From 7b6960107d53d44227e1d3e6fdafd5b99a271ca1 Mon Sep 17 00:00:00 2001 From: Daniel Adam Date: Fri, 16 Aug 2024 21:32:36 +0200 Subject: [PATCH] PR fixes --- bundle/Dockerfile | 4 +- bundle/run.sh | 26 ++++---- .../client-crt.yaml | 2 + .../device-provisioning-service/config.yaml | 2 + .../deployment.yaml | 2 + .../dockerconfig-secret.yaml | 2 +- .../domain-crt.yaml | 2 +- .../hub-ca-secrets.yaml | 2 + .../hub-oauth-secrets.yaml | 2 + .../hubs-ca-secrets.yaml | 2 + .../hubs-oauth-secrets.yaml | 4 +- .../device-provisioning-service/ingress.yaml | 2 +- .../psk-secrets.yaml | 2 + .../device-provisioning-service/role.yaml | 2 +- .../service-account.yaml | 2 +- .../service-crt.yaml | 2 + .../service-http.yaml | 4 +- .../service-tcp.yaml | 2 +- .../service-udp.yaml | 2 +- .../x509-chain-secrets.yaml | 2 + charts/plgd-hub/values.yaml | 2 +- device-provisioning-service/README.md | 4 +- device-provisioning-service/config.yaml | 2 +- device-provisioning-service/pb/hub.go | 27 +++++--- device-provisioning-service/pb/hub.pb.go | 8 +-- .../pb/provisioningRecords.pb.go | 10 +-- .../store/mongodb/hubs.go | 5 +- .../store/mongodb/hubs_test.go | 64 +++++++++++-------- grpc-gateway/pb/hubConfiguration.pb.go | 2 +- snippet-service/pb/service.pb.go | 12 ++-- 30 files changed, 122 insertions(+), 84 deletions(-) diff --git a/bundle/Dockerfile b/bundle/Dockerfile index 811a38d6c..be3b58845 100644 --- a/bundle/Dockerfile +++ b/bundle/Dockerfile @@ -340,8 +340,8 @@ ENV HTTP_SNIPPET_SERVICE_PORT=9092 ENV M2M_OAUTH_SERVER_PORT=9079 ENV HTTP_M2M_OAUTH_SERVER_PORT=9080 ENV GRPC_REFLECTION_PORT=9078 -ENV COAP_DEVICE_PROVISIONG_SERVICE_PORT=15684 -ENV HTTP_DEVICE_PROVISIONG_SERVICE_PORT=9093 +ENV COAP_DEVICE_PROVISIONING_SERVICE_PORT=15684 +ENV HTTP_DEVICE_PROVISIONING_SERVICE_PORT=9093 # OAuth ENV DEVICE_PROVIDER=plgd diff --git a/bundle/run.sh b/bundle/run.sh index 288e6abee..2349fb324 100755 --- a/bundle/run.sh +++ b/bundle/run.sh @@ -29,8 +29,8 @@ export SNIPPET_SERVICE_HTTP_ADDRESS="localhost:${HTTP_SNIPPET_SERVICE_PORT}" export M2M_OAUTH_SERVER_ADDRESS="localhost:${M2M_OAUTH_SERVER_PORT}" export M2M_OAUTH_SERVER_HTTP_ADDRESS="localhost:${HTTP_M2M_OAUTH_SERVER_PORT}" export GRPC_REFLECTION_ADDRESS="localhost:${GRPC_REFLECTION_PORT}" -export DEVICE_PROVISIONG_SERVICE_COAP_ADDRESS="localhost:${COAP_DEVICE_PROVISIONG_SERVICE_PORT}" -export DEVICE_PROVISIONG_SERVICE_HTTP_ADDRESS="localhost:${HTTP_DEVICE_PROVISIONG_SERVICE_PORT}" +export DEVICE_PROVISIONING_SERVICE_COAP_ADDRESS="localhost:${COAP_DEVICE_PROVISIONING_SERVICE_PORT}" +export DEVICE_PROVISIONING_SERVICE_HTTP_ADDRESS="localhost:${HTTP_DEVICE_PROVISIONING_SERVICE_PORT}" export INTERNAL_CERT_DIR_PATH="$CERTIFICATES_PATH/internal" export GRPC_INTERNAL_CERT_NAME="endpoint.crt" @@ -187,9 +187,9 @@ function copy_ca_pools() { while read -r line; do file=`echo $line | yq e '.[0]' - ` - mkdir -p `dirname ${file}` + mkdir -p `dirname "${file}"` if [ "${OVERRIDE_FILES}" = "true" ] || [ ! -f "${file}" ]; then - cp $CA_POOL ${file} + cp $CA_POOL "${file}" fi done < <(yq e '[.. | select(has("caPool")) | .caPool]' "${CONFIG_FILE}" | sort | uniq) } @@ -199,9 +199,9 @@ function copy_certificates() { while read -r line; do file=`echo $line | yq e '.[0]' - ` - mkdir -p `dirname ${file}` + mkdir -p `dirname "${file}"` if [ "${OVERRIDE_FILES}" = "true" ] || [ ! -f "${file}" ]; then - cp $CERT_FILE ${file} + cp $CERT_FILE "${file}" fi done < <(yq e '[.. | select(has("certFile")) | .certFile]' "${CONFIG_FILE}" | sort | uniq) } @@ -211,9 +211,9 @@ function copy_private_keys() { while read -r line; do file=`echo $line | yq e '.[0]' - ` - mkdir -p `dirname ${file}` + mkdir -p `dirname "${file}"` if [ "${OVERRIDE_FILES}" = "true" ] || [ ! -f "${file}" ]; then - cp $KEY_FILE ${file} + cp $KEY_FILE "${file}" fi done < <(yq e '[.. | select(has("keyFile")) | .keyFile]' "${CONFIG_FILE}" | sort | uniq) } @@ -285,7 +285,7 @@ if [ "${OVERRIDE_FILES}" = "true" ] || [ ! -f "${NGINX_PATH}/nginx.conf" ]; then sed -i "s/REPLACE_M2M_OAUTH_SERVER_PORT/$M2M_OAUTH_SERVER_PORT/g" ${NGINX_PATH}/nginx.conf sed -i "s/REPLACE_HTTP_M2M_OAUTH_SERVER_PORT/$HTTP_M2M_OAUTH_SERVER_PORT/g" ${NGINX_PATH}/nginx.conf sed -i "s/REPLACE_GRPC_REFLECTION_PORT/$GRPC_REFLECTION_PORT/g" ${NGINX_PATH}/nginx.conf - sed -i "s/REPLACE_HTTP_DEVICE_PROVISIONG_SERVICE_PORT/$HTTP_DEVICE_PROVISIONG_SERVICE_PORT/g" ${NGINX_PATH}/nginx.conf + sed -i "s/REPLACE_HTTP_DEVICE_PROVISIONG_SERVICE_PORT/$HTTP_DEVICE_PROVISIONING_SERVICE_PORT/g" ${NGINX_PATH}/nginx.conf fi # nats @@ -1197,9 +1197,9 @@ cat /configs/device-provisioning-service.yaml | yq e '.apis.http.authorization.endpoints += [.apis.http.authorization.endpoints[0]]' | yq e "\ .log.level = \"${LOG_LEVEL}\" | - .apis.coap.address = \"${DEVICE_PROVISIONG_SERVICE_COAP_ADDRESS}\" | + .apis.coap.address = \"${DEVICE_PROVISIONING_SERVICE_COAP_ADDRESS}\" | .apis.http.enabled = true | - .apis.http.address = \"${DEVICE_PROVISIONG_SERVICE_HTTP_ADDRESS}\" | + .apis.http.address = \"${DEVICE_PROVISIONING_SERVICE_HTTP_ADDRESS}\" | .apis.http.authorization.ownerClaim = \"${OWNER_CLAIM}\" | .apis.http.authorization.endpoints[0].http.tls.useSystemCAPool = true | .apis.http.authorization.endpoints[0].authority = \"https://${OAUTH_ENDPOINT}\" | @@ -1229,10 +1229,10 @@ fi i=0 while true; do i=$((i+1)) - if openssl s_client -connect ${DEVICE_PROVISIONG_SERVICE_HTTP_ADDRESS} -cert ${INTERNAL_CERT_DIR_PATH}/${GRPC_INTERNAL_CERT_NAME} -key ${INTERNAL_CERT_DIR_PATH}/${GRPC_INTERNAL_CERT_KEY_NAME} <<< "Q" 2>/dev/null > /dev/null; then + if openssl s_client -connect ${DEVICE_PROVISIONING_SERVICE_HTTP_ADDRESS} -cert ${INTERNAL_CERT_DIR_PATH}/${GRPC_INTERNAL_CERT_NAME} -key ${INTERNAL_CERT_DIR_PATH}/${GRPC_INTERNAL_CERT_KEY_NAME} <<< "Q" 2>/dev/null > /dev/null; then break fi - echo "Try to reconnect to device-provisioning-service(${DEVICE_PROVISIONG_SERVICE_HTTP_ADDRESS}) $i" + echo "Try to reconnect to device-provisioning-service(${DEVICE_PROVISIONING_SERVICE_HTTP_ADDRESS}) $i" sleep 1 done diff --git a/charts/plgd-hub/templates/device-provisioning-service/client-crt.yaml b/charts/plgd-hub/templates/device-provisioning-service/client-crt.yaml index 1c9e90e64..a9e58ad26 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/client-crt.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/client-crt.yaml @@ -1,3 +1,4 @@ +{{- if .Values.deviceProvisioningService.enabled }} {{- $clientCertName := include "plgd-hub.deviceProvisioningService.clientCertName" . }} {{- if and $clientCertName .Values.certmanager.enabled }} apiVersion: cert-manager.io/v1 @@ -29,3 +30,4 @@ spec: kind: {{ .Values.certmanager.internal.issuer.kind | default .Values.certmanager.default.issuer.kind }} group: {{ .Values.certmanager.internal.issuer.group | default .Values.certmanager.default.issuer.group }} {{- end }} +{{- end }} diff --git a/charts/plgd-hub/templates/device-provisioning-service/config.yaml b/charts/plgd-hub/templates/device-provisioning-service/config.yaml index 3101e41d7..73fc7063d 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/config.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/config.yaml @@ -1,3 +1,4 @@ +{{- if .Values.deviceProvisioningService.enabled }} {{- $cert := include "plgd-hub.deviceProvisioningService.serviceCertificateMountPath" . }} {{- $clientCert := "/certs/client" }} apiVersion: v1 @@ -238,3 +239,4 @@ data: {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/plgd-hub/templates/device-provisioning-service/deployment.yaml b/charts/plgd-hub/templates/device-provisioning-service/deployment.yaml index 64fcb1ee4..69ae6e5a7 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/deployment.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/deployment.yaml @@ -1,3 +1,4 @@ +{{- if .Values.deviceProvisioningService.enabled }} apiVersion: apps/v1 kind: Deployment metadata: @@ -211,3 +212,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/charts/plgd-hub/templates/device-provisioning-service/dockerconfig-secret.yaml b/charts/plgd-hub/templates/device-provisioning-service/dockerconfig-secret.yaml index e0aa762f8..d4ef96d1c 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/dockerconfig-secret.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/dockerconfig-secret.yaml @@ -1,4 +1,4 @@ -{{- if .Values.deviceProvisioningService.image.dockerConfigSecret }} +{{- if and .Values.deviceProvisioningService.enabled .Values.deviceProvisioningService.image.dockerConfigSecret }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/plgd-hub/templates/device-provisioning-service/domain-crt.yaml b/charts/plgd-hub/templates/device-provisioning-service/domain-crt.yaml index 3d94c1298..bc31aa476 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/domain-crt.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/domain-crt.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.deviceProvisioningService.apis.http.enabled .Values.deviceProvisioningService.ingress.enabled (not .Values.deviceProvisioningService.ingress.domainCertName) }} +{{- if and .Values.deviceProvisioningService.enabled .Values.deviceProvisioningService.apis.http.enabled .Values.deviceProvisioningService.ingress.enabled (not .Values.deviceProvisioningService.ingress.domainCertName) }} {{- $domainCertName := include "plgd-hub.deviceProvisioningService.domainCertName" . }} apiVersion: cert-manager.io/v1 kind: Certificate diff --git a/charts/plgd-hub/templates/device-provisioning-service/hub-ca-secrets.yaml b/charts/plgd-hub/templates/device-provisioning-service/hub-ca-secrets.yaml index 520379bae..0aa20852f 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/hub-ca-secrets.