&testing.T{}) - clientSecret = testsutil.GenerateUUID(&testing.T{}) - channel1Id = testsutil.GenerateUUID(&testing.T{}) - channel2Id = testsutil.GenerateUUID(&testing.T{}) - clientCert = "newcert" - clientKey = "newkey" - caCert = "newca" - content = "newcontent" - state = 1 - bsName = "test" - encKey = []byte("1234567891011121") + externalId = testsutil.GenerateUUID(&testing.T{}) + externalKey = testsutil.GenerateUUID(&testing.T{}) + clientId = testsutil.GenerateUUID(&testing.T{}) + channel1Id = testsutil.GenerateUUID(&testing.T{}) + channel2Id = testsutil.GenerateUUID(&testing.T{}) + clientCert = "newcert" + clientKey = "newkey" + caCert = "newca" + content = "newcontent" + bsName = "test" + encKey = []byte("1234567891011121") + bootstrapConfig = bootstrap.Config{ - ClientID: clientId, - Name: "test", - ClientCert: clientCert, - ClientKey: clientKey, - CACert: caCert, - Channels: []bootstrap.Channel{ - { - ID: channel1Id, - }, - { - ID: channel2Id, - }, - }, + ID: clientId, + Name: bsName, + ClientCert: clientCert, + ClientKey: clientKey, + CACert: caCert, ExternalID: externalId, ExternalKey: externalKey, Content: content, - State: bootstrap.Inactive, + Status: bootstrap.Inactive, } + sdkBootstrapConfig = sdk.BootstrapConfig{ - Channels: []string{channel1Id, channel2Id}, - ExternalID: externalId, - ExternalKey: externalKey, - ClientID: clientId, - ClientSecret: clientSecret, - Name: bsName, - ClientCert: clientCert, - ClientKey: clientKey, - CACert: caCert, - Content: content, - State: state, + ExternalID: externalId, + ExternalKey: externalKey, + ID: clientId, + Name: bsName, + ClientCert: clientCert, + ClientKey: clientKey, + CACert: caCert, + Content: content, + Status: sdk.BootstrapDisabledStatus, } - sdkBootstrapConfigRes = sdk.BootstrapConfig{ - ClientID: clientId, - ClientSecret: clientSecret, - Channels: []sdk.Channel{ - { - ID: channel1Id, - }, - { - ID: channel2Id, - }, - }, + + sdkBootstrapListRes = sdk.BootstrapConfig{ + ID: clientId, + ExternalID: externalId, + Name: bsName, + Content: content, + Status: sdk.BootstrapDisabledStatus, + } + + sdkBootstrapCertRes = sdk.BootstrapConfig{ + ID: clientId, ClientCert: clientCert, ClientKey: clientKey, CACert: caCert, } + + sdkBootstrapReadRes = sdk.BootstrapConfig{ + ID: clientId, + Content: content, + ClientCert: clientCert, + ClientKey: clientKey, + CACert: caCert, + } + readConfigResponse = struct { - ClientID string `json:"client_id"` - ClientSecret string `json:"client_secret"` - Channels []readerChannelRes `json:"channels"` - Content string `json:"content,omitempty"` - ClientCert string `json:"client_cert,omitempty"` - ClientKey string `json:"client_key,omitempty"` - CACert string `json:"ca_cert,omitempty"` + ID string `json:"id"` + Content string `json:"content,omitempty"` + ClientCert string `json:"client_cert,omitempty"` + ClientKey string `json:"client_key,omitempty"` + CACert string `json:"ca_cert,omitempty"` }{ - ClientID: clientId, - ClientSecret: clientSecret, - Channels: []readerChannelRes{ - { - ID: channel1Id, - }, - { - ID: channel2Id, - }, - }, + ID: clientId, + Content: content, ClientCert: clientCert, ClientKey: clientKey, CACert: caCert, @@ -118,15 +107,9 @@ var ( var ( errMarshalChan = errors.New("json: unsupported type: chan int") - errJsonEOF = errors.New("unexpected end of JSON input") + errJSONEOF = errors.New("unexpected end of JSON input") ) -type readerChannelRes struct { - ID string `json:"id"` - Name string `json:"name,omitempty"` - Metadata any `json:"metadata,omitempty"` -} - func setupBootstrap() (*httptest.Server, *bmocks.Service, *bmocks.ConfigReader, *authnmocks.Authentication) { bsvc := new(bmocks.Service) reader := new(bmocks.ConfigReader) @@ -139,124 +122,112 @@ func setupBootstrap() (*httptest.Server, *bmocks.Service, *bmocks.ConfigReader, return httptest.NewServer(mux), bsvc, reader, authn } +func bootstrapSession() smqauthn.Session { + return smqauthn.Session{ + DomainUserID: domainID + "_" + validID, + UserID: validID, + DomainID: domainID, + } +} + func TestAddBootstrap(t *testing.T) { bs, bsvc, _, auth := setupBootstrap() defer bs.Close() - conf := sdk.Config{ - BootstrapURL: bs.URL, + mgsdk := sdk.NewSDK(sdk.Config{BootstrapURL: bs.URL}) + + createCfg := sdkBootstrapConfig + createCfg.ID = "" + + svcReq := bootstrap.Config{ + ExternalID: externalId, + ExternalKey: externalKey, + Name: bsName, + ClientCert: clientCert, + ClientKey: clientKey, + CACert: caCert, + Content: content, } - mgsdk := sdk.NewSDK(conf) - - neID := sdkBootstrapConfig - neID.ClientID = "non-existent" - - neReqId := bootstrapConfig - neReqId.ClientID = "non-existent" cases := []struct { - desc string - domainID string - token string - session smqauthn.Session - cfg sdk.BootstrapConfig - svcReq bootstrap.Config - svcRes bootstrap.Config - svcErr error - authenticateErr error - response string - err errors.SDKError + desc string + token string + cfg sdk.BootstrapConfig + svcReq bootstrap.Config + svcRes bootstrap.Config + svcErr error + authErr error + expectSvcCall bool + expectedID string + expectedSDKErr errors.SDKError }{ { - desc: "add successfully", - domainID: domainID, - token: validToken, - cfg: sdkBootstrapConfig, - svcReq: bootstrapConfig, - svcRes: bootstrapConfig, - svcErr: nil, - err: nil, + desc: "add successfully", + token: validToken, + cfg: createCfg, + svcReq: svcReq, + svcRes: bootstrapConfig, + expectSvcCall: true, + expectedID: clientId, }, { - desc: "add with invalid token", - domainID: domainID, - token: invalidToken, - cfg: sdkBootstrapConfig, - svcReq: bootstrapConfig, - svcRes: bootstrap.Config{}, - authenticateErr: svcerr.ErrAuthentication, - err: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), + desc: "add with invalid token", + token: invalidToken, + cfg: createCfg, + authErr: svcerr.ErrAuthentication, + expectedSDKErr: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), }, { - desc: "add with config that cannot be marshalled", - domainID: domainID, - token: validToken, + desc: "add with config that cannot be marshalled", + token: validToken, cfg: sdk.BootstrapConfig{ - Channels: map[string]any{ - "channel1": make(chan int), + RenderContext: map[string]any{ + "broken": make(chan int), }, - ExternalID: externalId, - ExternalKey: externalKey, - ClientID: clientId, - ClientSecret: clientSecret, - Name: bsName, - ClientCert: clientCert, - ClientKey: clientKey, - CACert: caCert, - Content: content, + ExternalID: externalId, + ExternalKey: externalKey, }, - svcReq: bootstrap.Config{}, - svcRes: bootstrap.Config{}, - svcErr: nil, - err: errors.NewSDKError(errMarshalChan), + expectedSDKErr: errors.NewSDKError(errMarshalChan), }, { - desc: "add an existing config", - domainID: domainID, - token: validToken, - cfg: sdkBootstrapConfig, - svcReq: bootstrapConfig, - svcRes: bootstrap.Config{}, - svcErr: svcerr.ErrConflict, - err: errors.NewSDKErrorWithStatus(svcerr.ErrConflict, http.StatusBadRequest), + desc: "add with missing required fields", + token: validToken, + cfg: sdk.BootstrapConfig{}, + expectedSDKErr: errors.NewSDKErrorWithStatus(apiutil.ErrMissingID, http.StatusBadRequest), }, { - desc: "add empty config", - domainID: domainID, - token: validToken, - cfg: sdk.BootstrapConfig{}, - svcReq: bootstrap.Config{}, - svcRes: bootstrap.Config{}, - svcErr: nil, - err: errors.NewSDKErrorWithStatus(apiutil.ErrMissingID, http.StatusBadRequest), - }, - { - desc: "add with non-existent client Id", - domainID: domainID, - token: validToken, - cfg: neID, - svcReq: neReqId, - svcRes: bootstrap.Config{}, - svcErr: svcerr.ErrNotFound, - err: errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound), + desc: "add with service failure", + token: validToken, + cfg: createCfg, + svcReq: svcReq, + svcRes: bootstrap.Config{}, + svcErr: svcerr.ErrNotFound, + expectSvcCall: true, + expectedSDKErr: errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound), }, } for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { + session := smqauthn.Session{} if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + session = bootstrapSession() } - authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) - svcCall := bsvc.On("Add", mock.Anything, tc.session, tc.token, tc.svcReq).Return(tc.svcRes, tc.svcErr) - resp, err := mgsdk.AddBootstrap(context.Background(), tc.cfg, tc.domainID, tc.token) - assert.Equal(t, tc.err, err) - if err == nil { - assert.Equal(t, bootstrapConfig.ClientID, resp) - ok := svcCall.Parent.AssertCalled(t, "Add", mock.Anything, tc.session, tc.token, tc.svcReq) - assert.True(t, ok) + + authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(session, tc.authErr) + + var svcCall *mock.Call + if tc.expectSvcCall { + svcCall = bsvc.On("Add", mock.Anything, session, tc.token, tc.svcReq).Return(tc.svcRes, tc.svcErr) + } + + resp, err := mgsdk.AddBootstrap(context.Background(), tc.cfg, domainID, tc.token) + + assert.Equal(t, tc.expectedSDKErr, err) + assert.Equal(t, tc.expectedID, resp) + if tc.expectSvcCall { + svcCall.Unset() } - svcCall.Unset() authCall.Unset() }) } @@ -266,249 +237,179 @@ func TestListBootstraps(t *testing.T) { bs, bsvc, _, auth := setupBootstrap() defer bs.Close() - conf := sdk.Config{ - BootstrapURL: bs.URL, - } - mgsdk := sdk.NewSDK(conf) - - configRes := sdk.BootstrapConfig{ - Channels: []sdk.Channel{ - { - ID: channel1Id, - }, - { - ID: channel2Id, - }, - }, - ClientID: clientId, - Name: bsName, - ExternalID: externalId, - ExternalKey: externalKey, - Content: content, - } - unmarshalableConfig := bootstrapConfig - unmarshalableConfig.Channels = []bootstrap.Channel{ - { - ID: channel1Id, - Metadata: map[string]any{ - "test": make(chan int), - }, - }, - } + mgsdk := sdk.NewSDK(sdk.Config{BootstrapURL: bs.URL}) cases := []struct { - desc string - domainID string - token string - session smqauthn.Session - pageMeta sdk.PageMetadata - svcResp bootstrap.ConfigsPage - svcErr error - authenticateErr error - response sdk.BootstrapPage - err errors.SDKError + desc string + token string + pm sdk.PageMetadata + svcResp bootstrap.ConfigsPage + svcErr error + authErr error + expectSvcCall bool + expectedResp sdk.BootstrapPage + expectedSDKErr errors.SDKError }{ { - desc: "list successfully", - domainID: domainID, - token: validToken, - pageMeta: sdk.PageMetadata{ + desc: "list successfully", + token: validToken, + pm: sdk.PageMetadata{ Offset: 0, Limit: 10, }, svcResp: bootstrap.ConfigsPage{ Total: 1, Offset: 0, + Limit: 10, Configs: []bootstrap.Config{bootstrapConfig}, }, - response: sdk.BootstrapPage{ + expectSvcCall: true, + expectedResp: sdk.BootstrapPage{ PageRes: sdk.PageRes{ - Total: 1, + Total: 1, + Offset: 0, + Limit: 10, }, - Configs: []sdk.BootstrapConfig{configRes}, + Configs: []sdk.BootstrapConfig{sdkBootstrapListRes}, }, - err: nil, }, { - desc: "list with invalid token", - domainID: domainID, - token: invalidToken, - pageMeta: sdk.PageMetadata{ + desc: "list with invalid token", + token: invalidToken, + pm: sdk.PageMetadata{ Offset: 0, Limit: 10, }, - svcResp: bootstrap.ConfigsPage{}, - authenticateErr: svcerr.ErrAuthentication, - response: sdk.BootstrapPage{}, - err: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), + authErr: svcerr.ErrAuthentication, + expectedSDKErr: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), }, { - desc: "list with empty token", - domainID: domainID, - token: "", - pageMeta: sdk.PageMetadata{ - Offset: 0, - Limit: 10, - }, - svcResp: bootstrap.ConfigsPage{}, - svcErr: nil, - response: sdk.BootstrapPage{}, - err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized), - }, - { - desc: "list with invalid query params", - domainID: domainID, - token: validToken, - pageMeta: sdk.PageMetadata{ - Offset: 1, - Limit: 10, + desc: "list with invalid query params", + token: validToken, + pm: sdk.PageMetadata{ Metadata: map[string]any{ "test": make(chan int), }, }, - svcResp: bootstrap.ConfigsPage{}, - svcErr: nil, - response: sdk.BootstrapPage{}, - err: errors.NewSDKError(errMarshalChan), - }, - { - desc: "list with response that cannot be unmarshalled", - domainID: domainID, - token: validToken, - pageMeta: sdk.PageMetadata{ - Offset: 0, - Limit: 10, - }, - svcResp: bootstrap.ConfigsPage{ - Total: 1, - Offset: 0, - Configs: []bootstrap.Config{unmarshalableConfig}, - }, - svcErr: nil, - response: sdk.BootstrapPage{}, - err: errors.NewSDKError(errJsonEOF), + expectedSDKErr: errors.NewSDKError(errMarshalChan), }, } + for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { + var authCall *mock.Call + session := smqauthn.Session{} if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + session = bootstrapSession() } - authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) - svcCall := bsvc.On("List", mock.Anything, tc.session, mock.Anything, tc.pageMeta.Offset, tc.pageMeta.Limit).Return(tc.svcResp, tc.svcErr) - resp, err := mgsdk.Bootstraps(context.Background(), tc.pageMeta, tc.domainID, tc.token) - assert.Equal(t, tc.err, err) - assert.Equal(t, tc.response, resp) - if err == nil { - ok := svcCall.Parent.AssertCalled(t, "List", mock.Anything, tc.session, mock.Anything, tc.pageMeta.Offset, tc.pageMeta.Limit) - assert.True(t, ok) + if tc.expectedSDKErr == nil || tc.authErr != nil { + authCall = auth.On("Authenticate", mock.Anything, tc.token).Return(session, tc.authErr) + } + + var svcCall *mock.Call + if tc.expectSvcCall { + svcCall = bsvc.On("List", mock.Anything, session, mock.Anything, tc.pm.Offset, tc.pm.Limit).Return(tc.svcResp, tc.svcErr) + } + + resp, err := mgsdk.Bootstraps(context.Background(), tc.pm, domainID, tc.token) + + assert.Equal(t, tc.expectedSDKErr, err) + assert.Equal(t, tc.expectedResp, resp) + if svcCall != nil { + svcCall.Unset() + } + if authCall != nil { + authCall.Unset() } - svcCall.Unset() - authCall.Unset() }) } } -func TestWhiteList(t *testing.T) { +func TestWhitelist(t *testing.T) { bs, bsvc, _, auth := setupBootstrap() defer bs.Close() - conf := sdk.Config{ - BootstrapURL: bs.URL, - } - mgsdk := sdk.NewSDK(conf) - - active := 1 - inactive := 0 + mgsdk := sdk.NewSDK(sdk.Config{BootstrapURL: bs.URL}) cases := []struct { - desc string - domainID string - token string - session smqauthn.Session - clientID string - state int - svcReq bootstrap.State - svcErr error - authenticateErr error - err errors.SDKError + desc string + token string + clientID string + status sdk.BootstrapStatus + method string + svcResp bootstrap.Config + svcErr error + authErr error + expectSvcCall bool + expectedSDKErr errors.SDKError }{ { - desc: "whitelist to active state successfully", - domainID: domainID, - token: validToken, - clientID: clientId, - state: active, - svcReq: bootstrap.Active, - svcErr: nil, - err: nil, + desc: "enable bootstrap successfully", + token: validToken, + clientID: clientId, + status: sdk.BootstrapEnabledStatus, + method: "EnableConfig", + svcResp: bootstrap.Config{ID: clientId, Status: bootstrap.Active}, + expectSvcCall: true, }, { - desc: "whitelist to inactive state successfully", - domainID: domainID, - token: validToken, - clientID: clientId, - state: inactive, - svcReq: bootstrap.Inactive, - svcErr: nil, - err: nil, + desc: "disable bootstrap successfully", + token: validToken, + clientID: clientId, + status: sdk.BootstrapDisabledStatus, + method: "DisableConfig", + svcResp: bootstrap.Config{ID: clientId, Status: bootstrap.Inactive}, + expectSvcCall: true, }, { - desc: "whitelist with invalid token", - domainID: domainID, - token: invalidToken, - clientID: clientId, - state: active, - svcReq: bootstrap.Active, - authenticateErr: svcerr.ErrAuthentication, - err: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), + desc: "whitelist with invalid token", + token: invalidToken, + clientID: clientId, + status: sdk.BootstrapEnabledStatus, + authErr: svcerr.ErrAuthentication, + expectedSDKErr: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), }, { - desc: "whitelist with empty token", - domainID: domainID, - token: "", - clientID: clientId, - state: active, - svcReq: bootstrap.Active, - svcErr: nil, - err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized), + desc: "whitelist with invalid status", + token: validToken, + clientID: clientId, + status: sdk.BootstrapStatus("invalid"), + expectedSDKErr: errors.NewSDKErrorWithStatus(errors.New("invalid bootstrap status"), http.StatusBadRequest), }, { - desc: "whitelist with invalid state", - domainID: domainID, - token: validToken, - clientID: clientId, - state: -1, - svcReq: bootstrap.Active, - svcErr: nil, - err: errors.NewSDKErrorWithStatus(bootstrap.ErrBootstrapState, http.StatusBadRequest), - }, - { - desc: "whitelist with empty client Id", - domainID: domainID, - token: validToken, - clientID: "", - state: 1, - svcReq: bootstrap.Active, - svcErr: nil, - err: errors.NewSDKError(apiutil.ErrMissingID), + desc: "whitelist with empty client id", + token: validToken, + clientID: "", + status: sdk.BootstrapEnabledStatus, + expectedSDKErr: errors.NewSDKError(apiutil.ErrMissingID), }, } + for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { + var authCall *mock.Call + session := smqauthn.Session{} if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + session = bootstrapSession() } - authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) - svcCall := bsvc.On("ChangeState", mock.Anything, tc.session, tc.token, tc.clientID, tc.svcReq).Return(tc.svcErr) - err := mgsdk.Whitelist(context.Background(), tc.clientID, tc.state, tc.domainID, tc.token) - assert.Equal(t, tc.err, err) - if tc.err == nil { - ok := svcCall.Parent.AssertCalled(t, "ChangeState", mock.Anything, tc.session, tc.token, tc.clientID, tc.svcReq) - assert.True(t, ok) + if tc.clientID != "" && (tc.status == sdk.BootstrapDisabledStatus || tc.status == sdk.BootstrapEnabledStatus) { + authCall = auth.On("Authenticate", mock.Anything, tc.token).Return(session, tc.authErr) + } + + var svcCall *mock.Call + if tc.expectSvcCall { + svcCall = bsvc.On(tc.method, mock.Anything, session, tc.clientID).Return(tc.svcResp, tc.svcErr) + } + + err := mgsdk.Whitelist(context.Background(), tc.clientID, tc.status, domainID, tc.token) + + assert.Equal(t, tc.expectedSDKErr, err) + if svcCall != nil { + svcCall.Unset() + } + if authCall != nil { + authCall.Unset() } - svcCall.Unset() - authCall.Unset() }) } } @@ -517,120 +418,77 @@ func TestViewBootstrap(t *testing.T) { bs, bsvc, _, auth := setupBootstrap() defer bs.Close() - conf := sdk.Config{ - BootstrapURL: bs.URL, - } - mgsdk := sdk.NewSDK(conf) - - viewBoostrapRes := sdk.BootstrapConfig{ - ClientID: clientId, - Channels: sdkBootstrapConfigRes.Channels, - ExternalID: externalId, - ExternalKey: externalKey, - Name: bsName, - Content: content, - State: 0, - } + mgsdk := sdk.NewSDK(sdk.Config{BootstrapURL: bs.URL}) cases := []struct { - desc string - domainID string - token string - session smqauthn.Session - id string - svcResp bootstrap.Config - svcErr error - authenticateErr error - response sdk.BootstrapConfig - err errors.SDKError + desc string + token string + id string + svcResp bootstrap.Config + svcErr error + authErr error + expectSvcCall bool + expectedResp sdk.BootstrapConfig + expectedSDKErr errors.SDKError }{ { - desc: "view successfully", - domainID: domainID, - token: validToken, - id: clientId, - svcResp: bootstrapConfig, - svcErr: nil, - response: viewBoostrapRes, - err: nil, + desc: "view successfully", + token: validToken, + id: clientId, + svcResp: bootstrapConfig, + expectSvcCall: true, + expectedResp: sdkBootstrapListRes, }, { - desc: "view with invalid token", - domainID: domainID, - token: invalidToken, - id: clientId, - svcResp: bootstrap.Config{}, - authenticateErr: svcerr.ErrAuthentication, - response: sdk.BootstrapConfig{}, - err: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), + desc: "view with invalid token", + token: invalidToken, + id: clientId, + authErr: svcerr.ErrAuthentication, + expectedSDKErr: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), }, { - desc: "view with empty token", - domainID: domainID, - token: "", - id: clientId, - svcResp: bootstrap.Config{}, - svcErr: nil, - response: sdk.BootstrapConfig{}, - err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized), + desc: "view with non-existent client id", + token: validToken, + id: invalid, + svcResp: bootstrap.Config{}, + svcErr: svcerr.ErrNotFound, + expectSvcCall: true, + expectedSDKErr: errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound), }, { - desc: "view with non-existent client Id", - domainID: domainID, - token: validToken, - id: invalid, - svcResp: bootstrap.Config{}, - svcErr: svcerr.ErrNotFound, - response: sdk.BootstrapConfig{}, - err: errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound), - }, - { - desc: "view with response that cannot be unmarshalled", - domainID: domainID, - token: validToken, - id: clientId, - svcResp: bootstrap.Config{ - ClientID: clientId, - Channels: []bootstrap.Channel{ - { - ID: channel1Id, - Metadata: map[string]any{ - "test": make(chan int), - }, - }, - }, - }, - svcErr: nil, - response: sdk.BootstrapConfig{}, - err: errors.NewSDKError(errJsonEOF), - }, - { - desc: "view with empty client Id", - domainID: domainID, - token: validToken, - id: "", - svcResp: bootstrap.Config{}, - svcErr: nil, - response: sdk.BootstrapConfig{}, - err: errors.NewSDKError(apiutil.ErrMissingID), + desc: "view with empty client id", + token: validToken, + id: "", + expectedSDKErr: errors.NewSDKError(apiutil.ErrMissingID), }, } + for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { + var authCall *mock.Call + session := smqauthn.Session{} if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + session = bootstrapSession() } - authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) - svcCall := bsvc.On("View", mock.Anything, tc.session, tc.id).Return(tc.svcResp, tc.svcErr) - resp, err := mgsdk.ViewBootstrap(context.Background(), tc.id, tc.domainID, tc.token) - assert.Equal(t, tc.err, err) - assert.Equal(t, tc.response, resp) - if err == nil { - ok := svcCall.Parent.AssertCalled(t, "View", mock.Anything, tc.session, tc.id) - assert.True(t, ok) + if tc.id != "" { + authCall = auth.On("Authenticate", mock.Anything, tc.token).Return(session, tc.authErr) + } + + var svcCall *mock.Call + if tc.expectSvcCall { + svcCall = bsvc.On("View", mock.Anything, session, tc.id).Return(tc.svcResp, tc.svcErr) + } + + resp, err := mgsdk.ViewBootstrap(context.Background(), tc.id, domainID, tc.token) + + assert.Equal(t, tc.expectedSDKErr, err) + assert.Equal(t, tc.expectedResp, resp) + if svcCall != nil { + svcCall.Unset() + } + if authCall != nil { + authCall.Unset() } - svcCall.Unset() - authCall.Unset() }) } } @@ -639,160 +497,80 @@ func TestUpdateBootstrap(t *testing.T) { bs, bsvc, _, auth := setupBootstrap() defer bs.Close() - conf := sdk.Config{ - BootstrapURL: bs.URL, - } - mgsdk := sdk.NewSDK(conf) + mgsdk := sdk.NewSDK(sdk.Config{BootstrapURL: bs.URL}) cases := []struct { - desc string - domainID string - token string - session smqauthn.Session - cfg sdk.BootstrapConfig - svcReq bootstrap.Config - svcErr error - authenticationErr error - err errors.SDKError + desc string + token string + cfg sdk.BootstrapConfig + svcReq bootstrap.Config + svcErr error + authErr error + expectSvcCall bool + expectedSDKErr errors.SDKError }{ { - desc: "update successfully", - domainID: domainID, - token: validToken, - cfg: sdkBootstrapConfig, + desc: "update successfully", + token: validToken, + cfg: sdkBootstrapConfig, svcReq: bootstrap.Config{ - ClientID: clientId, - Name: bsName, - Content: content, + ID: clientId, + Name: bsName, + Content: content, }, - svcErr: nil, - err: nil, + expectSvcCall: true, }, { - desc: "update with invalid token", - domainID: domainID, - token: invalidToken, - cfg: sdkBootstrapConfig, - svcReq: bootstrap.Config{ - ClientID: clientId, - Name: bsName, - Content: content, - }, - authenticationErr: svcerr.ErrAuthentication, - err: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), + desc: "update with invalid token", + token: invalidToken, + cfg: sdkBootstrapConfig, + authErr: svcerr.ErrAuthentication, + expectedSDKErr: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), }, { - desc: "update with empty token", - domainID: domainID, - token: "", - cfg: sdkBootstrapConfig, - svcReq: bootstrap.Config{}, - svcErr: nil, - err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized), + desc: "update with empty client id", + token: validToken, + cfg: sdk.BootstrapConfig{}, + expectedSDKErr: errors.NewSDKError(apiutil.ErrMissingID), }, { - desc: "update with config that cannot be marshalled", - domainID: domainID, - token: validToken, + desc: "update with config that cannot be marshalled", + token: validToken, cfg: sdk.BootstrapConfig{ - Channels: map[string]any{ - "channel1": make(chan int), + ID: clientId, + RenderContext: map[string]any{ + "broken": make(chan int), }, - ExternalID: externalId, - ExternalKey: externalKey, - ClientID: clientId, - ClientSecret: clientSecret, - Name: bsName, - ClientCert: clientCert, - ClientKey: clientKey, - CACert: caCert, - Content: content, }, - svcReq: bootstrap.Config{ - ClientID: clientId, - Name: bsName, - Content: content, - }, - svcErr: nil, - err: errors.NewSDKError(errMarshalChan), - }, - { - desc: "update with non-existent client Id", - domainID: domainID, - token: validToken, - cfg: sdk.BootstrapConfig{ - ClientID: invalid, - Channels: []sdk.Channel{ - { - ID: channel1Id, - }, - }, - ExternalID: externalId, - ExternalKey: externalKey, - Content: content, - Name: bsName, - }, - svcReq: bootstrap.Config{ - ClientID: invalid, - Name: bsName, - Content: content, - }, - svcErr: svcerr.ErrNotFound, - err: errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound), - }, - { - desc: "update with empty client Id", - domainID: domainID, - token: validToken, - cfg: sdk.BootstrapConfig{ - ClientID: "", - Channels: []sdk.Channel{ - { - ID: channel1Id, - }, - }, - ExternalID: externalId, - ExternalKey: externalKey, - Content: content, - Name: bsName, - }, - svcReq: bootstrap.Config{ - ClientID: "", - Name: bsName, - Content: content, - }, - svcErr: nil, - err: errors.NewSDKError(apiutil.ErrMissingID), - }, - { - desc: "update with config with only client Id", - domainID: domainID, - token: validToken, - cfg: sdk.BootstrapConfig{ - ClientID: clientId, - }, - svcReq: bootstrap.Config{ - ClientID: clientId, - }, - svcErr: nil, - err: nil, + expectedSDKErr: errors.NewSDKError(errMarshalChan), }, } + for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { + var authCall *mock.Call + session := smqauthn.Session{} if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + session = bootstrapSession() } - authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticationErr) - svcCall := bsvc.On("Update", mock.Anything, tc.session, tc.svcReq).Return(tc.svcErr) - err := mgsdk.UpdateBootstrap(context.Background(), tc.cfg, tc.domainID, tc.token) - assert.Equal(t, tc.err, err) - if tc.err == nil { - ok := svcCall.Parent.AssertCalled(t, "Update", mock.Anything, tc.session, tc.svcReq) - assert.True(t, ok) + if tc.cfg.ID != "" { + authCall = auth.On("Authenticate", mock.Anything, tc.token).Return(session, tc.authErr) + } + + var svcCall *mock.Call + if tc.expectSvcCall { + svcCall = bsvc.On("Update", mock.Anything, session, tc.svcReq).Return(tc.svcErr) + } + + err := mgsdk.UpdateBootstrap(context.Background(), tc.cfg, domainID, tc.token) + + assert.Equal(t, tc.expectedSDKErr, err) + if svcCall != nil { + svcCall.Unset() + } + if authCall != nil { + authCall.Unset() } - svcCall.Unset() - authCall.Unset() }) } } @@ -801,418 +579,237 @@ func TestUpdateBootstrapCerts(t *testing.T) { bs, bsvc, _, auth := setupBootstrap() defer bs.Close() - conf := sdk.Config{ - BootstrapURL: bs.URL, - } - mgsdk := sdk.NewSDK(conf) - - updateconfigRes := sdk.BootstrapConfig{ - ClientID: clientId, - ClientCert: clientCert, - CACert: caCert, - ClientKey: clientKey, - } + mgsdk := sdk.NewSDK(sdk.Config{BootstrapURL: bs.URL}) cases := []struct { - desc string - domainID string - token string - session smqauthn.Session - id string - clientCert string - clientKey string - caCert string - svcResp bootstrap.Config - svcErr error - authenticateErr error - response sdk.BootstrapConfig - err errors.SDKError + desc string + token string + id string + cert string + key string + ca string + svcResp bootstrap.Config + svcErr error + authErr error + expectSvcCall bool + expectedResp sdk.BootstrapConfig + expectedSDKErr errors.SDKError }{ { - desc: "update certs successfully", - domainID: domainID, - token: validToken, - id: clientId, - clientCert: clientCert, - clientKey: clientKey, - caCert: caCert, - svcResp: bootstrapConfig, - svcErr: nil, - response: updateconfigRes, - err: nil, + desc: "update certs successfully", + token: validToken, + id: clientId, + cert: clientCert, + key: clientKey, + ca: caCert, + svcResp: bootstrapConfig, + expectSvcCall: true, + expectedResp: sdkBootstrapCertRes, }, { - desc: "update certs with invalid token", - domainID: domainID, - token: validToken, - id: clientId, - clientCert: clientCert, - clientKey: clientKey, - caCert: caCert, - svcResp: bootstrap.Config{}, - authenticateErr: svcerr.ErrAuthentication, - err: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), + desc: "update certs with invalid token", + token: invalidToken, + id: clientId, + cert: clientCert, + key: clientKey, + ca: caCert, + authErr: svcerr.ErrAuthentication, + expectedSDKErr: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), }, { - desc: "update certs with empty token", - domainID: domainID, - token: "", - id: clientId, - clientCert: clientCert, - clientKey: clientKey, - caCert: caCert, - svcResp: bootstrap.Config{}, - svcErr: nil, - err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized), - }, - { - desc: "update certs with non-existent client Id", - domainID: domainID, - token: validToken, - id: invalid, - clientCert: clientCert, - clientKey: clientKey, - caCert: caCert, - svcResp: bootstrap.Config{}, - svcErr: svcerr.ErrNotFound, - err: errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound), - }, - { - desc: "update certs with empty certs", - domainID: domainID, - token: validToken, - id: clientId, - clientCert: "", - clientKey: "", - caCert: "", - svcResp: bootstrap.Config{}, - svcErr: nil, - err: nil, - }, - { - desc: "update certs with empty id", - domainID: domainID, - token: validToken, - id: "", - clientCert: clientCert, - clientKey: clientKey, - caCert: caCert, - svcResp: bootstrap.Config{}, - svcErr: nil, - err: errors.NewSDKError(apiutil.ErrMissingID), + desc: "update certs with empty id", + token: validToken, + id: "", + cert: clientCert, + key: clientKey, + ca: caCert, + expectedSDKErr: errors.NewSDKError(apiutil.ErrMissingID), }, } + for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { + var authCall *mock.Call + session := smqauthn.Session{} if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + session = bootstrapSession() } - authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) - svcCall := bsvc.On("UpdateCert", mock.Anything, tc.session, tc.id, tc.clientCert, tc.clientKey, tc.caCert).Return(tc.svcResp, tc.svcErr) - resp, err := mgsdk.UpdateBootstrapCerts(context.Background(), tc.id, tc.clientCert, tc.clientKey, tc.caCert, tc.domainID, tc.token) - assert.Equal(t, tc.err, err) - if err == nil { - assert.Equal(t, tc.response, resp) + if tc.id != "" { + authCall = auth.On("Authenticate", mock.Anything, tc.token).Return(session, tc.authErr) + } + + var svcCall *mock.Call + if tc.expectSvcCall { + svcCall = bsvc.On("UpdateCert", mock.Anything, session, tc.id, tc.cert, tc.key, tc.ca).Return(tc.svcResp, tc.svcErr) + } + + resp, err := mgsdk.UpdateBootstrapCerts(context.Background(), tc.id, tc.cert, tc.key, tc.ca, domainID, tc.token) + + assert.Equal(t, tc.expectedSDKErr, err) + assert.Equal(t, tc.expectedResp, resp) + if svcCall != nil { + svcCall.Unset() + } + if authCall != nil { + authCall.Unset() } - svcCall.Unset() - authCall.Unset() }) } } func TestUpdateBootstrapConnection(t *testing.T) { - bs, bsvc, _, auth := setupBootstrap() - defer bs.Close() + mgsdk := sdk.NewSDK(sdk.Config{}) - conf := sdk.Config{ - BootstrapURL: bs.URL, - } - mgsdk := sdk.NewSDK(conf) + err := mgsdk.UpdateBootstrapConnection(context.Background(), clientId, []string{channel1Id, channel2Id}, domainID, validToken) + assert.Equal(t, errors.NewSDKError(errors.New("bootstrap connection updates are no longer supported")), err) - cases := []struct { - desc string - domainID string - token string - session smqauthn.Session - id string - channels []string - svcRes bootstrap.Config - svcErr error - authenticateErr error - err errors.SDKError - }{ - { - desc: "update connection successfully", - domainID: domainID, - token: validToken, - id: clientId, - channels: []string{channel1Id, channel2Id}, - svcErr: nil, - err: nil, - }, - { - desc: "update connection with invalid token", - domainID: domainID, - token: invalidToken, - id: clientId, - channels: []string{channel1Id, channel2Id}, - authenticateErr: svcerr.ErrAuthentication, - err: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), - }, - { - desc: "update connection with empty token", - domainID: domainID, - token: "", - id: clientId, - channels: []string{channel1Id, channel2Id}, - svcErr: nil, - err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized), - }, - { - desc: "update connection with non-existent client Id", - domainID: domainID, - token: validToken, - id: invalid, - channels: []string{channel1Id, channel2Id}, - svcErr: svcerr.ErrNotFound, - err: errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound), - }, - { - desc: "update connection with non-existent channel Id", - domainID: domainID, - token: validToken, - id: clientId, - channels: []string{invalid}, - svcErr: svcerr.ErrNotFound, - err: errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound), - }, - { - desc: "update connection with empty channels", - domainID: domainID, - token: validToken, - id: clientId, - channels: []string{}, - svcErr: svcerr.ErrUpdateEntity, - err: errors.NewSDKErrorWithStatus(svcerr.ErrUpdateEntity, http.StatusUnprocessableEntity), - }, - { - desc: "update connection with empty id", - domainID: domainID, - token: validToken, - id: "", - channels: []string{channel1Id, channel2Id}, - svcErr: nil, - err: errors.NewSDKError(apiutil.ErrMissingID), - }, - } - for _, tc := range cases { - t.Run(tc.desc, func(t *testing.T) { - if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} - } - authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) - svcCall := bsvc.On("UpdateConnections", mock.Anything, tc.session, tc.token, tc.id, tc.channels).Return(tc.svcErr) - err := mgsdk.UpdateBootstrapConnection(context.Background(), tc.id, tc.channels, tc.domainID, tc.token) - assert.Equal(t, tc.err, err) - if tc.err == nil { - ok := svcCall.Parent.AssertCalled(t, "UpdateConnections", mock.Anything, tc.session, tc.token, tc.id, tc.channels) - assert.True(t, ok) - } - svcCall.Unset() - authCall.Unset() - }) - } + err = mgsdk.UpdateBootstrapConnection(context.Background(), "", []string{channel1Id}, domainID, validToken) + assert.Equal(t, errors.NewSDKError(apiutil.ErrMissingID), err) } func TestRemoveBootstrap(t *testing.T) { bs, bsvc, _, auth := setupBootstrap() defer bs.Close() - conf := sdk.Config{ - BootstrapURL: bs.URL, - } - mgsdk := sdk.NewSDK(conf) + mgsdk := sdk.NewSDK(sdk.Config{BootstrapURL: bs.URL}) cases := []struct { - desc string - domainID string - token string - session smqauthn.Session - id string - svcErr error - authenticateErr error - err errors.SDKError + desc string + token string + id string + svcErr error + authErr error + expectSvcCall bool + expectedSDKErr errors.SDKError }{ { - desc: "remove successfully", - domainID: domainID, - token: validToken, - id: clientId, - svcErr: nil, - err: nil, + desc: "remove successfully", + token: validToken, + id: clientId, + expectSvcCall: true, }, { - desc: "remove with invalid token", - domainID: domainID, - token: invalidToken, - id: clientId, - authenticateErr: svcerr.ErrAuthentication, - err: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), + desc: "remove with invalid token", + token: invalidToken, + id: clientId, + authErr: svcerr.ErrAuthentication, + expectedSDKErr: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), }, { - desc: "remove with non-existent client Id", - domainID: domainID, - token: validToken, - id: invalid, - svcErr: svcerr.ErrNotFound, - err: errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound), - }, - { - desc: "remove removed bootstrap", - domainID: domainID, - token: validToken, - id: clientId, - svcErr: svcerr.ErrNotFound, - err: errors.NewSDKErrorWithStatus(svcerr.ErrNotFound, http.StatusNotFound), - }, - { - desc: "remove with empty token", - domainID: domainID, - token: "", - id: clientId, - svcErr: nil, - err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized), - }, - { - desc: "remove with empty id", - domainID: domainID, - token: validToken, - id: "", - svcErr: nil, - err: errors.NewSDKError(apiutil.ErrMissingID), + desc: "remove with empty id", + token: validToken, + id: "", + expectedSDKErr: errors.NewSDKError(apiutil.ErrMissingID), }, } + for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { + var authCall *mock.Call + session := smqauthn.Session{} if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + session = bootstrapSession() } - authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) - svcCall := bsvc.On("Remove", mock.Anything, tc.session, tc.id).Return(tc.svcErr) - err := mgsdk.RemoveBootstrap(context.Background(), tc.id, tc.domainID, tc.token) - assert.Equal(t, tc.err, err) - if tc.err == nil { - ok := svcCall.Parent.AssertCalled(t, "Remove", mock.Anything, tc.session, tc.id) - assert.True(t, ok) + if tc.id != "" { + authCall = auth.On("Authenticate", mock.Anything, tc.token).Return(session, tc.authErr) + } + + var svcCall *mock.Call + if tc.expectSvcCall { + svcCall = bsvc.On("Remove", mock.Anything, session, tc.id).Return(tc.svcErr) + } + + err := mgsdk.RemoveBootstrap(context.Background(), tc.id, domainID, tc.token) + + assert.Equal(t, tc.expectedSDKErr, err) + if svcCall != nil { + svcCall.Unset() + } + if authCall != nil { + authCall.Unset() } - svcCall.Unset() - authCall.Unset() }) } } -func TestBoostrap(t *testing.T) { +func TestBootstrap(t *testing.T) { bs, bsvc, reader, _ := setupBootstrap() defer bs.Close() - conf := sdk.Config{ - BootstrapURL: bs.URL, - } - mgsdk := sdk.NewSDK(conf) + mgsdk := sdk.NewSDK(sdk.Config{BootstrapURL: bs.URL}) cases := []struct { - desc string - token string - externalID string - externalKey string - svcResp bootstrap.Config - svcErr error - readerResp any - readerErr error - response sdk.BootstrapConfig - err errors.SDKError + desc string + externalID string + externalKey string + svcResp bootstrap.Config + svcErr error + readerResp any + readerErr error + expectSvcCall bool + expectedResp sdk.BootstrapConfig + expectedSDKErr errors.SDKError }{ { - desc: "bootstrap successfully", - token: validToken, - externalID: externalId, - externalKey: externalKey, - svcResp: bootstrapConfig, - svcErr: nil, - readerResp: readConfigResponse, - readerErr: nil, - response: sdkBootstrapConfigRes, - err: nil, + desc: "bootstrap successfully", + externalID: externalId, + externalKey: externalKey, + svcResp: bootstrapConfig, + readerResp: readConfigResponse, + expectSvcCall: true, + expectedResp: sdkBootstrapReadRes, }, { - desc: "bootstrap with invalid token", - token: invalidToken, - externalID: externalId, - externalKey: externalKey, - svcResp: bootstrap.Config{}, - svcErr: svcerr.ErrAuthentication, - readerResp: bootstrap.Config{}, - readerErr: nil, - err: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), + desc: "bootstrap with reader error", + externalID: externalId, + externalKey: externalKey, + svcResp: bootstrapConfig, + readerErr: errJSONEOF, + expectSvcCall: true, + expectedSDKErr: errors.NewSDKErrorWithStatus(errJSONEOF, http.StatusInternalServerError), }, { - desc: "bootstrap with error in reader", - token: validToken, - externalID: externalId, - externalKey: externalKey, - svcResp: bootstrapConfig, - svcErr: nil, - readerResp: []byte{0}, - readerErr: errJsonEOF, - err: errors.NewSDKErrorWithStatus(errJsonEOF, http.StatusInternalServerError), + desc: "bootstrap with malformed response", + externalID: externalId, + externalKey: externalKey, + svcResp: bootstrapConfig, + readerResp: []byte{0}, + expectSvcCall: true, + expectedSDKErr: errors.NewSDKError(errors.New("json: cannot unmarshal string into Go value of type sdk.BootstrapConfig")), }, { - desc: "boostrap with response that cannot be unmarshalled", - token: validToken, - externalID: externalId, - externalKey: externalKey, - svcResp: bootstrapConfig, - svcErr: nil, - readerResp: []byte{0}, - readerErr: nil, - err: errors.NewSDKError(errors.New("json: cannot unmarshal string into Go value of type map[string]json.RawMessage")), + desc: "bootstrap with empty id", + externalID: "", + externalKey: externalKey, + expectedSDKErr: errors.NewSDKError(apiutil.ErrMissingID), }, { - desc: "bootstrap with empty id", - token: validToken, - externalID: "", - externalKey: externalKey, - svcResp: bootstrap.Config{}, - svcErr: nil, - readerResp: bootstrap.Config{}, - readerErr: nil, - err: errors.NewSDKError(apiutil.ErrMissingID), - }, - { - desc: "boostrap with empty key", - token: validToken, - externalID: externalId, - externalKey: "", - svcResp: bootstrap.Config{}, - svcErr: nil, - readerResp: bootstrap.Config{}, - readerErr: nil, - err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerKey, http.StatusUnauthorized), + desc: "bootstrap with empty key", + externalID: externalId, + externalKey: "", + expectedSDKErr: errors.NewSDKErrorWithStatus(apiutil.ErrBearerKey, http.StatusUnauthorized), }, } + for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { - svcCall := bsvc.On("Bootstrap", mock.Anything, tc.externalKey, tc.externalID, false).Return(tc.svcResp, tc.svcErr) - readerCall := reader.On("ReadConfig", tc.svcResp, false).Return(tc.readerResp, tc.readerErr) - resp, err := mgsdk.Bootstrap(context.Background(), tc.externalID, tc.externalKey) - assert.Equal(t, tc.err, err) - if err == nil { - assert.Equal(t, tc.response, resp) - ok := svcCall.Parent.AssertCalled(t, "Bootstrap", mock.Anything, tc.externalKey, tc.externalID, false) - assert.True(t, ok) + var svcCall *mock.Call + var readerCall *mock.Call + if tc.expectSvcCall { + svcCall = bsvc.On("Bootstrap", mock.Anything, tc.externalKey, tc.externalID, false).Return(tc.svcResp, tc.svcErr) + readerCall = reader.On("ReadConfig", tc.svcResp, false).Return(tc.readerResp, tc.readerErr) + } + + resp, err := mgsdk.Bootstrap(context.Background(), tc.externalID, tc.externalKey) + + assert.Equal(t, tc.expectedSDKErr, err) + assert.Equal(t, tc.expectedResp, resp) + if svcCall != nil { + svcCall.Unset() + } + if readerCall != nil { + readerCall.Unset() } - svcCall.Unset() - readerCall.Unset() }) } } @@ -1221,115 +818,92 @@ func TestBootstrapSecure(t *testing.T) { bs, bsvc, reader, _ := setupBootstrap() defer bs.Close() - conf := sdk.Config{ - BootstrapURL: bs.URL, - } - mgsdk := sdk.NewSDK(conf) + mgsdk := sdk.NewSDK(sdk.Config{BootstrapURL: bs.URL}) - b, err := json.Marshal(readConfigResponse) + body, err := json.Marshal(readConfigResponse) assert.Nil(t, err, fmt.Sprintf("Marshalling bootstrap response expected to succeed: %s.\n", err)) - encResponse, err := encrypt(b, encKey) + + encResponse, err := encrypt(body, encKey) assert.Nil(t, err, fmt.Sprintf("Encrypting bootstrap response expected to succeed: %s.\n", err)) cases := []struct { - desc string - token string - externalID string - externalKey string - cryptoKey string - svcResp bootstrap.Config - svcErr error - readerResp []byte - readerErr error - response sdk.BootstrapConfig - err errors.SDKError + desc string + externalID string + externalKey string + cryptoKey string + svcResp bootstrap.Config + svcErr error + readerResp []byte + readerErr error + expectSvcCall bool + expectedResp sdk.BootstrapConfig + expectedSDKErr errors.SDKError }{ { - desc: "bootstrap successfully", - token: validToken, - externalID: externalId, - externalKey: externalKey, - cryptoKey: string(encKey), - svcResp: bootstrapConfig, - svcErr: nil, - readerResp: encResponse, - readerErr: nil, - response: sdkBootstrapConfigRes, - err: nil, + desc: "secure bootstrap successfully", + externalID: externalId, + externalKey: externalKey, + cryptoKey: string(encKey), + svcResp: bootstrapConfig, + readerResp: encResponse, + expectSvcCall: true, + expectedResp: sdkBootstrapReadRes, }, { - desc: "bootstrap with invalid token", - token: invalidToken, - externalID: externalId, - externalKey: externalKey, - cryptoKey: string(encKey), - svcResp: bootstrap.Config{}, - svcErr: svcerr.ErrAuthentication, - readerResp: []byte{0}, - readerErr: nil, - err: errors.NewSDKErrorWithStatus(svcerr.ErrAuthentication, http.StatusUnauthorized), + desc: "secure bootstrap with invalid crypto key", + externalID: externalId, + externalKey: externalKey, + cryptoKey: invalid, + expectedSDKErr: errors.NewSDKError(errors.New("crypto/aes: invalid key size 7")), }, { - desc: "booostrap with invalid crypto key", - token: validToken, - externalID: externalId, - externalKey: externalKey, - cryptoKey: invalid, - svcResp: bootstrap.Config{}, - svcErr: nil, - readerResp: []byte{0}, - readerErr: nil, - err: errors.NewSDKError(errors.New("crypto/aes: invalid key size 7")), + desc: "secure bootstrap with reader error", + externalID: externalId, + externalKey: externalKey, + cryptoKey: string(encKey), + svcResp: bootstrapConfig, + readerErr: errJSONEOF, + expectSvcCall: true, + expectedSDKErr: errors.NewSDKErrorWithStatus(errJSONEOF, http.StatusInternalServerError), }, { - desc: "bootstrap with error in reader", - token: validToken, - externalID: externalId, - externalKey: externalKey, - cryptoKey: string(encKey), - svcResp: bootstrapConfig, - svcErr: nil, - readerResp: []byte{0}, - readerErr: errJsonEOF, - err: errors.NewSDKErrorWithStatus(errJsonEOF, http.StatusInternalServerError), + desc: "secure bootstrap with malformed response", + externalID: externalId, + externalKey: externalKey, + cryptoKey: string(encKey), + svcResp: bootstrapConfig, + readerResp: []byte{0}, + expectSvcCall: true, + expectedSDKErr: errors.NewSDKError(errJSONEOF), }, { - desc: "bootstrap with response that cannot be unmarshalled", - token: validToken, - externalID: externalId, - externalKey: externalKey, - cryptoKey: string(encKey), - svcResp: bootstrapConfig, - svcErr: nil, - readerResp: []byte{0}, - readerErr: nil, - err: errors.NewSDKError(errJsonEOF), - }, - { - desc: "bootstrap with empty id", - token: validToken, - externalID: "", - externalKey: externalKey, - svcResp: bootstrap.Config{}, - svcErr: nil, - readerResp: []byte{0}, - readerErr: nil, - err: errors.NewSDKError(apiutil.ErrMissingID), + desc: "secure bootstrap with empty id", + externalID: "", + externalKey: externalKey, + cryptoKey: string(encKey), + expectedSDKErr: errors.NewSDKError(apiutil.ErrMissingID), }, } + for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { - svcCall := bsvc.On("Bootstrap", mock.Anything, mock.Anything, tc.externalID, true).Return(tc.svcResp, tc.svcErr) - readerCall := reader.On("ReadConfig", tc.svcResp, true).Return(tc.readerResp, tc.readerErr) - resp, err := mgsdk.BootstrapSecure(context.Background(), tc.externalID, tc.externalKey, tc.cryptoKey) - assert.Equal(t, tc.err, err) - if err == nil { - assert.Equal(t, sdkBootstrapConfigRes, resp) - ok := svcCall.Parent.AssertCalled(t, "Bootstrap", mock.Anything, mock.Anything, tc.externalID, true) - assert.True(t, ok) + var svcCall *mock.Call + var readerCall *mock.Call + if tc.expectSvcCall { + svcCall = bsvc.On("Bootstrap", mock.Anything, mock.Anything, tc.externalID, true).Return(tc.svcResp, tc.svcErr) + readerCall = reader.On("ReadConfig", tc.svcResp, true).Return(tc.readerResp, tc.readerErr) + } + + resp, err := mgsdk.BootstrapSecure(context.Background(), tc.externalID, tc.externalKey, tc.cryptoKey) + + assert.Equal(t, tc.expectedSDKErr, err) + assert.Equal(t, tc.expectedResp, resp) + if svcCall != nil { + svcCall.Unset() + } + if readerCall != nil { + readerCall.Unset() } - svcCall.Unset() - readerCall.Unset() }) } } diff --git a/pkg/sdk/mocks/sdk.go b/pkg/sdk/mocks/sdk.go index d4c1e9d25..fc253f3ad 100644 --- a/pkg/sdk/mocks/sdk.go +++ b/pkg/sdk/mocks/sdk.go @@ -975,6 +975,83 @@ func (_c *SDK_AddRule_Call) RunAndReturn(run func(ctx context.Context, r sdk.Rul return _c } +// AssignBootstrapProfile provides a mock function for the type SDK +func (_mock *SDK) AssignBootstrapProfile(ctx context.Context, configID string, profileID string, domainID string, token string) errors.SDKError { + ret := _mock.Called(ctx, configID, profileID, domainID, token) + + if len(ret) == 0 { + panic("no return value specified for AssignBootstrapProfile") + } + + var r0 errors.SDKError + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string, string) errors.SDKError); ok { + r0 = returnFunc(ctx, configID, profileID, domainID, token) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(errors.SDKError) + } + } + return r0 +} + +// SDK_AssignBootstrapProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'AssignBootstrapProfile' +type SDK_AssignBootstrapProfile_Call struct { + *mock.Call +} + +// AssignBootstrapProfile is a helper method to define mock.On call +// - ctx context.Context +// - configID string +// - profileID string +// - domainID string +// - token string +func (_e *SDK_Expecter) AssignBootstrapProfile(ctx interface{}, configID interface{}, profileID interface{}, domainID interface{}, token interface{}) *SDK_AssignBootstrapProfile_Call { + return &SDK_AssignBootstrapProfile_Call{Call: _e.mock.On("AssignBootstrapProfile", ctx, configID, profileID, domainID, token)} +} + +func (_c *SDK_AssignBootstrapProfile_Call) Run(run func(ctx context.Context, configID string, profileID string, domainID string, token string)) *SDK_AssignBootstrapProfile_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + var arg4 string + if args[4] != nil { + arg4 = args[4].(string) + } + run( + arg0, + arg1, + arg2, + arg3, + arg4, + ) + }) + return _c +} + +func (_c *SDK_AssignBootstrapProfile_Call) Return(sDKError errors.SDKError) *SDK_AssignBootstrapProfile_Call { + _c.Call.Return(sDKError) + return _c +} + +func (_c *SDK_AssignBootstrapProfile_Call) RunAndReturn(run func(ctx context.Context, configID string, profileID string, domainID string, token string) errors.SDKError) *SDK_AssignBootstrapProfile_Call { + _c.Call.Return(run) + return _c +} + // AvailableClientRoleActions provides a mock function for the type SDK func (_mock *SDK) AvailableClientRoleActions(ctx context.Context, domainID string, token string) ([]string, errors.SDKError) { ret := _mock.Called(ctx, domainID, token) @@ -1197,6 +1274,83 @@ func (_c *SDK_AvailableGroupRoleActions_Call) RunAndReturn(run func(ctx context. return _c } +// BindBootstrapResources provides a mock function for the type SDK +func (_mock *SDK) BindBootstrapResources(ctx context.Context, configID string, bindings []sdk.BootstrapBindingRequest, domainID string, token string) errors.SDKError { + ret := _mock.Called(ctx, configID, bindings, domainID, token) + + if len(ret) == 0 { + panic("no return value specified for BindBootstrapResources") + } + + var r0 errors.SDKError + if returnFunc, ok := ret.Get(0).