LeftSidebar add routing check for snippetService and deviceProvisioni…

…ngService (#1365)

### Summary
Routing Checks: Added validation for snippetService and deviceProvisioning.

### Details
Introduced routing checks to ensure that navigation is properly handled for snippetService and deviceProvisioning.
These checks verify that the correct routing logic is applied, preventing navigation to invalid routes.

* LeftSidebar add routing check for snippetService

* Set mongodb verbosity based on environment

* Fix linter issues

* helm: set automountServiceAccountToken to false for snippet-service

---------

Co-authored-by: Daniel Adam <[email protected]>
Co-authored-by: Jozef Kralik <[email protected]>

.golangci.yml

@@ -25,7 +25,7 @@ linters:
     - asciicheck       # Simple linter to check that your code does not contain non-ASCII identifiers
     - bidichk          # Checks for dangerous unicode character sequences
     - bodyclose        # Checks whether HTTP response body is closed successfully
-    # - copyloopvar      # Detects places where loop variables are copied
+    - copyloopvar      # Detects places where loop variables are copied
     - decorder         # Check declaration order and count of types, constants, variables and functions
     - dogsled          # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - dupl             # Tool for code clone detection
@@ -35,7 +35,6 @@ linters:
     - errchkjson       # Checks types passed to the json encoding functions. Reports unsupported types and optionally reports occasions, where the check for the returned error can be omitted.
     - errname          # Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`.
     - errorlint        # errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
-    - exportloopref    # checks for pointers to enclosing loop variables
     # - forcetypeassert  # finds forced type assertions
     - gci              # Gci control golang package import order and make it always deterministic.
     - gocheckcompilerdirectives  # Checks that go compiler directive comments (//go:) are valid.

Makefile

@@ -39,6 +39,11 @@ TEST_MEMORY_COAP_GATEWAY_NUM_RESOURCES ?= 1
 TEST_MEMORY_COAP_GATEWAY_EXPECTED_RSS_IN_MB ?= 50
 TEST_MEMORY_COAP_GATEWAY_RESOURCE_DATA_SIZE ?= 200
 TEST_DATABASE ?= mongodb
+ifeq ($(TEST_MONGODB_VERBOSE),true)
+MONGODB_ARGS := -vvvvv
+else
+MONGODB_ARGS :=
+endif
 TEST_LEAD_RESOURCE_TYPE_FILTER ?=
 TEST_LEAD_RESOURCE_TYPE_REGEX_FILTER ?=
 TEST_LEAD_RESOURCE_TYPE_USE_UUID ?= false
@@ -203,8 +208,8 @@ define RUN-DOCKER-MONGO
 		--name=$(1) \
 		-v $(WORKING_DIRECTORY)/.tmp/$(1):/data/db \
 		-v $(CERT_PATH):/certs --user $(USER_ID):$(GROUP_ID) \
-		mongo --tlsMode requireTLS --wiredTigerCacheSizeGB 1 --tlsCAFile /certs/root_ca.crt \
-			--tlsCertificateKeyFile /certs/mongo.key $(2)
+		mongo $(2) --tlsMode requireTLS --wiredTigerCacheSizeGB 1 --tlsCAFile /certs/root_ca.crt \
+			--tlsCertificateKeyFile /certs/mongo.key
 endef
 
