fixup! Migrate device-provisioning-service to repository

plgd-dev · Aug 8, 2024 · 3886b6e · 3886b6e
1 parent 9d167fa
commit 3886b6e
Show file tree

Hide file tree

Showing 25 changed files with 576 additions and 219 deletions.
diff --git a/.github/workflows/build-publish.yaml b/.github/workflows/build-publish.yaml
@@ -123,6 +123,9 @@ jobs:
             directory: m2m-oauth-server
             file: .tmp/docker/m2m-oauth-server/Dockerfile
             template-file: tools/docker/Dockerfile.in
+          - name: test-device-provisioning-service
+            directory: test/device-provisioning-service
+            file: test/device-provisioning-service/Dockerfile
     uses: ./.github/workflows/build-publish-cfg.yaml
     with:
       name: ${{ matrix.name }}

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -28,15 +28,15 @@ jobs:
         include:
           # test with check race with coverage and sonarcloud
           - name: test
-            cmd: test
+            cmd: test-device-provisioning-service
             checkRace: "true"
             coapGateway:
               log:
                 level: "debug"
                 dumpBody: "true"
 
           - name: test/cqldb
-            cmd: test
+            cmd: test-device-provisioning-service
             checkRace: "true"
             database: "cqldb"
             coapGateway:
@@ -46,14 +46,14 @@ jobs:
 
           # test without check race
           - name: test/norace
-            cmd: test
+            cmd: test-device-provisioning-service
             coapGateway:
               log:
                 level: "debug"
                 dumpBody: "true"
 
           - name: test/norace/cqldb
-            cmd: test
+            cmd: test-device-provisioning-service
             database: "cqldb"
             coapGateway:
               log:
@@ -65,15 +65,15 @@ jobs:
           #   - with ECDSA-SHA256 signature and P384 elliptic curve certificates
           #   - with TEST_LEAD_RESOURCE_TYPE_FILTER, TEST_LEAD_RESOURCE_TYPE_USE_UUID
           - name: test/norace-384
-            cmd: test
+            cmd: test-device-provisioning-service
             args: CERT_TOOL_SIGN_ALG=ECDSA-SHA384 CERT_TOOL_ELLIPTIC_CURVE=P384 TEST_LEAD_RESOURCE_TYPE_FILTER=last TEST_LEAD_RESOURCE_TYPE_USE_UUID=true
 
           # test
           #   - without check race
           #   - with TEST_LEAD_RESOURCE_TYPE_FILTER, TEST_LEAD_RESOURCE_TYPE_REGEX_FILTER
           #   - with logs from all services
           - name: test/norace/logs
-            cmd: test
+            cmd: test-device-provisioning-service
             args: TEST_LEAD_RESOURCE_TYPE_REGEX_FILTER='oic\.wk\.d,^/light/\d+$$' TEST_LEAD_RESOURCE_TYPE_FILTER=first
             coapGateway:
               log:
@@ -103,6 +103,12 @@ jobs:
           cat /proc/cpuinfo
           echo "Number of cores: $(nproc)"
           echo "Number of threads: $(nproc --all)"
+
+      - name: disable tcp/udp offloading
+        run: |
+          ifconfig
+          ethtool -K eth0 tx off rx off
+
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v4
         with:

diff --git a/Makefile b/Makefile
@@ -407,6 +407,7 @@ define RUN-DOCKER
 		-v $(WORKING_DIRECTORY)/.tmp/privKeys:/privKeys \
 		-v $(WORKING_DIRECTORY)/.tmp/usr/local/www:/usr/local/www \
 		-v /var/run/docker.sock:/var/run/docker.sock \
+		-e PION_LOG_TRACE=all \
 		-e TEST_CLOUD_SID=$(CLOUD_SID) \
 		-e LISTEN_FILE_CA_POOL=/certs/root_ca.crt \
 		-e LISTEN_FILE_CERT_DIR_PATH=/certs \

diff --git a/device-provisioning-service/README.md b/device-provisioning-service/README.md
@@ -5,175 +5,13 @@ The Device Provisioning Service provides API to provision device to the [plgd/hu
 ## Workflow
 
