package invokermanagement
import (
+ "fmt"
"net/http"
"path"
- "strconv"
- "strings"
"sync"
- publishapi "oransc.org/nonrtric/capifcore/internal/publishserviceapi"
+ "oransc.org/nonrtric/capifcore/internal/eventsapi"
+ "oransc.org/nonrtric/capifcore/internal/keycloak"
"oransc.org/nonrtric/capifcore/internal/common29122"
invokerapi "oransc.org/nonrtric/capifcore/internal/invokermanagementapi"
-
"oransc.org/nonrtric/capifcore/internal/publishservice"
- "github.com/labstack/echo/v4"
+ echo "github.com/labstack/echo/v4"
)
//go:generate mockery --name InvokerRegister
type InvokerRegister interface {
+ // Checks if the invoker is registered.
+ // Returns true of the provided invoker is registered, false otherwise.
IsInvokerRegistered(invokerId string) bool
+ // Verifies that the provided secret is the invoker's registered secret.
+ // Returns true if the provided secret is the registered invoker's secret, false otherwise.
VerifyInvokerSecret(invokerId, secret string) bool
+ // Gets the provided invoker's registered APIs.
+ // Returns a list of all the invoker's registered APIs.
GetInvokerApiList(invokerId string) *invokerapi.APIList
}
type InvokerManager struct {
onboardedInvokers map[string]invokerapi.APIInvokerEnrolmentDetails
- apiRegister publishservice.APIRegister
+ publishRegister publishservice.PublishRegister
nextId int64
+ keycloak keycloak.AccessManagement
+ eventChannel chan<- eventsapi.EventNotification
lock sync.Mutex
}
-func NewInvokerManager(apiRegister publishservice.APIRegister) *InvokerManager {
+// Creates a manager that implements both the InvokerRegister and the invokermanagementapi.ServerInterface interfaces.
+func NewInvokerManager(publishRegister publishservice.PublishRegister, km keycloak.AccessManagement, eventChannel chan<- eventsapi.EventNotification) *InvokerManager {
return &InvokerManager{
onboardedInvokers: make(map[string]invokerapi.APIInvokerEnrolmentDetails),
- apiRegister: apiRegister,
+ publishRegister: publishRegister,
nextId: 1000,
+ keycloak: km,
+ eventChannel: eventChannel,
}
}
}
func (im *InvokerManager) GetInvokerApiList(invokerId string) *invokerapi.APIList {
+ var apiList invokerapi.APIList = im.publishRegister.GetAllPublishedServices()
+ im.lock.Lock()
+ defer im.lock.Unlock()
invoker, ok := im.onboardedInvokers[invokerId]
if ok {
- return invoker.ApiList
+ invoker.ApiList = &apiList
+ return &apiList
}
return nil
}
+// Creates a new individual API Invoker profile.
func (im *InvokerManager) PostOnboardedInvokers(ctx echo.Context) error {
- var newInvoker invokerapi.APIInvokerEnrolmentDetails
- err := ctx.Bind(&newInvoker)
+ errMsg := "Unable to onboard invoker due to %s"
+
+ newInvoker, err := getInvokerFromRequest(ctx)
if err != nil {
- return sendCoreError(ctx, http.StatusBadRequest, "Invalid format for invoker")
+ return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
}
- shouldReturn, coreError := im.validateInvoker(newInvoker, ctx)
- if shouldReturn {
- return coreError
+ if err = im.isInvokerOnboarded(newInvoker); err != nil {
+ return sendCoreError(ctx, http.StatusForbidden, fmt.Sprintf(errMsg, err))
}
- im.lock.Lock()
- defer im.lock.Unlock()
-
- newInvoker.ApiInvokerId = im.getId(newInvoker.ApiInvokerInformation)
- onboardingSecret := "onboarding_secret_"
- if newInvoker.ApiInvokerInformation != nil {
- onboardingSecret = onboardingSecret + strings.ReplaceAll(*newInvoker.ApiInvokerInformation, " ", "_")
- } else {
- onboardingSecret = onboardingSecret + *newInvoker.ApiInvokerId
+ if err = im.validateInvoker(newInvoker, ctx); err != nil {
+ return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
}
- newInvoker.OnboardingInformation.OnboardingSecret = &onboardingSecret
- im.onboardedInvokers[*newInvoker.ApiInvokerId] = newInvoker
+ im.prepareNewInvoker(&newInvoker)
+
+ go im.sendEvent(*newInvoker.ApiInvokerId, eventsapi.CAPIFEventAPIINVOKERONBOARDED)
uri := ctx.Request().Host + ctx.Request().URL.String()
ctx.Response().Header().Set(echo.HeaderLocation, ctx.Scheme()+`://`+path.Join(uri, *newInvoker.ApiInvokerId))
+
err = ctx.JSON(http.StatusCreated, newInvoker)
if err != nil {
// Something really bad happened, tell Echo that our handler failed
return nil
}
-func (im *InvokerManager) DeleteOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error {
+func (im *InvokerManager) isInvokerOnboarded(newInvoker invokerapi.APIInvokerEnrolmentDetails) error {
+ for _, invoker := range im.onboardedInvokers {
+ if err := invoker.ValidateAlreadyOnboarded(newInvoker); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func (im *InvokerManager) prepareNewInvoker(newInvoker *invokerapi.APIInvokerEnrolmentDetails) {
+ var apiList invokerapi.APIList = im.publishRegister.GetAllPublishedServices()
+ newInvoker.ApiList = &apiList
+
im.lock.Lock()
defer im.lock.Unlock()
- delete(im.onboardedInvokers, onboardingId)
+ newInvoker.PrepareNewInvoker()
- return ctx.NoContent(http.StatusNoContent)
+ im.addClientInKeycloak(newInvoker)
+
+ im.onboardedInvokers[*newInvoker.ApiInvokerId] = *newInvoker
}
-func (im *InvokerManager) PutOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error {
- var invoker invokerapi.APIInvokerEnrolmentDetails
- err := ctx.Bind(&invoker)
- if err != nil {
- return sendCoreError(ctx, http.StatusBadRequest, "Invalid format for invoker")
+func (im *InvokerManager) addClientInKeycloak(newInvoker *invokerapi.APIInvokerEnrolmentDetails) error {
+ if err := im.keycloak.AddClient(*newInvoker.ApiInvokerId, "invokerrealm"); err != nil {
+ return err
}
- if onboardingId != *invoker.ApiInvokerId {
- return sendCoreError(ctx, http.StatusBadRequest, "Invoker ApiInvokerId not matching")
+ if body, err := im.keycloak.GetClientRepresentation(*newInvoker.ApiInvokerId, "invokerrealm"); err != nil {
+ return err
+ } else {
+ newInvoker.OnboardingInformation.OnboardingSecret = body.Secret
}
+ return nil
+}
- shouldReturn, coreError := im.validateInvoker(invoker, ctx)
- if shouldReturn {
- return coreError
+// Deletes an individual API Invoker.
