Skip to content

Commit 976cdaf

Browse files
felixgaterufelixgateru
committed
feat: update provison service
Signed-off-by: Felix Gateru <felix.gateru@gmail.com>
1 parent b02b341 commit 976cdaf

File tree

17 files changed

+307
-193
lines changed

17 files changed

+307
-193
lines changed

cmd/provision/main.go

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -17,11 +17,15 @@ import (
1717
mgsdk "github.com/absmach/magistrala/pkg/sdk"
1818
"github.com/absmach/magistrala/provision"
1919
httpapi "github.com/absmach/magistrala/provision/api"
20+
"github.com/absmach/magistrala/provision/middleware"
2021
"github.com/absmach/supermq"
2122
"github.com/absmach/supermq/channels"
2223
"github.com/absmach/supermq/clients"
2324
smqlog "github.com/absmach/supermq/logger"
25+
smqauthn "github.com/absmach/supermq/pkg/authn"
26+
authnsvc "github.com/absmach/supermq/pkg/authn/authsvc"
2427
"github.com/absmach/supermq/pkg/errors"
28+
"github.com/absmach/supermq/pkg/grpcclient"
2529
"github.com/absmach/supermq/pkg/server"
2630
httpserver "github.com/absmach/supermq/pkg/server/http"
2731
"github.com/absmach/supermq/pkg/uuid"
@@ -30,8 +34,9 @@ import (
3034
)
3135

3236
const (
33-
svcName = "provision"
34-
contentType = "application/json"
37+
svcName = "provision"
38+
contentType = "application/json"
39+
envPrefixAuth = "SMQ_AUTH_GRPC_"
3540
)
3641

3742
var (
@@ -65,6 +70,24 @@ func main() {
6570
}
6671
}
6772

73+
grpcCfg := grpcclient.Config{}
74+
if err := env.ParseWithOptions(&grpcCfg, env.Options{Prefix: envPrefixAuth}); err != nil {
75+
logger.Error(fmt.Sprintf("failed to load auth gRPC client configuration : %s", err))
76+
exitCode = 1
77+
78+
return
79+
}
80+
authn, authnClient, err := authnsvc.NewAuthentication(ctx, grpcCfg)
81+
if err != nil {
82+
logger.Error(err.Error())
83+
exitCode = 1
84+
85+
return
86+
}
87+
defer authnClient.Close()
88+
logger.Info("AuthN successfully connected to auth gRPC server " + authnClient.Secure())
89+
am := smqauthn.NewAuthNMiddleware(authn)
90+
6891
if cfgFromFile, err := loadConfigFromFile(cfg.File); err != nil {
6992
logger.Warn(fmt.Sprintf("Continue with settings from env, failed to load from: %s: %s", cfg.File, err))
7093
} else {
@@ -73,12 +96,14 @@ func main() {
7396
cfg = cfgFromFile
7497
logger.Info("Continue with settings from file: " + cfg.File)
7598
}
99+
fmt.Printf("This is the final config: %+v\n", cfg)
76100

77101
SDKCfg := mgsdk.Config{
78102
UsersURL: cfg.Server.UsersURL,
103+
ChannelsURL: cfg.Server.ChannelsURL,
79104
ClientsURL: cfg.Server.ClientsURL,
80105
BootstrapURL: cfg.Server.MgBSURL,
81-
CertsURL: cfg.Server.MgCertsURL,
106+
CertsURL: cfg.Server.CertsURL,
82107
MsgContentType: contentType,
83108
TLSVerification: cfg.Server.TLS,
84109
}
@@ -91,10 +116,10 @@ func main() {
91116
cSdk := csdk.NewSDK(csdkConf)
92117

93118
svc := provision.New(cfg, mgSdk, cSdk, logger)
94-
svc = httpapi.NewLoggingMiddleware(svc, logger)
119+
svc = middleware.NewLogging(svc, logger)
95120

