X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=capifcore%2Finternal%2Finvokermanagement%2Finvokermanagement.go;h=fe0c2cbcc5896a18df5f4d43d4126ef5a83d0390;hb=6bf043b36b3c5193008d39a901753bcea093d2b2;hp=5d4ba2511f124f475337b4aa1cae9a39a7aeadc9;hpb=f62685e5a2187fb58c7f27cdd1f14dd2c152880d;p=nonrtric%2Fplt%2Fsme.git diff --git a/capifcore/internal/invokermanagement/invokermanagement.go b/capifcore/internal/invokermanagement/invokermanagement.go index 5d4ba25..fe0c2cb 100644 --- a/capifcore/internal/invokermanagement/invokermanagement.go +++ b/capifcore/internal/invokermanagement/invokermanagement.go @@ -2,7 +2,8 @@ // ========================LICENSE_START================================= // O-RAN-SC // %% -// Copyright (C) 2022: Nordix Foundation +// Copyright (C) 2022-2023: Nordix Foundation +// Copyright (C) 2024: OpenInfra Foundation Europe // %% // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -21,21 +22,19 @@ package invokermanagement import ( - "errors" "fmt" "net/http" "path" "sync" "oransc.org/nonrtric/capifcore/internal/eventsapi" - publishapi "oransc.org/nonrtric/capifcore/internal/publishserviceapi" + "oransc.org/nonrtric/capifcore/internal/keycloak" "oransc.org/nonrtric/capifcore/internal/common29122" invokerapi "oransc.org/nonrtric/capifcore/internal/invokermanagementapi" - "oransc.org/nonrtric/capifcore/internal/publishservice" - "github.com/labstack/echo/v4" + echo "github.com/labstack/echo/v4" ) //go:generate mockery --name InvokerRegister @@ -55,16 +54,18 @@ type InvokerManager struct { onboardedInvokers map[string]invokerapi.APIInvokerEnrolmentDetails publishRegister publishservice.PublishRegister nextId int64 + keycloak keycloak.AccessManagement eventChannel chan<- eventsapi.EventNotification lock sync.Mutex } // Creates a manager that implements both the InvokerRegister and the invokermanagementapi.ServerInterface interfaces. -func NewInvokerManager(publishRegister publishservice.PublishRegister, eventChannel chan<- eventsapi.EventNotification) *InvokerManager { +func NewInvokerManager(publishRegister publishservice.PublishRegister, km keycloak.AccessManagement, eventChannel chan<- eventsapi.EventNotification) *InvokerManager { return &InvokerManager{ onboardedInvokers: make(map[string]invokerapi.APIInvokerEnrolmentDetails), publishRegister: publishRegister, nextId: 1000, + keycloak: km, eventChannel: eventChannel, } } @@ -102,17 +103,18 @@ func (im *InvokerManager) GetInvokerApiList(invokerId string) *invokerapi.APILis // Creates a new individual API Invoker profile. func (im *InvokerManager) PostOnboardedInvokers(ctx echo.Context) error { - var newInvoker invokerapi.APIInvokerEnrolmentDetails errMsg := "Unable to onboard invoker due to %s" - if err := ctx.Bind(&newInvoker); err != nil { - return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, "invalid format for invoker")) + + newInvoker, err := getInvokerFromRequest(ctx) + if err != nil { + return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err)) } - if im.isInvokerOnboarded(newInvoker) { - return sendCoreError(ctx, http.StatusForbidden, fmt.Sprintf(errMsg, "invoker already onboarded")) + if err = im.isInvokerOnboarded(newInvoker); err != nil { + return sendCoreError(ctx, http.StatusForbidden, fmt.Sprintf(errMsg, err)) } - if err := im.validateInvoker(newInvoker, ctx); err != nil { + if err = im.validateInvoker(newInvoker); err != nil { return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err)) } @@ -122,7 +124,8 @@ func (im *InvokerManager) PostOnboardedInvokers(ctx echo.Context) error { uri := ctx.Request().Host + ctx.Request().URL.String() ctx.Response().Header().Set(echo.HeaderLocation, ctx.Scheme()+`://`+path.Join(uri, *newInvoker.ApiInvokerId)) - err := ctx.JSON(http.StatusCreated, newInvoker) + + err = ctx.JSON(http.StatusCreated, newInvoker) if err != nil { // Something really bad happened, tell Echo that our handler failed return err @@ -131,27 +134,44 @@ func (im *InvokerManager) PostOnboardedInvokers(ctx echo.Context) error { return nil } -func (im *InvokerManager) isInvokerOnboarded(newInvoker invokerapi.APIInvokerEnrolmentDetails) bool { +func (im *InvokerManager) isInvokerOnboarded(newInvoker invokerapi.APIInvokerEnrolmentDetails) error { for _, invoker := range im.onboardedInvokers { - if newInvoker.OnboardingInformation.ApiInvokerPublicKey == invoker.OnboardingInformation.ApiInvokerPublicKey { - return true + if err := invoker.ValidateAlreadyOnboarded(newInvoker); err != nil { + return err } } - return false + return nil } func (im *InvokerManager) prepareNewInvoker(newInvoker *invokerapi.APIInvokerEnrolmentDetails) { - var apiList invokerapi.APIList = im.publishRegister.GetAllPublishedServices() - newInvoker.ApiList = &apiList + var apiListRequestedServices invokerapi.APIList = nil + if newInvoker.ApiList != nil { + apiListRequestedServices = *newInvoker.ApiList + } + var allowedPublishedServices invokerapi.APIList = im.publishRegister.GetAllowedPublishedServices(apiListRequestedServices) + newInvoker.ApiList = &allowedPublishedServices im.lock.Lock() defer im.lock.Unlock() newInvoker.PrepareNewInvoker() - + im.addClientInKeycloak(newInvoker) im.onboardedInvokers[*newInvoker.ApiInvokerId] = *newInvoker } +func (im *InvokerManager) addClientInKeycloak(newInvoker *invokerapi.APIInvokerEnrolmentDetails) error { + if err := im.keycloak.AddClient(*newInvoker.ApiInvokerId, "invokerrealm"); err != nil { + return err + } + + if body, err := im.keycloak.GetClientRepresentation(*newInvoker.ApiInvokerId, "invokerrealm"); err != nil { + return err + } else { + newInvoker.OnboardingInformation.OnboardingSecret = body.Secret + } + return nil +} + // Deletes an individual API Invoker. func (im *InvokerManager) DeleteOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error { if _, ok := im.onboardedInvokers[onboardingId]; ok { @@ -169,29 +189,40 @@ func (im *InvokerManager) deleteInvoker(onboardingId string) { delete(im.onboardedInvokers, onboardingId) } +func getInvokerFromRequest(ctx echo.Context) (invokerapi.APIInvokerEnrolmentDetails, error) { + var invoker invokerapi.APIInvokerEnrolmentDetails + if err := ctx.Bind(&invoker); err != nil { + return invokerapi.APIInvokerEnrolmentDetails{}, fmt.Errorf("invalid format for invoker") + } + return invoker, nil +} + // Updates an individual API invoker details. func (im *InvokerManager) PutOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error { - var invoker invokerapi.APIInvokerEnrolmentDetails errMsg := "Unable to update invoker due to %s" - if err := ctx.Bind(&invoker); err != nil { - return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, "invalid format for invoker")) + + newInvoker, err := getInvokerFromRequest(ctx) + if err != nil { + return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err)) } - if onboardingId != *invoker.ApiInvokerId { - return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, "ApiInvokerId not matching")) + // Additional validation for PUT + if (newInvoker.ApiInvokerId == nil) || (*newInvoker.ApiInvokerId != onboardingId) { + errMismatch := "APIInvokerEnrolmentDetails ApiInvokerId doesn't match path parameter" + return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, errMismatch)) } - if err := im.validateInvoker(invoker, ctx); err != nil { + if err := im.validateInvoker(newInvoker); err != nil { return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err)) } if _, ok := im.onboardedInvokers[onboardingId]; ok { - im.updateInvoker(invoker) + im.updateInvoker(newInvoker) } else { return sendCoreError(ctx, http.StatusNotFound, "The invoker to update has not been onboarded") } - err := ctx.JSON(http.StatusOK, invoker) + err = ctx.JSON(http.StatusOK, newInvoker) if err != nil { // Something really bad happened, tell Echo that our handler failed return err @@ -210,24 +241,14 @@ func (im *InvokerManager) ModifyIndApiInvokeEnrolment(ctx echo.Context, onboardi return ctx.NoContent(http.StatusNotImplemented) } -func (im *InvokerManager) validateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails, ctx echo.Context) error { +func (im *InvokerManager) validateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails) error { if err := invoker.Validate(); err != nil { return err } - if !im.areAPIsPublished(invoker.ApiList) { - return errors.New("some APIs needed by invoker are not registered") - } return nil } -func (im *InvokerManager) areAPIsPublished(apis *invokerapi.APIList) bool { - if apis == nil { - return true - } - return im.publishRegister.AreAPIsPublished((*[]publishapi.ServiceAPIDescription)(apis)) -} - func (im *InvokerManager) sendEvent(invokerId string, eventType eventsapi.CAPIFEvent) { invokerIds := []string{invokerId} event := eventsapi.EventNotification{