fixup! Add HTTP client to certificate manager

plgd-dev · Oct 30, 2024 · 6dc596c · 6dc596c
1 parent cf7dfe1
commit 6dc596c
Show file tree

Hide file tree

Showing 14 changed files with 37 additions and 30 deletions.
diff --git a/cloud2cloud-connector/service/service.go b/cloud2cloud-connector/service/service.go
@@ -89,9 +89,9 @@ func newIdentityStoreClient(config IdentityStoreConfig, fileWatcher *fsnotify.Wa
 	return pbIS.NewIdentityStoreClient(isConn.GRPC()), closeIsConn, nil
 }
 
-func newSubscriber(config natsClient.ConfigSubscriber, fileWatcher *fsnotify.Watcher, logger log.Logger, tp trace.TracerProvider) (*subscriber.Subscriber, func(), error) {
+func newSubscriber(config natsClient.ConfigSubscriber, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider) (*subscriber.Subscriber, func(), error) {
 	var fl fn.FuncList
-	nats, err := natsClient.New(config.Config, fileWatcher, logger, tp)
+	nats, err := natsClient.New(config.Config, fileWatcher, logger, tracerProvider)
 	if err != nil {
 		return nil, nil, fmt.Errorf("cannot create nats client: %w", err)
 	}

diff --git a/cloud2cloud-gateway/service/service.go b/cloud2cloud-gateway/service/service.go
@@ -153,9 +153,9 @@ func newGrpcGatewayClient(config GrpcGatewayConfig, fileWatcher *fsnotify.Watche
 	return client, fl.ToFunction(), nil
 }
 
-func newResourceSubscriber(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tp trace.TracerProvider) (*subscriber.Subscriber, func(), error) {
+func newResourceSubscriber(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider) (*subscriber.Subscriber, func(), error) {
 	var fl fn.FuncList
-	nats, err := natsClient.New(config.Clients.Eventbus.NATS.Config, fileWatcher, logger, tp)
+	nats, err := natsClient.New(config.Clients.Eventbus.NATS.Config, fileWatcher, logger, tracerProvider)
 	if err != nil {
 		return nil, nil, fmt.Errorf("cannot create nats client: %w", err)
 	}
@@ -235,11 +235,11 @@ func New(ctx context.Context, config Config, fileWatcher *fsnotify.Watcher, logg
 
 	listener, err := listener.New(config.APIs.HTTP.Connection, fileWatcher, logger, tracerProvider)
 	if err != nil {
-		return nil, fmt.Errorf("cannot create http server: %w", err)
+		return nil, fmt.Errorf("cannot create http listener: %w", err)
 	}
 	closeListener := func() {
 		if errC := listener.Close(); errC != nil {
-			logger.Errorf("cannot create http server: %w", errC)
+			logger.Errorf("cannot close http listener: %w", errC)
 		}
 	}
 

diff --git a/coap-gateway/service/refreshToken_test.go b/coap-gateway/service/refreshToken_test.go
@@ -19,6 +19,7 @@ import (
 	"github.com/plgd-dev/hub/v2/test/service"
 	testService "github.com/plgd-dev/hub/v2/test/service"
 	"github.com/stretchr/testify/require"
+	"go.opentelemetry.io/otel/trace/noop"
 )
 
 type TestCoapRefreshTokenResponse struct {
@@ -115,7 +116,7 @@ func TestRefreshTokenWithOAuthNotWorking(t *testing.T) {
 		err = fileWatcher.Close()
 		require.NoError(t, err)
 	}()
-	s, err := listener.New(config.MakeListenerConfig(cfg.APIs.HTTP.Connection.Addr), fileWatcher, log.Get())
+	s, err := listener.New(config.MakeListenerConfig(cfg.APIs.HTTP.Connection.Addr), fileWatcher, log.Get(), noop.NewTracerProvider())
 	require.NoError(t, err)
 	defer func() {
 		err = s.Close()

diff --git a/device-provisioning-service/service/http/service.go b/device-provisioning-service/service/http/service.go
@@ -34,7 +34,7 @@ func New(ctx context.Context, serviceName string, config Config, fileWatcher *fs
 	listener, err := listener.New(config.Connection, fileWatcher, logger, tracerProvider)
 	if err != nil {
 		validator.Close()
-		return nil, fmt.Errorf("cannot create grpc server: %w", err)
+		return nil, fmt.Errorf("cannot create http listener: %w", err)
 	}
 	listener.AddCloseFunc(validator.Close)
 
@@ -48,6 +48,9 @@ func New(ctx context.Context, serviceName string, config Config, fileWatcher *fs
 
