opensource/magistrala
1
0
Fork 0
mirror of https://github.com/absmach/magistrala.git synced 2026-06-23 04:10:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

NOISSUE - Update bootstrap and provision service (#3476)
Property Based Tests / api-test (push) Has been cancelled
Details
Continuous Delivery / lint-and-build (push) Has been cancelled
Details
Deploy GitHub Pages / swagger-ui (push) Has been cancelled
Details
CI Pipeline / Lint Proto (push) Has been cancelled
Details
CI Pipeline / Detect Changes (push) Has been cancelled
Details
Continuous Delivery / Build and Push Docker Images (push) Has been cancelled
Details
CI Pipeline / lint-and-build (push) Has been cancelled
Details
CI Pipeline / Test ${{ matrix.module }} (push) Has been cancelled
Details
CI Pipeline / Upload Coverage (push) Has been cancelled
Details

Browse Source 
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Co-authored-by: JeffMboya <jangina.mboya@gmail.com>
This commit is contained in:
Steve Munene
2026-05-08 11:35:00 +03:00
committed by GitHub
parent f736bca7c1
commit 7f03134d8e
76 changed files with 9930 additions and 6249 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/tests.yaml
+9 -1
View File
@@ -75,6 +75,13 @@ jobs:
- "pkg/ulid/**"
- "pkg/uuid/**"
bootstrap:
- "bootstrap/**"
- "cmd/bootstrap/**"
- "pkg/bootstrap/**"
- "provision/**"
- "pkg/sdk/**"
channels:
- "channels/**"
- "cmd/channels/**"
@@ -233,10 +240,11 @@ jobs:
if [[ "${{ steps.changes.outputs.workflow }}" == "true" || "${{ steps.changes.outputs.pkg-errors }}" == "true" ]]; then
# If workflow or pkg/errors changed, test everything
modules=("auth" "channels" "cli" "clients" "domains" "groups" "internal" "journal" "logger" "pkg-errors" "pkg-events" "pkg-grpcclient" "pkg-messaging" "pkg-sdk" "pkg-transformers" "pkg-ulid" "pkg-uuid" "users" "notifications" "api" "consumers" "readers" "re" "alarms" "reports")
modules=("auth" "bootstrap" "channels" "cli" "clients" "domains" "groups" "internal" "journal" "logger" "pkg-errors" "pkg-events" "pkg-grpcclient" "pkg-messaging" "pkg-sdk" "pkg-transformers" "pkg-ulid" "pkg-uuid" "users" "notifications" "api" "consumers" "readers" "re" "alarms" "reports")
else
# Add only changed modules
[[ "${{ steps.changes.outputs.auth }}" == "true" ]] && modules+=("auth")
[[ "${{ steps.changes.outputs.bootstrap }}" == "true" ]] && modules+=("bootstrap")
[[ "${{ steps.changes.outputs.channels }}" == "true" ]] && modules+=("channels")
[[ "${{ steps.changes.outputs.cli }}" == "true" ]] && modules+=("cli")
[[ "${{ steps.changes.outputs.clients }}" == "true" ]] && modules+=("clients")
Makefile
+1 -1
View File
@@ -4,7 +4,7 @@
override MG_DOCKER_IMAGE_NAME_PREFIX := ghcr.io/absmach/magistrala
MG_DOCKER_VOLUME_NAME_PREFIX ?= magistrala
BUILD_DIR ?= build
SERVICES = auth users clients groups channels domains notifications certs re postgres-writer postgres-reader timescale-writer timescale-reader cli alarms reports bootstrap journal fluxmq
SERVICES = auth users clients groups channels domains notifications certs re postgres-writer postgres-reader timescale-writer timescale-reader cli alarms reports bootstrap provision journal fluxmq
TEST_API_SERVICES = journal auth certs clients users channels groups domains
TEST_API = $(addprefix test_api_,$(TEST_API_SERVICES))
DOCKERS = $(addprefix docker_,$(SERVICES))
apidocs/openapi/bootstrap.yaml
+744 -292
View File
File diff suppressed because it is too large Load Diff
auth/api/grpc/auth/client.go
+3
View File
@@ -94,6 +94,9 @@ func (client authGrpcClient) Authorize(ctx context.Context, req *grpcAuthV1.Auth
}
if patReq != nil {
if patReq.GetDomain() != "" {
authReqData.Domain = patReq.GetDomain()
}
authReqData.UserID = patReq.GetUserId()
authReqData.PatID = patReq.GetPatId()
authReqData.EntityType = patReq.GetEntityType()
auth/api/grpc/auth/endpoint_test.go
+43
View File
@@ -131,6 +131,8 @@ func TestAuthorize(t *testing.T) {
token string
authRequest *grpcAuthV1.AuthZReq
authResponse *grpcAuthV1.AuthZRes
expectedReq *policies.Policy
expectedPAT *auth.PATAuthz
err error
}{
{
@@ -270,6 +272,47 @@ func TestAuthorize(t *testing.T) {
authResponse: &grpcAuthV1.AuthZRes{Authorized: true},
err: nil,
},
{
desc: "authorize bootstrap PAT keeps PAT domain when policy domain is empty",
token: validPATToken,
authRequest: &grpcAuthV1.AuthZReq{
PolicyReq: &grpcAuthV1.PolicyReq{
Subject: id,
SubjectType: policies.UserType,
SubjectKind: policies.UsersKind,
Permission: policies.MembershipPermission,
ObjectType: policies.DomainType,
Object: domainID,
},
PatReq: &grpcAuthV1.PATReq{
PatId: id,
Domain: domainID,
Operation: "create",
UserId: id,
EntityId: auth.AnyIDs,
EntityType: auth.BootstrapStr,
},
},
authResponse: &grpcAuthV1.AuthZRes{Authorized: true},
expectedReq: &policies.Policy{
Domain: domainID,
SubjectType: policies.UserType,
SubjectKind: policies.UsersKind,
Subject: id,
Permission: policies.MembershipPermission,
ObjectType: policies.DomainType,
Object: domainID,
},
expectedPAT: &auth.PATAuthz{
PatID: id,
UserID: id,
EntityType: auth.BootstrapType,
EntityID: auth.AnyIDs,
Operation: "create",
Domain: domainID,
},
err: nil,
},
{
desc: "authorize user with unauthorized PAT token",
token: inValidToken,
auth/api/grpc/auth/server.go
+3
View File
@@ -88,6 +88,9 @@ func decodeAuthorizeRequest(_ context.Context, grpcReq any) (any, error) {
}
if patReq != nil {
if patReq.GetDomain() != "" {
authRequest.Domain = patReq.GetDomain()
}
authRequest.UserID = patReq.GetUserId()
authRequest.PatID = patReq.GetPatId()
authRequest.EntityType = patReq.GetEntityType()
auth/pat.go
+7 -1
View File
@@ -76,6 +76,7 @@ const (
GroupsType EntityType = iota
ChannelsType
ClientsType
BootstrapType
DashboardType
MessagesType
DomainsType
@@ -88,6 +89,7 @@ const (
GroupsScopeStr = "groups"
ChannelsScopeStr = "channels"
ClientsScopeStr = "clients"
BootstrapStr = "bootstrap"
DashboardsStr = "dashboards"
MessagesStr = "messages"
DomainsStr = "domains"
@@ -104,6 +106,8 @@ func (et EntityType) String() string {
return ChannelsScopeStr
case ClientsType:
return ClientsScopeStr
case BootstrapType:
return BootstrapStr
case DashboardType:
return DashboardsStr
case MessagesType:
@@ -129,6 +133,8 @@ func ParseEntityType(et string) (EntityType, error) {
return ChannelsType, nil
case ClientsScopeStr:
return ClientsType, nil
case BootstrapStr:
return BootstrapType, nil
case DashboardsStr:
return DashboardType, nil
case MessagesStr:
@@ -169,7 +175,7 @@ func (et *EntityType) UnmarshalText(data []byte) (err error) {
func IsValidOperationForEntity(entityType EntityType, operation string) bool {
switch entityType {
case ClientsType, ChannelsType, GroupsType, DomainsType, RulesType, ReportsType:
case ClientsType, ChannelsType, GroupsType, BootstrapType, DomainsType, RulesType, ReportsType:
return true
case DashboardType:
return operation == OpDashboardShare || operation == OpDashboardUnshare
auth/pat_test.go
+35
View File
@@ -31,6 +31,11 @@ func TestEntityTypeString(t *testing.T) {
et: auth.ClientsType,
expected: "clients",
},
{
desc: "Bootstrap entity type",
et: auth.BootstrapType,
expected: "bootstrap",
},
{
desc: "Dashboard entity type",
et: auth.DashboardType,
@@ -91,6 +96,12 @@ func TestParseEntityType(t *testing.T) {
expected: auth.ClientsType,
err: false,
},
{
desc: "Parse bootstrap",
et: "bootstrap",
expected: auth.BootstrapType,
err: false,
},
{
desc: "Parse dashboards",
et: "dashboards",
@@ -155,6 +166,12 @@ func TestEntityTypeMarshalJSON(t *testing.T) {
expected: []byte(`"clients"`),
err: nil,
},
{
desc: "Marshal bootstrap",
et: auth.BootstrapType,
expected: []byte(`"bootstrap"`),
err: nil,
},
{
desc: "Marshal rules",
et: auth.RulesType,
@@ -197,6 +214,12 @@ func TestEntityTypeUnmarshalJSON(t *testing.T) {
expected: auth.ChannelsType,
err: false,
},
{
desc: "Unmarshal bootstrap",
data: []byte(`"bootstrap"`),
expected: auth.BootstrapType,
err: false,
},
{
desc: "Unmarshal rules",
data: []byte(`"rules"`),
@@ -250,6 +273,12 @@ func TestEntityTypeMarshalText(t *testing.T) {
expected: []byte("channels"),
err: nil,
},
{
desc: "Marshal bootstrap as text",
et: auth.BootstrapType,
expected: []byte("bootstrap"),
err: nil,
},
}
for _, tc := range cases {
@@ -280,6 +309,12 @@ func TestEntityTypeUnmarshalText(t *testing.T) {
expected: auth.ChannelsType,
err: false,
},
{
desc: "Unmarshal bootstrap from text",
data: []byte("bootstrap"),
expected: auth.BootstrapType,
err: false,
},
{
desc: "Unmarshal unknown from text",
data: []byte("unknown"),
bootstrap/README.md
+8 -8
View File
@@ -4,9 +4,9 @@ New devices need to be configured properly and connected to the Magistrala. Boot
1. Creating new Magistrala Clients
2. Providing basic configuration for the newly created Clients
3. Enabling/disabling Clients
3. Enabling/disabling bootstrap enrollments
Pre-provisioning a new Client is as simple as sending Configuration data to the Bootstrap service. Once the Client is online, it sends a request for initial config to Bootstrap service. Bootstrap service provides an API for enabling and disabling Clients. Only enabled Clients can exchange messages over Magistrala. Bootstrapping does not implicitly enable Clients, it has to be done manually.
Pre-provisioning a new Client is as simple as sending Configuration data to the Bootstrap service. Once the Client is online, it sends a request for initial config to Bootstrap service. Bootstrap service provides an API for enabling and disabling bootstrap enrollments. Bootstrapping does not implicitly enable an enrollment; it has to be done manually.
In order to bootstrap successfully, the Client needs to send bootstrapping request to the specific URL, as well as a secret key. This key and URL are pre-provisioned during the manufacturing process. If the Client is provisioned on the Bootstrap service side, the corresponding configuration will be sent as a response. Otherwise, the Client will be saved so that it can be provisioned later.
@@ -20,14 +20,14 @@ Client Configuration consists of two logical parts: the custom configuration tha
> Note: list of channels contains IDs of the Magistrala channels. These channels are _pre-provisioned_ on the Magistrala side and, unlike corresponding Magistrala Client, Bootstrap service is not able to create Magistrala Channels.
Enabling and disabling Client (adding Client to/from whitelist) is as simple as connecting corresponding Magistrala Client to the given list of Channels. Configuration keeps _state_ of the Client:
Enabling and disabling a bootstrap enrollment is an enrollment toggle. Configuration keeps a _status_:
| State | What it means |
| -------- | ---------------------------------------------- |
| Inactive | Client is created, but isn't enabled |
| Active | Client is able to communicate using Magistrala |
| Status | What it means |
| -------- | ----------------------------------------------------------- |
| disabled | Enrollment exists, but bootstrap is not allowed |
| enabled | Enrollment can be used to fetch bootstrap configuration |
Switching between states `Active` and `Inactive` enables and disables Client, respectively.
Switching between statuses `enabled` and `disabled` enables and disables the enrollment, respectively.
Client configuration also contains the so-called `external ID` and `external key`. An external ID is a unique identifier of corresponding Client. For example, a device MAC address is a good choice for external ID. External key is a secret key that is used for authentication during the bootstrapping procedure.
bootstrap/api/endpoint.go
+275 -74
View File
@@ -26,21 +26,16 @@ func addEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return nil, svcerr.ErrAuthorization
}
channels := []bootstrap.Channel{}
for _, c := range req.Channels {
channels = append(channels, bootstrap.Channel{ID: c})
}
config := bootstrap.Config{
ClientID: req.ClientID,
ExternalID: req.ExternalID,
ExternalKey: req.ExternalKey,
Channels: channels,
Name: req.Name,
ClientCert: req.ClientCert,
ClientKey: req.ClientKey,
CACert: req.CACert,
Content: req.Content,
ProfileID: req.ProfileID,
RenderContext: req.RenderContext,
}
saved, err := svc.Add(ctx, session, req.token, config)
@@ -49,7 +44,16 @@ func addEndpoint(svc bootstrap.Service) endpoint.Endpoint {
}
res := configRes{
id: saved.ClientID,
ID: saved.ID,
ExternalID: saved.ExternalID,
Name: saved.Name,
Content: saved.Content,
Status: saved.Status,
ProfileID: saved.ProfileID,
RenderContext: saved.RenderContext,
ClientCert: saved.ClientCert,
CACert: saved.CACert,
ClientKey: saved.ClientKey,
created: true,
}
@@ -69,13 +73,13 @@ func updateCertEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return nil, svcerr.ErrAuthorization
}
cfg, err := svc.UpdateCert(ctx, session, req.clientID, req.ClientCert, req.ClientKey, req.CACert)
cfg, err := svc.UpdateCert(ctx, session, req.configID, req.ClientCert, req.ClientKey, req.CACert)
if err != nil {
return nil, err
}
res := updateConfigRes{
ClientID: cfg.ClientID,
ID: cfg.ID,
ClientCert: cfg.ClientCert,
CACert: cfg.CACert,
ClientKey: cfg.ClientKey,
@@ -102,24 +106,14 @@ func viewEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return nil, err
}
var channels []channelRes
for _, ch := range config.Channels {
channels = append(channels, channelRes{
ID: ch.ID,
Name: ch.Name,
Metadata: ch.Metadata,
})
}
res := viewRes{
ClientID: config.ClientID,
CLientSecret: config.ClientSecret,
Channels: channels,
ID: config.ID,
ExternalID: config.ExternalID,
ExternalKey: config.ExternalKey,
Name: config.Name,
Content: config.Content,
State: config.State,
Status: config.Status,
ProfileID: config.ProfileID,
RenderContext: config.RenderContext,
}
return res, nil
@@ -139,7 +133,7 @@ func updateEndpoint(svc bootstrap.Service) endpoint.Endpoint {
}
config := bootstrap.Config{
ClientID: req.id,
ID: req.id,
Name: req.Name,
Content: req.Content,
}
@@ -148,37 +142,7 @@ func updateEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return nil, err
}
res := configRes{
id: config.ClientID,
created: false,
}
return res, nil
}
}
func updateConnEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(updateConnReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
if err := svc.UpdateConnections(ctx, session, req.token, req.id, req.Channels); err != nil {
return nil, err
}
res := configRes{
id: req.id,
created: false,
}
return res, nil
return updateRes{}, nil
}
}
@@ -206,24 +170,14 @@ func listEndpoint(svc bootstrap.Service) endpoint.Endpoint {
}
for _, cfg := range page.Configs {
var channels []channelRes
for _, ch := range cfg.Channels {
channels = append(channels, channelRes{
ID: ch.ID,
Name: ch.Name,
Metadata: ch.Metadata,
})
}
view := viewRes{
ClientID: cfg.ClientID,
CLientSecret: cfg.ClientSecret,
Channels: channels,
ID: cfg.ID,
ExternalID: cfg.ExternalID,
ExternalKey: cfg.ExternalKey,
Name: cfg.Name,
Content: cfg.Content,
State: cfg.State,
Status: cfg.Status,
ProfileID: cfg.ProfileID,
RenderContext: cfg.RenderContext,
}
res.Configs = append(res.Configs, view)
}
@@ -268,9 +222,9 @@ func bootstrapEndpoint(svc bootstrap.Service, reader bootstrap.ConfigReader, sec
}
}
func stateEndpoint(svc bootstrap.Service) endpoint.Endpoint {
func enableConfigEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(changeStateReq)
req := request.(changeConfigStatusReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
@@ -280,10 +234,257 @@ func stateEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return nil, svcerr.ErrAuthorization
}
if err := svc.ChangeState(ctx, session, req.token, req.id, req.State); err != nil {
cfg, err := svc.EnableConfig(ctx, session, req.id)
if err != nil {
return nil, err
}
return stateRes{}, nil
return changeConfigStatusRes{Config: cfg}, nil
}
}
func disableConfigEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(changeConfigStatusReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
cfg, err := svc.DisableConfig(ctx, session, req.id)
if err != nil {
return nil, err
}
return changeConfigStatusRes{Config: cfg}, nil
}
}
func createProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(createProfileReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
saved, err := svc.CreateProfile(ctx, session, req.Profile)
if err != nil {
return nil, err
}
return profileRes{Profile: saved, created: true}, nil
}
}
func uploadProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(uploadProfileReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
saved, err := svc.CreateProfile(ctx, session, req.Profile)
if err != nil {
return nil, err
}
return profileRes{Profile: saved, created: true}, nil
}
}
func viewProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(viewProfileReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
p, err := svc.ViewProfile(ctx, session, req.profileID)
if err != nil {
return nil, err
}
return profileRes{Profile: p}, nil
}
}
func profileSlotsEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(viewProfileReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
p, err := svc.ViewProfile(ctx, session, req.profileID)
if err != nil {
return nil, err
}
return profileSlotsRes{BindingSlots: p.BindingSlots}, nil
}
}
func renderPreviewEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(renderPreviewReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
p, err := svc.ViewProfile(ctx, session, req.profileID)
if err != nil {
return nil, err
}
cfg := req.Config
cfg.DomainID = session.DomainID
cfg.ProfileID = p.ID
if cfg.RenderContext == nil {
cfg.RenderContext = req.RenderContext
}
rendered, err := bootstrap.NewRenderer().Render(p, cfg, req.Bindings)
if err != nil {
return nil, err
}
return renderPreviewRes{Content: string(rendered)}, nil
}
}
func updateProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(updateProfileReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
req.Profile.ID = req.profileID
if err := svc.UpdateProfile(ctx, session, req.Profile); err != nil {
return nil, err
}
return profileRes{Profile: req.Profile}, nil
}
}
func deleteProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(deleteProfileReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
if err := svc.DeleteProfile(ctx, session, req.profileID); err != nil {
return nil, err
}
return removeRes{}, nil
}
}
func listProfilesEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(listProfilesReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
page, err := svc.ListProfiles(ctx, session, req.offset, req.limit)
if err != nil {
return nil, err
}
return profilesPageRes{ProfilesPage: page}, nil
}
}
func assignProfileEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(assignProfileReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
if err := svc.AssignProfile(ctx, session, req.configID, req.ProfileID); err != nil {
return nil, err
}
return removeRes{}, nil
}
}
func bindResourcesEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(bindResourcesReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
if err := svc.BindResources(ctx, session, req.token, req.configID, req.Bindings); err != nil {
return nil, err
}
return removeRes{}, nil
}
}
func listBindingsEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(listBindingsReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
snapshots, err := svc.ListBindings(ctx, session, req.configID)
if err != nil {
return nil, err
}
return bindingsRes{Bindings: snapshots}, nil
}
}
func refreshBindingsEndpoint(svc bootstrap.Service) endpoint.Endpoint {
return func(ctx context.Context, request any) (any, error) {
req := request.(refreshBindingsReq)
if err := req.validate(); err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
if !ok {
return nil, svcerr.ErrAuthorization
}
if err := svc.RefreshBindings(ctx, session, req.token, req.configID); err != nil {
return nil, err
}
return removeRes{}, nil
}
}
bootstrap/api/endpoint_test.go
+250 -319
View File
@@ -38,7 +38,6 @@ const (
invalidToken = "invalid"
email = "test@example.com"
unknown = "unknown"
channelsNum = 3
contentType = "application/json"
wrongID = "wrong_id"
@@ -50,42 +49,30 @@ const (
var (
encKey = []byte("1234567891011121")
metadata = map[string]any{"meta": "data"}
addExternalID = testsutil.GenerateUUID(&testing.T{})
addExternalKey = testsutil.GenerateUUID(&testing.T{})
addClientID = testsutil.GenerateUUID(&testing.T{})
addClientSecret = testsutil.GenerateUUID(&testing.T{})
addID = testsutil.GenerateUUID(&testing.T{})
addReq = struct {
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
ExternalID string `json:"external_id"`
ExternalKey string `json:"external_key"`
Channels []string `json:"channels"`
Name string `json:"name"`
Content string `json:"content"`
}{
ClientID: addClientID,
ClientSecret: addClientSecret,
ExternalID: addExternalID,
ExternalKey: addExternalKey,
Channels: []string{"1"},
Name: "name",
Content: "config",
}
updateReq = struct {
Channels []string `json:"channels,omitempty"`
Content string `json:"content,omitempty"`
State bootstrap.State `json:"state,omitempty"`
Status bootstrap.Status `json:"status,omitempty"`
ClientCert string `json:"client_cert,omitempty"`
ClientSecret string `json:"client_secret,omitempty"`
CACert string `json:"ca_cert,omitempty"`
}{
Channels: []string{"1"},
Content: "config update",
State: 1,
Status: bootstrap.EnabledStatus,
ClientCert: "newcert",
ClientSecret: "newkey",
CACert: "newca",
}
@@ -108,16 +95,9 @@ type testRequest struct {
func newConfig() bootstrap.Config {
return bootstrap.Config{
ClientID: addClientID,
ClientSecret: addClientSecret,
ID: addID,
ExternalID: addExternalID,
ExternalKey: addExternalKey,
Channels: []bootstrap.Channel{
{
ID: "1",
Metadata: metadata,
},
},
Name: addName,
Content: addContent,
ClientCert: "newcert",
@@ -200,14 +180,6 @@ func TestAdd(t *testing.T) {
data := toJSON(addReq)
neID := addReq
neID.ClientID = testsutil.GenerateUUID(t)
neData := toJSON(neID)
invalidChannels := addReq
invalidChannels.Channels = []string{wrongID}
wrongData := toJSON(invalidChannels)
cases := []struct {
desc string
req string
@@ -238,7 +210,7 @@ func TestAdd(t *testing.T) {
token: validToken,
contentType: contentType,
status: http.StatusCreated,
location: "/clients/configs/" + c.ClientID,
location: "/clients/configs/" + c.ID,
err: nil,
},
{
@@ -261,26 +233,6 @@ func TestAdd(t *testing.T) {
location: "",
err: svcerr.ErrConflict,
},
{
desc: "add a config with non-existent ID",
req: neData,
domainID: domainID,
token: validToken,
contentType: contentType,
status: http.StatusBadRequest,
location: "",
err: svcerr.ErrConflict,
},
{
desc: "add a config with invalid channels",
req: wrongData,
domainID: domainID,
token: validToken,
contentType: contentType,
status: http.StatusBadRequest,
location: "",
err: svcerr.ErrConflict,
},
{
desc: "add a config with wrong JSON",
req: "{\"external_id\": 5}",
@@ -354,18 +306,10 @@ func TestView(t *testing.T) {
defer bs.Close()
c := newConfig()
var channels []channel
for _, ch := range c.Channels {
channels = append(channels, channel{ID: ch.ID, Name: ch.Name, Metadata: ch.Metadata})
}
data := config{
ClientID: c.ClientID,
ClientSecret: c.ClientSecret,
State: c.State,
Channels: channels,
ID: c.ID,
Status: c.Status,
ExternalID: c.ExternalID,
ExternalKey: c.ExternalKey,
Name: c.Name,
Content: c.Content,
}
@@ -383,7 +327,7 @@ func TestView(t *testing.T) {
{
desc: "view a config with invalid token",
token: invalidToken,
id: c.ClientID,
id: c.ID,
status: http.StatusUnauthorized,
res: config{},
authenticateErr: svcerr.ErrAuthentication,
@@ -392,7 +336,7 @@ func TestView(t *testing.T) {
{
desc: "view a config",
token: validToken,
id: c.ClientID,
id: c.ID,
status: http.StatusOK,
res: data,
err: nil,
@@ -408,7 +352,7 @@ func TestView(t *testing.T) {
{
desc: "view a config with an empty token",
token: "",
id: c.ClientID,
id: c.ID,
status: http.StatusUnauthorized,
res: config{},
err: apiutil.ErrBearerToken,
@@ -416,7 +360,7 @@ func TestView(t *testing.T) {
{
desc: "view config without authorization",
token: validToken,
id: c.ClientID,
id: c.ID,
status: http.StatusForbidden,
res: config{},
err: svcerr.ErrAuthorization,
@@ -445,10 +389,6 @@ func TestView(t *testing.T) {
assert.Nil(t, err, fmt.Sprintf("Decoding expected to succeed %s: %s", tc.desc, err))
}
assert.ElementsMatch(t, tc.res.Channels, view.Channels, fmt.Sprintf("%s: expected response '%s' got '%s'", tc.desc, tc.res.Channels, view.Channels))
// Empty channels to prevent order mismatch.
tc.res.Channels = []channel{}
view.Channels = []channel{}
assert.Equal(t, tc.res, view, fmt.Sprintf("%s: expected response '%s' got '%s'", tc.desc, tc.res, view))
svcCall.Unset()
authCall.Unset()
@@ -477,7 +417,7 @@ func TestUpdate(t *testing.T) {
{
desc: "update with invalid token",
req: data,
id: c.ClientID,
id: c.ID,
token: invalidToken,
contentType: contentType,
status: http.StatusUnauthorized,
@@ -487,7 +427,7 @@ func TestUpdate(t *testing.T) {
{
desc: "update with an empty token",
req: data,
id: c.ClientID,
id: c.ID,
token: "",
contentType: contentType,
status: http.StatusUnauthorized,
@@ -496,7 +436,7 @@ func TestUpdate(t *testing.T) {
{
desc: "update a valid config",
req: data,
id: c.ClientID,
id: c.ID,
token: validToken,
contentType: contentType,
status: http.StatusOK,
@@ -505,7 +445,7 @@ func TestUpdate(t *testing.T) {
{
desc: "update a config with wrong content type",
req: data,
id: c.ClientID,
id: c.ID,
token: validToken,
contentType: "",
status: http.StatusUnsupportedMediaType,
@@ -523,7 +463,7 @@ func TestUpdate(t *testing.T) {
{
desc: "update a config with invalid request format",
req: "}",
id: c.ClientID,
id: c.ID,
token: validToken,
contentType: contentType,
status: http.StatusBadRequest,
@@ -531,7 +471,7 @@ func TestUpdate(t *testing.T) {
},
{
desc: "update a config with an empty request",
id: c.ClientID,
id: c.ID,
req: "",
token: validToken,
contentType: contentType,
@@ -549,7 +489,7 @@ func TestUpdate(t *testing.T) {
svcCall := svc.On("Update", mock.Anything, tc.session, mock.Anything).Return(tc.err)
req := testRequest{
client: bs.Client(),
method: http.MethodPut,
method: http.MethodPatch,
url: fmt.Sprintf("%s/%s/clients/configs/%s", bs.URL, domainID, tc.id),
contentType: tc.contentType,
token: tc.token,
@@ -585,7 +525,7 @@ func TestUpdateCert(t *testing.T) {
{
desc: "update with invalid token",
req: data,
id: c.ClientID,
id: c.ID,
token: invalidToken,
contentType: contentType,
status: http.StatusUnauthorized,
@@ -595,7 +535,7 @@ func TestUpdateCert(t *testing.T) {
{
desc: "update with an empty token",
req: data,
id: c.ClientID,
id: c.ID,
token: "",
contentType: contentType,
status: http.StatusUnauthorized,
@@ -604,7 +544,7 @@ func TestUpdateCert(t *testing.T) {
{
desc: "update a valid config",
req: data,
id: c.ClientID,
id: c.ID,
token: validToken,
contentType: contentType,
status: http.StatusOK,
@@ -613,7 +553,7 @@ func TestUpdateCert(t *testing.T) {
{
desc: "update a config with wrong content type",
req: data,
id: c.ClientID,
id: c.ID,
token: validToken,
contentType: "",
status: http.StatusUnsupportedMediaType,
@@ -631,7 +571,7 @@ func TestUpdateCert(t *testing.T) {
{
desc: "update a config with invalid request format",
req: "}",
id: c.ClientSecret,
id: c.ID,
token: validToken,
contentType: contentType,
status: http.StatusBadRequest,
@@ -639,7 +579,7 @@ func TestUpdateCert(t *testing.T) {
},
{
desc: "update a config with an empty request",
id: c.ClientID,
id: c.ID,
req: "",
token: validToken,
contentType: contentType,
@@ -672,130 +612,9 @@ func TestUpdateCert(t *testing.T) {
}
}
func TestUpdateConnections(t *testing.T) {
bs, svc, auth := newBootstrapServer()
defer bs.Close()
c := newConfig()
data := toJSON(updateReq)
invalidChannels := updateReq
invalidChannels.Channels = []string{wrongID}
wrongData := toJSON(invalidChannels)
cases := []struct {
desc string
req string
id string
token string
session smqauthn.Session
contentType string
status int
authenticateErr error
err error
}{
{
desc: "update connections with invalid token",
req: data,
id: c.ClientID,
token: invalidToken,
contentType: contentType,
status: http.StatusUnauthorized,
authenticateErr: svcerr.ErrAuthentication,
err: svcerr.ErrAuthentication,
},
{
desc: "update connections with an empty token",
req: data,
id: c.ClientID,
token: "",
contentType: contentType,
status: http.StatusUnauthorized,
err: apiutil.ErrBearerToken,
},
{
desc: "update connections valid config",
req: data,
id: c.ClientID,
token: validToken,
contentType: contentType,
status: http.StatusOK,
err: nil,
},
{
desc: "update connections with wrong content type",
req: data,
id: c.ClientID,
token: validToken,
contentType: "",
status: http.StatusUnsupportedMediaType,
err: apiutil.ErrUnsupportedContentType,
},
{
desc: "update connections for a non-existing config",
req: data,
id: wrongID,
token: validToken,
contentType: contentType,
status: http.StatusNotFound,
err: svcerr.ErrNotFound,
},
{
desc: "update connections with invalid channels",
req: wrongData,
id: c.ClientID,
token: validToken,
contentType: contentType,
status: http.StatusNotFound,
err: svcerr.ErrNotFound,
},
{
desc: "update a config with invalid request format",
req: "}",
id: c.ClientID,
token: validToken,
contentType: contentType,
status: http.StatusBadRequest,
err: svcerr.ErrMalformedEntity,
},
{
desc: "update a config with an empty request",
id: c.ClientID,
req: "",
token: validToken,
contentType: contentType,
status: http.StatusBadRequest,
err: svcerr.ErrMalformedEntity,
},
}
for _, tc := range cases {
t.Run(tc.desc, func(t *testing.T) {
if tc.token == validToken {
tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}
}
authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr)
repoCall := svc.On("UpdateConnections", mock.Anything, tc.session, tc.token, mock.Anything, mock.Anything).Return(tc.err)
req := testRequest{
client: bs.Client(),
method: http.MethodPut,
url: fmt.Sprintf("%s/%s/clients/configs/connections/%s", bs.URL, domainID, tc.id),
contentType: tc.contentType,
token: tc.token,
body: strings.NewReader(tc.req),
}
res, err := req.make()
assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", tc.desc, err))
assert.Equal(t, tc.status, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", tc.desc, tc.status, res.StatusCode))
repoCall.Unset()
authCall.Unset()
})
}
}
func TestList(t *testing.T) {
configNum := 101
changedStateNum := 20
changedStatusNum := 20
var active, inactive []config
list := make([]config, configNum)
@@ -807,43 +626,32 @@ func TestList(t *testing.T) {
for i := 0; i < configNum; i++ {
c.ExternalID = strconv.Itoa(i)
c.ClientSecret = c.ExternalID
c.Name = fmt.Sprintf("%s-%d", addName, i)
c.ExternalKey = fmt.Sprintf("%s%s", addExternalKey, strconv.Itoa(i))
var channels []channel
for _, ch := range c.Channels {
channels = append(channels, channel{ID: ch.ID, Name: ch.Name, Metadata: ch.Metadata})
}
s := config{
ClientID: c.ClientID,
ClientSecret: c.ClientSecret,
Channels: channels,
ID: c.ID,
ExternalID: c.ExternalID,
ExternalKey: c.ExternalKey,
Name: c.Name,
Content: c.Content,
State: c.State,
Status: c.Status,
}
list[i] = s
}
// Change state of first 20 elements for filtering tests.
for i := 0; i < changedStateNum; i++ {
state := bootstrap.Active
// Change status of first 20 elements for filtering tests.
for i := 0; i < changedStatusNum; i++ {
if i%2 == 0 {
state = bootstrap.Inactive
}
svcCall := svc.On("ChangeState", context.Background(), mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil)
err := svc.ChangeState(context.Background(), smqauthn.Session{}, validToken, list[i].ClientID, state)
assert.Nil(t, err, fmt.Sprintf("Changing state expected to succeed: %s.\n", err))
svcCall.Unset()
list[i].State = state
if state == bootstrap.Inactive {
// Even elements remain inactive (default status).
inactive = append(inactive, list[i])
continue
}
// Odd elements are enabled (active).
enabledCfg := bootstrap.Config{ID: list[i].ID, Status: bootstrap.Active}
svcCall := svc.On("EnableConfig", context.Background(), mock.Anything, mock.Anything).Return(enabledCfg, nil)
_, err := svc.EnableConfig(context.Background(), smqauthn.Session{}, list[i].ID)
assert.Nil(t, err, fmt.Sprintf("Enabling config expected to succeed: %s.\n", err))
svcCall.Unset()
list[i].Status = bootstrap.Active
active = append(active, list[i])
}
@@ -979,7 +787,7 @@ func TestList(t *testing.T) {
{
desc: "view list with invalid query parameters",
token: validToken,
url: fmt.Sprintf("%s?offset=%d&limit=%d&state=%d&key=%%", path, 10, 10, bootstrap.Inactive),
url: fmt.Sprintf("%s?offset=%d&limit=%d&status=%s&key=%%", path, 10, 10, bootstrap.Disabled),
status: http.StatusBadRequest,
res: configPage{},
err: apiutil.ErrInvalidQueryParams,
@@ -987,7 +795,7 @@ func TestList(t *testing.T) {
{
desc: "view first 10 active",
token: validToken,
url: fmt.Sprintf("%s?offset=%d&limit=%d&state=%d", path, 0, 20, bootstrap.Active),
url: fmt.Sprintf("%s?offset=%d&limit=%d&status=%s", path, 0, 20, bootstrap.Enabled),
status: http.StatusOK,
res: configPage{
Total: uint64(len(active)),
@@ -1000,7 +808,7 @@ func TestList(t *testing.T) {
{
desc: "view first 10 inactive",
token: validToken,
url: fmt.Sprintf("%s?offset=%d&limit=%d&state=%d", path, 0, 20, bootstrap.Inactive),
url: fmt.Sprintf("%s?offset=%d&limit=%d&status=%s", path, 0, 20, bootstrap.Disabled),
status: http.StatusOK,
res: configPage{
Total: uint64(len(list) - len(inactive)),
@@ -1013,7 +821,7 @@ func TestList(t *testing.T) {
{
desc: "view first 5 active",
token: validToken,
url: fmt.Sprintf("%s?offset=%d&limit=%d&state=%d", path, 0, 10, bootstrap.Active),
url: fmt.Sprintf("%s?offset=%d&limit=%d&status=%s", path, 0, 10, bootstrap.Enabled),
status: http.StatusOK,
res: configPage{
Total: uint64(len(active)),
@@ -1026,7 +834,7 @@ func TestList(t *testing.T) {
{
desc: "view last 5 inactive",
token: validToken,
url: fmt.Sprintf("%s?offset=%d&limit=%d&state=%d", path, 10, 10, bootstrap.Inactive),
url: fmt.Sprintf("%s?offset=%d&limit=%d&status=%s", path, 10, 10, bootstrap.Disabled),
status: http.StatusOK,
res: configPage{
Total: uint64(len(list) - len(active)),
@@ -1085,7 +893,7 @@ func TestRemove(t *testing.T) {
}{
{
desc: "remove with invalid token",
id: c.ClientID,
id: c.ID,
token: invalidToken,
status: http.StatusUnauthorized,
authenticateErr: svcerr.ErrAuthentication,
@@ -1093,7 +901,7 @@ func TestRemove(t *testing.T) {
},
{
desc: "remove with an empty token",
id: c.ClientID,
id: c.ID,
token: "",
status: http.StatusUnauthorized,
err: apiutil.ErrBearerToken,
@@ -1107,7 +915,7 @@ func TestRemove(t *testing.T) {
},
{
desc: "remove config",
id: c.ClientID,
id: c.ID,
token: validToken,
status: http.StatusNoContent,
err: nil,
@@ -1151,23 +959,14 @@ func TestBootstrap(t *testing.T) {
encExternKey, err := enc([]byte(c.ExternalKey))
assert.Nil(t, err, fmt.Sprintf("Encrypting config expected to succeed: %s.\n", err))
var channels []channel
for _, ch := range c.Channels {
channels = append(channels, channel{ID: ch.ID, Name: ch.Name, Metadata: ch.Metadata})
}
s := struct {
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
Channels []channel `json:"channels"`
ID string `json:"id"`
Content string `json:"content"`
ClientCert string `json:"client_cert"`
ClientKey string `json:"client_key"`
CACert string `json:"ca_cert"`
}{
ClientID: c.ClientID,
ClientSecret: c.ClientSecret,
Channels: channels,
ID: c.ID,
Content: c.Content,
ClientCert: c.ClientCert,
ClientKey: c.ClientKey,
@@ -1276,97 +1075,63 @@ func TestBootstrap(t *testing.T) {
}
}
func TestChangeState(t *testing.T) {
func TestChangeStatus(t *testing.T) {
bs, svc, auth := newBootstrapServer()
defer bs.Close()
c := newConfig()
inactive := fmt.Sprintf("{\"state\": %d}", bootstrap.Inactive)
active := fmt.Sprintf("{\"state\": %d}", bootstrap.Active)
activeCfg := bootstrap.Config{ID: c.ID, Status: bootstrap.Active}
inactiveCfg := bootstrap.Config{ID: c.ID, Status: bootstrap.Inactive}
cases := []struct {
desc string
id string
token string
session smqauthn.Session
state string
contentType string
action string
status int
authenticateErr error
err error
svcCfg bootstrap.Config
svcErr error
}{
{
desc: "change state with invalid token",
id: c.ClientID,
desc: "enable with invalid token",
id: c.ID,
token: invalidToken,
state: active,
contentType: contentType,
action: "enable",
status: http.StatusUnauthorized,
authenticateErr: svcerr.ErrAuthentication,
err: svcerr.ErrAuthentication,
},
{
desc: "change state with an empty token",
id: c.ClientID,
desc: "enable with empty token",
id: c.ID,
token: "",
state: active,
contentType: contentType,
action: "enable",
status: http.StatusUnauthorized,
err: apiutil.ErrBearerToken,
},
{
desc: "change state with invalid content type",
id: c.ClientID,
desc: "enable config",
id: c.ID,
token: validToken,
state: active,
contentType: "",
status: http.StatusUnsupportedMediaType,
err: apiutil.ErrUnsupportedContentType,
},
{
desc: "change state to active",
id: c.ClientID,
token: validToken,
state: active,
contentType: contentType,
action: "enable",
status: http.StatusOK,
err: nil,
svcCfg: activeCfg,
},
{
desc: "change state to inactive",
id: c.ClientID,
desc: "disable config",
id: c.ID,
token: validToken,
state: inactive,
contentType: contentType,
action: "disable",
status: http.StatusOK,
err: nil,
svcCfg: inactiveCfg,
},
{
desc: "change state of non-existing config",
desc: "enable non-existing config",
id: wrongID,
token: validToken,
state: active,
contentType: contentType,
action: "enable",
status: http.StatusNotFound,
err: svcerr.ErrNotFound,
},
{
desc: "change state to invalid value",
id: c.ClientID,
token: validToken,
state: fmt.Sprintf("{\"state\": %d}", -3),
contentType: contentType,
status: http.StatusBadRequest,
err: svcerr.ErrMalformedEntity,
},
{
desc: "change state with invalid data",
id: c.ClientID,
token: validToken,
state: "",
contentType: contentType,
status: http.StatusBadRequest,
err: svcerr.ErrMalformedEntity,
svcErr: svcerr.ErrNotFound,
},
}
@@ -1376,14 +1141,16 @@ func TestChangeState(t *testing.T) {
tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}
}
authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr)
svcCall := svc.On("ChangeState", mock.Anything, tc.session, tc.token, mock.Anything, mock.Anything).Return(tc.err)
methodName := "EnableConfig"
if tc.action == "disable" {
methodName = "DisableConfig"
}
svcCall := svc.On(methodName, mock.Anything, tc.session, mock.Anything).Return(tc.svcCfg, tc.svcErr)
req := testRequest{
client: bs.Client(),
method: http.MethodPut,
url: fmt.Sprintf("%s/%s/clients/state/%s", bs.URL, domainID, tc.id),
method: http.MethodPost,
url: fmt.Sprintf("%s/%s/clients/configs/%s/%s", bs.URL, domainID, tc.id, tc.action),
token: tc.token,
contentType: tc.contentType,
body: strings.NewReader(tc.state),
}
res, err := req.make()
assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", tc.desc, err))
@@ -1394,21 +1161,185 @@ func TestChangeState(t *testing.T) {
}
}
type channel struct {
ID string `json:"id"`
Name string `json:"name,omitempty"`
Metadata any `json:"metadata,omitempty"`
func TestUploadProfile(t *testing.T) {
bs, svc, auth := newBootstrapServer()
defer bs.Close()
session := smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}
saved := bootstrap.Profile{
ID: testsutil.GenerateUUID(t),
Name: "gateway",
TemplateFormat: bootstrap.TemplateFormatGoTemplate,
ContentTemplate: "{{ .Device.ID }}",
}
cases := []struct {
desc string
contentType string
body string
profile bootstrap.Profile
}{
{
desc: "upload JSON profile",
contentType: "application/json",
body: `{"name":"gateway","template_format":"go-template","content_template":"{{ .Device.ID }}"}`,
profile: bootstrap.Profile{
Name: "gateway",
TemplateFormat: bootstrap.TemplateFormatGoTemplate,
ContentTemplate: "{{ .Device.ID }}",
},
},
{
desc: "upload YAML profile",
contentType: "application/yaml",
body: "name: gateway\ntemplate_format: go-template\ncontent_template: '{{ .Device.ID }}'\n",
profile: bootstrap.Profile{
Name: "gateway",
TemplateFormat: bootstrap.TemplateFormatGoTemplate,
ContentTemplate: "{{ .Device.ID }}",
},
},
{
desc: "upload TOML profile",
contentType: "application/toml",
body: "name = 'gateway'\ntemplate_format = 'go-template'\ncontent_template = '{{ .Device.ID }}'\n",
profile: bootstrap.Profile{
Name: "gateway",
TemplateFormat: bootstrap.TemplateFormatGoTemplate,
ContentTemplate: "{{ .Device.ID }}",
},
},
}
for _, tc := range cases {
t.Run(tc.desc, func(t *testing.T) {
authCall := auth.On("Authenticate", mock.Anything, validToken).Return(session, nil)
svcCall := svc.On("CreateProfile", mock.Anything, session, tc.profile).Return(saved, nil)
req := testRequest{
client: bs.Client(),
method: http.MethodPost,
url: fmt.Sprintf("%s/%s/clients/bootstrap/profiles/upload", bs.URL, domainID),
contentType: tc.contentType,
token: validToken,
body: strings.NewReader(tc.body),
}
res, err := req.make()
assert.Nil(t, err, fmt.Sprintf("%s: unexpected error %s", tc.desc, err))
assert.Equal(t, http.StatusCreated, res.StatusCode, fmt.Sprintf("%s: expected status code %d got %d", tc.desc, http.StatusCreated, res.StatusCode))
assert.Equal(t, "/bootstrap/profiles/"+saved.ID, res.Header.Get("Location"))
svcCall.Unset()
authCall.Unset()
})
}
}
func TestProfileSlots(t *testing.T) {
bs, svc, auth := newBootstrapServer()
defer bs.Close()
session := smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}
profileID := testsutil.GenerateUUID(t)
slots := []bootstrap.BindingSlot{
{Name: "mqtt_client", Type: "client", Required: true, Fields: []string{"id", "secret"}},
{Name: "telemetry", Type: "channel", Required: true, Fields: []string{"id", "topic"}},
}
profile := bootstrap.Profile{
ID: profileID,
Name: "gateway",
BindingSlots: slots,
}
authCall := auth.On("Authenticate", mock.Anything, validToken).Return(session, nil)
svcCall := svc.On("ViewProfile", mock.Anything, session, profileID).Return(profile, nil)
req := testRequest{
client: bs.Client(),
method: http.MethodGet,
url: fmt.Sprintf("%s/%s/clients/bootstrap/profiles/%s/slots", bs.URL, domainID, profileID),
token: validToken,
}
res, err := req.make()
assert.Nil(t, err, fmt.Sprintf("profile slots unexpected error %s", err))
assert.Equal(t, http.StatusOK, res.StatusCode, fmt.Sprintf("expected status code %d got %d", http.StatusOK, res.StatusCode))
var got struct {
BindingSlots []bootstrap.BindingSlot `json:"binding_slots"`
}
err = json.NewDecoder(res.Body).Decode(&got)
assert.Nil(t, err, fmt.Sprintf("decoding profile slots expected to succeed: %s", err))
assert.ElementsMatch(t, slots, got.BindingSlots)
svcCall.Unset()
authCall.Unset()
}
func TestRenderPreview(t *testing.T) {
bs, svc, auth := newBootstrapServer()
defer bs.Close()
session := smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}
profileID := testsutil.GenerateUUID(t)
configID := testsutil.GenerateUUID(t)
profile := bootstrap.Profile{
ID: profileID,
Name: "gateway",
TemplateFormat: bootstrap.TemplateFormatGoTemplate,
ContentTemplate: `device={{ .Device.ID }} site={{ .Vars.site }} topic={{ index (index .Bindings "telemetry").Snapshot "topic" }}`,
}
authCall := auth.On("Authenticate", mock.Anything, validToken).Return(session, nil)
svcCall := svc.On("ViewProfile", mock.Anything, session, profileID).Return(profile, nil)
reqBody := struct {
Config bootstrap.Config `json:"config"`
Bindings []bootstrap.BindingSnapshot `json:"bindings"`
}{
Config: bootstrap.Config{
ID: configID,
ExternalID: "gw-001",
RenderContext: map[string]any{
"site": "warehouse-1",
},
},
Bindings: []bootstrap.BindingSnapshot{
{
Slot: "telemetry",
Type: "channel",
ResourceID: "ch-1",
Snapshot: map[string]any{
"topic": "devices/gw-001/telemetry",
},
},
},
}
req := testRequest{
client: bs.Client(),
method: http.MethodPost,
url: fmt.Sprintf("%s/%s/clients/bootstrap/profiles/%s/render-preview", bs.URL, domainID, profileID),
contentType: contentType,
token: validToken,
body: strings.NewReader(toJSON(reqBody)),
}
res, err := req.make()
assert.Nil(t, err, fmt.Sprintf("render preview unexpected error %s", err))
assert.Equal(t, http.StatusOK, res.StatusCode, fmt.Sprintf("expected status code %d got %d", http.StatusOK, res.StatusCode))
var got struct {
Content string `json:"content"`
}
err = json.NewDecoder(res.Body).Decode(&got)
assert.Nil(t, err, fmt.Sprintf("decoding render preview expected to succeed: %s", err))
assert.Equal(t, "device="+configID+" site=warehouse-1 topic=devices/gw-001/telemetry", got.Content)
svcCall.Unset()
authCall.Unset()
}
type config struct {
ClientID string `json:"client_id,omitempty"`
ClientSecret string `json:"client_secret,omitempty"`
Channels []channel `json:"channels,omitempty"`
ID string `json:"id,omitempty"`
ExternalID string `json:"external_id"`
ExternalKey string `json:"external_key,omitempty"`
Content string `json:"content,omitempty"`
Name string `json:"name"`
State bootstrap.State `json:"state"`
Status bootstrap.Status `json:"status"`
}
type configPage struct {
bootstrap/api/requests.go
+154 -40
View File
@@ -12,15 +12,15 @@ const maxLimitSize = 100
type addReq struct {
token string
ClientID string `json:"client_id"`
ExternalID string `json:"external_id"`
ExternalKey string `json:"external_key"`
Channels []string `json:"channels"`
Name string `json:"name"`
Content string `json:"content"`
ClientCert string `json:"client_cert"`
ClientKey string `json:"client_key"`
CACert string `json:"ca_cert"`
ProfileID string `json:"profile_id"`
RenderContext map[string]any `json:"render_context"`
}
func (req addReq) validate() error {
@@ -36,16 +36,6 @@ func (req addReq) validate() error {
return apiutil.ErrBearerKey
}
if len(req.Channels) == 0 {
return apiutil.ErrEmptyList
}
for _, channel := range req.Channels {
if channel == "" {
return apiutil.ErrMissingID
}
}
return nil
}
@@ -76,32 +66,14 @@ func (req updateReq) validate() error {
}
type updateCertReq struct {
clientID string
configID string
ClientCert string `json:"client_cert"`
ClientKey string `json:"client_key"`
CACert string `json:"ca_cert"`
}
func (req updateCertReq) validate() error {
if req.clientID == "" {
return apiutil.ErrMissingID
}
return nil
}
type updateConnReq struct {
token string
id string
Channels []string `json:"channels"`
}
func (req updateConnReq) validate() error {
if req.token == "" {
return apiutil.ErrBearerToken
}
if req.id == "" {
if req.configID == "" {
return apiutil.ErrMissingID
}
@@ -139,13 +111,12 @@ func (req bootstrapReq) validate() error {
return nil
}
type changeStateReq struct {
type changeConfigStatusReq struct {
token string
id string
State bootstrap.State `json:"state"`
}
func (req changeStateReq) validate() error {
func (req changeConfigStatusReq) validate() error {
if req.token == "" {
return apiutil.ErrBearerToken
}
@@ -154,10 +125,153 @@ func (req changeStateReq) validate() error {
return apiutil.ErrMissingID
}
if req.State != bootstrap.Inactive &&
req.State != bootstrap.Active {
return bootstrap.ErrBootstrapState
}
return nil
}
// --- Profile requests ---
type createProfileReq struct {
bootstrap.Profile
}
func (req createProfileReq) validate() error {
if req.Name == "" {
return apiutil.ErrMissingName
}
return nil
}
type uploadProfileReq struct {
bootstrap.Profile
}
func (req uploadProfileReq) validate() error {
if req.Name == "" {
return apiutil.ErrMissingName
}
return nil
}
type viewProfileReq struct {
profileID string
}
func (req viewProfileReq) validate() error {
if req.profileID == "" {
return apiutil.ErrMissingID
}
return nil
}
type updateProfileReq struct {
profileID string
bootstrap.Profile
}
func (req updateProfileReq) validate() error {
if req.profileID == "" {
return apiutil.ErrMissingID
}
return nil
}
type renderPreviewReq struct {
profileID string
Config bootstrap.Config `json:"config"`
RenderContext map[string]any `json:"render_context,omitempty"`
Bindings []bootstrap.BindingSnapshot `json:"bindings,omitempty"`
}
func (req renderPreviewReq) validate() error {
if req.profileID == "" {
return apiutil.ErrMissingID
}
return nil
}
type deleteProfileReq struct {
profileID string
}
func (req deleteProfileReq) validate() error {
if req.profileID == "" {
return apiutil.ErrMissingID
}
return nil
}
type listProfilesReq struct {
offset uint64
limit uint64
}
func (req listProfilesReq) validate() error {
if req.limit == 0 || req.limit > maxLimitSize {
return apiutil.ErrLimitSize
}
return nil
}
// --- Enrollment binding requests ---
type assignProfileReq struct {
configID string
ProfileID string `json:"profile_id"`
}
func (req assignProfileReq) validate() error {
if req.configID == "" || req.ProfileID == "" {
return apiutil.ErrMissingID
}
return nil
}
type bindResourcesReq struct {
token string
configID string
Bindings []bootstrap.BindingRequest `json:"bindings"`
}
func (req bindResourcesReq) validate() error {
if req.token == "" {
return apiutil.ErrBearerToken
}
if req.configID == "" {
return apiutil.ErrMissingID
}
if len(req.Bindings) == 0 {
return apiutil.ErrEmptyList
}
for _, b := range req.Bindings {
if b.Slot == "" || b.Type == "" || b.ResourceID == "" {
return apiutil.ErrMissingID
}
}
return nil
}
type listBindingsReq struct {
configID string
}
func (req listBindingsReq) validate() error {
if req.configID == "" {
return apiutil.ErrMissingID
}
return nil
}
type refreshBindingsReq struct {
token string
configID string
}
func (req refreshBindingsReq) validate() error {
if req.token == "" {
return apiutil.ErrBearerToken
}
if req.configID == "" {
return apiutil.ErrMissingID
}
return nil
}
bootstrap/api/requests_test.go
+8 -76
View File
@@ -8,23 +8,15 @@ import (
"testing"
apiutil "github.com/absmach/magistrala/api/http/util"
"github.com/absmach/magistrala/bootstrap"
"github.com/absmach/magistrala/internal/testsutil"
"github.com/stretchr/testify/assert"
)
var (
channel1 = testsutil.GenerateUUID(&testing.T{})
channel2 = testsutil.GenerateUUID(&testing.T{})
)
func TestAddReqValidation(t *testing.T) {
cases := []struct {
desc string
token string
externalID string
externalKey string
channels []string
err error
}{
{
@@ -32,7 +24,6 @@ func TestAddReqValidation(t *testing.T) {
token: "token",
externalID: "external-id",
externalKey: "external-key",
channels: []string{channel1, channel2},
err: nil,
},
{
@@ -40,7 +31,6 @@ func TestAddReqValidation(t *testing.T) {
token: "",
externalID: "external-id",
externalKey: "external-key",
channels: []string{channel1, channel2},
err: apiutil.ErrBearerToken,
},
{
@@ -48,7 +38,6 @@ func TestAddReqValidation(t *testing.T) {
token: "token",
externalID: "",
externalKey: "external-key",
channels: []string{channel1, channel2},
err: apiutil.ErrMissingID,
},
{
@@ -56,7 +45,6 @@ func TestAddReqValidation(t *testing.T) {
token: "token",
externalID: "external-id",
externalKey: "",
channels: []string{channel1, channel2},
err: apiutil.ErrBearerKey,
},
{
@@ -64,23 +52,6 @@ func TestAddReqValidation(t *testing.T) {
token: "token",
externalID: "",
externalKey: "",
channels: []string{channel1, channel2},
err: apiutil.ErrMissingID,
},
{
desc: "empty channels",
token: "token",
externalID: "external-id",
externalKey: "external-key",
channels: []string{},
err: apiutil.ErrEmptyList,
},
{
desc: "empty channel value",
token: "token",
externalID: "external-id",
externalKey: "external-key",
channels: []string{channel1, ""},
err: apiutil.ErrMissingID,
},
}
@@ -90,7 +61,6 @@ func TestAddReqValidation(t *testing.T) {
token: tc.token,
ExternalID: tc.externalID,
ExternalKey: tc.externalKey,
Channels: tc.channels,
}
err := req.validate()
@@ -152,52 +122,19 @@ func TestUpdateReqValidation(t *testing.T) {
func TestUpdateCertReqValidation(t *testing.T) {
cases := []struct {
desc string
clientID string
configID string
err error
}{
{
desc: "empty client id",
clientID: "",
desc: "empty config id",
configID: "",
err: apiutil.ErrMissingID,
},
}
for _, tc := range cases {
req := updateCertReq{
clientID: tc.clientID,
}
err := req.validate()
assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
}
}
func TestUpdateConnReqValidation(t *testing.T) {
cases := []struct {
desc string
id string
token string
err error
}{
{
desc: "empty token",
token: "",
id: "id",
err: apiutil.ErrBearerToken,
},
{
desc: "empty id",
token: "token",
id: "",
err: apiutil.ErrMissingID,
},
}
for _, tc := range cases {
req := updateConnReq{
token: tc.token,
id: tc.id,
configID: tc.configID,
}
err := req.validate()
@@ -269,42 +206,37 @@ func TestBootstrapReqValidation(t *testing.T) {
}
}
func TestChangeStateReqValidation(t *testing.T) {
func TestChangeConfigStatusReqValidation(t *testing.T) {
cases := []struct {
desc string
token string
id string
state bootstrap.State
err error
}{
{
desc: "empty token",
token: "",
id: "id",
state: bootstrap.State(1),
err: apiutil.ErrBearerToken,
},
{
desc: "empty id",
token: "token",
id: "",
state: bootstrap.State(0),
err: apiutil.ErrMissingID,
},
{
desc: "invalid state",
desc: "valid request",
token: "token",
id: "id",
state: bootstrap.State(14),
err: bootstrap.ErrBootstrapState,
err: nil,
},
}
for _, tc := range cases {
req := changeStateReq{
req := changeConfigStatusReq{
token: tc.token,
id: tc.id,
State: tc.state,
}
err := req.validate()
bootstrap/api/responses.go
+100 -21
View File
@@ -14,7 +14,7 @@ import (
var (
_ magistrala.Response = (*removeRes)(nil)
_ magistrala.Response = (*configRes)(nil)
_ magistrala.Response = (*stateRes)(nil)
_ magistrala.Response = (*changeConfigStatusRes)(nil)
_ magistrala.Response = (*viewRes)(nil)
_ magistrala.Response = (*listRes)(nil)
)
@@ -33,8 +33,31 @@ func (res removeRes) Empty() bool {
return true
}
type updateRes struct{}
func (res updateRes) Code() int {
return http.StatusOK
}
func (res updateRes) Headers() map[string]string {
return map[string]string{}
}
func (res updateRes) Empty() bool {
return true
}
type configRes struct {
id string
ID string `json:"id"`
ExternalID string `json:"external_id"`
Name string `json:"name,omitempty"`
Content string `json:"content,omitempty"`
Status bootstrap.Status `json:"status"`
ProfileID string `json:"profile_id,omitempty"`
RenderContext map[string]any `json:"render_context,omitempty"`
ClientCert string `json:"client_cert,omitempty"`
CACert string `json:"ca_cert,omitempty"`
ClientKey string `json:"client_key,omitempty"`
created bool
}
@@ -49,7 +72,7 @@ func (res configRes) Code() int {
func (res configRes) Headers() map[string]string {
if res.created {
return map[string]string{
"Location": fmt.Sprintf("/clients/configs/%s", res.id),
"Location": fmt.Sprintf("/clients/configs/%s", res.ID),
}
}
@@ -57,26 +80,20 @@ func (res configRes) Headers() map[string]string {
}
func (res configRes) Empty() bool {
return true
}
type channelRes struct {
ID string `json:"id"`
Name string `json:"name,omitempty"`
Metadata any `json:"metadata,omitempty"`
return false
}
type viewRes struct {
ClientID string `json:"client_id,omitempty"`
CLientSecret string `json:"client_secret,omitempty"`
Channels []channelRes `json:"channels,omitempty"`
ID string `json:"id,omitempty"`
ExternalID string `json:"external_id"`
ExternalKey string `json:"external_key,omitempty"`
Content string `json:"content,omitempty"`
Name string `json:"name,omitempty"`
State bootstrap.State `json:"state"`
Status bootstrap.Status `json:"status"`
ProfileID string `json:"profile_id,omitempty"`
RenderContext map[string]any `json:"render_context,omitempty"`
ClientCert string `json:"client_cert,omitempty"`
CACert string `json:"ca_cert,omitempty"`
ClientKey string `json:"client_key,omitempty"`
}
func (res viewRes) Code() int {
@@ -110,22 +127,24 @@ func (res listRes) Empty() bool {
return false
}
type stateRes struct{}
type changeConfigStatusRes struct {
bootstrap.Config
}
func (res stateRes) Code() int {
func (res changeConfigStatusRes) Code() int {
return http.StatusOK
}
func (res stateRes) Headers() map[string]string {
func (res changeConfigStatusRes) Headers() map[string]string {
return map[string]string{}
}
func (res stateRes) Empty() bool {
return true
func (res changeConfigStatusRes) Empty() bool {
return false
}
type updateConfigRes struct {
ClientID string `json:"client_id,omitempty"`
ID string `json:"id,omitempty"`
CACert string `json:"ca_cert,omitempty"`
ClientCert string `json:"client_cert,omitempty"`
ClientKey string `json:"client_key,omitempty"`
@@ -142,3 +161,63 @@ func (res updateConfigRes) Headers() map[string]string {
func (res updateConfigRes) Empty() bool {
return false
}
// profileRes is returned on create (201) or update (200).