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/hub-ca-secrets.yaml @@ -1,3 +1,4 @@ +{{- if .Values.deviceProvisioningService.enabled }} {{- range $.Values.deviceProvisioningService.enrollmentGroups }} {{- if .hub }}{{ if .hub.caPool }} apiVersion: v1 @@ -14,3 +15,4 @@ data: --- {{- end }}{{ end }} {{- end }} +{{- end }} diff --git a/charts/plgd-hub/templates/device-provisioning-service/hub-oauth-secrets.yaml b/charts/plgd-hub/templates/device-provisioning-service/hub-oauth-secrets.yaml index c51ecb431..b4574d00e 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/hub-oauth-secrets.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/hub-oauth-secrets.yaml @@ -1,3 +1,4 @@ +{{- if .Values.deviceProvisioningService.enabled }} {{- range $.Values.deviceProvisioningService.enrollmentGroups }} {{- if .hub }}{{ if .hub.authorization }}{{ if .hub.authorization.provider }}{{ if .hub.authorization.provider.clientSecret }} apiVersion: v1 @@ -14,3 +15,4 @@ data: --- {{- end }}{{ end }}{{ end }}{{ end }} {{- end }} +{{- end }} diff --git a/charts/plgd-hub/templates/device-provisioning-service/hubs-ca-secrets.yaml b/charts/plgd-hub/templates/device-provisioning-service/hubs-ca-secrets.yaml index 87f7148eb..a6e2e1ccf 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/hubs-ca-secrets.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/hubs-ca-secrets.yaml @@ -1,3 +1,4 @@ +{{- if .Values.deviceProvisioningService.enabled }} {{- range $.Values.deviceProvisioningService.enrollmentGroups }} {{ $eg := . }} {{- if .hubs }} @@ -17,3 +18,4 @@ data: --- {{- end }}{{ end }}{{ end }} {{- end }} +{{- end }} diff --git a/charts/plgd-hub/templates/device-provisioning-service/hubs-oauth-secrets.yaml b/charts/plgd-hub/templates/device-provisioning-service/hubs-oauth-secrets.yaml index 7c510cbb6..4a2bd2fc7 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/hubs-oauth-secrets.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/hubs-oauth-secrets.yaml @@ -1,3 +1,4 @@ +{{- if .Values.deviceProvisioningService.enabled }} {{- range $.Values.deviceProvisioningService.enrollmentGroups }} {{- $EG := . }} {{- if .hubs }} @@ -18,4 +19,5 @@ data: clientsecret: {{ .authorization.provider.clientSecret | b64enc }} --- {{- end }}{{ end }}{{ end }}{{ end }}{{ end }} -{{- end }} \ No newline at end of file +{{- end }} +{{- end }} diff --git a/charts/plgd-hub/templates/device-provisioning-service/ingress.yaml b/charts/plgd-hub/templates/device-provisioning-service/ingress.yaml index ff0e6703a..002d3b67c 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/ingress.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/ingress.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.deviceProvisioningService.apis.http.enabled .Values.deviceProvisioningService.ingress.enabled }} +{{- if and .Values.deviceProvisioningService.enabled .Values.deviceProvisioningService.apis.http.enabled .Values.deviceProvisioningService.ingress.enabled }} {{- $fullname := include "plgd-hub.deviceProvisioningService.fullname" . }} {{- $port := .Values.deviceProvisioningService.apis.http.port }} apiVersion: networking.k8s.io/v1 diff --git a/charts/plgd-hub/templates/device-provisioning-service/psk-secrets.yaml b/charts/plgd-hub/templates/device-provisioning-service/psk-secrets.yaml index 1a7ef8987..f6b80c566 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/psk-secrets.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/psk-secrets.yaml @@ -1,3 +1,4 @@ +{{- if .Values.deviceProvisioningService.enabled }} {{- range $.Values.deviceProvisioningService.enrollmentGroups }} {{- if .preSharedKey }} apiVersion: v1 @@ -13,3 +14,4 @@ data: --- {{- end }} {{- end }} +{{- end }} diff --git a/charts/plgd-hub/templates/device-provisioning-service/role.yaml b/charts/plgd-hub/templates/device-provisioning-service/role.yaml index 49f3b0afe..3ed5a5b23 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/role.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/role.yaml @@ -1,3 +1,3 @@ -{{- if .Values.deviceProvisioningService.rbac.roleBindingDefinitionTpl }} +{{- if and .Values.deviceProvisioningService.enabled .Values.deviceProvisioningService.rbac.roleBindingDefinitionTpl }} {{- tpl .Values.deviceProvisioningService.rbac.roleBindingDefinitionTpl $ }} {{- end }} diff --git a/charts/plgd-hub/templates/device-provisioning-service/service-account.yaml b/charts/plgd-hub/templates/device-provisioning-service/service-account.yaml index d43b74d79..2b7eb8992 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/service-account.