X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=capifcore%2Finternal%2Finvokermanagement%2Finvokermanagement.go;h=fe0c2cbcc5896a18df5f4d43d4126ef5a83d0390;hb=refs%2Fchanges%2F85%2F12585%2F1;hp=9025f83e602bec08b7b945af4de3a8e4b8effdbe;hpb=6edc6544f698b8f5d923f3b2717ab103b7473dfe;p=nonrtric%2Fplt%2Fsme.git

diff --git a/capifcore/internal/invokermanagement/invokermanagement.go b/capifcore/internal/invokermanagement/invokermanagement.go
index 9025f83..fe0c2cb 100644
--- a/capifcore/internal/invokermanagement/invokermanagement.go
+++ b/capifcore/internal/invokermanagement/invokermanagement.go
@@ -2,7 +2,8 @@
 //   ========================LICENSE_START=================================
 //   O-RAN-SC
 //   %%
-//   Copyright (C) 2022: Nordix Foundation
+//   Copyright (C) 2022-2023: Nordix Foundation
+//   Copyright (C) 2024: OpenInfra Foundation Europe
 //   %%
 //   Licensed under the Apache License, Version 2.0 (the "License");
 //   you may not use this file except in compliance with the License.
@@ -21,21 +22,19 @@
 package invokermanagement
 
 import (
+	"fmt"
 	"net/http"
 	"path"
-	"strconv"
-	"strings"
 	"sync"
 
 	"oransc.org/nonrtric/capifcore/internal/eventsapi"
-	publishapi "oransc.org/nonrtric/capifcore/internal/publishserviceapi"
+	"oransc.org/nonrtric/capifcore/internal/keycloak"
 
 	"oransc.org/nonrtric/capifcore/internal/common29122"
 	invokerapi "oransc.org/nonrtric/capifcore/internal/invokermanagementapi"
-
 	"oransc.org/nonrtric/capifcore/internal/publishservice"
 
-	"github.com/labstack/echo/v4"
+	echo "github.com/labstack/echo/v4"
 )
 
 //go:generate mockery --name InvokerRegister
@@ -55,16 +54,18 @@ type InvokerManager struct {
 	onboardedInvokers map[string]invokerapi.APIInvokerEnrolmentDetails
 	publishRegister   publishservice.PublishRegister
 	nextId            int64
+	keycloak          keycloak.AccessManagement
 	eventChannel      chan<- eventsapi.EventNotification
 	lock              sync.Mutex
 }
 
 // Creates a manager that implements both the InvokerRegister and the invokermanagementapi.ServerInterface interfaces.
-func NewInvokerManager(publishRegister publishservice.PublishRegister, eventChannel chan<- eventsapi.EventNotification) *InvokerManager {
+func NewInvokerManager(publishRegister publishservice.PublishRegister, km keycloak.AccessManagement, eventChannel chan<- eventsapi.EventNotification) *InvokerManager {
 	return &InvokerManager{
 		onboardedInvokers: make(map[string]invokerapi.APIInvokerEnrolmentDetails),
 		publishRegister:   publishRegister,
 		nextId:            1000,
+		keycloak:          km,
 		eventChannel:      eventChannel,
 	}
 }
@@ -102,15 +103,19 @@ func (im *InvokerManager) GetInvokerApiList(invokerId string) *invokerapi.APILis
 
 // Creates a new individual API Invoker profile.
 func (im *InvokerManager) PostOnboardedInvokers(ctx echo.Context) error {
-	var newInvoker invokerapi.APIInvokerEnrolmentDetails
-	err := ctx.Bind(&newInvoker)
+	errMsg := "Unable to onboard invoker due to %s"
+
+	newInvoker, err := getInvokerFromRequest(ctx)
 	if err != nil {
-		return sendCoreError(ctx, http.StatusBadRequest, "Invalid format for invoker")
+		return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
 	}
 