type profileRes struct {
bootstrap.Profile
created bool
}
func (res profileRes) Code() int {
if res.created {
return http.StatusCreated
}
return http.StatusOK
}
func (res profileRes) Headers() map[string]string {
if res.created {
return map[string]string{
"Location": fmt.Sprintf("/bootstrap/profiles/%s", res.ID),
}
}
return map[string]string{}
}
func (res profileRes) Empty() bool { return false }
// profilesPageRes is returned by ListProfiles.
type profilesPageRes struct {
bootstrap.ProfilesPage
}
func (res profilesPageRes) Code() int { return http.StatusOK }
func (res profilesPageRes) Headers() map[string]string { return map[string]string{} }
func (res profilesPageRes) Empty() bool { return false }
// profileSlotsRes is returned by profile slots endpoint.
type profileSlotsRes struct {
BindingSlots []bootstrap.BindingSlot `json:"binding_slots"`
}
func (res profileSlotsRes) Code() int { return http.StatusOK }
func (res profileSlotsRes) Headers() map[string]string { return map[string]string{} }
func (res profileSlotsRes) Empty() bool { return false }
// renderPreviewRes is returned by profile render-preview endpoint.
type renderPreviewRes struct {
Content string `json:"content"`
}
func (res renderPreviewRes) Code() int { return http.StatusOK }
func (res renderPreviewRes) Headers() map[string]string { return map[string]string{} }
func (res renderPreviewRes) Empty() bool { return false }
// bindingsRes is returned by ListBindings.
type bindingsRes struct {
Bindings []bootstrap.BindingSnapshot `json:"bindings"`
}
func (res bindingsRes) Code() int { return http.StatusOK }
func (res bindingsRes) Headers() map[string]string { return map[string]string{} }
func (res bindingsRes) Empty() bool { return false }
bootstrap/api/transport.go
+258 -41
View File
@@ -6,6 +6,7 @@ package api
import (
"context"
"encoding/json"
"io"
"log/slog"
"net/http"
"net/url"
@@ -19,12 +20,16 @@ import (
"github.com/absmach/magistrala/pkg/errors"
"github.com/go-chi/chi/v5"
kithttp "github.com/go-kit/kit/transport/http"
"github.com/pelletier/go-toml/v2"
"github.com/prometheus/client_golang/prometheus/promhttp"
"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
"gopkg.in/yaml.v3"
)
const (
contentType = "application/json"
yamlContentType = "yaml"
tomlContentType = "toml"
byteContentType = "application/octet-stream"
offsetKey = "offset"
limitKey = "limit"
@@ -33,7 +38,7 @@ const (
)
var (
fullMatch = []string{"state", "external_id", "client_id", "client_key"}
fullMatch = []string{"status", "external_id", "id"}
partialMatch = []string{"name"}
// ErrBootstrap indicates error in getting bootstrap configuration.
ErrBootstrap = errors.New("failed to read bootstrap configuration")
@@ -69,7 +74,7 @@ func MakeHandler(svc bootstrap.Service, authn smqauthn.AuthNMiddleware, reader b
api.EncodeResponse,
opts...), "view").ServeHTTP)
r.Put("/{configID}", otelhttp.NewHandler(kithttp.NewServer(
r.Patch("/{configID}", otelhttp.NewHandler(kithttp.NewServer(
updateEndpoint(svc),
decodeUpdateRequest,
api.EncodeResponse,
@@ -81,25 +86,106 @@ func MakeHandler(svc bootstrap.Service, authn smqauthn.AuthNMiddleware, reader b
api.EncodeResponse,
opts...), "remove").ServeHTTP)
r.Patch("/certs/{certID}", otelhttp.NewHandler(kithttp.NewServer(
r.Patch("/certs/{configID}", otelhttp.NewHandler(kithttp.NewServer(
updateCertEndpoint(svc),
decodeUpdateCertRequest,
api.EncodeResponse,
opts...), "update_cert").ServeHTTP)
r.Put("/connections/{connID}", otelhttp.NewHandler(kithttp.NewServer(
updateConnEndpoint(svc),
decodeUpdateConnRequest,
r.Post("/{configID}/enable", otelhttp.NewHandler(kithttp.NewServer(
enableConfigEndpoint(svc),
decodeChangeConfigStatusRequest,
api.EncodeResponse,
opts...), "update_connections").ServeHTTP)
opts...), "enable_config").ServeHTTP)
r.Post("/{configID}/disable", otelhttp.NewHandler(kithttp.NewServer(
disableConfigEndpoint(svc),
decodeChangeConfigStatusRequest,
api.EncodeResponse,
opts...), "disable_config").ServeHTTP)
})
})
r.With(authn.WithOptions(smqauthn.WithDomainCheck(true)).Middleware()).Put("/state/{clientID}", otelhttp.NewHandler(kithttp.NewServer(
stateEndpoint(svc),
decodeStateRequest,
// Profile and enrollment binding endpoints.
r.Route("/bootstrap", func(r chi.Router) {
r.Use(authn.WithOptions(smqauthn.WithDomainCheck(true)).Middleware())
r.Route("/profiles", func(r chi.Router) {
r.Post("/", otelhttp.NewHandler(kithttp.NewServer(
createProfileEndpoint(svc),
decodeCreateProfileRequest,
api.EncodeResponse,
opts...), "update_state").ServeHTTP)
opts...), "create_profile").ServeHTTP)
r.Post("/upload", otelhttp.NewHandler(kithttp.NewServer(
uploadProfileEndpoint(svc),
decodeUploadProfileRequest,
api.EncodeResponse,
opts...), "upload_profile").ServeHTTP)
r.Get("/", otelhttp.NewHandler(kithttp.NewServer(
listProfilesEndpoint(svc),
decodeListProfilesRequest,
api.EncodeResponse,
opts...), "list_profiles").ServeHTTP)
r.Get("/{profileID}", otelhttp.NewHandler(kithttp.NewServer(
viewProfileEndpoint(svc),
decodeProfileEntityRequest,
api.EncodeResponse,
opts...), "view_profile").ServeHTTP)
r.Get("/{profileID}/slots", otelhttp.NewHandler(kithttp.NewServer(
profileSlotsEndpoint(svc),
decodeProfileEntityRequest,
api.EncodeResponse,
opts...), "profile_slots").ServeHTTP)
r.Post("/{profileID}/render-preview", otelhttp.NewHandler(kithttp.NewServer(
renderPreviewEndpoint(svc),
decodeRenderPreviewRequest,
api.EncodeResponse,
opts...), "render_preview").ServeHTTP)
r.Patch("/{profileID}", otelhttp.NewHandler(kithttp.NewServer(
updateProfileEndpoint(svc),
decodeUpdateProfileRequest,
api.EncodeResponse,
opts...), "update_profile").ServeHTTP)
r.Delete("/{profileID}", otelhttp.NewHandler(kithttp.NewServer(
deleteProfileEndpoint(svc),
decodeDeleteProfileRequest,
api.EncodeResponse,
opts...), "delete_profile").ServeHTTP)
})
r.Route("/enrollments", func(r chi.Router) {
r.Patch("/{configID}/profile", otelhttp.NewHandler(kithttp.NewServer(
assignProfileEndpoint(svc),
decodeAssignProfileRequest,
api.EncodeResponse,
opts...), "assign_profile").ServeHTTP)
r.Put("/{configID}/bindings", otelhttp.NewHandler(kithttp.NewServer(
bindResourcesEndpoint(svc),
decodeBindResourcesRequest,
api.EncodeResponse,
opts...), "bind_resources").ServeHTTP)
r.Get("/{configID}/bindings", otelhttp.NewHandler(kithttp.NewServer(
listBindingsEndpoint(svc),
decodeEnrollmentEntityRequest,
api.EncodeResponse,
opts...), "list_bindings").ServeHTTP)
r.Post("/{configID}/bindings/refresh", otelhttp.NewHandler(kithttp.NewServer(
refreshBindingsEndpoint(svc),
decodeRefreshBindingsRequest,
api.EncodeResponse,
opts...), "refresh_bindings").ServeHTTP)
})
})
})
r.Route("/clients/bootstrap", func(r chi.Router) {
@@ -162,23 +248,7 @@ func decodeUpdateCertRequest(_ context.Context, r *http.Request) (any, error) {
}
req := updateCertReq{
clientID: chi.URLParam(r, "certID"),
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
return req, nil
}
func decodeUpdateConnRequest(_ context.Context, r *http.Request) (any, error) {
if !strings.Contains(r.Header.Get("Content-Type"), contentType) {
return nil, apiutil.ErrUnsupportedContentType
}
req := updateConnReq{
token: apiutil.ExtractBearerToken(r),
id: chi.URLParam(r, "connID"),
configID: chi.URLParam(r, "configID"),
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
@@ -209,6 +279,17 @@ func decodeListRequest(_ context.Context, r *http.Request) (any, error) {
limit: l,
}
rawStatus := q.Get("status")
parsed, err := bootstrap.ToStatus(rawStatus)
if err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, apiutil.ErrInvalidQueryParams)
}
if parsed == bootstrap.AllStatus {
delete(req.filter.FullMatch, "status")
} else {
req.filter.FullMatch["status"] = parsed.String()
}
return req, nil
}
@@ -221,20 +302,11 @@ func decodeBootstrapRequest(_ context.Context, r *http.Request) (any, error) {
return req, nil
}
func decodeStateRequest(_ context.Context, r *http.Request) (any, error) {
if !strings.Contains(r.Header.Get("Content-Type"), contentType) {
return nil, apiutil.ErrUnsupportedContentType
}
req := changeStateReq{
func decodeChangeConfigStatusRequest(_ context.Context, r *http.Request) (any, error) {
return changeConfigStatusReq{
token: apiutil.ExtractBearerToken(r),
id: chi.URLParam(r, "clientID"),
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
return req, nil
id: chi.URLParam(r, "configID"),
}, nil
}
func decodeEntityRequest(_ context.Context, r *http.Request) (any, error) {
@@ -281,3 +353,148 @@ func contains(l []string, s string) bool {
}
return false
}
func decodeCreateProfileRequest(_ context.Context, r *http.Request) (any, error) {
if !strings.Contains(r.Header.Get("Content-Type"), contentType) {
return nil, apiutil.ErrUnsupportedContentType
}
var req createProfileReq
if err := json.NewDecoder(r.Body).Decode(&req.Profile); err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
return req, nil
}
func decodeUploadProfileRequest(_ context.Context, r *http.Request) (any, error) {
contentType := r.Header.Get("Content-Type")
var req uploadProfileReq
switch {
case strings.Contains(contentType, "json"):
if err := json.NewDecoder(r.Body).Decode(&req.Profile); err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
case strings.Contains(contentType, yamlContentType):
body, err := io.ReadAll(r.Body)
if err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
if err := decodeYAMLProfile(body, &req.Profile); err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
case strings.Contains(contentType, tomlContentType):
body, err := io.ReadAll(r.Body)
if err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
if err := decodeTOMLProfile(body, &req.Profile); err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
default:
return nil, apiutil.ErrUnsupportedContentType
}
return req, nil
}
func decodeYAMLProfile(body []byte, profile *bootstrap.Profile) error {
var raw map[string]any
if err := yaml.Unmarshal(body, &raw); err != nil {
return err
}
return decodeProfileMap(raw, profile)
}
func decodeTOMLProfile(body []byte, profile *bootstrap.Profile) error {
var raw map[string]any
if err := toml.Unmarshal(body, &raw); err != nil {
return err
}
return decodeProfileMap(raw, profile)
}
func decodeProfileMap(raw map[string]any, profile *bootstrap.Profile) error {
body, err := json.Marshal(raw)
if err != nil {
return err
}
return json.Unmarshal(body, profile)
}
func decodeListProfilesRequest(_ context.Context, r *http.Request) (any, error) {
o, err := apiutil.ReadNumQuery[uint64](r, offsetKey, defOffset)
if err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
l, err := apiutil.ReadNumQuery[uint64](r, limitKey, defLimit)
if err != nil {
return nil, errors.Wrap(apiutil.ErrValidation, err)
}
return listProfilesReq{offset: o, limit: l}, nil
}
func decodeProfileEntityRequest(_ context.Context, r *http.Request) (any, error) {
return viewProfileReq{profileID: chi.URLParam(r, "profileID")}, nil
}
func decodeDeleteProfileRequest(_ context.Context, r *http.Request) (any, error) {
return deleteProfileReq{profileID: chi.URLParam(r, "profileID")}, nil
}
func decodeUpdateProfileRequest(_ context.Context, r *http.Request) (any, error) {
if !strings.Contains(r.Header.Get("Content-Type"), contentType) {
return nil, apiutil.ErrUnsupportedContentType
}
req := updateProfileReq{profileID: chi.URLParam(r, "profileID")}
if err := json.NewDecoder(r.Body).Decode(&req.Profile); err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
return req, nil
}
func decodeRenderPreviewRequest(_ context.Context, r *http.Request) (any, error) {
if !strings.Contains(r.Header.Get("Content-Type"), contentType) {
return nil, apiutil.ErrUnsupportedContentType
}
req := renderPreviewReq{profileID: chi.URLParam(r, "profileID")}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
return req, nil
}
func decodeAssignProfileRequest(_ context.Context, r *http.Request) (any, error) {
if !strings.Contains(r.Header.Get("Content-Type"), contentType) {
return nil, apiutil.ErrUnsupportedContentType
}
req := assignProfileReq{configID: chi.URLParam(r, "configID")}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
return req, nil
}
func decodeBindResourcesRequest(_ context.Context, r *http.Request) (any, error) {
if !strings.Contains(r.Header.Get("Content-Type"), contentType) {
return nil, apiutil.ErrUnsupportedContentType
}
req := bindResourcesReq{
token: apiutil.ExtractBearerToken(r),
configID: chi.URLParam(r, "configID"),
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
return nil, errors.Wrap(apiutil.ErrMalformedRequestBody, err)
}
return req, nil
}
func decodeEnrollmentEntityRequest(_ context.Context, r *http.Request) (any, error) {
return listBindingsReq{configID: chi.URLParam(r, "configID")}, nil
}
func decodeRefreshBindingsRequest(_ context.Context, r *http.Request) (any, error) {
return refreshBindingsReq{
token: apiutil.ExtractBearerToken(r),
configID: chi.URLParam(r, "configID"),
}, nil
}
bootstrap/binding_validation.go
+109
View File
@@ -0,0 +1,109 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package bootstrap
import (
"fmt"
"text/template"
"github.com/absmach/magistrala/pkg/errors"
)
var errBindingSlot = errors.New("invalid binding slot")
func validateProfileBindingSlots(profile Profile) error {
seen := make(map[string]struct{}, len(profile.BindingSlots))
for _, slot := range profile.BindingSlots {
if slot.Name == "" {
return fmt.Errorf("%w: slot name is required", errBindingSlot)
}
if slot.Type == "" {
return fmt.Errorf("%w: slot %q type is required", errBindingSlot, slot.Name)
}
if _, ok := seen[slot.Name]; ok {
return fmt.Errorf("%w: duplicate slot %q", errBindingSlot, slot.Name)
}
seen[slot.Name] = struct{}{}
}
return nil
}
func validateRequestedBindings(profile Profile, requested []BindingRequest) error {
if len(profile.BindingSlots) == 0 {
return nil
}
slots := make(map[string]BindingSlot, len(profile.BindingSlots))
for _, slot := range profile.BindingSlots {
slots[slot.Name] = slot
}
seen := make(map[string]struct{}, len(requested))
for _, binding := range requested {
slot, ok := slots[binding.Slot]
if !ok {
return fmt.Errorf("%w: unknown slot %q", errBindingSlot, binding.Slot)
}
if slot.Type != binding.Type {
return fmt.Errorf("%w: slot %q expects %q, got %q", errBindingSlot, binding.Slot, slot.Type, binding.Type)
}
if _, ok := seen[binding.Slot]; ok {
return fmt.Errorf("%w: duplicate binding for slot %q", errBindingSlot, binding.Slot)
}
seen[binding.Slot] = struct{}{}
}
return nil
}
func validateRequiredBindings(profile Profile, bindings []BindingSnapshot) error {
if len(profile.BindingSlots) == 0 {
return nil
}
bound := make(map[string]BindingSnapshot, len(bindings))
for _, binding := range bindings {
bound[binding.Slot] = binding
}
for _, slot := range profile.BindingSlots {
binding, ok := bound[slot.Name]
if !slot.Required && !ok {
continue
}
if slot.Required && !ok {
return fmt.Errorf("%w: required slot %q is not bound", errBindingSlot, slot.Name)
}
if binding.Type != slot.Type {
return fmt.Errorf("%w: slot %q expects %q, got %q", errBindingSlot, slot.Name, slot.Type, binding.Type)
}
}
return nil
}
func mergeBindingSnapshots(existing, updated []BindingSnapshot) []BindingSnapshot {
merged := make(map[string]BindingSnapshot, len(existing)+len(updated))
for _, binding := range existing {
merged[binding.Slot] = binding
}
for _, binding := range updated {
merged[binding.Slot] = binding
}
bindings := make([]BindingSnapshot, 0, len(merged))
for _, binding := range merged {
bindings = append(bindings, binding)
}
return bindings
}
func validateProfileTemplate(p Profile) error {
if p.ContentTemplate == "" || p.TemplateFormat == TemplateFormatRaw {
return nil
}
_, err := template.New("bootstrap").Funcs(allowlistedFuncs()).Parse(p.ContentTemplate)
if err != nil {
return errors.Wrap(ErrRenderFailed, err)
}
return nil
}
bootstrap/bindings.go
+81
View File
@@ -0,0 +1,81 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package bootstrap
import (
"context"
"time"
)
// BindingRequest carries a user's intent to bind a named profile slot to
// a concrete resource.
type BindingRequest struct {
Slot string `json:"slot"`
Type string `json:"type"` // "client" | "channel" | "cert"
ResourceID string `json:"resource_id"` // ID of the resource in its owning service
}
// BindingSnapshot is a Bootstrap-owned point-in-time copy of the resource
// fields needed for template rendering. It is populated at binding time so
// that the render path never calls external services.
type BindingSnapshot struct {
ConfigID string `json:"config_id"`
Slot string `json:"slot"`
Type string `json:"type"`
ResourceID string `json:"resource_id"`
Snapshot map[string]any `json:"snapshot,omitempty"`
SecretSnapshot map[string]any `json:"secret_snapshot,omitempty"` // encrypted at rest
UpdatedAt time.Time `json:"updated_at,omitempty"`
}
// BindingStore is the persistence interface for BindingSnapshots.
type BindingStore interface {
// Save upserts all given snapshots for the config.
Save(ctx context.Context, configID string, bindings []BindingSnapshot) error
// Retrieve returns all snapshots for the given config.
Retrieve(ctx context.Context, configID string) ([]BindingSnapshot, error)
// Delete removes the snapshot for a specific slot of a config.
Delete(ctx context.Context, configID, slot string) error
}
// ResolveRequest carries everything the BindingResolver needs to snapshot a
// set of resource bindings.
type ResolveRequest struct {
Enrollment Config
Token string
Requested []BindingRequest
}
// BindingResolver validates that requested resources exist in their owning
// services, verifies type and slot compatibility, and returns snapshots ready
// for storage. It is called at binding time only; the render path must not
// call it.
type BindingResolver interface {
Resolve(ctx context.Context, req ResolveRequest) ([]BindingSnapshot, error)
}
// RenderContext is the typed value injected into Go templates during rendering.
type RenderContext struct {
Device DeviceContext
Vars map[string]any
Bindings map[string]BindingContext
}
// DeviceContext holds enrollment identity fields available inside templates.
type DeviceContext struct {
ID string
ExternalID string
DomainID string
}
// BindingContext holds the resolved resource data available inside templates
// for a specific slot.
type BindingContext struct {
Type string
ID string
Snapshot map[string]any
Secret map[string]any
}
bootstrap/configs.go
+16 -61
View File
@@ -3,45 +3,22 @@
package bootstrap
import (
"context"
"time"
import "context"
"github.com/absmach/magistrala/clients"
)
// Config represents Configuration entity. It wraps information about external entity
// as well as info about corresponding Magistrala entities.
// MGClient represents corresponding Magistrala Client ID.
// MGKey is key of corresponding Magistrala Client.
// MGChannels is a list of Magistrala Channels corresponding Magistrala Client connects to.
// Config represents a bootstrap enrollment.
type Config struct {
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
ID string `json:"id"`
DomainID string `json:"domain_id,omitempty"`
Name string `json:"name,omitempty"`
ClientCert string `json:"client_cert,omitempty"`
ClientKey string `json:"client_key,omitempty"`
CACert string `json:"ca_cert,omitempty"`
Channels []Channel `json:"channels,omitempty"`
ExternalID string `json:"external_id"`
ExternalKey string `json:"external_key"`
Content string `json:"content,omitempty"`
State State `json:"state"`
}
// Channel represents Magistrala channel corresponding Magistrala Client is connected to.
type Channel struct {
ID string `json:"id"`
Name string `json:"name,omitempty"`
Metadata map[string]any `json:"metadata,omitempty"`
DomainID string `json:"domain_id"`
Parent string `json:"parent_id,omitempty"`
Description string `json:"description,omitempty"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at,omitempty"`
UpdatedBy string `json:"updated_by,omitempty"`
Status clients.Status `json:"status"`
Status Status `json:"status"`
ProfileID string `json:"profile_id,omitempty"`
RenderContext map[string]any `json:"render_context,omitempty"`
}
// Filter is used for the search filters.
@@ -63,15 +40,15 @@ type ConfigsPage struct {
type ConfigRepository interface {
// Save persists the Config. Successful operation is indicated by non-nil
// error response.
Save(ctx context.Context, cfg Config, chsConnIDs []string) (string, error)
Save(ctx context.Context, cfg Config) (string, error)
// RetrieveByID retrieves the Config having the provided identifier, that is owned
// by the specified user.
RetrieveByID(ctx context.Context, domainID, id string) (Config, error)
// RetrieveAll retrieves a subset of Configs that are owned
// by the specific user, with given filter parameters.
RetrieveAll(ctx context.Context, domainID string, clientIDs []string, filter Filter, offset, limit uint64) ConfigsPage
// RetrieveAll retrieves a subset of Configs that belong to the given domain,
// with given filter parameters.
RetrieveAll(ctx context.Context, domainID string, filter Filter, offset, limit uint64) ConfigsPage
// RetrieveByExternalID returns Config for given external ID.
RetrieveByExternalID(ctx context.Context, externalID string) (Config, error)
@@ -80,39 +57,17 @@ type ConfigRepository interface {
// to indicate operation failure.
Update(ctx context.Context, cfg Config) error
// AssignProfile sets the profile reference for the given Config.
AssignProfile(ctx context.Context, domainID, id, profileID string) error
// UpdateCerts updates and returns an existing Config certificate and domainID.
// A non-nil error is returned to indicate operation failure.
UpdateCert(ctx context.Context, domainID, clientID, clientCert, clientKey, caCert string) (Config, error)
// UpdateConnections updates a list of Channels the Config is connected to
// adding new Channels if needed.
UpdateConnections(ctx context.Context, domainID, id string, channels []Channel, connections []string) error
UpdateCert(ctx context.Context, domainID, id, clientCert, clientKey, caCert string) (Config, error)
// Remove removes the Config having the provided identifier, that is owned
// by the specified user.
Remove(ctx context.Context, domainID, id string) error
// ChangeState changes of the Config, that is owned by the specific user.
ChangeState(ctx context.Context, domainID, id string, state State) error
// ListExisting retrieves those channels from the given list that exist in DB.
ListExisting(ctx context.Context, domainID string, ids []string) ([]Channel, error)
// Methods RemoveClient, UpdateChannel, and RemoveChannel are related to
// event sourcing. That's why these methods surpass ownership check.
// RemoveClient removes Config of the Client with the given ID.
RemoveClient(ctx context.Context, id string) error
// UpdateChannel updates channel with the given ID.
UpdateChannel(ctx context.Context, c Channel) error
// RemoveChannel removes channel with the given ID.
RemoveChannel(ctx context.Context, id string) error
// ConnectClient changes state of the Config when the corresponding Client is connected to the Channel.
ConnectClient(ctx context.Context, channelID, clientID string) error
// DisconnectClient changes state of the Config when the corresponding Client is disconnected from the Channel.
DisconnectClient(ctx context.Context, channelID, clientID string) error
// ChangeStatus changes the Status of the Config owned by the specific user.
ChangeStatus(ctx context.Context, domainID, id string, status Status) error
}
bootstrap/events/consumer/doc.go
-6
View File
@@ -1,6 +0,0 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
// Package consumer contains events consumer for events
// published by Bootstrap service.
package consumer
bootstrap/events/consumer/events.go
-24
View File
@@ -1,24 +0,0 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package consumer
import "time"
type removeEvent struct {
id string
}
type updateChannelEvent struct {
id string
name string
metadata map[string]any
updatedAt time.Time
updatedBy string
}
// Connection event is either connect or disconnect event.
type connectionEvent struct {
clientIDs []string
channelID string
}
bootstrap/events/consumer/streams.go
-148
View File
@@ -1,148 +0,0 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package consumer
import (
"context"
"time"
"github.com/absmach/magistrala/bootstrap"
svcerr "github.com/absmach/magistrala/pkg/errors/service"
"github.com/absmach/magistrala/pkg/events"
)
const (
clientRemove = "client.remove"
clientConnect = "group.assign"
clientDisconnect = "group.unassign"
channelPrefix = "channels."
channelUpdate = channelPrefix + "update"
channelRemove = channelPrefix + "remove"
memberKind = "client"
relation = "group"
)
type eventHandler struct {
svc bootstrap.Service
}
// NewEventHandler returns new event store handler.
func NewEventHandler(svc bootstrap.Service) events.EventHandler {
return &eventHandler{
svc: svc,
}
}
func (es *eventHandler) Handle(ctx context.Context, event events.Event) error {
msg, err := event.Encode()
if err != nil {
return err
}
switch msg["operation"] {
case clientRemove:
rte := decodeRemoveClient(msg)
err = es.svc.RemoveConfigHandler(ctx, rte.id)
case clientConnect:
cte := decodeConnectClient(msg)
if cte.channelID == "" || len(cte.clientIDs) == 0 {
return svcerr.ErrMalformedEntity
}
for _, clientID := range cte.clientIDs {
if clientID == "" {
return svcerr.ErrMalformedEntity
}
if err := es.svc.ConnectClientHandler(ctx, cte.channelID, clientID); err != nil {
return err
}
}
case clientDisconnect:
dte := decodeDisconnectClient(msg)
if dte.channelID == "" || len(dte.clientIDs) == 0 {
return svcerr.ErrMalformedEntity
}
for _, clientID := range dte.clientIDs {
if clientID == "" {
return svcerr.ErrMalformedEntity
}
}
for _, c := range dte.clientIDs {
if err = es.svc.DisconnectClientHandler(ctx, dte.channelID, c); err != nil {
return err
}
}
case channelUpdate:
uce := decodeUpdateChannel(msg)
err = es.handleUpdateChannel(ctx, uce)
case channelRemove:
rce := decodeRemoveChannel(msg)
err = es.svc.RemoveChannelHandler(ctx, rce.id)
}
if err != nil {
return err
}
return nil
}
func decodeRemoveClient(event map[string]any) removeEvent {
return removeEvent{
id: events.Read(event, "id", ""),
}
}
func decodeUpdateChannel(event map[string]any) updateChannelEvent {
metadata := events.Read(event, "metadata", map[string]any{})
return updateChannelEvent{
id: events.Read(event, "id", ""),
name: events.Read(event, "name", ""),
metadata: metadata,
updatedAt: events.Read(event, "updated_at", time.Now()),
updatedBy: events.Read(event, "updated_by", ""),
}
}
func decodeRemoveChannel(event map[string]any) removeEvent {
return removeEvent{
id: events.Read(event, "id", ""),
}
}
func decodeConnectClient(event map[string]any) connectionEvent {
if events.Read(event, "memberKind", "") != memberKind && events.Read(event, "relation", "") != relation {
return connectionEvent{}
}
return connectionEvent{
channelID: events.Read(event, "group_id", ""),
clientIDs: events.ReadStringSlice(event, "member_ids"),
}
}
func decodeDisconnectClient(event map[string]any) connectionEvent {
if events.Read(event, "memberKind", "") != memberKind && events.Read(event, "relation", "") != relation {
return connectionEvent{}
}
return connectionEvent{
channelID: events.Read(event, "group_id", ""),
clientIDs: events.ReadStringSlice(event, "member_ids"),
}
}
func (es *eventHandler) handleUpdateChannel(ctx context.Context, uce updateChannelEvent) error {
channel := bootstrap.Channel{
ID: uce.id,
Name: uce.name,
Metadata: uce.metadata,
UpdatedAt: uce.updatedAt,
UpdatedBy: uce.updatedBy,
}
return es.svc.UpdateChannelHandler(ctx, channel)
}
bootstrap/events/producer/events.go
+98 -87
View File
@@ -15,31 +15,39 @@ const (
configRemove = configPrefix + "remove"
configView = configPrefix + "view"
configList = configPrefix + "list"
configHandlerRemove = configPrefix + "remove_handler"
clientPrefix = "bootstrap.client."
clientBootstrap = clientPrefix + "bootstrap"
clientStateChange = clientPrefix + "change_state"
clientUpdateConnections = clientPrefix + "update_connections"
clientConnect = clientPrefix + "connect"
clientDisconnect = clientPrefix + "disconnect"
channelPrefix = "bootstrap.channel."
channelHandlerRemove = channelPrefix + "remove_handler"
channelUpdateHandler = channelPrefix + "update_handler"
configEnable = configPrefix + "enable"
configDisable = configPrefix + "disable"
certUpdate = "bootstrap.cert.update"
profilePrefix = "bootstrap.profile."
profileCreate = profilePrefix + "create"
profileView = profilePrefix + "view"
profileUpdate = profilePrefix + "update"
profileList = profilePrefix + "list"
profileDelete = profilePrefix + "delete"
profileAssign = profilePrefix + "assign"
bindingsPrefix = "bootstrap.bindings."
bindingsBind = bindingsPrefix + "bind"
bindingsList = bindingsPrefix + "list"
bindingsRefresh = bindingsPrefix + "refresh"
)
var (
_ events.Event = (*configEvent)(nil)
_ events.Event = (*removeConfigEvent)(nil)
_ events.Event = (*bootstrapEvent)(nil)
_ events.Event = (*changeStateEvent)(nil)
_ events.Event = (*updateConnectionsEvent)(nil)
_ events.Event = (*enableConfigEvent)(nil)
_ events.Event = (*disableConfigEvent)(nil)
_ events.Event = (*updateCertEvent)(nil)
_ events.Event = (*listConfigsEvent)(nil)
_ events.Event = (*removeHandlerEvent)(nil)
_ events.Event = (*profileEvent)(nil)
_ events.Event = (*deleteProfileEvent)(nil)
_ events.Event = (*assignProfileEvent)(nil)
_ events.Event = (*bindResourcesEvent)(nil)
_ events.Event = (*listBindingsEvent)(nil)
_ events.Event = (*refreshBindingsEvent)(nil)
)
type configEvent struct {
@@ -49,11 +57,11 @@ type configEvent struct {
func (ce configEvent) Encode() (map[string]any, error) {
val := map[string]any{
"state": ce.State.String(),
"status": ce.Status.String(),
"operation": ce.operation,
}
if ce.ClientID != "" {
val["client_id"] = ce.ClientID
if ce.ID != "" {
val["config_id"] = ce.ID
}
if ce.Content != "" {
val["content"] = ce.Content
@@ -67,13 +75,6 @@ func (ce configEvent) Encode() (map[string]any, error) {
if ce.ExternalID != "" {
val["external_id"] = ce.ExternalID
}
if len(ce.Channels) > 0 {
channels := make([]string, len(ce.Channels))
for i, ch := range ce.Channels {
channels[i] = ch.ID
}
val["channels"] = channels
}
if ce.ClientCert != "" {
val["client_cert"] = ce.ClientCert
}
@@ -91,12 +92,12 @@ func (ce configEvent) Encode() (map[string]any, error) {
}
type removeConfigEvent struct {
client string
config string
}
func (rce removeConfigEvent) Encode() (map[string]any, error) {
return map[string]any{
"client_id": rce.client,
"config_id": rce.config,
"operation": configRemove,
}, nil
}
@@ -137,8 +138,8 @@ func (be bootstrapEvent) Encode() (map[string]any, error) {
"operation": clientBootstrap,
}
if be.ClientID != "" {
val["client_id"] = be.ClientID
if be.ID != "" {
val["config_id"] = be.ID
}
if be.Content != "" {
val["content"] = be.Content
@@ -152,13 +153,6 @@ func (be bootstrapEvent) Encode() (map[string]any, error) {
if be.ExternalID != "" {
val["external_id"] = be.ExternalID
}
if len(be.Channels) > 0 {
channels := make([]string, len(be.Channels))
for i, ch := range be.Channels {
channels[i] = ch.ID
}
val["channels"] = channels
}
if be.ClientCert != "" {
val["client_cert"] = be.ClientCert
}
@@ -174,34 +168,30 @@ func (be bootstrapEvent) Encode() (map[string]any, error) {
return val, nil
}
type changeStateEvent struct {
mgClient string
state bootstrap.State
type enableConfigEvent struct {
configID string
}
func (cse changeStateEvent) Encode() (map[string]any, error) {
func (e enableConfigEvent) Encode() (map[string]any, error) {
return map[string]any{
"client_id": cse.mgClient,
"state": cse.state.String(),
"operation": clientStateChange,
"config_id": e.configID,
"operation": configEnable,
}, nil
}
type updateConnectionsEvent struct {
mgClient string
mgChannels []string
type disableConfigEvent struct {
configID string
}
func (uce updateConnectionsEvent) Encode() (map[string]any, error) {
func (e disableConfigEvent) Encode() (map[string]any, error) {
return map[string]any{
"client_id": uce.mgClient,
"channels": uce.mgChannels,
"operation": clientUpdateConnections,
"config_id": e.configID,
"operation": configDisable,
}, nil
}
type updateCertEvent struct {
clientID string
configID string
clientCert string
clientKey string
caCert string
@@ -209,7 +199,7 @@ type updateCertEvent struct {
func (uce updateCertEvent) Encode() (map[string]any, error) {
return map[string]any{
"client_id": uce.clientID,
"config_id": uce.configID,
"client_cert": uce.clientCert,
"client_key": uce.clientKey,
"ca_cert": uce.caCert,
@@ -217,61 +207,82 @@ func (uce updateCertEvent) Encode() (map[string]any, error) {
}, nil
}
type removeHandlerEvent struct {
id string
type profileEvent struct {
bootstrap.Profile
operation string
}
func (rhe removeHandlerEvent) Encode() (map[string]any, error) {
return map[string]any{
"config_id": rhe.id,
"operation": rhe.operation,
}, nil
}
type updateChannelHandlerEvent struct {
bootstrap.Channel
}
func (uche updateChannelHandlerEvent) Encode() (map[string]any, error) {
func (pe profileEvent) Encode() (map[string]any, error) {
val := map[string]any{
"operation": channelUpdateHandler,
"operation": pe.operation,
}
if uche.ID != "" {
val["channel_id"] = uche.ID
if pe.ID != "" {
val["profile_id"] = pe.ID
}
if uche.Name != "" {
val["name"] = uche.Name
if pe.DomainID != "" {
val["domain_id"] = pe.DomainID
}
if uche.Metadata != nil {
val["metadata"] = uche.Metadata
if pe.Name != "" {
val["name"] = pe.Name
}
return val, nil
}
type connectClientEvent struct {
clientID string
channelID string
type deleteProfileEvent struct {
profileID string
}
func (cte connectClientEvent) Encode() (map[string]any, error) {
func (dpe deleteProfileEvent) Encode() (map[string]any, error) {
return map[string]any{
"client_id": cte.clientID,
"channel_id": cte.channelID,
"operation": clientConnect,
"profile_id": dpe.profileID,
"operation": profileDelete,
}, nil
}
type disconnectClientEvent struct {
clientID string
channelID string
type assignProfileEvent struct {
configID string
profileID string
}
func (dte disconnectClientEvent) Encode() (map[string]any, error) {
func (ape assignProfileEvent) Encode() (map[string]any, error) {
return map[string]any{
"client_id": dte.clientID,
"channel_id": dte.channelID,
"operation": clientDisconnect,
"config_id": ape.configID,
"profile_id": ape.profileID,
"operation": profileAssign,
}, nil
}
type bindResourcesEvent struct {
configID string
slots []string
}
func (bre bindResourcesEvent) Encode() (map[string]any, error) {
return map[string]any{
"config_id": bre.configID,
"slots": bre.slots,
"operation": bindingsBind,
}, nil
}
type listBindingsEvent struct {
configID string
}
func (lbe listBindingsEvent) Encode() (map[string]any, error) {
return map[string]any{
"config_id": lbe.configID,
"operation": bindingsList,
}, nil
}
type refreshBindingsEvent struct {
configID string
}
func (rbe refreshBindingsEvent) Encode() (map[string]any, error) {
return map[string]any{
"config_id": rbe.configID,
"operation": bindingsRefresh,
}, nil
}
bootstrap/events/producer/streams.go
+111 -81
View File
@@ -16,19 +16,21 @@ var _ bootstrap.Service = (*eventStore)(nil)
const (
magistralaPrefix = "magistrala."
createStream = magistralaPrefix + configCreate
viewStream = magistralaPrefix + configView
listStream = magistralaPrefix + configList
updateStream = magistralaPrefix + configUpdate
removeStream = magistralaPrefix + configRemove
updateCertStream = magistralaPrefix + certUpdate
updateConnectionsStream = magistralaPrefix + clientUpdateConnections
removeHandlerStream = magistralaPrefix + configHandlerRemove
bootstrapStream = magistralaPrefix + clientBootstrap
stateChangeStream = magistralaPrefix + clientStateChange
connectStream = magistralaPrefix + clientConnect
disconnectStream = magistralaPrefix + clientDisconnect
updateHandlerStream = magistralaPrefix + channelUpdateHandler
removeChannelHandlerStream = magistralaPrefix + channelHandlerRemove
enableConfigStream = magistralaPrefix + configEnable
disableConfigStream = magistralaPrefix + configDisable
createProfileStream = magistralaPrefix + profileCreate
viewProfileStream = magistralaPrefix + profileView
updateProfileStream = magistralaPrefix + profileUpdate
listProfilesStream = magistralaPrefix + profileList
deleteProfileStream = magistralaPrefix + profileDelete
assignProfileStream = magistralaPrefix + profileAssign
bindResourcesStream = magistralaPrefix + bindingsBind
listBindingsStream = magistralaPrefix + bindingsList
refreshBindingsStream = magistralaPrefix + bindingsRefresh
)
type eventStore struct {
@@ -71,7 +73,7 @@ func (es *eventStore) View(ctx context.Context, session smqauthn.Session, id str
cfg, configView,
}
if err := es.Publish(ctx, configView, ev); err != nil {
if err := es.Publish(ctx, magistralaPrefix+configView, ev); err != nil {
return cfg, err
}
@@ -87,17 +89,17 @@ func (es *eventStore) Update(ctx context.Context, session smqauthn.Session, cfg
cfg, configUpdate,
}
return es.Publish(ctx, configUpdate, ev)
return es.Publish(ctx, magistralaPrefix+configUpdate, ev)
}
func (es eventStore) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
cfg, err := es.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert)
func (es eventStore) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
cfg, err := es.svc.UpdateCert(ctx, session, id, clientCert, clientKey, caCert)
if err != nil {
return cfg, err
}
ev := updateCertEvent{
clientID: clientID,
configID: id,
clientCert: clientCert,
clientKey: clientKey,
caCert: caCert,
@@ -110,19 +112,6 @@ func (es eventStore) UpdateCert(ctx context.Context, session smqauthn.Session, c
return cfg, nil
}
func (es *eventStore) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) error {
if err := es.svc.UpdateConnections(ctx, session, token, id, connections); err != nil {
return err
}
ev := updateConnectionsEvent{
mgClient: id,
mgChannels: connections,
}
return es.Publish(ctx, updateConnectionsStream, ev)
}
func (es *eventStore) List(ctx context.Context, session smqauthn.Session, filter bootstrap.Filter, offset, limit uint64) (bootstrap.ConfigsPage, error) {
bp, err := es.svc.List(ctx, session, filter, offset, limit)
if err != nil {
@@ -149,7 +138,7 @@ func (es *eventStore) Remove(ctx context.Context, session smqauthn.Session, id s
}
ev := removeConfigEvent{
client: id,
config: id,
}
return es.Publish(ctx, removeStream, ev)
@@ -175,79 +164,120 @@ func (es *eventStore) Bootstrap(ctx context.Context, externalKey, externalID str
return cfg, err
}
func (es *eventStore) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state bootstrap.State) error {
if err := es.svc.ChangeState(ctx, session, token, id, state); err != nil {
func (es *eventStore) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) {
cfg, err := es.svc.EnableConfig(ctx, session, id)
if err != nil {
return cfg, err
}
ev := enableConfigEvent{configID: id}
if err := es.Publish(ctx, enableConfigStream, ev); err != nil {
return cfg, err
}
return cfg, nil
}
func (es *eventStore) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) {
cfg, err := es.svc.DisableConfig(ctx, session, id)
if err != nil {
return cfg, err
}
ev := disableConfigEvent{configID: id}
if err := es.Publish(ctx, disableConfigStream, ev); err != nil {
return cfg, err
}
return cfg, nil
}
func (es *eventStore) CreateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (bootstrap.Profile, error) {
saved, err := es.svc.CreateProfile(ctx, session, p)
if err != nil {
return saved, err
}
ev := profileEvent{saved, profileCreate}
if err := es.Publish(ctx, createProfileStream, ev); err != nil {
return saved, err
}
return saved, nil
}
func (es *eventStore) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (bootstrap.Profile, error) {
p, err := es.svc.ViewProfile(ctx, session, profileID)
if err != nil {
return p, err
}
ev := profileEvent{p, profileView}
if err := es.Publish(ctx, viewProfileStream, ev); err != nil {
return p, err
}
return p, nil
}
func (es *eventStore) UpdateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) error {
if err := es.svc.UpdateProfile(ctx, session, p); err != nil {
return err
}
ev := changeStateEvent{
mgClient: id,
state: state,
ev := profileEvent{p, profileUpdate}
return es.Publish(ctx, updateProfileStream, ev)
}
return es.Publish(ctx, stateChangeStream, ev)
func (es *eventStore) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (bootstrap.ProfilesPage, error) {
pp, err := es.svc.ListProfiles(ctx, session, offset, limit)
if err != nil {
return pp, err
}
ev := profileEvent{operation: profileList}
if err := es.Publish(ctx, listProfilesStream, ev); err != nil {
return pp, err
}
return pp, nil
}
func (es *eventStore) RemoveConfigHandler(ctx context.Context, id string) error {
if err := es.svc.RemoveConfigHandler(ctx, id); err != nil {
func (es *eventStore) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error {
if err := es.svc.DeleteProfile(ctx, session, profileID); err != nil {
return err
}
ev := removeHandlerEvent{
id: id,
operation: configHandlerRemove,
ev := deleteProfileEvent{profileID: profileID}
return es.Publish(ctx, deleteProfileStream, ev)
}
return es.Publish(ctx, removeHandlerStream, ev)
}
func (es *eventStore) RemoveChannelHandler(ctx context.Context, id string) error {
if err := es.svc.RemoveChannelHandler(ctx, id); err != nil {
func (es *eventStore) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error {
if err := es.svc.AssignProfile(ctx, session, configID, profileID); err != nil {
return err
}
ev := removeHandlerEvent{
id: id,
operation: channelHandlerRemove,
ev := assignProfileEvent{configID: configID, profileID: profileID}
return es.Publish(ctx, assignProfileStream, ev)
}
return es.Publish(ctx, removeChannelHandlerStream, ev)
}
func (es *eventStore) UpdateChannelHandler(ctx context.Context, channel bootstrap.Channel) error {
if err := es.svc.UpdateChannelHandler(ctx, channel); err != nil {
func (es *eventStore) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []bootstrap.BindingRequest) error {
if err := es.svc.BindResources(ctx, session, token, configID, bindings); err != nil {
return err
}
ev := updateChannelHandlerEvent{
channel,
slots := make([]string, len(bindings))
for i, b := range bindings {
slots[i] = b.Slot
}
ev := bindResourcesEvent{configID: configID, slots: slots}
return es.Publish(ctx, bindResourcesStream, ev)
}
return es.Publish(ctx, updateStream, ev)
func (es *eventStore) ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]bootstrap.BindingSnapshot, error) {
bs, err := es.svc.ListBindings(ctx, session, configID)
if err != nil {
return bs, err
}
ev := listBindingsEvent{configID: configID}
if err := es.Publish(ctx, listBindingsStream, ev); err != nil {
return bs, err
}
return bs, nil
}
func (es *eventStore) ConnectClientHandler(ctx context.Context, channelID, clientID string) error {
if err := es.svc.ConnectClientHandler(ctx, channelID, clientID); err != nil {
func (es *eventStore) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error {
if err := es.svc.RefreshBindings(ctx, session, token, configID); err != nil {
return err
}
ev := connectClientEvent{
clientID: clientID,
channelID: channelID,
}
return es.Publish(ctx, connectStream, ev)
}
func (es *eventStore) DisconnectClientHandler(ctx context.Context, channelID, clientID string) error {
if err := es.svc.DisconnectClientHandler(ctx, channelID, clientID); err != nil {
return err
}
ev := disconnectClientEvent{
clientID: clientID,
channelID: channelID,
}
return es.Publish(ctx, disconnectStream, ev)
ev := refreshBindingsEvent{configID: configID}
return es.Publish(ctx, refreshBindingsStream, ev)
}
bootstrap/events/producer/streams_test.go
+84 -651
View File
File diff suppressed because it is too large Load Diff
bootstrap/hasher.go
+14
View File
@@ -0,0 +1,14 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package bootstrap
// Hasher specifies an API for generating hashes of arbitrary textual content.
type Hasher interface {
// Hash generates the hashed string from plain-text.
