X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=capifcore%2Finternal%2Finvokermanagement%2Finvokermanagement.go;h=0dea817490cfc09696830c59af79a104c3e2f346;hb=refs%2Fchanges%2F11%2F12711%2F6;hp=1d8582dac1029ff44e62df84645807211828a6ce;hpb=c9e08b2a2f647f9f870040570c5e71305f0fb5d2;p=nonrtric%2Fplt%2Fsme.git diff --git a/capifcore/internal/invokermanagement/invokermanagement.go b/capifcore/internal/invokermanagement/invokermanagement.go index 1d8582d..0dea817 100644 --- a/capifcore/internal/invokermanagement/invokermanagement.go +++ b/capifcore/internal/invokermanagement/invokermanagement.go @@ -2,7 +2,8 @@ // ========================LICENSE_START================================= // O-RAN-SC // %% -// Copyright (C) 2022: Nordix Foundation +// Copyright (C) 2022-2023: Nordix Foundation +// Copyright (C) 2024: OpenInfra Foundation Europe // %% // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -21,40 +22,51 @@ package invokermanagement import ( + "fmt" "net/http" "path" - "strconv" - "strings" "sync" - publishapi "oransc.org/nonrtric/capifcore/internal/publishserviceapi" + "oransc.org/nonrtric/capifcore/internal/eventsapi" + "oransc.org/nonrtric/capifcore/internal/keycloak" "oransc.org/nonrtric/capifcore/internal/common29122" invokerapi "oransc.org/nonrtric/capifcore/internal/invokermanagementapi" - "oransc.org/nonrtric/capifcore/internal/publishservice" - "github.com/labstack/echo/v4" + echo "github.com/labstack/echo/v4" ) //go:generate mockery --name InvokerRegister type InvokerRegister interface { + // Checks if the invoker is registered. + // Returns true of the provided invoker is registered, false otherwise. IsInvokerRegistered(invokerId string) bool + // Verifies that the provided secret is the invoker's registered secret. + // Returns true if the provided secret is the registered invoker's secret, false otherwise. VerifyInvokerSecret(invokerId, secret string) bool + // Gets the provided invoker's registered APIs. + // Returns a list of all the invoker's registered APIs. + GetInvokerApiList(invokerId string) *invokerapi.APIList } type InvokerManager struct { onboardedInvokers map[string]invokerapi.APIInvokerEnrolmentDetails - apiRegister publishservice.APIRegister + publishRegister publishservice.PublishRegister nextId int64 + keycloak keycloak.AccessManagement + eventChannel chan<- eventsapi.EventNotification lock sync.Mutex } -func NewInvokerManager(apiRegister publishservice.APIRegister) *InvokerManager { +// Creates a manager that implements both the InvokerRegister and the invokermanagementapi.ServerInterface interfaces. +func NewInvokerManager(publishRegister publishservice.PublishRegister, km keycloak.AccessManagement, eventChannel chan<- eventsapi.EventNotification) *InvokerManager { return &InvokerManager{ onboardedInvokers: make(map[string]invokerapi.APIInvokerEnrolmentDetails), - apiRegister: apiRegister, + publishRegister: publishRegister, nextId: 1000, + keycloak: km, + eventChannel: eventChannel, } } @@ -77,34 +89,42 @@ func (im *InvokerManager) VerifyInvokerSecret(invokerId, secret string) bool { return verified } +func (im *InvokerManager) GetInvokerApiList(invokerId string) *invokerapi.APIList { + var apiList invokerapi.APIList = im.publishRegister.GetAllPublishedServices() + im.lock.Lock() + defer im.lock.Unlock() + invoker, ok := im.onboardedInvokers[invokerId] + if ok { + invoker.ApiList = &apiList + return &apiList + } + return nil +} + +// Creates a new individual API Invoker profile. func (im *InvokerManager) PostOnboardedInvokers(ctx echo.Context) error { - var newInvoker invokerapi.APIInvokerEnrolmentDetails - err := ctx.Bind(&newInvoker) + errMsg := "Unable to onboard invoker due to %s" + + newInvoker, err := getInvokerFromRequest(ctx) if err != nil { - return sendCoreError(ctx, http.StatusBadRequest, "Invalid format for invoker") + return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err)) } - shouldReturn, coreError := im.validateInvoker(newInvoker, ctx) - if shouldReturn { - return coreError + if err = im.isInvokerOnboarded(newInvoker); err != nil { + return sendCoreError(ctx, http.StatusForbidden, fmt.Sprintf(errMsg, err)) } - im.lock.Lock() - defer im.lock.Unlock() - - newInvoker.ApiInvokerId = im.getId(newInvoker.ApiInvokerInformation) - onboardingSecret := "onboarding_secret_" - if newInvoker.ApiInvokerInformation != nil { - onboardingSecret = onboardingSecret + strings.ReplaceAll(*newInvoker.ApiInvokerInformation, " ", "_") - } else { - onboardingSecret = onboardingSecret + *newInvoker.ApiInvokerId + if err = im.validateInvoker(newInvoker); err != nil { + return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err)) } - newInvoker.OnboardingInformation.OnboardingSecret = &onboardingSecret - im.onboardedInvokers[*newInvoker.ApiInvokerId] = newInvoker + im.prepareNewInvoker(&newInvoker) + + go im.sendEvent(*newInvoker.ApiInvokerId, eventsapi.CAPIFEventAPIINVOKERONBOARDED) uri := ctx.Request().Host + ctx.Request().URL.String() ctx.Response().Header().Set(echo.HeaderLocation, ctx.Scheme()+`://`+path.Join(uri, *newInvoker.ApiInvokerId)) + err = ctx.JSON(http.StatusCreated, newInvoker) if err != nil { // Something really bad happened, tell Echo that our handler failed @@ -114,41 +134,103 @@ func (im *InvokerManager) PostOnboardedInvokers(ctx echo.Context) error { return nil } -func (im *InvokerManager) DeleteOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error { +func (im *InvokerManager) isInvokerOnboarded(newInvoker invokerapi.APIInvokerEnrolmentDetails) error { + for _, invoker := range im.onboardedInvokers { + if err := invoker.ValidateAlreadyOnboarded(newInvoker); err != nil { + return err + } + } + return nil +} + +func (im *InvokerManager) prepareNewInvoker(newInvoker *invokerapi.APIInvokerEnrolmentDetails) { + var apiListRequestedServices invokerapi.APIList = nil + if newInvoker.ApiList != nil { + apiListRequestedServices = *newInvoker.ApiList + } + var allowedPublishedServices invokerapi.APIList = im.publishRegister.GetAllowedPublishedServices(apiListRequestedServices) + newInvoker.ApiList = &allowedPublishedServices + im.lock.Lock() defer im.lock.Unlock() - delete(im.onboardedInvokers, onboardingId) + newInvoker.PrepareNewInvoker() - return ctx.NoContent(http.StatusNoContent) + if im.keycloak != nil { + // The type assertion fails when unit testing from ServiceManager where we use Capif as a library, and we are not using Keycloak. + if _, ok := im.keycloak.(*keycloak.KeycloakManager); !ok { + // im.keycloak is not nil and its dynamic value is not nil. + im.addClientInKeycloak(newInvoker) + } + } + + im.onboardedInvokers[*newInvoker.ApiInvokerId] = *newInvoker } -func (im *InvokerManager) PutOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error { - var invoker invokerapi.APIInvokerEnrolmentDetails - err := ctx.Bind(&invoker) - if err != nil { - return sendCoreError(ctx, http.StatusBadRequest, "Invalid format for invoker") +func (im *InvokerManager) addClientInKeycloak(newInvoker *invokerapi.APIInvokerEnrolmentDetails) error { + if err := im.keycloak.AddClient(*newInvoker.ApiInvokerId, "invokerrealm"); err != nil { + return err } - if onboardingId != *invoker.ApiInvokerId { - return sendCoreError(ctx, http.StatusBadRequest, "Invoker ApiInvokerId not matching") + if body, err := im.keycloak.GetClientRepresentation(*newInvoker.ApiInvokerId, "invokerrealm"); err != nil { + return err + } else { + newInvoker.OnboardingInformation.OnboardingSecret = body.Secret } + return nil +} - shouldReturn, coreError := im.validateInvoker(invoker, ctx) - if shouldReturn { - return coreError +// Deletes an individual API Invoker. +func (im *InvokerManager) DeleteOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error { + if _, ok := im.onboardedInvokers[onboardingId]; ok { + im.deleteInvoker(onboardingId) } + go