mirror of
https://github.com/absmach/supermq.git
synced 2026-06-23 04:20:17 +00:00
Steve Munene
2ef8437d8b
* add access control to rules engine Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * add access control to reports Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * add access control to alarms Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix failing linter Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * remove unused variables Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * update authorization method Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * revert code Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * remove roles Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * update alarm permissions Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * update alarm permissions Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * address comments Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix tests Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * revert endpoint changes Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix make fetch Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * revert env variable Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * remove rule prefix Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * remove trailing line Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * remove unused constants Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * re consumer Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * update listing Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix tests Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix linter Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix rule roles interface Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * refactor listing commands Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fetch supermq Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * address coments Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * update script Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * address comments Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fetch supermq Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix time layout Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix failing linter Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix failing linter Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix role name Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix failing linter Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * address comments Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * remove white spaces Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * update check usperadmin method Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * update go mod file Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * fix tests Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> * add missing env variable Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> --------- Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
264 lines
8.1 KiB
Go
264 lines
8.1 KiB
Go
// Copyright (c) Abstract Machines
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log"
|
|
"net/url"
|
|
"os"
|
|
|
|
"github.com/absmach/magistrala/alarms"
|
|
httpAPI "github.com/absmach/magistrala/alarms/api"
|
|
"github.com/absmach/magistrala/alarms/brokers"
|
|
"github.com/absmach/magistrala/alarms/consumer"
|
|
"github.com/absmach/magistrala/alarms/middleware"
|
|
"github.com/absmach/magistrala/alarms/operations"
|
|
alarmsRepo "github.com/absmach/magistrala/alarms/postgres"
|
|
"github.com/absmach/magistrala/pkg/prometheus"
|
|
rconsumer "github.com/absmach/magistrala/pkg/re/events/consumer"
|
|
rpostgres "github.com/absmach/magistrala/re/postgres"
|
|
dpostgres "github.com/absmach/supermq/domains/postgres"
|
|
smqlog "github.com/absmach/supermq/logger"
|
|
smqauthn "github.com/absmach/supermq/pkg/authn"
|
|
"github.com/absmach/supermq/pkg/authn/authsvc"
|
|
authsvcAuthz "github.com/absmach/supermq/pkg/authz/authsvc"