Hash(string) (string, error)
// Compare compares plain-text version to the hashed one. An error should
// indicate failed comparison.
Compare(string, string) error
}
bootstrap/hasher/hasher.go
+94
View File
@@ -0,0 +1,94 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package hasher
import (
"crypto/subtle"
"encoding/base64"
"strings"
"github.com/absmach/magistrala/bootstrap"
"github.com/absmach/magistrala/pkg/errors"
"golang.org/x/crypto/bcrypt"
"golang.org/x/crypto/scrypt"
)
const (
cost = 10
legacyScryptPrefix = "scrypt$"
legacyScryptKeyN = 16384
legacyScryptKeyR = 8
legacyScryptKeyP = 1
legacyScryptKeySize = 32
)
var (
errHashExternalKey = errors.NewServiceError("generate hash from external key failed")
errCompareExternalKey = errors.NewServiceError("compare external key and hash failed")
errInvalidHashStore = errors.New("invalid stored external key hash format")
errDecode = errors.New("failed to decode external key hash")
)
var _ bootstrap.Hasher = (*bcryptHasher)(nil)
type bcryptHasher struct{}
// New instantiates a bcrypt-based hasher implementation.
func New() bootstrap.Hasher {
return &bcryptHasher{}
}
func (*bcryptHasher) Hash(key string) (string, error) {
hash, err := bcrypt.GenerateFromPassword([]byte(key), cost)
if err != nil {
return "", errors.Wrap(errHashExternalKey, err)
}
return string(hash), nil
}
func (*bcryptHasher) Compare(plain, hashed string) error {
if strings.HasPrefix(hashed, legacyScryptPrefix) {
return compareLegacyScryptHash(plain, hashed)
}
if err := bcrypt.CompareHashAndPassword([]byte(hashed), []byte(plain)); err == nil {
return nil
}
// Legacy rows may still contain plaintext external keys.
if subtle.ConstantTimeCompare([]byte(plain), []byte(hashed)) == 1 {
return nil
}
return bootstrap.ErrExternalKey
}
func compareLegacyScryptHash(plain, hashed string) error {
parts := strings.Split(strings.TrimPrefix(hashed, legacyScryptPrefix), ".")
if len(parts) != 2 {
return errInvalidHashStore
}
actualHash, err := base64.StdEncoding.DecodeString(parts[0])
if err != nil {
return errors.Wrap(errDecode, err)
}
salt, err := base64.StdEncoding.DecodeString(parts[1])
if err != nil {
return errors.Wrap(errDecode, err)
}
derivedHash, err := scrypt.Key([]byte(plain), salt, legacyScryptKeyN, legacyScryptKeyR, legacyScryptKeyP, legacyScryptKeySize)
if err != nil {
return errors.Wrap(errCompareExternalKey, err)
}
if subtle.ConstantTimeCompare(derivedHash, actualHash) == 1 {
return nil
}
return bootstrap.ErrExternalKey
}
bootstrap/middleware/authorization.go
+105 -36
View File
@@ -6,16 +6,22 @@ package middleware
import (
"context"
"github.com/absmach/magistrala/auth"
"github.com/absmach/magistrala/bootstrap"
smqauthn "github.com/absmach/magistrala/pkg/authn"
"github.com/absmach/magistrala/pkg/authz"
svcerr "github.com/absmach/magistrala/pkg/errors/service"
"github.com/absmach/magistrala/pkg/policies"
)
const (
updatePermission = "update_permission"
readPermission = "read_permission"
deletePermission = "delete_permission"
createOperation = "create"
viewOperation = "view"
updateOperation = "update"
updateCertOperation = "update_cert"
listOperation = "list"
removeOperation = "remove"
changeStateOperation = "change_state"
)
var _ bootstrap.Service = (*authorizationMiddleware)(nil)
@@ -34,7 +40,7 @@ func AuthorizationMiddleware(svc bootstrap.Service, authz authz.Authorization) b
}
func (am *authorizationMiddleware) Add(ctx context.Context, session smqauthn.Session, token string, cfg bootstrap.Config) (bootstrap.Config, error) {
if err := am.authorize(ctx, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID); err != nil {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, createOperation, auth.AnyIDs); err != nil {
return bootstrap.Config{}, err
}
@@ -42,7 +48,7 @@ func (am *authorizationMiddleware) Add(ctx context.Context, session smqauthn.Ses
}
func (am *authorizationMiddleware) View(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) {
if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, readPermission, policies.ClientType, id); err != nil {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, viewOperation, id); err != nil {
return bootstrap.Config{}, err
}
@@ -50,34 +56,26 @@ func (am *authorizationMiddleware) View(ctx context.Context, session smqauthn.Se
}
func (am *authorizationMiddleware) Update(ctx context.Context, session smqauthn.Session, cfg bootstrap.Config) error {
if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, updatePermission, policies.ClientType, cfg.ClientID); err != nil {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateOperation, cfg.ID); err != nil {
return err
}
return am.svc.Update(ctx, session, cfg)
}
func (am *authorizationMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, updatePermission, policies.ClientType, clientID); err != nil {
func (am *authorizationMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateCertOperation, id); err != nil {
return bootstrap.Config{}, err
}
return am.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert)
}
func (am *authorizationMiddleware) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) error {
if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, updatePermission, policies.ClientType, id); err != nil {
return err
}
return am.svc.UpdateConnections(ctx, session, token, id, connections)
return am.svc.UpdateCert(ctx, session, id, clientCert, clientKey, caCert)
}
func (am *authorizationMiddleware) List(ctx context.Context, session smqauthn.Session, filter bootstrap.Filter, offset, limit uint64) (bootstrap.ConfigsPage, error) {
if err := am.checkSuperAdmin(ctx, session.DomainUserID); err == nil {
if err := am.checkSuperAdmin(ctx, session); err == nil {
session.SuperAdmin = true
}
if err := am.authorize(ctx, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.AdminPermission, policies.DomainType, session.DomainID); err == nil {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.AdminPermission, policies.DomainType, session.DomainID, listOperation, auth.AnyIDs); err == nil {
session.SuperAdmin = true
}
@@ -85,7 +83,7 @@ func (am *authorizationMiddleware) List(ctx context.Context, session smqauthn.Se
}
func (am *authorizationMiddleware) Remove(ctx context.Context, session smqauthn.Session, id string) error {
if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, deletePermission, policies.ClientType, id); err != nil {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, removeOperation, id); err != nil {
return err
}
@@ -96,34 +94,92 @@ func (am *authorizationMiddleware) Bootstrap(ctx context.Context, externalKey, e
return am.svc.Bootstrap(ctx, externalKey, externalID, secure)
}
func (am *authorizationMiddleware) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state bootstrap.State) error {
return am.svc.ChangeState(ctx, session, token, id, state)
func (am *authorizationMiddleware) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, changeStateOperation, id); err != nil {
return bootstrap.Config{}, err
}
func (am *authorizationMiddleware) UpdateChannelHandler(ctx context.Context, channel bootstrap.Channel) error {
return am.svc.UpdateChannelHandler(ctx, channel)
return am.svc.EnableConfig(ctx, session, id)
}
func (am *authorizationMiddleware) RemoveConfigHandler(ctx context.Context, id string) error {
return am.svc.RemoveConfigHandler(ctx, id)
func (am *authorizationMiddleware) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, changeStateOperation, id); err != nil {
return bootstrap.Config{}, err
}
func (am *authorizationMiddleware) RemoveChannelHandler(ctx context.Context, id string) error {
return am.svc.RemoveChannelHandler(ctx, id)
return am.svc.DisableConfig(ctx, session, id)
}
func (am *authorizationMiddleware) ConnectClientHandler(ctx context.Context, channelID, clientID string) error {
return am.svc.ConnectClientHandler(ctx, channelID, clientID)
func (am *authorizationMiddleware) CreateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (bootstrap.Profile, error) {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, createOperation, auth.AnyIDs); err != nil {
return bootstrap.Profile{}, err
}
return am.svc.CreateProfile(ctx, session, p)
}
func (am *authorizationMiddleware) DisconnectClientHandler(ctx context.Context, channelID, clientID string) error {
return am.svc.DisconnectClientHandler(ctx, channelID, clientID)
func (am *authorizationMiddleware) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (bootstrap.Profile, error) {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, viewOperation, auth.AnyIDs); err != nil {
return bootstrap.Profile{}, err
}
return am.svc.ViewProfile(ctx, session, profileID)
}
func (am *authorizationMiddleware) checkSuperAdmin(ctx context.Context, adminID string) error {
func (am *authorizationMiddleware) UpdateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) error {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateOperation, auth.AnyIDs); err != nil {
return err
}
return am.svc.UpdateProfile(ctx, session, p)
}
func (am *authorizationMiddleware) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (bootstrap.ProfilesPage, error) {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, listOperation, auth.AnyIDs); err != nil {
return bootstrap.ProfilesPage{}, err
}
return am.svc.ListProfiles(ctx, session, offset, limit)
}
func (am *authorizationMiddleware) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, removeOperation, auth.AnyIDs); err != nil {
return err
}
return am.svc.DeleteProfile(ctx, session, profileID)
}
func (am *authorizationMiddleware) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateOperation, configID); err != nil {
return err
}
return am.svc.AssignProfile(ctx, session, configID, profileID)
}
func (am *authorizationMiddleware) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []bootstrap.BindingRequest) error {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateOperation, configID); err != nil {
return err
}
return am.svc.BindResources(ctx, session, token, configID, bindings)
}
func (am *authorizationMiddleware) ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]bootstrap.BindingSnapshot, error) {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, viewOperation, configID); err != nil {
return nil, err
}
return am.svc.ListBindings(ctx, session, configID)
}
func (am *authorizationMiddleware) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error {
if err := am.authorize(ctx, session, "", policies.UserType, policies.UsersKind, session.DomainUserID, policies.MembershipPermission, policies.DomainType, session.DomainID, updateOperation, configID); err != nil {
return err
}
return am.svc.RefreshBindings(ctx, session, token, configID)
}
func (am *authorizationMiddleware) checkSuperAdmin(ctx context.Context, session smqauthn.Session) error {
if session.Role != smqauthn.SuperAdminRole {
return svcerr.ErrSuperAdminAction
}
if err := am.authz.Authorize(ctx, authz.PolicyReq{
SubjectType: policies.UserType,
Subject: adminID,
Subject: session.UserID,
Permission: policies.AdminPermission,
ObjectType: policies.PlatformType,
Object: policies.MagistralaObject,
@@ -133,7 +189,7 @@ func (am *authorizationMiddleware) checkSuperAdmin(ctx context.Context, adminID
return nil
}
func (am *authorizationMiddleware) authorize(ctx context.Context, domain, subjType, subjKind, subj, perm, objType, obj string) error {
func (am *authorizationMiddleware) authorize(ctx context.Context, session smqauthn.Session, domain, subjType, subjKind, subj, perm, objType, obj, operation, entityID string) error {
req := authz.PolicyReq{
Domain: domain,
SubjectType: subjType,
@@ -143,7 +199,20 @@ func (am *authorizationMiddleware) authorize(ctx context.Context, domain, subjTy
ObjectType: objType,
Object: obj,
}
if err := am.authz.Authorize(ctx, req, nil); err != nil {
var pat *authz.PATReq
if session.PatID != "" {
pat = &authz.PATReq{
UserID: session.UserID,
PatID: session.PatID,
EntityID: entityID,
EntityType: auth.BootstrapType.String(),
Operation: operation,
Domain: session.DomainID,
}
}
if err := am.authz.Authorize(ctx, req, pat); err != nil {
return err
}
return nil
bootstrap/middleware/logging.go
+125 -65
View File
@@ -32,7 +32,7 @@ func (lm *loggingMiddleware) Add(ctx context.Context, session smqauthn.Session,
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("client_id", saved.ClientID),
slog.String("config_id", saved.ID),
}
if err != nil {
args = append(args, slog.Any("error", err))
@@ -51,7 +51,7 @@ func (lm *loggingMiddleware) View(ctx context.Context, session smqauthn.Session,
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("client_id", id),
slog.String("config_id", id),
}
if err != nil {
args = append(args, slog.Any("error", err))
@@ -71,7 +71,7 @@ func (lm *loggingMiddleware) Update(ctx context.Context, session smqauthn.Sessio
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.Group("config",
slog.String("client_id", cfg.ClientID),
slog.String("config_id", cfg.ID),
slog.String("name", cfg.Name),
),
}
@@ -86,13 +86,13 @@ func (lm *loggingMiddleware) Update(ctx context.Context, session smqauthn.Sessio
return lm.svc.Update(ctx, session, cfg)
}
// UpdateCert logs the update_cert request. It logs client ID and the time it took to complete the request.
// UpdateCert logs the update_cert request. It logs config ID and the time it took to complete the request.
// If the request fails, it logs the error.
func (lm *loggingMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) {
func (lm *loggingMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("client_id", cfg.ClientID),
slog.String("config_id", cfg.ID),
}
if err != nil {
args = append(args, slog.Any("error", err))
@@ -102,27 +102,7 @@ func (lm *loggingMiddleware) UpdateCert(ctx context.Context, session smqauthn.Se
lm.logger.Info("Update bootstrap config certificate completed successfully", args...)
}(time.Now())
return lm.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert)
}
// UpdateConnections logs the update_connections request. It logs bootstrap ID and the time it took to complete the request.
// If the request fails, it logs the error.
func (lm *loggingMiddleware) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) (err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("client_id", id),
slog.Any("connections", connections),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("Update config connections failed", args...)
return
}
lm.logger.Info("Update config connections completed successfully", args...)
}(time.Now())
return lm.svc.UpdateConnections(ctx, session, token, id, connections)
return lm.svc.UpdateCert(ctx, session, id, clientCert, clientKey, caCert)
}
// List logs the list request. It logs offset, limit and the time it took to complete the request.
@@ -155,7 +135,7 @@ func (lm *loggingMiddleware) Remove(ctx context.Context, session smqauthn.Sessio
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("client_id", id),
slog.String("config_id", id),
}
if err != nil {
args = append(args, slog.Any("error", err))
@@ -175,7 +155,7 @@ func (lm *loggingMiddleware) Bootstrap(ctx context.Context, externalKey, externa
slog.String("external_id", externalID),
}
if err != nil {
args = append(args, slog.Any("error", err))
args = append(args, slog.String("error", err.Error()))
lm.logger.Warn("View bootstrap config failed", args...)
return
}
@@ -185,111 +165,191 @@ func (lm *loggingMiddleware) Bootstrap(ctx context.Context, externalKey, externa
return lm.svc.Bootstrap(ctx, externalKey, externalID, secure)
}
func (lm *loggingMiddleware) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state bootstrap.State) (err error) {
func (lm *loggingMiddleware) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (cfg bootstrap.Config, err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("id", id),
slog.Any("state", state),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("Change client state failed", args...)
lm.logger.Warn("Enable config failed", args...)
return
}
lm.logger.Info("Change client state completed successfully", args...)
lm.logger.Info("Enable config completed successfully", args...)
}(time.Now())
return lm.svc.ChangeState(ctx, session, token, id, state)
return lm.svc.EnableConfig(ctx, session, id)
}
func (lm *loggingMiddleware) UpdateChannelHandler(ctx context.Context, channel bootstrap.Channel) (err error) {
func (lm *loggingMiddleware) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (cfg bootstrap.Config, err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.Group("channel",
slog.String("id", channel.ID),
slog.String("name", channel.Name),
slog.Any("metadata", channel.Metadata),
),
slog.String("id", id),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("Update channel handler failed", args...)
lm.logger.Warn("Disable config failed", args...)
return
}
lm.logger.Info("Update channel handler completed successfully", args...)
lm.logger.Info("Disable config completed successfully", args...)
}(time.Now())
return lm.svc.UpdateChannelHandler(ctx, channel)
return lm.svc.DisableConfig(ctx, session, id)
}
func (lm *loggingMiddleware) RemoveConfigHandler(ctx context.Context, id string) (err error) {
func (lm *loggingMiddleware) CreateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (saved bootstrap.Profile, err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("config_id", id),
slog.String("profile_id", saved.ID),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("Remove config handler failed", args...)
lm.logger.Warn("Create profile failed", args...)
return
}
lm.logger.Info("Remove config handler completed successfully", args...)
lm.logger.Info("Create profile completed successfully", args...)
}(time.Now())
return lm.svc.RemoveConfigHandler(ctx, id)
return lm.svc.CreateProfile(ctx, session, p)
}
func (lm *loggingMiddleware) RemoveChannelHandler(ctx context.Context, id string) (err error) {
func (lm *loggingMiddleware) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (p bootstrap.Profile, err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("channel_id", id),
slog.String("profile_id", profileID),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("Remove channel handler failed", args...)
lm.logger.Warn("View profile failed", args...)
return
}
lm.logger.Info("Remove channel handler completed successfully", args...)
lm.logger.Info("View profile completed successfully", args...)
}(time.Now())
return lm.svc.RemoveChannelHandler(ctx, id)
return lm.svc.ViewProfile(ctx, session, profileID)
}
func (lm *loggingMiddleware) ConnectClientHandler(ctx context.Context, channelID, clientID string) (err error) {
func (lm *loggingMiddleware) UpdateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("channel_id", channelID),
slog.String("client_id", clientID),
slog.String("profile_id", p.ID),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("Connect client handler failed", args...)
lm.logger.Warn("Update profile failed", args...)
return
}
lm.logger.Info("Connect client handler completed successfully", args...)
lm.logger.Info("Update profile completed successfully", args...)
}(time.Now())
return lm.svc.ConnectClientHandler(ctx, channelID, clientID)
return lm.svc.UpdateProfile(ctx, session, p)
}
func (lm *loggingMiddleware) DisconnectClientHandler(ctx context.Context, channelID, clientID string) (err error) {
func (lm *loggingMiddleware) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (page bootstrap.ProfilesPage, err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("channel_id", channelID),
slog.String("client_id", clientID),
slog.Uint64("offset", offset),
slog.Uint64("limit", limit),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("Disconnect client handler failed", args...)
lm.logger.Warn("List profiles failed", args...)
return
}
lm.logger.Info("Disconnect client handler completed successfully", args...)
lm.logger.Info("List profiles completed successfully", args...)
}(time.Now())
return lm.svc.DisconnectClientHandler(ctx, channelID, clientID)
return lm.svc.ListProfiles(ctx, session, offset, limit)
}
func (lm *loggingMiddleware) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) (err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("profile_id", profileID),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("Delete profile failed", args...)
return
}
lm.logger.Info("Delete profile completed successfully", args...)
}(time.Now())
return lm.svc.DeleteProfile(ctx, session, profileID)
}
func (lm *loggingMiddleware) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) (err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("config_id", configID),
slog.String("profile_id", profileID),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("Assign profile failed", args...)
return
}
lm.logger.Info("Assign profile completed successfully", args...)
}(time.Now())
return lm.svc.AssignProfile(ctx, session, configID, profileID)
}
func (lm *loggingMiddleware) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []bootstrap.BindingRequest) (err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("config_id", configID),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("Bind resources failed", args...)
return
}
lm.logger.Info("Bind resources completed successfully", args...)
}(time.Now())
return lm.svc.BindResources(ctx, session, token, configID, bindings)
}
func (lm *loggingMiddleware) ListBindings(ctx context.Context, session smqauthn.Session, configID string) (snapshots []bootstrap.BindingSnapshot, err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("config_id", configID),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("List bindings failed", args...)
return
}
lm.logger.Info("List bindings completed successfully", args...)
}(time.Now())
return lm.svc.ListBindings(ctx, session, configID)
}
func (lm *loggingMiddleware) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) (err error) {
defer func(begin time.Time) {
args := []any{
slog.String("duration", time.Since(begin).String()),
slog.String("config_id", configID),
}
if err != nil {
args = append(args, slog.Any("error", err))
lm.logger.Warn("Refresh bindings failed", args...)
return
}
lm.logger.Info("Refresh bindings completed successfully", args...)
}(time.Now())
return lm.svc.RefreshBindings(ctx, session, token, configID)
}
bootstrap/middleware/metrics.go
+66 -46
View File
@@ -62,23 +62,13 @@ func (mm *metricsMiddleware) Update(ctx context.Context, session smqauthn.Sessio
}
// UpdateCert instruments UpdateCert method with metrics.
func (mm *metricsMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) {
func (mm *metricsMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (cfg bootstrap.Config, err error) {
defer func(begin time.Time) {
mm.counter.With("method", "update_cert").Add(1)
mm.latency.With("method", "update_cert").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert)
}
// UpdateConnections instruments UpdateConnections method with metrics.
func (mm *metricsMiddleware) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) (err error) {
defer func(begin time.Time) {
mm.counter.With("method", "update_connections").Add(1)
mm.latency.With("method", "update_connections").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.UpdateConnections(ctx, session, token, id, connections)
return mm.svc.UpdateCert(ctx, session, id, clientCert, clientKey, caCert)
}
// List instruments List method with metrics.
@@ -111,62 +101,92 @@ func (mm *metricsMiddleware) Bootstrap(ctx context.Context, externalKey, externa
return mm.svc.Bootstrap(ctx, externalKey, externalID, secure)
}
// ChangeState instruments ChangeState method with metrics.
func (mm *metricsMiddleware) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state bootstrap.State) (err error) {
func (mm *metricsMiddleware) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) {
defer func(begin time.Time) {
mm.counter.With("method", "change_state").Add(1)
mm.latency.With("method", "change_state").Observe(time.Since(begin).Seconds())
mm.counter.With("method", "enable_config").Add(1)
mm.latency.With("method", "enable_config").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.ChangeState(ctx, session, token, id, state)
return mm.svc.EnableConfig(ctx, session, id)
}
// UpdateChannelHandler instruments UpdateChannelHandler method with metrics.
func (mm *metricsMiddleware) UpdateChannelHandler(ctx context.Context, channel bootstrap.Channel) (err error) {
func (mm *metricsMiddleware) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) {
defer func(begin time.Time) {
mm.counter.With("method", "update_channel").Add(1)
mm.latency.With("method", "update_channel").Observe(time.Since(begin).Seconds())
mm.counter.With("method", "disable_config").Add(1)
mm.latency.With("method", "disable_config").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.UpdateChannelHandler(ctx, channel)
return mm.svc.DisableConfig(ctx, session, id)
}
// RemoveConfigHandler instruments RemoveConfigHandler method with metrics.
func (mm *metricsMiddleware) RemoveConfigHandler(ctx context.Context, id string) (err error) {
func (mm *metricsMiddleware) CreateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (bootstrap.Profile, error) {
defer func(begin time.Time) {
mm.counter.With("method", "remove_config").Add(1)
mm.latency.With("method", "remove_config").Observe(time.Since(begin).Seconds())
mm.counter.With("method", "create_profile").Add(1)
mm.latency.With("method", "create_profile").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.RemoveConfigHandler(ctx, id)
return mm.svc.CreateProfile(ctx, session, p)
}
// RemoveChannelHandler instruments RemoveChannelHandler method with metrics.
func (mm *metricsMiddleware) RemoveChannelHandler(ctx context.Context, id string) (err error) {
func (mm *metricsMiddleware) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (bootstrap.Profile, error) {
defer func(begin time.Time) {
mm.counter.With("method", "remove_channel").Add(1)
mm.latency.With("method", "remove_channel").Observe(time.Since(begin).Seconds())
mm.counter.With("method", "view_profile").Add(1)
mm.latency.With("method", "view_profile").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.RemoveChannelHandler(ctx, id)
return mm.svc.ViewProfile(ctx, session, profileID)
}
// ConnectClientHandler instruments ConnectClientHandler method with metrics.
func (mm *metricsMiddleware) ConnectClientHandler(ctx context.Context, channelID, clientID string) (err error) {
func (mm *metricsMiddleware) UpdateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) error {
defer func(begin time.Time) {
mm.counter.With("method", "connect_client_handler").Add(1)
mm.latency.With("method", "connect_client_handler").Observe(time.Since(begin).Seconds())
mm.counter.With("method", "update_profile").Add(1)
mm.latency.With("method", "update_profile").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.ConnectClientHandler(ctx, channelID, clientID)
return mm.svc.UpdateProfile(ctx, session, p)
}
// DisconnectClientHandler instruments DisconnectClientHandler method with metrics.
func (mm *metricsMiddleware) DisconnectClientHandler(ctx context.Context, channelID, clientID string) (err error) {
func (mm *metricsMiddleware) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (bootstrap.ProfilesPage, error) {
defer func(begin time.Time) {
mm.counter.With("method", "disconnect_client_handler").Add(1)
mm.latency.With("method", "disconnect_client_handler").Observe(time.Since(begin).Seconds())
mm.counter.With("method", "list_profiles").Add(1)
mm.latency.With("method", "list_profiles").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.DisconnectClientHandler(ctx, channelID, clientID)
return mm.svc.ListProfiles(ctx, session, offset, limit)
}
func (mm *metricsMiddleware) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error {
defer func(begin time.Time) {
mm.counter.With("method", "delete_profile").Add(1)
mm.latency.With("method", "delete_profile").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.DeleteProfile(ctx, session, profileID)
}
func (mm *metricsMiddleware) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error {
defer func(begin time.Time) {
mm.counter.With("method", "assign_profile").Add(1)
mm.latency.With("method", "assign_profile").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.AssignProfile(ctx, session, configID, profileID)
}
func (mm *metricsMiddleware) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []bootstrap.BindingRequest) error {
defer func(begin time.Time) {
mm.counter.With("method", "bind_resources").Add(1)
mm.latency.With("method", "bind_resources").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.BindResources(ctx, session, token, configID, bindings)
}
func (mm *metricsMiddleware) ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]bootstrap.BindingSnapshot, error) {
defer func(begin time.Time) {
mm.counter.With("method", "list_bindings").Add(1)
mm.latency.With("method", "list_bindings").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.ListBindings(ctx, session, configID)
}
func (mm *metricsMiddleware) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error {
defer func(begin time.Time) {
mm.counter.With("method", "refresh_bindings").Add(1)
mm.latency.With("method", "refresh_bindings").Observe(time.Since(begin).Seconds())
}(time.Now())
return mm.svc.RefreshBindings(ctx, session, token, configID)
}
bootstrap/mocks/binding_resolver.go
+111
View File
@@ -0,0 +1,111 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
// Code generated by mockery; DO NOT EDIT.
// github.com/vektra/mockery
// template: testify
package mocks
import (
"context"
"github.com/absmach/magistrala/bootstrap"
mock "github.com/stretchr/testify/mock"
)
// NewBindingResolver creates a new instance of BindingResolver. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
// The first argument is typically a *testing.T value.
func NewBindingResolver(t interface {
mock.TestingT
Cleanup(func())
}) *BindingResolver {
mock := &BindingResolver{}
mock.Mock.Test(t)
t.Cleanup(func() { mock.AssertExpectations(t) })
return mock
}
// BindingResolver is an autogenerated mock type for the BindingResolver type
type BindingResolver struct {
mock.Mock
}
type BindingResolver_Expecter struct {
mock *mock.Mock
}
func (_m *BindingResolver) EXPECT() *BindingResolver_Expecter {
return &BindingResolver_Expecter{mock: &_m.Mock}
}
// Resolve provides a mock function for the type BindingResolver
func (_mock *BindingResolver) Resolve(ctx context.Context, req bootstrap.ResolveRequest) ([]bootstrap.BindingSnapshot, error) {
ret := _mock.Called(ctx, req)
if len(ret) == 0 {
panic("no return value specified for Resolve")
}
var r0 []bootstrap.BindingSnapshot
var r1 error
if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.ResolveRequest) ([]bootstrap.BindingSnapshot, error)); ok {
return returnFunc(ctx, req)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.ResolveRequest) []bootstrap.BindingSnapshot); ok {
r0 = returnFunc(ctx, req)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]bootstrap.BindingSnapshot)
}
}
if returnFunc, ok := ret.Get(1).(func(context.Context, bootstrap.ResolveRequest) error); ok {
r1 = returnFunc(ctx, req)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// BindingResolver_Resolve_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Resolve'
type BindingResolver_Resolve_Call struct {
*mock.Call
}
// Resolve is a helper method to define mock.On call
// - ctx context.Context
// - req bootstrap.ResolveRequest
func (_e *BindingResolver_Expecter) Resolve(ctx interface{}, req interface{}) *BindingResolver_Resolve_Call {
return &BindingResolver_Resolve_Call{Call: _e.mock.On("Resolve", ctx, req)}
}
func (_c *BindingResolver_Resolve_Call) Run(run func(ctx context.Context, req bootstrap.ResolveRequest)) *BindingResolver_Resolve_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 bootstrap.ResolveRequest
if args[1] != nil {
arg1 = args[1].(bootstrap.ResolveRequest)
}
run(
arg0,
arg1,
)
})
return _c
}
func (_c *BindingResolver_Resolve_Call) Return(bindingSnapshots []bootstrap.BindingSnapshot, err error) *BindingResolver_Resolve_Call {
_c.Call.Return(bindingSnapshots, err)
return _c
}
func (_c *BindingResolver_Resolve_Call) RunAndReturn(run func(ctx context.Context, req bootstrap.ResolveRequest) ([]bootstrap.BindingSnapshot, error)) *BindingResolver_Resolve_Call {
_c.Call.Return(run)
return _c
}
bootstrap/mocks/binding_store.go
+237
View File
@@ -0,0 +1,237 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
// Code generated by mockery; DO NOT EDIT.
// github.com/vektra/mockery
// template: testify
package mocks
import (
"context"
"github.com/absmach/magistrala/bootstrap"
mock "github.com/stretchr/testify/mock"
)
// NewBindingStore creates a new instance of BindingStore. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
// The first argument is typically a *testing.T value.
func NewBindingStore(t interface {
mock.TestingT
Cleanup(func())
}) *BindingStore {
mock := &BindingStore{}
mock.Mock.Test(t)
t.Cleanup(func() { mock.AssertExpectations(t) })
return mock
}
// BindingStore is an autogenerated mock type for the BindingStore type
type BindingStore struct {
mock.Mock
}
type BindingStore_Expecter struct {
mock *mock.Mock
}
func (_m *BindingStore) EXPECT() *BindingStore_Expecter {
return &BindingStore_Expecter{mock: &_m.Mock}
}
// Delete provides a mock function for the type BindingStore
func (_mock *BindingStore) Delete(ctx context.Context, configID string, slot string) error {
ret := _mock.Called(ctx, configID, slot)
if len(ret) == 0 {
panic("no return value specified for Delete")
}
var r0 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) error); ok {
r0 = returnFunc(ctx, configID, slot)
} else {
r0 = ret.Error(0)
}
return r0
}
// BindingStore_Delete_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Delete'
type BindingStore_Delete_Call struct {
*mock.Call
}
// Delete is a helper method to define mock.On call
// - ctx context.Context
// - configID string
// - slot string
func (_e *BindingStore_Expecter) Delete(ctx interface{}, configID interface{}, slot interface{}) *BindingStore_Delete_Call {
return &BindingStore_Delete_Call{Call: _e.mock.On("Delete", ctx, configID, slot)}
}
func (_c *BindingStore_Delete_Call) Run(run func(ctx context.Context, configID string, slot string)) *BindingStore_Delete_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
run(
arg0,
arg1,
arg2,
)
})
return _c
}
func (_c *BindingStore_Delete_Call) Return(err error) *BindingStore_Delete_Call {
_c.Call.Return(err)
return _c
}
func (_c *BindingStore_Delete_Call) RunAndReturn(run func(ctx context.Context, configID string, slot string) error) *BindingStore_Delete_Call {
_c.Call.Return(run)
return _c
}
// Retrieve provides a mock function for the type BindingStore
func (_mock *BindingStore) Retrieve(ctx context.Context, configID string) ([]bootstrap.BindingSnapshot, error) {
ret := _mock.Called(ctx, configID)
if len(ret) == 0 {
panic("no return value specified for Retrieve")
}
var r0 []bootstrap.BindingSnapshot
var r1 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string) ([]bootstrap.BindingSnapshot, error)); ok {
return returnFunc(ctx, configID)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, string) []bootstrap.BindingSnapshot); ok {
r0 = returnFunc(ctx, configID)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]bootstrap.BindingSnapshot)
}
}
if returnFunc, ok := ret.Get(1).(func(context.Context, string) error); ok {
r1 = returnFunc(ctx, configID)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// BindingStore_Retrieve_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Retrieve'
type BindingStore_Retrieve_Call struct {
*mock.Call
}
// Retrieve is a helper method to define mock.On call
// - ctx context.Context
// - configID string
func (_e *BindingStore_Expecter) Retrieve(ctx interface{}, configID interface{}) *BindingStore_Retrieve_Call {
return &BindingStore_Retrieve_Call{Call: _e.mock.On("Retrieve", ctx, configID)}
}
func (_c *BindingStore_Retrieve_Call) Run(run func(ctx context.Context, configID string)) *BindingStore_Retrieve_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
run(
arg0,
arg1,
)
})
return _c
}
func (_c *BindingStore_Retrieve_Call) Return(bindingSnapshots []bootstrap.BindingSnapshot, err error) *BindingStore_Retrieve_Call {
_c.Call.Return(bindingSnapshots, err)
return _c
}
func (_c *BindingStore_Retrieve_Call) RunAndReturn(run func(ctx context.Context, configID string) ([]bootstrap.BindingSnapshot, error)) *BindingStore_Retrieve_Call {
_c.Call.Return(run)
return _c
}
// Save provides a mock function for the type BindingStore
func (_mock *BindingStore) Save(ctx context.Context, configID string, bindings []bootstrap.BindingSnapshot) error {
ret := _mock.Called(ctx, configID, bindings)
if len(ret) == 0 {
panic("no return value specified for Save")
}
var r0 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string, []bootstrap.BindingSnapshot) error); ok {
r0 = returnFunc(ctx, configID, bindings)
} else {
r0 = ret.Error(0)
}
return r0
}
// BindingStore_Save_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Save'
type BindingStore_Save_Call struct {
*mock.Call
}
// Save is a helper method to define mock.On call
// - ctx context.Context
// - configID string
// - bindings []bootstrap.BindingSnapshot
func (_e *BindingStore_Expecter) Save(ctx interface{}, configID interface{}, bindings interface{}) *BindingStore_Save_Call {
return &BindingStore_Save_Call{Call: _e.mock.On("Save", ctx, configID, bindings)}
}
func (_c *BindingStore_Save_Call) Run(run func(ctx context.Context, configID string, bindings []bootstrap.BindingSnapshot)) *BindingStore_Save_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 []bootstrap.BindingSnapshot
if args[2] != nil {
arg2 = args[2].([]bootstrap.BindingSnapshot)
}
run(
arg0,
arg1,
arg2,
)
})
return _c
}
func (_c *BindingStore_Save_Call) Return(err error) *BindingStore_Save_Call {
_c.Call.Return(err)
return _c
}
func (_c *BindingStore_Save_Call) RunAndReturn(run func(ctx context.Context, configID string, bindings []bootstrap.BindingSnapshot) error) *BindingStore_Save_Call {
_c.Call.Return(run)
return _c
}
bootstrap/mocks/config_repository.go
+75 -464
View File
@@ -42,38 +42,38 @@ func (_m *ConfigRepository) EXPECT() *ConfigRepository_Expecter {
return &ConfigRepository_Expecter{mock: &_m.Mock}
}
// ChangeState provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) ChangeState(ctx context.Context, domainID string, id string, state bootstrap.State) error {
ret := _mock.Called(ctx, domainID, id, state)
// AssignProfile provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) AssignProfile(ctx context.Context, domainID string, id string, profileID string) error {
ret := _mock.Called(ctx, domainID, id, profileID)
if len(ret) == 0 {
panic("no return value specified for ChangeState")
panic("no return value specified for AssignProfile")
}
var r0 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, bootstrap.State) error); ok {
r0 = returnFunc(ctx, domainID, id, state)
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) error); ok {
r0 = returnFunc(ctx, domainID, id, profileID)
} else {
r0 = ret.Error(0)
}
return r0
}
// ConfigRepository_ChangeState_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ChangeState'
type ConfigRepository_ChangeState_Call struct {
// ConfigRepository_AssignProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'AssignProfile'
type ConfigRepository_AssignProfile_Call struct {
*mock.Call
}
// ChangeState is a helper method to define mock.On call
// AssignProfile is a helper method to define mock.On call
// - ctx context.Context
// - domainID string
// - id string
// - state bootstrap.State
func (_e *ConfigRepository_Expecter) ChangeState(ctx interface{}, domainID interface{}, id interface{}, state interface{}) *ConfigRepository_ChangeState_Call {
return &ConfigRepository_ChangeState_Call{Call: _e.mock.On("ChangeState", ctx, domainID, id, state)}
// - profileID string
func (_e *ConfigRepository_Expecter) AssignProfile(ctx interface{}, domainID interface{}, id interface{}, profileID interface{}) *ConfigRepository_AssignProfile_Call {
return &ConfigRepository_AssignProfile_Call{Call: _e.mock.On("AssignProfile", ctx, domainID, id, profileID)}
}
func (_c *ConfigRepository_ChangeState_Call) Run(run func(ctx context.Context, domainID string, id string, state bootstrap.State)) *ConfigRepository_ChangeState_Call {
func (_c *ConfigRepository_AssignProfile_Call) Run(run func(ctx context.Context, domainID string, id string, profileID string)) *ConfigRepository_AssignProfile_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
@@ -87,9 +87,9 @@ func (_c *ConfigRepository_ChangeState_Call) Run(run func(ctx context.Context, d
if args[2] != nil {
arg2 = args[2].(string)
}
var arg3 bootstrap.State
var arg3 string
if args[3] != nil {
arg3 = args[3].(bootstrap.State)
arg3 = args[3].(string)
}
run(
arg0,
@@ -101,184 +101,48 @@ func (_c *ConfigRepository_ChangeState_Call) Run(run func(ctx context.Context, d
return _c
}
func (_c *ConfigRepository_ChangeState_Call) Return(err error) *ConfigRepository_ChangeState_Call {
func (_c *ConfigRepository_AssignProfile_Call) Return(err error) *ConfigRepository_AssignProfile_Call {
_c.Call.Return(err)
return _c
}
func (_c *ConfigRepository_ChangeState_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string, state bootstrap.State) error) *ConfigRepository_ChangeState_Call {
func (_c *ConfigRepository_AssignProfile_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string, profileID string) error) *ConfigRepository_AssignProfile_Call {
_c.Call.Return(run)
return _c
}
// ConnectClient provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) ConnectClient(ctx context.Context, channelID string, clientID string) error {
ret := _mock.Called(ctx, channelID, clientID)
// ChangeStatus provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) ChangeStatus(ctx context.Context, domainID string, id string, status bootstrap.Status) error {
ret := _mock.Called(ctx, domainID, id, status)
if len(ret) == 0 {
panic("no return value specified for ConnectClient")
panic("no return value specified for ChangeStatus")
}
var r0 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) error); ok {
r0 = returnFunc(ctx, channelID, clientID)
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, bootstrap.Status) error); ok {
r0 = returnFunc(ctx, domainID, id, status)
} else {
r0 = ret.Error(0)
}
return r0
}
// ConfigRepository_ConnectClient_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ConnectClient'
type ConfigRepository_ConnectClient_Call struct {
// ConfigRepository_ChangeStatus_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ChangeStatus'
type ConfigRepository_ChangeStatus_Call struct {
*mock.Call
}
// ConnectClient is a helper method to define mock.On call
// - ctx context.Context
// - channelID string
// - clientID string
func (_e *ConfigRepository_Expecter) ConnectClient(ctx interface{}, channelID interface{}, clientID interface{}) *ConfigRepository_ConnectClient_Call {
return &ConfigRepository_ConnectClient_Call{Call: _e.mock.On("ConnectClient", ctx, channelID, clientID)}
}
func (_c *ConfigRepository_ConnectClient_Call) Run(run func(ctx context.Context, channelID string, clientID string)) *ConfigRepository_ConnectClient_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
run(
arg0,
arg1,
arg2,
)
})
return _c
}
func (_c *ConfigRepository_ConnectClient_Call) Return(err error) *ConfigRepository_ConnectClient_Call {
_c.Call.Return(err)
return _c
}
func (_c *ConfigRepository_ConnectClient_Call) RunAndReturn(run func(ctx context.Context, channelID string, clientID string) error) *ConfigRepository_ConnectClient_Call {
_c.Call.Return(run)
return _c
}
// DisconnectClient provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) DisconnectClient(ctx context.Context, channelID string, clientID string) error {
ret := _mock.Called(ctx, channelID, clientID)
if len(ret) == 0 {
panic("no return value specified for DisconnectClient")
}
var r0 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) error); ok {
r0 = returnFunc(ctx, channelID, clientID)
} else {
r0 = ret.Error(0)
}
return r0
}
// ConfigRepository_DisconnectClient_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DisconnectClient'
type ConfigRepository_DisconnectClient_Call struct {
*mock.Call
}
// DisconnectClient is a helper method to define mock.On call
// - ctx context.Context
// - channelID string
// - clientID string
func (_e *ConfigRepository_Expecter) DisconnectClient(ctx interface{}, channelID interface{}, clientID interface{}) *ConfigRepository_DisconnectClient_Call {
return &ConfigRepository_DisconnectClient_Call{Call: _e.mock.On("DisconnectClient", ctx, channelID, clientID)}
}
func (_c *ConfigRepository_DisconnectClient_Call) Run(run func(ctx context.Context, channelID string, clientID string)) *ConfigRepository_DisconnectClient_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
run(
arg0,
arg1,
arg2,
)
})
return _c
}
func (_c *ConfigRepository_DisconnectClient_Call) Return(err error) *ConfigRepository_DisconnectClient_Call {
_c.Call.Return(err)
return _c
}
func (_c *ConfigRepository_DisconnectClient_Call) RunAndReturn(run func(ctx context.Context, channelID string, clientID string) error) *ConfigRepository_DisconnectClient_Call {
_c.Call.Return(run)
return _c
}
// ListExisting provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) ListExisting(ctx context.Context, domainID string, ids []string) ([]bootstrap.Channel, error) {
ret := _mock.Called(ctx, domainID, ids)
if len(ret) == 0 {
panic("no return value specified for ListExisting")
}
var r0 []bootstrap.Channel
var r1 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string, []string) ([]bootstrap.Channel, error)); ok {
return returnFunc(ctx, domainID, ids)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, string, []string) []bootstrap.Channel); ok {
r0 = returnFunc(ctx, domainID, ids)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]bootstrap.Channel)
}
}
if returnFunc, ok := ret.Get(1).(func(context.Context, string, []string) error); ok {
r1 = returnFunc(ctx, domainID, ids)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// ConfigRepository_ListExisting_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListExisting'
type ConfigRepository_ListExisting_Call struct {
*mock.Call
}
// ListExisting is a helper method to define mock.On call
// ChangeStatus is a helper method to define mock.On call
// - ctx context.Context
// - domainID string
// - ids []string
func (_e *ConfigRepository_Expecter) ListExisting(ctx interface{}, domainID interface{}, ids interface{}) *ConfigRepository_ListExisting_Call {
return &ConfigRepository_ListExisting_Call{Call: _e.mock.On("ListExisting", ctx, domainID, ids)}
// - id string
// - status bootstrap.Status
func (_e *ConfigRepository_Expecter) ChangeStatus(ctx interface{}, domainID interface{}, id interface{}, status interface{}) *ConfigRepository_ChangeStatus_Call {
return &ConfigRepository_ChangeStatus_Call{Call: _e.mock.On("ChangeStatus", ctx, domainID, id, status)}
}
func (_c *ConfigRepository_ListExisting_Call) Run(run func(ctx context.Context, domainID string, ids []string)) *ConfigRepository_ListExisting_Call {
func (_c *ConfigRepository_ChangeStatus_Call) Run(run func(ctx context.Context, domainID string, id string, status bootstrap.Status)) *ConfigRepository_ChangeStatus_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
@@ -288,25 +152,30 @@ func (_c *ConfigRepository_ListExisting_Call) Run(run func(ctx context.Context,
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 []string
var arg2 string
if args[2] != nil {
arg2 = args[2].([]string)
arg2 = args[2].(string)
}
var arg3 bootstrap.Status
if args[3] != nil {
arg3 = args[3].(bootstrap.Status)
}
run(
arg0,
arg1,
arg2,
arg3,
)
})
return _c
}
func (_c *ConfigRepository_ListExisting_Call) Return(channels []bootstrap.Channel, err error) *ConfigRepository_ListExisting_Call {
_c.Call.Return(channels, err)
func (_c *ConfigRepository_ChangeStatus_Call) Return(err error) *ConfigRepository_ChangeStatus_Call {
_c.Call.Return(err)
return _c
}
func (_c *ConfigRepository_ListExisting_Call) RunAndReturn(run func(ctx context.Context, domainID string, ids []string) ([]bootstrap.Channel, error)) *ConfigRepository_ListExisting_Call {
func (_c *ConfigRepository_ChangeStatus_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string, status bootstrap.Status) error) *ConfigRepository_ChangeStatus_Call {
_c.Call.Return(run)
return _c
}
@@ -374,131 +243,17 @@ func (_c *ConfigRepository_Remove_Call) RunAndReturn(run func(ctx context.Contex
return _c
}
// RemoveChannel provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) RemoveChannel(ctx context.Context, id string) error {
ret := _mock.Called(ctx, id)
if len(ret) == 0 {
panic("no return value specified for RemoveChannel")
}
var r0 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string) error); ok {
r0 = returnFunc(ctx, id)
} else {
r0 = ret.Error(0)
}
return r0
}
// ConfigRepository_RemoveChannel_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoveChannel'
type ConfigRepository_RemoveChannel_Call struct {
*mock.Call
}
// RemoveChannel is a helper method to define mock.On call
// - ctx context.Context
// - id string
func (_e *ConfigRepository_Expecter) RemoveChannel(ctx interface{}, id interface{}) *ConfigRepository_RemoveChannel_Call {
return &ConfigRepository_RemoveChannel_Call{Call: _e.mock.On("RemoveChannel", ctx, id)}
}
func (_c *ConfigRepository_RemoveChannel_Call) Run(run func(ctx context.Context, id string)) *ConfigRepository_RemoveChannel_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
run(
arg0,
arg1,
)
})
return _c
}
func (_c *ConfigRepository_RemoveChannel_Call) Return(err error) *ConfigRepository_RemoveChannel_Call {
_c.Call.Return(err)
return _c
}
func (_c *ConfigRepository_RemoveChannel_Call) RunAndReturn(run func(ctx context.Context, id string) error) *ConfigRepository_RemoveChannel_Call {
_c.Call.Return(run)
return _c
}
// RemoveClient provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) RemoveClient(ctx context.Context, id string) error {
ret := _mock.Called(ctx, id)
if len(ret) == 0 {
panic("no return value specified for RemoveClient")
}
var r0 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string) error); ok {
r0 = returnFunc(ctx, id)
} else {
r0 = ret.Error(0)
}
return r0
}
// ConfigRepository_RemoveClient_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoveClient'
type ConfigRepository_RemoveClient_Call struct {
*mock.Call
}
// RemoveClient is a helper method to define mock.On call
// - ctx context.Context
// - id string
func (_e *ConfigRepository_Expecter) RemoveClient(ctx interface{}, id interface{}) *ConfigRepository_RemoveClient_Call {
return &ConfigRepository_RemoveClient_Call{Call: _e.mock.On("RemoveClient", ctx, id)}
}
func (_c *ConfigRepository_RemoveClient_Call) Run(run func(ctx context.Context, id string)) *ConfigRepository_RemoveClient_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
run(
arg0,
arg1,
)
})
return _c
}
func (_c *ConfigRepository_RemoveClient_Call) Return(err error) *ConfigRepository_RemoveClient_Call {
_c.Call.Return(err)
return _c
}
func (_c *ConfigRepository_RemoveClient_Call) RunAndReturn(run func(ctx context.Context, id string) error) *ConfigRepository_RemoveClient_Call {
_c.Call.Return(run)
return _c
}
// RetrieveAll provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) RetrieveAll(ctx context.Context, domainID string, clientIDs []string, filter bootstrap.Filter, offset uint64, limit uint64) bootstrap.ConfigsPage {
ret := _mock.Called(ctx, domainID, clientIDs, filter, offset, limit)
func (_mock *ConfigRepository) RetrieveAll(ctx context.Context, domainID string, filter bootstrap.Filter, offset uint64, limit uint64) bootstrap.ConfigsPage {
ret := _mock.Called(ctx, domainID, filter, offset, limit)
if len(ret) == 0 {
panic("no return value specified for RetrieveAll")
}
var r0 bootstrap.ConfigsPage
if returnFunc, ok := ret.Get(0).(func(context.Context, string, []string, bootstrap.Filter, uint64, uint64) bootstrap.ConfigsPage); ok {
r0 = returnFunc(ctx, domainID, clientIDs, filter, offset, limit)
if returnFunc, ok := ret.Get(0).(func(context.Context, string, bootstrap.Filter, uint64, uint64) bootstrap.ConfigsPage); ok {
r0 = returnFunc(ctx, domainID, filter, offset, limit)
} else {
r0 = ret.Get(0).(bootstrap.ConfigsPage)
}
@@ -513,15 +268,14 @@ type ConfigRepository_RetrieveAll_Call struct {
// RetrieveAll is a helper method to define mock.On call
// - ctx context.Context
// - domainID string
// - clientIDs []string
// - filter bootstrap.Filter
// - offset uint64
// - limit uint64
func (_e *ConfigRepository_Expecter) RetrieveAll(ctx interface{}, domainID interface{}, clientIDs interface{}, filter interface{}, offset interface{}, limit interface{}) *ConfigRepository_RetrieveAll_Call {
return &ConfigRepository_RetrieveAll_Call{Call: _e.mock.On("RetrieveAll", ctx, domainID, clientIDs, filter, offset, limit)}
func (_e *ConfigRepository_Expecter) RetrieveAll(ctx interface{}, domainID interface{}, filter interface{}, offset interface{}, limit interface{}) *ConfigRepository_RetrieveAll_Call {
return &ConfigRepository_RetrieveAll_Call{Call: _e.mock.On("RetrieveAll", ctx, domainID, filter, offset, limit)}
}
func (_c *ConfigRepository_RetrieveAll_Call) Run(run func(ctx context.Context, domainID string, clientIDs []string, filter bootstrap.Filter, offset uint64, limit uint64)) *ConfigRepository_RetrieveAll_Call {
func (_c *ConfigRepository_RetrieveAll_Call) Run(run func(ctx context.Context, domainID string, filter bootstrap.Filter, offset uint64, limit uint64)) *ConfigRepository_RetrieveAll_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
@@ -531,29 +285,24 @@ func (_c *ConfigRepository_RetrieveAll_Call) Run(run func(ctx context.Context, d
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 []string
var arg2 bootstrap.Filter
if args[2] != nil {
arg2 = args[2].([]string)
arg2 = args[2].(bootstrap.Filter)
}
var arg3 bootstrap.Filter
var arg3 uint64
if args[3] != nil {
arg3 = args[3].(bootstrap.Filter)
arg3 = args[3].(uint64)
}
var arg4 uint64
if args[4] != nil {
arg4 = args[4].(uint64)
}
var arg5 uint64
if args[5] != nil {
arg5 = args[5].(uint64)
}
run(
arg0,
arg1,
arg2,
arg3,
arg4,
arg5,
)
})
return _c
@@ -564,7 +313,7 @@ func (_c *ConfigRepository_RetrieveAll_Call) Return(configsPage bootstrap.Config
return _c
}
func (_c *ConfigRepository_RetrieveAll_Call) RunAndReturn(run func(ctx context.Context, domainID string, clientIDs []string, filter bootstrap.Filter, offset uint64, limit uint64) bootstrap.ConfigsPage) *ConfigRepository_RetrieveAll_Call {
func (_c *ConfigRepository_RetrieveAll_Call) RunAndReturn(run func(ctx context.Context, domainID string, filter bootstrap.Filter, offset uint64, limit uint64) bootstrap.ConfigsPage) *ConfigRepository_RetrieveAll_Call {
_c.Call.Return(run)
return _c
}
@@ -708,8 +457,8 @@ func (_c *ConfigRepository_RetrieveByID_Call) RunAndReturn(run func(ctx context.