 <!--
-@startuml workflow
-autonumber
-
-actor Operator as op
-participant "Onboarding Tool" as obt
-box "Device" #LightBlue
-participant "Device Application"  as device
-participant "DPS Library" as dpc
-end box
-box "plgd hub" #DeepSkyBlue
-participant "Device Provisioning Service" as dps
-participant "Certificate Authority Service" as ca
-end box
-participant "OAuth2.0 Server" as os
-
-note over of device
-  Unique manufacturer certificate
-  set during the production
-end note
-== Configuration ==
-op -> dps: Configure Enrollment Group
-== DPS Connection ==
-alt DPS Address set by the device - Call Home
-  device -> dpc: Set DPS address
-else DPS address configured by the tool running discovery - Multicast
-obt --_> dpc: Discover x.com.plgd.dps.conf
-dpc -> obt: Here I am
-note over dpc
-  Devices with the x.com.plgd.dps.conf resource will reply.
-end note
-obt -> dpc: Own device
-return
-note over dpc
-  The onboarding tool becomes the owner of the device
-  or already owns it.
-end note
-obt -> dpc: Set DPS address
-return
-note over dpc
-  When the device is disowned or factory reset, the DPS address is set to empty.
-end note
-end
-
-note over dpc, dps
-    The device is authenticated by the manufacturer certificate.
-    Expired certificate can be used if enabled.
-end note
-
-dpc -> dps: Connect and authenticate using Manufacturer Certificate
-dps -> dps: Validate certificate
-note right
-  Validation against Mfg CA
-  registered in the Enrollment Group and
-  against the revocation list.
-end note
-alt Valid
-  dps -> dpc: Connection established
-else Invalid
-  dps ->x dpc: Close connection
-end
-
-== Check available content  ==
-note over dpc, dps
-  Content available for the DPS library which is derived from the Enrollment Group configuration is used to drive the workflow of the provisioning.
-end note
-
-dpc -> dps: Get available resources
-dps -> dpc: Available provisioning flow resources
-note left of dps
-{
-    "if": [oic.if.r, oic.if.b]
-    "links": [
-        {
-            "href": "/api/v1/provisioning/acls"
-        },
-        {
-            "href": "/api/v1/provisioning/cloud-configuration"
-        },
-        {
-            "href": "/api/v1/provisioning/credentials"
-        },
-        {
-            "href": "/api/v1/provisioning/customResource1"
-        }
-        {
-            "href": "/api/v1/provisioning/ownership"
-        },
-        {
-            "href": "/api/v1/provisioning/ownership"
-        },
-        {
-            "href": "/x.plgd.dev/time"
-        },
-        ...
-    ]
-}
-end note
-
-== Device time synchronization  ==
-
-dpc -> dps: Get current time\n(GET x.plgd.dev/time)
-dps -> dpc: [[https://github.com/iotivity/iotivity-lite/blob/master/api/plgd/x.plgd.dev.time.yaml#L65 Current time]]
-dpc -> dpc: Apply time if out of sync
-
-== Device Ownership  ==
-
-dpc -> dps: Get device ownerhip\n(GET api/v1/provisioning/ownership)
-dps -> dps: Set owner from the Enrollment Group for the device
-dps -> dpc: [[https://github.com/openconnectivityfoundation/security/blob/master/swagger2.0/oic.sec.doxm.swagger.json#L160 Device Owner Transfer Method]]
-dpc -> dpc: Apply Ownership
-
-== Device Identity Credentials ==
-
-dpc -> dps : Sign Identity CSR and retrieve device credentials\n(POST api/v1/provisioning/credentials)
-alt JWT token not cached
-  dps -> os:Get token using client credential flow\nwith the owner from the dps configuration
-  os -> dps: JWT Token
-end
-dps -> ca: Sign device's Identity CSR
-ca -> dps: Identity Certificate and plgd hub CA
-dps -> dpc: [[https://github.com/openconnectivityfoundation/security/blob/master/swagger2.0/oic.sec.cred.swagger.json#L439 Identity Certificate and plgd hub CA]]
-dpc -> dpc: Apply Identity Credentials
-
-== Get Device ACLs ==
-
-dpc -> dps: Get device ACLs\n(GET api/v1/provisioning/acls)
-dps -> dps: Retrieve custom entries, generate required \nfor plgd hub instance and owner from the Enrollment Group
-dps -> dpc: [[https://github.com/openconnectivityfoundation/security/blob/master/swagger2.0/oic.sec.acl2.swagger.json#L362 Device ACLs]]
-dpc -> dpc: Apply ACLs
-
-== Resource pre-configuration ==
-
-dpc -> dps: Get pre-configuration specified in the Enrollment Group\n(GET api/v1/provisioning/res?if=oic.if.b)
-dps -> dpc: Resource content
-note left of dps
-{
-    "if": [oic.if.r, oic.if.b]
-    "links": [
-        {
-            "href": "/api/v1/provisioning/custom/resource/1"
-            "etag": "0",
-            "rep": {...}
-        },
-        {
-            "href": "/api/v1/provisioning/custom/resource/2"
-            "etag": "1",
-            "rep": {...}
-        },
-        ...
-    ]
-}
-end note
-
-== Get plgd hub configuration ==
-dpc -> dps : Get plgd hub connection data\n(GET api/v1/provisioning/cloud-configuration)
-dps -> os: Get token using client credential flow\nwith owner from the dps configuration
-dps -> dps: Get connection data of plgd hub\nregistered in the Enrollment Group
-dps -> dpc: [[https://github.com/openconnectivityfoundation/cloud-services/blob/master/swagger2.0/oic.r.coapcloudconf.swagger.json#L215 Token & connection data]]
-dpc -> dpc: Provisioning device for plgd hub connection
-dpc ->x dps: Close connection
-dpc -> dpc: Start Cloud Manager
-
-== plgd hub connection ==
-note across: Flow continues in a standard way, as documented [[https://docs.plgd.dev/docs/architecture/component-overview/#hub-registration here]]
-
-@enduml
+Generate svg from .puml by running:
+```sh
+plantuml -tsvg workflow.puml
+```
 -->
 
