feat: Improve service initialization process

[FelixTing]

• Start the Web Server before the trigger initialization.
• Add retry mechanism for MqttFactory.Create()

fix: #1046

Signed-off-by: Felix Ting [email protected]

If your build fails due to your commit message not passing the build checks, please review the guidelines here: https://github.com/edgexfoundry/app-functions-sdk-go/blob/main/.github/CONTRIBUTING.md

PR Checklist

Please check if your PR fulfills the following requirements:

• I am not introducing a breaking change (if you are, flag in conventional commit message with BREAKING CHANGE: describing the break)
• I am not introducing a new dependency (add notes below if you are)
• I have added unit tests for the new feature or bug fix (if not, why?)
• I have fully tested (add details below) this the new feature or bug fix (if not, why?)
• I have opened a PR for the related docs change (if not, why?)
  feat: Update External MQTT Trigger Docs edgex-docs#705

Testing Instructions

Download this Docker Compose file

Edit the Docker Compose file to add the custom App Service's service key to EdgeX service secretstore-setup's ADD_SECRETSTORE_TOKENS environment variable.

  secretstore-setup:
    container_name: edgex-security-secretstore-setup
    depends_on:
    - security-bootstrapper
    - vault
    environment:
      ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],redisdb[device-virtual]
      ADD_SECRETSTORE_TOKENS: 'app-external-mqtt-trigger'

Run EdgeX Foundry
docker-compose -f docker-compose.yml up -d

Download this App Service configuration
Modify [Trigger] section with the following settings:

[Trigger]
Type="external-mqtt"
  [Trigger.externalmqtt]
  Url = "tls://test.mosquitto.org:8884"
  SubscribeTopics="test/#"
  ClientId ="app-external-mqtt-trigger"
  Qos            = 0
  KeepAlive      = 10
  Retained       = false
  AutoReconnect  = true
  ConnectTimeout = "30s"
  SkipCertVerify = false
  AuthMode = "clientcert"
  SecretPath = "mqtt"

Run App Service with the configuration and EDGEX_SECURITY_SECRET_STORE=true

Verify logs contain following messages

level=INFO ts=2022-03-03T17:20:58.040262Z app=app- source=mqtt.go:76 msg="Initializing MQTT Trigger"
level=INFO ts=2022-03-03T17:20:58.040284Z app=app- source=server.go:156 msg="Starting HTTP Web Server on address localhost:59706"
level=ERROR ts=2022-03-03T17:20:58.04159Z app=app- source=mqttfactory.go:68 msg="failed to get secret data from the secret provider, error: Error found on handling secrets from underlying data-store: Received a '404' response from the secret store"
level=INFO ts=2022-03-03T17:20:58.04162Z app=app- source=mqttfactory.go:70 msg="Waiting for the secret creation API call to seed the proper credentials..."

Generate a TLS client certificate for test.mosquitto.org, refer to https://test.mosquitto.org/ssl/

Add clientcert to Secret Store using this App Service API

Verify logs contain following messages

level=ERROR ts=2022-03-03T17:47:33.693386Z app=app- source=mqttfactory.go:74 msg="invalid secret data, error: AuthModeCert selected however the key or cert PEM block was not found for secret=mqtt"
level=INFO ts=2022-03-03T17:47:33.693453Z app=app- source=mqttfactory.go:70 msg="Waiting for the secret creation API call to seed the proper credentials..."