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/service-account.yaml @@ -1,4 +1,4 @@ -{{- if .Values.deviceProvisioningService.rbac.enabled }} +{{- if and .Values.deviceProvisioningService.enabled .Values.deviceProvisioningService.rbac.enabled }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/plgd-hub/templates/device-provisioning-service/service-crt.yaml b/charts/plgd-hub/templates/device-provisioning-service/service-crt.yaml index 906a30586..60bb78142 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/service-crt.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/service-crt.yaml @@ -1,3 +1,4 @@ +{{- if .Values.deviceProvisioningService.enabled }} {{- $serviceCertName := include "plgd-hub.deviceProvisioningService.serviceCertName" . }} {{- $serviceDns := include "plgd-hub.deviceProvisioningService.fullname" . }} {{- $serviceCertificate := .Values.deviceProvisioningService.service.certificate -}} @@ -48,3 +49,4 @@ spec: name: {{ $serviceIssuer.name | default ( $.Values.certmanager.coap.issuer.name | default $.Values.certmanager.default.issuer.name ) }} kind: {{ $serviceIssuer.kind | default ( $.Values.certmanager.coap.issuer.kind | default $.Values.certmanager.default.issuer.kind ) }} group: {{ $serviceIssuer.group | default ( $.Values.certmanager.coap.issuer.group | default $.Values.certmanager.default.issuer.group ) }} +{{- end }} diff --git a/charts/plgd-hub/templates/device-provisioning-service/service-http.yaml b/charts/plgd-hub/templates/device-provisioning-service/service-http.yaml index 0bf666f45..64d6d1cee 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/service-http.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/service-http.yaml @@ -1,4 +1,4 @@ -{{- if .Values.deviceProvisioningService.apis.http.enabled }} +{{- if and .Values.deviceProvisioningService.enabled .Values.deviceProvisioningService.apis.http.enabled }} {{- $serviceType := .Values.deviceProvisioningService.service.http.type | default "ClusterIP" }} apiVersion: v1 kind: Service @@ -23,4 +23,4 @@ spec: name: {{ .Values.deviceProvisioningService.service.http.name }} selector: {{- include "plgd-hub.deviceProvisioningService.selectorLabels" . | nindent 4 }} - {{- end }} +{{- end }} diff --git a/charts/plgd-hub/templates/device-provisioning-service/service-tcp.yaml b/charts/plgd-hub/templates/device-provisioning-service/service-tcp.yaml index eb445b300..2b3d74b08 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/service-tcp.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/service-tcp.yaml @@ -1,4 +1,4 @@ -{{- if has "tcp" .Values.deviceProvisioningService.apis.coap.protocols -}} +{{- if and .Values.deviceProvisioningService.enabled (has "tcp" .Values.deviceProvisioningService.apis.coap.protocols) -}} {{- $tcpServiceType := "" }} {{- $tcpNodePort := "" }} {{- if (has "tcp" .Values.deviceProvisioningService.apis.coap.protocols) -}} diff --git a/charts/plgd-hub/templates/device-provisioning-service/service-udp.yaml b/charts/plgd-hub/templates/device-provisioning-service/service-udp.yaml index bf797a86c..90c8f3e15 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/service-udp.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/service-udp.yaml @@ -1,4 +1,4 @@ -{{- if has "udp" .Values.deviceProvisioningService.apis.coap.protocols -}} +{{- if and .Values.deviceProvisioningService.enabled (has "udp" .Values.deviceProvisioningService.apis.coap.protocols) -}} {{- $tcpServiceType := "" }} {{- $tcpNodePort := "" }} {{- if (has "tcp" .Values.deviceProvisioningService.apis.coap.protocols) -}} diff --git a/charts/plgd-hub/templates/device-provisioning-service/x509-chain-secrets.yaml b/charts/plgd-hub/templates/device-provisioning-service/x509-chain-secrets.yaml index 2e85adf6d..f5711b765 100644 --- a/charts/plgd-hub/templates/device-provisioning-service/x509-chain-secrets.yaml +++ b/charts/plgd-hub/templates/device-provisioning-service/x509-chain-secrets.yaml @@ -1,3 +1,4 @@ +{{- if .Values.deviceProvisioningService.enabled }} {{- range $.Values.deviceProvisioningService.enrollmentGroups }} {{- if .attestationMechanism }}{{ if .attestationMechanism.x509 }}{{ if .attestationMechanism.x509.certificateChain }} apiVersion: v1 @@ -13,3 +14,4 @@ data: --- {{- end }}{{ end }}{{ end }} {{- end }} +{{- end }} diff --git a/charts/plgd-hub/values.yaml b/charts/plgd-hub/values.yaml index c8c9409e8..4ec9e6f4b 100644 --- a/charts/plgd-hub/values.yaml +++ b/charts/plgd-hub/values.yaml @@ -3129,7 +3129,7 @@ deviceProvisioningService: # -- Service type type: LoadBalancer # -- Use nodePort, if specified, for one of the protocols. If both protocols are enabled, nodePort needs to be configured directly in the service to mutually different ports. - nodePort: 5684 + nodePort: 15684 tcp: # -- Service type type: diff --git a/device-provisioning-service/README.md b/device-provisioning-service/README.md index 3b4836929..9eaabe054 100644 --- a/device-provisioning-service/README.md +++ b/device-provisioning-service/README.md @@ -34,7 +34,7 @@ A configuration template is available on [config.yaml](https://github.com/plgd-d | `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` | | `log.stacktrace.enabled` | bool | `Log stacktrace.