-![Plant UML](./workflow.puml).
+![Plant UML](./workflow.svg).
 
 ## Docker Image
 

diff --git a/device-provisioning-service/service/acls_test.go b/device-provisioning-service/service/acls_test.go
@@ -51,12 +51,13 @@ func TestAclsUDP(t *testing.T) {
 	shutDown := test.New(t, dpsCfg)
 	defer shutDown()
 
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*1)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
 	defer cancel()
 
 	tlsCfg := setupTLSConfig(t)
 	c, err := dtls.Dial(dpsCfg.APIs.COAP.Addr, pkgCoapService.TLSConfigToDTLSConfig(tlsCfg), options.WithContext(ctx))
 	require.NoError(t, err)
+
 	defer func() {
 		errC := c.Close()
 		require.NoError(t, errC)

diff --git a/device-provisioning-service/service/grpc/createEnrollmentGroup_test.go b/device-provisioning-service/service/grpc/createEnrollmentGroup_test.go
@@ -12,7 +12,7 @@ import (
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/service/grpc"
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/test"
 	"github.com/plgd-dev/hub/v2/pkg/config/property/urischeme"
-	kitNetGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
+	pkgGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
 	hubTest "github.com/plgd-dev/hub/v2/test"
 	"github.com/plgd-dev/hub/v2/test/config"
 	"github.com/stretchr/testify/require"
@@ -91,7 +91,7 @@ func TestDeviceProvisionServiceServerCreateEnrollmentGroup(t *testing.T) {
 	pb.RegisterDeviceProvisionServiceServer(ch, grpc.NewDeviceProvisionServiceServer(store, test.MakeAuthorizationConfig().OwnerClaim))
 	grpcClient := pb.NewDeviceProvisionServiceClient(ch)
 
-	ctx := kitNetGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
+	ctx := pkgGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
 		"sub": test.DPSOwner,
 	}))
 

diff --git a/device-provisioning-service/service/grpc/createHub_test.go b/device-provisioning-service/service/grpc/createHub_test.go
@@ -10,7 +10,7 @@ import (
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/pb"
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/service/grpc"
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/test"
-	kitNetGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
+	pkgGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
 	hubTest "github.com/plgd-dev/hub/v2/test"
 	"github.com/plgd-dev/hub/v2/test/config"
 	"github.com/stretchr/testify/require"
@@ -55,7 +55,7 @@ func TestDeviceProvisionServiceServerCreateHub(t *testing.T) {
 	pb.RegisterDeviceProvisionServiceServer(ch, grpc.NewDeviceProvisionServiceServer(store, test.MakeAuthorizationConfig().OwnerClaim))
 	grpcClient := pb.NewDeviceProvisionServiceClient(ch)
 
