From ae98cc992f6e968091cab2bb8aed6cd31bddf629 Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Tue, 29 Apr 2025 15:45:26 +0530 Subject: [PATCH 01/84] Publisher plugin implementation --- go.mod | 1 + go.sum | 2 + .../implementation/publisher/cmd/plugin.go | 96 ++++++++++++++ .../implementation/publisher/publisher.go | 119 ++++++++++++++++++ 4 files changed, 218 insertions(+) create mode 100644 pkg/plugin/implementation/publisher/cmd/plugin.go create mode 100644 pkg/plugin/implementation/publisher/publisher.go diff --git a/go.mod b/go.mod index 12fad60..29412d4 100644 --- a/go.mod +++ b/go.mod @@ -32,6 +32,7 @@ require ( require ( github.com/hashicorp/go-retryablehttp v0.7.7 + github.com/rabbitmq/amqp091-go v1.10.0 github.com/rs/zerolog v1.34.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index 821e117..d6ddf7e 100644 --- a/go.sum +++ b/go.sum @@ -30,6 +30,8 @@ github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsK github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rabbitmq/amqp091-go v1.10.0 h1:STpn5XsHlHGcecLmMFCtg7mqq0RnD+zFr4uzukfVhBw= +github.com/rabbitmq/amqp091-go v1.10.0/go.mod h1:Hy4jKW5kQART1u+JkDTF9YYOQUHXqMuhrgxOEeS7G4o= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= diff --git a/pkg/plugin/implementation/publisher/cmd/plugin.go b/pkg/plugin/implementation/publisher/cmd/plugin.go new file mode 100644 index 0000000..647edaf --- /dev/null +++ b/pkg/plugin/implementation/publisher/cmd/plugin.go @@ -0,0 +1,96 @@ +package main + +import ( + "context" + "fmt" + + "github.com/beckn/beckn-onix/pkg/log" + "github.com/beckn/beckn-onix/pkg/plugin/definition" + "github.com/beckn/beckn-onix/pkg/plugin/implementation/publisher" + "github.com/rabbitmq/amqp091-go" +) + +// publisherProvider implements the PublisherProvider interface. +// It is responsible for creating a new Publisher instance. +type publisherProvider struct{} + +// New creates a new Publisher instance based on the provided configuration map. +// It also returns a cleanup function to close resources and any potential errors encountered. +func (p *publisherProvider) New(ctx context.Context, config map[string]string) (definition.Publisher, func() error, error) { + // Step 1: Map config + cfg := &publisher.Config{ + Addr: config["addr"], + Exchange: config["exchange"], + RoutingKey: config["routing_key"], + Durable: config["durable"] == "true", + UseTLS: config["use_tls"] == "true", + } + log.Debugf(ctx, "Publisher config mapped: %+v", cfg) + + // Step 2: Validate + if err := publisher.Validate(cfg); err != nil { + log.Errorf(ctx, err, "Publisher config validation failed") + return nil, nil, err + } + log.Infof(ctx, "Publisher config validated successfully") + + // Step 3:URL + connURL, err := publisher.GetConnURL(cfg) + if err != nil { + log.Errorf(ctx, err, "Failed to build RabbitMQ connection URL") + return nil, nil, fmt.Errorf("failed to build connection URL: %w", err) + } + log.Debugf(ctx, "RabbitMQ connection URL built: %s", connURL) + // Step 4: Connect + conn, err := amqp091.Dial(connURL) + if err != nil { + log.Errorf(ctx, err, "Failed to connect to RabbitMQ") + return nil, nil, fmt.Errorf("%w: %v", publisher.ErrConnectionFailed, err) + } + log.Infof(ctx, "Connected to RabbitMQ") + + ch, err := conn.Channel() + if err != nil { + conn.Close() + log.Errorf(ctx, err, "Failed to open RabbitMQ channel") + return nil, nil, fmt.Errorf("%w: %v", publisher.ErrChannelFailed, err) + } + log.Infof(ctx, "RabbitMQ channel opened successfully") + + // Step 5: Declare Exchange + err = ch.ExchangeDeclare( + cfg.Exchange, + "topic", + cfg.Durable, + false, + false, + false, + nil, + ) + if err != nil { + ch.Close() + conn.Close() + log.Errorf(ctx, err, "Failed to declare exchange: %s", cfg.Exchange) + return nil, nil, fmt.Errorf("%w: %v", publisher.ErrExchangeDeclare, err) + } + log.Infof(ctx, "RabbitMQ exchange declared successfully: %s", cfg.Exchange) + + // Step 6: Create publisher instance + publisher := &publisher.Publisher{ + Conn: conn, + Channel: ch, + Config: cfg, + } + + cleanup := func() error { + log.Infof(ctx, "Cleaning up RabbitMQ resources") + _ = ch.Close() + return conn.Close() + } + + log.Infof(ctx, "Publisher instance created successfully") + return publisher, cleanup, nil +} + +// Provider is the instance of publisherProvider that implements the PublisherProvider interface. +var Provider = publisherProvider{} diff --git a/pkg/plugin/implementation/publisher/publisher.go b/pkg/plugin/implementation/publisher/publisher.go new file mode 100644 index 0000000..a861caf --- /dev/null +++ b/pkg/plugin/implementation/publisher/publisher.go @@ -0,0 +1,119 @@ +package publisher + +import ( + "context" + "errors" + "fmt" + "net/url" + "os" + "strings" + + "github.com/beckn/beckn-onix/pkg/log" + "github.com/beckn/beckn-onix/pkg/model" + "github.com/rabbitmq/amqp091-go" +) + +// Config holds the configuration required to establish a connection with RabbitMQ. +type Config struct { + Addr string + Exchange string + RoutingKey string + Durable bool + UseTLS bool +} + +// Publisher manages the RabbitMQ connection and channel to publish messages. +type Publisher struct { + Conn *amqp091.Connection + Channel *amqp091.Channel + Config *Config +} + +// Error variables representing different failure scenarios. +var ( + ErrEmptyConfig = errors.New("empty config") + ErrAddrMissing = errors.New("missing required field 'Addr'") + ErrExchangeMissing = errors.New("missing required field 'Exchange'") + ErrCredentialMissing = errors.New("missing RabbitMQ credentials in environment") + ErrConnectionFailed = errors.New("failed to connect to RabbitMQ") + ErrChannelFailed = errors.New("failed to open channel") + ErrExchangeDeclare = errors.New("failed to declare exchange") +) + +// Validate checks whether the provided Config is valid for connecting to RabbitMQ. +func Validate(cfg *Config) error { + if cfg == nil { + return model.NewBadReqErr(fmt.Errorf("config is nil")) + } + if strings.TrimSpace(cfg.Addr) == "" { + return model.NewBadReqErr(fmt.Errorf("missing config.Addr")) + } + if strings.TrimSpace(cfg.Exchange) == "" { + return model.NewBadReqErr(fmt.Errorf("missing config.Exchange")) + } + return nil +} + +// GetConnURL constructs the RabbitMQ connection URL using the config and environment credentials. +func GetConnURL(cfg *Config) (string, error) { + user := os.Getenv("RABBITMQ_USERNAME") + pass := os.Getenv("RABBITMQ_PASSWORD") + if user == "" || pass == "" { + return "", model.NewBadReqErr(fmt.Errorf("missing RabbitMQ credentials in environment")) + } + + parts := strings.SplitN(cfg.Addr, "/", 2) + hostPort := parts[0] + vhost := "/" + if len(parts) > 1 { + vhost = parts[1] + } + + if !strings.Contains(hostPort, ":") { + if cfg.UseTLS { + hostPort += ":5671" + } else { + hostPort += ":5672" + } + } + + encodedUser := url.QueryEscape(user) + encodedPass := url.QueryEscape(pass) + encodedVHost := url.QueryEscape(vhost) + protocol := "amqp" + if cfg.UseTLS { + protocol = "amqps" + } + + connURL := fmt.Sprintf("%s://%s:%s@%s/%s", protocol, encodedUser, encodedPass, hostPort, encodedVHost) + log.Debugf(context.Background(), "Generated RabbitMQ connection URL: %s", connURL) + return connURL, nil +} + +// Publish sends a message to the configured RabbitMQ exchange with the specified routing key. +// If routingKey is empty, the default routing