|
|
dconsumer "github.com/absmach/supermq/pkg/domains/events/consumer"
|
|
domainsAuthz "github.com/absmach/supermq/pkg/domains/grpcclient"
|
|
"github.com/absmach/supermq/pkg/grpcclient"
|
|
"github.com/absmach/supermq/pkg/jaeger"
|
|
"github.com/absmach/supermq/pkg/messaging"
|
|
brokerstracing "github.com/absmach/supermq/pkg/messaging/brokers/tracing"
|
|
"github.com/absmach/supermq/pkg/permissions"
|
|
"github.com/absmach/supermq/pkg/postgres"
|
|
"github.com/absmach/supermq/pkg/server"
|
|
httpserver "github.com/absmach/supermq/pkg/server/http"
|
|
"github.com/absmach/supermq/pkg/uuid"
|
|
"github.com/caarlos0/env/v11"
|
|
"golang.org/x/sync/errgroup"
|
|
)
|
|
|
|
const (
|
|
svcName = "alarms"
|
|
envPrefixDB = "MG_ALARMS_DB_"
|
|
envPrefixHTTP = "MG_ALARMS_HTTP_"
|
|
envPrefixAuth = "SMQ_AUTH_GRPC_"
|
|
defDB = "alarms"
|
|
defSvcHTTPPort = "8050"
|
|
envPrefixDomains = "SMQ_DOMAINS_GRPC_"
|
|
alarmEntity = "alarm"
|
|
)
|
|
|
|
type config struct {
|
|
LogLevel string `env:"MG_ALARMS_LOG_LEVEL" envDefault:"info"`
|
|
BrokerURL string `env:"SMQ_MESSAGE_BROKER_URL" envDefault:"nats://localhost:4222"`
|
|
InstanceID string `env:"MG_ALARMS_INSTANCE_ID" envDefault:""`
|
|
JaegerURL url.URL `env:"SMQ_JAEGER_URL" envDefault:"http://localhost:4318/v1/traces"`
|
|
TraceRatio float64 `env:"SMQ_JAEGER_TRACE_RATIO" envDefault:"1.0"`
|
|
ESURL string `env:"SMQ_ES_URL" envDefault:"nats://localhost:4222"`
|
|
ESConsumerName string `env:"MG_ALARMS_EVENT_CONSUMER" envDefault:"alarms"`
|
|
PermissionsFile string `env:"SMQ_PERMISSIONS_FILE" envDefault:"permission.yaml"`
|
|
}
|
|
|
|
func main() {
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
g, ctx := errgroup.WithContext(ctx)
|
|
|
|
cfg := config{}
|
|
if err := env.Parse(&cfg); err != nil {
|
|
log.Fatalf("failed to load %s configuration : %s", svcName, err.Error())
|
|
}
|
|
|
|
logger, err := smqlog.New(os.Stdout, cfg.LogLevel)
|
|
if err != nil {
|
|
log.Fatalf("failed to init logger: %s", err.Error())
|
|
}
|
|
|
|
var exitCode int
|
|
defer smqlog.ExitWithError(&exitCode)
|
|
|
|
tp, err := jaeger.NewProvider(ctx, svcName, cfg.JaegerURL, cfg.InstanceID, cfg.TraceRatio)
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("failed to init Jaeger: %s", err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
defer func() {
|
|
if err := tp.Shutdown(ctx); err != nil {
|
|
logger.Error(fmt.Sprintf("error shutting down tracer provider: %v", err))
|
|
}
|
|
}()
|
|
tracer := tp.Tracer(svcName)
|
|
|
|
dbConfig := postgres.Config{Name: defDB}
|
|
if err := env.ParseWithOptions(&dbConfig, env.Options{Prefix: envPrefixDB}); err != nil {
|
|
logger.Error(err.Error())
|
|
}
|
|
|
|
migrations, err := alarmsRepo.Migration()
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("failed to load migrations: %s", err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
|
|
db, err := postgres.Setup(dbConfig, *migrations)
|
|
if err != nil {
|
|
logger.Error(err.Error())
|
|
exitCode = 1
|
|
return
|
|
}
|
|
defer db.Close()
|
|
|
|
repo := alarmsRepo.NewAlarmsRepo(db)
|
|
|
|
authConfig := grpcclient.Config{}
|
|
if err := env.ParseWithOptions(&authConfig, env.Options{Prefix: envPrefixAuth}); err != nil {
|
|
logger.Error(fmt.Sprintf("failed to load %s auth configuration : %s", svcName, err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
authn, authnClient, err := authsvc.NewAuthentication(ctx, authConfig)
|
|
if err != nil {
|
|
logger.Error(err.Error())
|
|
exitCode = 1
|
|
return
|
|
}
|
|
am := smqauthn.NewAuthNMiddleware(authn)
|
|
defer authnClient.Close()
|
|
logger.Info("AuthN successfully connected to auth gRPC server " + authnClient.Secure())
|
|
|
|
domsGrpcCfg := grpcclient.Config{}
|
|
if err := env.ParseWithOptions(&domsGrpcCfg, env.Options{Prefix: envPrefixDomains}); err != nil {
|
|
logger.Error(fmt.Sprintf("failed to load domains gRPC client configuration : %s", err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
|
|
domAuthz, _, domainsHandler, err := domainsAuthz.NewAuthorization(ctx, domsGrpcCfg)