 MONGODB_REPLICA_0 := mongo0
@@ -215,9 +220,9 @@ MONGODB_REPLICA_2 := mongo2
 MONGODB_REPLICA_2_PORT := 27019
 
 mongo: certificates
-	$(call RUN-DOCKER-MONGO,$(MONGODB_REPLICA_0),-vvvvv --replSet myReplicaSet --bind_ip localhost --port $(MONGODB_REPLICA_0_PORT))
-	$(call RUN-DOCKER-MONGO,$(MONGODB_REPLICA_1),-vvvvv --replSet myReplicaSet --bind_ip localhost --port $(MONGODB_REPLICA_1_PORT))
-	$(call RUN-DOCKER-MONGO,$(MONGODB_REPLICA_2),-vvvvv --replSet myReplicaSet --bind_ip localhost --port $(MONGODB_REPLICA_2_PORT))
+	$(call RUN-DOCKER-MONGO,$(MONGODB_REPLICA_0),$(MONGODB_ARGS) --replSet myReplicaSet --bind_ip localhost --port $(MONGODB_REPLICA_0_PORT))
+	$(call RUN-DOCKER-MONGO,$(MONGODB_REPLICA_1),$(MONGODB_ARGS) --replSet myReplicaSet --bind_ip localhost --port $(MONGODB_REPLICA_1_PORT))
+	$(call RUN-DOCKER-MONGO,$(MONGODB_REPLICA_2),$(MONGODB_ARGS) --replSet myReplicaSet --bind_ip localhost --port $(MONGODB_REPLICA_2_PORT))
 	COUNTER=0; \
 	while [[ $${COUNTER} -lt 30 ]]; do \
 		echo "Checking mongodb connection ($${COUNTER}):"; \
@@ -252,7 +257,7 @@ mongo/clean:
 .PHONY: mongo mongo/clean
 
 mongo-no-replicas: certificates
-	$(call RUN-DOCKER-MONGO,mongo,)
+	$(call RUN-DOCKER-MONGO,mongo,$(MONGODB_ARGS))
 
 mongo-no-replicas/clean:
 	$(call REMOVE-DOCKER-DEVICE,mongo)
@@ -445,7 +450,7 @@ env: clean certificates nats privateKeys http-gateway-www mongo simulators
 env/test/mem: clean certificates nats privateKeys
 
 ifeq ($(TEST_DATABASE),mongodb)
-# github runners run out of file space if multiple mongodb replicas are started, so we start only a single instance
+# the measure memory test cases seems to be much slower with replica sets running
 env/test/mem: mongo-no-replicas
 else
 # test uses mongodb for most tests, but scylla can be enabled for some; so we always need mongodb to be running

bundle/client/coap/main.go

@@ -194,7 +194,7 @@ func updateResource(co *client.Conn, href string, contentFormat int) {
 	if err != nil {
 		updateError(err)
 	}
-	resp, err := co.Post(context.Background(), href, message.MediaType(contentFormat), bytes.NewReader(b.Bytes()))
+	resp, err := co.Post(context.Background(), href, message.MediaType(contentFormat), bytes.NewReader(b.Bytes())) //nolint:gosec
 	if err != nil {
 		updateError(err)
 	}
@@ -210,7 +210,7 @@ func createResource(co *client.Conn, href string, contentFormat int) {
 	if err != nil {
 		createError(err)
 	}
-	req, err := co.NewPostRequest(context.Background(), href, message.MediaType(contentFormat), os.Stdin)
+	req, err := co.NewPostRequest(context.Background(), href, message.MediaType(contentFormat), os.Stdin) //nolint:gosec
 	if err != nil {
 		createError(err)
 	}

bundle/client/grpc/main.go

@@ -108,7 +108,7 @@ func updateResource(ctx context.Context, client pbGW.GrpcGatewayClient, deviceID
 	resp, err := client.UpdateResource(ctx, &pbGW.UpdateResourceRequest{
 		ResourceId: commands.NewResourceID(deviceID, href),
 		Content: &pbGW.Content{
-			ContentType: message.MediaType(contentFormat).String(),
+			ContentType: message.MediaType(contentFormat).String(), //nolint:gosec
 			Data:        data,
 		},
 	})
@@ -133,7 +133,7 @@ func createResource(ctx context.Context, client pbGW.GrpcGatewayClient, deviceID
 	resp, err := client.CreateResource(ctx, &pbGW.CreateResourceRequest{
 		ResourceId: commands.NewResourceID(deviceID, href),
 		Content: &pbGW.Content{
-			ContentType: message.MediaType(contentFormat).String(),
+			ContentType: message.MediaType(contentFormat).String(), //nolint:gosec
 			Data:        data,
 		},
 	})

charts/plgd-hub/templates/snippet-service/deployment.yaml

@@ -28,6 +28,7 @@ spec:
       labels:
         {{- include "plgd-hub.snippetservice.selectorLabels" . | nindent 8 }}
     spec:
+      automountServiceAccountToken: false
       {{- with .Values.snippetservice.securityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}