-	shouldReturn, coreError := im.validateInvoker(newInvoker, ctx)
-	if shouldReturn {
-		return coreError
+	if err = im.isInvokerOnboarded(newInvoker); err != nil {
+		return sendCoreError(ctx, http.StatusForbidden, fmt.Sprintf(errMsg, err))
+	}
+
+	if err = im.validateInvoker(newInvoker); err != nil {
+		return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
 	}
 
 	im.prepareNewInvoker(&newInvoker)
@@ -119,6 +124,7 @@ func (im *InvokerManager) PostOnboardedInvokers(ctx echo.Context) error {
 
 	uri := ctx.Request().Host + ctx.Request().URL.String()
 	ctx.Response().Header().Set(echo.HeaderLocation, ctx.Scheme()+`://`+path.Join(uri, *newInvoker.ApiInvokerId))
+
 	err = ctx.JSON(http.StatusCreated, newInvoker)
 	if err != nil {
 		// Something really bad happened, tell Echo that our handler failed
@@ -128,27 +134,42 @@ func (im *InvokerManager) PostOnboardedInvokers(ctx echo.Context) error {
 	return nil
 }
 
+func (im *InvokerManager) isInvokerOnboarded(newInvoker invokerapi.APIInvokerEnrolmentDetails) error {
+	for _, invoker := range im.onboardedInvokers {
+		if err := invoker.ValidateAlreadyOnboarded(newInvoker); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func (im *InvokerManager) prepareNewInvoker(newInvoker *invokerapi.APIInvokerEnrolmentDetails) {
+	var apiListRequestedServices invokerapi.APIList = nil
+	if newInvoker.ApiList != nil {
+		apiListRequestedServices = *newInvoker.ApiList
+	}
+	var allowedPublishedServices invokerapi.APIList = im.publishRegister.GetAllowedPublishedServices(apiListRequestedServices)
+	newInvoker.ApiList = &allowedPublishedServices
+
 	im.lock.Lock()
 	defer im.lock.Unlock()
 
-	newInvoker.ApiInvokerId = im.getId(newInvoker.ApiInvokerInformation)
-	newInvoker.OnboardingInformation.OnboardingSecret = getOnboardingSecret(*newInvoker)
-
-	var apiList invokerapi.APIList = im.publishRegister.GetAllPublishedServices()
-	newInvoker.ApiList = &apiList
-
+	newInvoker.PrepareNewInvoker()
+	im.addClientInKeycloak(newInvoker)
 	im.onboardedInvokers[*newInvoker.ApiInvokerId] = *newInvoker
 }
 
-func getOnboardingSecret(newInvoker invokerapi.APIInvokerEnrolmentDetails) *string {
-	onboardingSecret := "onboarding_secret_"
-	if newInvoker.ApiInvokerInformation != nil {
-		onboardingSecret = onboardingSecret + strings.ReplaceAll(*newInvoker.ApiInvokerInformation, " ", "_")
+func (im *InvokerManager) addClientInKeycloak(newInvoker *invokerapi.APIInvokerEnrolmentDetails) error {
+	if err := im.keycloak.AddClient(*newInvoker.ApiInvokerId, "invokerrealm"); err != nil {
+		return err
+	}
+
+	if body, err := im.keycloak.GetClientRepresentation(*newInvoker.ApiInvokerId, "invokerrealm"); err != nil {
+		return err
 	} else {
-		onboardingSecret = onboardingSecret + *newInvoker.ApiInvokerId
+		newInvoker.OnboardingInformation.OnboardingSecret = body.Secret
 	}
-	return &onboardingSecret
+	return nil
 }
 
 // Deletes an individual API Invoker.
@@ -168,30 +189,40 @@ func (im *InvokerManager) deleteInvoker(onboardingId string) {
 	delete(im.onboardedInvokers, onboardingId)
 }
 