|
|
if err != nil {
|
|
logger.Error(err.Error())
|
|
exitCode = 1
|
|
return
|
|
}
|
|
defer domainsHandler.Close()
|
|
|
|
authz, authzHandler, err := authsvcAuthz.NewAuthorization(ctx, authConfig, domAuthz)
|
|
if err != nil {
|
|
logger.Error("failed to create authz " + err.Error())
|
|
exitCode = 1
|
|
return
|
|
}
|
|
defer authzHandler.Close()
|
|
|
|
logger.Info("AuthZ successfully connected to auth gRPC server " + authzHandler.Secure())
|
|
|
|
ddatabase := postgres.NewDatabase(db, dbConfig, tracer)
|
|
drepo := dpostgres.NewRepository(ddatabase)
|
|
|
|
if err := dconsumer.DomainsEventsSubscribe(ctx, drepo, cfg.ESURL, cfg.ESConsumerName, logger); err != nil {
|
|
logger.Error(fmt.Sprintf("failed to create domains event store : %s", err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
|
|
rdatabase := postgres.NewDatabase(db, dbConfig, tracer)
|
|
rrepo := rpostgres.NewRepository(rdatabase)
|
|
|
|
if err := rconsumer.RulesEventsSubscribe(ctx, rrepo, cfg.ESURL, cfg.ESConsumerName, logger); err != nil {
|
|
logger.Error(fmt.Sprintf("failed to subscribe to rules events: %s", err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
|
|
idp := uuid.New()
|
|
|
|
svc := alarms.NewService(idp, repo)
|
|
|
|
permConfig, err := permissions.ParsePermissionsFile(cfg.PermissionsFile)
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("failed to parse permissions file: %s", err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
|
|
alarmOps, _, err := permConfig.GetEntityPermissions(alarmEntity)
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("failed to get alarm permissions: %s", err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
|
|
entitiesOps, err := permissions.NewEntitiesOperations(
|
|
permissions.EntitiesPermission{
|
|
operations.EntityType: alarmOps,
|
|
},
|
|
permissions.EntitiesOperationDetails[permissions.Operation]{
|
|
operations.EntityType: operations.OperationDetails(),
|
|
},
|
|
)
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("failed to create entity operations: %s", err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
|
|
svc, err = middleware.NewAuthorizationMiddleware(svc, authz, entitiesOps)
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("failed to create authorization middleware: %s", err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
|
|
svc = middleware.NewLoggingMiddleware(logger, svc)
|
|
counter, latency := prometheus.MakeMetrics("alarms", "api")
|
|
svc = middleware.NewMetricsMiddleware(counter, latency, svc)
|
|
svc = middleware.NewTracingMiddleware(tracer, svc)
|
|
|
|
httpServerConfig := server.Config{Port: defSvcHTTPPort}
|
|
if err := env.ParseWithOptions(&httpServerConfig, env.Options{Prefix: envPrefixHTTP}); err != nil {
|
|
logger.Error(fmt.Sprintf("failed to load %s HTTP server configuration : %s", svcName, err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
hs := httpserver.NewServer(ctx, cancel, svcName, httpServerConfig, httpAPI.MakeHandler(svc, logger, idp, cfg.InstanceID, am), logger)
|
|
|
|
pubSub, err := brokers.NewPubSub(ctx, cfg.BrokerURL, logger)
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("failed to connect to message broker: %s", err))
|
|
exitCode = 1
|
|
return
|
|
}
|
|
defer pubSub.Close()
|
|
pubSub = brokerstracing.NewPubSub(httpServerConfig, tracer, pubSub)
|
|
|
|
consumer := consumer.NewHandler(svc, logger)
|
|
|
|
subCfg := messaging.SubscriberConfig{
|
|
ID: svcName,
|
|
Topic: brokers.AllTopic,
|
|
DeliveryPolicy: messaging.DeliverAllPolicy,
|
|
Handler: consumer,
|
|
}
|
|
if err := pubSub.Subscribe(ctx, subCfg); err != nil {
|
|
logger.Error(fmt.Sprintf("failed to subscribe to message broker: %s", err))
|
|
exitCode = 1
|
|
|
|
return
|
|
}
|
|
|
|
g.Go(func() error {
|
|
return hs.Start()
|
|
})
|
|
|
|
g.Go(func() error {
|
|
return server.StopSignalHandler(ctx, cancel, logger, svcName, hs)
|
|
})
|
|
|
|
if err := g.Wait(); err != nil {
|
|
logger.Error(fmt.Sprintf("billing service terminated: %s", err))
|
|
}
|
|
}
|