cloud2cloud-connector/service/deviceSubscription.go

@@ -108,7 +108,7 @@ func (s *SubscriptionManager) handleResourcesPublished(ctx context.Context, d Su
 		for _, endpoint := range link.GetEndpoints() {
 			endpoints = append(endpoints, &commands.EndpointInformation{
 				Endpoint: endpoint.URI,
-				Priority: int64(endpoint.Priority),
+				Priority: endpoint.Priority,
 			})
 		}
 		href := pkgHttpUri.CanonicalHref(trimDeviceIDFromHref(link.DeviceID, link.Href))
@@ -120,7 +120,7 @@ func (s *SubscriptionManager) handleResourcesPublished(ctx context.Context, d Su
 				Interfaces:            link.Interfaces,
 				DeviceId:              link.DeviceID,
 				Anchor:                link.Anchor,
-				Policy:                &commands.Policy{BitFlags: int32(link.Policy.BitMask)},
+				Policy:                &commands.Policy{BitFlags: commands.ToPolicyBitFlags(link.Policy.BitMask)},
 				Title:                 link.Title,
 				SupportedContentTypes: link.SupportedContentTypes,
 				EndpointInformations:  endpoints,

cloud2cloud-connector/service/publishResource.go

@@ -14,7 +14,7 @@ func publishResource(ctx context.Context, raClient raService.ResourceAggregateCl
 	for _, endpoint := range link.GetEndpoints() {
 		endpoints = append(endpoints, &commands.EndpointInformation{
 			Endpoint: endpoint.URI,
-			Priority: int64(endpoint.Priority),
+			Priority: endpoint.Priority,
 		})
 	}
 	href := pkgHttpUri.CanonicalHref(trimDeviceIDFromHref(link.DeviceID, link.Href))
@@ -26,7 +26,7 @@ func publishResource(ctx context.Context, raClient raService.ResourceAggregateCl
 			Interfaces:            link.Interfaces,
 			DeviceId:              link.DeviceID,
 			Anchor:                link.Anchor,
-			Policy:                &commands.Policy{BitFlags: int32(link.Policy.BitMask)},
+			Policy:                &commands.Policy{BitFlags: commands.ToPolicyBitFlags(link.Policy.BitMask)},
 			Title:                 link.Title,
 			SupportedContentTypes: link.SupportedContentTypes,
 			EndpointInformations:  endpoints,

coap-gateway/coapconv/coapconv.go

@@ -89,7 +89,7 @@ func CoapCodeToStatus(code codes.Code, operation Operation) commands.Status {
 
 func MakeMediaType(coapContentFormat int32, contentType string) (message.MediaType, error) {
 	if coapContentFormat >= 0 {
-		return message.MediaType(coapContentFormat), nil
+		return message.MediaType(coapContentFormat), nil //nolint:gosec
 	}
 	switch contentType {
 	case message.TextPlain.String():
@@ -174,7 +174,7 @@ func NewContent(opts message.Options, body io.Reader) *commands.Content {
 	data, coapContentFormat := GetContentData(opts, body)
 
 	return &commands.Content{
-		ContentType:       getContentFormatString(coapContentFormat),
+		ContentType:       GetContentFormatString(coapContentFormat),
 		CoapContentFormat: coapContentFormat,
 		Data:              data,
 	}
@@ -192,10 +192,9 @@ func GetContentData(opts message.Options, body io.Reader) (data []byte, contentF
 	return data, contentFormat
 }
 
-func getContentFormatString(coapContentFormat int32) string {
+func GetContentFormatString(coapContentFormat int32) string {
 	if coapContentFormat != -1 {
-		mt := message.MediaType(coapContentFormat)
-		return mt.String()
+		return message.MediaType(coapContentFormat).String() //nolint:gosec
 	}
 	return ""
 }
@@ -416,7 +415,7 @@ func NewNotifyResourceChangedRequestsFromBatchResourceDiscovery(deviceID, connec
 		resourceChangedReq := &commands.NotifyResourceChangedRequest{
 			ResourceId: commands.NewResourceID(deviceID, r.Href()),
 			Content: &commands.Content{
-				ContentType:       getContentFormatString(ct),
+				ContentType:       GetContentFormatString(ct),
 				CoapContentFormat: ct,
 				Data:              data,
 			},

coap-gateway/coapconv/getEncoder.go

@@ -16,7 +16,7 @@ func GetAccept(opts message.Options) message.MediaType {
 	if err != nil {
 		return message.AppOcfCbor
 	}
-	return message.MediaType(ct)
+	return message.MediaType(ct) //nolint:gosec
 }
 