96121
httpServerConfig := server.Config{Host: "", Port: cfg.Server.HTTPPort, KeyFile: cfg.Server.ServerKey, CertFile: cfg.Server.ServerCert}
97-
hs := httpserver.NewServer(ctx, cancel, svcName, httpServerConfig, httpapi.MakeHandler(svc, logger, cfg.InstanceID), logger)
122+
hs := httpserver.NewServer(ctx, cancel, svcName, httpServerConfig, httpapi.MakeHandler(svc, am, logger, cfg.InstanceID), logger)
98123

99124
if cfg.SendTelemetry {
100125
chc := chclient.New(svcName, supermq.Version, logger, cancel)

docker/.env

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -220,13 +220,14 @@ MG_PROVISION_HTTP_PORT=9016
220220
MG_PROVISION_ENV_CLIENTS_TLS=false
221221
MG_PROVISION_SERVER_CERT=
222222
MG_PROVISION_SERVER_KEY=
223-
MG_PROVISION_USERS_LOCATION=http://users:9002
224-
MG_PROVISION_CLIENTS_LOCATION=http://clients:9006
223+
MG_PROVISION_USERS_URL=http://users:9002
224+
MG_PROVISION_CHANNELS_URL=http://channels:9005
225+
MG_PROVISION_CLIENTS_URL=http://clients:9006
226+
MG_PROVISION_CERTS_URL=http://certs:9019
225227
MG_PROVISION_USER=
226228
MG_PROVISION_USERNAME=
227229
MG_PROVISION_PASS=
228230
MG_PROVISION_API_KEY=
229-
MG_PROVISION_CERTS_SVC_URL=http://certs:9019
230231
MG_PROVISION_X509_PROVISIONING=false
231232
MG_PROVISION_BS_SVC_URL=http://bootstrap:9013
232233
MG_PROVISION_BS_CONFIG_PROVISIONING=true

docker/addons/bootstrap/docker-compose.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88

99
networks:
1010
magistrala-base-net:
11+
driver: bridge
1112

1213
volumes:
1314
magistrala-bootstrap-db-volume:

docker/addons/provision/configs/config.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -55,10 +55,10 @@
5555
type = "plain"
5656
workers = 10
5757

58-
[[things]]
59-
name = "thing"
58+
[[clients]]
59+
name = "client"
6060

61-
[things.metadata]
61+
[clients.metadata]
6262
external_id = "xxxxxx"
6363

6464
[[channels]]

docker/addons/provision/docker-compose.yaml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88

99
networks:
1010
magistrala-base-net:
11+
driver: bridge
1112

1213
services:
1314
provision:
@@ -25,13 +26,14 @@ services:
2526
MG_PROVISION_ENV_CLIENTS_TLS: ${MG_PROVISION_ENV_CLIENTS_TLS}
2627
MG_PROVISION_SERVER_CERT: ${MG_PROVISION_SERVER_CERT}
2728
MG_PROVISION_SERVER_KEY: ${MG_PROVISION_SERVER_KEY}
28-
MG_PROVISION_USERS_LOCATION: ${MG_PROVISION_USERS_LOCATION}
29-
MG_PROVISION_THINGS_LOCATION: ${MG_PROVISION_THINGS_LOCATION}
29+
MG_PROVISION_USERS_URL: ${MG_PROVISION_USERS_URL}
30+
MG_PROVISION_CHANNELS_URL: ${MG_PROVISION_CHANNELS_URL}
31+
MG_PROVISION_CLIENTS_URL: ${MG_PROVISION_CLIENTS_URL}
3032
MG_PROVISION_USER: ${MG_PROVISION_USER}
3133
MG_PROVISION_USERNAME: ${MG_PROVISION_USERNAME}
3234
MG_PROVISION_PASS: ${MG_PROVISION_PASS}
3335
MG_PROVISION_API_KEY: ${MG_PROVISION_API_KEY}
34-
MG_PROVISION_CERTS_SVC_URL: ${MG_PROVISION_CERTS_SVC_URL}
36+
MG_PROVISION_CERTS_URL: ${MG_PROVISION_CERTS_URL}
3537
MG_PROVISION_X509_PROVISIONING: ${MG_PROVISION_X509_PROVISIONING}
3638
MG_PROVISION_BS_SVC_URL: ${MG_PROVISION_BS_SVC_URL}
3739
MG_PROVISION_BS_CONFIG_PROVISIONING: ${MG_PROVISION_BS_CONFIG_PROVISIONING}
@@ -40,6 +42,12 @@ services:
4042
MG_PROVISION_CERTS_HOURS_VALID: ${MG_PROVISION_CERTS_HOURS_VALID}
4143
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
4244
MG_PROVISION_INSTANCE_ID: ${MG_PROVISION_INSTANCE_ID}
45+
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
46+
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
47+
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
48+
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
49+
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
50+
SMQ_ALLOW_UNVERIFIED_USER: ${SMQ_ALLOW_UNVERIFIED_USER}
4351
volumes:
4452
- ./configs:/configs
4553
- ../../ssl/certs/ca.key:/etc/ssl/certs/ca.key