 	// register grpc-proxy handler
 	if err := pb.RegisterDeviceProvisionServiceHandlerClient(context.Background(), mux, grpcClient); err != nil {
+		if errC := listener.Close(); errC != nil {
+			logger.Errorf("cannot close http listener: %w", errC)
+		}
 		return nil, fmt.Errorf("failed to register grpc-gateway handler: %w", err)
 	}
 	r.PathPrefix("/").Handler(mux)

diff --git a/pkg/net/http/service/service.go b/pkg/net/http/service/service.go
@@ -27,7 +27,7 @@ type Service struct {
 func New(config Config) (*Service, error) {
 	listener, err := listener.New(config.HTTPConnection, config.FileWatcher, config.Logger, config.TraceProvider)
 	if err != nil {
-		return nil, fmt.Errorf("cannot create grpc server: %w", err)
+		return nil, fmt.Errorf("cannot create http listener %w", err)
 	}
 
 	router := mux.NewRouter()

diff --git a/pkg/opentelemetry/otelhttp/common.go b/pkg/opentelemetry/otelhttp/common.go
@@ -41,6 +41,6 @@ const (
 // be traced. A Filter must return true if the request should be traced.
 type Filter func(*http.Request) bool
 
-func newTracer(tp trace.TracerProvider) trace.Tracer {
-	return tp.Tracer(instrumentationName, trace.WithInstrumentationVersion(SemVersion()))
+func newTracer(tracerProvider trace.TracerProvider) trace.Tracer {
+	return tracerProvider.Tracer(instrumentationName, trace.WithInstrumentationVersion(SemVersion()))
 }
diff --git a/pkg/security/certManager/client/certManager.go b/pkg/security/certManager/client/certManager.go
@@ -14,8 +14,8 @@ type Config = pkgTls.ClientConfig
 // CertManager holds certificates from filesystem watched for changes
 type CertManager = general.ClientCertManager
 
-func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tp trace.TracerProvider) (*CertManager, error) {
-	return general.NewClientCertManager(config, fileWatcher, logger, tp)
+func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider) (*CertManager, error) {
+	return general.NewClientCertManager(config, fileWatcher, logger, tracerProvider)
 }
 
 func NewHTTPClient(config pkgTls.HTTPConfigurer, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider) (*client.Client, error) {

diff --git a/pkg/security/certManager/general/certManager.go b/pkg/security/certManager/general/certManager.go
@@ -86,7 +86,7 @@ func tryToWatchFile(file urischeme.URIScheme, fileWatcher *fsnotify.Watcher, rem
 }
 
 // New creates a new certificate manager which watches for certs in a filesystem
-func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tp trace.TracerProvider) (*CertManager, error) {
+func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider) (*CertManager, error) {
 	verifyClientCertificate := tls.RequireAndVerifyClientCert
 	if !config.ClientCertificateRequired {
 		verifyClientCertificate = tls.NoClientCert
@@ -95,7 +95,7 @@ func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tp tra
 	var httpClient *pkgHttpClient.Client
 	if config.CRL.Enabled {
 		var err error
-		httpClient, err = NewHTTPClient(config.CRL.HTTP, fileWatcher, logger, tp)
+		httpClient, err = NewHTTPClient(config.CRL.HTTP, fileWatcher, logger, tracerProvider)
 		if err != nil {
 			return nil, err
 		}

diff --git a/pkg/security/certManager/general/clientCertManager.go b/pkg/security/certManager/general/clientCertManager.go
@@ -43,13 +43,13 @@ func (c *ClientCertManager) Close() {
 }
 
 // New creates a new certificate manager which watches for certs in a filesystem
-func NewClientCertManager(config pkgTls.ClientConfig, fileWatcher *fsnotify.Watcher, logger log.Logger, tp trace.TracerProvider) (*ClientCertManager, error) {
+func NewClientCertManager(config pkgTls.ClientConfig, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider) (*ClientCertManager, error) {
 	if err := config.Validate(); err != nil {
 		return nil, err
 	}
 	caPoolArray, _ := config.CAPoolArray()
 
-	c, err := New(ClientConfig(caPoolArray, config.KeyFile, config.CertFile, config.UseSystemCAPool, config.CRL), fileWatcher, ClientLogger(logger), tp)
+	c, err := New(ClientConfig(caPoolArray, config.KeyFile, config.CertFile, config.UseSystemCAPool, config.CRL), fileWatcher, ClientLogger(logger), tracerProvider)
 	if err != nil {
 		return nil, err
 	}
@@ -58,10 +58,10 @@ func NewClientCertManager(config pkgTls.ClientConfig, fileWatcher *fsnotify.Watc
 	}, nil
 }
 