+func getInvokerFromRequest(ctx echo.Context) (invokerapi.APIInvokerEnrolmentDetails, error) {
+	var invoker invokerapi.APIInvokerEnrolmentDetails
+	if err := ctx.Bind(&invoker); err != nil {
+		return invokerapi.APIInvokerEnrolmentDetails{}, fmt.Errorf("invalid format for invoker")
+	}
+	return invoker, nil
+}
+
 // Updates an individual API invoker details.
 func (im *InvokerManager) PutOnboardedInvokersOnboardingId(ctx echo.Context, onboardingId string) error {
-	var invoker invokerapi.APIInvokerEnrolmentDetails
-	err := ctx.Bind(&invoker)
+	errMsg := "Unable to update invoker due to %s"
+
+	newInvoker, err := getInvokerFromRequest(ctx)
 	if err != nil {
-		return sendCoreError(ctx, http.StatusBadRequest, "Invalid format for invoker")
+		return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
 	}
 
-	if onboardingId != *invoker.ApiInvokerId {
-		return sendCoreError(ctx, http.StatusBadRequest, "Invoker ApiInvokerId not matching")
+	// Additional validation for PUT
+	if (newInvoker.ApiInvokerId == nil) || (*newInvoker.ApiInvokerId != onboardingId) {
+		errMismatch := "APIInvokerEnrolmentDetails ApiInvokerId doesn't match path parameter"
+		return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, errMismatch))
 	}
 
-	shouldReturn, coreError := im.validateInvoker(invoker, ctx)
-	if shouldReturn {
-		return coreError
+	if err := im.validateInvoker(newInvoker); err != nil {
+		return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
 	}
 
 	if _, ok := im.onboardedInvokers[onboardingId]; ok {
-		im.updateInvoker(invoker)
+		im.updateInvoker(newInvoker)
 	} else {
 		return sendCoreError(ctx, http.StatusNotFound, "The invoker to update has not been onboarded")
 	}
 
-	err = ctx.JSON(http.StatusOK, invoker)
+	err = ctx.JSON(http.StatusOK, newInvoker)
 	if err != nil {
 		// Something really bad happened, tell Echo that our handler failed
 		return err
@@ -210,38 +241,12 @@ func (im *InvokerManager) ModifyIndApiInvokeEnrolment(ctx echo.Context, onboardi
 	return ctx.NoContent(http.StatusNotImplemented)
 }
 
-func (im *InvokerManager) validateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails, ctx echo.Context) (bool, error) {
-	if invoker.NotificationDestination == "" {
-		return true, sendCoreError(ctx, http.StatusBadRequest, "Invoker missing required NotificationDestination")
-	}
-
-	if invoker.OnboardingInformation.ApiInvokerPublicKey == "" {
-		return true, sendCoreError(ctx, http.StatusBadRequest, "Invoker missing required OnboardingInformation.ApiInvokerPublicKey")
-	}
-
-	if !im.areAPIsPublished(invoker.ApiList) {
-		return true, sendCoreError(ctx, http.StatusBadRequest, "Some APIs needed by invoker are not registered")
+func (im *InvokerManager) validateInvoker(invoker invokerapi.APIInvokerEnrolmentDetails) error {
+	if err := invoker.Validate(); err != nil {
+		return err
 	}
 
-	return false, nil
-}
-
-func (im *InvokerManager) areAPIsPublished(apis *invokerapi.APIList) bool {
-	if apis == nil {
-		return true
-	}
-	return im.publishRegister.AreAPIsPublished((*[]publishapi.ServiceAPIDescription)(apis))
-}
-
-func (im *InvokerManager) getId(invokerInfo *string) *string {
-	idAsString := "api_invoker_id_"
-	if invokerInfo != nil {
-		idAsString = idAsString + strings.ReplaceAll(*invokerInfo, " ", "_")
-	} else {
-		idAsString = idAsString + strconv.FormatInt(im.nextId, 10)
-		im.nextId = im.nextId + 1
-	}
-	return &idAsString
+	return nil
 }
 
 func (im *InvokerManager) sendEvent(invokerId string, eventType eventsapi.CAPIFEvent) {