provision/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -175,6 +175,7 @@ Provision service has `/certs` endpoint that can be used to generate certificate
175175

176176
- `users_token` - users authentication token or API token
177177
- `client_id` - id of the client for which certificate is going to be generated
178+
- `ttl` - ttl of generated certificate
178179

179180
```bash
180181
curl -s -X POST http://localhost:8190/certs -H "Authorization: Bearer <users_token>" -H 'Content-Type: application/json' -d '{"client_id": "<client_id>", "ttl":"2400h" }'

provision/api/endpoint.go

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,18 +8,24 @@ import (
88

99
"github.com/absmach/magistrala/provision"
1010
apiutil "github.com/absmach/supermq/api/http/util"
11+
"github.com/absmach/supermq/pkg/authn"
1112
"github.com/absmach/supermq/pkg/errors"
13+
svcerr "github.com/absmach/supermq/pkg/errors/service"
1214
"github.com/go-kit/kit/endpoint"
1315
)
1416

1517
func doProvision(svc provision.Service) endpoint.Endpoint {
1618
return func(ctx context.Context, request any) (any, error) {
19+
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
20+
if !ok {
21+
return nil, svcerr.ErrAuthorization
22+
}
1723
req := request.(provisionReq)
1824
if err := req.validate(); err != nil {
1925
return nil, errors.Wrap(apiutil.ErrValidation, err)
2026
}
2127

22-
res, err := svc.Provision(ctx, req.domainID, req.token, req.Name, req.ExternalID, req.ExternalKey)
28+
res, err := svc.Provision(ctx, session.DomainID, req.token, req.Name, req.ExternalID, req.ExternalKey)
2329
if err != nil {
2430
return nil, err
2531
}
@@ -39,16 +45,34 @@ func doProvision(svc provision.Service) endpoint.Endpoint {
3945

4046
func getMapping(svc provision.Service) endpoint.Endpoint {
4147
return func(ctx context.Context, request any) (any, error) {
42-
req := request.(mappingReq)
48+
res, err := svc.Mapping()
49+
if err != nil {
50+
return nil, err
51+
}
52+
53+
return mappingRes{Data: res}, nil
54+
}
55+
}
56+
57+
func issueCert(svc provision.Service) endpoint.Endpoint {
58+
return func(ctx context.Context, request any) (any, error) {
59+
session, ok := ctx.Value(authn.SessionKey).(authn.Session)
60+
if !ok {
61+
return nil, svcerr.ErrAuthorization
62+
}
63+
req := request.(certReq)
4364
if err := req.validate(); err != nil {
4465
return nil, errors.Wrap(apiutil.ErrValidation, err)
4566
}
4667

47-
res, err := svc.Mapping(ctx, req.token)
68+
cert, key, err := svc.Cert(ctx, session.DomainID, req.token, req.ClientID, req.TTL)
4869
if err != nil {
4970
return nil, err
5071
}
5172

52-
return mappingRes{Data: res}, nil
73+
return certRes{
74+
Certificate: cert,
75+
Key: key,
76+
}, nil
5377
}
5478
}

0 commit comments

Comments
 (0)