+func (im *InvokerManager) DeleteOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error {
+ if _, ok := im.onboardedInvokers[onboardingId]; ok {
+ im.deleteInvoker(onboardingId)
}
+ go im.sendEvent(onboardingId, eventsapi.CAPIFEventAPIINVOKEROFFBOARDED)
+
+ return ctx.NoContent(http.StatusNoContent)
+}
+
+func (im *InvokerManager) deleteInvoker(onboardingId string) {
im.lock.Lock()
defer im.lock.Unlock()
+ delete(im.onboardedInvokers, onboardingId)
+}
+
+func getInvokerFromRequest(ctx echo.Context) (invokerapi.APIInvokerEnrolmentDetails, error) {
+ var invoker invokerapi.APIInvokerEnrolmentDetails
+ if err := ctx.Bind(&invoker); err != nil {
+ return invokerapi.APIInvokerEnrolmentDetails{}, fmt.Errorf("invalid format for invoker")
+ }
+ return invoker, nil
+}
+
+// Updates an individual API invoker details.
+func (im *InvokerManager) PutOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error {
+ errMsg := "Unable to update invoker due to %s"
+
+ newInvoker, err := getInvokerFromRequest(ctx)
+ if err != nil {
+ return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
+ }
+
+ // Additional validation for PUT
+ if (newInvoker.ApiInvokerId == nil) || (*newInvoker.ApiInvokerId != onboardingId) {
+ errMismatch := "APIInvokerEnrolmentDetails ApiInvokerId doesn't match path parameter"
+ return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, errMismatch))
+ }
+
+ if err := im.validateInvoker(newInvoker, ctx); err != nil {
+ return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
+ }
if _, ok := im.onboardedInvokers[onboardingId]; ok {
- im.onboardedInvokers[*invoker.ApiInvokerId] = invoker
+ im.updateInvoker(newInvoker)
} else {
return sendCoreError(ctx, http.StatusNotFound, "The invoker to update has not been onboarded")
}
- err = ctx.JSON(http.StatusOK, invoker)
+ err = ctx.JSON(http.StatusOK, newInvoker)
if err != nil {
// Something really bad happened, tell Echo that our handler failed
return err
return nil
}
+func (im *InvokerManager) updateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails) {
+ im.lock.Lock()
+ defer im.lock.Unlock()
+ im.onboardedInvokers[*invoker.ApiInvokerId] = invoker
+}
+
func (im *InvokerManager) ModifyIndApiInvokeEnrolment(ctx echo.Context, onboardingId string) error {
return ctx.NoContent(http.StatusNotImplemented)
}
-func (im *InvokerManager) validateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails, ctx echo.Context) (bool, error) {
- if invoker.NotificationDestination == "" {
- return true, sendCoreError(ctx, http.StatusBadRequest, "Invoker missing required NotificationDestination")
- }
-
- if invoker.OnboardingInformation.ApiInvokerPublicKey == "" {
- return true, sendCoreError(ctx, http.StatusBadRequest, "Invoker missing required OnboardingInformation.ApiInvokerPublicKey")
- }
-
- if !im.areAPIsRegistered(invoker.ApiList) {
- return true, sendCoreError(ctx, http.StatusBadRequest, "Some APIs needed by invoker are not registered")
+func (im *InvokerManager) validateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails, ctx echo.Context) error {
+ if err := invoker.Validate(); err != nil {
+ return err
}
- return false, nil
-}
-
-func (im *InvokerManager) areAPIsRegistered(apis *invokerapi.APIList) bool {
- if apis == nil {
- return true
- }
- return im.apiRegister.AreAPIsRegistered((*[]publishapi.ServiceAPIDescription)(apis))
+ return nil
}
-func (im *InvokerManager) getId(invokerInfo *string) *string {
- idAsString := "api_invoker_id_"
- if invokerInfo != nil {
- idAsString = idAsString + strings.ReplaceAll(*invokerInfo, " ", "_")
- } else {
- idAsString = idAsString + strconv.FormatInt(im.nextId, 10)
- im.nextId = im.nextId + 1
+func (im *InvokerManager) sendEvent(invokerId string, eventType eventsapi.CAPIFEvent) {
+ invokerIds := []string{invokerId}
+ event := eventsapi.EventNotification{
+ EventDetail: &eventsapi.CAPIFEventDetail{
+ ApiInvokerIds: &invokerIds,
+ },
+ Events: eventType,
}
- return &idAsString
+ im.eventChannel <- event
}
// This function wraps sending of an error in the Error format, and