-func NewHTTPClient(config pkgTls.HTTPConfigurer, fileWatcher *fsnotify.Watcher, logger log.Logger, tp trace.TracerProvider) (*client.Client, error) {
-	cm, err := NewClientCertManager(config.GetTLS(), fileWatcher, logger, tp)
+func NewHTTPClient(config pkgTls.HTTPConfigurer, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider) (*client.Client, error) {
+	cm, err := NewClientCertManager(config.GetTLS(), fileWatcher, logger, tracerProvider)
 	if err != nil {
 		return nil, fmt.Errorf("cannot create cert manager %w", err)
 	}
-	return client.New(config, cm, tp)
+	return client.New(config, cm, tracerProvider)
 }
diff --git a/pkg/security/certManager/server/certManager.go b/pkg/security/certManager/server/certManager.go
@@ -45,6 +45,9 @@ func (c *Config) Validate() error {
 	if c.KeyFile == "" {
 		return fmt.Errorf("keyFile('%v')", c.KeyFile)
 	}
+	if err := c.CRL.Validate(); err != nil {
+		return fmt.Errorf("CRL configuration is invalid: %w", err)
+	}
 	c.validated = true
 	return nil
 }
@@ -72,7 +75,7 @@ func (c *CertManager) Close() {
 }
 
 // New creates a new certificate manager which watches for certs in a filesystem
-func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tp trace.TracerProvider) (*CertManager, error) {
+func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider) (*CertManager, error) {
 	if !config.validated {
 		if err := config.Validate(); err != nil {
 			return nil, err
@@ -85,7 +88,7 @@ func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tp tra
 		ClientCertificateRequired: config.ClientCertificateRequired,
 		UseSystemCAPool:           false,
 		CRL:                       config.CRL,
-	}, fileWatcher, logger.With(log.CertManagerKey, "server"), tp)
+	}, fileWatcher, logger.With(log.CertManagerKey, "server"), tracerProvider)
 	if err != nil {
 		return nil, err
 	}

diff --git a/resource-aggregate/cqrs/eventbus/nats/client/client.go b/resource-aggregate/cqrs/eventbus/nats/client/client.go
@@ -16,8 +16,8 @@ type Client struct {
 	closeFunc fn.FuncList
 }
 
-func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tp trace.TracerProvider) (*Client, error) {
-	certManager, err := client.New(config.TLS, fileWatcher, logger, tp)
+func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider) (*Client, error) {
+	certManager, err := client.New(config.TLS, fileWatcher, logger, tracerProvider)
 	if err != nil {
 		return nil, fmt.Errorf("cannot create cert manager: %w", err)
 	}

diff --git a/resource-aggregate/cqrs/eventbus/nats/test/publisher.go b/resource-aggregate/cqrs/eventbus/nats/test/publisher.go
@@ -8,8 +8,8 @@ import (
 	"go.opentelemetry.io/otel/trace"
 )
 
-func NewClientAndPublisher(config client.ConfigPublisher, fileWatcher *fsnotify.Watcher, logger log.Logger, tp trace.TracerProvider, opts ...publisher.Option) (*client.Client, *publisher.Publisher, error) {
-	c, err := client.New(config.Config, fileWatcher, logger, tp)
+func NewClientAndPublisher(config client.ConfigPublisher, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider, opts ...publisher.Option) (*client.Client, *publisher.Publisher, error) {
+	c, err := client.New(config.Config, fileWatcher, logger, tracerProvider)
 	if err != nil {
 		return nil, nil, err
 	}

diff --git a/resource-aggregate/cqrs/eventbus/nats/test/subscriber.go b/resource-aggregate/cqrs/eventbus/nats/test/subscriber.go
@@ -8,8 +8,8 @@ import (
 	"go.opentelemetry.io/otel/trace"
 )
 
-func NewClientAndSubscriber(config client.ConfigSubscriber, fileWatcher *fsnotify.Watcher, logger log.Logger, tp trace.TracerProvider, opts ...subscriber.Option) (*client.Client, *subscriber.Subscriber, error) {
-	c, err := client.New(config.Config, fileWatcher, logger, tp)
+func NewClientAndSubscriber(config client.ConfigSubscriber, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider, opts ...subscriber.Option) (*client.Client, *subscriber.Subscriber, error) {
+	c, err := client.New(config.Config, fileWatcher, logger, tracerProvider)
 	if err != nil {
 		return nil, nil, err
 	}

diff --git a/snippet-service/service/resourceSubscriber.go b/snippet-service/service/resourceSubscriber.go
@@ -22,8 +22,8 @@ type ResourceSubscriber struct {
 	observer            eventbus.Observer
 }
 
-func NewResourceSubscriber(ctx context.Context, config natsClient.ConfigSubscriber, subscriptionID string, fileWatcher *fsnotify.Watcher, logger log.Logger, tp trace.TracerProvider, handler eventbus.Handler) (*ResourceSubscriber, error) {
-	nats, err := natsClient.New(config.Config, fileWatcher, logger, tp)
+func NewResourceSubscriber(ctx context.Context, config natsClient.ConfigSubscriber, subscriptionID string, fileWatcher *fsnotify.Watcher, logger log.Logger, tracerProvider trace.TracerProvider, handler eventbus.Handler) (*ResourceSubscriber, error) {
+	nats, err := natsClient.New(config.Config, fileWatcher, logger, tracerProvider)
 	if err != nil {
 		return nil, fmt.Errorf("cannot create nats client: %w", err)
 	}