// ========================LICENSE_START=================================
// O-RAN-SC
// %%
-// Copyright (C) 2022: Nordix Foundation
+// Copyright (C) 2022-2023: Nordix Foundation
+// Copyright (C) 2024: OpenInfra Foundation Europe
// %%
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
package invokermanagement
import (
- "errors"
"fmt"
"net/http"
"path"
"sync"
"oransc.org/nonrtric/capifcore/internal/eventsapi"
- publishapi "oransc.org/nonrtric/capifcore/internal/publishserviceapi"
+ "oransc.org/nonrtric/capifcore/internal/keycloak"
"oransc.org/nonrtric/capifcore/internal/common29122"
invokerapi "oransc.org/nonrtric/capifcore/internal/invokermanagementapi"
-
"oransc.org/nonrtric/capifcore/internal/publishservice"
- "github.com/labstack/echo/v4"
+ echo "github.com/labstack/echo/v4"
)
//go:generate mockery --name InvokerRegister
onboardedInvokers map[string]invokerapi.APIInvokerEnrolmentDetails
publishRegister publishservice.PublishRegister
nextId int64
+ keycloak keycloak.AccessManagement
eventChannel chan<- eventsapi.EventNotification
lock sync.Mutex
}
// Creates a manager that implements both the InvokerRegister and the invokermanagementapi.ServerInterface interfaces.
-func NewInvokerManager(publishRegister publishservice.PublishRegister, eventChannel chan<- eventsapi.EventNotification) *InvokerManager {
+func NewInvokerManager(publishRegister publishservice.PublishRegister, km keycloak.AccessManagement, eventChannel chan<- eventsapi.EventNotification) *InvokerManager {
return &InvokerManager{
onboardedInvokers: make(map[string]invokerapi.APIInvokerEnrolmentDetails),
publishRegister: publishRegister,
nextId: 1000,
+ keycloak: km,
eventChannel: eventChannel,
}
}
// Creates a new individual API Invoker profile.
func (im *InvokerManager) PostOnboardedInvokers(ctx echo.Context) error {
- var newInvoker invokerapi.APIInvokerEnrolmentDetails
errMsg := "Unable to onboard invoker due to %s"
- if err := ctx.Bind(&newInvoker); err != nil {
- return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, "invalid format for invoker"))
+
+ newInvoker, err := getInvokerFromRequest(ctx)
+ if err != nil {
+ return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
}
- if im.isInvokerOnboarded(newInvoker) {
- return sendCoreError(ctx, http.StatusForbidden, fmt.Sprintf(errMsg, "invoker already onboarded"))
+ if err = im.isInvokerOnboarded(newInvoker); err != nil {
+ return sendCoreError(ctx, http.StatusForbidden, fmt.Sprintf(errMsg, err))
}
- if err := im.validateInvoker(newInvoker, ctx); err != nil {
+ if err = im.validateInvoker(newInvoker); err != nil {
return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
}
uri := ctx.Request().Host + ctx.Request().URL.String()
ctx.Response().Header().Set(echo.HeaderLocation, ctx.Scheme()+`://`+path.Join(uri, *newInvoker.ApiInvokerId))
- err := ctx.JSON(http.StatusCreated, newInvoker)
+
+ err = ctx.JSON(http.StatusCreated, newInvoker)
if err != nil {
// Something really bad happened, tell Echo that our handler failed
return err
return nil
}
-func (im *InvokerManager) isInvokerOnboarded(newInvoker invokerapi.APIInvokerEnrolmentDetails) bool {
+func (im *InvokerManager) isInvokerOnboarded(newInvoker invokerapi.APIInvokerEnrolmentDetails) error {
for _, invoker := range im.onboardedInvokers {
- if newInvoker.OnboardingInformation.ApiInvokerPublicKey == invoker.OnboardingInformation.ApiInvokerPublicKey {
- return true
+ if err := invoker.ValidateAlreadyOnboarded(newInvoker); err != nil {
+ return err
}
}
- return false
+ return nil
}
func (im *InvokerManager) prepareNewInvoker(newInvoker *invokerapi.APIInvokerEnrolmentDetails) {
- var apiList invokerapi.APIList = im.publishRegister.GetAllPublishedServices()
- newInvoker.ApiList = &apiList
+ var apiListRequestedServices invokerapi.APIList = nil
+ if newInvoker.ApiList != nil {
+ apiListRequestedServices = *newInvoker.ApiList
+ }
+ var allowedPublishedServices invokerapi.APIList = im.publishRegister.GetAllowedPublishedServices(apiListRequestedServices)
+ newInvoker.ApiList = &allowedPublishedServices
im.lock.Lock()
defer im.lock.Unlock()
newInvoker.PrepareNewInvoker()
+ if im.keycloak != nil {
+ // The type assertion fails when unit testing from ServiceManager where we use Capif as a library, and we are not using Keycloak.