(func(context.Context, string, []sdk.BootstrapBindingRequest, string, string) errors.SDKError); ok { + r0 = returnFunc(ctx, configID, bindings, domainID, token) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(errors.SDKError) + } + } + return r0 +} + +// SDK_BindBootstrapResources_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'BindBootstrapResources' +type SDK_BindBootstrapResources_Call struct { + *mock.Call +} + +// BindBootstrapResources is a helper method to define mock.On call +// - ctx context.Context +// - configID string +// - bindings []sdk.BootstrapBindingRequest +// - domainID string +// - token string +func (_e *SDK_Expecter) BindBootstrapResources(ctx interface{}, configID interface{}, bindings interface{}, domainID interface{}, token interface{}) *SDK_BindBootstrapResources_Call { + return &SDK_BindBootstrapResources_Call{Call: _e.mock.On("BindBootstrapResources", ctx, configID, bindings, domainID, token)} +} + +func (_c *SDK_BindBootstrapResources_Call) Run(run func(ctx context.Context, configID string, bindings []sdk.BootstrapBindingRequest, domainID string, token string)) *SDK_BindBootstrapResources_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 []sdk.BootstrapBindingRequest + if args[2] != nil { + arg2 = args[2].([]sdk.BootstrapBindingRequest) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + var arg4 string + if args[4] != nil { + arg4 = args[4].(string) + } + run( + arg0, + arg1, + arg2, + arg3, + arg4, + ) + }) + return _c +} + +func (_c *SDK_BindBootstrapResources_Call) Return(sDKError errors.SDKError) *SDK_BindBootstrapResources_Call { + _c.Call.Return(sDKError) + return _c +} + +func (_c *SDK_BindBootstrapResources_Call) RunAndReturn(run func(ctx context.Context, configID string, bindings []sdk.BootstrapBindingRequest, domainID string, token string) errors.SDKError) *SDK_BindBootstrapResources_Call { + _c.Call.Return(run) + return _c +} + // Bootstrap provides a mock function for the type SDK func (_mock *SDK) Bootstrap(ctx context.Context, externalID string, externalKey string) (sdk.BootstrapConfig, errors.SDKError) { ret := _mock.Called(ctx, externalID, externalKey) @@ -1271,6 +1425,168 @@ func (_c *SDK_Bootstrap_Call) RunAndReturn(run func(ctx context.Context, externa return _c } +// BootstrapBindings provides a mock function for the type SDK +func (_mock *SDK) BootstrapBindings(ctx context.Context, configID string, domainID string, token string) ([]sdk.BootstrapBindingSnapshot, errors.SDKError) { + ret := _mock.Called(ctx, configID, domainID, token) + + if len(ret) == 0 { + panic("no return value specified for BootstrapBindings") + } + + var r0 []sdk.BootstrapBindingSnapshot + var r1 errors.SDKError + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) ([]sdk.BootstrapBindingSnapshot, errors.SDKError)); ok { + return returnFunc(ctx, configID, domainID, token) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) []sdk.BootstrapBindingSnapshot); ok { + r0 = returnFunc(ctx, configID, domainID, token) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]sdk.BootstrapBindingSnapshot) + } + } + if returnFunc, ok := ret.Get(1).(func(context.Context, string, string, string) errors.SDKError); ok { + r1 = returnFunc(ctx, configID, domainID, token) + } else { + if ret.Get(1) != nil { + r1 = ret.Get(1).(errors.SDKError) + } + } + return r0, r1 +} + +// SDK_BootstrapBindings_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'BootstrapBindings' +type SDK_BootstrapBindings_Call struct { + *mock.Call +} + +// BootstrapBindings is a helper method to define mock.On call +// - ctx context.Context +// - configID string +// - domainID string +// - token string +func (_e *SDK_Expecter) BootstrapBindings(ctx interface{}, configID interface{}, domainID interface{}, token interface{}) *SDK_BootstrapBindings_Call { + return &SDK_BootstrapBindings_Call{Call: _e.mock.On("BootstrapBindings", ctx, configID, domainID, token)} +} + +func (_c *SDK_BootstrapBindings_Call) Run(run func(ctx context.Context, configID string, domainID string, token string)) *SDK_BootstrapBindings_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *SDK_BootstrapBindings_Call) Return(bootstrapBindingSnapshots []sdk.BootstrapBindingSnapshot, sDKError errors.SDKError) *SDK_BootstrapBindings_Call { + _c.Call.Return(bootstrapBindingSnapshots, sDKError) + return _c +} + +func (_c *SDK_BootstrapBindings_Call) RunAndReturn(run func(ctx context.Context, configID string, domainID string, token string) ([]sdk.BootstrapBindingSnapshot, errors.SDKError)) *SDK_BootstrapBindings_Call { + _c.Call.Return(run) + return _c +} + +// BootstrapProfiles provides a mock function for the type SDK +func (_mock *SDK) BootstrapProfiles(ctx context.Context, pm sdk.PageMetadata, domainID string, token string) (sdk.BootstrapProfilesPage, errors.SDKError) { + ret := _mock.Called(ctx, pm, domainID, token) + + if len(ret) == 0 { + panic("no return value specified for BootstrapProfiles") + } + + var r0 sdk.BootstrapProfilesPage + var r1 errors.SDKError + if returnFunc, ok := ret.Get(0).(func(context.Context, sdk.PageMetadata, string, string) (sdk.BootstrapProfilesPage, errors.SDKError)); ok { + return returnFunc(ctx, pm, domainID, token) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, sdk.PageMetadata, string, string) sdk.BootstrapProfilesPage); ok { + r0 = returnFunc(ctx, pm, domainID, token) + } else { + r0 = ret.Get(0).(sdk.BootstrapProfilesPage) + } + if returnFunc, ok := ret.Get(1).(func(context.Context, sdk.PageMetadata, string, string) errors.SDKError); ok { + r1 = returnFunc(ctx, pm, domainID, token) + } else { + if ret.Get(1) != nil { + r1 = ret.Get(1).(errors.SDKError) + } + } + return r0, r1 +} + +// SDK_BootstrapProfiles_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'BootstrapProfiles' +type SDK_BootstrapProfiles_Call struct { + *mock.Call +} + +// BootstrapProfiles is a helper method to define mock.On call +// - ctx context.Context +// - pm sdk.PageMetadata +// - domainID string +// - token string +func (_e *SDK_Expecter) BootstrapProfiles(ctx interface{}, pm interface{}, domainID interface{}, token interface{}) *SDK_BootstrapProfiles_Call { + return &SDK_BootstrapProfiles_Call{Call: _e.mock.On("BootstrapProfiles", ctx, pm, domainID, token)} +} + +func (_c *SDK_BootstrapProfiles_Call) Run(run func(ctx context.Context, pm sdk.PageMetadata, domainID string, token string)) *SDK_BootstrapProfiles_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 sdk.PageMetadata + if args[1] != nil { + arg1 = args[1].(sdk.PageMetadata) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *SDK_BootstrapProfiles_Call) Return(bootstrapProfilesPage sdk.BootstrapProfilesPage, sDKError errors.SDKError) *SDK_BootstrapProfiles_Call { + _c.Call.Return(bootstrapProfilesPage, sDKError) + return _c +} + +func (_c *SDK_BootstrapProfiles_Call) RunAndReturn(run func(ctx context.Context, pm sdk.PageMetadata, domainID string, token string) (sdk.BootstrapProfilesPage, errors.SDKError)) *SDK_BootstrapProfiles_Call { + _c.Call.Return(run) + return _c +} + // BootstrapSecure provides a mock function for the type SDK func (_mock *SDK) BootstrapSecure(ctx context.Context, externalID string, externalKey string, cryptoKey string) (sdk.BootstrapConfig, errors.SDKError) { ret := _mock.Called(ctx, externalID, externalKey, cryptoKey) @@ -2343,6 +2659,86 @@ func (_c *SDK_ConnectClients_Call) RunAndReturn(run func(ctx context.Context, ch return _c } +// CreateBootstrapProfile provides a mock function for the type SDK +func (_mock *SDK) CreateBootstrapProfile(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string) (sdk.BootstrapProfile, errors.SDKError) { + ret := _mock.Called(ctx, profile, domainID, token) + + if len(ret) == 0 { + panic("no return value specified for CreateBootstrapProfile") + } + + var r0 sdk.BootstrapProfile + var r1 errors.SDKError + if returnFunc, ok := ret.Get(0).(func(context.Context, sdk.BootstrapProfile, string, string) (sdk.BootstrapProfile, errors.SDKError)); ok { + return returnFunc(ctx, profile, domainID, token) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, sdk.BootstrapProfile, string, string) sdk.BootstrapProfile); ok { + r0 = returnFunc(ctx, profile, domainID, token) + } else { + r0 = ret.Get(0).(sdk.BootstrapProfile) + } + if returnFunc, ok := ret.Get(1).(func(context.Context, sdk.BootstrapProfile, string, string) errors.SDKError); ok { + r1 = returnFunc(ctx, profile, domainID, token) + } else { + if ret.Get(1) != nil { + r1 = ret.Get(1).(errors.SDKError) + } + } + return r0, r1 +} + +// SDK_CreateBootstrapProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'CreateBootstrapProfile' +type SDK_CreateBootstrapProfile_Call struct { + *mock.Call +} + +// CreateBootstrapProfile is a helper method to define mock.On call +// - ctx context.Context +// - profile sdk.BootstrapProfile +// - domainID string +// - token string +func (_e *SDK_Expecter) CreateBootstrapProfile(ctx interface{}, profile interface{}, domainID interface{}, token interface{}) *SDK_CreateBootstrapProfile_Call { + return &SDK_CreateBootstrapProfile_Call{Call: _e.mock.On("CreateBootstrapProfile", ctx, profile, domainID, token)} +} + +func (_c *SDK_CreateBootstrapProfile_Call) Run(run func(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string)) *SDK_CreateBootstrapProfile_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 sdk.BootstrapProfile + if args[1] != nil { + arg1 = args[1].(sdk.BootstrapProfile) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *SDK_CreateBootstrapProfile_Call) Return(bootstrapProfile sdk.BootstrapProfile, sDKError errors.SDKError) *SDK_CreateBootstrapProfile_Call { + _c.Call.Return(bootstrapProfile, sDKError) + return _c +} + +func (_c *SDK_CreateBootstrapProfile_Call) RunAndReturn(run func(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string) (sdk.BootstrapProfile, errors.SDKError)) *SDK_CreateBootstrapProfile_Call { + _c.Call.Return(run) + return _c +} + // CreateCSR provides a mock function for the type SDK func (_mock *SDK) CreateCSR(ctx context.Context, metadata sdk.CSRMetadata, privKey any) (sdk.CSR, errors.SDKError) { ret := _mock.Called(ctx, metadata, privKey) @@ -8360,6 +8756,77 @@ func (_c *SDK_ReadMessages_Call) RunAndReturn(run func(ctx context.Context, pm s return _c } +// RefreshBootstrapBindings provides a mock function for the type SDK +func (_mock *SDK) RefreshBootstrapBindings(ctx context.Context, configID string, domainID string, token string) errors.SDKError { + ret := _mock.Called(ctx, configID, domainID, token) + + if len(ret) == 0 { + panic("no return value specified for RefreshBootstrapBindings") + } + + var r0 errors.SDKError + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) errors.SDKError); ok { + r0 = returnFunc(ctx, configID, domainID, token) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(errors.SDKError) + } + } + return r0 +} + +// SDK_RefreshBootstrapBindings_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RefreshBootstrapBindings' +type SDK_RefreshBootstrapBindings_Call struct { + *mock.Call +} + +// RefreshBootstrapBindings is a helper method to define mock.On call +// - ctx context.Context +// - configID string +// - domainID string +// - token string +func (_e *SDK_Expecter) RefreshBootstrapBindings(ctx interface{}, configID interface{}, domainID interface{}, token interface{}) *SDK_RefreshBootstrapBindings_Call { + return &SDK_RefreshBootstrapBindings_Call{Call: _e.mock.On("RefreshBootstrapBindings", ctx, configID, domainID, token)} +} + +func (_c *SDK_RefreshBootstrapBindings_Call) Run(run func(ctx context.Context, configID string, domainID string, token string)) *SDK_RefreshBootstrapBindings_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *SDK_RefreshBootstrapBindings_Call) Return(sDKError errors.SDKError) *SDK_RefreshBootstrapBindings_Call { + _c.Call.Return(sDKError) + return _c +} + +func (_c *SDK_RefreshBootstrapBindings_Call) RunAndReturn(run func(ctx context.Context, configID string, domainID string, token string) errors.SDKError) *SDK_RefreshBootstrapBindings_Call { + _c.Call.Return(run) + return _c +} + // RefreshToken provides a mock function for the type SDK func (_mock *SDK) RefreshToken(ctx context.Context, token string) (sdk.Token, errors.SDKError) { ret := _mock.Called(ctx, token) @@ -9083,6 +9550,77 @@ func (_c *SDK_RemoveBootstrap_Call) RunAndReturn(run func(ctx context.Context, i return _c } +// RemoveBootstrapProfile provides a mock function for the type SDK +func (_mock *SDK) RemoveBootstrapProfile(ctx context.Context, id string, domainID string, token string) errors.SDKError { + ret := _mock.Called(ctx, id, domainID, token) + + if len(ret) == 0 { + panic("no return value specified for RemoveBootstrapProfile") + } + + var r0 errors.SDKError + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) errors.SDKError); ok { + r0 = returnFunc(ctx, id, domainID, token) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(errors.SDKError) + } + } + return r0 +} + +// SDK_RemoveBootstrapProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoveBootstrapProfile' +type SDK_RemoveBootstrapProfile_Call struct { + *mock.Call +} + +// RemoveBootstrapProfile is a helper method to define mock.On call +// - ctx context.Context +// - id string +// - domainID string +// - token string +func (_e *SDK_Expecter) RemoveBootstrapProfile(ctx interface{}, id interface{}, domainID interface{}, token interface{}) *SDK_RemoveBootstrapProfile_Call { + return &SDK_RemoveBootstrapProfile_Call{Call: _e.mock.On("RemoveBootstrapProfile", ctx, id, domainID, token)} +} + +func (_c *SDK_RemoveBootstrapProfile_Call) Run(run func(ctx context.Context, id string, domainID string, token string)) *SDK_RemoveBootstrapProfile_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *SDK_RemoveBootstrapProfile_Call) Return(sDKError errors.SDKError) *SDK_RemoveBootstrapProfile_Call { + _c.Call.Return(sDKError) + return _c +} + +func (_c *SDK_RemoveBootstrapProfile_Call) RunAndReturn(run func(ctx context.Context, id string, domainID string, token string) errors.SDKError) *SDK_RemoveBootstrapProfile_Call { + _c.Call.Return(run) + return _c +} + // RemoveChannelParent provides a mock function for the type SDK func (_mock *SDK) RemoveChannelParent(ctx context.Context, id string, domainID string, groupID string, token string) errors.SDKError { ret := _mock.Called(ctx, id, domainID, groupID, token) @@ -11254,6 +11792,77 @@ func (_c *SDK_UpdateBootstrapConnection_Call) RunAndReturn(run func(ctx context. return _c } +// UpdateBootstrapProfile provides a mock function for the type SDK +func (_mock *SDK) UpdateBootstrapProfile(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string) errors.SDKError { + ret := _mock.Called(ctx, profile, domainID, token) + + if len(ret) == 0 { + panic("no return value specified for UpdateBootstrapProfile") + } + + var r0 errors.SDKError + if returnFunc, ok := ret.Get(0).(func(context.Context, sdk.BootstrapProfile, string, string) errors.SDKError); ok { + r0 = returnFunc(ctx, profile, domainID, token) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(errors.SDKError) + } + } + return r0 +} + +// SDK_UpdateBootstrapProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'UpdateBootstrapProfile' +type SDK_UpdateBootstrapProfile_Call struct { + *mock.Call +} + +// UpdateBootstrapProfile is a helper method to define mock.On call +// - ctx context.Context +// - profile sdk.BootstrapProfile +// - domainID string +// - token string +func (_e *SDK_Expecter) UpdateBootstrapProfile(ctx interface{}, profile interface{}, domainID interface{}, token interface{}) *SDK_UpdateBootstrapProfile_Call { + return &SDK_UpdateBootstrapProfile_Call{Call: _e.mock.On("UpdateBootstrapProfile", ctx, profile, domainID, token)} +} + +func (_c *SDK_UpdateBootstrapProfile_Call) Run(run func(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string)) *SDK_UpdateBootstrapProfile_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 sdk.BootstrapProfile + if args[1] != nil { + arg1 = args[1].(sdk.BootstrapProfile) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *SDK_UpdateBootstrapProfile_Call) Return(sDKError errors.SDKError) *SDK_UpdateBootstrapProfile_Call { + _c.Call.Return(sDKError) + return _c +} + +func (_c *SDK_UpdateBootstrapProfile_Call) RunAndReturn(run func(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string) errors.SDKError) *SDK_UpdateBootstrapProfile_Call { + _c.Call.Return(run) + return _c +} + // UpdateChannel provides a mock function for the type SDK func (_mock *SDK) UpdateChannel(ctx context.Context, channel sdk.Channel, domainID string, token string) (sdk.Channel, errors.SDKError) { ret := _mock.Called(ctx, channel, domainID, token) @@ -13594,6 +14203,86 @@ func (_c *SDK_ViewBootstrap_Call) RunAndReturn(run func(ctx context.Context, id return _c } +// ViewBootstrapProfile provides a mock function for the type SDK +func (_mock *SDK) ViewBootstrapProfile(ctx context.Context, id string, domainID string, token string) (sdk.BootstrapProfile, errors.SDKError) { + ret := _mock.Called(ctx, id, domainID, token) + + if len(ret) == 0 { + panic("no return value specified for ViewBootstrapProfile") + } + + var r0 sdk.BootstrapProfile + var r1 errors.SDKError + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) (sdk.BootstrapProfile, errors.SDKError)); ok { + return returnFunc(ctx, id, domainID, token) + } + if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) sdk.BootstrapProfile); ok { + r0 = returnFunc(ctx, id, domainID, token) + } else { + r0 = ret.Get(0).(sdk.BootstrapProfile) + } + if returnFunc, ok := ret.Get(1).(func(context.Context, string, string, string) errors.SDKError); ok { + r1 = returnFunc(ctx, id, domainID, token) + } else { + if ret.Get(1) != nil { + r1 = ret.Get(1).(errors.SDKError) + } + } + return r0, r1 +} + +// SDK_ViewBootstrapProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ViewBootstrapProfile' +type SDK_ViewBootstrapProfile_Call struct { + *mock.Call +} + +// ViewBootstrapProfile is a helper method to define mock.On call +// - ctx context.Context +// - id string +// - domainID string +// - token string +func (_e *SDK_Expecter) ViewBootstrapProfile(ctx interface{}, id interface{}, domainID interface{}, token interface{}) *SDK_ViewBootstrapProfile_Call { + return &SDK_ViewBootstrapProfile_Call{Call: _e.mock.On("ViewBootstrapProfile", ctx, id, domainID, token)} +} + +func (_c *SDK_ViewBootstrapProfile_Call) Run(run func(ctx context.Context, id string, domainID string, token string)) *SDK_ViewBootstrapProfile_Call { + _c.Call.Run(func(args mock.Arguments) { + var arg0 context.Context + if args[0] != nil { + arg0 = args[0].(context.Context) + } + var arg1 string + if args[1] != nil { + arg1 = args[1].(string) + } + var arg2 string + if args[2] != nil { + arg2 = args[2].(string) + } + var arg3 string + if args[3] != nil { + arg3 = args[3].(string) + } + run( + arg0, + arg1, + arg2, + arg3, + ) + }) + return _c +} + +func (_c *SDK_ViewBootstrapProfile_Call) Return(bootstrapProfile sdk.BootstrapProfile, sDKError errors.SDKError) *SDK_ViewBootstrapProfile_Call { + _c.Call.Return(bootstrapProfile, sDKError) + return _c +} + +func (_c *SDK_ViewBootstrapProfile_Call) RunAndReturn(run func(ctx context.Context, id string, domainID string, token string) (sdk.BootstrapProfile, errors.SDKError)) *SDK_ViewBootstrapProfile_Call { + _c.Call.Return(run) + return _c +} + // ViewCA provides a mock function for the type SDK func (_mock *SDK) ViewCA(ctx context.Context) (sdk.Certificate, errors.SDKError) { ret := _mock.Called(ctx) @@ -14053,16 +14742,16 @@ func (_c *SDK_ViewSubscription_Call) RunAndReturn(run func(ctx context.Context, } // Whitelist provides a mock function for the type SDK -func (_mock *SDK) Whitelist(ctx context.Context, clientID string, state int, domainID string, token string) errors.SDKError { - ret := _mock.Called(ctx, clientID, state, domainID, token) +func (_mock *SDK) Whitelist(ctx context.Context, clientID string, status sdk.BootstrapStatus, domainID string, token string) errors.SDKError { + ret := _mock.Called(ctx, clientID, status, domainID, token) if len(ret) == 0 { panic("no return value specified for Whitelist") } var r0 errors.SDKError - if returnFunc, ok := ret.Get(0).(func(context.Context, string, int, string, string) errors.SDKError); ok { - r0 = returnFunc(ctx, clientID, state, domainID, token) + if returnFunc, ok := ret.Get(0).(func(context.Context, string, sdk.BootstrapStatus, string, string) errors.SDKError); ok { + r0 = returnFunc(ctx, clientID, status, domainID, token) } else { if ret.Get(0) != nil { r0 = ret.Get(0).(errors.SDKError) @@ -14079,14 +14768,14 @@ type SDK_Whitelist_Call struct { // Whitelist is a helper method to define mock.On call // - ctx context.Context // - clientID string -// - state int +// - status sdk.BootstrapStatus // - domainID string // - token string -func (_e *SDK_Expecter) Whitelist(ctx interface{}, clientID interface{}, state interface{}, domainID interface{}, token interface{}) *SDK_Whitelist_Call { - return &SDK_Whitelist_Call{Call: _e.mock.On("Whitelist", ctx, clientID, state, domainID, token)} +func (_e *SDK_Expecter) Whitelist(ctx interface{}, clientID interface{}, status interface{}, domainID interface{}, token interface{}) *SDK_Whitelist_Call { + return &SDK_Whitelist_Call{Call: _e.mock.On("Whitelist", ctx, clientID, status, domainID, token)} } -func (_c *SDK_Whitelist_Call) Run(run func(ctx context.Context, clientID string, state int, domainID string, token string)) *SDK_Whitelist_Call { +func (_c *SDK_Whitelist_Call) Run(run func(ctx context.Context, clientID string, status sdk.BootstrapStatus, domainID string, token string)) *SDK_Whitelist_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { @@ -14096,9 +14785,9 @@ func (_c *SDK_Whitelist_Call) Run(run func(ctx context.Context, clientID string, if args[1] != nil { arg1 = args[1].(string) } - var arg2 int + var arg2 sdk.BootstrapStatus if args[2] != nil { - arg2 = args[2].(int) + arg2 = args[2].(sdk.BootstrapStatus) } var arg3 string if args[3] != nil { @@ -14124,7 +14813,7 @@ func (_c *SDK_Whitelist_Call) Return(sDKError errors.SDKError) *SDK_Whitelist_Ca return _c } -func (_c *SDK_Whitelist_Call) RunAndReturn(run func(ctx context.Context, clientID string, state int, domainID string, token string) errors.SDKError) *SDK_Whitelist_Call { +func (_c *SDK_Whitelist_Call) RunAndReturn(run func(ctx context.Context, clientID string, status sdk.BootstrapStatus, domainID string, token string) errors.SDKError) *SDK_Whitelist_Call { _c.Call.Return(run) return _c } diff --git a/pkg/sdk/responses.go b/pkg/sdk/responses.go index 3bcb8b95a..26e22e020 100644 --- a/pkg/sdk/responses.go +++ b/pkg/sdk/responses.go @@ -70,6 +70,12 @@ type BootstrapPage struct { PageRes } +// BootstrapProfilesPage contains list of bootstrap profiles in a page with proper metadata. +type BootstrapProfilesPage struct { + Profiles []BootstrapProfile `json:"profiles"` + PageRes +} + // SubscriptionPage contains list of subscriptions in a page with proper metadata. type SubscriptionPage struct { Subscriptions []Subscription `json:"subscriptions"` diff --git a/pkg/sdk/sdk.go b/pkg/sdk/sdk.go index e06ec80f0..9c638721f 100644 --- a/pkg/sdk/sdk.go +++ b/pkg/sdk/sdk.go @@ -1619,12 +1619,21 @@ type SDK interface { // AddBootstrap add bootstrap configuration AddBootstrap(ctx context.Context, cfg BootstrapConfig, domainID, token string) (string, smqerrors.SDKError) + // CreateBootstrapProfile creates a bootstrap profile template. + CreateBootstrapProfile(ctx context.Context, profile BootstrapProfile, domainID, token string) (BootstrapProfile, smqerrors.SDKError) + // ViewBootstrap returns Client Config with given ID belonging to the user identified by the given token. ViewBootstrap(ctx context.Context, id, domainID, token string) (BootstrapConfig, smqerrors.SDKError) + // ViewBootstrapProfile returns bootstrap profile with the given ID. + ViewBootstrapProfile(ctx context.Context, id, domainID, token string) (BootstrapProfile, smqerrors.SDKError) + // UpdateBootstrap updates editable fields of the provided Config. UpdateBootstrap(ctx context.Context, cfg BootstrapConfig, domainID, token string) smqerrors.SDKError + // UpdateBootstrapProfile updates editable fields of the provided bootstrap profile. + UpdateBootstrapProfile(ctx context.Context, profile BootstrapProfile, domainID, token string) smqerrors.SDKError + // UpdateBootstrapCerts updates bootstrap config certificates. UpdateBootstrapCerts(ctx context.Context, id string, clientCert, clientKey, ca string, domainID, token string) (BootstrapConfig, smqerrors.SDKError) @@ -1634,6 +1643,9 @@ type SDK interface { // RemoveBootstrap removes Config with specified token that belongs to the user identified by the given token. RemoveBootstrap(ctx context.Context, id, domainID, token string) smqerrors.SDKError + // RemoveBootstrapProfile removes a bootstrap profile with the given ID. + RemoveBootstrapProfile(ctx context.Context, id, domainID, token string) smqerrors.SDKError + // Bootstrap returns Config to the Client with provided external ID using external key. Bootstrap(ctx context.Context, externalID, externalKey string) (BootstrapConfig, smqerrors.SDKError) @@ -1643,8 +1655,23 @@ type SDK interface { // Bootstraps retrieves a list of managed configs. Bootstraps(ctx context.Context, pm PageMetadata, domainID, token string) (BootstrapPage, smqerrors.SDKError) - // Whitelist updates Client state Config with given ID belonging to