}
// Save provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) Save(ctx context.Context, cfg bootstrap.Config, chsConnIDs []string) (string, error) {
ret := _mock.Called(ctx, cfg, chsConnIDs)
func (_mock *ConfigRepository) Save(ctx context.Context, cfg bootstrap.Config) (string, error) {
ret := _mock.Called(ctx, cfg)
if len(ret) == 0 {
panic("no return value specified for Save")
@@ -717,16 +466,16 @@ func (_mock *ConfigRepository) Save(ctx context.Context, cfg bootstrap.Config, c
var r0 string
var r1 error
if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Config, []string) (string, error)); ok {
return returnFunc(ctx, cfg, chsConnIDs)
if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Config) (string, error)); ok {
return returnFunc(ctx, cfg)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Config, []string) string); ok {
r0 = returnFunc(ctx, cfg, chsConnIDs)
if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Config) string); ok {
r0 = returnFunc(ctx, cfg)
} else {
r0 = ret.Get(0).(string)
}
if returnFunc, ok := ret.Get(1).(func(context.Context, bootstrap.Config, []string) error); ok {
r1 = returnFunc(ctx, cfg, chsConnIDs)
if returnFunc, ok := ret.Get(1).(func(context.Context, bootstrap.Config) error); ok {
r1 = returnFunc(ctx, cfg)
} else {
r1 = ret.Error(1)
}
@@ -741,12 +490,11 @@ type ConfigRepository_Save_Call struct {
// Save is a helper method to define mock.On call
// - ctx context.Context
// - cfg bootstrap.Config
// - chsConnIDs []string
func (_e *ConfigRepository_Expecter) Save(ctx interface{}, cfg interface{}, chsConnIDs interface{}) *ConfigRepository_Save_Call {
return &ConfigRepository_Save_Call{Call: _e.mock.On("Save", ctx, cfg, chsConnIDs)}
func (_e *ConfigRepository_Expecter) Save(ctx interface{}, cfg interface{}) *ConfigRepository_Save_Call {
return &ConfigRepository_Save_Call{Call: _e.mock.On("Save", ctx, cfg)}
}
func (_c *ConfigRepository_Save_Call) Run(run func(ctx context.Context, cfg bootstrap.Config, chsConnIDs []string)) *ConfigRepository_Save_Call {
func (_c *ConfigRepository_Save_Call) Run(run func(ctx context.Context, cfg bootstrap.Config)) *ConfigRepository_Save_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
@@ -756,14 +504,9 @@ func (_c *ConfigRepository_Save_Call) Run(run func(ctx context.Context, cfg boot
if args[1] != nil {
arg1 = args[1].(bootstrap.Config)
}
var arg2 []string
if args[2] != nil {
arg2 = args[2].([]string)
}
run(
arg0,
arg1,
arg2,
)
})
return _c
@@ -774,7 +517,7 @@ func (_c *ConfigRepository_Save_Call) Return(s string, err error) *ConfigReposit
return _c
}
func (_c *ConfigRepository_Save_Call) RunAndReturn(run func(ctx context.Context, cfg bootstrap.Config, chsConnIDs []string) (string, error)) *ConfigRepository_Save_Call {
func (_c *ConfigRepository_Save_Call) RunAndReturn(run func(ctx context.Context, cfg bootstrap.Config) (string, error)) *ConfigRepository_Save_Call {
_c.Call.Return(run)
return _c
}
@@ -837,8 +580,8 @@ func (_c *ConfigRepository_Update_Call) RunAndReturn(run func(ctx context.Contex
}
// UpdateCert provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) UpdateCert(ctx context.Context, domainID string, clientID string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error) {
ret := _mock.Called(ctx, domainID, clientID, clientCert, clientKey, caCert)
func (_mock *ConfigRepository) UpdateCert(ctx context.Context, domainID string, id string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error) {
ret := _mock.Called(ctx, domainID, id, clientCert, clientKey, caCert)
if len(ret) == 0 {
panic("no return value specified for UpdateCert")
@@ -847,15 +590,15 @@ func (_mock *ConfigRepository) UpdateCert(ctx context.Context, domainID string,
var r0 bootstrap.Config
var r1 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string, string, string) (bootstrap.Config, error)); ok {
return returnFunc(ctx, domainID, clientID, clientCert, clientKey, caCert)
return returnFunc(ctx, domainID, id, clientCert, clientKey, caCert)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string, string, string) bootstrap.Config); ok {
r0 = returnFunc(ctx, domainID, clientID, clientCert, clientKey, caCert)
r0 = returnFunc(ctx, domainID, id, clientCert, clientKey, caCert)
} else {
r0 = ret.Get(0).(bootstrap.Config)
}
if returnFunc, ok := ret.Get(1).(func(context.Context, string, string, string, string, string) error); ok {
r1 = returnFunc(ctx, domainID, clientID, clientCert, clientKey, caCert)
r1 = returnFunc(ctx, domainID, id, clientCert, clientKey, caCert)
} else {
r1 = ret.Error(1)
}
@@ -870,15 +613,15 @@ type ConfigRepository_UpdateCert_Call struct {
// UpdateCert is a helper method to define mock.On call
// - ctx context.Context
// - domainID string
// - clientID string
// - id string
// - clientCert string
// - clientKey string
// - caCert string
func (_e *ConfigRepository_Expecter) UpdateCert(ctx interface{}, domainID interface{}, clientID interface{}, clientCert interface{}, clientKey interface{}, caCert interface{}) *ConfigRepository_UpdateCert_Call {
return &ConfigRepository_UpdateCert_Call{Call: _e.mock.On("UpdateCert", ctx, domainID, clientID, clientCert, clientKey, caCert)}
func (_e *ConfigRepository_Expecter) UpdateCert(ctx interface{}, domainID interface{}, id interface{}, clientCert interface{}, clientKey interface{}, caCert interface{}) *ConfigRepository_UpdateCert_Call {
return &ConfigRepository_UpdateCert_Call{Call: _e.mock.On("UpdateCert", ctx, domainID, id, clientCert, clientKey, caCert)}
}
func (_c *ConfigRepository_UpdateCert_Call) Run(run func(ctx context.Context, domainID string, clientID string, clientCert string, clientKey string, caCert string)) *ConfigRepository_UpdateCert_Call {
func (_c *ConfigRepository_UpdateCert_Call) Run(run func(ctx context.Context, domainID string, id string, clientCert string, clientKey string, caCert string)) *ConfigRepository_UpdateCert_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
@@ -921,139 +664,7 @@ func (_c *ConfigRepository_UpdateCert_Call) Return(config bootstrap.Config, err
return _c
}
func (_c *ConfigRepository_UpdateCert_Call) RunAndReturn(run func(ctx context.Context, domainID string, clientID string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error)) *ConfigRepository_UpdateCert_Call {
_c.Call.Return(run)
return _c
}
// UpdateChannel provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) UpdateChannel(ctx context.Context, c bootstrap.Channel) error {
ret := _mock.Called(ctx, c)
if len(ret) == 0 {
panic("no return value specified for UpdateChannel")
}
var r0 error
if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Channel) error); ok {
r0 = returnFunc(ctx, c)
} else {
r0 = ret.Error(0)
}
return r0
}
// ConfigRepository_UpdateChannel_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'UpdateChannel'
type ConfigRepository_UpdateChannel_Call struct {
*mock.Call
}
// UpdateChannel is a helper method to define mock.On call
// - ctx context.Context
// - c bootstrap.Channel
func (_e *ConfigRepository_Expecter) UpdateChannel(ctx interface{}, c interface{}) *ConfigRepository_UpdateChannel_Call {
return &ConfigRepository_UpdateChannel_Call{Call: _e.mock.On("UpdateChannel", ctx, c)}
}
func (_c *ConfigRepository_UpdateChannel_Call) Run(run func(ctx context.Context, c bootstrap.Channel)) *ConfigRepository_UpdateChannel_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 bootstrap.Channel
if args[1] != nil {
arg1 = args[1].(bootstrap.Channel)
}
run(
arg0,
arg1,
)
})
return _c
}
func (_c *ConfigRepository_UpdateChannel_Call) Return(err error) *ConfigRepository_UpdateChannel_Call {
_c.Call.Return(err)
return _c
}
func (_c *ConfigRepository_UpdateChannel_Call) RunAndReturn(run func(ctx context.Context, c bootstrap.Channel) error) *ConfigRepository_UpdateChannel_Call {
_c.Call.Return(run)
return _c
}
// UpdateConnections provides a mock function for the type ConfigRepository
func (_mock *ConfigRepository) UpdateConnections(ctx context.Context, domainID string, id string, channels []bootstrap.Channel, connections []string) error {
ret := _mock.Called(ctx, domainID, id, channels, connections)
if len(ret) == 0 {
panic("no return value specified for UpdateConnections")
}
var r0 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, []bootstrap.Channel, []string) error); ok {
r0 = returnFunc(ctx, domainID, id, channels, connections)
} else {
r0 = ret.Error(0)
}
return r0
}
// ConfigRepository_UpdateConnections_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'UpdateConnections'
type ConfigRepository_UpdateConnections_Call struct {
*mock.Call
}
// UpdateConnections is a helper method to define mock.On call
// - ctx context.Context
// - domainID string
// - id string
// - channels []bootstrap.Channel
// - connections []string
func (_e *ConfigRepository_Expecter) UpdateConnections(ctx interface{}, domainID interface{}, id interface{}, channels interface{}, connections interface{}) *ConfigRepository_UpdateConnections_Call {
return &ConfigRepository_UpdateConnections_Call{Call: _e.mock.On("UpdateConnections", ctx, domainID, id, channels, connections)}
}
func (_c *ConfigRepository_UpdateConnections_Call) Run(run func(ctx context.Context, domainID string, id string, channels []bootstrap.Channel, connections []string)) *ConfigRepository_UpdateConnections_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
var arg3 []bootstrap.Channel
if args[3] != nil {
arg3 = args[3].([]bootstrap.Channel)
}
var arg4 []string
if args[4] != nil {
arg4 = args[4].([]string)
}
run(
arg0,
arg1,
arg2,
arg3,
arg4,
)
})
return _c
}
func (_c *ConfigRepository_UpdateConnections_Call) Return(err error) *ConfigRepository_UpdateConnections_Call {
_c.Call.Return(err)
return _c
}
func (_c *ConfigRepository_UpdateConnections_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string, channels []bootstrap.Channel, connections []string) error) *ConfigRepository_UpdateConnections_Call {
func (_c *ConfigRepository_UpdateCert_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string, clientCert string, clientKey string, caCert string) (bootstrap.Config, error)) *ConfigRepository_UpdateCert_Call {
_c.Call.Return(run)
return _c
}
bootstrap/mocks/profile_repository.go
+379
View File
@@ -0,0 +1,379 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
// Code generated by mockery; DO NOT EDIT.
// github.com/vektra/mockery
// template: testify
package mocks
import (
"context"
"github.com/absmach/magistrala/bootstrap"
mock "github.com/stretchr/testify/mock"
)
// NewProfileRepository creates a new instance of ProfileRepository. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
// The first argument is typically a *testing.T value.
func NewProfileRepository(t interface {
mock.TestingT
Cleanup(func())
}) *ProfileRepository {
mock := &ProfileRepository{}
mock.Mock.Test(t)
t.Cleanup(func() { mock.AssertExpectations(t) })
return mock
}
// ProfileRepository is an autogenerated mock type for the ProfileRepository type
type ProfileRepository struct {
mock.Mock
}
type ProfileRepository_Expecter struct {
mock *mock.Mock
}
func (_m *ProfileRepository) EXPECT() *ProfileRepository_Expecter {
return &ProfileRepository_Expecter{mock: &_m.Mock}
}
// Delete provides a mock function for the type ProfileRepository
func (_mock *ProfileRepository) Delete(ctx context.Context, domainID string, id string) error {
ret := _mock.Called(ctx, domainID, id)
if len(ret) == 0 {
panic("no return value specified for Delete")
}
var r0 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) error); ok {
r0 = returnFunc(ctx, domainID, id)
} else {
r0 = ret.Error(0)
}
return r0
}
// ProfileRepository_Delete_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Delete'
type ProfileRepository_Delete_Call struct {
*mock.Call
}
// Delete is a helper method to define mock.On call
// - ctx context.Context
// - domainID string
// - id string
func (_e *ProfileRepository_Expecter) Delete(ctx interface{}, domainID interface{}, id interface{}) *ProfileRepository_Delete_Call {
return &ProfileRepository_Delete_Call{Call: _e.mock.On("Delete", ctx, domainID, id)}
}
func (_c *ProfileRepository_Delete_Call) Run(run func(ctx context.Context, domainID string, id string)) *ProfileRepository_Delete_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
run(
arg0,
arg1,
arg2,
)
})
return _c
}
func (_c *ProfileRepository_Delete_Call) Return(err error) *ProfileRepository_Delete_Call {
_c.Call.Return(err)
return _c
}
func (_c *ProfileRepository_Delete_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string) error) *ProfileRepository_Delete_Call {
_c.Call.Return(run)
return _c
}
// RetrieveAll provides a mock function for the type ProfileRepository
func (_mock *ProfileRepository) RetrieveAll(ctx context.Context, domainID string, offset uint64, limit uint64) (bootstrap.ProfilesPage, error) {
ret := _mock.Called(ctx, domainID, offset, limit)
if len(ret) == 0 {
panic("no return value specified for RetrieveAll")
}
var r0 bootstrap.ProfilesPage
var r1 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string, uint64, uint64) (bootstrap.ProfilesPage, error)); ok {
return returnFunc(ctx, domainID, offset, limit)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, string, uint64, uint64) bootstrap.ProfilesPage); ok {
r0 = returnFunc(ctx, domainID, offset, limit)
} else {
r0 = ret.Get(0).(bootstrap.ProfilesPage)
}
if returnFunc, ok := ret.Get(1).(func(context.Context, string, uint64, uint64) error); ok {
r1 = returnFunc(ctx, domainID, offset, limit)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// ProfileRepository_RetrieveAll_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RetrieveAll'
type ProfileRepository_RetrieveAll_Call struct {
*mock.Call
}
// RetrieveAll is a helper method to define mock.On call
// - ctx context.Context
// - domainID string
// - offset uint64
// - limit uint64
func (_e *ProfileRepository_Expecter) RetrieveAll(ctx interface{}, domainID interface{}, offset interface{}, limit interface{}) *ProfileRepository_RetrieveAll_Call {
return &ProfileRepository_RetrieveAll_Call{Call: _e.mock.On("RetrieveAll", ctx, domainID, offset, limit)}
}
func (_c *ProfileRepository_RetrieveAll_Call) Run(run func(ctx context.Context, domainID string, offset uint64, limit uint64)) *ProfileRepository_RetrieveAll_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 uint64
if args[2] != nil {
arg2 = args[2].(uint64)
}
var arg3 uint64
if args[3] != nil {
arg3 = args[3].(uint64)
}
run(
arg0,
arg1,
arg2,
arg3,
)
})
return _c
}
func (_c *ProfileRepository_RetrieveAll_Call) Return(profilesPage bootstrap.ProfilesPage, err error) *ProfileRepository_RetrieveAll_Call {
_c.Call.Return(profilesPage, err)
return _c
}
func (_c *ProfileRepository_RetrieveAll_Call) RunAndReturn(run func(ctx context.Context, domainID string, offset uint64, limit uint64) (bootstrap.ProfilesPage, error)) *ProfileRepository_RetrieveAll_Call {
_c.Call.Return(run)
return _c
}
// RetrieveByID provides a mock function for the type ProfileRepository
func (_mock *ProfileRepository) RetrieveByID(ctx context.Context, domainID string, id string) (bootstrap.Profile, error) {
ret := _mock.Called(ctx, domainID, id)
if len(ret) == 0 {
panic("no return value specified for RetrieveByID")
}
var r0 bootstrap.Profile
var r1 error
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) (bootstrap.Profile, error)); ok {
return returnFunc(ctx, domainID, id)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) bootstrap.Profile); ok {
r0 = returnFunc(ctx, domainID, id)
} else {
r0 = ret.Get(0).(bootstrap.Profile)
}
if returnFunc, ok := ret.Get(1).(func(context.Context, string, string) error); ok {
r1 = returnFunc(ctx, domainID, id)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// ProfileRepository_RetrieveByID_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RetrieveByID'
type ProfileRepository_RetrieveByID_Call struct {
*mock.Call
}
// RetrieveByID is a helper method to define mock.On call
// - ctx context.Context
// - domainID string
// - id string
func (_e *ProfileRepository_Expecter) RetrieveByID(ctx interface{}, domainID interface{}, id interface{}) *ProfileRepository_RetrieveByID_Call {
return &ProfileRepository_RetrieveByID_Call{Call: _e.mock.On("RetrieveByID", ctx, domainID, id)}
}
func (_c *ProfileRepository_RetrieveByID_Call) Run(run func(ctx context.Context, domainID string, id string)) *ProfileRepository_RetrieveByID_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
run(
arg0,
arg1,
arg2,
)
})
return _c
}
func (_c *ProfileRepository_RetrieveByID_Call) Return(profile bootstrap.Profile, err error) *ProfileRepository_RetrieveByID_Call {
_c.Call.Return(profile, err)
return _c
}
func (_c *ProfileRepository_RetrieveByID_Call) RunAndReturn(run func(ctx context.Context, domainID string, id string) (bootstrap.Profile, error)) *ProfileRepository_RetrieveByID_Call {
_c.Call.Return(run)
return _c
}
// Save provides a mock function for the type ProfileRepository
func (_mock *ProfileRepository) Save(ctx context.Context, p bootstrap.Profile) (bootstrap.Profile, error) {
ret := _mock.Called(ctx, p)
if len(ret) == 0 {
panic("no return value specified for Save")
}
var r0 bootstrap.Profile
var r1 error
if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Profile) (bootstrap.Profile, error)); ok {
return returnFunc(ctx, p)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Profile) bootstrap.Profile); ok {
r0 = returnFunc(ctx, p)
} else {
r0 = ret.Get(0).(bootstrap.Profile)
}
if returnFunc, ok := ret.Get(1).(func(context.Context, bootstrap.Profile) error); ok {
r1 = returnFunc(ctx, p)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// ProfileRepository_Save_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Save'
type ProfileRepository_Save_Call struct {
*mock.Call
}
// Save is a helper method to define mock.On call
// - ctx context.Context
// - p bootstrap.Profile
func (_e *ProfileRepository_Expecter) Save(ctx interface{}, p interface{}) *ProfileRepository_Save_Call {
return &ProfileRepository_Save_Call{Call: _e.mock.On("Save", ctx, p)}
}
func (_c *ProfileRepository_Save_Call) Run(run func(ctx context.Context, p bootstrap.Profile)) *ProfileRepository_Save_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 bootstrap.Profile
if args[1] != nil {
arg1 = args[1].(bootstrap.Profile)
}
run(
arg0,
arg1,
)
})
return _c
}
func (_c *ProfileRepository_Save_Call) Return(profile bootstrap.Profile, err error) *ProfileRepository_Save_Call {
_c.Call.Return(profile, err)
return _c
}
func (_c *ProfileRepository_Save_Call) RunAndReturn(run func(ctx context.Context, p bootstrap.Profile) (bootstrap.Profile, error)) *ProfileRepository_Save_Call {
_c.Call.Return(run)
return _c
}
// Update provides a mock function for the type ProfileRepository
func (_mock *ProfileRepository) Update(ctx context.Context, p bootstrap.Profile) error {
ret := _mock.Called(ctx, p)
if len(ret) == 0 {
panic("no return value specified for Update")
}
var r0 error
if returnFunc, ok := ret.Get(0).(func(context.Context, bootstrap.Profile) error); ok {
r0 = returnFunc(ctx, p)
} else {
r0 = ret.Error(0)
}
return r0
}
// ProfileRepository_Update_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Update'
type ProfileRepository_Update_Call struct {
*mock.Call
}
// Update is a helper method to define mock.On call
// - ctx context.Context
// - p bootstrap.Profile
func (_e *ProfileRepository_Expecter) Update(ctx interface{}, p interface{}) *ProfileRepository_Update_Call {
return &ProfileRepository_Update_Call{Call: _e.mock.On("Update", ctx, p)}
}
func (_c *ProfileRepository_Update_Call) Run(run func(ctx context.Context, p bootstrap.Profile)) *ProfileRepository_Update_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 bootstrap.Profile
if args[1] != nil {
arg1 = args[1].(bootstrap.Profile)
}
run(
arg0,
arg1,
)
})
return _c
}
func (_c *ProfileRepository_Update_Call) Return(err error) *ProfileRepository_Update_Call {
_c.Call.Return(err)
return _c
}
func (_c *ProfileRepository_Update_Call) RunAndReturn(run func(ctx context.Context, p bootstrap.Profile) error) *ProfileRepository_Update_Call {
_c.Call.Return(run)
return _c
}
bootstrap/mocks/renderer.go
+115
View File
@@ -0,0 +1,115 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
// Code generated by mockery; DO NOT EDIT.
// github.com/vektra/mockery
// template: testify
package mocks
import (
"github.com/absmach/magistrala/bootstrap"
mock "github.com/stretchr/testify/mock"
)
// NewRenderer creates a new instance of Renderer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
// The first argument is typically a *testing.T value.
func NewRenderer(t interface {
mock.TestingT
Cleanup(func())
}) *Renderer {
mock := &Renderer{}
mock.Mock.Test(t)
t.Cleanup(func() { mock.AssertExpectations(t) })
return mock
}
// Renderer is an autogenerated mock type for the Renderer type
type Renderer struct {
mock.Mock
}
type Renderer_Expecter struct {
mock *mock.Mock
}
func (_m *Renderer) EXPECT() *Renderer_Expecter {
return &Renderer_Expecter{mock: &_m.Mock}
}
// Render provides a mock function for the type Renderer
func (_mock *Renderer) Render(profile bootstrap.Profile, enrollment bootstrap.Config, bindings []bootstrap.BindingSnapshot) ([]byte, error) {
ret := _mock.Called(profile, enrollment, bindings)
if len(ret) == 0 {
panic("no return value specified for Render")
}
var r0 []byte
var r1 error
if returnFunc, ok := ret.Get(0).(func(bootstrap.Profile, bootstrap.Config, []bootstrap.BindingSnapshot) ([]byte, error)); ok {
return returnFunc(profile, enrollment, bindings)
}
if returnFunc, ok := ret.Get(0).(func(bootstrap.Profile, bootstrap.Config, []bootstrap.BindingSnapshot) []byte); ok {
r0 = returnFunc(profile, enrollment, bindings)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]byte)
}
}
if returnFunc, ok := ret.Get(1).(func(bootstrap.Profile, bootstrap.Config, []bootstrap.BindingSnapshot) error); ok {
r1 = returnFunc(profile, enrollment, bindings)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// Renderer_Render_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Render'
type Renderer_Render_Call struct {
*mock.Call
}
// Render is a helper method to define mock.On call
// - profile bootstrap.Profile
// - enrollment bootstrap.Config
// - bindings []bootstrap.BindingSnapshot
func (_e *Renderer_Expecter) Render(profile interface{}, enrollment interface{}, bindings interface{}) *Renderer_Render_Call {
return &Renderer_Render_Call{Call: _e.mock.On("Render", profile, enrollment, bindings)}
}
func (_c *Renderer_Render_Call) Run(run func(profile bootstrap.Profile, enrollment bootstrap.Config, bindings []bootstrap.BindingSnapshot)) *Renderer_Render_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 bootstrap.Profile
if args[0] != nil {
arg0 = args[0].(bootstrap.Profile)
}
var arg1 bootstrap.Config
if args[1] != nil {
arg1 = args[1].(bootstrap.Config)
}
var arg2 []bootstrap.BindingSnapshot
if args[2] != nil {
arg2 = args[2].([]bootstrap.BindingSnapshot)
}
run(
arg0,
arg1,
arg2,
)
})
return _c
}
func (_c *Renderer_Render_Call) Return(bytes []byte, err error) *Renderer_Render_Call {
_c.Call.Return(bytes, err)
return _c
}
func (_c *Renderer_Render_Call) RunAndReturn(run func(profile bootstrap.Profile, enrollment bootstrap.Config, bindings []bootstrap.BindingSnapshot) ([]byte, error)) *Renderer_Render_Call {
_c.Call.Return(run)
return _c
}
bootstrap/mocks/service.go
+613 -281
View File
File diff suppressed because it is too large Load Diff
bootstrap/postgres/bindings.go
+146
View File
@@ -0,0 +1,146 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package postgres
import (
"context"
"encoding/json"
"fmt"
"log/slog"
"time"
"github.com/absmach/magistrala/bootstrap"
"github.com/absmach/magistrala/pkg/errors"
repoerr "github.com/absmach/magistrala/pkg/errors/repository"
"github.com/absmach/magistrala/pkg/postgres"
)
var _ bootstrap.BindingStore = (*bindingRepository)(nil)
type bindingRepository struct {
db postgres.Database
log *slog.Logger
}
// NewBindingRepository instantiates a PostgreSQL implementation of BindingStore.
func NewBindingRepository(db postgres.Database, log *slog.Logger) bootstrap.BindingStore {
return &bindingRepository{db: db, log: log}
}
func (br bindingRepository) Save(ctx context.Context, configID string, bindings []bootstrap.BindingSnapshot) error {
if len(bindings) == 0 {
return nil
}
q := `INSERT INTO bindings (config_id, slot, type, resource_id, snapshot, secret_snapshot, updated_at)
VALUES (:config_id, :slot, :type, :resource_id, :snapshot, :secret_snapshot, :updated_at)
ON CONFLICT (config_id, slot) DO UPDATE SET
type = EXCLUDED.type,
resource_id = EXCLUDED.resource_id,
snapshot = EXCLUDED.snapshot,
secret_snapshot = EXCLUDED.secret_snapshot,
updated_at = EXCLUDED.updated_at`
now := time.Now().UTC()
dbBindings := make([]dbBindingSnapshot, 0, len(bindings))
for _, b := range bindings {
b.ConfigID = configID
b.UpdatedAt = now
dbb, err := toDBBindingSnapshot(b)
if err != nil {
return errors.Wrap(repoerr.ErrCreateEntity, err)
}
dbBindings = append(dbBindings, dbb)
}
if _, err := br.db.NamedExecContext(ctx, q, dbBindings); err != nil {
return errors.Wrap(repoerr.ErrCreateEntity, err)
}
return nil
}
func (br bindingRepository) Retrieve(ctx context.Context, configID string) ([]bootstrap.BindingSnapshot, error) {
q := `SELECT config_id, slot, type, resource_id, snapshot, secret_snapshot, updated_at
FROM bindings WHERE config_id = $1 ORDER BY slot`
rows, err := br.db.QueryxContext(ctx, q, configID)
if err != nil {
return nil, errors.Wrap(repoerr.ErrViewEntity, err)
}
defer rows.Close()
var snapshots []bootstrap.BindingSnapshot
for rows.Next() {
var dbb dbBindingSnapshot
if err := rows.StructScan(&dbb); err != nil {
br.log.Error(fmt.Sprintf("failed to scan binding snapshot: %s", err))
return nil, errors.Wrap(repoerr.ErrViewEntity, err)
}
b, err := toBindingSnapshot(dbb)
if err != nil {
return nil, errors.Wrap(repoerr.ErrViewEntity, err)
}
snapshots = append(snapshots, b)
}
return snapshots, nil
}
func (br bindingRepository) Delete(ctx context.Context, configID, slot string) error {
q := `DELETE FROM bindings WHERE config_id = $1 AND slot = $2`
if _, err := br.db.ExecContext(ctx, q, configID, slot); err != nil {
return errors.Wrap(repoerr.ErrRemoveEntity, err)
}
return nil
}
// dbBindingSnapshot is the database representation of a BindingSnapshot.
type dbBindingSnapshot struct {
ConfigID string `db:"config_id"`
Slot string `db:"slot"`
Type string `db:"type"`
ResourceID string `db:"resource_id"`
Snapshot []byte `db:"snapshot"`
SecretSnapshot []byte `db:"secret_snapshot"`
UpdatedAt time.Time `db:"updated_at"`
}
func toDBBindingSnapshot(b bootstrap.BindingSnapshot) (dbBindingSnapshot, error) {
snap, err := json.Marshal(b.Snapshot)
if err != nil {
return dbBindingSnapshot{}, err
}
secret, err := json.Marshal(b.SecretSnapshot)
if err != nil {
return dbBindingSnapshot{}, err
}
return dbBindingSnapshot{
ConfigID: b.ConfigID,
Slot: b.Slot,
Type: b.Type,
ResourceID: b.ResourceID,
Snapshot: snap,
SecretSnapshot: secret,
UpdatedAt: b.UpdatedAt,
}, nil
}
func toBindingSnapshot(dbb dbBindingSnapshot) (bootstrap.BindingSnapshot, error) {
b := bootstrap.BindingSnapshot{
ConfigID: dbb.ConfigID,
Slot: dbb.Slot,
Type: dbb.Type,
ResourceID: dbb.ResourceID,
UpdatedAt: dbb.UpdatedAt,
}
if len(dbb.Snapshot) > 0 && string(dbb.Snapshot) != jsonNull {
if err := json.Unmarshal(dbb.Snapshot, &b.Snapshot); err != nil {
return bootstrap.BindingSnapshot{}, err
}
}
if len(dbb.SecretSnapshot) > 0 && string(dbb.SecretSnapshot) != jsonNull {
if err := json.Unmarshal(dbb.SecretSnapshot, &b.SecretSnapshot); err != nil {
return bootstrap.BindingSnapshot{}, err
}
}
return b, nil
}
bootstrap/postgres/configs.go
+117 -474
View File
@@ -10,30 +10,16 @@ import (
"fmt"
"log/slog"
"strings"
"time"
"github.com/absmach/magistrala/bootstrap"
"github.com/absmach/magistrala/clients"
"github.com/absmach/magistrala/pkg/errors"
repoerr "github.com/absmach/magistrala/pkg/errors/repository"
"github.com/absmach/magistrala/pkg/postgres"
"github.com/jackc/pgerrcode"
"github.com/jackc/pgtype"
"github.com/jackc/pgx/v5/pgconn"
"github.com/jmoiron/sqlx"
)
var (
errSaveChannels = errors.New("failed to insert channels to database")
errSaveConnections = errors.New("failed to insert connections to database")
errUpdateChannels = errors.New("failed to update channels in bootstrap configuration database")
errRemoveChannels = errors.New("failed to remove channels from bootstrap configuration in database")
errConnectClient = errors.New("failed to connect client in bootstrap configuration in database")
errDisconnectClient = errors.New("failed to disconnect client in bootstrap configuration in database")
)
const cleanupQuery = `DELETE FROM channels ch WHERE NOT EXISTS (
SELECT channel_id FROM connections c WHERE ch.magistrala_channel = c.channel_id);`
const jsonNull = "null"
var _ bootstrap.ConfigRepository = (*configRepository)(nil)
@@ -48,54 +34,34 @@ func NewConfigRepository(db postgres.Database, log *slog.Logger) bootstrap.Confi
return &configRepository{db: db, log: log}
}
func (cr configRepository) Save(ctx context.Context, cfg bootstrap.Config, chsConnIDs []string) (clientID string, err error) {
q := `INSERT INTO configs (magistrala_client, domain_id, name, client_cert, client_key, ca_cert, magistrala_secret, external_id, external_key, content, state)
VALUES (:magistrala_client, :domain_id, :name, :client_cert, :client_key, :ca_cert, :magistrala_secret, :external_id, :external_key, :content, :state)`
func (cr configRepository) Save(ctx context.Context, cfg bootstrap.Config) (string, error) {
q := `INSERT INTO configs (id, domain_id, name, client_cert, client_key, ca_cert, external_id, external_key, content, status, profile_id, render_context)
VALUES (:id, :domain_id, :name, :client_cert, :client_key, :ca_cert, :external_id, :external_key, :content, :status, :profile_id, :render_context)`
tx, err := cr.db.BeginTxx(ctx, nil)
dbcfg, err := toDBConfig(cfg)
if err != nil {
return "", errors.Wrap(repoerr.ErrCreateEntity, err)
}
dbcfg := toDBConfig(cfg)
defer func() {
if err != nil {
err = cr.rollback("Save method", err, tx)
}
}()
if _, err := tx.NamedExec(q, dbcfg); err != nil {
if _, err := cr.db.NamedExecContext(ctx, q, dbcfg); err != nil {
switch pgErr := err.(type) {
case *pgconn.PgError:
if pgErr.Code == pgerrcode.UniqueViolation {
err = repoerr.ErrConflict
return "", repoerr.ErrConflict
}
}
return "", err
return "", errors.Wrap(repoerr.ErrCreateEntity, err)
}
if err := insertChannels(cfg.DomainID, cfg.Channels, tx); err != nil {
return "", errors.Wrap(errSaveChannels, err)
}
if err := insertConnections(ctx, cfg, chsConnIDs, tx); err != nil {
return "", errors.Wrap(errSaveConnections, err)
}
if commitErr := tx.Commit(); commitErr != nil {
return "", commitErr
}
return cfg.ClientID, nil
return cfg.ID, nil
}
func (cr configRepository) RetrieveByID(ctx context.Context, domainID, id string) (bootstrap.Config, error) {
q := `SELECT magistrala_client, magistrala_secret, external_id, external_key, name, content, state, client_cert, ca_cert
q := `SELECT id, external_id, name, content, status, client_cert, client_key, ca_cert, profile_id, render_context
FROM configs
WHERE magistrala_client = :magistrala_client AND domain_id = :domain_id`
WHERE id = :id AND domain_id = :domain_id`
dbcfg := dbConfig{
ClientID: id,
ID: id,
DomainID: domainID,
}
row, err := cr.db.NamedQueryContext(ctx, q, dbcfg)
@@ -111,46 +77,19 @@ func (cr configRepository) RetrieveByID(ctx context.Context, domainID, id string
return bootstrap.Config{}, err
}
q = `SELECT magistrala_channel, name, metadata FROM channels ch
INNER JOIN connections conn
ON ch.magistrala_channel = conn.channel_id AND ch.domain_id = conn.domain_id
WHERE conn.config_id = :magistrala_client AND conn.domain_id = :domain_id`
rows, err := cr.db.NamedQueryContext(ctx, q, dbcfg)
cfg, err := toConfig(dbcfg)
if err != nil {
cr.log.Error(fmt.Sprintf("Failed to retrieve connected due to %s", err))
return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err)
return bootstrap.Config{}, err
}
defer rows.Close()
chans := []bootstrap.Channel{}
for rows.Next() {
dbch := dbChannel{}
if err := rows.StructScan(&dbch); err != nil {
cr.log.Error(fmt.Sprintf("Failed to read connected client due to %s", err))
return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
dbch.DomainID = nullString(dbcfg.DomainID)
ch, err := toChannel(dbch)
if err != nil {
return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
chans = append(chans, ch)
}
cfg := toConfig(dbcfg)
cfg.Channels = chans
return cfg, nil
}
func (cr configRepository) RetrieveAll(ctx context.Context, domainID string, clientIDs []string, filter bootstrap.Filter, offset, limit uint64) bootstrap.ConfigsPage {
search, params := buildRetrieveQueryParams(domainID, clientIDs, filter)
func (cr configRepository) RetrieveAll(ctx context.Context, domainID string, filter bootstrap.Filter, offset, limit uint64) bootstrap.ConfigsPage {
search, params := buildRetrieveQueryParams(domainID, filter)
n := len(params)
q := `SELECT magistrala_client, magistrala_secret, external_id, external_key, name, content, state
FROM configs %s ORDER BY magistrala_client LIMIT $%d OFFSET $%d`
q := `SELECT id, external_id, name, content, status, profile_id, render_context
FROM configs %s ORDER BY id LIMIT $%d OFFSET $%d`
q = fmt.Sprintf(q, search, n+1, n+2)
rows, err := cr.db.QueryContext(ctx, q, append(params, limit, offset)...)