+ if _, ok := im.keycloak.(*keycloak.KeycloakManager); !ok {
+ // im.keycloak is not nil and its dynamic value is not nil.
+ im.addClientInKeycloak(newInvoker)
+ }
+ }
+
im.onboardedInvokers[*newInvoker.ApiInvokerId] = *newInvoker
}
+func (im *InvokerManager) addClientInKeycloak(newInvoker *invokerapi.APIInvokerEnrolmentDetails) error {
+ if err := im.keycloak.AddClient(*newInvoker.ApiInvokerId, "invokerrealm"); err != nil {
+ return err
+ }
+
+ if body, err := im.keycloak.GetClientRepresentation(*newInvoker.ApiInvokerId, "invokerrealm"); err != nil {
+ return err
+ } else {
+ newInvoker.OnboardingInformation.OnboardingSecret = body.Secret
+ }
+ return nil
+}
+
// Deletes an individual API Invoker.
func (im *InvokerManager) DeleteOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error {
if _, ok := im.onboardedInvokers[onboardingId]; ok {
delete(im.onboardedInvokers, onboardingId)
}
+func getInvokerFromRequest(ctx echo.Context) (invokerapi.APIInvokerEnrolmentDetails, error) {
+ var invoker invokerapi.APIInvokerEnrolmentDetails
+ if err := ctx.Bind(&invoker); err != nil {
+ return invokerapi.APIInvokerEnrolmentDetails{}, fmt.Errorf("invalid format for invoker")
+ }
+ return invoker, nil
+}
+
// Updates an individual API invoker details.
func (im *InvokerManager) PutOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error {
- var invoker invokerapi.APIInvokerEnrolmentDetails
errMsg := "Unable to update invoker due to %s"
- if err := ctx.Bind(&invoker); err != nil {
- return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, "invalid format for invoker"))
+
+ newInvoker, err := getInvokerFromRequest(ctx)
+ if err != nil {
+ return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
}
- if onboardingId != *invoker.ApiInvokerId {
- return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, "ApiInvokerId not matching"))
+ // Additional validation for PUT
+ if (newInvoker.ApiInvokerId == nil) || (*newInvoker.ApiInvokerId != onboardingId) {
+ errMismatch := "APIInvokerEnrolmentDetails ApiInvokerId doesn't match path parameter"
+ return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, errMismatch))
}
- if err := im.validateInvoker(invoker, ctx); err != nil {
+ if err := im.validateInvoker(newInvoker); err != nil {
return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
}
if _, ok := im.onboardedInvokers[onboardingId]; ok {
- im.updateInvoker(invoker)
+ im.updateInvoker(newInvoker)
} else {
return sendCoreError(ctx, http.StatusNotFound, "The invoker to update has not been onboarded")
}
- err := ctx.JSON(http.StatusOK, invoker)
+ err = ctx.JSON(http.StatusOK, newInvoker)
if err != nil {
// Something really bad happened, tell Echo that our handler failed
return err
return ctx.NoContent(http.StatusNotImplemented)
}
-func (im *InvokerManager) validateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails, ctx echo.Context) error {
+func (im *InvokerManager) validateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails) error {
if err := invoker.Validate(); err != nil {
return err
}
- if !im.areAPIsPublished(invoker.ApiList) {
- return errors.New("some APIs needed by invoker are not registered")
- }
return nil
}
-func (im *InvokerManager) areAPIsPublished(apis *invokerapi.APIList) bool {
- if apis == nil {
- return true
- }
- return im.publishRegister.AreAPIsPublished((*[]publishapi.ServiceAPIDescription)(apis))
-}
-
func (im *InvokerManager) sendEvent(invokerId string, eventType eventsapi.CAPIFEvent) {
invokerIds := []string{invokerId}
event := eventsapi.EventNotification{
Code Review / nonrtric / plt / sme.git / blobdiff