` | `"false` | | `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn` | -| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano` | +| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` | ### CoAP API @@ -153,7 +153,7 @@ OAuth2.0 Client is used to obtain JWT with ownerClaim an deviceIDClaim via the c | ---------- | -------- | -------------- | ------- | | `enrollmentGroups.[].hub.authorization.ownerClaim` | string | `Claim used to identify owner of the device. If configured, your OAuth2.0 server has to set the owner id to the token as configured. OwnerClaim with sub is not supported. Custom owner claim needs to be configured also on the plgd hub instance. If used with the plgd mock OAuth Server, value https://plgd.dev/owner has to be set. **Required.**` | `""` | | `enrollmentGroups.[].hub.authorization.deviceIDClaim` | string | `Claim used to make JWT tokens device specific. If configured, your OAuth2.0 server has to set the device id to the token as configured. If used with the plgd mock OAuth Server, value https://plgd.dev/deviceId has to be set.` | `""` | -| `enrollmentGroups.[].hub.authorization.provider.name` | string | `Provider name which is registered also on the instance of the plgd hub where the device connects after it's successfully provisioned. The grant type for this provider must to be set to ClientCredentials.` | `""` | +| `enrollmentGroups.[].hub.authorization.provider.name` | string | `Provider name which is registered also on the instance of the plgd hub where the device connects after it's successfully provisioned. The grant type for this provider must be set to ClientCredentials.` | `""` | | `enrollmentGroups.[].hub.authorization.provider.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find token endpoint.` | `""` | | `enrollmentGroups.[].hub.authorization.provider.clientID` | string | `OAuth Client ID.` | `""` | | `enrollmentGroups.[].hub.authorization.provider.clientSecretFile` | string | `File path to client secret required to request an access token.` | `""` | diff --git a/device-provisioning-service/config.yaml b/device-provisioning-service/config.yaml index 0cd34c541..371d9b78d 100644 --- a/device-provisioning-service/config.yaml +++ b/device-provisioning-service/config.yaml @@ -55,7 +55,7 @@ clients: storage: cacheExpiration: 10m mongoDB: - uri: mongodb://localhost:27017 + uri: database: deviceProvisioningService maxPoolSize: 16 maxConnIdleTime: 4m0s diff --git a/device-provisioning-service/pb/hub.go b/device-provisioning-service/pb/hub.go index 5f8f54e78..3343f786e 100644 --- a/device-provisioning-service/pb/hub.go +++ b/device-provisioning-service/pb/hub.go @@ -197,6 +197,21 @@ func ValidateCoapGatewayURI(coapGwURI string) (string, error) { return u, nil } +func (h *Hub) normalizeGateways() error { + for i, gw := range h.GetGateways() { + if gw == "" { + return fmt.Errorf("coapGateways[%d]('%v') - is empty", i, gw) + } + fixedGw, err := ValidateCoapGatewayURI(gw) + if err != nil { + return fmt.Errorf("coapGateways[%d]('%v') - %w", i, gw, err) + } + h.Gateways[i] = fixedGw + } + h.Gateways = strings.UniqueStable(h.GetGateways()) + return nil +} + func (h *Hub) Validate(owner string) error { if h.GetId() == "" { return fmt.Errorf("id('%v')", h.GetId()) @@ -210,17 +225,9 @@ func (h *Hub) Validate(owner string) error { if len(h.GetGateways()) == 0 { return errors.New("coapGateways - is empty") } - for i, gw := range h.GetGateways() { - if gw == "" { - return fmt.Errorf("coapGateways[%d]('%v') - is empty", i, gw) - } - fixedGw, err := ValidateCoapGatewayURI(gw) - if err != nil { - return fmt.Errorf("coapGateways[%d]('%v') - %w", i, gw, err) - } - h.Gateways[i] = fixedGw + if err := h.normalizeGateways(); err != nil { + return err } - h.Gateways = strings.UniqueStable(h.GetGateways()) if h.GetCertificateAuthority() == nil { return errors.New("certificateAuthority - is empty") } diff --git a/device-provisioning-service/pb/hub.pb.go b/device-provisioning-service/pb/hub.pb.go index c811c8e0f..f7310d6de 100644 --- a/device-provisioning-service/pb/hub.pb.go +++ b/device-provisioning-service/pb/hub.pb.go @@ -134,7 +134,7 @@ type HttpConfig struct { // RoundTripper implementations should use the Request's Context // for cancellation instead of implementing CancelRequest. Timeout int64 `protobuf:"varint,5,opt,name=timeout,proto3" json:"timeout,omitempty" bson:"timeout"` // @gotags: bson:"timeout" - Tls *TlsConfig `protobuf:"bytes,6,opt,name=tls,proto3" json:"tls,omitempty" bson:"tls"` // @gotags: bson:"tls" + Tls *TlsConfig `protobuf:"bytes,6,opt,name=tls,proto3" json:"tls,omitempty" bson:"tls"` // @gotags: bson:"tls" } func (x *HttpConfig) Reset() { @@ -323,7 +323,7 @@ type AuthorizationConfig struct { OwnerClaim string `protobuf:"bytes,1,opt,name=owner_claim,json=ownerClaim,proto3" json:"owner_claim,omitempty" bson:"ownerClaim"` // @gotags: bson:"ownerClaim" // device_id_claim is key where will be stored deviceID in JWT(optional) DeviceIdClaim string `protobuf:"bytes,2,opt,name=device_id_claim,json=deviceIdClaim,proto3" json:"device_id_claim,omitempty" bson:"deviceIdClaim"` // @gotags: bson:"deviceIdClaim" - Provider *AuthorizationProviderConfig `protobuf:"bytes,3,opt,name=provider,proto3" json:"provider,omitempty" bson:"provider"` // @gotags: bson:"provider" + Provider *AuthorizationProviderConfig `protobuf:"bytes,3,opt,name=provider,proto3" json:"provider,omitempty" bson:"provider"` // @gotags: bson:"provider" } func (x *AuthorizationConfig) Reset() { @@ -457,9 +457,9 @@ type GrpcConnectionConfig struct { unknownFields protoimpl.UnknownFields // Address in format {host:port} - Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty" bson:"address"` // @gotags: bson:"address" + Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty" bson:"address"` // @gotags: bson:"address" KeepAlive *GrpcKeepAliveConfig `protobuf:"bytes,2,opt,name=keep_alive,json=keepAlive,proto3" json:"keep_alive,omitempty" bson:"keepAlive"` // @gotags: bson:"keepAlive" - Tls *TlsConfig `protobuf:"bytes,3,opt,name=tls,proto3" json:"tls,omitempty" bson:"tls"` // @gotags: bson:"tls" + Tls *TlsConfig `protobuf:"bytes,3,opt,name=tls,proto3" json:"tls,omitempty" bson:"tls"` // @gotags: bson:"tls" } func (x *GrpcConnectionConfig) Reset() { diff --git a/device-provisioning-service/pb/provisioningRecords.pb.go b/device-provisioning-service/pb/provisioningRecords.pb.go index c3b285139..65ae41038 100644 --- a/device-provisioning-service/pb/provisioningRecords.pb.go +++ b/device-provisioning-service/pb/provisioningRecords.pb.go @@ -677,7 +677,7 @@ type X509Attestation struct { // Last used x509 manufacturer certificate. CertificatePem string `protobuf:"bytes,1,opt,name=certificate_pem,json=certificatePem,proto3" json:"certificate_pem,omitempty" bson:"certificate,omitempty"` // @gotags: bson:"certificate,omitempty" - CommonName string `protobuf:"bytes,2,opt,name=common_name,json=commonName,proto3" json:"common_name,omitempty" bson:"commonName,omitempty"` // @gotags: bson:"commonName,omitempty" + CommonName string `protobuf:"bytes,2,opt,name=common_name,json=commonName,proto3" json:"common_name,omitempty" bson:"commonName,omitempty"` // @gotags: bson:"commonName,omitempty" } func (x *X509Attestation) Reset() { @@ -1235,7 +1235,7 @@ type CredentialStatus struct { IdentityCertificatePem string `protobuf:"bytes,2,opt,name=identity_certificate_pem,json=identityCertificatePem,proto3" json:"identity_certificate_pem,omitempty" bson:"identityCertificate,omitempty"` // @gotags: bson:"identityCertificate,omitempty" // Last pre shared key issued for the device. PreSharedKey *PreSharedKey `protobuf:"bytes,3,opt,name=pre_shared_key,json=preSharedKey,proto3" json:"pre_shared_key,omitempty" bson:"preSharedKey,omitempty"` // @gotags: bson:"preSharedKey,omitempty" - Credentials []*Credential `protobuf:"bytes,4,rep,name=credentials,proto3" json:"credentials,omitempty" bson:"credentials,omitempty"` // @gotags: bson:"credentials,omitempty" + Credentials []*Credential `protobuf:"bytes,4,rep,name=credentials,proto3" json:"credentials,omitempty" bson:"credentials,omitempty"` // @gotags: bson:"credentials,omitempty" } func (x *CredentialStatus) Reset() { @@ -1584,8 +1584,8 @@ type AccessControl struct { unknownFields protoimpl.UnknownFields // Subject of the ACL defines the entity to which the permissions are granted. Only one subject must be defined per ACL. - DeviceSubject *AccessControlDeviceSubject `protobuf:"bytes,1,opt,name=device_subject,json=deviceSubject,proto3" json:"device_subject,omitempty" bson:"deviceSubject,omitempty"` // @gotags: bson:"deviceSubject,omitempty" - RoleSubject *AccessControlRoleSubject `protobuf:"bytes,2,opt,name=role_subject,json=roleSubject,proto3" json:"role_subject,omitempty" bson:"roleSubject,omitempty"` // @gotags: bson:"roleSubject,omitempty" + DeviceSubject *AccessControlDeviceSubject `protobuf:"bytes,1,opt,name=device_subject,json=deviceSubject,proto3" json:"device_subject,omitempty" bson:"deviceSubject,omitempty"` // @gotags: bson:"deviceSubject,omitempty" + RoleSubject *AccessControlRoleSubject `protobuf:"bytes,2,opt,name=role_subject,json=roleSubject,proto3" json:"role_subject,omitempty" bson:"roleSubject,omitempty"` // @gotags: bson:"roleSubject,omitempty" ConnectionSubject *AccessControlConnectionSubject `protobuf:"bytes,3,opt,name=connection_subject,json=connectionSubject,proto3" json:"connection_subject,omitempty" bson:"connectionSubject,omitempty"` // @gotags: bson:"connectionSubject,omitempty" // Permissions granted to the subject. Permissions []AccessControl_Permission `protobuf:"varint,4,rep,packed,name=permissions,proto3,enum=deviceprovisioningservice.pb.AccessControl_Permission" json:"permissions,omitempty"` @@ -1725,7 +1725,7 @@ type CloudStatus struct { // Last provider name used to authenticate the device to the cloud. ProviderName string `protobuf:"bytes,3,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty" bson:"providerName,omitempty"` // @gotags: bson:"providerName,omitempty" // Last provisioned gateways to the device. - Gateways []*CloudStatus_Gateway `protobuf:"bytes,5,rep,name=gateways,proto3" json:"gateways,omitempty" bson:"gateways,omitempty"` // @gotags: bson:"gateways,omitempty" + Gateways []*CloudStatus_Gateway `protobuf:"bytes,5,rep,name=gateways,proto3" json:"gateways,omitempty" bson:"gateways,omitempty"` // @gotags: bson:"gateways,omitempty" SelectedGateway int32 `protobuf:"varint,6,opt,name=selected_gateway,json=selectedGateway,proto3" json:"selected_gateway,omitempty" bson:"selectedGateway,omitempty"` // @gotags: bson:"selectedGateway,omitempty" } diff --git a/device-provisioning-service/store/mongodb/hubs.go b/device-provisioning-service/store/mongodb/hubs.go index 853de7f49..7c1194be1 100644 --- a/device-provisioning-service/store/mongodb/hubs.go +++ b/device-provisioning-service/store/mongodb/hubs.go @@ -18,10 +18,7 @@ func (s *Store) CreateHub(ctx context.Context, owner string, hub *store.Hub) err return fmt.Errorf("invalid value: %w", err) } _, err := s.Collection(hubsCol).InsertOne(ctx, hub) - if err != nil { - return err - } - return nil + return err } func (s *Store) updateHub(ctx context.Context, owner string, hub *store.Hub, upsert bool) error { diff --git a/device-provisioning-service/store/mongodb/hubs_test.go b/device-provisioning-service/store/mongodb/hubs_test.go index 67b1d1a5b..4f8ccbfb4 100644 --- a/device-provisioning-service/store/mongodb/hubs_test.go +++ b/device-provisioning-service/store/mongodb/hubs_test.go @@ -6,6 +6,7 @@ import ( "github.com/plgd-dev/hub/v2/device-provisioning-service/pb" "github.com/plgd-dev/hub/v2/device-provisioning-service/store" + "github.com/plgd-dev/hub/v2/device-provisioning-service/store/mongodb" "github.com/plgd-dev/hub/v2/device-provisioning-service/test" hubTest "github.com/plgd-dev/hub/v2/test" "github.com/stretchr/testify/require" @@ -60,9 +61,9 @@ func TestStoreCreateHub(t *testing.T) { err := s.CreateHub(ctx, tt.args.owner, tt.args.hub) if tt.wantErr { require.Error(t, err) - } else { - require.NoError(t, err) + return } + require.NoError(t, err) }) } } @@ -133,13 +134,37 @@ func TestStoreUpdateHub(t *testing.T) { err := s.UpdateHub(ctx, tt.args.owner, tt.args.hub) if tt.wantErr { require.Error(t, err) - } else { - require.NoError(t, err) + return } + require.NoError(t, err) }) } } +type testHubHandler struct { + lcs pb.Hubs +} + +func (h *testHubHandler) Handle(ctx context.Context, iter store.HubIter) (err error) { + for { + var hub store.Hub + if !iter.Next(ctx, &hub) { + break + } + h.lcs = append(h.lcs, &hub) + } + return iter.Err() +} + +func getHubs(ctx context.Context, s *mongodb.Store, owner string, query *pb.GetHubsRequest) (pb.Hubs, error) { + var h testHubHandler + err := s.LoadHubs(ctx, owner, query, h.Handle) + if err != nil { + return nil, err + } + return h.lcs, nil +} + func TestStoreDeleteHub(t *testing.T) { const owner = "owner" hubIDs := []string{"0", "1", "2"} @@ -215,23 +240,13 @@ func TestStoreDeleteHub(t *testing.T) { } require.NoError(t, err) require.Equal(t, tt.count, got) - }) - } -} -type testHubHandler struct { - lcs pb.Hubs -} - -func (h *testHubHandler) Handle(ctx context.Context, iter store.HubIter) (err error) { - for { - var hub store.Hub - if !iter.Next(ctx, &hub) { - break - } - h.lcs = append(h.lcs, &hub) + // verify the absence of deleted hubs + hubs, err := getHubs(ctx, s, tt.args.owner, tt.args.query) + require.NoError(t, err) + require.Empty(t, hubs) + }) } - return iter.Err() } func TestStoreLoadHubs(t *testing.T) { @@ -314,21 +329,20 @@ func TestStoreLoadHubs(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - var h testHubHandler - err := s.LoadHubs(ctx, tt.args.owner, tt.args.query, h.Handle) + hubs, err := getHubs(ctx, s, tt.args.owner, tt.args.query) if tt.wantErr { require.Error(t, err) return } require.NoError(t, err) - require.Len(t, h.lcs, len(tt.want)) - h.lcs.Sort() + require.Len(t, hubs, len(tt.want)) + hubs.Sort() want := make(pb.Hubs, len(tt.want)) copy(want, tt.want) want.Sort() - for i := range h.lcs { - hubTest.CheckProtobufs(t, want[i], h.lcs[i], hubTest.RequireToCheckFunc(require.Equal)) + for i := range hubs { + hubTest.CheckProtobufs(t, want[i], hubs[i], hubTest.RequireToCheckFunc(require.Equal)) } }) } diff --git a/grpc-gateway/pb/hubConfiguration.pb.go b/grpc-gateway/pb/hubConfiguration.pb.go index 6c5e0df3e..5f8a509d3 100644 --- a/grpc-gateway/pb/hubConfiguration.pb.go +++ b/grpc-gateway/pb/hubConfiguration.pb.go @@ -66,7 +66,7 @@ type OAuthClient struct { ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty" yaml:"clientID"` // @gotags: yaml:"clientID" Audience string `protobuf:"bytes,2,opt,name=audience,proto3" json:"audience,omitempty"` Scopes []string `protobuf:"bytes,3,rep,name=scopes,proto3" json:"scopes,omitempty"` - ProviderName string `protobuf:"bytes,4,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty" yaml:"providerName"` // @gotags: yaml:"providerName" + ProviderName string `protobuf:"bytes,4,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty" yaml:"providerName"` // @gotags: yaml:"providerName" ClientAssertionType string `protobuf:"bytes,5,opt,name=client_assertion_type,json=clientAssertionType,proto3" json:"client_assertion_type,omitempty" yaml:"clientAssertionType"` // @gotags: yaml:"clientAssertionType" Authority string `protobuf:"bytes,6,opt,name=authority,proto3" json:"authority,omitempty"` GrantType string `protobuf:"bytes,7,opt,name=grant_type,json=grantType,proto3" json:"grant_type,omitempty" yaml:"grantType"` // @gotags: yaml:"grantType" diff --git a/snippet-service/pb/service.pb.go b/snippet-service/pb/service.pb.go index b4f236ac7..b8438a0aa 100644 --- a/snippet-service/pb/service.pb.go +++ b/snippet-service/pb/service.pb.go @@ -765,8 +765,8 @@ type AppliedConfiguration struct { unknownFields protoimpl.UnknownFields Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - DeviceId string `protobuf:"bytes,2,opt,name=device_id,json=deviceId,proto3" json:"device_id,omitempty" bson:"deviceId"` - ConfigurationId *AppliedConfiguration_LinkedTo `protobuf:"bytes,3,opt,name=configuration_id,json=configurationId,proto3" json:"configuration_id,omitempty" bson:"configurationId"` + DeviceId string `protobuf:"bytes,2,opt,name=device_id,json=deviceId,proto3" json:"device_id,omitempty" bson:"deviceId"` + ConfigurationId *AppliedConfiguration_LinkedTo `protobuf:"bytes,3,opt,name=configuration_id,json=configurationId,proto3" json:"configuration_id,omitempty" bson:"configurationId"` // Types that are assignable to ExecutedBy: // // *AppliedConfiguration_OnDemand @@ -882,7 +882,7 @@ type AppliedConfiguration_OnDemand struct { } type AppliedConfiguration_ConditionId struct { - ConditionId *AppliedConfiguration_LinkedTo `protobuf:"bytes,5,opt,name=condition_id,json=conditionId,proto3,oneof" bson:"conditionId"` + ConditionId *AppliedConfiguration_LinkedTo `protobuf:"bytes,5,opt,name=condition_id,json=conditionId,proto3,oneof" bson:"conditionId"` } func (*AppliedConfiguration_OnDemand) isAppliedConfiguration_ExecutedBy() {} @@ -1269,11 +1269,11 @@ type AppliedConfiguration_Resource struct { Href string `protobuf:"bytes,1,opt,name=href,proto3" json:"href,omitempty"` // Reused from invoke command or generated. Can be used to retrieve corresponding pending command. - CorrelationId string `protobuf:"bytes,2,opt,name=correlation_id,json=correlationId,proto3" json:"correlation_id,omitempty" bson:"correlationId"` + CorrelationId string `protobuf:"bytes,2,opt,name=correlation_id,json=correlationId,proto3" json:"correlation_id,omitempty" bson:"correlationId"` Status AppliedConfiguration_Resource_Status `protobuf:"varint,3,opt,name=status,proto3,enum=snippetservice.pb.AppliedConfiguration_Resource_Status" json:"status,omitempty"` - ResourceUpdated *events.ResourceUpdated `protobuf:"bytes,4,opt,name=resource_updated,json=resourceUpdated,proto3" json:"resource_updated,omitempty" bson:"resourceUpdated,omitempty"` + ResourceUpdated *events.ResourceUpdated `protobuf:"bytes,4,opt,name=resource_updated,json=resourceUpdated,proto3" json:"resource_updated,omitempty" bson:"resourceUpdated,omitempty"` // Unix nanoseconds timestamp for resource in PENDING status, until which the pending update is valid - ValidUntil int64 `protobuf:"varint,5,opt,name=valid_until,json=validUntil,proto3" json:"valid_until,omitempty" bson:"validUntil,omitempty"` + ValidUntil int64 `protobuf:"varint,5,opt,name=valid_until,json=validUntil,proto3" json:"valid_until,omitempty" bson:"validUntil,omitempty"` } func (x *AppliedConfiguration_Resource) Reset() {