@@ -160,18 +99,28 @@ func (cr configRepository) RetrieveAll(ctx context.Context, domainID string, cli
}
defer rows.Close()
var name, content sql.NullString
var name, content, profileID sql.NullString
var renderContext []byte
configs := []bootstrap.Config{}
for rows.Next() {
c := bootstrap.Config{DomainID: domainID}
if err := rows.Scan(&c.ClientID, &c.ClientSecret, &c.ExternalID, &c.ExternalKey, &name, &content, &c.State); err != nil {
if err := rows.Scan(&c.ID, &c.ExternalID, &name, &content, &c.Status, &profileID, &renderContext); err != nil {
cr.log.Error(fmt.Sprintf("Failed to read retrieved config due to %s", err))
return bootstrap.ConfigsPage{}
}
c.Name = name.String
c.Content = content.String
if profileID.Valid {
c.ProfileID = profileID.String
}
if len(renderContext) > 0 && string(renderContext) != jsonNull {
if err := json.Unmarshal(renderContext, &c.RenderContext); err != nil {
cr.log.Error(fmt.Sprintf("Failed to decode render context due to %s", err))
return bootstrap.ConfigsPage{}
}
}
configs = append(configs, c)
}
@@ -192,7 +141,7 @@ func (cr configRepository) RetrieveAll(ctx context.Context, domainID string, cli
}
func (cr configRepository) RetrieveByExternalID(ctx context.Context, externalID string) (bootstrap.Config, error) {
q := `SELECT magistrala_client, magistrala_secret, external_key, domain_id, name, client_cert, client_key, ca_cert, content, state
q := `SELECT id, external_key, domain_id, name, client_cert, client_key, ca_cert, content, status, profile_id, render_context
FROM configs
WHERE external_id = :external_id`
dbcfg := dbConfig{
@@ -212,48 +161,20 @@ func (cr configRepository) RetrieveByExternalID(ctx context.Context, externalID
return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
q = `SELECT magistrala_channel, name, metadata FROM channels ch
INNER JOIN connections conn
ON ch.magistrala_channel = conn.channel_id AND ch.domain_id = conn.domain_id
WHERE conn.config_id = :magistrala_client AND conn.domain_id = :domain_id`
rows, err := cr.db.NamedQueryContext(ctx, q, dbcfg)
cfg, err := toConfig(dbcfg)
if err != nil {
cr.log.Error(fmt.Sprintf("Failed to retrieve connected due to %s", err))
return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err)
return bootstrap.Config{}, err
}
defer rows.Close()
channels := []bootstrap.Channel{}
for rows.Next() {
dbch := dbChannel{}
if err := rows.StructScan(&dbch); err != nil {
cr.log.Error(fmt.Sprintf("Failed to read connected client due to %s", err))
return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
ch, err := toChannel(dbch)
if err != nil {
cr.log.Error(fmt.Sprintf("Failed to deserialize channel due to %s", err))
return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
channels = append(channels, ch)
}
cfg := toConfig(dbcfg)
cfg.Channels = channels
return cfg, nil
}
func (cr configRepository) Update(ctx context.Context, cfg bootstrap.Config) error {
q := `UPDATE configs SET name = :name, content = :content WHERE magistrala_client = :magistrala_client AND domain_id = :domain_id `
q := `UPDATE configs SET name = :name, content = :content WHERE id = :id AND domain_id = :domain_id `
dbcfg := dbConfig{
Name: nullString(cfg.Name),
Content: nullString(cfg.Content),
ClientID: cfg.ClientID,
ID: cfg.ID,
DomainID: cfg.DomainID,
}
@@ -274,12 +195,38 @@ func (cr configRepository) Update(ctx context.Context, cfg bootstrap.Config) err
return nil
}
func (cr configRepository) UpdateCert(ctx context.Context, domainID, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
q := `UPDATE configs SET client_cert = :client_cert, client_key = :client_key, ca_cert = :ca_cert WHERE magistrala_client = :magistrala_client AND domain_id = :domain_id
RETURNING magistrala_client, client_cert, client_key, ca_cert`
func (cr configRepository) AssignProfile(ctx context.Context, domainID, id, profileID string) error {
q := `UPDATE configs SET profile_id = :profile_id WHERE id = :id AND domain_id = :domain_id`
dbcfg := dbConfig{
ClientID: clientID,
ID: id,
DomainID: domainID,
ProfileID: nullString(profileID),
}
res, err := cr.db.NamedExecContext(ctx, q, dbcfg)
if err != nil {
return errors.Wrap(repoerr.ErrUpdateEntity, err)
}
cnt, err := res.RowsAffected()
if err != nil {
return errors.Wrap(repoerr.ErrUpdateEntity, err)
}
if cnt == 0 {
return repoerr.ErrNotFound
}
return nil
}
func (cr configRepository) UpdateCert(ctx context.Context, domainID, id, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
q := `UPDATE configs SET client_cert = :client_cert, client_key = :client_key, ca_cert = :ca_cert WHERE id = :id AND domain_id = :domain_id
RETURNING id, client_cert, client_key, ca_cert, domain_id`
dbcfg := dbConfig{
ID: id,
ClientCert: nullString(clientCert),
DomainID: domainID,
ClientKey: nullString(clientKey),
@@ -300,47 +247,17 @@ func (cr configRepository) UpdateCert(ctx context.Context, domainID, clientID, c
return bootstrap.Config{}, err
}
return toConfig(dbcfg), nil
}
func (cr configRepository) UpdateConnections(ctx context.Context, domainID, id string, channels []bootstrap.Channel, connections []string) (err error) {
tx, err := cr.db.BeginTxx(ctx, nil)
cfg, err := toConfig(dbcfg)
if err != nil {
return errors.Wrap(repoerr.ErrUpdateEntity, err)
return bootstrap.Config{}, err
}
defer func() {
if err != nil {
err = cr.rollback("UpdateConnections method", err, tx)
} else {
if commitErr := tx.Commit(); commitErr != nil {
err = commitErr
}
}
}()
if err = insertChannels(domainID, channels, tx); err != nil {
err = errors.Wrap(repoerr.ErrUpdateEntity, err)
return err
}
if err = updateConnections(domainID, id, connections, tx); err != nil {
if e, ok := err.(*pgconn.PgError); ok {
if e.Code == pgerrcode.ForeignKeyViolation {
err = repoerr.ErrNotFound
}
}
err = errors.Wrap(repoerr.ErrUpdateEntity, err)
return err
}
return nil
return cfg, nil
}
func (cr configRepository) Remove(ctx context.Context, domainID, id string) error {
q := `DELETE FROM configs WHERE magistrala_client = :magistrala_client AND domain_id = :domain_id`
q := `DELETE FROM configs WHERE id = :id AND domain_id = :domain_id`
dbcfg := dbConfig{
ClientID: id,
ID: id,
DomainID: domainID,
}
@@ -348,19 +265,15 @@ func (cr configRepository) Remove(ctx context.Context, domainID, id string) erro
return errors.Wrap(repoerr.ErrRemoveEntity, err)
}
if _, err := cr.db.ExecContext(ctx, cleanupQuery); err != nil {
cr.log.Warn("Failed to clean dangling channels after removal")
}
return nil
}
func (cr configRepository) ChangeState(ctx context.Context, domainID, id string, state bootstrap.State) error {
q := `UPDATE configs SET state = :state WHERE magistrala_client = :magistrala_client AND domain_id = :domain_id;`
func (cr configRepository) ChangeStatus(ctx context.Context, domainID, id string, status bootstrap.Status) error {
q := `UPDATE configs SET status = :status WHERE id = :id AND domain_id = :domain_id;`
dbcfg := dbConfig{
ClientID: id,
State: state,
ID: id,
Status: status,
DomainID: domainID,
}
@@ -381,117 +294,30 @@ func (cr configRepository) ChangeState(ctx context.Context, domainID, id string,
return nil
}
func (cr configRepository) ListExisting(ctx context.Context, domainID string, ids []string) ([]bootstrap.Channel, error) {
var channels []bootstrap.Channel
if len(ids) == 0 {
return channels, nil
}
var chans pgtype.TextArray
if err := chans.Set(ids); err != nil {
return []bootstrap.Channel{}, err
}
q := "SELECT magistrala_channel, name, metadata FROM channels WHERE domain_id = $1 AND magistrala_channel = ANY ($2)"
rows, err := cr.db.QueryxContext(ctx, q, domainID, chans)
if err != nil {
return []bootstrap.Channel{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
for rows.Next() {
var dbch dbChannel
if err := rows.StructScan(&dbch); err != nil {
cr.log.Error(fmt.Sprintf("Failed to read retrieved channels due to %s", err))
return []bootstrap.Channel{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
ch, err := toChannel(dbch)
if err != nil {
cr.log.Error(fmt.Sprintf("Failed to deserialize channel due to %s", err))
return []bootstrap.Channel{}, err
}
channels = append(channels, ch)
}
return channels, nil
}
func (cr configRepository) RemoveClient(ctx context.Context, id string) error {
q := `DELETE FROM configs WHERE magistrala_client = $1`
_, err := cr.db.ExecContext(ctx, q, id)
if _, err := cr.db.ExecContext(ctx, cleanupQuery); err != nil {
cr.log.Warn("Failed to clean dangling channels after removal")
}
if err != nil {
return errors.Wrap(repoerr.ErrRemoveEntity, err)
}
return nil
}
func (cr configRepository) UpdateChannel(ctx context.Context, c bootstrap.Channel) error {
dbch, err := toDBChannel("", c)
if err != nil {
return errors.Wrap(repoerr.ErrUpdateEntity, err)
}
q := `UPDATE channels SET name = :name, metadata = :metadata, updated_at = :updated_at, updated_by = :updated_by
WHERE magistrala_channel = :magistrala_channel`
if _, err = cr.db.NamedExecContext(ctx, q, dbch); err != nil {
return errors.Wrap(errUpdateChannels, err)
}
return nil
}
func (cr configRepository) RemoveChannel(ctx context.Context, id string) error {
q := `DELETE FROM channels WHERE magistrala_channel = $1`
if _, err := cr.db.ExecContext(ctx, q, id); err != nil {
return errors.Wrap(errRemoveChannels, err)
}
return nil
}
func (cr configRepository) ConnectClient(ctx context.Context, channelID, clientID string) error {
q := `UPDATE configs SET state = $1
WHERE magistrala_client = $2
AND EXISTS (SELECT 1 FROM connections WHERE config_id = $2 AND channel_id = $3)`
result, err := cr.db.ExecContext(ctx, q, bootstrap.Active, clientID, channelID)
if err != nil {
return errors.Wrap(errConnectClient, err)
}
if rows, _ := result.RowsAffected(); rows == 0 {
return repoerr.ErrNotFound
}
return nil
}
func (cr configRepository) DisconnectClient(ctx context.Context, channelID, clientID string) error {
q := `UPDATE configs SET state = $1
WHERE magistrala_client = $2
AND EXISTS (SELECT 1 FROM connections WHERE config_id = $2 AND channel_id = $3)`
_, err := cr.db.ExecContext(ctx, q, bootstrap.Inactive, clientID, channelID)
if err != nil {
return errors.Wrap(errDisconnectClient, err)
}
return nil
}
func buildRetrieveQueryParams(domainID string, clientIDs []string, filter bootstrap.Filter) (string, []any) {
func buildRetrieveQueryParams(domainID string, filter bootstrap.Filter) (string, []any) {
params := []any{}
queries := []string{}
if len(clientIDs) != 0 {
queries = append(queries, fmt.Sprintf("magistrala_client IN ('%s')", strings.Join(clientIDs, "','")))
} else if domainID != "" {
if domainID != "" {
params = append(params, domainID)
queries = append(queries, fmt.Sprintf("domain_id = $%d", len(params)))
}
// Adjust the starting point for placeholders based on the current length of params
counter := len(params) + 1
for k, v := range filter.FullMatch {
if k == "status" {
status, err := bootstrap.ToStatus(v)
if err != nil {
return "", nil
}
if status == bootstrap.AllStatus {
continue
}
params = append(params, status)
queries = append(queries, fmt.Sprintf("%s = $%d", k, counter))
counter++
continue
}
params = append(params, v)
queries = append(queries, fmt.Sprintf("%s = $%d", k, counter))
counter++
@@ -508,138 +334,16 @@ func buildRetrieveQueryParams(domainID string, clientIDs []string, filter bootst
return "", params
}
func (cr configRepository) rollback(content string, defErr error, tx *sqlx.Tx) error {
if err := tx.Rollback(); err != nil {
return errors.Wrap(defErr, errors.Wrap(errors.New("failed to rollback at "+content), err))
}
return defErr
}
func insertChannels(domainID string, channels []bootstrap.Channel, tx *sqlx.Tx) error {
if len(channels) == 0 {
return nil
}
var chans []dbChannel
for _, ch := range channels {
dbch, err := toDBChannel(domainID, ch)
if err != nil {
return err
}
chans = append(chans, dbch)
}
q := `INSERT INTO channels (magistrala_channel, domain_id, name, metadata, parent_id, description, created_at, updated_at, updated_by, status)
VALUES (:magistrala_channel, :domain_id, :name, :metadata, :parent_id, :description, :created_at, :updated_at, :updated_by, :status)`
if _, err := tx.NamedExec(q, chans); err != nil {
e := err
if pqErr, ok := err.(*pgconn.PgError); ok && pqErr.Code == pgerrcode.UniqueViolation {
e = repoerr.ErrConflict
}
return e
}
return nil
}
func insertConnections(_ context.Context, cfg bootstrap.Config, connections []string, tx *sqlx.Tx) error {
if len(connections) == 0 {
return nil
}
q := `INSERT INTO connections (config_id, channel_id, domain_id)
VALUES (:config_id, :channel_id, :domain_id)`
conns := []dbConnection{}
for _, conn := range connections {
dbconn := dbConnection{
Config: cfg.ClientID,
Channel: conn,
DomainID: cfg.DomainID,
}
conns = append(conns, dbconn)
}
_, err := tx.NamedExec(q, conns)
return err
}
func updateConnections(domainID, id string, connections []string, tx *sqlx.Tx) error {
if len(connections) == 0 {
return nil
}
q := `DELETE FROM connections
WHERE config_id = $1 AND domain_id = $2
AND channel_id NOT IN ($3)`
var conn pgtype.TextArray
if err := conn.Set(connections); err != nil {
return err
}
res, err := tx.Exec(q, id, domainID, conn)
if err != nil {
return err
}
cnt, err := res.RowsAffected()
if err != nil {
return err
}
q = `INSERT INTO connections (config_id, channel_id, domain_id)
VALUES (:config_id, :channel_id, :domain_id)`
conns := []dbConnection{}
for _, conn := range connections {
dbconn := dbConnection{
Config: id,
Channel: conn,
DomainID: domainID,
}
conns = append(conns, dbconn)
}
if _, err := tx.NamedExec(q, conns); err != nil {
return err
}
if cnt == 0 {
return nil
}
_, err = tx.Exec(cleanupQuery)
return err
}
func nullString(s string) sql.NullString {
if s == "" {
return sql.NullString{}
}
return sql.NullString{
String: s,
Valid: true,
}
}
func nullTime(t time.Time) sql.NullTime {
if t.IsZero() {
return sql.NullTime{}
}
return sql.NullTime{
Time: t,
Valid: true,
}
return sql.NullString{String: s, Valid: true}
}
type dbConfig struct {
DomainID string `db:"domain_id"`
ClientID string `db:"magistrala_client"`
ClientSecret string `db:"magistrala_secret"`
ID string `db:"id"`
Name sql.NullString `db:"name"`
ClientCert sql.NullString `db:"client_cert"`
ClientKey sql.NullString `db:"client_key"`
@@ -647,13 +351,19 @@ type dbConfig struct {
ExternalID string `db:"external_id"`
ExternalKey string `db:"external_key"`
Content sql.NullString `db:"content"`
State bootstrap.State `db:"state"`
Status bootstrap.Status `db:"status"`
ProfileID sql.NullString `db:"profile_id"`
RenderContext []byte `db:"render_context"`
}
func toDBConfig(cfg bootstrap.Config) (dbConfig, error) {
renderContext, err := json.Marshal(cfg.RenderContext)
if err != nil {
return dbConfig{}, err
}
func toDBConfig(cfg bootstrap.Config) dbConfig {
return dbConfig{
ClientID: cfg.ClientID,
ClientSecret: cfg.ClientSecret,
ID: cfg.ID,
DomainID: cfg.DomainID,
Name: nullString(cfg.Name),
ClientCert: nullString(cfg.ClientCert),
@@ -662,110 +372,43 @@ func toDBConfig(cfg bootstrap.Config) dbConfig {
ExternalID: cfg.ExternalID,
ExternalKey: cfg.ExternalKey,
Content: nullString(cfg.Content),
State: cfg.State,
}
Status: cfg.Status,
ProfileID: nullString(cfg.ProfileID),
RenderContext: renderContext,
}, nil
}
func toConfig(dbcfg dbConfig) bootstrap.Config {
func toConfig(dbcfg dbConfig) (bootstrap.Config, error) {
cfg := bootstrap.Config{
ClientID: dbcfg.ClientID,
ClientSecret: dbcfg.ClientSecret,
ID: dbcfg.ID,
DomainID: dbcfg.DomainID,
ExternalID: dbcfg.ExternalID,
ExternalKey: dbcfg.ExternalKey,
State: dbcfg.State,
Status: dbcfg.Status,
}
if dbcfg.ProfileID.Valid {
cfg.ProfileID = dbcfg.ProfileID.String
}
if dbcfg.Name.Valid {
cfg.Name = dbcfg.Name.String
}
if dbcfg.Content.Valid {
cfg.Content = dbcfg.Content.String
}
if len(dbcfg.RenderContext) > 0 && string(dbcfg.RenderContext) != jsonNull {
if err := json.Unmarshal(dbcfg.RenderContext, &cfg.RenderContext); err != nil {
return bootstrap.Config{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
}
if dbcfg.ClientCert.Valid {
cfg.ClientCert = dbcfg.ClientCert.String
}
if dbcfg.ClientKey.Valid {
cfg.ClientKey = dbcfg.ClientKey.String
}
if dbcfg.CaCert.Valid {
cfg.CACert = dbcfg.CaCert.String
}
return cfg
}
type dbChannel struct {
ID string `db:"magistrala_channel"`
Name sql.NullString `db:"name"`
DomainID sql.NullString `db:"domain_id"`
Metadata string `db:"metadata"`
Parent sql.NullString `db:"parent_id,omitempty"`
Description string `db:"description,omitempty"`
CreatedAt time.Time `db:"created_at"`
UpdatedAt sql.NullTime `db:"updated_at,omitempty"`
UpdatedBy sql.NullString `db:"updated_by,omitempty"`
Status clients.Status `db:"status"`
}
func toDBChannel(domainID string, ch bootstrap.Channel) (dbChannel, error) {
dbch := dbChannel{
ID: ch.ID,
Name: nullString(ch.Name),
DomainID: nullString(domainID),
Parent: nullString(ch.Parent),
Description: ch.Description,
CreatedAt: ch.CreatedAt,
UpdatedAt: nullTime(ch.UpdatedAt),
UpdatedBy: nullString(ch.UpdatedBy),
Status: ch.Status,
}
metadata, err := json.Marshal(ch.Metadata)
if err != nil {
return dbChannel{}, errors.Wrap(errors.ErrMalformedEntity, err)
}
dbch.Metadata = string(metadata)
return dbch, nil
}
func toChannel(dbch dbChannel) (bootstrap.Channel, error) {
ch := bootstrap.Channel{
ID: dbch.ID,
Description: dbch.Description,
CreatedAt: dbch.CreatedAt,
Status: dbch.Status,
}
if dbch.Name.Valid {
ch.Name = dbch.Name.String
}
if dbch.DomainID.Valid {
ch.DomainID = dbch.DomainID.String
}
if dbch.Parent.Valid {
ch.Parent = dbch.Parent.String
}
if dbch.UpdatedBy.Valid {
ch.UpdatedBy = dbch.UpdatedBy.String
}
if dbch.UpdatedAt.Valid {
ch.UpdatedAt = dbch.UpdatedAt.Time
}
if err := json.Unmarshal([]byte(dbch.Metadata), &ch.Metadata); err != nil {
return bootstrap.Channel{}, errors.Wrap(errors.ErrMalformedEntity, err)
}
return ch, nil
}
type dbConnection struct {
Config string `db:"config_id"`
Channel string `db:"channel_id"`
DomainID string `db:"domain_id"`
return cfg, nil
}
bootstrap/postgres/configs_test.go
+59 -518
View File
@@ -21,100 +21,67 @@ import (
const numConfigs = 10
var (
config = bootstrap.Config{
ClientID: "mg-client",
ClientSecret: "mg-key",
var config = bootstrap.Config{
ID: "mg-client",
ExternalID: "external-id",
ExternalKey: "external-key",
DomainID: testsutil.GenerateUUID(&testing.T{}),
Channels: []bootstrap.Channel{
{ID: "1", Name: "name 1", Metadata: map[string]any{"meta": 1.0}},
{ID: "2", Name: "name 2", Metadata: map[string]any{"meta": 2.0}},
},
Content: "content",
State: bootstrap.Inactive,
Status: bootstrap.Inactive,
}
channels = []string{"1", "2"}
)
func TestSave(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
diff := "different"
duplicateClient := config
duplicateClient.ExternalID = diff
duplicateClient.ClientSecret = diff
duplicateClient.Channels = []bootstrap.Channel{}
duplicateExternal := config
duplicateExternal.ClientID = diff
duplicateExternal.ClientSecret = diff
duplicateExternal.Channels = []bootstrap.Channel{}
duplicateChannels := config
duplicateChannels.ExternalID = diff
duplicateChannels.ClientSecret = diff
duplicateChannels.ClientID = diff
duplicateExternal.ID = diff
cases := []struct {
desc string
config bootstrap.Config
connections []string
err error
}{
{
desc: "save a config",
config: config,
connections: channels,
err: nil,
},
{
desc: "save config with same Client ID",
config: duplicateClient,
connections: nil,
err: repoerr.ErrConflict,
},
{
desc: "save config with same external ID",
config: duplicateExternal,
connections: nil,
err: repoerr.ErrConflict,
},
{
desc: "save config with same Channels",
config: duplicateChannels,
connections: channels,
err: repoerr.ErrConflict,
},
}
for _, tc := range cases {
id, err := repo.Save(context.Background(), tc.config, tc.connections)
id, err := repo.Save(context.Background(), tc.config)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
if err == nil {
assert.Equal(t, id, tc.config.ClientID, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.config.ClientID, id))
assert.Equal(t, id, tc.config.ID, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.config.ID, id))
}
}
}
func TestRetrieveByID(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
require.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
id, err := repo.Save(context.Background(), c, channels)
id, err := repo.Save(context.Background(), c)
require.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
nonexistentConfID, err := uuid.NewV4()
@@ -159,10 +126,6 @@ func TestRetrieveByID(t *testing.T) {
func TestRetrieveAll(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
clientIDs := make([]string, numConfigs)
for i := 0; i < numConfigs; i++ {
c := config
@@ -172,26 +135,18 @@ func TestRetrieveAll(t *testing.T) {
require.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ExternalID = uid.String()
c.Name = fmt.Sprintf("name %d", i)
c.ClientID = uid.String()
c.ClientSecret = uid.String()
clientIDs[i] = c.ClientID
c.ID = uid.String()
if i%2 == 0 {
c.State = bootstrap.Active
c.Status = bootstrap.Active
}
if i > 0 {
c.Channels = nil
}
_, err = repo.Save(context.Background(), c, channels)
_, err = repo.Save(context.Background(), c)
require.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
}
cases := []struct {
desc string
domainID string
clientID []string
offset uint64
limit uint64
filter bootstrap.Filter
@@ -200,7 +155,6 @@ func TestRetrieveAll(t *testing.T) {
{
desc: "retrieve all configs",
domainID: config.DomainID,
clientID: []string{},
offset: 0,
limit: uint64(numConfigs),
size: numConfigs,
@@ -208,7 +162,6 @@ func TestRetrieveAll(t *testing.T) {
{
desc: "retrieve a subset of configs",
domainID: config.DomainID,
clientID: []string{},
offset: 5,
limit: uint64(numConfigs - 5),
size: numConfigs - 5,
@@ -216,7 +169,6 @@ func TestRetrieveAll(t *testing.T) {
{
desc: "retrieve with wrong domain ID ",
domainID: "2",
clientID: []string{},
offset: 0,
limit: uint64(numConfigs),
size: 0,
@@ -224,16 +176,14 @@ func TestRetrieveAll(t *testing.T) {
{
desc: "retrieve all active configs ",
domainID: config.DomainID,
clientID: []string{},
offset: 0,
limit: uint64(numConfigs),
filter: bootstrap.Filter{FullMatch: map[string]string{"state": bootstrap.Active.String()}},
filter: bootstrap.Filter{FullMatch: map[string]string{"status": bootstrap.Active.String()}},
size: numConfigs / 2,
},
{
desc: "retrieve all with partial match filter",
domainID: config.DomainID,
clientID: []string{},
offset: 0,
limit: uint64(numConfigs),
filter: bootstrap.Filter{PartialMatch: map[string]string{"name": "1"}},
@@ -242,31 +192,14 @@ func TestRetrieveAll(t *testing.T) {
{
desc: "retrieve search by name",
domainID: config.DomainID,
clientID: []string{},
offset: 0,
limit: uint64(numConfigs),
filter: bootstrap.Filter{PartialMatch: map[string]string{"name": "1"}},
size: 1,
},
{
desc: "retrieve by valid clientIDs",
domainID: config.DomainID,
clientID: clientIDs,
offset: 0,
limit: uint64(numConfigs),
size: 10,
},
{
desc: "retrieve by non-existing clientID",
domainID: config.DomainID,
clientID: []string{"non-existing"},
offset: 0,
limit: uint64(numConfigs),
size: 0,
},
}
for _, tc := range cases {
ret := repo.RetrieveAll(context.Background(), tc.domainID, tc.clientID, tc.filter, tc.offset, tc.limit)
ret := repo.RetrieveAll(context.Background(), tc.domainID, tc.filter, tc.offset, tc.limit)
size := len(ret.Configs)
assert.Equal(t, tc.size, size, fmt.Sprintf("%s: expected %d got %d\n", tc.desc, tc.size, size))
}
@@ -274,18 +207,15 @@ func TestRetrieveAll(t *testing.T) {
func TestRetrieveByExternalID(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
_, err = repo.Save(context.Background(), c, channels)
_, err = repo.Save(context.Background(), c)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
cases := []struct {
@@ -312,18 +242,15 @@ func TestRetrieveByExternalID(t *testing.T) {
func TestUpdate(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
_, err = repo.Save(context.Background(), c, channels)
_, err = repo.Save(context.Background(), c)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
c.Content = "new content"
@@ -357,18 +284,15 @@ func TestUpdate(t *testing.T) {
func TestUpdateCert(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
_, err = repo.Save(context.Background(), c, channels)
_, err = repo.Save(context.Background(), c)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
c.Content = "new content"
@@ -379,7 +303,7 @@ func TestUpdateCert(t *testing.T) {
cases := []struct {
desc string
clientID string
configID string
domainID string
cert string
certKey string
@@ -389,7 +313,7 @@ func TestUpdateCert(t *testing.T) {
}{
{
desc: "update with wrong domain ID ",
clientID: "",
configID: "",
cert: "cert",
certKey: "certKey",
ca: "",
@@ -399,13 +323,13 @@ func TestUpdateCert(t *testing.T) {
},
{
desc: "update a config",
clientID: c.ClientID,
configID: c.ID,
cert: "cert",
certKey: "certKey",
ca: "ca",
domainID: c.DomainID,
expectedConfig: bootstrap.Config{
ClientID: c.ClientID,
ID: c.ID,
ClientCert: "cert",
CACert: "ca",
ClientKey: "certKey",
@@ -415,99 +339,23 @@ func TestUpdateCert(t *testing.T) {
},
}
for _, tc := range cases {
cfg, err := repo.UpdateCert(context.Background(), tc.domainID, tc.clientID, tc.cert, tc.certKey, tc.ca)
cfg, err := repo.UpdateCert(context.Background(), tc.domainID, tc.configID, tc.cert, tc.certKey, tc.ca)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
assert.Equal(t, tc.expectedConfig, cfg, fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.expectedConfig, cfg))
}
}
func TestUpdateConnections(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
_, err = repo.Save(context.Background(), c, channels)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
// Use UUID to prevent conflicts.
uid, err = uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
c.Channels = []bootstrap.Channel{}
c2, err := repo.Save(context.Background(), c, []string{channels[0]})
assert.Nil(t, err, fmt.Sprintf("Saving a config expected to succeed: %s.\n", err))
cases := []struct {
desc string
domainID string
id string
channels []bootstrap.Channel
connections []string
err error
}{
{
desc: "update connections of non-existing config",
domainID: config.DomainID,
id: "unknown",
channels: nil,
connections: []string{channels[1]},
err: repoerr.ErrNotFound,
},
{
desc: "update connections",
domainID: config.DomainID,
id: c.ClientID,
channels: nil,
connections: []string{channels[1]},
err: nil,
},
{
desc: "update connections with existing channels",
domainID: config.DomainID,
id: c2,
channels: nil,
connections: channels,
err: nil,
},
{
desc: "update connections no channels",
domainID: config.DomainID,
id: c.ClientID,
channels: nil,
connections: nil,
err: nil,
},
}
for _, tc := range cases {
err := repo.UpdateConnections(context.Background(), tc.domainID, tc.id, tc.channels, tc.connections)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
}
}
func TestRemove(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
id, err := repo.Save(context.Background(), c, channels)
id, err := repo.Save(context.Background(), c)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
// Removal works the same for both existing and non-existing
@@ -521,393 +369,86 @@ func TestRemove(t *testing.T) {
}
}
func TestChangeState(t *testing.T) {
func TestChangeStatus(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
saved, err := repo.Save(context.Background(), c, channels)
saved, err := repo.Save(context.Background(), c)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
cases := []struct {
desc string
domainID string
id string
state bootstrap.State
status bootstrap.Status
err error
}{
{
desc: "change state with wrong domain ID ",
desc: "change status with wrong domain ID ",
id: saved,
domainID: "2",
err: repoerr.ErrNotFound,
},
{
desc: "change state with wrong id",
desc: "change status with wrong id",
id: "wrong",
domainID: c.DomainID,
err: repoerr.ErrNotFound,
},
{
desc: "change state to Active",
desc: "change status to Active",
id: saved,
domainID: c.DomainID,
state: bootstrap.Active,
status: bootstrap.Active,
err: nil,
},
{
desc: "change state to Inactive",
desc: "change status to Inactive",
id: saved,
domainID: c.DomainID,
state: bootstrap.Inactive,
status: bootstrap.Inactive,
err: nil,
},
}
for _, tc := range cases {
err := repo.ChangeState(context.Background(), tc.domainID, tc.id, tc.state)
err := repo.ChangeStatus(context.Background(), tc.domainID, tc.id, tc.status)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
}
}
func TestListExisting(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
_, err = repo.Save(context.Background(), c, channels)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
var chs []bootstrap.Channel
chs = append(chs, config.Channels...)
cases := []struct {
desc string
domainID string
connections []string
existing []bootstrap.Channel
}{
{
desc: "list all existing channels",
domainID: c.DomainID,
connections: channels,
existing: chs,
},
{
desc: "list a subset of existing channels",
domainID: c.DomainID,
connections: []string{channels[0], "5"},
existing: []bootstrap.Channel{chs[0]},
},
{
desc: "list a subset of existing channels empty",
domainID: c.DomainID,
connections: []string{"5", "6"},
existing: []bootstrap.Channel{},
},
}
for _, tc := range cases {
existing, err := repo.ListExisting(context.Background(), tc.domainID, tc.connections)
assert.Nil(t, err, fmt.Sprintf("%s: unexpected error: %s", tc.desc, err))
assert.ElementsMatch(t, tc.existing, existing, fmt.Sprintf("%s: Got non-matching elements.", tc.desc))
}
}
func TestRemoveClient(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
saved, err := repo.Save(context.Background(), c, channels)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
for i := 0; i < 2; i++ {
err := repo.RemoveClient(context.Background(), saved)
assert.Nil(t, err, fmt.Sprintf("an unexpected error occurred: %s\n", err))
}
}
func TestUpdateChannel(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
_, err = repo.Save(context.Background(), c, channels)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
id := c.Channels[0].ID
update := bootstrap.Channel{
ID: id,
Name: "update name",
Metadata: map[string]any{"update": "metadata update"},
}
err = repo.UpdateChannel(context.Background(), update)
assert.Nil(t, err, fmt.Sprintf("updating config expected to succeed: %s.\n", err))
cfg, err := repo.RetrieveByID(context.Background(), c.DomainID, c.ClientID)
assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err))
var retrieved bootstrap.Channel
for _, c := range cfg.Channels {
if c.ID == id {
retrieved = c
break
}
}
update.DomainID = retrieved.DomainID
assert.Equal(t, update, retrieved, fmt.Sprintf("expected %s, go %s", update, retrieved))
}
func TestRemoveChannel(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
func TestAssignProfile(t *testing.T) {
configRepo := postgres.NewConfigRepository(db, testLog)
profileRepo := postgres.NewProfileRepository(db, testLog)
c := config
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
require.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
_, err = repo.Save(context.Background(), c, channels)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
saved, err := configRepo.Save(context.Background(), c)
require.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
err = repo.RemoveChannel(context.Background(), c.Channels[0].ID)
assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err))
profileID := testsutil.GenerateUUID(t)
_, err = profileRepo.Save(context.Background(), bootstrap.Profile{
ID: profileID,
DomainID: c.DomainID,
Name: "edge-gateway",
TemplateFormat: bootstrap.TemplateFormatGoTemplate,
Version: 1,
})
require.Nil(t, err, fmt.Sprintf("Saving profile expected to succeed: %s.\n", err))
cfg, err := repo.RetrieveByID(context.Background(), c.DomainID, c.ClientID)
assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err))
assert.NotContains(t, cfg.Channels, c.Channels[0], fmt.Sprintf("expected to remove channel %s from %s", c.Channels[0], cfg.Channels))
}
func TestConnectClient(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
c.State = bootstrap.Inactive
saved, err := repo.Save(context.Background(), c, channels)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
wrongID := testsutil.GenerateUUID(&testing.T{})
connectedClient := c
randomClient := c
randomClientID, _ := uuid.NewV4()
randomClient.ClientID = randomClientID.String()
emptyClient := c
emptyClient.ClientID = ""
cases := []struct {
desc string
domainID string
id string
state bootstrap.State
channels []bootstrap.Channel
connections []string
err error
}{
{
desc: "connect disconnected client",
domainID: c.DomainID,
id: saved,
state: bootstrap.Inactive,
channels: c.Channels,
connections: channels,
err: nil,
},
{
desc: "connect already connected client",
domainID: c.DomainID,
id: connectedClient.ClientID,
state: connectedClient.State,
channels: c.Channels,
connections: channels,
err: nil,
},
{
desc: "connect non-existent client",
domainID: c.DomainID,
id: wrongID,
channels: c.Channels,
connections: channels,
err: repoerr.ErrNotFound,
},
{
desc: "connect random client",
domainID: c.DomainID,
id: randomClient.ClientID,
channels: c.Channels,
connections: channels,
err: repoerr.ErrNotFound,
},
{
desc: "connect empty client",
domainID: c.DomainID,
id: emptyClient.ClientID,
channels: c.Channels,
connections: channels,
err: repoerr.ErrNotFound,
},
}
for _, tc := range cases {
for i, ch := range tc.channels {
if i == 0 {
err = repo.ConnectClient(context.Background(), ch.ID, tc.id)
assert.Equal(t, tc.err, err, fmt.Sprintf("%s: Expected error: %s, got: %s.\n", tc.desc, tc.err, err))
cfg, err := repo.RetrieveByID(context.Background(), c.DomainID, c.ClientID)
assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err))
assert.Equal(t, cfg.State, bootstrap.Active, fmt.Sprintf("expected to be active when a connection is added from %s", cfg))
} else {
_ = repo.ConnectClient(context.Background(), ch.ID, tc.id)
}
}
cfg, err := repo.RetrieveByID(context.Background(), c.DomainID, c.ClientID)
assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err))
assert.Equal(t, cfg.State, bootstrap.Active, fmt.Sprintf("expected to be active when a connection is added from %s", cfg))
}
}
func TestDisconnectClient(t *testing.T) {
repo := postgres.NewConfigRepository(db, testLog)
err := deleteChannels(context.Background(), repo)
require.Nil(t, err, "Channels cleanup expected to succeed.")
c := config
// Use UUID to prevent conflicts.
uid, err := uuid.NewV4()
assert.Nil(t, err, fmt.Sprintf("Got unexpected error: %s.\n", err))
c.ClientSecret = uid.String()
c.ClientID = uid.String()
c.ExternalID = uid.String()
c.ExternalKey = uid.String()
c.State = bootstrap.Inactive
saved, err := repo.Save(context.Background(), c, channels)
assert.Nil(t, err, fmt.Sprintf("Saving config expected to succeed: %s.\n", err))
wrongID := testsutil.GenerateUUID(&testing.T{})
connectedClient := c
randomClient := c
randomClientID, _ := uuid.NewV4()
randomClient.ClientID = randomClientID.String()
emptyClient := c
emptyClient.ClientID = ""
cases := []struct {
desc string
domainID string
id string
state bootstrap.State
channels []bootstrap.Channel
connections []string
err error
}{
{
desc: "disconnect connected client",
domainID: c.DomainID,
id: connectedClient.ClientID,
state: connectedClient.State,
channels: c.Channels,
connections: channels,
err: nil,
},
{
desc: "disconnect already disconnected client",
domainID: c.DomainID,
id: saved,
state: bootstrap.Inactive,
channels: c.Channels,
connections: channels,
err: nil,
},
{
desc: "disconnect invalid client",
domainID: c.DomainID,
id: wrongID,
channels: c.Channels,
connections: channels,
err: nil,
},
{
desc: "disconnect random client",
domainID: c.DomainID,
id: randomClient.ClientID,
channels: c.Channels,
connections: channels,
err: nil,
},
{
desc: "disconnect empty client",
domainID: c.DomainID,
id: emptyClient.ClientID,
channels: c.Channels,
connections: channels,
err: nil,
},
}
for _, tc := range cases {
for _, ch := range tc.channels {
err = repo.DisconnectClient(context.Background(), ch.ID, tc.id)
assert.Equal(t, tc.err, err, fmt.Sprintf("%s: Expected error: %s, got: %s.\n", tc.desc, tc.err, err))
}
cfg, err := repo.RetrieveByID(context.Background(), c.DomainID, c.ClientID)
assert.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err))
assert.Equal(t, cfg.State, bootstrap.Inactive, fmt.Sprintf("expected to be inactive when a connection is removed from %s", cfg))
}
}
func deleteChannels(ctx context.Context, repo bootstrap.ConfigRepository) error {
for _, ch := range channels {
if err := repo.RemoveChannel(ctx, ch); err != nil {
return err
}
}
return nil
err = configRepo.AssignProfile(context.Background(), c.DomainID, saved, profileID)
require.Nil(t, err, fmt.Sprintf("Assigning profile expected to succeed: %s.\n", err))
stored, err := configRepo.RetrieveByID(context.Background(), c.DomainID, saved)
require.Nil(t, err, fmt.Sprintf("Retrieving config expected to succeed: %s.\n", err))
assert.Equal(t, profileID, stored.ProfileID, "expected profile assignment to round-trip through the repository")
}
bootstrap/postgres/init.go
+212
View File
@@ -103,6 +103,218 @@ func Migration() *migrate.MemoryMigrationSource {
`ALTER TABLE IF EXISTS connections ADD FOREIGN KEY (config_id, domain_id) REFERENCES configs (magistrala_client, domain_id) ON DELETE CASCADE ON UPDATE CASCADE`,
},
},
{
Id: "configs_7",
Up: []string{
`ALTER TABLE IF EXISTS configs RENAME COLUMN magistrala_client TO client_id`,
`ALTER TABLE IF EXISTS configs RENAME COLUMN magistrala_secret TO client_secret`,
`CREATE UNIQUE INDEX IF NOT EXISTS configs_client_id_key ON configs (client_id)`,
`CREATE UNIQUE INDEX IF NOT EXISTS configs_client_id_domain_id_key ON configs (client_id, domain_id)`,
`DROP TABLE IF EXISTS connections`,
`DROP TABLE IF EXISTS channels`,
},
Down: []string{
`ALTER TABLE IF EXISTS configs RENAME COLUMN client_id TO magistrala_client`,
`ALTER TABLE IF EXISTS configs RENAME COLUMN client_secret TO magistrala_secret`,
},
},
{
Id: "configs_8",
Up: []string{
`DO $$
BEGIN
IF EXISTS (
SELECT 1
FROM information_schema.columns
WHERE table_name = 'configs' AND column_name = 'client_id'
) AND NOT EXISTS (
SELECT 1
FROM information_schema.columns
WHERE table_name = 'configs' AND column_name = 'id'
) THEN
ALTER TABLE configs RENAME COLUMN client_id TO id;
END IF;
END $$`,
`ALTER TABLE IF EXISTS configs DROP COLUMN IF EXISTS client_secret`,
},
Down: []string{
`ALTER TABLE IF EXISTS configs ADD COLUMN IF NOT EXISTS client_secret TEXT`,
`DO $$
BEGIN
IF EXISTS (
SELECT 1
FROM information_schema.columns
WHERE table_name = 'configs' AND column_name = 'id'
) AND NOT EXISTS (
SELECT 1
FROM information_schema.columns
WHERE table_name = 'configs' AND column_name = 'client_id'
) THEN
ALTER TABLE configs RENAME COLUMN id TO client_id;
END IF;
END $$`,
},
},
{
Id: "configs_10",
Up: []string{
`CREATE TABLE IF NOT EXISTS profiles (
id VARCHAR(36) PRIMARY KEY,
domain_id VARCHAR(36) NOT NULL,
name VARCHAR(1024) NOT NULL,
description TEXT,
template_format VARCHAR(64) NOT NULL DEFAULT 'go-template',
content_template TEXT,
defaults JSONB,
binding_slots JSONB,
version INT NOT NULL DEFAULT 1,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
UNIQUE (domain_id, name)
)`,
`CREATE INDEX IF NOT EXISTS idx_profiles_domain_id ON profiles (domain_id)`,
},
Down: []string{
`DROP TABLE IF EXISTS profiles`,
},
},
{
Id: "configs_11",
Up: []string{
`ALTER TABLE IF EXISTS configs ADD COLUMN IF NOT EXISTS profile_id VARCHAR(36) REFERENCES profiles (id) ON DELETE SET NULL`,
`ALTER TABLE IF EXISTS configs ADD COLUMN IF NOT EXISTS render_context JSONB`,
},
Down: []string{
`ALTER TABLE IF EXISTS configs DROP COLUMN IF EXISTS render_context`,
`ALTER TABLE IF EXISTS configs DROP COLUMN IF EXISTS profile_id`,
},
},
{
Id: "configs_12",
Up: []string{
`CREATE TABLE IF NOT EXISTS bindings (
config_id TEXT NOT NULL,
slot VARCHAR(256) NOT NULL,
type VARCHAR(64) NOT NULL,
resource_id TEXT NOT NULL,
snapshot JSONB,
secret_snapshot BYTEA,
updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
PRIMARY KEY (config_id, slot)
)`,
`CREATE INDEX IF NOT EXISTS idx_bindings_config_id ON bindings (config_id)`,
},
Down: []string{
`DROP TABLE IF EXISTS bindings`,
},
},
{
Id: "configs_13",
Up: []string{
`DO $$
BEGIN
IF EXISTS (
SELECT 1
FROM information_schema.columns
WHERE table_name = 'configs' AND column_name = 'state'
) AND NOT EXISTS (
SELECT 1
FROM information_schema.columns
WHERE table_name = 'configs' AND column_name = 'status'
) THEN
ALTER TABLE configs RENAME COLUMN state TO status;
END IF;
END $$`,
},
Down: []string{
`DO $$
BEGIN
IF EXISTS (
SELECT 1
FROM information_schema.columns
WHERE table_name = 'configs' AND column_name = 'status'
) AND NOT EXISTS (
SELECT 1
FROM information_schema.columns
WHERE table_name = 'configs' AND column_name = 'state'
) THEN
ALTER TABLE configs RENAME COLUMN status TO state;
END IF;
END $$`,
},
},
{
Id: "configs_14",
Up: []string{
`DO $$
BEGIN
IF EXISTS (
SELECT 1
FROM information_schema.tables
WHERE table_name = 'binding_snapshots'
) AND NOT EXISTS (
SELECT 1
FROM information_schema.tables
WHERE table_name = 'bindings'
) THEN
ALTER TABLE binding_snapshots RENAME TO bindings;
END IF;
END $$`,
`DO $$
BEGIN
IF EXISTS (
SELECT 1
FROM pg_class
WHERE relname = 'idx_binding_snapshots_config_id'
) AND NOT EXISTS (
SELECT 1
FROM pg_class
WHERE relname = 'idx_bindings_config_id'
) THEN
ALTER INDEX idx_binding_snapshots_config_id RENAME TO idx_bindings_config_id;
END IF;
END $$`,
},
Down: []string{
`DO $$
BEGIN
IF EXISTS (
SELECT 1
FROM information_schema.tables
WHERE table_name = 'bindings'
) AND NOT EXISTS (
SELECT 1
FROM information_schema.tables
WHERE table_name = 'binding_snapshots'
) THEN
ALTER TABLE bindings RENAME TO binding_snapshots;
END IF;
END $$`,
`DO $$
BEGIN
IF EXISTS (
SELECT 1
FROM pg_class
WHERE relname = 'idx_bindings_config_id'
) AND NOT EXISTS (
SELECT 1
FROM pg_class
WHERE relname = 'idx_binding_snapshots_config_id'
) THEN
ALTER INDEX idx_bindings_config_id RENAME TO idx_binding_snapshots_config_id;
END IF;
END $$`,
},
},
{
Id: "configs_15",
Up: []string{
`ALTER TABLE IF EXISTS profiles ADD COLUMN IF NOT EXISTS binding_slots JSONB`,
},
Down: []string{
`ALTER TABLE IF EXISTS profiles DROP COLUMN IF EXISTS binding_slots`,
},
},
},
}
}
bootstrap/postgres/profiles.go
+209
View File
@@ -0,0 +1,209 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package postgres
import (
"context"
"database/sql"
"encoding/json"
"fmt"
"log/slog"
"time"
"github.com/absmach/magistrala/bootstrap"
"github.com/absmach/magistrala/pkg/errors"
repoerr "github.com/absmach/magistrala/pkg/errors/repository"
"github.com/absmach/magistrala/pkg/postgres"
"github.com/jackc/pgerrcode"
"github.com/jackc/pgx/v5/pgconn"
)
var _ bootstrap.ProfileRepository = (*profileRepository)(nil)
type profileRepository struct {
db postgres.Database
log *slog.Logger
}
// NewProfileRepository instantiates a PostgreSQL implementation of ProfileRepository.
func NewProfileRepository(db postgres.Database, log *slog.Logger) bootstrap.ProfileRepository {
return &profileRepository{db: db, log: log}
}
func (pr profileRepository) Save(ctx context.Context, p bootstrap.Profile) (bootstrap.Profile, error) {
q := `INSERT INTO profiles (id, domain_id, name, description, template_format, content_template, defaults, binding_slots, version, created_at, updated_at)
VALUES (:id, :domain_id, :name, :description, :template_format, :content_template, :defaults, :binding_slots, :version, :created_at, :updated_at)`
now := time.Now().UTC()
p.CreatedAt = now
p.UpdatedAt = now
dbp, err := toDBProfile(p)
if err != nil {
return bootstrap.Profile{}, errors.Wrap(repoerr.ErrCreateEntity, err)
}
if _, err = pr.db.NamedExecContext(ctx, q, dbp); err != nil {
if pgErr, ok := err.(*pgconn.PgError); ok && pgErr.Code == pgerrcode.UniqueViolation {
return bootstrap.Profile{}, repoerr.ErrConflict
}
return bootstrap.Profile{}, errors.Wrap(repoerr.ErrCreateEntity, err)
}
return p, nil
}
func (pr profileRepository) RetrieveByID(ctx context.Context, domainID, id string) (bootstrap.Profile, error) {
q := `SELECT id, domain_id, name, description, template_format, content_template, defaults, binding_slots, version, created_at, updated_at
FROM profiles WHERE id = $1 AND domain_id = $2`
var dbp dbProfile
if err := pr.db.QueryRowxContext(ctx, q, id, domainID).StructScan(&dbp); err != nil {
if err == sql.ErrNoRows {
return bootstrap.Profile{}, repoerr.ErrNotFound
}
return bootstrap.Profile{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
return toProfile(dbp)
}
func (pr profileRepository) RetrieveAll(ctx context.Context, domainID string, offset, limit uint64) (bootstrap.ProfilesPage, error) {
q := `SELECT id, domain_id, name, description, template_format, content_template, defaults, binding_slots, version, created_at, updated_at
FROM profiles WHERE domain_id = $1 ORDER BY created_at DESC LIMIT $2 OFFSET $3`
rows, err := pr.db.QueryxContext(ctx, q, domainID, limit, offset)
if err != nil {
return bootstrap.ProfilesPage{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
defer rows.Close()
var profiles []bootstrap.Profile
for rows.Next() {
var dbp dbProfile
if err := rows.StructScan(&dbp); err != nil {
pr.log.Error(fmt.Sprintf("failed to scan profile row: %s", err))
return bootstrap.ProfilesPage{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
p, err := toProfile(dbp)
if err != nil {
return bootstrap.ProfilesPage{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
profiles = append(profiles, p)
}
var total uint64
if err := pr.db.QueryRowxContext(ctx, `SELECT COUNT(*) FROM profiles WHERE domain_id = $1`, domainID).Scan(&total); err != nil {
return bootstrap.ProfilesPage{}, errors.Wrap(repoerr.ErrViewEntity, err)
}
return bootstrap.ProfilesPage{
Total: total,
Offset: offset,
Limit: limit,
Profiles: profiles,
}, nil
}
func (pr profileRepository) Update(ctx context.Context, p bootstrap.Profile) error {
q := `UPDATE profiles SET name = :name, description = :description, template_format = :template_format,
content_template = :content_template, defaults = :defaults, binding_slots = :binding_slots, version = version + 1, updated_at = :updated_at
WHERE id = :id AND domain_id = :domain_id`
p.UpdatedAt = time.Now().UTC()
dbp, err := toDBProfile(p)
if err != nil {
return errors.Wrap(repoerr.ErrUpdateEntity, err)
}
res, err := pr.db.NamedExecContext(ctx, q, dbp)
if err != nil {
return errors.Wrap(repoerr.ErrUpdateEntity, err)
}
cnt, err := res.RowsAffected()
if err != nil {
return errors.Wrap(repoerr.ErrUpdateEntity, err)
}
if cnt == 0 {
return repoerr.ErrNotFound
}
return nil
}
func (pr profileRepository) Delete(ctx context.Context, domainID, id string) error {
q := `DELETE FROM profiles WHERE id = $1 AND domain_id = $2`
if _, err := pr.db.ExecContext(ctx, q, id, domainID); err != nil {
return errors.Wrap(repoerr.ErrRemoveEntity, err)
}
return nil
}
// dbProfile is the database representation of a Profile.
type dbProfile struct {
ID string `db:"id"`
DomainID string `db:"domain_id"`
Name string `db:"name"`
Description sql.NullString `db:"description"`
TemplateFormat string `db:"template_format"`
ContentTemplate sql.NullString `db:"content_template"`
Defaults []byte `db:"defaults"`
BindingSlots []byte `db:"binding_slots"`
Version int `db:"version"`
CreatedAt time.Time `db:"created_at"`
UpdatedAt time.Time `db:"updated_at"`
}
func toDBProfile(p bootstrap.Profile) (dbProfile, error) {
defaults, err := json.Marshal(p.Defaults)
if err != nil {
return dbProfile{}, err
}
bindingSlots, err := json.Marshal(p.BindingSlots)
if err != nil {
return dbProfile{}, err
}
return dbProfile{
ID: p.ID,
DomainID: p.DomainID,
Name: p.Name,
Description: nullString(p.Description),
TemplateFormat: string(p.TemplateFormat),
ContentTemplate: nullString(p.ContentTemplate),
Defaults: defaults,
BindingSlots: bindingSlots,
Version: p.Version,
CreatedAt: p.CreatedAt,
UpdatedAt: p.UpdatedAt,
}, nil
}
func toProfile(dbp dbProfile) (bootstrap.Profile, error) {
p := bootstrap.Profile{
ID: dbp.ID,
DomainID: dbp.DomainID,
Name: dbp.Name,
TemplateFormat: bootstrap.TemplateFormat(dbp.TemplateFormat),
Version: dbp.Version,
CreatedAt: dbp.CreatedAt,
UpdatedAt: dbp.UpdatedAt,
}
if dbp.Description.Valid {
p.Description = dbp.Description.String
}
if dbp.ContentTemplate.Valid {
p.ContentTemplate = dbp.ContentTemplate.String
}
if len(dbp.Defaults) > 0 && string(dbp.Defaults) != jsonNull {
if err := json.Unmarshal(dbp.Defaults, &p.Defaults); err != nil {
return bootstrap.Profile{}, err
}
}
if len(dbp.BindingSlots) > 0 && string(dbp.BindingSlots) != jsonNull {
if err := json.Unmarshal(dbp.BindingSlots, &p.BindingSlots); err != nil {
return bootstrap.Profile{}, err
}
}
return p, nil
}
bootstrap/postgres/setup_test.go
+3 -1
View File
@@ -70,7 +70,9 @@ func TestMain(m *testing.M) {
SSLRootCert: "",
}
if db, err = pgclient.Setup(dbConfig, *postgres.Migration()); err != nil {
migration := postgres.Migration()
if db, err = pgclient.Setup(dbConfig, *migration); err != nil {
testLog.Error(fmt.Sprintf("Could not setup test DB connection: %s", err))
}
bootstrap/profiles.go
+69
View File
@@ -0,0 +1,69 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package bootstrap
import (
"context"
"time"
)
// TemplateFormat enumerates supported content template formats.
type TemplateFormat string
const (
TemplateFormatGoTemplate TemplateFormat = "go-template"
TemplateFormatRaw TemplateFormat = "raw"
TemplateFormatJSON TemplateFormat = "json"
TemplateFormatYAML TemplateFormat = "yaml"
TemplateFormatTOML TemplateFormat = "toml"
)
// Profile is a user-managed device configuration template.
type Profile struct {
ID string `json:"id"`
DomainID string `json:"domain_id,omitempty"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
TemplateFormat TemplateFormat `json:"template_format"`
ContentTemplate string `json:"content_template,omitempty"`
Defaults map[string]any `json:"defaults,omitempty"`
BindingSlots []BindingSlot `json:"binding_slots,omitempty"`
Version int `json:"version,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty"`
}
// BindingSlot declares a named resource placeholder that a profile template can use.
type BindingSlot struct {
Name string `json:"name"`
Type string `json:"type"`
Required bool `json:"required"`
Fields []string `json:"fields,omitempty"`
}
// ProfilesPage contains pagination metadata and a slice of Profiles.
type ProfilesPage struct {
Total uint64 `json:"total"`
Offset uint64 `json:"offset"`
Limit uint64 `json:"limit"`
Profiles []Profile `json:"profiles"`
}
// ProfileRepository specifies the persistence API for Profiles.
type ProfileRepository interface {
// Save persists a new Profile and returns it with server-assigned fields set.
Save(ctx context.Context, p Profile) (Profile, error)
// RetrieveByID returns the Profile with the given ID inside the given domain.
RetrieveByID(ctx context.Context, domainID, id string) (Profile, error)
// RetrieveAll returns a page of Profiles belonging to the given domain.
RetrieveAll(ctx context.Context, domainID string, offset, limit uint64) (ProfilesPage, error)
// Update updates editable fields of the given Profile.
Update(ctx context.Context, p Profile) error
// Delete removes the Profile with the given ID from the given domain.
Delete(ctx context.Context, domainID, id string) error
}
bootstrap/reader.go
+4 -19
View File
@@ -12,25 +12,17 @@ import (
"net/http"
)
// bootstrapRes represent Magistrala Response to the Bootatrap request.
// bootstrapRes represent Magistrala Response to the Bootstrap request.
// This is used as a response from ConfigReader and can easily be
// replace with any other response format.
// replaced with any other response format.
type bootstrapRes struct {
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
Channels []channelRes `json:"channels"`
ID string `json:"id,omitempty"`
Content string `json:"content,omitempty"`
ClientCert string `json:"client_cert,omitempty"`
ClientKey string `json:"client_key,omitempty"`
CACert string `json:"ca_cert,omitempty"`
}
type channelRes struct {
ID string `json:"id"`
Name string `json:"name,omitempty"`
Metadata any `json:"metadata,omitempty"`
}
func (res bootstrapRes) Code() int {
return http.StatusOK
}
@@ -54,15 +46,8 @@ func NewConfigReader(encKey []byte) ConfigReader {
}
func (r reader) ReadConfig(cfg Config, secure bool) (any, error) {
var channels []channelRes
for _, ch := range cfg.Channels {
channels = append(channels, channelRes{ID: ch.ID, Name: ch.Name, Metadata: ch.Metadata})
}
res := bootstrapRes{
ClientID: cfg.ClientID,
ClientSecret: cfg.ClientSecret,
Channels: channels,
ID: cfg.ID,
Content: cfg.Content,
ClientCert: cfg.ClientCert,
ClientKey: cfg.ClientKey,
bootstrap/reader_test.go
+2 -26
View File
@@ -17,16 +17,8 @@ import (
"github.com/stretchr/testify/assert"
)
type readChan struct {
ID string `json:"id"`
Name string `json:"name,omitempty"`
Metadata any `json:"metadata,omitempty"`
}
type readResp struct {
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
Channels []readChan `json:"channels"`
ID string `json:"id"`
Content string `json:"content,omitempty"`
ClientCert string `json:"client_cert,omitempty"`
ClientKey string `json:"client_key,omitempty"`
@@ -50,30 +42,14 @@ func dec(in []byte) ([]byte, error) {
func TestReadConfig(t *testing.T) {
cfg := bootstrap.Config{
ClientID: "smq_id",
ID: "smq_id",
ClientCert: "client_cert",
ClientKey: "client_key",
CACert: "ca_cert",
ClientSecret: "smq_key",
Channels: []bootstrap.Channel{
{
ID: "smq_id",
Name: "smq_name",
Metadata: map[string]any{"key": "value}"},
},
},
Content: "content",
}
ret := readResp{
ClientID: "smq_id",
ClientSecret: "smq_key",
Channels: []readChan{
{
ID: "smq_id",
Name: "smq_name",
Metadata: map[string]any{"key": "value}"},
},
},
Content: "content",
ClientCert: "client_cert",
ClientKey: "client_key",
bootstrap/renderer.go
+151
View File
@@ -0,0 +1,151 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package bootstrap
import (
"bytes"
"encoding/json"
"fmt"
"text/template"
"github.com/absmach/magistrala/pkg/errors"
"github.com/pelletier/go-toml/v2"
"gopkg.in/yaml.v3"
)
// Renderer renders a Profile's content template into a concrete device
// configuration. All input data must already be stored in Bootstrap — no
// external service calls are allowed inside Render.
type Renderer interface {
Render(profile Profile, enrollment Config, bindings []BindingSnapshot) ([]byte, error)
}
// ErrRenderFailed is returned when template execution or output validation fails.
var ErrRenderFailed = errors.New("failed to render profile template")
type renderer struct{}
// NewRenderer returns the default Renderer implementation using Go text/template.
func NewRenderer() Renderer {
return renderer{}
}
func (r renderer) Render(profile Profile, enrollment Config, bindings []BindingSnapshot) ([]byte, error) {
rctx := buildRenderContext(profile, enrollment, bindings)
switch profile.TemplateFormat {
case TemplateFormatRaw:
return []byte(profile.ContentTemplate), nil
case TemplateFormatGoTemplate, TemplateFormatJSON, TemplateFormatYAML, TemplateFormatTOML, "":
return r.renderTemplate(profile, rctx)
default:
return nil, fmt.Errorf("%w: unsupported template format %q", ErrRenderFailed, profile.TemplateFormat)
}
}
func (r renderer) renderTemplate(profile Profile, rctx RenderContext) ([]byte, error) {
t, err := template.New("bootstrap").
Option("missingkey=error").
Funcs(allowlistedFuncs()).
Parse(profile.ContentTemplate)
if err != nil {
return nil, fmt.Errorf("%w: %w", ErrRenderFailed, err)
}
var buf bytes.Buffer
if err := t.Execute(&buf, rctx); err != nil {
return nil, fmt.Errorf("%w: %w", ErrRenderFailed, err)
}
out, err := validateRenderedOutput(buf.Bytes(), profile.TemplateFormat)
if err != nil {
return nil, err
}
return out, nil
}
// validateRenderedOutput checks that the rendered bytes are valid for the
// declared output format. It returns the original bytes on success and wraps
// ErrRenderFailed on failure.
func validateRenderedOutput(out []byte, format TemplateFormat) ([]byte, error) {
// Unrecognised formats are passed through. Recognised structured formats
// must parse successfully so broken templates fail before reaching devices.
switch format {
case TemplateFormatJSON:
var v any
if err := json.Unmarshal(out, &v); err != nil {
return nil, fmt.Errorf("%w: invalid json output: %w", ErrRenderFailed, err)
}
case TemplateFormatYAML:
var v any
if err := yaml.Unmarshal(out, &v); err != nil {
return nil, fmt.Errorf("%w: invalid yaml output: %w", ErrRenderFailed, err)
}
case TemplateFormatTOML:
var v any
if err := toml.Unmarshal(out, &v); err != nil {
return nil, fmt.Errorf("%w: invalid toml output: %w", ErrRenderFailed, err)
}
}
return out, nil
}
// buildRenderContext constructs the typed RenderContext from stored data.
// No external calls are made here.
func buildRenderContext(profile Profile, enrollment Config, bindings []BindingSnapshot) RenderContext {
vars := make(map[string]any)
for k, v := range profile.Defaults {
vars[k] = v
}
for k, v := range enrollment.RenderContext {
vars[k] = v
}
bctx := make(map[string]BindingContext, len(bindings))
for _, b := range bindings {
bctx[b.Slot] = BindingContext{
Type: b.Type,
ID: b.ResourceID,
Snapshot: b.Snapshot,
Secret: b.SecretSnapshot,
}
}
return RenderContext{
Device: DeviceContext{
ID: enrollment.ID,
ExternalID: enrollment.ExternalID,
DomainID: enrollment.DomainID,
},
Vars: vars,
Bindings: bctx,
}
}
// allowlistedFuncs returns the safe set of template helper functions.