im.sendEvent(onboardingId, eventsapi.CAPIFEventAPIINVOKEROFFBOARDED) + + return ctx.NoContent(http.StatusNoContent) +} + +func (im *InvokerManager) deleteInvoker(onboardingId string) { im.lock.Lock() defer im.lock.Unlock() + delete(im.onboardedInvokers, onboardingId) +} + +func getInvokerFromRequest(ctx echo.Context) (invokerapi.APIInvokerEnrolmentDetails, error) { + var invoker invokerapi.APIInvokerEnrolmentDetails + if err := ctx.Bind(&invoker); err != nil { + return invokerapi.APIInvokerEnrolmentDetails{}, fmt.Errorf("invalid format for invoker") + } + return invoker, nil +} + +// Updates an individual API invoker details. +func (im *InvokerManager) PutOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error { + errMsg := "Unable to update invoker due to %s" + + newInvoker, err := getInvokerFromRequest(ctx) + if err != nil { + return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err)) + } + + // Additional validation for PUT + if (newInvoker.ApiInvokerId == nil) || (*newInvoker.ApiInvokerId != onboardingId) { + errMismatch := "APIInvokerEnrolmentDetails ApiInvokerId doesn't match path parameter" + return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, errMismatch)) + } + + if err := im.validateInvoker(newInvoker); err != nil { + return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err)) + } if _, ok := im.onboardedInvokers[onboardingId]; ok { - im.onboardedInvokers[*invoker.ApiInvokerId] = invoker + im.updateInvoker(newInvoker) } else { return sendCoreError(ctx, http.StatusNotFound, "The invoker to update has not been onboarded") } - err = ctx.JSON(http.StatusOK, invoker) + err = ctx.JSON(http.StatusOK, newInvoker) if err != nil { // Something really bad happened, tell Echo that our handler failed return err @@ -157,42 +239,33 @@ func (im *InvokerManager) PutOnboardedInvokersOnboardingId(ctx echo.Context, onb return nil } +func (im *InvokerManager) updateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails) { + im.lock.Lock() + defer im.lock.Unlock() + im.onboardedInvokers[*invoker.ApiInvokerId] = invoker +} + func (im *InvokerManager) ModifyIndApiInvokeEnrolment(ctx echo.Context, onboardingId string) error { return ctx.NoContent(http.StatusNotImplemented) } -func (im *InvokerManager) validateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails, ctx echo.Context) (bool, error) { - if invoker.NotificationDestination == "" { - return true, sendCoreError(ctx, http.StatusBadRequest, "Invoker missing required NotificationDestination") - } - - if invoker.OnboardingInformation.ApiInvokerPublicKey == "" { - return true, sendCoreError(ctx, http.StatusBadRequest, "Invoker missing required OnboardingInformation.ApiInvokerPublicKey") - } - - if !im.areAPIsRegistered(invoker.ApiList) { - return true, sendCoreError(ctx, http.StatusBadRequest, "Some APIs needed by invoker are not registered") +func (im *InvokerManager) validateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails) error { + if err := invoker.Validate(); err != nil { + return err } - return false, nil -} - -func (im *InvokerManager) areAPIsRegistered(apis *invokerapi.APIList) bool { - if apis == nil { - return true - } - return im.apiRegister.AreAPIsRegistered((*[]publishapi.ServiceAPIDescription)(apis)) + return nil } -func (im *InvokerManager) getId(invokerInfo *string) *string { - idAsString := "api_invoker_id_" - if invokerInfo != nil { - idAsString = idAsString + strings.ReplaceAll(*invokerInfo, " ", "_") - } else { - idAsString = idAsString + strconv.FormatInt(im.nextId, 10) - im.nextId = im.nextId + 1 +func (im *InvokerManager) sendEvent(invokerId string, eventType eventsapi.CAPIFEvent) { + invokerIds := []string{invokerId} + event := eventsapi.EventNotification{ + EventDetail: &eventsapi.CAPIFEventDetail{ + ApiInvokerIds: &invokerIds, + }, + Events: eventType, } - return &idAsString + im.eventChannel <- event } // This function wraps sending of an error in the Error format, and