the user identified by the given token. - Whitelist(ctx context.Context, clientID string, state int, domainID, token string) smqerrors.SDKError + // BootstrapProfiles retrieves a list of bootstrap profiles. + BootstrapProfiles(ctx context.Context, pm PageMetadata, domainID, token string) (BootstrapProfilesPage, smqerrors.SDKError) + + // Whitelist updates Client bootstrap status with given ID belonging to the user identified by the given token. + Whitelist(ctx context.Context, clientID string, status BootstrapStatus, domainID, token string) smqerrors.SDKError + + // AssignBootstrapProfile assigns a bootstrap profile to the given enrollment. + AssignBootstrapProfile(ctx context.Context, configID, profileID, domainID, token string) smqerrors.SDKError + + // BindBootstrapResources stores resolved binding snapshots for the given enrollment. + BindBootstrapResources(ctx context.Context, configID string, bindings []BootstrapBindingRequest, domainID, token string) smqerrors.SDKError + + // BootstrapBindings lists stored binding snapshots for the given enrollment. + BootstrapBindings(ctx context.Context, configID, domainID, token string) ([]BootstrapBindingSnapshot, smqerrors.SDKError) + + // RefreshBootstrapBindings refreshes stored binding snapshots for the given enrollment. + RefreshBootstrapBindings(ctx context.Context, configID, domainID, token string) smqerrors.SDKError // ReadMessages reads messages of specified channel. ReadMessages(ctx context.Context, pm MessagePageMetadata, chanID, domainID, token string) (MessagesPage, smqerrors.SDKError) diff --git a/provision/config.go b/provision/config.go index dbaccd4cd..32801554f 100644 --- a/provision/config.go +++ b/provision/config.go @@ -36,10 +36,23 @@ type ServiceConf struct { // Bootstrap represetns the Bootstrap config. type Bootstrap struct { - X509Provision bool `toml:"x509_provision" env:"MG_PROVISION_X509_PROVISIONING" envDefault:"false"` - Provision bool `toml:"provision" env:"MG_PROVISION_BS_CONFIG_PROVISIONING" envDefault:"true"` - AutoWhiteList bool `toml:"autowhite_list" env:"MG_PROVISION_BS_AUTO_WHITELIST" envDefault:"true"` - Content map[string]any `toml:"content"` + X509Provision bool `toml:"x509_provision" env:"MG_PROVISION_X509_PROVISIONING" envDefault:"false"` + Provision bool `toml:"provision" env:"MG_PROVISION_BS_CONFIG_PROVISIONING" envDefault:"true"` + AutoWhiteList bool `toml:"autowhite_list" env:"MG_PROVISION_BS_AUTO_WHITELIST" envDefault:"true"` + ProfileID string `toml:"profile_id" env:"MG_PROVISION_BS_PROFILE_ID" envDefault:""` + RenderContext map[string]any `toml:"render_context,omitempty"` + Bindings []BootstrapBinding `toml:"bindings,omitempty"` + Content map[string]any `toml:"content"` +} + +// BootstrapBinding maps a bootstrap profile slot to one of the resources +// created by provision. +type BootstrapBinding struct { + Slot string `toml:"slot" json:"slot"` + Type string `toml:"type" json:"type"` + Name string `toml:"name" json:"name,omitempty"` + MetadataKey string `toml:"metadata_key" json:"metadata_key,omitempty"` + MetadataValue string `toml:"metadata_value" json:"metadata_value,omitempty"` } // Gateway represetns the Gateway config. @@ -99,6 +112,9 @@ func Read(file string) (Config, error) { if err := toml.Unmarshal(data, &c); err != nil { return Config{}, fmt.Errorf("Error unmarshaling toml: %w", err) } + if len(c.Bootstrap.RenderContext) == 0 { + c.Bootstrap.RenderContext = nil + } return c, nil } diff --git a/provision/service.go b/provision/service.go index 799cc26ad..e1afad771 100644 --- a/provision/service.go +++ b/provision/service.go @@ -17,7 +17,6 @@ import ( const ( externalIDKey = "external_id" gateway = "gateway" - Active = 1 control = "control" data = "data" @@ -40,6 +39,7 @@ var ( ErrFailedCertView = errors.NewServiceError("failed to view certificate") ErrFailedBootstrap = errors.NewServiceError("failed to create bootstrap config") ErrFailedBootstrapValidate = errors.NewServiceError("failed to validate bootstrap config creation") + ErrFailedBootstrapBinding = errors.NewServiceError("failed to bind bootstrap resources") ErrGatewayUpdate = errors.NewServiceError("failed to update gateway metadata") ) @@ -52,7 +52,7 @@ type Service interface { // - create a Client based on external_id (eg. MAC address) // - create multiple Channels // - create Bootstrap configuration - // - whitelist Client in Bootstrap configuration == connect Client to Channels + // - enable created Bootstrap enrollments Provision(ctx context.Context, domainID, token, name, externalID, externalKey string) (Result, error) // Mapping returns current configuration used for provision @@ -103,7 +103,8 @@ func (ps *provisionService) Mapping() map[string]any { func (ps *provisionService) Provision(ctx context.Context, domainID, token, name, externalID, externalKey string) (res Result, err error) { var channels []smqSDK.Channel var clients []smqSDK.Client - defer ps.recover(ctx, &err, &clients, &channels, domainID, token) + var bootstrapIDs []string + defer ps.recover(ctx, &err, &clients, &channels, &bootstrapIDs, domainID, token) token, err = ps.createTokenIfEmpty(ctx, token) if err != nil { @@ -170,38 +171,44 @@ func (ps *provisionService) Provision(ctx context.Context, domainID, token, name ClientKey: map[string]string{}, } - var bsConfig sdk.BootstrapConfig + content, err := json.Marshal(ps.conf.Bootstrap.Content) + if err != nil { + return Result{}, errors.Wrap(ErrFailedBootstrap, err) + } + + bootstrapConfigs := make(map[string]sdk.BootstrapConfig) + var gatewayConfig sdk.BootstrapConfig + var gatewayClientID string for _, c := range clients { - var chanIDs []string - - for _, ch := range channels { - chanIDs = append(chanIDs, ch.ID) - } - content, err := json.Marshal(ps.conf.Bootstrap.Content) - if err != nil { - return Result{}, errors.Wrap(ErrFailedBootstrap, err) - } - if ps.conf.Bootstrap.Provision && needsBootstrap(c) { bsReq := sdk.BootstrapConfig{ - ClientID: c.ID, - ExternalID: externalID, - ExternalKey: externalKey, - Channels: chanIDs, - CACert: res.CACert, - ClientCert: "", - ClientKey: "", - Content: string(content), + ExternalID: externalID, + ExternalKey: externalKey, + Name: name, + CACert: res.CACert, + ClientCert: "", + ClientKey: "", + Content: string(content), + ProfileID: ps.conf.Bootstrap.ProfileID, + RenderContext: ps.bootstrapRenderContext(externalID, name), } bsid, err := ps.sdk.AddBootstrap(ctx, bsReq, domainID, token) if err != nil { return Result{}, errors.Wrap(ErrFailedBootstrap, err) } + bootstrapIDs = append(bootstrapIDs, bsid) - bsConfig, err = ps.sdk.ViewBootstrap(ctx, bsid, domainID, token) + bsConfig, err := ps.sdk.ViewBootstrap(ctx, bsid, domainID, token) if err != nil { return Result{}, errors.Wrap(ErrFailedBootstrapValidate, err) } + bootstrapConfigs[c.ID] = bsConfig + gatewayConfig = bsConfig + gatewayClientID = c.ID + + if err := ps.bindBootstrapResources(ctx, bsConfig.ID, c, clients, channels, domainID, token); err != nil { + return Result{}, errors.Wrap(ErrFailedBootstrapBinding, err) + } } if ps.conf.Bootstrap.X509Provision { @@ -221,24 +228,33 @@ func (ps *provisionService) Provision(ctx context.Context, domainID, token, name res.ClientKey[c.ID] = cert.Key res.CACert = "" - if needsBootstrap(c) { - if _, err = ps.sdk.UpdateBootstrapCerts(ctx, bsConfig.ClientID, cert.Certificate, cert.Key, "", domainID, token); err != nil { + if bsConfig, ok := bootstrapConfigs[c.ID]; ok { + updated, err := ps.sdk.UpdateBootstrapCerts(ctx, bsConfig.ID, cert.Certificate, cert.Key, "", domainID, token) + if err != nil { return Result{}, errors.Wrap(ErrFailedCertCreation, err) } + bootstrapConfigs[c.ID] = updated + if gatewayClientID == c.ID { + gatewayConfig = updated + } } } if ps.conf.Bootstrap.AutoWhiteList { - if err := ps.sdk.Whitelist(ctx, c.ID, Active, domainID, token); err != nil { - res.Error = err.Error() - return res, ErrClientUpdate + if bsConfig, ok := bootstrapConfigs[c.ID]; ok { + if err := ps.sdk.Whitelist(ctx, bsConfig.ID, smqSDK.BootstrapEnabledStatus, domainID, token); err != nil { + res.Error = err.Error() + return res, ErrClientUpdate + } + res.Whitelisted[bsConfig.ID] = true } - res.Whitelisted[c.ID] = true } } - if err = ps.updateGateway(ctx, domainID, token, bsConfig, channels); err != nil { - return res, err + if gatewayClientID != "" && gatewayConfig.ID != "" { + if err = ps.updateGateway(ctx, domainID, token, gatewayClientID, gatewayConfig, externalKey, channels); err != nil { + return res, err + } } return res, nil } @@ -292,7 +308,7 @@ func (ps *provisionService) createTokenIfEmpty(ctx context.Context, token string return tkn.AccessToken, nil } -func (ps *provisionService) updateGateway(ctx context.Context, domainID, token string, bs sdk.BootstrapConfig, channels []smqSDK.Channel) error { +func (ps *provisionService) updateGateway(ctx context.Context, domainID, token, gatewayClientID string, bs sdk.BootstrapConfig, externalKey string, channels []smqSDK.Channel) error { var gw Gateway for _, ch := range channels { switch ch.Metadata["type"] { @@ -305,11 +321,11 @@ func (ps *provisionService) updateGateway(ctx context.Context, domainID, token s } } gw.ExternalID = bs.ExternalID - gw.ExternalKey = bs.ExternalKey - gw.CfgID = bs.ClientID + gw.ExternalKey = externalKey + gw.CfgID = bs.ID gw.Type = gateway - c, sdkerr := ps.sdk.Client(ctx, bs.ClientID, domainID, token) + c, sdkerr := ps.sdk.Client(ctx, gatewayClientID, domainID, token) if sdkerr != nil { return errors.Wrap(ErrGatewayUpdate, sdkerr) } @@ -326,6 +342,95 @@ func (ps *provisionService) updateGateway(ctx context.Context, domainID, token s return nil } +func (ps *provisionService) bootstrapRenderContext(externalID, name string) map[string]any { + renderContext := make(map[string]any, len(ps.conf.Bootstrap.RenderContext)+2) + for k, v := range ps.conf.Bootstrap.RenderContext { + renderContext[k] = v + } + if externalID != "" { + renderContext[externalIDKey] = externalID + } + if name != "" { + renderContext["name"] = name + } + if len(renderContext) == 0 { + return nil + } + return renderContext +} + +func (ps *provisionService) bindBootstrapResources(ctx context.Context, configID string, bootstrapClient smqSDK.Client, clients []smqSDK.Client, channels []smqSDK.Channel, domainID, token string) error { + if len(ps.conf.Bootstrap.Bindings) == 0 { + return nil + } + + requests := make([]smqSDK.BootstrapBindingRequest, 0, len(ps.conf.Bootstrap.Bindings)) + for _, binding := range ps.conf.Bootstrap.Bindings { + resourceID := ps.bindingResourceID(binding, bootstrapClient, clients, channels) + if resourceID == "" { + return fmt.Errorf("resource for bootstrap binding slot %q not found", binding.Slot) + } + requests = append(requests, smqSDK.BootstrapBindingRequest{ + Slot: binding.Slot, + Type: binding.Type, + ResourceID: resourceID, + }) + } + + return ps.sdk.BindBootstrapResources(ctx, configID, requests, domainID, token) +} + +func (ps *provisionService) bindingResourceID(binding BootstrapBinding, bootstrapClient smqSDK.Client, clients []smqSDK.Client, channels []smqSDK.Channel) string { + switch binding.Type { + case "client": + if matchesClientBinding(binding, bootstrapClient) { + return bootstrapClient.ID + } + for _, client := range clients { + if matchesClientBinding(binding, client) { + return client.ID + } + } + case "channel": + for _, channel := range channels { + if matchesChannelBinding(binding, channel) { + return channel.ID + } + } + } + return "" +} + +func matchesClientBinding(binding BootstrapBinding, client smqSDK.Client) bool { + if binding.Name != "" && client.Name != binding.Name { + return false + } + if binding.MetadataKey != "" { + return metadataValue(client.Metadata, binding.MetadataKey) == binding.MetadataValue + } + return binding.Name != "" || client.ID != "" +} + +func matchesChannelBinding(binding BootstrapBinding, channel smqSDK.Channel) bool { + if binding.Name != "" && channel.Name != binding.Name { + return false + } + if binding.MetadataKey != "" { + return metadataValue(channel.Metadata, binding.MetadataKey) == binding.MetadataValue + } + return binding.Name != "" || channel.ID != "" +} + +func metadataValue(metadata map[string]any, key string) string { + if metadata == nil { + return "" + } + if value, ok := metadata[key]; ok { + return fmt.Sprint(value) + } + return "" +} + func (ps *provisionService) errLog(err error) { if err != nil { ps.logger.Error(fmt.Sprintf("Error recovering: %s", err)) @@ -343,11 +448,17 @@ func clean(ctx context.Context, ps *provisionService, clients []smqSDK.Client, c } } -func (ps *provisionService) recover(ctx context.Context, e *error, ths *[]smqSDK.Client, chs *[]smqSDK.Channel, domainID, token string) { +func (ps *provisionService) removeBootstraps(ctx context.Context, ids []string, domainID, token string) { + for _, id := range ids { + ps.errLog(ps.sdk.RemoveBootstrap(ctx, id, domainID, token)) + } +} + +func (ps *provisionService) recover(ctx context.Context, e *error, ths *[]smqSDK.Client, chs *[]smqSDK.Channel, bootstrapIDs *[]string, domainID, token string) { if e == nil { return } - clients, channels, err := *ths, *chs, *e + clients, channels, bootstraps, err := *ths, *chs, *bootstrapIDs, *e if errors.Contains(err, ErrFailedClientRetrieval) || errors.Contains(err, ErrFailedChannelCreation) { for _, c := range clients { @@ -362,27 +473,12 @@ func (ps *provisionService) recover(ctx context.Context, e *error, ths *[]smqSDK return } - if errors.Contains(err, ErrFailedBootstrapValidate) || errors.Contains(err, ErrFailedCertCreation) { + if errors.Contains(err, ErrFailedBootstrapValidate) || errors.Contains(err, ErrFailedCertCreation) || errors.Contains(err, ErrFailedBootstrapBinding) { clean(ctx, ps, clients, channels, domainID, token) - for _, c := range clients { - if needsBootstrap(c) { - ps.errLog(ps.sdk.RemoveBootstrap(ctx, c.ID, domainID, token)) - } - } + ps.removeBootstraps(ctx, bootstraps, domainID, token) return } - if errors.Contains(err, ErrFailedBootstrapValidate) || errors.Contains(err, ErrFailedCertCreation) { - clean(ctx, ps, clients, channels, domainID, token) - for _, c := range clients { - if needsBootstrap(c) { - bs, err := ps.sdk.ViewBootstrap(ctx, c.ID, domainID, token) - ps.errLog(errors.Wrap(ErrFailedBootstrapRetrieval, err)) - ps.errLog(ps.sdk.RemoveBootstrap(ctx, bs.ClientID, domainID, token)) - } - } - } - if errors.Contains(err, ErrClientUpdate) || errors.Contains(err, ErrGatewayUpdate) { clean(ctx, ps, clients, channels, domainID, token) for _, c := range clients { @@ -390,12 +486,8 @@ func (ps *provisionService) recover(ctx context.Context, e *error, ths *[]smqSDK err := ps.sdk.RevokeCert(ctx, c.ID, domainID, token) ps.errLog(err) } - if needsBootstrap(c) { - bs, err := ps.sdk.ViewBootstrap(ctx, c.ID, domainID, token) - ps.errLog(errors.Wrap(ErrFailedBootstrapRetrieval, err)) - ps.errLog(ps.sdk.RemoveBootstrap(ctx, bs.ClientID, domainID, token)) - } } + ps.removeBootstraps(ctx, bootstraps, domainID, token) return } } diff --git a/provision/service_test.go b/provision/service_test.go index 6f87ada78..14d9fb9e3 100644 --- a/provision/service_test.go +++ b/provision/service_test.go @@ -231,3 +231,219 @@ func TestCert(t *testing.T) { }) } } + +func TestProvisionUsesBootstrapEnrollmentID(t *testing.T) { + cfg := validConfig + cfg.Bootstrap = provision.Bootstrap{ + X509Provision: true, + Provision: true, + AutoWhiteList: true, + ProfileID: "gateway-profile", + RenderContext: map[string]any{ + "site": "warehouse-1", + }, + Bindings: []provision.BootstrapBinding{ + { + Slot: "mqtt_client", + Type: "client", + }, + { + Slot: "control", + Type: "channel", + MetadataKey: "type", + MetadataValue: "control", + }, + }, + Content: map[string]any{ + "broker": "mqtt://localhost:1883", + }, + } + cfg.Clients[0].Metadata = map[string]any{ + "external_id": "placeholder", + } + cfg.Channels[0].Name = "control-channel" + cfg.Channels[0].Metadata = map[string]any{ + "type": "control", + } + cfg.Cert.TTL = "1h" + + const ( + name = "gateway-1" + externalID = "AA:BB:CC:DD" + externalKey = "secret" + certPEM = "cert-pem" + keyPEM = "key-pem" + serial = "serial-1" + ) + + clientID := testsutil.GenerateUUID(t) + channelID := testsutil.GenerateUUID(t) + bootstrapID := testsutil.GenerateUUID(t) + domainID := testsutil.GenerateUUID(t) + + clientMetadata := map[string]any{ + "external_id": externalID, + } + var updatedClient smqSDK.Client + + mgsdk := new(sdkmocks.SDK) + svc := provision.New(cfg, mgsdk, mglog.NewMock()) + + createClientCall := mgsdk.On( + "CreateClient", + mock.Anything, + mock.Anything, + domainID, + validToken, + ).Return(smqSDK.Client{ID: clientID}, nil) + + clientCall := mgsdk.On( + "Client", + mock.Anything, + clientID, + domainID, + validToken, + ).Return(smqSDK.Client{ID: clientID, Name: name, Metadata: clientMetadata}, nil).Twice() + + createChannelCall := mgsdk.On( + "CreateChannel", + mock.Anything, + mock.Anything, + domainID, + validToken, + ).Return(smqSDK.Channel{ID: channelID}, nil) + + channelCall := mgsdk.On( + "Channel", + mock.Anything, + channelID, + domainID, + validToken, + ).Return(smqSDK.Channel{ID: channelID, Metadata: smqSDK.Metadata{"type": "control"}}, nil) + + addBootstrapCall := mgsdk.On( + "AddBootstrap", + mock.Anything, + mock.MatchedBy(func(cfg smqSDK.BootstrapConfig) bool { + return cfg.ProfileID == "gateway-profile" && + cfg.RenderContext["site"] == "warehouse-1" && + cfg.RenderContext["external_id"] == externalID && + cfg.RenderContext["name"] == name + }), + domainID, + validToken, + ).Return(bootstrapID, nil) + + viewBootstrapCall := mgsdk.On( + "ViewBootstrap", + mock.Anything, + bootstrapID, + domainID, + validToken, + ).Return(smqSDK.BootstrapConfig{ + ID: bootstrapID, + ExternalID: externalID, + ExternalKey: externalKey, + }, nil) + + bindBootstrapResourcesCall := mgsdk.On( + "BindBootstrapResources", + mock.Anything, + bootstrapID, + []smqSDK.BootstrapBindingRequest{ + { + Slot: "mqtt_client", + Type: "client", + ResourceID: clientID, + }, + { + Slot: "control", + Type: "channel", + ResourceID: channelID, + }, + }, + domainID, + validToken, + ).Return(nil) + + issueCertCall := mgsdk.On( + "IssueCert", + mock.Anything, + clientID, + cfg.Cert.TTL, + mock.Anything, + mock.Anything, + domainID, + validToken, + ).Return(smqSDK.Certificate{SerialNumber: serial}, nil) + + viewCertCall := mgsdk.On( + "ViewCert", + mock.Anything, + serial, + domainID, + validToken, + ).Return(smqSDK.Certificate{Certificate: certPEM, Key: keyPEM}, nil) + + updateBootstrapCertsCall := mgsdk.On( + "UpdateBootstrapCerts", + mock.Anything, + bootstrapID, + certPEM, + keyPEM, + "", + domainID, + validToken, + ).Return(smqSDK.BootstrapConfig{ + ID: bootstrapID, + ExternalID: externalID, + ExternalKey: externalKey, + ClientCert: certPEM, + ClientKey: keyPEM, + }, nil) + + whitelistCall := mgsdk.On( + "Whitelist", + mock.Anything, + bootstrapID, + smqSDK.BootstrapEnabledStatus, + domainID, + validToken, + ).Return(nil) + + updateClientCall := mgsdk.On( + "UpdateClient", + mock.Anything, + mock.Anything, + domainID, + validToken, + ).Run(func(args mock.Arguments) { + updatedClient = args.Get(1).(smqSDK.Client) + }).Return(smqSDK.Client{ID: clientID}, nil) + + res, err := svc.Provision(context.Background(), domainID, validToken, name, externalID, externalKey) + assert.NoError(t, err) + assert.Len(t, res.Clients, 1) + assert.Len(t, res.Channels, 1) + assert.True(t, res.Whitelisted[bootstrapID]) + assert.Equal(t, certPEM, res.ClientCert[clientID]) + assert.Equal(t, keyPEM, res.ClientKey[clientID]) + assert.Equal(t, clientID, updatedClient.ID) + assert.Equal(t, bootstrapID, updatedClient.Metadata["cfg_id"]) + assert.Equal(t, externalID, updatedClient.Metadata["external_id"]) + assert.Equal(t, channelID, updatedClient.Metadata["ctrl_channel_id"]) + assert.Equal(t, "gateway", updatedClient.Metadata["type"]) + + createClientCall.Unset() + clientCall.Unset() + createChannelCall.Unset() + channelCall.Unset() + _ = addBootstrapCall + viewBootstrapCall.Unset() + bindBootstrapResourcesCall.Unset() + issueCertCall.Unset() + viewCertCall.Unset() + updateBootstrapCertsCall.Unset() + whitelistCall.Unset() + updateClientCall.Unset() +} diff --git a/re/service_test.go b/re/service_test.go index a4e750ee8..a0a067db4 100644 --- a/re/service_test.go +++ b/re/service_test.go @@ -491,9 +491,9 @@ func TestAddRule(t *testing.T) { t.Run(tc.desc, func(t *testing.T) { repoCall := repo.On("AddRule", mock.Anything, mock.Anything).Return(tc.res, tc.err) policyCall := policies.On("AddPolicies", context.Background(), mock.Anything).Return(tc.addPoliciesErr) - policyCall2 := policies.On("DeletePolicies", context.Background(), mock.Anything).Return(tc.deletePolicies).Maybe() + policyCall2 := policies.On("DeletePolicies", context.Background(), mock.Anything).Return(tc.deletePolicies) repoCall1 := repo.On("AddRoles", context.Background(), mock.Anything).Return([]roles.RoleProvision{}, tc.addRoleErr) - repoCall2 := repo.On("Remove", context.Background(), mock.Anything).Return(tc.deleteErr).Maybe() + repoCall2 := repo.On("Remove", context.Background(), mock.Anything).Return(tc.deleteErr) res, _, err := svc.AddRule(context.Background(), tc.session, tc.rule) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) if err == nil { @@ -1175,6 +1175,7 @@ func TestHandle(t *testing.T) { page re.Page listErr error publishErr error + emailErr error expectErr bool }{ { @@ -1420,6 +1421,37 @@ func TestHandle(t *testing.T) { }, listErr: nil, }, + { + desc: "consume message with Lua script and failed Email output", + message: &messaging.Message{ + Channel: inputChannel, + Created: now.Unix(), + Payload: []byte(`{"temperature": 25.5}`), + }, + page: re.Page{ + Rules: []re.Rule{ + { + ID: testsutil.GenerateUUID(t), + Name: namegen.Generate(), + InputChannel: inputChannel, + Status: re.EnabledStatus, + Logic: re.Script{ + Type: re.LuaType, + Value: `return message.payload`, + }, + Outputs: re.Outputs{ + &outputs.Email{ + To: []string{"test@example.com"}, + Subject: "Temperature Alert", + Content: "Temperature: {{.Result}}", + }, + }, + Schedule: schedule, + }, + }, + }, + emailErr: errors.New("failed to send email"), + }, { desc: "consume message with rules using GoType", message: &messaging.Message{ @@ -1817,8 +1849,8 @@ func TestHandle(t *testing.T) { err = tc.listErr } }) - repoCall1 := pubmocks.On("Publish", mock.Anything, mock.Anything, mock.Anything).Return(tc.publishErr).Maybe() - repoCall2 := emailer.On("SendEmailNotification", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil).Maybe() + repoCall1 := pubmocks.On("Publish", mock.Anything, mock.Anything, mock.Anything).Return(tc.publishErr) + repoCall2 := emailer.On("SendEmailNotification", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.emailErr) err = svc.Handle(tc.message) assert.Nil(t, err) diff --git a/reports/service_test.go b/reports/service_test.go index 42bd8b0db..2cce103e2 100644 --- a/reports/service_test.go +++ b/reports/service_test.go @@ -184,9 +184,9 @@ func TestAddReportConfig(t *testing.T) { t.Run(tc.desc, func(t *testing.T) { repoCall := repo.On("AddReportConfig", mock.Anything, mock.Anything).Return(tc.res, tc.err) policyCall := policies.On("AddPolicies", context.Background(), mock.Anything).Return(tc.addPoliciesErr) - policyCall2 := policies.On("DeletePolicies", context.Background(), mock.Anything).Return(tc.deletePolicies).Maybe() + policyCall2 := policies.On("DeletePolicies", context.Background(), mock.Anything).Return(tc.deletePolicies) repoCall1 := repo.On("AddRoles", context.Background(), mock.Anything).Return([]roles.RoleProvision{}, tc.addRoleErr) - repoCall2 := repo.On("Remove", context.Background(), mock.Anything).Return(tc.deleteErr).Maybe() + repoCall2 := repo.On("Remove", context.Background(), mock.Anything).Return(tc.deleteErr) res, err := svc.AddReportConfig(context.Background(), tc.session, tc.cfg) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) if err == nil { diff --git a/tools/config/.mockery.yaml b/tools/config/.mockery.yaml index b92ba4798..4339ac18e 100644 --- a/tools/config/.mockery.yaml +++ b/tools/config/.mockery.yaml @@ -173,6 +173,10 @@ packages: ConfigRepository: ConfigReader: Service: + ProfileRepository: + BindingStore: + BindingResolver: + Renderer: github.com/absmach/magistrala/provision: interfaces: Service: diff --git a/users/service_test.go b/users/service_test.go index 3871fd74c..2fbf11425 100644 --- a/users/service_test.go +++ b/users/service_test.go @@ -2082,6 +2082,7 @@ func TestOAuthCallback(t *testing.T) { retrieveByEmailErr error saveResponse users.User addPoliciesErr error + updateVerifiedAtErr error err error }{ { @@ -2136,6 +2137,18 @@ func TestOAuthCallback(t *testing.T) { }, err: nil, }, + { + desc: "oauth signin callback with failed update verified at", + user: users.User{ + Email: "test@example.com", + }, + retrieveByEmailResponse: users.User{ + ID: testsutil.GenerateUUID(t), + Role: users.UserRole, + }, + updateVerifiedAtErr: svcerr.ErrUpdateEntity, + err: svcerr.ErrUpdateEntity, + }, } for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { @@ -2144,7 +2157,7 @@ func TestOAuthCallback(t *testing.T) { repoCall2 := cRepo.On("UpdateVerifiedAt", context.Background(), mock.MatchedBy(func(u users.User) bool { assert.NotEmpty(t, u.ID, "UpdateVerifiedAt must be called with non-empty user ID") return u.ID != "" - })).Maybe().Return(tc.retrieveByEmailResponse, nil) + })).Return(tc.retrieveByEmailResponse, tc.updateVerifiedAtErr) policyCall := policies.On("AddPolicies", context.Background(), mock.Anything).Return(tc.addPoliciesErr) _, err := svc.OAuthCallback(context.Background(), tc.user) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))