// No function in this map may call an external service or perform I/O.
func allowlistedFuncs() template.FuncMap {
return template.FuncMap{
"toJSON": func(v any) (string, error) {
b, err := json.Marshal(v)
if err != nil {
return "", err
}
return string(b), nil
},
"default": func(def, val any) any {
if val == nil || val == "" {
return def
}
return val
},
"required": func(key string, val any) (any, error) {
if val == nil || val == "" {
return nil, fmt.Errorf("required value %q is missing", key)
}
return val, nil
},
}
}
bootstrap/renderer_test.go
+72
View File
@@ -0,0 +1,72 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package bootstrap_test
import (
"fmt"
"testing"
"github.com/absmach/magistrala/bootstrap"
"github.com/absmach/magistrala/pkg/errors"
"github.com/stretchr/testify/assert"
)
func TestRendererStructuredOutputValidation(t *testing.T) {
renderer := bootstrap.NewRenderer()
cases := []struct {
desc string
format bootstrap.TemplateFormat
template string
err error
}{
{
desc: "valid JSON output",
format: bootstrap.TemplateFormatJSON,
template: `{"device_id":"{{ .Device.ID }}"}`,
},
{
desc: "invalid JSON output",
format: bootstrap.TemplateFormatJSON,
template: `{"device_id":`,
err: bootstrap.ErrRenderFailed,
},
{
desc: "valid YAML output",
format: bootstrap.TemplateFormatYAML,
template: "device_id: {{ .Device.ID }}",
},
{
desc: "invalid YAML output",
format: bootstrap.TemplateFormatYAML,
template: "device_id: [",
err: bootstrap.ErrRenderFailed,
},
{
desc: "valid TOML output",
format: bootstrap.TemplateFormatTOML,
template: `device_id = "{{ .Device.ID }}"`,
},
{
desc: "invalid TOML output",
format: bootstrap.TemplateFormatTOML,
template: `device_id = `,
err: bootstrap.ErrRenderFailed,
},
}
for _, tc := range cases {
t.Run(tc.desc, func(t *testing.T) {
_, err := renderer.Render(
bootstrap.Profile{
TemplateFormat: tc.format,
ContentTemplate: tc.template,
},
bootstrap.Config{ID: "config-id"},
nil,
)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %v got %v", tc.desc, tc.err, err))
})
}
}
bootstrap/sdk_resolver.go
+115
View File
@@ -0,0 +1,115 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package bootstrap
import (
"context"
"fmt"
"time"
"github.com/absmach/magistrala/pkg/errors"
svcerr "github.com/absmach/magistrala/pkg/errors/service"
mgsdk "github.com/absmach/magistrala/pkg/sdk"
)
var _ BindingResolver = (*sdkResolver)(nil)
type sdkResolver struct {
sdk mgsdk.SDK
}
// NewSDKResolver returns a BindingResolver that validates resources against
// the Magistrala clients and channels services using the SDK. This resolver
// is called only at binding time; the render path must never call it.
func NewSDKResolver(sdk mgsdk.SDK) BindingResolver {
return &sdkResolver{sdk: sdk}
}
func (r *sdkResolver) Resolve(ctx context.Context, req ResolveRequest) ([]BindingSnapshot, error) {
var snapshots []BindingSnapshot
for _, br := range req.Requested {
snap, err := r.resolveOne(ctx, req.Enrollment.DomainID, req.Token, br)
if err != nil {
return nil, err
}
snapshots = append(snapshots, snap)
}
return snapshots, nil
}
func (r *sdkResolver) resolveOne(ctx context.Context, domainID, token string, br BindingRequest) (BindingSnapshot, error) {
switch br.Type {
case "client":
return r.resolveClient(ctx, domainID, token, br)
case "channel":
return r.resolveChannel(ctx, domainID, token, br)
default:
return BindingSnapshot{}, fmt.Errorf("unsupported binding type %q", br.Type)
}
}
func (r *sdkResolver) resolveClient(ctx context.Context, domainID, token string, br BindingRequest) (BindingSnapshot, error) {
client, sdkErr := r.sdk.Client(ctx, br.ResourceID, domainID, token)
if sdkErr != nil {
return BindingSnapshot{}, errors.Wrap(svcerr.ErrNotFound,
fmt.Errorf("client %q not found: %s", br.ResourceID, sdkErr))
}
snapshot := map[string]any{
"id": client.ID,
"name": client.Name,
}
if client.Credentials.Identity != "" {
snapshot["identity"] = client.Credentials.Identity
}
if client.DomainID != "" {
snapshot["domain_id"] = client.DomainID
}
secret := map[string]any{}
if client.Credentials.Secret != "" {
secret["secret"] = client.Credentials.Secret
}
return BindingSnapshot{
Slot: br.Slot,
Type: br.Type,
ResourceID: br.ResourceID,
Snapshot: snapshot,
SecretSnapshot: secret,
UpdatedAt: time.Now().UTC(),
}, nil
}
func (r *sdkResolver) resolveChannel(ctx context.Context, domainID, token string, br BindingRequest) (BindingSnapshot, error) {
channel, sdkErr := r.sdk.Channel(ctx, br.ResourceID, domainID, token)
if sdkErr != nil {
return BindingSnapshot{}, errors.Wrap(svcerr.ErrNotFound,
fmt.Errorf("channel %q not found: %s", br.ResourceID, sdkErr))
}
snapshot := map[string]any{
"id": channel.ID,
"name": channel.Name,
}
if channel.Route != "" {
snapshot["topic"] = channel.Route
}
if channel.DomainID != "" {
snapshot["domain_id"] = channel.DomainID
}
if channel.Metadata != nil {
snapshot["metadata"] = channel.Metadata
}
return BindingSnapshot{
Slot: br.Slot,
Type: br.Type,
ResourceID: br.ResourceID,
Snapshot: snapshot,
UpdatedAt: time.Now().UTC(),
}, nil
}
bootstrap/secret_snapshots.go
+100
View File
@@ -0,0 +1,100 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package bootstrap
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/hex"
"encoding/json"
)
const secretSnapshotCiphertextKey = "ciphertext"
func (bs bootstrapService) encryptSecretSnapshots(bindings []BindingSnapshot) ([]BindingSnapshot, error) {
encrypted := make([]BindingSnapshot, len(bindings))
for i, binding := range bindings {
encrypted[i] = binding
if len(binding.SecretSnapshot) == 0 {
continue
}
secret, err := json.Marshal(binding.SecretSnapshot)
if err != nil {
return nil, err
}
ciphertext, err := bs.encrypt(secret)
if err != nil {
return nil, err
}
encrypted[i].SecretSnapshot = map[string]any{
secretSnapshotCiphertextKey: ciphertext,
}
}
return encrypted, nil
}
func (bs bootstrapService) decryptSecretSnapshots(bindings []BindingSnapshot) ([]BindingSnapshot, error) {
decrypted := make([]BindingSnapshot, len(bindings))
for i, binding := range bindings {
decrypted[i] = binding
ciphertext, ok := binding.SecretSnapshot[secretSnapshotCiphertextKey].(string)
if !ok {
continue
}
plain, err := bs.decrypt(ciphertext)
if err != nil {
return nil, err
}
var secret map[string]any
if err := json.Unmarshal(plain, &secret); err != nil {
return nil, err
}
decrypted[i].SecretSnapshot = secret
}
return decrypted, nil
}
func hideSecretSnapshots(bindings []BindingSnapshot) []BindingSnapshot {
hidden := make([]BindingSnapshot, len(bindings))
for i, binding := range bindings {
hidden[i] = binding
hidden[i].SecretSnapshot = nil
}
return hidden
}
func (bs bootstrapService) encrypt(plain []byte) (string, error) {
block, err := aes.NewCipher(bs.encKey)
if err != nil {
return "", err
}
ciphertext := make([]byte, aes.BlockSize+len(plain))
iv := ciphertext[:aes.BlockSize]
if _, err := rand.Read(iv); err != nil {
return "", err
}
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], plain)
return hex.EncodeToString(ciphertext), nil
}
func (bs bootstrapService) decrypt(in string) ([]byte, error) {
ciphertext, err := hex.DecodeString(in)
if err != nil {
return nil, err
}
block, err := aes.NewCipher(bs.encKey)
if err != nil {
return nil, err
}
if len(ciphertext) < aes.BlockSize {
return nil, ErrExternalKeySecure
}
iv := ciphertext[:aes.BlockSize]
ciphertext = ciphertext[aes.BlockSize:]
stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(ciphertext, ciphertext)
return ciphertext, nil
}
bootstrap/service.go
+313 -282
View File
@@ -14,15 +14,10 @@ import (
"github.com/absmach/magistrala/pkg/errors"
repoerr "github.com/absmach/magistrala/pkg/errors/repository"
svcerr "github.com/absmach/magistrala/pkg/errors/service"
"github.com/absmach/magistrala/pkg/policies"
mgsdk "github.com/absmach/magistrala/pkg/sdk"
)
var (
// ErrClients indicates failure to communicate with Magistrala Clients service.
// It can be due to networking error or invalid/unauthenticated request.
ErrClients = errors.New("failed to receive response from Clients service")
// ErrExternalKey indicates a non-existent bootstrap configuration for given external key.
ErrExternalKey = errors.NewAuthZError("failed to get bootstrap configuration for given external key")
@@ -35,25 +30,24 @@ var (
// ErrAddBootstrap indicates error in adding bootstrap configuration.
ErrAddBootstrap = errors.NewServiceError("failed to add bootstrap configuration")
// ErrBootstrapState indicates an invalid bootstrap state.
ErrBootstrapState = errors.NewRequestError("invalid bootstrap state")
// ErrBootstrapStatus indicates an invalid bootstrap status.
ErrBootstrapStatus = errors.NewRequestError("invalid bootstrap status")
// ErrNotInSameDomain indicates entities are not in the same domain.
errNotInSameDomain = errors.New("entities are not in the same domain")
errUpdateConnections = errors.New("failed to update connections")
errRemoveBootstrap = errors.New("failed to remove bootstrap configuration")
errChangeState = errors.New("failed to change state of bootstrap configuration")
errUpdateChannel = errors.New("failed to update channel")
errRemoveConfig = errors.New("failed to remove bootstrap configuration")
errRemoveChannel = errors.New("failed to remove channel")
errCreateClient = errors.New("failed to create client")
errConnectClient = errors.New("failed to connect client")
errDisconnectClient = errors.New("failed to disconnect client")
errCheckChannels = errors.New("failed to check if channels exists")
errConnectionChannels = errors.New("failed to check channels connections")
errClientNotFound = errors.New("failed to find client")
errEnableConfig = errors.New("failed to enable bootstrap configuration")
errDisableConfig = errors.New("failed to disable bootstrap configuration")
errUpdateCert = errors.New("failed to update cert")
errCreateProfile = errors.New("failed to create profile")
errViewProfile = errors.New("failed to view profile")
errUpdateProfile = errors.New("failed to update profile")
errDeleteProfile = errors.New("failed to delete profile")
errListProfiles = errors.New("failed to list profiles")
errAssignProfile = errors.New("failed to assign profile to enrollment")
errBindResources = errors.New("failed to bind resources")
errListBindings = errors.New("failed to list bindings")
errRefreshBinding = errors.New("failed to refresh bindings")
errRenderBootstrap = errors.New("failed to render bootstrap configuration")
)
var _ Service = (*bootstrapService)(nil)
@@ -72,10 +66,7 @@ type Service interface {
// UpdateCert updates an existing Config certificate and token.
// A non-nil error is returned to indicate operation failure.
UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (Config, error)
// UpdateConnections updates list of Channels related to given Config.
UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) error
UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (Config, error)
// List returns subset of Configs with given search params that belong to the
// user identified by the given token.
@@ -87,26 +78,41 @@ type Service interface {
// Bootstrap returns Config to the Client with provided external ID using external key.
Bootstrap(ctx context.Context, externalKey, externalID string, secure bool) (Config, error)
// ChangeState changes state of the Client with given client ID and domain ID.
ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state State) error
// EnableConfig enables the Config so its device can successfully bootstrap.
EnableConfig(ctx context.Context, session smqauthn.Session, id string) (Config, error)
// Methods RemoveConfig, UpdateChannel, and RemoveChannel are used as
// handlers for events. That's why these methods surpass ownership check.
// DisableConfig disables the Config, preventing its device from bootstrapping.
DisableConfig(ctx context.Context, session smqauthn.Session, id string) (Config, error)
// UpdateChannelHandler updates Channel with data received from an event.
UpdateChannelHandler(ctx context.Context, channel Channel) error
// CreateProfile persists a new device Profile.
CreateProfile(ctx context.Context, session smqauthn.Session, p Profile) (Profile, error)
// RemoveConfigHandler removes Configuration with id received from an event.
RemoveConfigHandler(ctx context.Context, id string) error
// ViewProfile returns the Profile with the given ID.
ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (Profile, error)
// RemoveChannelHandler removes Channel with id received from an event.
RemoveChannelHandler(ctx context.Context, id string) error
// UpdateProfile updates editable fields of the given Profile.
UpdateProfile(ctx context.Context, session smqauthn.Session, p Profile) error
// ConnectClientHandler changes state of the Config to active when connect event occurs.
ConnectClientHandler(ctx context.Context, channelID, clientID string) error
// ListProfiles returns a page of Profiles belonging to the domain.
ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (ProfilesPage, error)
// DisconnectClientHandler changes state of the Config to inactive when disconnect event occurs.
DisconnectClientHandler(ctx context.Context, channelID, clientID string) error
// DeleteProfile removes the Profile with the given ID.
DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error
// AssignProfile sets the ProfileID on an existing enrollment (Config).
AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error
// BindResources resolves the requested bindings through their owning services,
// stores snapshots, and marks the enrollment renderable when all required slots
// are satisfied.
BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []BindingRequest) error
// ListBindings returns all stored binding snapshots for an enrollment.
ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]BindingSnapshot, error)
// RefreshBindings re-resolves all existing bindings for an enrollment and
// updates the stored snapshots.
RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error
}
// ConfigReader is used to parse Config into format which will be encoded
@@ -118,70 +124,67 @@ type ConfigReader interface {
}
type bootstrapService struct {
policies policies.Service
configs ConfigRepository
profiles ProfileRepository
bindings BindingStore
resolver BindingResolver
renderer Renderer
hasher Hasher
sdk mgsdk.SDK
encKey []byte
idProvider magistrala.IDProvider
}
// New returns new Bootstrap service.
func New(policyService policies.Service, configs ConfigRepository, sdk mgsdk.SDK, encKey []byte, idp magistrala.IDProvider) Service {
func New(
configs ConfigRepository,
profiles ProfileRepository,
bindings BindingStore,
resolver BindingResolver,
renderer Renderer,
sdk mgsdk.SDK,
hasher Hasher,
encKey []byte,
idp magistrala.IDProvider,
) Service {
return &bootstrapService{
configs: configs,
profiles: profiles,
bindings: bindings,
resolver: resolver,
renderer: renderer,
hasher: hasher,
sdk: sdk,
policies: policyService,
encKey: encKey,
idProvider: idp,
}
}
func (bs bootstrapService) Add(ctx context.Context, session smqauthn.Session, token string, cfg Config) (Config, error) {
toConnect := bs.toIDList(cfg.Channels)
// Check if channels exist. This is the way to prevent fetching channels that already exist.
existing, err := bs.configs.ListExisting(ctx, session.DomainID, toConnect)
id, err := bs.idProvider.ID()
if err != nil {
return Config{}, errors.Wrap(errCheckChannels, err)
return Config{}, errors.Wrap(ErrAddBootstrap, err)
}
cfg.Channels, err = bs.connectionChannels(ctx, toConnect, bs.toIDList(existing), session.DomainID, token)
hashedKey, err := bs.hasher.Hash(cfg.ExternalKey)
if err != nil {
return Config{}, errors.Wrap(errConnectionChannels, err)
return Config{}, errors.Wrap(ErrAddBootstrap, err)
}
id := cfg.ClientID
mgClient, err := bs.client(ctx, session.DomainID, id, token)
if err != nil {
return Config{}, errors.Wrap(errClientNotFound, err)
}
for _, channel := range cfg.Channels {
if channel.DomainID != mgClient.DomainID {
return Config{}, errors.Wrap(svcerr.ErrMalformedEntity, errNotInSameDomain)
}
}
cfg.ClientID = mgClient.ID
cfg.ID = id
cfg.DomainID = session.DomainID
cfg.State = Inactive
cfg.ClientSecret = mgClient.Credentials.Secret
cfg.Status = Active
cfg.ExternalKey = hashedKey
saved, err := bs.configs.Save(ctx, cfg, toConnect)
saved, err := bs.configs.Save(ctx, cfg)
if err != nil {
// If id is empty, then a new client has been created function - bs.client(id, token)
// So, on bootstrap config save error , delete the newly created client.
if id == "" {
if errT := bs.sdk.DeleteClient(ctx, cfg.ClientID, cfg.DomainID, token); errT != nil {
err = errors.Wrap(err, errT)
}
if errors.Contains(err, repoerr.ErrConflict) {
return Config{}, errors.Wrap(svcerr.ErrConflict, err)
}
return Config{}, errors.Wrap(ErrAddBootstrap, err)
}
cfg.ClientID = saved
cfg.Channels = append(cfg.Channels, existing...)
cfg.ID = saved
return cfg, nil
}
@@ -196,105 +199,21 @@ func (bs bootstrapService) View(ctx context.Context, session smqauthn.Session, i
func (bs bootstrapService) Update(ctx context.Context, session smqauthn.Session, cfg Config) error {
cfg.DomainID = session.DomainID
if err := bs.configs.Update(ctx, cfg); err != nil {
return errors.Wrap(errUpdateConnections, err)
return errors.Wrap(svcerr.ErrUpdateEntity, err)
}
return nil
}
func (bs bootstrapService) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (Config, error) {
cfg, err := bs.configs.UpdateCert(ctx, session.DomainID, clientID, clientCert, clientKey, caCert)
func (bs bootstrapService) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (Config, error) {
cfg, err := bs.configs.UpdateCert(ctx, session.DomainID, id, clientCert, clientKey, caCert)
if err != nil {
return Config{}, errors.Wrap(errUpdateCert, err)
}
return cfg, nil
}
func (bs bootstrapService) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) error {
cfg, err := bs.configs.RetrieveByID(ctx, session.DomainID, id)
if err != nil {
return errors.Wrap(errUpdateConnections, err)
}
add, remove := bs.updateList(cfg, connections)
// Check if channels exist. This is the way to prevent fetching channels that already exist.
existing, err := bs.configs.ListExisting(ctx, session.DomainID, connections)
if err != nil {
return errors.Wrap(errUpdateConnections, err)
}
channels, err := bs.connectionChannels(ctx, connections, bs.toIDList(existing), session.DomainID, token)
if err != nil {
return errors.Wrap(errUpdateConnections, err)
}
cfg.Channels = channels
var connect, disconnect []string
if cfg.State == Active {
connect = add
disconnect = remove
}
for _, c := range disconnect {
if err := bs.sdk.DisconnectClients(ctx, c, []string{id}, []string{"Publish", "Subscribe"}, session.DomainID, token); err != nil {
if errors.Contains(err, repoerr.ErrNotFound) {
continue
}
return ErrClients
}
}
for _, c := range connect {
conIDs := mgsdk.Connection{
ChannelIDs: []string{c},
ClientIDs: []string{id},
Types: []string{"Publish", "Subscribe"},
}
if err := bs.sdk.Connect(ctx, conIDs, session.DomainID, token); err != nil {
return ErrClients
}
}
if err := bs.configs.UpdateConnections(ctx, session.DomainID, id, channels, connections); err != nil {
return errors.Wrap(errUpdateConnections, err)
}
return nil
}
func (bs bootstrapService) listClientIDs(ctx context.Context, userID string) ([]string, error) {
tids, err := bs.policies.ListAllObjects(ctx, policies.Policy{
SubjectType: policies.UserType,
Subject: userID,
Permission: policies.ViewPermission,
ObjectType: policies.ClientType,
})
if err != nil {
return nil, errors.Wrap(svcerr.ErrNotFound, err)
}
return tids.Policies, nil
}
func (bs bootstrapService) List(ctx context.Context, session smqauthn.Session, filter Filter, offset, limit uint64) (ConfigsPage, error) {
if session.SuperAdmin {
return bs.configs.RetrieveAll(ctx, session.DomainID, []string{}, filter, offset, limit), nil
}
// Handle non-admin users
clientIDs, err := bs.listClientIDs(ctx, session.DomainUserID)
if err != nil {
return ConfigsPage{}, errors.Wrap(svcerr.ErrNotFound, err)
}
if len(clientIDs) == 0 {
return ConfigsPage{
Total: 0,
Offset: offset,
Limit: limit,
Configs: []Config{},
}, nil
}
return bs.configs.RetrieveAll(ctx, session.DomainID, clientIDs, filter, offset, limit), nil
return bs.configs.RetrieveAll(ctx, session.DomainID, filter, offset, limit), nil
}
func (bs bootstrapService) Remove(ctx context.Context, session smqauthn.Session, id string) error {
@@ -316,171 +235,283 @@ func (bs bootstrapService) Bootstrap(ctx context.Context, externalKey, externalI
}
externalKey = dec
}
if cfg.ExternalKey != externalKey {
if err := bs.hasher.Compare(externalKey, cfg.ExternalKey); err != nil {
return Config{}, ErrExternalKey
}
if cfg.Status == DisabledStatus {
return Config{}, ErrBootstrap
}
cfg, err = bs.renderBootstrapConfig(ctx, cfg)
if err != nil {
return Config{}, errors.Wrap(ErrBootstrap, err)
}
return cfg, nil
}
func (bs bootstrapService) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state State) error {
cfg, err := bs.configs.RetrieveByID(ctx, session.DomainID, id)
func (bs bootstrapService) renderBootstrapConfig(ctx context.Context, cfg Config) (Config, error) {
if cfg.ProfileID == "" {
return cfg, nil
}
if bs.profiles == nil || bs.bindings == nil || bs.renderer == nil {
return Config{}, errors.Wrap(errRenderBootstrap, errors.New("profile rendering support not configured"))
}
profile, err := bs.profiles.RetrieveByID(ctx, cfg.DomainID, cfg.ProfileID)
if err != nil {
return errors.Wrap(errChangeState, err)
return Config{}, errors.Wrap(errRenderBootstrap, err)
}
if cfg.State == state {
return nil
bindings, err := bs.bindings.Retrieve(ctx, cfg.ID)
if err != nil {
return Config{}, errors.Wrap(errRenderBootstrap, err)
}
if err := validateRequiredBindings(profile, bindings); err != nil {
return Config{}, errors.Wrap(errRenderBootstrap, err)
}
bindings, err = bs.decryptSecretSnapshots(bindings)
if err != nil {
return Config{}, errors.Wrap(errRenderBootstrap, err)
}
switch state {
case Active:
for _, c := range cfg.Channels {
if err := bs.sdk.ConnectClients(ctx, c.ID, []string{cfg.ClientID}, []string{"Publish", "Subscribe"}, session.DomainID, token); err != nil {
// Ignore conflict errors as they indicate the connection already exists.
if errors.Contains(err, svcerr.ErrConflict) {
continue
}
return ErrClients
}
}
case Inactive:
for _, c := range cfg.Channels {
if err := bs.sdk.DisconnectClients(ctx, c.ID, []string{cfg.ClientID}, []string{"Publish", "Subscribe"}, session.DomainID, token); err != nil {
if errors.Contains(err, repoerr.ErrNotFound) {
continue
}
return ErrClients
}
}
}
if err := bs.configs.ChangeState(ctx, session.DomainID, id, state); err != nil {
return errors.Wrap(errChangeState, err)
}
return nil
rendered, err := bs.renderer.Render(profile, cfg, bindings)
if err != nil {
return Config{}, errors.Wrap(errRenderBootstrap, err)
}
func (bs bootstrapService) UpdateChannelHandler(ctx context.Context, channel Channel) error {
if err := bs.configs.UpdateChannel(ctx, channel); err != nil {
return errors.Wrap(errUpdateChannel, err)
}
return nil
cfg.Content = string(rendered)
return cfg, nil
}
func (bs bootstrapService) RemoveConfigHandler(ctx context.Context, id string) error {
if err := bs.configs.RemoveClient(ctx, id); err != nil {
return errors.Wrap(errRemoveConfig, err)
func (bs bootstrapService) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (Config, error) {
cfg, err := bs.changeConfigStatus(ctx, session.DomainID, id, EnabledStatus)
if err != nil {
return Config{}, errors.Wrap(errEnableConfig, err)
}
return nil
return cfg, nil
}
func (bs bootstrapService) RemoveChannelHandler(ctx context.Context, id string) error {
if err := bs.configs.RemoveChannel(ctx, id); err != nil {
return errors.Wrap(errRemoveChannel, err)
func (bs bootstrapService) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (Config, error) {
cfg, err := bs.changeConfigStatus(ctx, session.DomainID, id, DisabledStatus)
if err != nil {
return Config{}, errors.Wrap(errDisableConfig, err)
}
return nil
return cfg, nil
}
func (bs bootstrapService) ConnectClientHandler(ctx context.Context, channelID, clientID string) error {
if err := bs.configs.ConnectClient(ctx, channelID, clientID); err != nil {
return errors.Wrap(errConnectClient, err)
func (bs bootstrapService) changeConfigStatus(ctx context.Context, domainID, id string, status Status) (Config, error) {
cfg, err := bs.configs.RetrieveByID(ctx, domainID, id)
if err != nil {
return Config{}, errors.Wrap(svcerr.ErrViewEntity, err)
}
return nil
if cfg.Status == status {
return cfg, nil
}
if err := bs.configs.ChangeStatus(ctx, domainID, id, status); err != nil {
return Config{}, errors.Wrap(svcerr.ErrUpdateEntity, err)
}
cfg.Status = status
return cfg, nil
}
func (bs bootstrapService) DisconnectClientHandler(ctx context.Context, channelID, clientID string) error {
if err := bs.configs.DisconnectClient(ctx, channelID, clientID); err != nil {
return errors.Wrap(errDisconnectClient, err)
}
return nil
}
// --- Profile management ---
// Method client retrieves Magistrala Client creating one if an empty ID is passed.
func (bs bootstrapService) client(ctx context.Context, domainID, id, token string) (mgsdk.Client, error) {
// If Client ID is not provided, then create new client.
if id == "" {
func (bs bootstrapService) CreateProfile(ctx context.Context, session smqauthn.Session, p Profile) (Profile, error) {
if bs.profiles == nil {
return Profile{}, errors.Wrap(errCreateProfile, errors.New("profile repository not configured"))
}
id, err := bs.idProvider.ID()
if err != nil {
return mgsdk.Client{}, errors.Wrap(errCreateClient, err)
return Profile{}, errors.Wrap(errCreateProfile, err)
}
client, sdkErr := bs.sdk.CreateClient(ctx, mgsdk.Client{ID: id, Name: "Bootstrapped Client " + id}, domainID, token)
if sdkErr != nil {
return mgsdk.Client{}, errors.Wrap(errCreateClient, sdkErr)
p.ID = id
p.DomainID = session.DomainID
if p.TemplateFormat == "" {
p.TemplateFormat = TemplateFormatGoTemplate
}
return client, nil
p.Version = 1
if err := validateProfileBindingSlots(p); err != nil {
return Profile{}, errors.Wrap(errCreateProfile, err)
}
// If Client ID is provided, then retrieve client
client, sdkErr := bs.sdk.Client(ctx, id, domainID, token)
if sdkErr != nil {
return mgsdk.Client{}, errors.Wrap(ErrClients, sdkErr)
if err := validateProfileTemplate(p); err != nil {
return Profile{}, errors.Wrap(errCreateProfile, err)
}
return client, nil
}
func (bs bootstrapService) connectionChannels(ctx context.Context, channels, existing []string, domainID, token string) ([]Channel, error) {
add := make(map[string]bool, len(channels))
for _, ch := range channels {
add[ch] = true
}
for _, ch := range existing {
if add[ch] {
delete(add, ch)
}
}
var ret []Channel
for id := range add {
ch, err := bs.sdk.Channel(ctx, id, domainID, token)
saved, err := bs.profiles.Save(ctx, p)
if err != nil {
return nil, errors.Wrap(errors.ErrMalformedEntity, err)
return Profile{}, errors.Wrap(errCreateProfile, err)
}
return saved, nil
}
ret = append(ret, Channel{
ID: ch.ID,
Name: ch.Name,
Metadata: ch.Metadata,
DomainID: ch.DomainID,
func (bs bootstrapService) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (Profile, error) {
if bs.profiles == nil {
return Profile{}, errors.Wrap(errViewProfile, errors.New("profile repository not configured"))
}
p, err := bs.profiles.RetrieveByID(ctx, session.DomainID, profileID)
if err != nil {
return Profile{}, errors.Wrap(errViewProfile, err)
}
return p, nil
}
func (bs bootstrapService) UpdateProfile(ctx context.Context, session smqauthn.Session, p Profile) error {
if bs.profiles == nil {
return errors.Wrap(errUpdateProfile, errors.New("profile repository not configured"))
}
p.DomainID = session.DomainID
if p.TemplateFormat == "" {
p.TemplateFormat = TemplateFormatGoTemplate
}
if err := validateProfileBindingSlots(p); err != nil {
return errors.Wrap(errUpdateProfile, err)
}
if err := validateProfileTemplate(p); err != nil {
return errors.Wrap(errUpdateProfile, err)
}
if err := bs.profiles.Update(ctx, p); err != nil {
return errors.Wrap(errUpdateProfile, err)
}
return nil
}
func (bs bootstrapService) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (ProfilesPage, error) {
if bs.profiles == nil {
return ProfilesPage{}, errors.Wrap(errListProfiles, errors.New("profile repository not configured"))
}
page, err := bs.profiles.RetrieveAll(ctx, session.DomainID, offset, limit)
if err != nil {
return ProfilesPage{}, errors.Wrap(errListProfiles, err)
}
return page, nil
}
func (bs bootstrapService) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error {
if bs.profiles == nil {
return errors.Wrap(errDeleteProfile, errors.New("profile repository not configured"))
}
if err := bs.profiles.Delete(ctx, session.DomainID, profileID); err != nil {
return errors.Wrap(errDeleteProfile, err)
}
return nil
}
// --- Enrollment-profile assignment ---
func (bs bootstrapService) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error {
if bs.profiles == nil {
return errors.Wrap(errAssignProfile, errors.New("profile repository not configured"))
}
// Validate profile exists in domain.
if _, err := bs.profiles.RetrieveByID(ctx, session.DomainID, profileID); err != nil {
return errors.Wrap(errAssignProfile, err)
}
if err := bs.configs.AssignProfile(ctx, session.DomainID, configID, profileID); err != nil {
return errors.Wrap(errAssignProfile, err)
}
return nil
}
// --- Binding management ---
func (bs bootstrapService) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, requested []BindingRequest) error {
if bs.profiles == nil || bs.bindings == nil || bs.resolver == nil {
return errors.Wrap(errBindResources, errors.New("binding support not configured"))
}
cfg, err := bs.configs.RetrieveByID(ctx, session.DomainID, configID)
if err != nil {
return errors.Wrap(errBindResources, err)
}
profile, err := bs.profiles.RetrieveByID(ctx, session.DomainID, cfg.ProfileID)
if err != nil {
return errors.Wrap(errBindResources, err)
}
if err := validateRequestedBindings(profile, requested); err != nil {
return errors.Wrap(errBindResources, err)
}
snapshots, err := bs.resolver.Resolve(ctx, ResolveRequest{
Enrollment: cfg,
Token: token,
Requested: requested,
})
if err != nil {
return errors.Wrap(errBindResources, err)
}
existing, err := bs.bindings.Retrieve(ctx, configID)
if err != nil {
return errors.Wrap(errBindResources, err)
}
if err := validateRequiredBindings(profile, mergeBindingSnapshots(existing, snapshots)); err != nil {
return errors.Wrap(errBindResources, err)
}
snapshots, err = bs.encryptSecretSnapshots(snapshots)
if err != nil {
return errors.Wrap(errBindResources, err)
}
if err := bs.bindings.Save(ctx, configID, snapshots); err != nil {
return errors.Wrap(errBindResources, err)
}
return nil
}
return ret, nil
func (bs bootstrapService) ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]BindingSnapshot, error) {
if bs.bindings == nil {
return nil, errors.Wrap(errListBindings, errors.New("binding support not configured"))
}
if _, err := bs.configs.RetrieveByID(ctx, session.DomainID, configID); err != nil {
return nil, errors.Wrap(errListBindings, err)
}
snapshots, err := bs.bindings.Retrieve(ctx, configID)
if err != nil {
return nil, errors.Wrap(errListBindings, err)
}
return hideSecretSnapshots(snapshots), nil
}
// Method updateList accepts config and channel IDs and returns three lists:
// 1) IDs of Channels to be added
// 2) IDs of Channels to be removed
// 3) IDs of common Channels for these two configs.
func (bs bootstrapService) updateList(cfg Config, connections []string) (add, remove []string) {
disconnect := make(map[string]bool, len(cfg.Channels))
for _, c := range cfg.Channels {
disconnect[c.ID] = true
func (bs bootstrapService) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error {
if bs.profiles == nil || bs.bindings == nil || bs.resolver == nil {
return errors.Wrap(errRefreshBinding, errors.New("binding support not configured"))
}
for _, c := range connections {
if disconnect[c] {
// Don't disconnect common elements.
delete(disconnect, c)
continue
cfg, err := bs.configs.RetrieveByID(ctx, session.DomainID, configID)
if err != nil {
return errors.Wrap(errRefreshBinding, err)
}
// Connect new elements.
add = append(add, c)
profile, err := bs.profiles.RetrieveByID(ctx, session.DomainID, cfg.ProfileID)
if err != nil {
return errors.Wrap(errRefreshBinding, err)
}
for v := range disconnect {
remove = append(remove, v)
existing, err := bs.bindings.Retrieve(ctx, configID)
if err != nil {
return errors.Wrap(errRefreshBinding, err)
}
return
if len(existing) == 0 {
return nil
}
func (bs bootstrapService) toIDList(channels []Channel) []string {
var ret []string
for _, ch := range channels {
ret = append(ret, ch.ID)
// Re-resolve every existing binding to refresh its snapshot.
requested := make([]BindingRequest, len(existing))
for i, b := range existing {
requested[i] = BindingRequest{Slot: b.Slot, Type: b.Type, ResourceID: b.ResourceID}
}
return ret
if err := validateRequestedBindings(profile, requested); err != nil {
return errors.Wrap(errRefreshBinding, err)
}
refreshed, err := bs.resolver.Resolve(ctx, ResolveRequest{
Enrollment: cfg,
Token: token,
Requested: requested,
})
if err != nil {
return errors.Wrap(errRefreshBinding, err)
}
if err := validateRequiredBindings(profile, refreshed); err != nil {
return errors.Wrap(errRefreshBinding, err)
}
refreshed, err = bs.encryptSecretSnapshots(refreshed)
if err != nil {
return errors.Wrap(errRefreshBinding, err)
}
return bs.bindings.Save(ctx, configID, refreshed)
}
func (bs bootstrapService) dec(in string) (string, error) {
bootstrap/service_test.go
+816 -315
View File
File diff suppressed because it is too large Load Diff
bootstrap/state.go
-26
View File
@@ -1,26 +0,0 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package bootstrap
import "strconv"
const (
// Inactive Client is created, but not able to exchange messages using Magistrala.
Inactive State = iota
// Active Client is created, configured, and whitelisted.
Active
)
// State represents corresponding Magistrala Client state. The possible Config States
// as well as description of what that State represents are given in the table:
// | State | What it means |
// |----------+--------------------------------------------------------------------------------|
// | Inactive | Client is created, but isn't able to communicate over Magistrala |
// | Active | Client is able to communicate using Magistrala |.
type State int
// String returns string representation of State.
func (s State) String() string {
return strconv.Itoa(int(s))
}
bootstrap/status.go
+101
View File
@@ -0,0 +1,101 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package bootstrap
import (
"encoding/json"
"strconv"
"strings"
svcerr "github.com/absmach/magistrala/pkg/errors/service"
)
// Status represents bootstrap enrollment availability.
type Status uint8
// Possible bootstrap enrollment statuses.
const (
EnabledStatus Status = iota
DisabledStatus
// AllStatus is used for querying purposes to list configs irrespective
// of their status. It is never stored in the database.
AllStatus
)
// String representation of bootstrap status values.
const (
Disabled = "disabled"
Enabled = "enabled"
All = "all"
Unknown = "unknown"
)
// Backward-compatible aliases kept while callers move off the old names.
const (
Inactive = DisabledStatus
Active = EnabledStatus
)
// String returns string representation of Status.
func (s Status) String() string {
switch s {
case DisabledStatus:
return Disabled
case EnabledStatus:
return Enabled
case AllStatus:
return All
default:
return Unknown
}
}
// ToStatus converts a string or legacy numeric string value to Status.
func ToStatus(status string) (Status, error) {
switch strings.ToLower(status) {
case "", Enabled, "0":
return EnabledStatus, nil
case Disabled, "1":
return DisabledStatus, nil
case All:
return AllStatus, nil
}
return Status(0), svcerr.ErrInvalidStatus
}
// MarshalJSON renders bootstrap status as a string literal.
func (s Status) MarshalJSON() ([]byte, error) {
return json.Marshal(s.String())
}
// UnmarshalJSON accepts both string and legacy numeric bootstrap statuses.
func (s *Status) UnmarshalJSON(data []byte) error {
if len(data) == 0 || string(data) == "null" {
return nil
}
if data[0] != '"' {
var n int
if err := json.Unmarshal(data, &n); err != nil {
return err
}
parsed, err := ToStatus(strconv.Itoa(n))
if err != nil {
return err
}
*s = parsed
return nil
}
var status string
if err := json.Unmarshal(data, &status); err != nil {
return err
}
parsed, err := ToStatus(status)
if err != nil {
return err
}
*s = parsed
return nil
}
bootstrap/tracing/tracing.go
+79 -63
View File
@@ -27,12 +27,12 @@ func New(svc bootstrap.Service, tracer trace.Tracer) bootstrap.Service {
// Add traces the "Add" operation of the wrapped bootstrap.Service.
func (tm *tracingMiddleware) Add(ctx context.Context, session smqauthn.Session, token string, cfg bootstrap.Config) (bootstrap.Config, error) {
ctx, span := tm.tracer.Start(ctx, "svc_register_user", trace.WithAttributes(
attribute.String("client_id", cfg.ClientID),
attribute.String("config_id", cfg.ID),
attribute.String("domain_id ", cfg.DomainID),
attribute.String("name", cfg.Name),
attribute.String("external_id", cfg.ExternalID),
attribute.String("content", cfg.Content),
attribute.String("state", cfg.State.String()),
attribute.String("status", cfg.Status.String()),
))
defer span.End()
@@ -54,7 +54,7 @@ func (tm *tracingMiddleware) Update(ctx context.Context, session smqauthn.Sessio
ctx, span := tm.tracer.Start(ctx, "svc_update_user", trace.WithAttributes(
attribute.String("name", cfg.Name),
attribute.String("content", cfg.Content),
attribute.String("client_id", cfg.ClientID),
attribute.String("config_id", cfg.ID),
attribute.String("domain_id ", cfg.DomainID),
))
defer span.End()
@@ -63,24 +63,13 @@ func (tm *tracingMiddleware) Update(ctx context.Context, session smqauthn.Sessio
}
// UpdateCert traces the "UpdateCert" operation of the wrapped bootstrap.Service.
func (tm *tracingMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
func (tm *tracingMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, id, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
ctx, span := tm.tracer.Start(ctx, "svc_update_cert", trace.WithAttributes(
attribute.String("client_id", clientID),
attribute.String("config_id", id),
))
defer span.End()
return tm.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert)
}
// UpdateConnections traces the "UpdateConnections" operation of the wrapped bootstrap.Service.
func (tm *tracingMiddleware) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) error {
ctx, span := tm.tracer.Start(ctx, "svc_update_connections", trace.WithAttributes(
attribute.String("id", id),
attribute.StringSlice("connections", connections),
))
defer span.End()
return tm.svc.UpdateConnections(ctx, session, token, id, connections)
return tm.svc.UpdateCert(ctx, session, id, clientCert, clientKey, caCert)
}
// List traces the "List" operation of the wrapped bootstrap.Service.
@@ -107,7 +96,6 @@ func (tm *tracingMiddleware) Remove(ctx context.Context, session smqauthn.Sessio
// Bootstrap traces the "Bootstrap" operation of the wrapped bootstrap.Service.
func (tm *tracingMiddleware) Bootstrap(ctx context.Context, externalKey, externalID string, secure bool) (bootstrap.Config, error) {
ctx, span := tm.tracer.Start(ctx, "svc_bootstrap_user", trace.WithAttributes(
attribute.String("external_key", externalKey),
attribute.String("external_id", externalID),
attribute.Bool("secure", secure),
))
@@ -116,67 +104,95 @@ func (tm *tracingMiddleware) Bootstrap(ctx context.Context, externalKey, externa
return tm.svc.Bootstrap(ctx, externalKey, externalID, secure)
}
// ChangeState traces the "ChangeState" operation of the wrapped bootstrap.Service.
func (tm *tracingMiddleware) ChangeState(ctx context.Context, session smqauthn.Session, token, id string, state bootstrap.State) error {
ctx, span := tm.tracer.Start(ctx, "svc_change_state", trace.WithAttributes(
attribute.String("id", id),
attribute.String("state", state.String()),
))
defer span.End()
return tm.svc.ChangeState(ctx, session, token, id, state)
}
// UpdateChannelHandler traces the "UpdateChannelHandler" operation of the wrapped bootstrap.Service.
func (tm *tracingMiddleware) UpdateChannelHandler(ctx context.Context, channel bootstrap.Channel) error {
ctx, span := tm.tracer.Start(ctx, "svc_update_channel_handler", trace.WithAttributes(
attribute.String("id", channel.ID),
attribute.String("name", channel.Name),
attribute.String("description", channel.Description),
))
defer span.End()
return tm.svc.UpdateChannelHandler(ctx, channel)
}
// RemoveConfigHandler traces the "RemoveConfigHandler" operation of the wrapped bootstrap.Service.
func (tm *tracingMiddleware) RemoveConfigHandler(ctx context.Context, id string) error {
ctx, span := tm.tracer.Start(ctx, "svc_remove_config_handler", trace.WithAttributes(
func (tm *tracingMiddleware) EnableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) {
ctx, span := tm.tracer.Start(ctx, "svc_enable_config", trace.WithAttributes(
attribute.String("id", id),
))
defer span.End()
return tm.svc.RemoveConfigHandler(ctx, id)
return tm.svc.EnableConfig(ctx, session, id)
}
// RemoveChannelHandler traces the "RemoveChannelHandler" operation of the wrapped bootstrap.Service.
func (tm *tracingMiddleware) RemoveChannelHandler(ctx context.Context, id string) error {
ctx, span := tm.tracer.Start(ctx, "svc_remove_channel_handler", trace.WithAttributes(
func (tm *tracingMiddleware) DisableConfig(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) {
ctx, span := tm.tracer.Start(ctx, "svc_disable_config", trace.WithAttributes(
attribute.String("id", id),
))
defer span.End()
return tm.svc.RemoveChannelHandler(ctx, id)
return tm.svc.DisableConfig(ctx, session, id)
}
// ConnectClientHandler traces the "ConnectClientHandler" operation of the wrapped bootstrap.Service.
func (tm *tracingMiddleware) ConnectClientHandler(ctx context.Context, channelID, clientID string) error {
ctx, span := tm.tracer.Start(ctx, "svc_connect_client_handler", trace.WithAttributes(
attribute.String("channel_id", channelID),
attribute.String("client_id", clientID),
func (tm *tracingMiddleware) CreateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) (bootstrap.Profile, error) {
ctx, span := tm.tracer.Start(ctx, "svc_create_profile", trace.WithAttributes(
attribute.String("name", p.Name),
attribute.String("domain_id", p.DomainID),
))
defer span.End()
return tm.svc.ConnectClientHandler(ctx, channelID, clientID)
return tm.svc.CreateProfile(ctx, session, p)
}
// DisconnectClientHandler traces the "DisconnectClientHandler" operation of the wrapped bootstrap.Service.
func (tm *tracingMiddleware) DisconnectClientHandler(ctx context.Context, channelID, clientID string) error {
ctx, span := tm.tracer.Start(ctx, "svc_disconnect_client_handler", trace.WithAttributes(
attribute.String("channel_id", channelID),
attribute.String("client_id", clientID),
func (tm *tracingMiddleware) ViewProfile(ctx context.Context, session smqauthn.Session, profileID string) (bootstrap.Profile, error) {
ctx, span := tm.tracer.Start(ctx, "svc_view_profile", trace.WithAttributes(
attribute.String("profile_id", profileID),
))
defer span.End()
return tm.svc.DisconnectClientHandler(ctx, channelID, clientID)
return tm.svc.ViewProfile(ctx, session, profileID)
}
func (tm *tracingMiddleware) UpdateProfile(ctx context.Context, session smqauthn.Session, p bootstrap.Profile) error {
ctx, span := tm.tracer.Start(ctx, "svc_update_profile", trace.WithAttributes(
attribute.String("profile_id", p.ID),
))
defer span.End()
return tm.svc.UpdateProfile(ctx, session, p)
}
func (tm *tracingMiddleware) ListProfiles(ctx context.Context, session smqauthn.Session, offset, limit uint64) (bootstrap.ProfilesPage, error) {
ctx, span := tm.tracer.Start(ctx, "svc_list_profiles", trace.WithAttributes(
attribute.Int64("offset", int64(offset)),
attribute.Int64("limit", int64(limit)),
))
defer span.End()
return tm.svc.ListProfiles(ctx, session, offset, limit)
}
func (tm *tracingMiddleware) DeleteProfile(ctx context.Context, session smqauthn.Session, profileID string) error {
ctx, span := tm.tracer.Start(ctx, "svc_delete_profile", trace.WithAttributes(
attribute.String("profile_id", profileID),
))
defer span.End()
return tm.svc.DeleteProfile(ctx, session, profileID)
}
func (tm *tracingMiddleware) AssignProfile(ctx context.Context, session smqauthn.Session, configID, profileID string) error {
ctx, span := tm.tracer.Start(ctx, "svc_assign_profile", trace.WithAttributes(
attribute.String("config_id", configID),
attribute.String("profile_id", profileID),
))
defer span.End()
return tm.svc.AssignProfile(ctx, session, configID, profileID)
}
func (tm *tracingMiddleware) BindResources(ctx context.Context, session smqauthn.Session, token, configID string, bindings []bootstrap.BindingRequest) error {
ctx, span := tm.tracer.Start(ctx, "svc_bind_resources", trace.WithAttributes(
attribute.String("config_id", configID),
))
defer span.End()
return tm.svc.BindResources(ctx, session, token, configID, bindings)
}
func (tm *tracingMiddleware) ListBindings(ctx context.Context, session smqauthn.Session, configID string) ([]bootstrap.BindingSnapshot, error) {
ctx, span := tm.tracer.Start(ctx, "svc_list_bindings", trace.WithAttributes(
attribute.String("config_id", configID),
))
defer span.End()
return tm.svc.ListBindings(ctx, session, configID)
}
func (tm *tracingMiddleware) RefreshBindings(ctx context.Context, session smqauthn.Session, token, configID string) error {
ctx, span := tm.tracer.Start(ctx, "svc_refresh_bindings", trace.WithAttributes(
attribute.String("config_id", configID),
))
defer span.End()
return tm.svc.RefreshBindings(ctx, session, token, configID)
}
channels/middleware/authorization.go
+10 -1
View File
@@ -344,7 +344,7 @@ func (am *authorizationMiddleware) authorize(ctx context.Context, session authn.
UserID: session.UserID,
PatID: session.PatID,
EntityID: entityID,
EntityType: auth.ChannelsType.String(),
EntityType: patEntityType(entityType),
Operation: opName,
Domain: session.DomainID,
}
@@ -357,6 +357,15 @@ func (am *authorizationMiddleware) authorize(ctx context.Context, session authn.
return nil
}
func patEntityType(entityType string) string {
switch entityType {
case policies.ClientType:
return auth.ClientsType.String()
default:
return auth.ChannelsType.String()
}
}
func (am *authorizationMiddleware) checkSuperAdmin(ctx context.Context, session authn.Session) error {
if session.Role != authn.SuperAdminRole {
return svcerr.ErrSuperAdminAction
cli/bootstrap.go
+186 -14
View File
@@ -14,7 +14,7 @@ var cmdBootstrap = []cobra.Command{
{
Use: "create <JSON_config> <domain_id> <user_auth_token>",
Short: "Create config",
Long: `Create new Client Bootstrap Config to the user identified by the provided key`,
Long: `Create a new bootstrap enrollment in the given domain`,
Run: func(cmd *cobra.Command, args []string) {
if len(args) != 3 {
logUsageCmd(*cmd, cmd.Use)
@@ -37,11 +37,11 @@ var cmdBootstrap = []cobra.Command{
},
},
{
Use: "get [all | <client_id>] <domain_id> <user_auth_token>",
Use: "get [all | <config_id>] <domain_id> <user_auth_token>",
Short: "Get config",
Long: `Get Client Config with given ID belonging to the user identified by the given key.