 // GetEncoder returns encoder by accept

coap-gateway/service/observation/deviceObserver.go

@@ -363,7 +363,7 @@ func createDiscoveryResourceObserver(ctx context.Context, deviceID string, coapC
 	err := resourcesObserver.addResource(ctx, &commands.Resource{
 		DeviceId: resourcesObserver.deviceID,
 		Href:     resources.ResourceURI,
-		Policy:   &commands.Policy{BitFlags: int32(schema.Observable)},
+		Policy:   &commands.Policy{BitFlags: commands.ToPolicyBitFlags(schema.Observable)},
 	}, interfaces.OC_IF_B, etags)
 	if err != nil {
 		resourcesObserver.CleanObservedResources(ctx)

coap-gateway/service/observation/deviceObserver_test.go

@@ -321,7 +321,7 @@ func testValidateResourceLinks(ctx context.Context, t *testing.T, deviceID strin
 			ResourceTypes: []string{device.ResourceType},
 			Interfaces:    []string{interfaces.OC_IF_BASELINE},
 			Policy: &commands.Policy{
-				BitFlags: int32(schema.Observable | schema.Discoverable),
+				BitFlags: commands.ToPolicyBitFlags(schema.Observable | schema.Discoverable),
 			},
 		},
 		{
@@ -330,7 +330,7 @@ func testValidateResourceLinks(ctx context.Context, t *testing.T, deviceID strin
 			ResourceTypes: []string{platform.ResourceType},
 			Interfaces:    []string{interfaces.OC_IF_BASELINE},
 			Policy: &commands.Policy{
-				BitFlags: int32(schema.Observable | schema.Discoverable),
+				BitFlags: commands.ToPolicyBitFlags(schema.Observable | schema.Discoverable),
 			},
 		},
 	}

coap-gateway/service/resourceDirectory.go

@@ -94,7 +94,7 @@ func parsePublishedResources(data io.ReadSeeker, deviceID string) (wkRd, error)
 	return w, nil
 }
 
-func PublishResourceLinks(ctx context.Context, raClient raService.ResourceAggregateClient, links schema.ResourceLinks, deviceID string, ttl int32, connectionID string, sequence uint64) ([]*commands.Resource, error) {
+func PublishResourceLinks(ctx context.Context, raClient raService.ResourceAggregateClient, links schema.ResourceLinks, deviceID string, ttl int, connectionID string, sequence uint64) ([]*commands.Resource, error) {
 	var validUntil time.Time
 	if ttl > 0 {
 		validUntil = time.Now().Add(time.Second * time.Duration(ttl))
@@ -118,7 +118,7 @@ func PublishResourceLinks(ctx context.Context, raClient raService.ResourceAggreg
 }
 
 func observeResources(ctx context.Context, client *session, w wkRd, sequenceNumber uint64) (coapCodes.Code, error) {
-	publishedResources, err := PublishResourceLinks(ctx, client.server.raClient, w.Links, w.DeviceID, int32(w.TimeToLive), client.RemoteAddr().String(), sequenceNumber)
+	publishedResources, err := PublishResourceLinks(ctx, client.server.raClient, w.Links, w.DeviceID, w.TimeToLive, client.RemoteAddr().String(), sequenceNumber)
 	if err != nil {
 		return coapCodes.BadRequest, fmt.Errorf("unable to publish resources for device %v: %w", w.DeviceID, err)
 	}

coap-gateway/service/service.go

@@ -337,7 +337,7 @@ func New(ctx context.Context, config Config, fileWatcher *fsnotify.Watcher, logg
 
 		ownerCache:         ownerCache,
 		subscriptionsCache: subscriptionsCache,
-		messagePool:        pool.New(uint32(config.APIs.COAP.MessagePoolSize), 1024),
+		messagePool:        pool.New(config.APIs.COAP.MessagePoolSize, 1024),
 		logger:             logger,
 		tracerProvider:     tracerProvider,
 	}

device-provisioning-service/README.md

@@ -42,7 +42,7 @@ CoAP API as specified in the [workflow](./workflow.puml).
 