-	ctx := kitNetGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
+	ctx := pkgGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
 		"sub": test.DPSOwner,
 	}))
 

diff --git a/device-provisioning-service/service/grpc/deleteEnrollmentGroup_test.go b/device-provisioning-service/service/grpc/deleteEnrollmentGroup_test.go
@@ -10,7 +10,7 @@ import (
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/pb"
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/service/grpc"
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/test"
-	kitNetGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
+	pkgGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
 	"github.com/plgd-dev/hub/v2/test/config"
 	"github.com/stretchr/testify/require"
 )
@@ -44,7 +44,7 @@ func TestDeviceProvisionServiceServerDeleteEnrollmentGroups(t *testing.T) {
 	pb.RegisterDeviceProvisionServiceServer(ch, grpc.NewDeviceProvisionServiceServer(store, test.MakeAuthorizationConfig().OwnerClaim))
 	grpcClient := pb.NewDeviceProvisionServiceClient(ch)
 
-	ctx := kitNetGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
+	ctx := pkgGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
 		"sub": test.DPSOwner,
 	}))
 

diff --git a/device-provisioning-service/service/grpc/deleteHubs_test.go b/device-provisioning-service/service/grpc/deleteHubs_test.go
@@ -10,7 +10,7 @@ import (
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/pb"
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/service/grpc"
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/test"
-	kitNetGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
+	pkgGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
 	"github.com/plgd-dev/hub/v2/test/config"
 	"github.com/stretchr/testify/require"
 )
@@ -43,7 +43,7 @@ func TestDeviceProvisionServiceServerDeleteHubs(t *testing.T) {
 		},
 	}
 
-	ctx := kitNetGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
+	ctx := pkgGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
 		"sub": test.DPSOwner,
 	}))
 

diff --git a/device-provisioning-service/service/grpc/deleteProvisioningRecords_test.go b/device-provisioning-service/service/grpc/deleteProvisioningRecords_test.go
@@ -9,7 +9,7 @@ import (
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/pb"
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/service/grpc"
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/test"
-	kitNetGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
+	pkgGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
 	hubTest "github.com/plgd-dev/hub/v2/test"
 	"github.com/plgd-dev/hub/v2/test/config"
 	"github.com/stretchr/testify/require"
@@ -67,7 +67,7 @@ func TestDeviceProvisionServiceServerDeleteProvisioningRecords(t *testing.T) {
 	pb.RegisterDeviceProvisionServiceServer(ch, grpc.NewDeviceProvisionServiceServer(store, test.MakeAuthorizationConfig().OwnerClaim))
 	grpcClient := pb.NewDeviceProvisionServiceClient(ch)
 
-	ctx := kitNetGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
+	ctx := pkgGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
 		"sub": test.DPSOwner,
 	}))
 

diff --git a/device-provisioning-service/service/grpc/getEnrollmentGroups_test.go b/device-provisioning-service/service/grpc/getEnrollmentGroups_test.go
@@ -12,7 +12,7 @@ import (
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/pb"
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/service/grpc"
 	"github.com/plgd-dev/hub/v2/device-provisioning-service/test"
-	kitNetGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
+	pkgGrpc "github.com/plgd-dev/hub/v2/pkg/net/grpc"
 	hubTest "github.com/plgd-dev/hub/v2/test"
 	"github.com/plgd-dev/hub/v2/test/config"
 	"github.com/stretchr/testify/require"
@@ -59,7 +59,7 @@ func TestDeviceProvisionServiceServerGetEnrollmentGroups(t *testing.T) {
 	pb.RegisterDeviceProvisionServiceServer(ch, grpc.NewDeviceProvisionServiceServer(store, test.MakeAuthorizationConfig().OwnerClaim))
 	grpcClient := pb.NewDeviceProvisionServiceClient(ch)
 
-	ctx := kitNetGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
+	ctx := pkgGrpc.CtxWithToken(context.Background(), config.CreateJwtToken(t, jwt.MapClaims{
 		"sub": test.DPSOwner,
 	}))