Long: `Get bootstrap enrollment with given ID belonging to the user identified by the given key.
all - lists all config
<client_id> - view config of <client_id>`,
<config_id> - view config of <config_id>`,
Run: func(cmd *cobra.Command, args []string) {
if len(args) != 3 {
logUsageCmd(*cmd, cmd.Use)
@@ -50,7 +50,7 @@ var cmdBootstrap = []cobra.Command{
pageMetadata := mgsdk.PageMetadata{
Offset: Offset,
Limit: Limit,
State: State,
Status: Status,
Name: Name,
}
if args[0] == all {
@@ -77,8 +77,7 @@ var cmdBootstrap = []cobra.Command{
Short: "Update config",
Long: `Updates editable fields of the provided Config.
config <JSON_config> - Updates editable fields of the provided Config.
connection <id> <channel_ids> - Updates connections performs update of the channel list corresponding Client is connected to.
channel_ids - '["channel_id1", ...]'
connection <id> <channel_ids> - Unsupported legacy operation kept for compatibility.
certs <id> <client_cert> <client_key> <ca> - Update bootstrap config certificates.`,
Run: func(cmd *cobra.Command, args []string) {
if len(args) < 4 {
@@ -92,7 +91,7 @@ var cmdBootstrap = []cobra.Command{
return
}
if err := sdk.UpdateBootstrap(cmd.Context(), cfg, args[1], args[2]); err != nil {
if err := sdk.UpdateBootstrap(cmd.Context(), cfg, args[2], args[3]); err != nil {
logErrorCmd(*cmd, err)
return
}
@@ -115,7 +114,7 @@ var cmdBootstrap = []cobra.Command{
return
}
if args[0] == "certs" {
cfg, err := sdk.UpdateBootstrapCerts(cmd.Context(), args[0], args[1], args[2], args[3], args[4], args[5])
cfg, err := sdk.UpdateBootstrapCerts(cmd.Context(), args[1], args[2], args[3], args[4], args[5], args[6])
if err != nil {
logErrorCmd(*cmd, err)
return
@@ -128,7 +127,7 @@ var cmdBootstrap = []cobra.Command{
},
},
{
Use: "remove <client_id> <domain_id> <user_auth_token>",
Use: "remove <config_id> <domain_id> <user_auth_token>",
Short: "Remove config",
Long: `Removes Config with specified key that belongs to the user identified by the given key`,
Run: func(cmd *cobra.Command, args []string) {
@@ -177,7 +176,7 @@ var cmdBootstrap = []cobra.Command{
{
Use: "whitelist <JSON_config> <domain_id> <user_auth_token>",
Short: "Whitelist config",
Long: `Whitelist updates client state config with given id from the authenticated user`,
Long: `Whitelist updates bootstrap status for the given enrollment`,
Run: func(cmd *cobra.Command, args []string) {
if len(args) != 3 {
logUsageCmd(*cmd, cmd.Use)
@@ -190,7 +189,7 @@ var cmdBootstrap = []cobra.Command{
return
}
if err := sdk.Whitelist(cmd.Context(), cfg.ClientID, cfg.State, args[1], args[2]); err != nil {
if err := sdk.Whitelist(cmd.Context(), cfg.ID, cfg.Status, args[1], args[2]); err != nil {
logErrorCmd(*cmd, err)
return
}
@@ -198,14 +197,187 @@ var cmdBootstrap = []cobra.Command{
logOKCmd(*cmd)
},
},
{
Use: "profiles [create <JSON_profile> <domain_id> <user_auth_token> | get [all | <profile_id>] <domain_id> <user_auth_token> | update <JSON_profile> <domain_id> <user_auth_token> | remove <profile_id> <domain_id> <user_auth_token>]",
Short: "Manage bootstrap profiles",
Long: `Manage bootstrap profiles.
create <JSON_profile> - Create a bootstrap profile.
get all - List bootstrap profiles.
get <profile_id> - View bootstrap profile.
update <JSON_profile> - Update bootstrap profile.
remove <profile_id> - Remove bootstrap profile.`,
Run: func(cmd *cobra.Command, args []string) {
if len(args) == 0 {
logUsageCmd(*cmd, cmd.Use)
return
}
switch args[0] {
case create:
if len(args) != 4 {
logUsageCmd(*cmd, cmd.Use)
return
}
var profile mgsdk.BootstrapProfile
if err := json.Unmarshal([]byte(args[1]), &profile); err != nil {
logErrorCmd(*cmd, err)
return
}
profile, err := sdk.CreateBootstrapProfile(cmd.Context(), profile, args[2], args[3])
if err != nil {
logErrorCmd(*cmd, err)
return
}
logJSONCmd(*cmd, profile)
case get:
if len(args) != 4 {
logUsageCmd(*cmd, cmd.Use)
return
}
if args[1] == all {
pageMetadata := mgsdk.PageMetadata{
Offset: Offset,
Limit: Limit,
}
profiles, err := sdk.BootstrapProfiles(cmd.Context(), pageMetadata, args[2], args[3])
if err != nil {
logErrorCmd(*cmd, err)
return
}
logJSONCmd(*cmd, profiles)
return
}
profile, err := sdk.ViewBootstrapProfile(cmd.Context(), args[1], args[2], args[3])
if err != nil {
logErrorCmd(*cmd, err)
return
}
logJSONCmd(*cmd, profile)
case update:
if len(args) != 4 {
logUsageCmd(*cmd, cmd.Use)
return
}
var profile mgsdk.BootstrapProfile
if err := json.Unmarshal([]byte(args[1]), &profile); err != nil {
logErrorCmd(*cmd, err)
return
}
if err := sdk.UpdateBootstrapProfile(cmd.Context(), profile, args[2], args[3]); err != nil {
logErrorCmd(*cmd, err)
return
}
logOKCmd(*cmd)
case "remove":
if len(args) != 4 {
logUsageCmd(*cmd, cmd.Use)
return
}
if err := sdk.RemoveBootstrapProfile(cmd.Context(), args[1], args[2], args[3]); err != nil {
logErrorCmd(*cmd, err)
return
}
logOKCmd(*cmd)
default:
logUsageCmd(*cmd, cmd.Use)
}
},
},
{
Use: "enrollments [assign-profile <config_id> <profile_id> <domain_id> <user_auth_token> | bind <config_id> <JSON_bindings> <domain_id> <user_auth_token> | get-bindings <config_id> <domain_id> <user_auth_token> | refresh-bindings <config_id> <domain_id> <user_auth_token>]",
Short: "Manage bootstrap enrollment bindings",
Long: `Manage bootstrap enrollment profile assignments and bindings.
assign-profile <config_id> <profile_id> - Assign a profile to an enrollment.
bind <config_id> <JSON_bindings> - Bind concrete resources to an enrollment.
get-bindings <config_id> - List stored binding snapshots for an enrollment.
refresh-bindings <config_id> - Refresh stored binding snapshots for an enrollment.`,
Run: func(cmd *cobra.Command, args []string) {
if len(args) == 0 {
logUsageCmd(*cmd, cmd.Use)
return
}
switch args[0] {
case "assign-profile":
if len(args) != 5 {
logUsageCmd(*cmd, cmd.Use)
return
}
if err := sdk.AssignBootstrapProfile(cmd.Context(), args[1], args[2], args[3], args[4]); err != nil {
logErrorCmd(*cmd, err)
return
}
logOKCmd(*cmd)
case "bind":
if len(args) != 5 {
logUsageCmd(*cmd, cmd.Use)
return
}
var bindings []mgsdk.BootstrapBindingRequest
if err := json.Unmarshal([]byte(args[2]), &bindings); err != nil {
logErrorCmd(*cmd, err)
return
}
if err := sdk.BindBootstrapResources(cmd.Context(), args[1], bindings, args[3], args[4]); err != nil {
logErrorCmd(*cmd, err)
return
}
logOKCmd(*cmd)
case "get-bindings":
if len(args) != 4 {
logUsageCmd(*cmd, cmd.Use)
return
}
bindings, err := sdk.BootstrapBindings(cmd.Context(), args[1], args[2], args[3])
if err != nil {
logErrorCmd(*cmd, err)
return
}
logJSONCmd(*cmd, bindings)
case "refresh-bindings":
if len(args) != 4 {
logUsageCmd(*cmd, cmd.Use)
return
}
if err := sdk.RefreshBootstrapBindings(cmd.Context(), args[1], args[2], args[3]); err != nil {
logErrorCmd(*cmd, err)
return
}
logOKCmd(*cmd)
default:
logUsageCmd(*cmd, cmd.Use)
}
},
},
}
// NewBootstrapCmd returns bootstrap command.
func NewBootstrapCmd() *cobra.Command {
cmd := cobra.Command{
Use: "bootstrap [create | get | update | remove | bootstrap | whitelist]",
Use: "bootstrap [create | get | update | remove | bootstrap | whitelist | profiles | enrollments]",
Short: "Bootstrap management",
Long: `Bootstrap management: create, get, update, delete or whitelist Bootstrap config`,
Long: `Bootstrap management: create, get, update, delete, whitelist, profiles, and enrollment bindings`,
}
for i := range cmdBootstrap {
cli/bootstrap_test.go
+244 -6
View File
@@ -24,13 +24,21 @@ var (
clientID = testsutil.GenerateUUID(&testing.T{})
channelID = testsutil.GenerateUUID(&testing.T{})
domainID = testsutil.GenerateUUID(&testing.T{})
profileID = testsutil.GenerateUUID(&testing.T{})
bootConfig = mgsdk.BootstrapConfig{
ClientID: clientID,
Channels: []string{channelID},
ID: clientID,
Name: "Test Bootstrap",
ExternalID: "09:6:0:sb:sa",
ExternalKey: "key",
}
bootProfile = mgsdk.BootstrapProfile{
ID: profileID,
Name: "Test Profile",
Description: "Test profile",
TemplateFormat: "go-template",
ContentTemplate: "{\"device_id\":\"{{ .Device.ID }}\"}",
Version: 1,
}
validToken = "validToken"
invalidToken = "invalidToken"
extraArg = "extra-arg"
@@ -44,8 +52,8 @@ func TestCreateBootstrapConfigCmd(t *testing.T) {
bootCmd := cli.NewBootstrapCmd()
rootCmd := setFlags(bootCmd)
jsonConfig := fmt.Sprintf("{\"external_id\":\"09:6:0:sb:sa\", \"client_id\": \"%s\", \"external_key\":\"key\", \"name\": \"%s\", \"channels\":[\"%s\"]}", clientID, "Test Bootstrap", channelID)
invalidJson := fmt.Sprintf("{\"external_id\":\"09:6:0:sb:sa\", \"client_id\": \"%s\", \"external_key\":\"key\", \"name\": \"%s\", \"channels\":[\"%s\"]", clientID, "Test Bootstrap", channelID)
jsonConfig := fmt.Sprintf("{\"external_id\":\"09:6:0:sb:sa\", \"external_key\":\"key\", \"name\": \"%s\"}", "Test Bootstrap")
invalidJson := fmt.Sprintf("{\"external_id\":\"09:6:0:sb:sa\", \"external_key\":\"key\", \"name\": \"%s\"", "Test Bootstrap")
cases := []struct {
desc string
args []string
@@ -473,7 +481,7 @@ func TestWhitelistConfigCmd(t *testing.T) {
bootCmd := cli.NewBootstrapCmd()
rootCmd := setFlags(bootCmd)
jsonConfig := fmt.Sprintf("{\"client_id\": \"%s\", \"state\":%d}", clientID, 1)
jsonConfig := fmt.Sprintf("{\"client_id\": \"%s\", \"status\":%d}", clientID, 1)
cases := []struct {
desc string
@@ -504,7 +512,7 @@ func TestWhitelistConfigCmd(t *testing.T) {
{
desc: "whitelist config with invalid json",
args: []string{
fmt.Sprintf("{\"client_id\": \"%s\", \"state\":%d", clientID, 1),
fmt.Sprintf("{\"client_id\": \"%s\", \"status\":%d", clientID, 1),
domainID,
validToken,
},
@@ -631,3 +639,233 @@ func TestBootstrapConfigCmd(t *testing.T) {
})
}
}
func TestBootstrapProfilesCmd(t *testing.T) {
sdkMock := new(sdkmocks.SDK)
cli.SetSDK(sdkMock)
bootCmd := cli.NewBootstrapCmd()
rootCmd := setFlags(bootCmd)
profilePayload, err := json.Marshal(bootProfile)
assert.Nil(t, err)
jsonProfile := string(profilePayload)
cases := []struct {
desc string
args []string
profile mgsdk.BootstrapProfile
page mgsdk.BootstrapProfilesPage
sdkErr errors.SDKError
logType outputLog
errLogMessage string
}{
{
desc: "create bootstrap profile successfully",
args: []string{
"create",
jsonProfile,
domainID,
validToken,
},
profile: bootProfile,
logType: entityLog,
},
{
desc: "get all bootstrap profiles successfully",
args: []string{
"get",
all,
domainID,
validToken,
},
page: mgsdk.BootstrapProfilesPage{
PageRes: mgsdk.PageRes{
Total: 1,
Offset: 0,
Limit: 10,
},
Profiles: []mgsdk.BootstrapProfile{bootProfile},
},
logType: entityLog,
},
{
desc: "view bootstrap profile successfully",
args: []string{
"get",
profileID,
domainID,
validToken,
},
profile: bootProfile,
logType: entityLog,
},
{
desc: "update bootstrap profile successfully",
args: []string{
"update",
jsonProfile,
domainID,
validToken,
},
logType: okLog,
},
{
desc: "remove bootstrap profile successfully",
args: []string{
"remove",
profileID,
domainID,
validToken,
},
logType: okLog,
},
}
for _, tc := range cases {
t.Run(tc.desc, func(t *testing.T) {
var gotProfile mgsdk.BootstrapProfile
var gotPage mgsdk.BootstrapProfilesPage
createCall := sdkMock.On("CreateBootstrapProfile", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.profile, tc.sdkErr)
listCall := sdkMock.On("BootstrapProfiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.page, tc.sdkErr)
viewCall := sdkMock.On("ViewBootstrapProfile", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.profile, tc.sdkErr)
updateCall := sdkMock.On("UpdateBootstrapProfile", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.sdkErr)
removeCall := sdkMock.On("RemoveBootstrapProfile", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.sdkErr)
out := executeCommand(t, rootCmd, append([]string{"profiles"}, tc.args...)...)
switch tc.logType {
case entityLog:
if tc.args[0] == "get" && tc.args[1] == all {
err := json.Unmarshal([]byte(out), &gotPage)
assert.Nil(t, err)
assert.Equal(t, tc.page, gotPage, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.page, gotPage))
} else {
err := json.Unmarshal([]byte(out), &gotProfile)
assert.Nil(t, err)
assert.Equal(t, tc.profile, gotProfile, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.profile, gotProfile))
}
case okLog:
assert.True(t, strings.Contains(out, "ok"), fmt.Sprintf("%s unexpected response: expected success message, got: %v", tc.desc, out))
case errLog:
assert.Equal(t, tc.errLogMessage, out, fmt.Sprintf("%s unexpected error response: expected %s got errLogMessage:%s", tc.desc, tc.errLogMessage, out))
case usageLog:
assert.False(t, strings.Contains(out, rootCmd.Use), fmt.Sprintf("%s invalid usage: %s", tc.desc, out))
}
createCall.Unset()
listCall.Unset()
viewCall.Unset()
updateCall.Unset()
removeCall.Unset()
})
}
}
func TestBootstrapEnrollmentsCmd(t *testing.T) {
sdkMock := new(sdkmocks.SDK)
cli.SetSDK(sdkMock)
bootCmd := cli.NewBootstrapCmd()
rootCmd := setFlags(bootCmd)
bindings := []mgsdk.BootstrapBindingRequest{
{
Slot: "mqtt_client",
Type: "client",
ResourceID: clientID,
},
}
snapshots := []mgsdk.BootstrapBindingSnapshot{
{
ConfigID: clientID,
Slot: "mqtt_client",
Type: "client",
ResourceID: clientID,
},
}
jsonBindings := fmt.Sprintf("[{\"slot\":\"%s\",\"type\":\"%s\",\"resource_id\":\"%s\"}]", bindings[0].Slot, bindings[0].Type, bindings[0].ResourceID)
cases := []struct {
desc string
args []string
snapshots []mgsdk.BootstrapBindingSnapshot
sdkErr errors.SDKError
logType outputLog
errLogMessage string
}{
{
desc: "assign bootstrap profile successfully",
args: []string{
"assign-profile",
clientID,
profileID,
domainID,
validToken,
},
logType: okLog,
},
{
desc: "bind bootstrap resources successfully",
args: []string{
"bind",
clientID,
jsonBindings,
domainID,
validToken,
},
logType: okLog,
},
{
desc: "get bootstrap bindings successfully",
args: []string{
"get-bindings",
clientID,
domainID,
validToken,
},
snapshots: snapshots,
logType: entityLog,
},
{
desc: "refresh bootstrap bindings successfully",
args: []string{
"refresh-bindings",
clientID,
domainID,
validToken,
},
logType: okLog,
},
}
for _, tc := range cases {
t.Run(tc.desc, func(t *testing.T) {
var gotSnapshots []mgsdk.BootstrapBindingSnapshot
assignCall := sdkMock.On("AssignBootstrapProfile", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.sdkErr)
bindCall := sdkMock.On("BindBootstrapResources", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.sdkErr)
listCall := sdkMock.On("BootstrapBindings", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.snapshots, tc.sdkErr)
refreshCall := sdkMock.On("RefreshBootstrapBindings", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.sdkErr)
out := executeCommand(t, rootCmd, append([]string{"enrollments"}, tc.args...)...)
switch tc.logType {
case entityLog:
err := json.Unmarshal([]byte(out), &gotSnapshots)
assert.Nil(t, err)
assert.Equal(t, tc.snapshots, gotSnapshots, fmt.Sprintf("%s unexpected response: expected: %v, got: %v", tc.desc, tc.snapshots, gotSnapshots))
case okLog:
assert.True(t, strings.Contains(out, "ok"), fmt.Sprintf("%s unexpected response: expected success message, got: %v", tc.desc, out))
case errLog:
assert.Equal(t, tc.errLogMessage, out, fmt.Sprintf("%s unexpected error response: expected %s got errLogMessage:%s", tc.desc, tc.errLogMessage, out))
case usageLog:
assert.False(t, strings.Contains(out, rootCmd.Use), fmt.Sprintf("%s invalid usage: %s", tc.desc, out))
}
assignCall.Unset()
bindCall.Unset()
listCall.Unset()
refreshCall.Unset()
})
}
}
cli/utils.go
-2
View File
@@ -30,8 +30,6 @@ var (
Status string = ""
// ConfigPath config path parameter.
ConfigPath string = ""
// State query parameter.
State string = ""
// Topic query parameter.
Topic string = ""
// Contact query parameter.
cmd/bootstrap/main.go
+23 -62
View File
@@ -16,8 +16,8 @@ import (
"github.com/absmach/magistrala"
"github.com/absmach/magistrala/bootstrap"
httpapi "github.com/absmach/magistrala/bootstrap/api"
"github.com/absmach/magistrala/bootstrap/events/consumer"
"github.com/absmach/magistrala/bootstrap/events/producer"
bootstraphasher "github.com/absmach/magistrala/bootstrap/hasher"
"github.com/absmach/magistrala/bootstrap/middleware"
bootstrappg "github.com/absmach/magistrala/bootstrap/postgres"
"github.com/absmach/magistrala/bootstrap/tracing"
@@ -27,26 +27,18 @@ import (
smqauthz "github.com/absmach/magistrala/pkg/authz"
authsvcAuthz "github.com/absmach/magistrala/pkg/authz/authsvc"
domainsAuthz "github.com/absmach/magistrala/pkg/domains/grpcclient"
"github.com/absmach/magistrala/pkg/events"
"github.com/absmach/magistrala/pkg/events/store"
"github.com/absmach/magistrala/pkg/grpcclient"
"github.com/absmach/magistrala/pkg/jaeger"
"github.com/absmach/magistrala/pkg/policies"
"github.com/absmach/magistrala/pkg/policies/spicedb"
pgclient "github.com/absmach/magistrala/pkg/postgres"
"github.com/absmach/magistrala/pkg/prometheus"
mgsdk "github.com/absmach/magistrala/pkg/sdk"
"github.com/absmach/magistrala/pkg/server"
httpserver "github.com/absmach/magistrala/pkg/server/http"
"github.com/absmach/magistrala/pkg/uuid"
"github.com/authzed/authzed-go/v1"
"github.com/authzed/grpcutil"
"github.com/caarlos0/env/v11"
"github.com/jmoiron/sqlx"
"go.opentelemetry.io/otel/trace"
"golang.org/x/sync/errgroup"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials/insecure"
)
const (
@@ -57,9 +49,6 @@ const (
envPrefixDomains = "MG_DOMAINS_GRPC_"
defDB = "bootstrap"
defSvcHTTPPort = "9013"
stream = "events.magistrala.clients"
streamID = "magistrala.bootstrap"
)
type config struct {
@@ -108,7 +97,9 @@ func main() {
if err := env.ParseWithOptions(&dbConfig, env.Options{Prefix: envPrefixDB}); err != nil {
logger.Error(err.Error())
}
db, err := pgclient.Setup(dbConfig, *bootstrappg.Migration())
migration := bootstrappg.Migration()
db, err := pgclient.Setup(dbConfig, *migration)
if err != nil {
logger.Error(err.Error())
exitCode = 1
@@ -116,14 +107,6 @@ func main() {
}
defer db.Close()
policySvc, err := newPolicyService(cfg, logger)
if err != nil {
logger.Error(err.Error())
exitCode = 1
return
}
logger.Info("Policy client successfully connected to spicedb gRPC server")
tp, err := jaeger.NewProvider(ctx, svcName, cfg.JaegerURL, cfg.InstanceID, cfg.TraceRatio)
if err != nil {
logger.Error(fmt.Sprintf("failed to init Jaeger: %s", err))
@@ -176,22 +159,16 @@ func main() {
defer authzClient.Close()
logger.Info("AuthZ successfully connected to auth gRPC server " + authzClient.Secure())
database := pgclient.NewDatabase(db, dbConfig, tracer)
// Create new service
svc, err := newService(ctx, authz, policySvc, db, tracer, logger, cfg, dbConfig)
svc, err := newService(ctx, authz, database, tracer, logger, cfg)
if err != nil {
logger.Error(fmt.Sprintf("failed to create %s service: %s", svcName, err))
exitCode = 1
return
}
if err = subscribeToClientsES(ctx, svc, cfg, logger); err != nil {
logger.Error(fmt.Sprintf("failed to subscribe to clients event store: %s", err))
exitCode = 1
return
}
logger.Info("Subscribed to Event Store")
httpServerConfig := server.Config{Port: defSvcHTTPPort}
if err := env.ParseWithOptions(&httpServerConfig, env.Options{Prefix: envPrefixHTTP}); err != nil {
logger.Error(fmt.Sprintf("failed to load %s HTTP server configuration : %s", svcName, err))
@@ -218,10 +195,10 @@ func main() {
}
}
func newService(ctx context.Context, authz smqauthz.Authorization, policySvc policies.Service, db *sqlx.DB, tracer trace.Tracer, logger *slog.Logger, cfg config, dbConfig pgclient.Config) (bootstrap.Service, error) {
database := pgclient.NewDatabase(db, dbConfig, tracer)
func newService(ctx context.Context, authz smqauthz.Authorization, database pgclient.Database, tracer trace.Tracer, logger *slog.Logger, cfg config) (bootstrap.Service, error) {
repoConfig := bootstrappg.NewConfigRepository(database, logger)
repoProfile := bootstrappg.NewProfileRepository(database, logger)
repoBindings := bootstrappg.NewBindingRepository(database, logger)
config := mgsdk.Config{
ClientsURL: cfg.ClientsURL,
@@ -230,8 +207,20 @@ func newService(ctx context.Context, authz smqauthz.Authorization, policySvc pol
sdk := mgsdk.NewSDK(config)
idp := uuid.New()
resolver := bootstrap.NewSDKResolver(sdk)
renderer := bootstrap.NewRenderer()
svc := bootstrap.New(policySvc, repoConfig, sdk, []byte(cfg.EncKey), idp)
svc := bootstrap.New(
repoConfig,
repoProfile,
repoBindings,
resolver,
renderer,
sdk,
bootstraphasher.New(),
[]byte(cfg.EncKey),
idp,
)
publisher, err := store.NewPublisher(ctx, cfg.ESURL, "bootstrap-es-pub")
if err != nil {
@@ -247,31 +236,3 @@ func newService(ctx context.Context, authz smqauthz.Authorization, policySvc pol
return svc, nil
}
func subscribeToClientsES(ctx context.Context, svc bootstrap.Service, cfg config, logger *slog.Logger) error {
subscriber, err := store.NewSubscriber(ctx, cfg.ESURL, "bootstrap-es-sub", logger)
if err != nil {
return err
}
subConfig := events.SubscriberConfig{
Stream: stream,
Consumer: cfg.ESConsumerName,
Handler: consumer.NewEventHandler(svc),
}
return subscriber.Subscribe(ctx, subConfig)
}
func newPolicyService(cfg config, logger *slog.Logger) (policies.Service, error) {
client, err := authzed.NewClientWithExperimentalAPIs(
fmt.Sprintf("%s:%s", cfg.SpicedbHost, cfg.SpicedbPort),
grpc.WithTransportCredentials(insecure.NewCredentials()),
grpcutil.WithInsecureBearerToken(cfg.SpicedbPreSharedKey),
)
if err != nil {
return nil, err
}
policySvc := spicedb.NewPolicyService(client, logger)
return policySvc, nil
}
docker/addons/provision/configs/config.toml
+5 -8
View File
@@ -3,9 +3,6 @@
[bootstrap]
[bootstrap.content]
[bootstrap.content.agent.edgex]
url = "http://localhost:48090/api/v1/"
[bootstrap.content.agent.log]
level = "info"
@@ -17,7 +14,7 @@
url = "localhost:1883"
[bootstrap.content.agent.server]
nats_url = "localhost:4222"
fluxmq_url = "amqp://guest:guest@localhost:5682/"
port = "9000"
[bootstrap.content.agent.heartbeat]
@@ -29,7 +26,7 @@
[bootstrap.content.export.exp]
log_level = "debug"
nats = "nats://localhost:4222"
fluxmq = "amqp://guest:guest@localhost:5682/"
port = "8172"
cache_url = "localhost:6379"
cache_pass = ""
@@ -37,12 +34,12 @@
[bootstrap.content.export.mqtt]
ca_path = "ca.crt"
cert_path = "thing.crt"
cert_path = "client.crt"
channel = ""
host = "tcp://localhost:1883"
mtls = false
password = ""
priv_key_path = "thing.key"
priv_key_path = "client.key"
qos = 0
retain = false
skip_tls_ver = false
@@ -50,7 +47,7 @@
[[bootstrap.content.export.routes]]
mqtt_topic = ""
nats_topic = ">"
fluxmq_topic = "#"
subtopic = ""
type = "plain"
workers = 10
docker/openbao-entrypoint.sh
+42 -22
View File
@@ -27,6 +27,33 @@ EOF
export BAO_ADDR=http://127.0.0.1:8200
wait_for_bao() {
local retries=30
while [ "$retries" -gt 0 ]; do
local code=0
bao status -format=json >/dev/null 2>&1 || code=$?
# exit 0 = unsealed, exit 2 = sealed — both mean the server is up and responding
if [ "$code" -eq 0 ] || [ "$code" -eq 2 ]; then
return 0
fi
retries=$((retries - 1))
sleep 2
done
echo "ERROR: OpenBao server did not become ready in time" >&2
exit 1
}
unseal_bao() {
local key1="$1" key2="$2" key3="$3"
if [ -z "$key1" ] || [ -z "$key2" ] || [ -z "$key3" ]; then
echo "ERROR: One or more unseal keys are empty — cannot unseal" >&2
exit 1
fi
bao operator unseal "$key1"
bao operator unseal "$key2"
bao operator unseal "$key3"
}
create_pki_policy() {
cat > /opt/openbao/config/pki-policy.hcl << EOF
path "pki_int/issue/${MG_CERTS_OPENBAO_PKI_ROLE}" {
@@ -92,11 +119,9 @@ if [ -n "$MG_CERTS_OPENBAO_UNSEAL_KEY_1" ] && [ -n "$MG_CERTS_OPENBAO_UNSEAL_KEY
echo "Using pre-configured unseal keys and root token..."
bao server -config=/opt/openbao/config/config.hcl > /opt/openbao/logs/server.log 2>&1 &
BAO_PID=$!
sleep 5
wait_for_bao
bao operator unseal "$MG_CERTS_OPENBAO_UNSEAL_KEY_1"
bao operator unseal "$MG_CERTS_OPENBAO_UNSEAL_KEY_2"
bao operator unseal "$MG_CERTS_OPENBAO_UNSEAL_KEY_3"
unseal_bao "$MG_CERTS_OPENBAO_UNSEAL_KEY_1" "$MG_CERTS_OPENBAO_UNSEAL_KEY_2" "$MG_CERTS_OPENBAO_UNSEAL_KEY_3"
export BAO_TOKEN=$MG_CERTS_OPENBAO_ROOT_TOKEN
else
@@ -105,21 +130,18 @@ else
echo "Initializing OpenBao for the first time..."
bao server -config=/opt/openbao/config/config.hcl > /opt/openbao/logs/server.log 2>&1 &
BAO_PID=$!
sleep 5
wait_for_bao
# Initialize with 5 key shares and threshold of 3
bao operator init -key-shares=5 -key-threshold=3 -format=json > /opt/openbao/data/init.json
# Extract unseal keys and root token
UNSEAL_KEY_1=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[0]')
UNSEAL_KEY_2=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[1]')
UNSEAL_KEY_3=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[2]')
ROOT_TOKEN=$(cat /opt/openbao/data/init.json | jq -r '.root_token')
UNSEAL_KEY_1=$(jq -r '.unseal_keys_b64[0]' /opt/openbao/data/init.json)
UNSEAL_KEY_2=$(jq -r '.unseal_keys_b64[1]' /opt/openbao/data/init.json)
UNSEAL_KEY_3=$(jq -r '.unseal_keys_b64[2]' /opt/openbao/data/init.json)
ROOT_TOKEN=$(jq -r '.root_token' /opt/openbao/data/init.json)
# Unseal OpenBao
bao operator unseal "$UNSEAL_KEY_1"
bao operator unseal "$UNSEAL_KEY_2"
bao operator unseal "$UNSEAL_KEY_3"
unseal_bao "$UNSEAL_KEY_1" "$UNSEAL_KEY_2" "$UNSEAL_KEY_3"
export BAO_TOKEN=$ROOT_TOKEN
echo "OpenBao initialized successfully!"
@@ -127,24 +149,22 @@ else
echo "OpenBao already initialized, starting server..."
bao server -config=/opt/openbao/config/config.hcl > /opt/openbao/logs/server.log 2>&1 &
BAO_PID=$!
sleep 5
wait_for_bao
# Check if OpenBao is sealed and unseal if necessary
if bao status -format=json | jq -e '.sealed == true' >/dev/null; then
if bao status -format=json | jq -e '.sealed == true' >/dev/null 2>&1; then
echo "OpenBao is sealed, unsealing..."
UNSEAL_KEY_1=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[0]')
UNSEAL_KEY_2=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[1]')
UNSEAL_KEY_3=$(cat /opt/openbao/data/init.json | jq -r '.unseal_keys_b64[2]')
UNSEAL_KEY_1=$(jq -r '.unseal_keys_b64[0]' /opt/openbao/data/init.json)
UNSEAL_KEY_2=$(jq -r '.unseal_keys_b64[1]' /opt/openbao/data/init.json)
UNSEAL_KEY_3=$(jq -r '.unseal_keys_b64[2]' /opt/openbao/data/init.json)
bao operator unseal "$UNSEAL_KEY_1"
bao operator unseal "$UNSEAL_KEY_2"
bao operator unseal "$UNSEAL_KEY_3"
unseal_bao "$UNSEAL_KEY_1" "$UNSEAL_KEY_2" "$UNSEAL_KEY_3"
echo "OpenBao unsealed successfully!"
else
echo "OpenBao is already unsealed!"
fi
ROOT_TOKEN=$(cat /opt/openbao/data/init.json | jq -r '.root_token')
ROOT_TOKEN=$(jq -r '.root_token' /opt/openbao/data/init.json)
export BAO_TOKEN=$ROOT_TOKEN
fi
fi
go.mod
+1 -1
View File
@@ -156,7 +156,7 @@ require (
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.1 // indirect
github.com/opencontainers/runc v1.2.8 // indirect
github.com/pelletier/go-toml/v2 v2.3.0 // indirect
github.com/pelletier/go-toml/v2 v2.3.0
github.com/pion/dtls/v3 v3.1.2 // indirect
github.com/pion/logging v0.2.4 // indirect
github.com/pion/transport/v4 v4.0.1 // indirect
pkg/bootstrap/events/consumer/doc.go
+6
View File
@@ -0,0 +1,6 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
// Package consumer contains events consumer for client and channel events
// consumed by the Bootstrap service.
package consumer
pkg/bootstrap/events/consumer/streams.go
+46
View File
@@ -0,0 +1,46 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package consumer
import (
"context"
"log/slog"
"github.com/absmach/magistrala/bootstrap"
"github.com/absmach/magistrala/pkg/events"
"github.com/absmach/magistrala/pkg/events/store"
)
const stream = "events.magistrala.*.*"
type eventHandler struct {
svc bootstrap.Service
}
// BootstrapEventsSubscribe subscribes bootstrap config-state handlers to the event store.
func BootstrapEventsSubscribe(ctx context.Context, svc bootstrap.Service, esURL, esConsumerName string, logger *slog.Logger) error {
subscriber, err := store.NewSubscriber(ctx, esURL, "bootstrap-es-sub", logger)
if err != nil {
return err
}
subConfig := events.SubscriberConfig{
Stream: stream,
Consumer: esConsumerName,
Handler: NewEventHandler(svc),
Ordered: true,
}
return subscriber.Subscribe(ctx, subConfig)
}
// NewEventHandler returns bootstrap events handler.
func NewEventHandler(svc bootstrap.Service) events.EventHandler {
return &eventHandler{
svc: svc,
}
}
func (es *eventHandler) Handle(_ context.Context, _ events.Event) error {
return nil
}
pkg/bootstrap/events/doc.go
+6
View File
@@ -0,0 +1,6 @@
// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
// Package events provides the events sourcing of bootstrap
// provide replication in other service and definitions needed to support it
package events
pkg/sdk/bootstrap.go
+280 -72
View File
@@ -14,6 +14,7 @@ import (
"io"
"net/http"
"strings"
"time"
apiutil "github.com/absmach/magistrala/api/http/util"
"github.com/absmach/magistrala/pkg/errors"
@@ -22,78 +23,129 @@ import (
const (
configsEndpoint = "clients/configs"
bootstrapEndpoint = "clients/bootstrap"
whitelistEndpoint = "clients/state"
bootstrapCertsEndpoint = "clients/configs/certs"
bootstrapConnEndpoint = "clients/configs/connections"
bootstrapProfilesPath = "clients/bootstrap/profiles"
bootstrapEnrollmentsPath = "clients/bootstrap/enrollments"
secureEndpoint = "secure"
)
// BootstrapConfig represents Configuration entity. It wraps information about external entity
// as well as info about corresponding Magistrala entities.
// MGClient represents corresponding Magistrala Client ID.
// MGKey is key of corresponding Magistrala Client.
// MGChannels is a list of Magistrala Channels corresponding Magistrala Client connects to.
var (
errInvalidBootstrapStatus = errors.New("invalid bootstrap status")
errBootstrapConnectionsDisabled = errors.New("bootstrap connection updates are no longer supported")
)
type BootstrapStatus string
const (
BootstrapDisabledStatus BootstrapStatus = DisabledStatus
BootstrapEnabledStatus BootstrapStatus = EnabledStatus
)
func (s BootstrapStatus) String() string {
return string(s)
}
func (s BootstrapStatus) MarshalJSON() ([]byte, error) {
return json.Marshal(string(s))
}
func (s *BootstrapStatus) UnmarshalJSON(data []byte) error {
if len(data) == 0 || string(data) == "null" {
return nil
}
if data[0] != '"' {
var n int
if err := json.Unmarshal(data, &n); err != nil {
return err
}
switch n {
case 0:
*s = BootstrapDisabledStatus
return nil
case 1:
*s = BootstrapEnabledStatus
return nil
default:
return errInvalidBootstrapStatus
}
}
var status string
if err := json.Unmarshal(data, &status); err != nil {
return err
}
switch strings.ToLower(status) {
case DisabledStatus:
*s = BootstrapDisabledStatus
return nil
case EnabledStatus:
*s = BootstrapEnabledStatus
return nil
default:
return errInvalidBootstrapStatus
}
}
// BootstrapConfig represents a bootstrap enrollment.
type BootstrapConfig struct {
Channels any `json:"channels,omitempty"`
ID string `json:"id,omitempty"`
ExternalID string `json:"external_id,omitempty"`
ExternalKey string `json:"external_key,omitempty"`
ClientID string `json:"client_id,omitempty"`
ClientSecret string `json:"client_secret,omitempty"`
Name string `json:"name,omitempty"`
ClientCert string `json:"client_cert,omitempty"`
ClientKey string `json:"client_key,omitempty"`
CACert string `json:"ca_cert,omitempty"`
Content string `json:"content,omitempty"`
State int `json:"state,omitempty"`
Status BootstrapStatus `json:"status,omitempty"`
ProfileID string `json:"profile_id,omitempty"`
RenderContext map[string]any `json:"render_context,omitempty"`
}
func (ts *BootstrapConfig) UnmarshalJSON(data []byte) error {
var rawData map[string]json.RawMessage
if err := json.Unmarshal(data, &rawData); err != nil {
return err
// BootstrapProfile represents a bootstrap profile template.
type BootstrapProfile struct {
ID string `json:"id,omitempty"`
DomainID string `json:"domain_id,omitempty"`
Name string `json:"name,omitempty"`
Description string `json:"description,omitempty"`
TemplateFormat string `json:"template_format,omitempty"`
ContentTemplate string `json:"content_template,omitempty"`
Defaults map[string]any `json:"defaults,omitempty"`
BindingSlots []BindingSlot `json:"binding_slots,omitempty"`
Version int `json:"version,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty"`
}
if channelData, ok := rawData["channels"]; ok {
var stringData []string
if err := json.Unmarshal(channelData, &stringData); err == nil {
ts.Channels = stringData
} else {
var channels []Channel
if err := json.Unmarshal(channelData, &channels); err == nil {
ts.Channels = channels
} else {
return fmt.Errorf("unsupported channel data type")
}
}
// BindingSlot declares a named resource placeholder for a bootstrap profile.
type BindingSlot struct {
Name string `json:"name"`
Type string `json:"type"`
Required bool `json:"required"`
Fields []string `json:"fields,omitempty"`
}
if err := json.Unmarshal(data, &struct {
ExternalID *string `json:"external_id,omitempty"`
ExternalKey *string `json:"external_key,omitempty"`
ClientID *string `json:"client_id,omitempty"`
ClientSecret *string `json:"client_secret,omitempty"`
Name *string `json:"name,omitempty"`
ClientCert *string `json:"client_cert,omitempty"`
ClientKey *string `json:"client_key,omitempty"`
CACert *string `json:"ca_cert,omitempty"`
Content *string `json:"content,omitempty"`
State *int `json:"state,omitempty"`
}{
ExternalID: &ts.ExternalID,
ExternalKey: &ts.ExternalKey,
ClientID: &ts.ClientID,
ClientSecret: &ts.ClientSecret,
Name: &ts.Name,
ClientCert: &ts.ClientCert,
ClientKey: &ts.ClientKey,
CACert: &ts.CACert,
Content: &ts.Content,
State: &ts.State,
}); err != nil {
return err
// BootstrapBindingRequest binds a profile slot to a concrete resource.
type BootstrapBindingRequest struct {
Slot string `json:"slot"`
Type string `json:"type"`
ResourceID string `json:"resource_id"`
}
return nil
// BootstrapBindingSnapshot contains a stored enrollment binding snapshot.
type BootstrapBindingSnapshot struct {
ConfigID string `json:"config_id"`
Slot string `json:"slot"`
Type string `json:"type"`
ResourceID string `json:"resource_id"`
Snapshot map[string]any `json:"snapshot,omitempty"`
SecretSnapshot map[string]any `json:"secret_snapshot,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty"`
}
type bootstrapBindingsRes struct {
Bindings []BootstrapBindingSnapshot `json:"bindings"`
}
func (sdk mgSDK) AddBootstrap(ctx context.Context, cfg BootstrapConfig, domainID, token string) (string, errors.SDKError) {
@@ -114,6 +166,26 @@ func (sdk mgSDK) AddBootstrap(ctx context.Context, cfg BootstrapConfig, domainID
return id, nil
}
func (sdk mgSDK) CreateBootstrapProfile(ctx context.Context, profile BootstrapProfile, domainID, token string) (BootstrapProfile, errors.SDKError) {
data, err := json.Marshal(profile)
if err != nil {
return BootstrapProfile{}, errors.NewSDKError(err)
}
url := fmt.Sprintf("%s/%s/%s", sdk.bootstrapURL, domainID, bootstrapProfilesPath)
_, body, sdkerr := sdk.processRequest(ctx, http.MethodPost, url, token, data, nil, http.StatusOK, http.StatusCreated)
if sdkerr != nil {
return BootstrapProfile{}, sdkerr
}
var saved BootstrapProfile
if err := json.Unmarshal(body, &saved); err != nil {
return BootstrapProfile{}, errors.NewSDKError(err)
}
return saved, nil
}
func (sdk mgSDK) Bootstraps(ctx context.Context, pm PageMetadata, domainID, token string) (BootstrapPage, errors.SDKError) {
endpoint := fmt.Sprintf("%s/%s", domainID, configsEndpoint)
url, err := sdk.withQueryParams(sdk.bootstrapURL, endpoint, pm)
@@ -134,19 +206,44 @@ func (sdk mgSDK) Bootstraps(ctx context.Context, pm PageMetadata, domainID, toke
return bb, nil
}
func (sdk mgSDK) Whitelist(ctx context.Context, clientID string, state int, domainID, token string) errors.SDKError {
if clientID == "" {
func (sdk mgSDK) BootstrapProfiles(ctx context.Context, pm PageMetadata, domainID, token string) (BootstrapProfilesPage, errors.SDKError) {
endpoint := fmt.Sprintf("%s/%s", domainID, bootstrapProfilesPath)
url, err := sdk.withQueryParams(sdk.bootstrapURL, endpoint, pm)
if err != nil {
return BootstrapProfilesPage{}, errors.NewSDKError(err)
}
_, body, sdkerr := sdk.processRequest(ctx, http.MethodGet, url, token, nil, nil, http.StatusOK)
if sdkerr != nil {
return BootstrapProfilesPage{}, sdkerr
}
var page BootstrapProfilesPage
if err := json.Unmarshal(body, &page); err != nil {
return BootstrapProfilesPage{}, errors.NewSDKError(err)
}
return page, nil
}
func (sdk mgSDK) Whitelist(ctx context.Context, id string, status BootstrapStatus, domainID, token string) errors.SDKError {
if id == "" {
return errors.NewSDKError(apiutil.ErrMissingID)
}
data, err := json.Marshal(BootstrapConfig{State: state})
if err != nil {
return errors.NewSDKError(err)
var action string
switch status {
case BootstrapEnabledStatus:
action = enableEndpoint
case BootstrapDisabledStatus:
action = disableEndpoint
default:
return errors.NewSDKErrorWithStatus(errInvalidBootstrapStatus, http.StatusBadRequest)
}
url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, whitelistEndpoint, clientID)
url := fmt.Sprintf("%s/%s/%s/%s/%s", sdk.bootstrapURL, domainID, configsEndpoint, id, action)
_, _, sdkerr := sdk.processRequest(ctx, http.MethodPut, url, token, data, nil, http.StatusCreated, http.StatusOK)
_, _, sdkerr := sdk.processRequest(ctx, http.MethodPost, url, token, nil, nil, http.StatusOK)
return sdkerr
}
@@ -170,22 +267,56 @@ func (sdk mgSDK) ViewBootstrap(ctx context.Context, id, domainID, token string)
return bc, nil
}
func (sdk mgSDK) ViewBootstrapProfile(ctx context.Context, id, domainID, token string) (BootstrapProfile, errors.SDKError) {
if id == "" {
return BootstrapProfile{}, errors.NewSDKError(apiutil.ErrMissingID)
}
url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, bootstrapProfilesPath, id)
_, body, sdkerr := sdk.processRequest(ctx, http.MethodGet, url, token, nil, nil, http.StatusOK)
if sdkerr != nil {
return BootstrapProfile{}, sdkerr
}
var profile BootstrapProfile
if err := json.Unmarshal(body, &profile); err != nil {
return BootstrapProfile{}, errors.NewSDKError(err)
}
return profile, nil
}
func (sdk mgSDK) UpdateBootstrap(ctx context.Context, cfg BootstrapConfig, domainID, token string) errors.SDKError {
if cfg.ClientID == "" {
if cfg.ID == "" {
return errors.NewSDKError(apiutil.ErrMissingID)
}
url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, configsEndpoint, cfg.ClientID)
url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, configsEndpoint, cfg.ID)
data, err := json.Marshal(cfg)
if err != nil {
return errors.NewSDKError(err)
}
_, _, sdkerr := sdk.processRequest(ctx, http.MethodPut, url, token, data, nil, http.StatusOK)
_, _, sdkerr := sdk.processRequest(ctx, http.MethodPatch, url, token, data, nil, http.StatusOK)
return sdkerr
}
func (sdk mgSDK) UpdateBootstrapProfile(ctx context.Context, profile BootstrapProfile, domainID, token string) errors.SDKError {
if profile.ID == "" {
return errors.NewSDKError(apiutil.ErrMissingID)
}
url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, bootstrapProfilesPath, profile.ID)
data, err := json.Marshal(profile)
if err != nil {
return errors.NewSDKError(err)
}
_, _, sdkerr := sdk.processRequest(ctx, http.MethodPatch, url, token, data, nil, http.StatusOK)
return sdkerr
}
func (sdk mgSDK) UpdateBootstrapCerts(ctx context.Context, id, clientCert, clientKey, ca, domainID, token string) (BootstrapConfig, errors.SDKError) {
if id == "" {
return BootstrapConfig{}, errors.NewSDKError(apiutil.ErrMissingID)
@@ -219,17 +350,12 @@ func (sdk mgSDK) UpdateBootstrapConnection(ctx context.Context, id string, chann
if id == "" {
return errors.NewSDKError(apiutil.ErrMissingID)
}
url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, bootstrapConnEndpoint, id)
request := map[string][]string{
"channels": channels,
}
data, err := json.Marshal(request)
if err != nil {
return errors.NewSDKError(err)
}
_ = ctx
_ = channels
_ = domainID
_ = token
_, _, sdkerr := sdk.processRequest(ctx, http.MethodPut, url, token, data, nil, http.StatusOK)
return sdkerr
return errors.NewSDKError(errBootstrapConnectionsDisabled)
}
func (sdk mgSDK) RemoveBootstrap(ctx context.Context, id, domainID, token string) errors.SDKError {
@@ -242,6 +368,88 @@ func (sdk mgSDK) RemoveBootstrap(ctx context.Context, id, domainID, token string
return err
}
func (sdk mgSDK) RemoveBootstrapProfile(ctx context.Context, id, domainID, token string) errors.SDKError {
if id == "" {
return errors.NewSDKError(apiutil.ErrMissingID)
}
url := fmt.Sprintf("%s/%s/%s/%s", sdk.bootstrapURL, domainID, bootstrapProfilesPath, id)
_, _, sdkerr := sdk.processRequest(ctx, http.MethodDelete, url, token, nil, nil, http.StatusNoContent)
return sdkerr
}
func (sdk mgSDK) AssignBootstrapProfile(ctx context.Context, configID, profileID, domainID, token string) errors.SDKError {
if configID == "" || profileID == "" {
return errors.NewSDKError(apiutil.ErrMissingID)
}
url := fmt.Sprintf("%s/%s/%s/%s/profile", sdk.bootstrapURL, domainID, bootstrapEnrollmentsPath, configID)
request := struct {
ProfileID string `json:"profile_id"`
}{
ProfileID: profileID,
}
data, err := json.Marshal(request)
if err != nil {
return errors.NewSDKError(err)
}
_, _, sdkerr := sdk.processRequest(ctx, http.MethodPatch, url, token, data, nil, http.StatusNoContent)
return sdkerr
}
func (sdk mgSDK) BindBootstrapResources(ctx context.Context, configID string, bindings []BootstrapBindingRequest, domainID, token string) errors.SDKError {
if configID == "" {
return errors.NewSDKError(apiutil.ErrMissingID)
}
url := fmt.Sprintf("%s/%s/%s/%s/bindings", sdk.bootstrapURL, domainID, bootstrapEnrollmentsPath, configID)
request := struct {
Bindings []BootstrapBindingRequest `json:"bindings"`
}{
Bindings: bindings,
}
data, err := json.Marshal(request)
if err != nil {
return errors.NewSDKError(err)
}
_, _, sdkerr := sdk.processRequest(ctx, http.MethodPut, url, token, data, nil, http.StatusNoContent)
return sdkerr
}
func (sdk mgSDK) BootstrapBindings(ctx context.Context, configID, domainID, token string) ([]BootstrapBindingSnapshot, errors.SDKError) {
if configID == "" {
return nil, errors.NewSDKError(apiutil.ErrMissingID)
}
url := fmt.Sprintf("%s/%s/%s/%s/bindings", sdk.bootstrapURL, domainID, bootstrapEnrollmentsPath, configID)
_, body, sdkerr := sdk.processRequest(ctx, http.MethodGet, url, token, nil, nil, http.StatusOK)
if sdkerr != nil {
return nil, sdkerr
}
var res bootstrapBindingsRes
if err := json.Unmarshal(body, &res); err != nil {
return nil, errors.NewSDKError(err)
}
if res.Bindings == nil {
return []BootstrapBindingSnapshot{}, nil
}
return res.Bindings, nil
}
func (sdk mgSDK) RefreshBootstrapBindings(ctx context.Context, configID, domainID, token string) errors.SDKError {
if configID == "" {
return errors.NewSDKError(apiutil.ErrMissingID)
}
url := fmt.Sprintf("%s/%s/%s/%s/bindings/refresh", sdk.bootstrapURL, domainID, bootstrapEnrollmentsPath, configID)
_, _, sdkerr := sdk.processRequest(ctx, http.MethodPost, url, token, nil, nil, http.StatusNoContent)
return sdkerr
}
func (sdk mgSDK) Bootstrap(ctx context.Context, externalID, externalKey string) (BootstrapConfig, errors.SDKError) {
if externalID == "" {
return BootstrapConfig{}, errors.NewSDKError(apiutil.ErrMissingID)
pkg/sdk/bootstrap_test.go
+401 -827
View File
File diff suppressed because it is too large Load Diff
pkg/sdk/mocks/sdk.go
+700 -11
View File
@@ -975,6 +975,83 @@ func (_c *SDK_AddRule_Call) RunAndReturn(run func(ctx context.Context, r sdk.Rul
return _c
}
// AssignBootstrapProfile provides a mock function for the type SDK
func (_mock *SDK) AssignBootstrapProfile(ctx context.Context, configID string, profileID string, domainID string, token string) errors.SDKError {
ret := _mock.Called(ctx, configID, profileID, domainID, token)
if len(ret) == 0 {
panic("no return value specified for AssignBootstrapProfile")
}
var r0 errors.SDKError
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string, string) errors.SDKError); ok {
r0 = returnFunc(ctx, configID, profileID, domainID, token)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(errors.SDKError)
}
}
return r0
}
// SDK_AssignBootstrapProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'AssignBootstrapProfile'
type SDK_AssignBootstrapProfile_Call struct {
*mock.Call
}
// AssignBootstrapProfile is a helper method to define mock.On call
// - ctx context.Context
// - configID string
// - profileID string
// - domainID string
// - token string
func (_e *SDK_Expecter) AssignBootstrapProfile(ctx interface{}, configID interface{}, profileID interface{}, domainID interface{}, token interface{}) *SDK_AssignBootstrapProfile_Call {
return &SDK_AssignBootstrapProfile_Call{Call: _e.mock.On("AssignBootstrapProfile", ctx, configID, profileID, domainID, token)}
}
func (_c *SDK_AssignBootstrapProfile_Call) Run(run func(ctx context.Context, configID string, profileID string, domainID string, token string)) *SDK_AssignBootstrapProfile_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
var arg3 string
if args[3] != nil {
arg3 = args[3].(string)
}
var arg4 string
if args[4] != nil {
arg4 = args[4].(string)
}
run(
arg0,
arg1,
arg2,
arg3,
arg4,
)
})
return _c
}
func (_c *SDK_AssignBootstrapProfile_Call) Return(sDKError errors.SDKError) *SDK_AssignBootstrapProfile_Call {
_c.Call.Return(sDKError)
return _c
}
func (_c *SDK_AssignBootstrapProfile_Call) RunAndReturn(run func(ctx context.Context, configID string, profileID string, domainID string, token string) errors.SDKError) *SDK_AssignBootstrapProfile_Call {
_c.Call.Return(run)
return _c
}
// AvailableClientRoleActions provides a mock function for the type SDK
func (_mock *SDK) AvailableClientRoleActions(ctx context.Context, domainID string, token string) ([]string, errors.SDKError) {
ret := _mock.Called(ctx, domainID, token)
@@ -1197,6 +1274,83 @@ func (_c *SDK_AvailableGroupRoleActions_Call) RunAndReturn(run func(ctx context.