 | Property | Type | Description | Default |
 | ---------- | -------- | -------------- | ------- |
-| `apis.coap.address` | string | `Listening specification <host>:<port> for coap client connection.` | `"0.0.0.0:5688"` |
+| `apis.coap.address` | string | `Listening specification <host>:<port> for coap client connection.` | `"0.0.0.0:15684"` |
 | `apis.coap.protocols` | []string | `Protocol for coap connection. The supported values are: "tcp", "udp" .` | `["tcp"]` |
 | `apis.coap.maxMessageSize` | int | `Max message size which can be sent/received via coap. i.e. 256*1024 = 262144 bytes.` | `262144` |
 | `apis.coap.messagePoolSize` | int | `Defines the maximum preallocated messages in the pool for parse/create coap messages.` | `1000` |

device-provisioning-service/service/cloudConfiguration.go

@@ -40,7 +40,7 @@ func (RequestHandle) ProcessCloudConfiguration(ctx context.Context, req *mux.Mes
 				},
 				Gateways:        coapGateways,
 				ProviderName:    cloudCfg.AuthorizationProvider,
-				SelectedGateway: int32(selectedGateway),
+				SelectedGateway: int32(selectedGateway), //nolint:gosec
 			},
 		})
 		return msg, err

device-provisioning-service/service/config.go

@@ -259,9 +259,9 @@ func HTTPConfigToProto(cfg pkgHttpClient.Config) (*pb.HttpConfig, error) {
 	}
 
 	return &pb.HttpConfig{
-		MaxIdleConns:        uint32(cfg.MaxIdleConns),
-		MaxConnsPerHost:     uint32(cfg.MaxConnsPerHost),
-		MaxIdleConnsPerHost: uint32(cfg.MaxIdleConnsPerHost),
+		MaxIdleConns:        uint32(cfg.MaxIdleConns),        //nolint:gosec
+		MaxConnsPerHost:     uint32(cfg.MaxConnsPerHost),     //nolint:gosec
+		MaxIdleConnsPerHost: uint32(cfg.MaxIdleConnsPerHost), //nolint:gosec
 		IdleConnTimeout:     cfg.IdleConnTimeout.Nanoseconds(),
 		Timeout:             cfg.Timeout.Nanoseconds(),
 		Tls:                 tls,

device-provisioning-service/service/service.go

@@ -176,7 +176,7 @@ func New(ctx context.Context, config Config, fileWatcher *fsnotify.Watcher, logg
 		ctx:    ctx,
 		cancel: cancel,
 
-		messagePool:           pool.New(uint32(config.APIs.COAP.MessagePoolSize), 1024),
+		messagePool:           pool.New(config.APIs.COAP.MessagePoolSize, 1024),
 		store:                 store,
 		logger:                logger,
 		authHandler:           optCfg.authHandler,

grpc-gateway/pb/README.md

@@ -1262,7 +1262,7 @@ If true - show UI element, if false - hide UI element
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | endpoint | [string](#string) |  |  |
-| priority | [int64](#int64) |  |  |
+| priority | [uint64](#uint64) |  |  |
 
 
 

grpc-gateway/pb/doc.html

@@ -3621,7 +3621,7 @@ <h3 id="resourceaggregate.pb.EndpointInformation">EndpointInformation</h3>
 
                 <tr>
                   <td>priority</td>
-                  <td><a href="#int64">int64</a></td>
+                  <td><a href="#uint64">uint64</a></td>
                   <td></td>
                   <td><p> </p></td>
                 </tr>

grpc-gateway/pb/service.swagger.json

@@ -1637,7 +1637,7 @@
         },
         "priority": {
           "type": "string",
-          "format": "int64"
+          "format": "uint64"
         }
       }
     },

grpc-gateway/service/createAndDeleteResource_test.go

@@ -126,7 +126,7 @@ func createSwitchResourceExpectedEvents(t *testing.T, deviceID, subID, correlati
 						ResourceTypes: []string{types.BINARY_SWITCH},
 						Interfaces:    []string{interfaces.OC_IF_A, interfaces.OC_IF_BASELINE},
 						Policy: &commands.Policy{
-							BitFlags: int32(schema.Discoverable | schema.Observable),
+							BitFlags: commands.ToPolicyBitFlags(schema.Discoverable | schema.Observable),
 						},
 					},
 				},