Add clientkey to Secret Store

Verify logs contain following messages

level=INFO ts=2022-03-03T17:52:22.404456Z app=app- source=mqtt.go:127 msg="Connecting to mqtt broker for MQTT trigger at: tls://test.mosquitto.org:8884"
level=INFO ts=2022-03-03T17:52:24.14913Z app=app- source=mqtt.go:133 msg="Connected to mqtt server for MQTT trigger"
level=INFO ts=2022-03-03T17:52:24.149168Z app=app- source=service.go:200 msg="StoreAndForward disabled. Not running retry loop."
level=INFO ts=2022-03-03T17:52:24.149183Z app=app- source=service.go:203 msg="app-external-mqtt-trigger has Started"
level=INFO ts=2022-03-03T17:52:24.841152Z app=app- source=mqtt.go:161 msg="Subscribed to topic(s) 'edgex/#' for MQTT trigger"

New Dependency Instructions (If applicable)

[codecov-commenter]

Codecov Report

Merging #1047 (2dccacc) into main (18aea91) will decrease coverage by 0.82%.
The diff coverage is 15.51%.

@@            Coverage Diff             @@
##             main    #1047      +/-   ##
==========================================
- Coverage   68.23%   67.41%   -0.83%     
==========================================
  Files          35       35              
  Lines        2827     2863      +36     
==========================================
+ Hits         1929     1930       +1     
- Misses        787      822      +35     
  Partials      111      111              

Impacted Files	Coverage Δ
internal/app/service.go	53.19% <0.00%> (-1.33%)	⬇️
internal/trigger/mqtt/mqtt.go	42.10% <0.00%> (-2.34%)	⬇️
pkg/transforms/mqttsecret.go	20.68% <0.00%> (ø)
pkg/secure/mqttfactory.go	42.25% <19.44%> (-16.94%)	⬇️
internal/webserver/server.go	22.58% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 18aea91...2dccacc. Read the comment docs.

[FelixTing]

@lenny-intel @cloudxxx8 @judehung for awareness.
This draft PR is ready for review. I will add unit tests and update the related docs once the proposed code change is accepted. Thanks!

[judehung]

Note that if more than one of the channels are ready, go randomly picks which one to receive from. Under such case, is it possible to meet race condition for this select block?

[FelixTing]

Good catch, thanks. No need to use channel here.

[cloudxxx8]

why do you make this check? the secretAddedSignal is created no matter the security is enabled.

[lenny-goodell]

@cloudxxx8 , it is no longer created in non-secure mode. It will be nil in non secure mode.

[cloudxxx8]

ok, @FelixTing should add the check back

[cloudxxx8]

print the INFO level log "Waiting for the secret creation API call to seed the proper credentials..."

[cloudxxx8]

LGTM

[lenny-goodell]

Suggested change

	// add a deferred function for the SecretAddedSignal channel created during service initialization.
	// add a deferred function to close the SecretAddedSignal channel created during service initialization.

[lenny-goodell]

Need a buffered channel so code pushing to the channel doesn't block. Linter will fail w/o this. Please make sure you run the linter (may need to install it).

Suggested change

	secretAddedSignal := make(chan struct{})
	secretAddedSignal := make(chan struct{}, 1)

[lenny-goodell]

Suggested change

	ch := make(chan struct{})
	ch := make(chan struct{}, 1)

[lenny-goodell]

This code should be in the calling function. I.e. it goes beyond get and validate. Then the above code be the body of the func instead of in-line define func.

[lenny-goodell]

This should only happen when running in secure mode. Otherwise it should error out because the secret wasn't found in the InsecureSecrets section of the config. Probably shouldn't not create the secretAddedSignal channel unless running in secure mode.

[FelixTing]

Updated per all the suggestions.

[lenny-goodell]

LGTM, ready to take out of draft and rebase?

[FelixTing]

rebased

[lenny-goodell]

rebased

@FelixTing , still show This branch is out-of-date with the base branch

[FelixTing]

rebased

@FelixTing , still show This branch is out-of-date with the base branch

Uh, have some trouble with my fork repo... will fix this ASAP

[FelixTing]

rebased

@FelixTing , still show This branch is out-of-date with the base branch

Uh, have some trouble with my fork repo... will fix this ASAP

Sorry about the mess. This branch is now up-to-date with the main branch.

[FelixTing]

Added testing instructions and opened a PR for docs.

[lenny-goodell]

LGTM