return _c
}
// BindBootstrapResources provides a mock function for the type SDK
func (_mock *SDK) BindBootstrapResources(ctx context.Context, configID string, bindings []sdk.BootstrapBindingRequest, domainID string, token string) errors.SDKError {
ret := _mock.Called(ctx, configID, bindings, domainID, token)
if len(ret) == 0 {
panic("no return value specified for BindBootstrapResources")
}
var r0 errors.SDKError
if returnFunc, ok := ret.Get(0).(func(context.Context, string, []sdk.BootstrapBindingRequest, string, string) errors.SDKError); ok {
r0 = returnFunc(ctx, configID, bindings, domainID, token)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(errors.SDKError)
}
}
return r0
}
// SDK_BindBootstrapResources_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'BindBootstrapResources'
type SDK_BindBootstrapResources_Call struct {
*mock.Call
}
// BindBootstrapResources is a helper method to define mock.On call
// - ctx context.Context
// - configID string
// - bindings []sdk.BootstrapBindingRequest
// - domainID string
// - token string
func (_e *SDK_Expecter) BindBootstrapResources(ctx interface{}, configID interface{}, bindings interface{}, domainID interface{}, token interface{}) *SDK_BindBootstrapResources_Call {
return &SDK_BindBootstrapResources_Call{Call: _e.mock.On("BindBootstrapResources", ctx, configID, bindings, domainID, token)}
}
func (_c *SDK_BindBootstrapResources_Call) Run(run func(ctx context.Context, configID string, bindings []sdk.BootstrapBindingRequest, domainID string, token string)) *SDK_BindBootstrapResources_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 []sdk.BootstrapBindingRequest
if args[2] != nil {
arg2 = args[2].([]sdk.BootstrapBindingRequest)
}
var arg3 string
if args[3] != nil {
arg3 = args[3].(string)
}
var arg4 string
if args[4] != nil {
arg4 = args[4].(string)
}
run(
arg0,
arg1,
arg2,
arg3,
arg4,
)
})
return _c
}
func (_c *SDK_BindBootstrapResources_Call) Return(sDKError errors.SDKError) *SDK_BindBootstrapResources_Call {
_c.Call.Return(sDKError)
return _c
}
func (_c *SDK_BindBootstrapResources_Call) RunAndReturn(run func(ctx context.Context, configID string, bindings []sdk.BootstrapBindingRequest, domainID string, token string) errors.SDKError) *SDK_BindBootstrapResources_Call {
_c.Call.Return(run)
return _c
}
// Bootstrap provides a mock function for the type SDK
func (_mock *SDK) Bootstrap(ctx context.Context, externalID string, externalKey string) (sdk.BootstrapConfig, errors.SDKError) {
ret := _mock.Called(ctx, externalID, externalKey)
@@ -1271,6 +1425,168 @@ func (_c *SDK_Bootstrap_Call) RunAndReturn(run func(ctx context.Context, externa
return _c
}
// BootstrapBindings provides a mock function for the type SDK
func (_mock *SDK) BootstrapBindings(ctx context.Context, configID string, domainID string, token string) ([]sdk.BootstrapBindingSnapshot, errors.SDKError) {
ret := _mock.Called(ctx, configID, domainID, token)
if len(ret) == 0 {
panic("no return value specified for BootstrapBindings")
}
var r0 []sdk.BootstrapBindingSnapshot
var r1 errors.SDKError
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) ([]sdk.BootstrapBindingSnapshot, errors.SDKError)); ok {
return returnFunc(ctx, configID, domainID, token)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) []sdk.BootstrapBindingSnapshot); ok {
r0 = returnFunc(ctx, configID, domainID, token)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]sdk.BootstrapBindingSnapshot)
}
}
if returnFunc, ok := ret.Get(1).(func(context.Context, string, string, string) errors.SDKError); ok {
r1 = returnFunc(ctx, configID, domainID, token)
} else {
if ret.Get(1) != nil {
r1 = ret.Get(1).(errors.SDKError)
}
}
return r0, r1
}
// SDK_BootstrapBindings_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'BootstrapBindings'
type SDK_BootstrapBindings_Call struct {
*mock.Call
}
// BootstrapBindings is a helper method to define mock.On call
// - ctx context.Context
// - configID string
// - domainID string
// - token string
func (_e *SDK_Expecter) BootstrapBindings(ctx interface{}, configID interface{}, domainID interface{}, token interface{}) *SDK_BootstrapBindings_Call {
return &SDK_BootstrapBindings_Call{Call: _e.mock.On("BootstrapBindings", ctx, configID, domainID, token)}
}
func (_c *SDK_BootstrapBindings_Call) Run(run func(ctx context.Context, configID string, domainID string, token string)) *SDK_BootstrapBindings_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
var arg3 string
if args[3] != nil {
arg3 = args[3].(string)
}
run(
arg0,
arg1,
arg2,
arg3,
)
})
return _c
}
func (_c *SDK_BootstrapBindings_Call) Return(bootstrapBindingSnapshots []sdk.BootstrapBindingSnapshot, sDKError errors.SDKError) *SDK_BootstrapBindings_Call {
_c.Call.Return(bootstrapBindingSnapshots, sDKError)
return _c
}
func (_c *SDK_BootstrapBindings_Call) RunAndReturn(run func(ctx context.Context, configID string, domainID string, token string) ([]sdk.BootstrapBindingSnapshot, errors.SDKError)) *SDK_BootstrapBindings_Call {
_c.Call.Return(run)
return _c
}
// BootstrapProfiles provides a mock function for the type SDK
func (_mock *SDK) BootstrapProfiles(ctx context.Context, pm sdk.PageMetadata, domainID string, token string) (sdk.BootstrapProfilesPage, errors.SDKError) {
ret := _mock.Called(ctx, pm, domainID, token)
if len(ret) == 0 {
panic("no return value specified for BootstrapProfiles")
}
var r0 sdk.BootstrapProfilesPage
var r1 errors.SDKError
if returnFunc, ok := ret.Get(0).(func(context.Context, sdk.PageMetadata, string, string) (sdk.BootstrapProfilesPage, errors.SDKError)); ok {
return returnFunc(ctx, pm, domainID, token)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, sdk.PageMetadata, string, string) sdk.BootstrapProfilesPage); ok {
r0 = returnFunc(ctx, pm, domainID, token)
} else {
r0 = ret.Get(0).(sdk.BootstrapProfilesPage)
}
if returnFunc, ok := ret.Get(1).(func(context.Context, sdk.PageMetadata, string, string) errors.SDKError); ok {
r1 = returnFunc(ctx, pm, domainID, token)
} else {
if ret.Get(1) != nil {
r1 = ret.Get(1).(errors.SDKError)
}
}
return r0, r1
}
// SDK_BootstrapProfiles_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'BootstrapProfiles'
type SDK_BootstrapProfiles_Call struct {
*mock.Call
}
// BootstrapProfiles is a helper method to define mock.On call
// - ctx context.Context
// - pm sdk.PageMetadata
// - domainID string
// - token string
func (_e *SDK_Expecter) BootstrapProfiles(ctx interface{}, pm interface{}, domainID interface{}, token interface{}) *SDK_BootstrapProfiles_Call {
return &SDK_BootstrapProfiles_Call{Call: _e.mock.On("BootstrapProfiles", ctx, pm, domainID, token)}
}
func (_c *SDK_BootstrapProfiles_Call) Run(run func(ctx context.Context, pm sdk.PageMetadata, domainID string, token string)) *SDK_BootstrapProfiles_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 sdk.PageMetadata
if args[1] != nil {
arg1 = args[1].(sdk.PageMetadata)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
var arg3 string
if args[3] != nil {
arg3 = args[3].(string)
}
run(
arg0,
arg1,
arg2,
arg3,
)
})
return _c
}
func (_c *SDK_BootstrapProfiles_Call) Return(bootstrapProfilesPage sdk.BootstrapProfilesPage, sDKError errors.SDKError) *SDK_BootstrapProfiles_Call {
_c.Call.Return(bootstrapProfilesPage, sDKError)
return _c
}
func (_c *SDK_BootstrapProfiles_Call) RunAndReturn(run func(ctx context.Context, pm sdk.PageMetadata, domainID string, token string) (sdk.BootstrapProfilesPage, errors.SDKError)) *SDK_BootstrapProfiles_Call {
_c.Call.Return(run)
return _c
}
// BootstrapSecure provides a mock function for the type SDK
func (_mock *SDK) BootstrapSecure(ctx context.Context, externalID string, externalKey string, cryptoKey string) (sdk.BootstrapConfig, errors.SDKError) {
ret := _mock.Called(ctx, externalID, externalKey, cryptoKey)
@@ -2343,6 +2659,86 @@ func (_c *SDK_ConnectClients_Call) RunAndReturn(run func(ctx context.Context, ch
return _c
}
// CreateBootstrapProfile provides a mock function for the type SDK
func (_mock *SDK) CreateBootstrapProfile(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string) (sdk.BootstrapProfile, errors.SDKError) {
ret := _mock.Called(ctx, profile, domainID, token)
if len(ret) == 0 {
panic("no return value specified for CreateBootstrapProfile")
}
var r0 sdk.BootstrapProfile
var r1 errors.SDKError
if returnFunc, ok := ret.Get(0).(func(context.Context, sdk.BootstrapProfile, string, string) (sdk.BootstrapProfile, errors.SDKError)); ok {
return returnFunc(ctx, profile, domainID, token)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, sdk.BootstrapProfile, string, string) sdk.BootstrapProfile); ok {
r0 = returnFunc(ctx, profile, domainID, token)
} else {
r0 = ret.Get(0).(sdk.BootstrapProfile)
}
if returnFunc, ok := ret.Get(1).(func(context.Context, sdk.BootstrapProfile, string, string) errors.SDKError); ok {
r1 = returnFunc(ctx, profile, domainID, token)
} else {
if ret.Get(1) != nil {
r1 = ret.Get(1).(errors.SDKError)
}
}
return r0, r1
}
// SDK_CreateBootstrapProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'CreateBootstrapProfile'
type SDK_CreateBootstrapProfile_Call struct {
*mock.Call
}
// CreateBootstrapProfile is a helper method to define mock.On call
// - ctx context.Context
// - profile sdk.BootstrapProfile
// - domainID string
// - token string
func (_e *SDK_Expecter) CreateBootstrapProfile(ctx interface{}, profile interface{}, domainID interface{}, token interface{}) *SDK_CreateBootstrapProfile_Call {
return &SDK_CreateBootstrapProfile_Call{Call: _e.mock.On("CreateBootstrapProfile", ctx, profile, domainID, token)}
}
func (_c *SDK_CreateBootstrapProfile_Call) Run(run func(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string)) *SDK_CreateBootstrapProfile_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 sdk.BootstrapProfile
if args[1] != nil {
arg1 = args[1].(sdk.BootstrapProfile)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
var arg3 string
if args[3] != nil {
arg3 = args[3].(string)
}
run(
arg0,
arg1,
arg2,
arg3,
)
})
return _c
}
func (_c *SDK_CreateBootstrapProfile_Call) Return(bootstrapProfile sdk.BootstrapProfile, sDKError errors.SDKError) *SDK_CreateBootstrapProfile_Call {
_c.Call.Return(bootstrapProfile, sDKError)
return _c
}
func (_c *SDK_CreateBootstrapProfile_Call) RunAndReturn(run func(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string) (sdk.BootstrapProfile, errors.SDKError)) *SDK_CreateBootstrapProfile_Call {
_c.Call.Return(run)
return _c
}
// CreateCSR provides a mock function for the type SDK
func (_mock *SDK) CreateCSR(ctx context.Context, metadata sdk.CSRMetadata, privKey any) (sdk.CSR, errors.SDKError) {
ret := _mock.Called(ctx, metadata, privKey)
@@ -8360,6 +8756,77 @@ func (_c *SDK_ReadMessages_Call) RunAndReturn(run func(ctx context.Context, pm s
return _c
}
// RefreshBootstrapBindings provides a mock function for the type SDK
func (_mock *SDK) RefreshBootstrapBindings(ctx context.Context, configID string, domainID string, token string) errors.SDKError {
ret := _mock.Called(ctx, configID, domainID, token)
if len(ret) == 0 {
panic("no return value specified for RefreshBootstrapBindings")
}
var r0 errors.SDKError
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) errors.SDKError); ok {
r0 = returnFunc(ctx, configID, domainID, token)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(errors.SDKError)
}
}
return r0
}
// SDK_RefreshBootstrapBindings_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RefreshBootstrapBindings'
type SDK_RefreshBootstrapBindings_Call struct {
*mock.Call
}
// RefreshBootstrapBindings is a helper method to define mock.On call
// - ctx context.Context
// - configID string
// - domainID string
// - token string
func (_e *SDK_Expecter) RefreshBootstrapBindings(ctx interface{}, configID interface{}, domainID interface{}, token interface{}) *SDK_RefreshBootstrapBindings_Call {
return &SDK_RefreshBootstrapBindings_Call{Call: _e.mock.On("RefreshBootstrapBindings", ctx, configID, domainID, token)}
}
func (_c *SDK_RefreshBootstrapBindings_Call) Run(run func(ctx context.Context, configID string, domainID string, token string)) *SDK_RefreshBootstrapBindings_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
var arg3 string
if args[3] != nil {
arg3 = args[3].(string)
}
run(
arg0,
arg1,
arg2,
arg3,
)
})
return _c
}
func (_c *SDK_RefreshBootstrapBindings_Call) Return(sDKError errors.SDKError) *SDK_RefreshBootstrapBindings_Call {
_c.Call.Return(sDKError)
return _c
}
func (_c *SDK_RefreshBootstrapBindings_Call) RunAndReturn(run func(ctx context.Context, configID string, domainID string, token string) errors.SDKError) *SDK_RefreshBootstrapBindings_Call {
_c.Call.Return(run)
return _c
}
// RefreshToken provides a mock function for the type SDK
func (_mock *SDK) RefreshToken(ctx context.Context, token string) (sdk.Token, errors.SDKError) {
ret := _mock.Called(ctx, token)
@@ -9083,6 +9550,77 @@ func (_c *SDK_RemoveBootstrap_Call) RunAndReturn(run func(ctx context.Context, i
return _c
}
// RemoveBootstrapProfile provides a mock function for the type SDK
func (_mock *SDK) RemoveBootstrapProfile(ctx context.Context, id string, domainID string, token string) errors.SDKError {
ret := _mock.Called(ctx, id, domainID, token)
if len(ret) == 0 {
panic("no return value specified for RemoveBootstrapProfile")
}
var r0 errors.SDKError
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) errors.SDKError); ok {
r0 = returnFunc(ctx, id, domainID, token)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(errors.SDKError)
}
}
return r0
}
// SDK_RemoveBootstrapProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoveBootstrapProfile'
type SDK_RemoveBootstrapProfile_Call struct {
*mock.Call
}
// RemoveBootstrapProfile is a helper method to define mock.On call
// - ctx context.Context
// - id string
// - domainID string
// - token string
func (_e *SDK_Expecter) RemoveBootstrapProfile(ctx interface{}, id interface{}, domainID interface{}, token interface{}) *SDK_RemoveBootstrapProfile_Call {
return &SDK_RemoveBootstrapProfile_Call{Call: _e.mock.On("RemoveBootstrapProfile", ctx, id, domainID, token)}
}
func (_c *SDK_RemoveBootstrapProfile_Call) Run(run func(ctx context.Context, id string, domainID string, token string)) *SDK_RemoveBootstrapProfile_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
var arg3 string
if args[3] != nil {
arg3 = args[3].(string)
}
run(
arg0,
arg1,
arg2,
arg3,
)
})
return _c
}
func (_c *SDK_RemoveBootstrapProfile_Call) Return(sDKError errors.SDKError) *SDK_RemoveBootstrapProfile_Call {
_c.Call.Return(sDKError)
return _c
}
func (_c *SDK_RemoveBootstrapProfile_Call) RunAndReturn(run func(ctx context.Context, id string, domainID string, token string) errors.SDKError) *SDK_RemoveBootstrapProfile_Call {
_c.Call.Return(run)
return _c
}
// RemoveChannelParent provides a mock function for the type SDK
func (_mock *SDK) RemoveChannelParent(ctx context.Context, id string, domainID string, groupID string, token string) errors.SDKError {
ret := _mock.Called(ctx, id, domainID, groupID, token)
@@ -11254,6 +11792,77 @@ func (_c *SDK_UpdateBootstrapConnection_Call) RunAndReturn(run func(ctx context.
return _c
}
// UpdateBootstrapProfile provides a mock function for the type SDK
func (_mock *SDK) UpdateBootstrapProfile(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string) errors.SDKError {
ret := _mock.Called(ctx, profile, domainID, token)
if len(ret) == 0 {
panic("no return value specified for UpdateBootstrapProfile")
}
var r0 errors.SDKError
if returnFunc, ok := ret.Get(0).(func(context.Context, sdk.BootstrapProfile, string, string) errors.SDKError); ok {
r0 = returnFunc(ctx, profile, domainID, token)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(errors.SDKError)
}
}
return r0
}
// SDK_UpdateBootstrapProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'UpdateBootstrapProfile'
type SDK_UpdateBootstrapProfile_Call struct {
*mock.Call
}
// UpdateBootstrapProfile is a helper method to define mock.On call
// - ctx context.Context
// - profile sdk.BootstrapProfile
// - domainID string
// - token string
func (_e *SDK_Expecter) UpdateBootstrapProfile(ctx interface{}, profile interface{}, domainID interface{}, token interface{}) *SDK_UpdateBootstrapProfile_Call {
return &SDK_UpdateBootstrapProfile_Call{Call: _e.mock.On("UpdateBootstrapProfile", ctx, profile, domainID, token)}
}
func (_c *SDK_UpdateBootstrapProfile_Call) Run(run func(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string)) *SDK_UpdateBootstrapProfile_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 sdk.BootstrapProfile
if args[1] != nil {
arg1 = args[1].(sdk.BootstrapProfile)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
var arg3 string
if args[3] != nil {
arg3 = args[3].(string)
}
run(
arg0,
arg1,
arg2,
arg3,
)
})
return _c
}
func (_c *SDK_UpdateBootstrapProfile_Call) Return(sDKError errors.SDKError) *SDK_UpdateBootstrapProfile_Call {
_c.Call.Return(sDKError)
return _c
}
func (_c *SDK_UpdateBootstrapProfile_Call) RunAndReturn(run func(ctx context.Context, profile sdk.BootstrapProfile, domainID string, token string) errors.SDKError) *SDK_UpdateBootstrapProfile_Call {
_c.Call.Return(run)
return _c
}
// UpdateChannel provides a mock function for the type SDK
func (_mock *SDK) UpdateChannel(ctx context.Context, channel sdk.Channel, domainID string, token string) (sdk.Channel, errors.SDKError) {
ret := _mock.Called(ctx, channel, domainID, token)
@@ -13594,6 +14203,86 @@ func (_c *SDK_ViewBootstrap_Call) RunAndReturn(run func(ctx context.Context, id
return _c
}
// ViewBootstrapProfile provides a mock function for the type SDK
func (_mock *SDK) ViewBootstrapProfile(ctx context.Context, id string, domainID string, token string) (sdk.BootstrapProfile, errors.SDKError) {
ret := _mock.Called(ctx, id, domainID, token)
if len(ret) == 0 {
panic("no return value specified for ViewBootstrapProfile")
}
var r0 sdk.BootstrapProfile
var r1 errors.SDKError
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) (sdk.BootstrapProfile, errors.SDKError)); ok {
return returnFunc(ctx, id, domainID, token)
}
if returnFunc, ok := ret.Get(0).(func(context.Context, string, string, string) sdk.BootstrapProfile); ok {
r0 = returnFunc(ctx, id, domainID, token)
} else {
r0 = ret.Get(0).(sdk.BootstrapProfile)
}
if returnFunc, ok := ret.Get(1).(func(context.Context, string, string, string) errors.SDKError); ok {
r1 = returnFunc(ctx, id, domainID, token)
} else {
if ret.Get(1) != nil {
r1 = ret.Get(1).(errors.SDKError)
}
}
return r0, r1
}
// SDK_ViewBootstrapProfile_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ViewBootstrapProfile'
type SDK_ViewBootstrapProfile_Call struct {
*mock.Call
}
// ViewBootstrapProfile is a helper method to define mock.On call
// - ctx context.Context
// - id string
// - domainID string
// - token string
func (_e *SDK_Expecter) ViewBootstrapProfile(ctx interface{}, id interface{}, domainID interface{}, token interface{}) *SDK_ViewBootstrapProfile_Call {
return &SDK_ViewBootstrapProfile_Call{Call: _e.mock.On("ViewBootstrapProfile", ctx, id, domainID, token)}
}
func (_c *SDK_ViewBootstrapProfile_Call) Run(run func(ctx context.Context, id string, domainID string, token string)) *SDK_ViewBootstrapProfile_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
arg0 = args[0].(context.Context)
}
var arg1 string
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 string
if args[2] != nil {
arg2 = args[2].(string)
}
var arg3 string
if args[3] != nil {
arg3 = args[3].(string)
}
run(
arg0,
arg1,
arg2,
arg3,
)
})
return _c
}
func (_c *SDK_ViewBootstrapProfile_Call) Return(bootstrapProfile sdk.BootstrapProfile, sDKError errors.SDKError) *SDK_ViewBootstrapProfile_Call {
_c.Call.Return(bootstrapProfile, sDKError)
return _c
}
func (_c *SDK_ViewBootstrapProfile_Call) RunAndReturn(run func(ctx context.Context, id string, domainID string, token string) (sdk.BootstrapProfile, errors.SDKError)) *SDK_ViewBootstrapProfile_Call {
_c.Call.Return(run)
return _c
}
// ViewCA provides a mock function for the type SDK
func (_mock *SDK) ViewCA(ctx context.Context) (sdk.Certificate, errors.SDKError) {
ret := _mock.Called(ctx)
@@ -14053,16 +14742,16 @@ func (_c *SDK_ViewSubscription_Call) RunAndReturn(run func(ctx context.Context,
}
// Whitelist provides a mock function for the type SDK
func (_mock *SDK) Whitelist(ctx context.Context, clientID string, state int, domainID string, token string) errors.SDKError {
ret := _mock.Called(ctx, clientID, state, domainID, token)
func (_mock *SDK) Whitelist(ctx context.Context, clientID string, status sdk.BootstrapStatus, domainID string, token string) errors.SDKError {
ret := _mock.Called(ctx, clientID, status, domainID, token)
if len(ret) == 0 {
panic("no return value specified for Whitelist")
}
var r0 errors.SDKError
if returnFunc, ok := ret.Get(0).(func(context.Context, string, int, string, string) errors.SDKError); ok {
r0 = returnFunc(ctx, clientID, state, domainID, token)
if returnFunc, ok := ret.Get(0).(func(context.Context, string, sdk.BootstrapStatus, string, string) errors.SDKError); ok {
r0 = returnFunc(ctx, clientID, status, domainID, token)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(errors.SDKError)
@@ -14079,14 +14768,14 @@ type SDK_Whitelist_Call struct {
// Whitelist is a helper method to define mock.On call
// - ctx context.Context
// - clientID string
// - state int
// - status sdk.BootstrapStatus
// - domainID string
// - token string
func (_e *SDK_Expecter) Whitelist(ctx interface{}, clientID interface{}, state interface{}, domainID interface{}, token interface{}) *SDK_Whitelist_Call {
return &SDK_Whitelist_Call{Call: _e.mock.On("Whitelist", ctx, clientID, state, domainID, token)}
func (_e *SDK_Expecter) Whitelist(ctx interface{}, clientID interface{}, status interface{}, domainID interface{}, token interface{}) *SDK_Whitelist_Call {
return &SDK_Whitelist_Call{Call: _e.mock.On("Whitelist", ctx, clientID, status, domainID, token)}
}
func (_c *SDK_Whitelist_Call) Run(run func(ctx context.Context, clientID string, state int, domainID string, token string)) *SDK_Whitelist_Call {
func (_c *SDK_Whitelist_Call) Run(run func(ctx context.Context, clientID string, status sdk.BootstrapStatus, domainID string, token string)) *SDK_Whitelist_Call {
_c.Call.Run(func(args mock.Arguments) {
var arg0 context.Context
if args[0] != nil {
@@ -14096,9 +14785,9 @@ func (_c *SDK_Whitelist_Call) Run(run func(ctx context.Context, clientID string,
if args[1] != nil {
arg1 = args[1].(string)
}
var arg2 int
var arg2 sdk.BootstrapStatus
if args[2] != nil {
arg2 = args[2].(int)
arg2 = args[2].(sdk.BootstrapStatus)
}
var arg3 string
if args[3] != nil {
@@ -14124,7 +14813,7 @@ func (_c *SDK_Whitelist_Call) Return(sDKError errors.SDKError) *SDK_Whitelist_Ca
return _c
}
func (_c *SDK_Whitelist_Call) RunAndReturn(run func(ctx context.Context, clientID string, state int, domainID string, token string) errors.SDKError) *SDK_Whitelist_Call {
func (_c *SDK_Whitelist_Call) RunAndReturn(run func(ctx context.Context, clientID string, status sdk.BootstrapStatus, domainID string, token string) errors.SDKError) *SDK_Whitelist_Call {
_c.Call.Return(run)
return _c
}
pkg/sdk/responses.go
+6
View File
@@ -70,6 +70,12 @@ type BootstrapPage struct {
PageRes
}
// BootstrapProfilesPage contains list of bootstrap profiles in a page with proper metadata.
type BootstrapProfilesPage struct {
Profiles []BootstrapProfile `json:"profiles"`
PageRes
}
// SubscriptionPage contains list of subscriptions in a page with proper metadata.
type SubscriptionPage struct {
Subscriptions []Subscription `json:"subscriptions"`
pkg/sdk/sdk.go
+29 -2
View File
@@ -1619,12 +1619,21 @@ type SDK interface {
// AddBootstrap add bootstrap configuration
AddBootstrap(ctx context.Context, cfg BootstrapConfig, domainID, token string) (string, smqerrors.SDKError)
// CreateBootstrapProfile creates a bootstrap profile template.
CreateBootstrapProfile(ctx context.Context, profile BootstrapProfile, domainID, token string) (BootstrapProfile, smqerrors.SDKError)
// ViewBootstrap returns Client Config with given ID belonging to the user identified by the given token.
ViewBootstrap(ctx context.Context, id, domainID, token string) (BootstrapConfig, smqerrors.SDKError)
// ViewBootstrapProfile returns bootstrap profile with the given ID.
ViewBootstrapProfile(ctx context.Context, id, domainID, token string) (BootstrapProfile, smqerrors.SDKError)
// UpdateBootstrap updates editable fields of the provided Config.
UpdateBootstrap(ctx context.Context, cfg BootstrapConfig, domainID, token string) smqerrors.SDKError
// UpdateBootstrapProfile updates editable fields of the provided bootstrap profile.
UpdateBootstrapProfile(ctx context.Context, profile BootstrapProfile, domainID, token string) smqerrors.SDKError
// UpdateBootstrapCerts updates bootstrap config certificates.
UpdateBootstrapCerts(ctx context.Context, id string, clientCert, clientKey, ca string, domainID, token string) (BootstrapConfig, smqerrors.SDKError)
@@ -1634,6 +1643,9 @@ type SDK interface {
// RemoveBootstrap removes Config with specified token that belongs to the user identified by the given token.
RemoveBootstrap(ctx context.Context, id, domainID, token string) smqerrors.SDKError
// RemoveBootstrapProfile removes a bootstrap profile with the given ID.
RemoveBootstrapProfile(ctx context.Context, id, domainID, token string) smqerrors.SDKError
// Bootstrap returns Config to the Client with provided external ID using external key.
Bootstrap(ctx context.Context, externalID, externalKey string) (BootstrapConfig, smqerrors.SDKError)
@@ -1643,8 +1655,23 @@ type SDK interface {
// Bootstraps retrieves a list of managed configs.
Bootstraps(ctx context.Context, pm PageMetadata, domainID, token string) (BootstrapPage, smqerrors.SDKError)
// Whitelist updates Client state Config with given ID belonging to the user identified by the given token.
Whitelist(ctx context.Context, clientID string, state int, domainID, token string) smqerrors.SDKError
// BootstrapProfiles retrieves a list of bootstrap profiles.
BootstrapProfiles(ctx context.Context, pm PageMetadata, domainID, token string) (BootstrapProfilesPage, smqerrors.SDKError)
// Whitelist updates Client bootstrap status with given ID belonging to the user identified by the given token.
Whitelist(ctx context.Context, clientID string, status BootstrapStatus, domainID, token string) smqerrors.SDKError
// AssignBootstrapProfile assigns a bootstrap profile to the given enrollment.
AssignBootstrapProfile(ctx context.Context, configID, profileID, domainID, token string) smqerrors.SDKError
// BindBootstrapResources stores resolved binding snapshots for the given enrollment.
BindBootstrapResources(ctx context.Context, configID string, bindings []BootstrapBindingRequest, domainID, token string) smqerrors.SDKError
// BootstrapBindings lists stored binding snapshots for the given enrollment.
BootstrapBindings(ctx context.Context, configID, domainID, token string) ([]BootstrapBindingSnapshot, smqerrors.SDKError)
// RefreshBootstrapBindings refreshes stored binding snapshots for the given enrollment.
RefreshBootstrapBindings(ctx context.Context, configID, domainID, token string) smqerrors.SDKError
// ReadMessages reads messages of specified channel.
ReadMessages(ctx context.Context, pm MessagePageMetadata, chanID, domainID, token string) (MessagesPage, smqerrors.SDKError)
provision/config.go
+16
View File
@@ -39,9 +39,22 @@ type Bootstrap struct {
X509Provision bool `toml:"x509_provision" env:"MG_PROVISION_X509_PROVISIONING" envDefault:"false"`
Provision bool `toml:"provision" env:"MG_PROVISION_BS_CONFIG_PROVISIONING" envDefault:"true"`
AutoWhiteList bool `toml:"autowhite_list" env:"MG_PROVISION_BS_AUTO_WHITELIST" envDefault:"true"`
ProfileID string `toml:"profile_id" env:"MG_PROVISION_BS_PROFILE_ID" envDefault:""`
RenderContext map[string]any `toml:"render_context,omitempty"`
Bindings []BootstrapBinding `toml:"bindings,omitempty"`
Content map[string]any `toml:"content"`
}
// BootstrapBinding maps a bootstrap profile slot to one of the resources
// created by provision.
type BootstrapBinding struct {
Slot string `toml:"slot" json:"slot"`
Type string `toml:"type" json:"type"`
Name string `toml:"name" json:"name,omitempty"`
MetadataKey string `toml:"metadata_key" json:"metadata_key,omitempty"`
MetadataValue string `toml:"metadata_value" json:"metadata_value,omitempty"`
}
// Gateway represetns the Gateway config.
type Gateway struct {
Type string `toml:"type" json:"type"`
@@ -99,6 +112,9 @@ func Read(file string) (Config, error) {
if err := toml.Unmarshal(data, &c); err != nil {
return Config{}, fmt.Errorf("Error unmarshaling toml: %w", err)
}
if len(c.Bootstrap.RenderContext) == 0 {
c.Bootstrap.RenderContext = nil
}
return c, nil
}
provision/service.go
+138 -46
View File
@@ -17,7 +17,6 @@ import (
const (
externalIDKey = "external_id"
gateway = "gateway"
Active = 1
control = "control"
data = "data"
@@ -40,6 +39,7 @@ var (
ErrFailedCertView = errors.NewServiceError("failed to view certificate")
ErrFailedBootstrap = errors.NewServiceError("failed to create bootstrap config")
ErrFailedBootstrapValidate = errors.NewServiceError("failed to validate bootstrap config creation")
ErrFailedBootstrapBinding = errors.NewServiceError("failed to bind bootstrap resources")
ErrGatewayUpdate = errors.NewServiceError("failed to update gateway metadata")
)
@@ -52,7 +52,7 @@ type Service interface {
// - create a Client based on external_id (eg. MAC address)
// - create multiple Channels
// - create Bootstrap configuration
// - whitelist Client in Bootstrap configuration == connect Client to Channels
// - enable created Bootstrap enrollments
Provision(ctx context.Context, domainID, token, name, externalID, externalKey string) (Result, error)
// Mapping returns current configuration used for provision
@@ -103,7 +103,8 @@ func (ps *provisionService) Mapping() map[string]any {
func (ps *provisionService) Provision(ctx context.Context, domainID, token, name, externalID, externalKey string) (res Result, err error) {
var channels []smqSDK.Channel
var clients []smqSDK.Client
defer ps.recover(ctx, &err, &clients, &channels, domainID, token)
var bootstrapIDs []string
defer ps.recover(ctx, &err, &clients, &channels, &bootstrapIDs, domainID, token)
token, err = ps.createTokenIfEmpty(ctx, token)
if err != nil {
@@ -170,38 +171,44 @@ func (ps *provisionService) Provision(ctx context.Context, domainID, token, name
ClientKey: map[string]string{},
}
var bsConfig sdk.BootstrapConfig
for _, c := range clients {
var chanIDs []string
for _, ch := range channels {
chanIDs = append(chanIDs, ch.ID)
}
content, err := json.Marshal(ps.conf.Bootstrap.Content)
if err != nil {
return Result{}, errors.Wrap(ErrFailedBootstrap, err)
}
bootstrapConfigs := make(map[string]sdk.BootstrapConfig)
var gatewayConfig sdk.BootstrapConfig
var gatewayClientID string
for _, c := range clients {
if ps.conf.Bootstrap.Provision && needsBootstrap(c) {
bsReq := sdk.BootstrapConfig{
ClientID: c.ID,
ExternalID: externalID,
ExternalKey: externalKey,
Channels: chanIDs,
Name: name,
CACert: res.CACert,
ClientCert: "",
ClientKey: "",
Content: string(content),
ProfileID: ps.conf.Bootstrap.ProfileID,
RenderContext: ps.bootstrapRenderContext(externalID, name),
}
bsid, err := ps.sdk.AddBootstrap(ctx, bsReq, domainID, token)
if err != nil {
return Result{}, errors.Wrap(ErrFailedBootstrap, err)
}
bootstrapIDs = append(bootstrapIDs, bsid)
bsConfig, err = ps.sdk.ViewBootstrap(ctx, bsid, domainID, token)
bsConfig, err := ps.sdk.ViewBootstrap(ctx, bsid, domainID, token)
if err != nil {
return Result{}, errors.Wrap(ErrFailedBootstrapValidate, err)
}
bootstrapConfigs[c.ID] = bsConfig
gatewayConfig = bsConfig
gatewayClientID = c.ID
if err := ps.bindBootstrapResources(ctx, bsConfig.ID, c, clients, channels, domainID, token); err != nil {
return Result{}, errors.Wrap(ErrFailedBootstrapBinding, err)
}
}
if ps.conf.Bootstrap.X509Provision {
@@ -221,25 +228,34 @@ func (ps *provisionService) Provision(ctx context.Context, domainID, token, name
res.ClientKey[c.ID] = cert.Key
res.CACert = ""
if needsBootstrap(c) {
if _, err = ps.sdk.UpdateBootstrapCerts(ctx, bsConfig.ClientID, cert.Certificate, cert.Key, "", domainID, token); err != nil {
if bsConfig, ok := bootstrapConfigs[c.ID]; ok {
updated, err := ps.sdk.UpdateBootstrapCerts(ctx, bsConfig.ID, cert.Certificate, cert.Key, "", domainID, token)
if err != nil {
return Result{}, errors.Wrap(ErrFailedCertCreation, err)
}
bootstrapConfigs[c.ID] = updated
if gatewayClientID == c.ID {
gatewayConfig = updated
}
}
}
if ps.conf.Bootstrap.AutoWhiteList {
if err := ps.sdk.Whitelist(ctx, c.ID, Active, domainID, token); err != nil {
if bsConfig, ok := bootstrapConfigs[c.ID]; ok {
if err := ps.sdk.Whitelist(ctx, bsConfig.ID, smqSDK.BootstrapEnabledStatus, domainID, token); err != nil {
res.Error = err.Error()
return res, ErrClientUpdate
}
res.Whitelisted[c.ID] = true
res.Whitelisted[bsConfig.ID] = true
}
}
}
if err = ps.updateGateway(ctx, domainID, token, bsConfig, channels); err != nil {
if gatewayClientID != "" && gatewayConfig.ID != "" {
if err = ps.updateGateway(ctx, domainID, token, gatewayClientID, gatewayConfig, externalKey, channels); err != nil {
return res, err
}
}
return res, nil
}
@@ -292,7 +308,7 @@ func (ps *provisionService) createTokenIfEmpty(ctx context.Context, token string
return tkn.AccessToken, nil
}
func (ps *provisionService) updateGateway(ctx context.Context, domainID, token string, bs sdk.BootstrapConfig, channels []smqSDK.Channel) error {
func (ps *provisionService) updateGateway(ctx context.Context, domainID, token, gatewayClientID string, bs sdk.BootstrapConfig, externalKey string, channels []smqSDK.Channel) error {
var gw Gateway
for _, ch := range channels {
switch ch.Metadata["type"] {
@@ -305,11 +321,11 @@ func (ps *provisionService) updateGateway(ctx context.Context, domainID, token s
}
}
gw.ExternalID = bs.ExternalID
gw.ExternalKey = bs.ExternalKey
gw.CfgID = bs.ClientID
gw.ExternalKey = externalKey
gw.CfgID = bs.ID
gw.Type = gateway
c, sdkerr := ps.sdk.Client(ctx, bs.ClientID, domainID, token)
c, sdkerr := ps.sdk.Client(ctx, gatewayClientID, domainID, token)
if sdkerr != nil {
return errors.Wrap(ErrGatewayUpdate, sdkerr)
}
@@ -326,6 +342,95 @@ func (ps *provisionService) updateGateway(ctx context.Context, domainID, token s
return nil
}
func (ps *provisionService) bootstrapRenderContext(externalID, name string) map[string]any {
renderContext := make(map[string]any, len(ps.conf.Bootstrap.RenderContext)+2)
for k, v := range ps.conf.Bootstrap.RenderContext {
renderContext[k] = v
}
if externalID != "" {
renderContext[externalIDKey] = externalID
}
if name != "" {
renderContext["name"] = name
}
if len(renderContext) == 0 {
return nil
}
return renderContext
}
func (ps *provisionService) bindBootstrapResources(ctx context.Context, configID string, bootstrapClient smqSDK.Client, clients []smqSDK.Client, channels []smqSDK.Channel, domainID, token string) error {
if len(ps.conf.Bootstrap.Bindings) == 0 {
return nil
}
requests := make([]smqSDK.BootstrapBindingRequest, 0, len(ps.conf.Bootstrap.Bindings))
for _, binding := range ps.conf.Bootstrap.Bindings {
resourceID := ps.bindingResourceID(binding, bootstrapClient, clients, channels)
if resourceID == "" {
return fmt.Errorf("resource for bootstrap binding slot %q not found", binding.Slot)
}
requests = append(requests, smqSDK.BootstrapBindingRequest{
Slot: binding.Slot,
Type: binding.Type,
ResourceID: resourceID,
})
}
return ps.sdk.BindBootstrapResources(ctx, configID, requests, domainID, token)
}
func (ps *provisionService) bindingResourceID(binding BootstrapBinding, bootstrapClient smqSDK.Client, clients []smqSDK.Client, channels []smqSDK.Channel) string {
switch binding.Type {
case "client":
if matchesClientBinding(binding, bootstrapClient) {
return bootstrapClient.ID
}
for _, client := range clients {
if matchesClientBinding(binding, client) {
return client.ID
}
}
case "channel":
for _, channel := range channels {
if matchesChannelBinding(binding, channel) {
return channel.ID
}
}
}
return ""
}
func matchesClientBinding(binding BootstrapBinding, client smqSDK.Client) bool {
if binding.Name != "" && client.Name != binding.Name {
return false
}
if binding.MetadataKey != "" {
return metadataValue(client.Metadata, binding.MetadataKey) == binding.MetadataValue
}
return binding.Name != "" || client.ID != ""
}
func matchesChannelBinding(binding BootstrapBinding, channel smqSDK.Channel) bool {
if binding.Name != "" && channel.Name != binding.Name {
return false
}
if binding.MetadataKey != "" {
return metadataValue(channel.Metadata, binding.MetadataKey) == binding.MetadataValue
}
return binding.Name != "" || channel.ID != ""
}
func metadataValue(metadata map[string]any, key string) string {
if metadata == nil {
return ""
}
if value, ok := metadata[key]; ok {
return fmt.Sprint(value)
}
return ""
}
func (ps *provisionService) errLog(err error) {
if err != nil {
ps.logger.Error(fmt.Sprintf("Error recovering: %s", err))
@@ -343,11 +448,17 @@ func clean(ctx context.Context, ps *provisionService, clients []smqSDK.Client, c
}
}
func (ps *provisionService) recover(ctx context.Context, e *error, ths *[]smqSDK.Client, chs *[]smqSDK.Channel, domainID, token string) {
func (ps *provisionService) removeBootstraps(ctx context.Context, ids []string, domainID, token string) {
for _, id := range ids {
ps.errLog(ps.sdk.RemoveBootstrap(ctx, id, domainID, token))
}
}
func (ps *provisionService) recover(ctx context.Context, e *error, ths *[]smqSDK.Client, chs *[]smqSDK.Channel, bootstrapIDs *[]string, domainID, token string) {
if e == nil {
return
}
clients, channels, err := *ths, *chs, *e
clients, channels, bootstraps, err := *ths, *chs, *bootstrapIDs, *e
if errors.Contains(err, ErrFailedClientRetrieval) || errors.Contains(err, ErrFailedChannelCreation) {
for _, c := range clients {
@@ -362,27 +473,12 @@ func (ps *provisionService) recover(ctx context.Context, e *error, ths *[]smqSDK
return
}
if errors.Contains(err, ErrFailedBootstrapValidate) || errors.Contains(err, ErrFailedCertCreation) {
if errors.Contains(err, ErrFailedBootstrapValidate) || errors.Contains(err, ErrFailedCertCreation) || errors.Contains(err, ErrFailedBootstrapBinding) {
clean(ctx, ps, clients, channels, domainID, token)
for _, c := range clients {
if needsBootstrap(c) {
ps.errLog(ps.sdk.RemoveBootstrap(ctx, c.ID, domainID, token))
}
}
ps.removeBootstraps(ctx, bootstraps, domainID, token)
return
}
if errors.Contains(err, ErrFailedBootstrapValidate) || errors.Contains(err, ErrFailedCertCreation) {
clean(ctx, ps, clients, channels, domainID, token)
for _, c := range clients {
if needsBootstrap(c) {
bs, err := ps.sdk.ViewBootstrap(ctx, c.ID, domainID, token)
ps.errLog(errors.Wrap(ErrFailedBootstrapRetrieval, err))
ps.errLog(ps.sdk.RemoveBootstrap(ctx, bs.ClientID, domainID, token))
}
}
}
if errors.Contains(err, ErrClientUpdate) || errors.Contains(err, ErrGatewayUpdate) {
clean(ctx, ps, clients, channels, domainID, token)
for _, c := range clients {
@@ -390,12 +486,8 @@ func (ps *provisionService) recover(ctx context.Context, e *error, ths *[]smqSDK
err := ps.sdk.RevokeCert(ctx, c.ID, domainID, token)
ps.errLog(err)
}
if needsBootstrap(c) {
bs, err := ps.sdk.ViewBootstrap(ctx, c.ID, domainID, token)
ps.errLog(errors.Wrap(ErrFailedBootstrapRetrieval, err))
ps.errLog(ps.sdk.RemoveBootstrap(ctx, bs.ClientID, domainID, token))
}
}
ps.removeBootstraps(ctx, bootstraps, domainID, token)
return
}
}
provision/service_test.go
+216
View File
@@ -231,3 +231,219 @@ func TestCert(t *testing.T) {
})
}
}
func TestProvisionUsesBootstrapEnrollmentID(t *testing.T) {
cfg := validConfig
cfg.Bootstrap = provision.Bootstrap{
X509Provision: true,
Provision: true,
AutoWhiteList: true,
ProfileID: "gateway-profile",
RenderContext: map[string]any{
"site": "warehouse-1",
},
Bindings: []provision.BootstrapBinding{
{
Slot: "mqtt_client",
Type: "client",
},
{
Slot: "control",
Type: "channel",
MetadataKey: "type",
MetadataValue: "control",
},
},
Content: map[string]any{
"broker": "mqtt://localhost:1883",
},
}
cfg.Clients[0].Metadata = map[string]any{
"external_id": "placeholder",
}
cfg.Channels[0].Name = "control-channel"
cfg.Channels[0].Metadata = map[string]any{
"type": "control",
}
cfg.Cert.TTL = "1h"
const (
name = "gateway-1"
externalID = "AA:BB:CC:DD"
externalKey = "secret"
certPEM = "cert-pem"
keyPEM = "key-pem"
serial = "serial-1"
)
clientID := testsutil.GenerateUUID(t)
channelID := testsutil.GenerateUUID(t)
bootstrapID := testsutil.GenerateUUID(t)
domainID := testsutil.GenerateUUID(t)
clientMetadata := map[string]any{
"external_id": externalID,
}
var updatedClient smqSDK.Client
mgsdk := new(sdkmocks.SDK)
svc := provision.New(cfg, mgsdk, mglog.NewMock())
createClientCall := mgsdk.On(
"CreateClient",
mock.Anything,
mock.Anything,
domainID,
validToken,
).Return(smqSDK.Client{ID: clientID}, nil)
clientCall := mgsdk.On(
"Client",
mock.Anything,
clientID,
domainID,
validToken,
).Return(smqSDK.Client{ID: clientID, Name: name, Metadata: clientMetadata}, nil).Twice()
createChannelCall := mgsdk.On(
"CreateChannel",
mock.Anything,
mock.Anything,
domainID,
validToken,
).Return(smqSDK.Channel{ID: channelID}, nil)
channelCall := mgsdk.On(
"Channel",
mock.Anything,
channelID,
domainID,
validToken,
).Return(smqSDK.Channel{ID: channelID, Metadata: smqSDK.Metadata{"type": "control"}}, nil)
addBootstrapCall := mgsdk.On(
"AddBootstrap",
mock.Anything,
mock.MatchedBy(func(cfg smqSDK.BootstrapConfig) bool {
return cfg.ProfileID == "gateway-profile" &&
cfg.RenderContext["site"] == "warehouse-1" &&
cfg.RenderContext["external_id"] == externalID &&
cfg.RenderContext["name"] == name
}),
domainID,
validToken,
).Return(bootstrapID, nil)
viewBootstrapCall := mgsdk.On(
"ViewBootstrap",
mock.Anything,
bootstrapID,
domainID,
validToken,
).Return(smqSDK.BootstrapConfig{
ID: bootstrapID,
ExternalID: externalID,
ExternalKey: externalKey,
}, nil)
bindBootstrapResourcesCall := mgsdk.On(
"BindBootstrapResources",
mock.Anything,
bootstrapID,
[]smqSDK.BootstrapBindingRequest{
{
Slot: "mqtt_client",
Type: "client",
ResourceID: clientID,
},
{
Slot: "control",
Type: "channel",
ResourceID: channelID,
},
},
domainID,
validToken,
).Return(nil)
issueCertCall := mgsdk.On(
"IssueCert",
mock.Anything,
clientID,
cfg.Cert.TTL,
mock.Anything,
mock.Anything,
domainID,
validToken,
).Return(smqSDK.Certificate{SerialNumber: serial}, nil)
viewCertCall := mgsdk.On(
"ViewCert",
mock.Anything,
serial,
domainID,
validToken,
).Return(smqSDK.Certificate{Certificate: certPEM, Key: keyPEM}, nil)
updateBootstrapCertsCall := mgsdk.On(
"UpdateBootstrapCerts",
mock.Anything,
bootstrapID,
certPEM,
keyPEM,
"",
domainID,
validToken,
).Return(smqSDK.BootstrapConfig{
ID: bootstrapID,
ExternalID: externalID,
ExternalKey: externalKey,
ClientCert: certPEM,
ClientKey: keyPEM,
}, nil)
whitelistCall := mgsdk.On(
"Whitelist",
mock.Anything,
bootstrapID,
smqSDK.BootstrapEnabledStatus,
domainID,
validToken,
).Return(nil)
updateClientCall := mgsdk.On(
"UpdateClient",
mock.Anything,
mock.Anything,
domainID,
validToken,
).Run(func(args mock.Arguments) {
updatedClient = args.Get(1).(smqSDK.Client)
}).Return(smqSDK.Client{ID: clientID}, nil)
res, err := svc.Provision(context.Background(), domainID, validToken, name, externalID, externalKey)
assert.NoError(t, err)
assert.Len(t, res.Clients, 1)
assert.Len(t, res.Channels, 1)
assert.True(t, res.Whitelisted[bootstrapID])
assert.Equal(t, certPEM, res.ClientCert[clientID])
assert.Equal(t, keyPEM, res.ClientKey[clientID])
assert.Equal(t, clientID, updatedClient.ID)
assert.Equal(t, bootstrapID, updatedClient.Metadata["cfg_id"])
assert.Equal(t, externalID, updatedClient.Metadata["external_id"])
assert.Equal(t, channelID, updatedClient.Metadata["ctrl_channel_id"])
assert.Equal(t, "gateway", updatedClient.Metadata["type"])
createClientCall.Unset()
clientCall.Unset()
createChannelCall.Unset()
channelCall.Unset()
_ = addBootstrapCall
viewBootstrapCall.Unset()
bindBootstrapResourcesCall.Unset()
issueCertCall.Unset()
viewCertCall.Unset()
updateBootstrapCertsCall.Unset()
whitelistCall.Unset()
updateClientCall.Unset()
}
re/service_test.go
+36 -4
View File
@@ -491,9 +491,9 @@ func TestAddRule(t *testing.T) {
t.Run(tc.desc, func(t *testing.T) {
repoCall := repo.On("AddRule", mock.Anything, mock.Anything).Return(tc.res, tc.err)
policyCall := policies.On("AddPolicies", context.Background(), mock.Anything).Return(tc.addPoliciesErr)
policyCall2 := policies.On("DeletePolicies", context.Background(), mock.Anything).Return(tc.deletePolicies).Maybe()
policyCall2 := policies.On("DeletePolicies", context.Background(), mock.Anything).Return(tc.deletePolicies)
repoCall1 := repo.On("AddRoles", context.Background(), mock.Anything).Return([]roles.RoleProvision{}, tc.addRoleErr)
repoCall2 := repo.On("Remove", context.Background(), mock.Anything).Return(tc.deleteErr).Maybe()
repoCall2 := repo.On("Remove", context.Background(), mock.Anything).Return(tc.deleteErr)
res, _, err := svc.AddRule(context.Background(), tc.session, tc.rule)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
if err == nil {
@@ -1175,6 +1175,7 @@ func TestHandle(t *testing.T) {
page re.Page
listErr error
publishErr error
emailErr error
expectErr bool
}{
{
@@ -1420,6 +1421,37 @@ func TestHandle(t *testing.T) {
},
listErr: nil,
},
{
desc: "consume message with Lua script and failed Email output",
message: &messaging.Message{
Channel: inputChannel,
Created: now.Unix(),
Payload: []byte(`{"temperature": 25.5}`),
},
page: re.Page{
Rules: []re.Rule{
{
ID: testsutil.GenerateUUID(t),
Name: namegen.Generate(),
InputChannel: inputChannel,
Status: re.EnabledStatus,
Logic: re.Script{
Type: re.LuaType,
Value: `return message.payload`,
},
Outputs: re.Outputs{
&outputs.Email{
To: []string{"test@example.com"},
Subject: "Temperature Alert",
Content: "Temperature: {{.Result}}",
},
},
Schedule: schedule,
},
},
},
emailErr: errors.New("failed to send email"),
},
{
desc: "consume message with rules using GoType",
message: &messaging.Message{
@@ -1817,8 +1849,8 @@ func TestHandle(t *testing.T) {
err = tc.listErr
}
})
repoCall1 := pubmocks.On("Publish", mock.Anything, mock.Anything, mock.Anything).Return(tc.publishErr).Maybe()
repoCall2 := emailer.On("SendEmailNotification", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil).Maybe()
repoCall1 := pubmocks.On("Publish", mock.Anything, mock.Anything, mock.Anything).Return(tc.publishErr)
repoCall2 := emailer.On("SendEmailNotification", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(tc.emailErr)
err = svc.Handle(tc.message)
assert.Nil(t, err)
reports/service_test.go
+2 -2
View File
@@ -184,9 +184,9 @@ func TestAddReportConfig(t *testing.T) {
t.Run(tc.desc, func(t *testing.T) {
repoCall := repo.On("AddReportConfig", mock.Anything, mock.Anything).Return(tc.res, tc.err)
policyCall := policies.On("AddPolicies", context.Background(), mock.Anything).Return(tc.addPoliciesErr)
policyCall2 := policies.On("DeletePolicies", context.Background(), mock.Anything).Return(tc.deletePolicies).Maybe()
policyCall2 := policies.On("DeletePolicies", context.Background(), mock.Anything).Return(tc.deletePolicies)
repoCall1 := repo.On("AddRoles", context.Background(), mock.Anything).Return([]roles.RoleProvision{}, tc.addRoleErr)
repoCall2 := repo.On("Remove", context.Background(), mock.Anything).Return(tc.deleteErr).Maybe()
repoCall2 := repo.On("Remove", context.Background(), mock.Anything).Return(tc.deleteErr)
res, err := svc.AddReportConfig(context.Background(), tc.session, tc.cfg)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))
if err == nil {
tools/config/.mockery.yaml
+4
View File
@@ -173,6 +173,10 @@ packages:
ConfigRepository:
ConfigReader:
Service:
ProfileRepository:
BindingStore:
BindingResolver:
Renderer:
github.com/absmach/magistrala/provision:
interfaces:
Service:
users/service_test.go
+14 -1
View File
@@ -2082,6 +2082,7 @@ func TestOAuthCallback(t *testing.T) {
retrieveByEmailErr error
saveResponse users.User
addPoliciesErr error
updateVerifiedAtErr error
err error
}{
{
@@ -2136,6 +2137,18 @@ func TestOAuthCallback(t *testing.T) {
},
err: nil,
},
{
desc: "oauth signin callback with failed update verified at",
user: users.User{
Email: "test@example.com",
},
retrieveByEmailResponse: users.User{
ID: testsutil.GenerateUUID(t),
Role: users.UserRole,
},
updateVerifiedAtErr: svcerr.ErrUpdateEntity,
err: svcerr.ErrUpdateEntity,
},
}
for _, tc := range cases {
t.Run(tc.desc, func(t *testing.T) {
@@ -2144,7 +2157,7 @@ func TestOAuthCallback(t *testing.T) {
repoCall2 := cRepo.On("UpdateVerifiedAt", context.Background(), mock.MatchedBy(func(u users.User) bool {
assert.NotEmpty(t, u.ID, "UpdateVerifiedAt must be called with non-empty user ID")
return u.ID != ""
})).Maybe().Return(tc.retrieveByEmailResponse, nil)
})).Return(tc.retrieveByEmailResponse, tc.updateVerifiedAtErr)
policyCall := policies.On("AddPolicies", context.Background(), mock.Anything).Return(tc.addPoliciesErr)
_, err := svc.OAuthCallback(context.Background(), tc.user)
assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err))