key from Config is used. +func (p *Publisher) Publish(ctx context.Context, routingKey string, msg []byte) error { + if routingKey == "" { + routingKey = p.Config.RoutingKey + } + log.Debugf(ctx, "Attempting to publish message. Exchange: %s, RoutingKey: %s", p.Config.Exchange, routingKey) + err := p.Channel.PublishWithContext( + ctx, + p.Config.Exchange, + routingKey, + false, + false, + amqp091.Publishing{ + ContentType: "application/json", + Body: msg, + }, + ) + + if err != nil { + log.Errorf(ctx, err, "Publish failed for Exchange: %s, RoutingKey: %s", p.Config.Exchange, routingKey) + return model.NewBadReqErr(fmt.Errorf("publish message failed: %w", err)) + } + + log.Infof(ctx, "Message published successfully to Exchange: %s, RoutingKey: %s", p.Config.Exchange, routingKey) + return nil +} From 72f8be52faa42dd45ed904448e659bc57fea6d0e Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Tue, 6 May 2025 10:29:23 +0530 Subject: [PATCH 02/84] added test case --- pkg/plugin/definition/publisher.go | 1 + .../publisher/publisher_test.go | 150 ++++++++++++++++++ 2 files changed, 151 insertions(+) create mode 100644 pkg/plugin/implementation/publisher/publisher_test.go diff --git a/pkg/plugin/definition/publisher.go b/pkg/plugin/definition/publisher.go index 1e744da..55ed217 100644 --- a/pkg/plugin/definition/publisher.go +++ b/pkg/plugin/definition/publisher.go @@ -8,6 +8,7 @@ type Publisher interface { Publish(context.Context, string, []byte) error } +// PublisherProvider is the interface for creating new Publisher instances. type PublisherProvider interface { // New initializes a new publisher instance with the given configuration. New(ctx context.Context, config map[string]string) (Publisher, func() error, error) diff --git a/pkg/plugin/implementation/publisher/publisher_test.go b/pkg/plugin/implementation/publisher/publisher_test.go new file mode 100644 index 0000000..175bafb --- /dev/null +++ b/pkg/plugin/implementation/publisher/publisher_test.go @@ -0,0 +1,150 @@ +package publisher + +import ( + "os" + "testing" +) + +func TestGetConnURLSuccess(t *testing.T) { + tests := []struct { + name string + config *Config + }{ + { + name: "Valid config with credentials", + config: &Config{ + Addr: "localhost:5672", + UseTLS: false, + }, + }, + { + name: "Valid config with vhost", + config: &Config{ + Addr: "localhost:5672/myvhost", + UseTLS: false, + }, + }, + } + + // Set valid credentials + os.Setenv("RABBITMQ_USERNAME", "guest") + os.Setenv("RABBITMQ_PASSWORD", "guest") + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + url, err := GetConnURL(tt.config) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if url == "" { + t.Error("expected non-empty URL, got empty string") + } + }) + } +} + +func TestGetConnURLFailure(t *testing.T) { + tests := []struct { + name string + username string + password string + config *Config + wantErr bool + }{ + { + name: "Missing credentials", + username: "", + password: "", + config: &Config{Addr: "localhost:5672"}, + wantErr: true, + }, + { + name: "Missing config address", + username: "guest", + password: "guest", + config: &Config{}, // this won't error unless Validate() is called separately + wantErr: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if tt.username == "" { + os.Unsetenv("RABBITMQ_USERNAME") + } else { + os.Setenv("RABBITMQ_USERNAME", tt.username) + } + + if tt.password == "" { + os.Unsetenv("RABBITMQ_PASSWORD") + } else { + os.Setenv("RABBITMQ_PASSWORD", tt.password) + } + + url, err := GetConnURL(tt.config) + if (err != nil) != tt.wantErr { + t.Errorf("unexpected error. gotErr = %v, wantErr = %v", err != nil, tt.wantErr) + } + + if err == nil && url == "" { + t.Errorf("expected non-empty URL, got empty string") + } + }) + } +} + +func TestValidateSuccess(t *testing.T) { + tests := []struct { + name string + config *Config + }{ + { + name: "Valid config with Addr and Exchange", + config: &Config{ + Addr: "localhost:5672", + Exchange: "ex", + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := Validate(tt.config); err != nil { + t.Errorf("expected no error, got: %v", err) + } + }) + } +} + +func TestValidateFailure(t *testing.T) { + tests := []struct { + name string + config *Config + }{ + { + name: "Nil config", + config: nil, + }, + { + name: "Missing Addr", + config: &Config{Exchange: "ex"}, + }, + { + name: "Missing Exchange", + config: &Config{Addr: "localhost:5672"}, + }, + { + name: "Empty Addr and Exchange", + config: &Config{Addr: " ", Exchange: " "}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := Validate(tt.config) + if err == nil { + t.Errorf("expected error for invalid config, got nil") + } + }) + } +} From 2e0b5834d7d3335897feafd65bf7cc3d6be952f8 Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Tue, 6 May 2025 12:08:56 +0530 Subject: [PATCH 03/84] added updated test case for the publisher implementation --- .../implementation/publisher/publisher.go | 7 +- .../publisher/publisher_test.go | 70 +++++++++++++++++++ 2 files changed, 76 insertions(+), 1 deletion(-) diff --git a/pkg/plugin/implementation/publisher/publisher.go b/pkg/plugin/implementation/publisher/publisher.go index a861caf..5623775 100644 --- a/pkg/plugin/implementation/publisher/publisher.go +++ b/pkg/plugin/implementation/publisher/publisher.go @@ -22,10 +22,15 @@ type Config struct { UseTLS bool } +// Channel defines the interface for publishing messages to RabbitMQ. +type Channel interface { + PublishWithContext(ctx context.Context, exchange, key string, mandatory, immediate bool, msg amqp091.Publishing) error +} + // Publisher manages the RabbitMQ connection and channel to publish messages. type Publisher struct { Conn *amqp091.Connection - Channel *amqp091.Channel + Channel Channel Config *Config } diff --git a/pkg/plugin/implementation/publisher/publisher_test.go b/pkg/plugin/implementation/publisher/publisher_test.go index 175bafb..5002f29 100644 --- a/pkg/plugin/implementation/publisher/publisher_test.go +++ b/pkg/plugin/implementation/publisher/publisher_test.go @@ -1,8 +1,12 @@ package publisher import ( + "context" + "errors" "os" "testing" + + "github.com/rabbitmq/amqp091-go" ) func TestGetConnURLSuccess(t *testing.T) { @@ -148,3 +152,69 @@ func TestValidateFailure(t *testing.T) { }) } } + +type mockChannel struct { + published bool + args amqp091.Publishing + exchange string + key string + fail bool +} + +func (m *mockChannel) PublishWithContext( + _ context.Context, + exchange, key string, + mandatory, immediate bool, + msg amqp091.Publishing, +) error { + if m.fail { + return errors.New("mock publish failure") + } + m.published = true + m.args = msg + m.exchange = exchange + m.key = key + return nil +} + +func TestPublishSuccess(t *testing.T) { + mockCh := &mockChannel{} + + p := &Publisher{ + Channel: mockCh, + Config: &Config{ + Exchange: "mock.exchange", + RoutingKey: "mock.key", + }, + } + + err := p.Publish(context.Background(), "", []byte(`{"test": true}`)) + if err != nil { + t.Errorf("expected no error, got: %v", err) + } + + if !mockCh.published { + t.Error("expected message to be published, but it wasn't") + } + + if mockCh.exchange != "mock.exchange" || mockCh.key != "mock.key" { + t.Errorf("unexpected exchange or key. got (%s, %s)", mockCh.exchange, mockCh.key) + } +} + +func TestPublishFailure(t *testing.T) { + mockCh := &mockChannel{fail: true} + + p := &Publisher{ + Channel: mockCh, + Config: &Config{ + Exchange: "mock.exchange", + RoutingKey: "mock.key", + }, + } + + err := p.Publish(context.Background(), "", []byte(`{"test": true}`)) + if err == nil { + t.Error("expected error from failed publish, got nil") + } +} From e5cccc30f85617c91ab8b54bdeeaad7ede1c192e Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Tue, 13 May 2025 12:30:34 +0530 Subject: [PATCH 04/84] Resolved PR Review comments --- .../implementation/publisher/cmd/plugin.go | 69 +------ .../publisher/cmd/plugin_test.go | 106 +++++++++++ .../implementation/publisher/publisher.go | 72 ++++++++ .../publisher/publisher_test.go | 174 ++++++++++++++++-- 4 files changed, 344 insertions(+), 77 deletions(-) create mode 100644 pkg/plugin/implementation/publisher/cmd/plugin_test.go diff --git a/pkg/plugin/implementation/publisher/cmd/plugin.go b/pkg/plugin/implementation/publisher/cmd/plugin.go index 647edaf..ccf87fa 100644 --- a/pkg/plugin/implementation/publisher/cmd/plugin.go +++ b/pkg/plugin/implementation/publisher/cmd/plugin.go @@ -2,22 +2,18 @@ package main import ( "context" - "fmt" "github.com/beckn/beckn-onix/pkg/log" "github.com/beckn/beckn-onix/pkg/plugin/definition" "github.com/beckn/beckn-onix/pkg/plugin/implementation/publisher" - "github.com/rabbitmq/amqp091-go" ) // publisherProvider implements the PublisherProvider interface. // It is responsible for creating a new Publisher instance. type publisherProvider struct{} -// New creates a new Publisher instance based on the provided configuration map. -// It also returns a cleanup function to close resources and any potential errors encountered. +// New creates a new Publisher instance based on the provided configuration. func (p *publisherProvider) New(ctx context.Context, config map[string]string) (definition.Publisher, func() error, error) { - // Step 1: Map config cfg := &publisher.Config{ Addr: config["addr"], Exchange: config["exchange"], @@ -27,69 +23,14 @@ func (p *publisherProvider) New(ctx context.Context, config map[string]string) ( } log.Debugf(ctx, "Publisher config mapped: %+v", cfg) - // Step 2: Validate - if err := publisher.Validate(cfg); err != nil { - log.Errorf(ctx, err, "Publisher config validation failed") + pub, cleanup, err := publisher.New(cfg) + if err != nil { + log.Errorf(ctx, err, "Failed to create publisher instance") return nil, nil, err } - log.Infof(ctx, "Publisher config validated successfully") - - // Step 3:URL - connURL, err := publisher.GetConnURL(cfg) - if err != nil { - log.Errorf(ctx, err, "Failed to build RabbitMQ connection URL") - return nil, nil, fmt.Errorf("failed to build connection URL: %w", err) - } - log.Debugf(ctx, "RabbitMQ connection URL built: %s", connURL) - // Step 4: Connect - conn, err := amqp091.Dial(connURL) - if err != nil { - log.Errorf(ctx, err, "Failed to connect to RabbitMQ") - return nil, nil, fmt.Errorf("%w: %v", publisher.ErrConnectionFailed, err) - } - log.Infof(ctx, "Connected to RabbitMQ") - - ch, err := conn.Channel() - if err != nil { - conn.Close() - log.Errorf(ctx, err, "Failed to open RabbitMQ channel") - return nil, nil, fmt.Errorf("%w: %v", publisher.ErrChannelFailed, err) - } - log.Infof(ctx, "RabbitMQ channel opened successfully") - - // Step 5: Declare Exchange - err = ch.ExchangeDeclare( - cfg.Exchange, - "topic", - cfg.Durable, - false, - false, - false, - nil, - ) - if err != nil { - ch.Close() - conn.Close() - log.Errorf(ctx, err, "Failed to declare exchange: %s", cfg.Exchange) - return nil, nil, fmt.Errorf("%w: %v", publisher.ErrExchangeDeclare, err) - } - log.Infof(ctx, "RabbitMQ exchange declared successfully: %s", cfg.Exchange) - - // Step 6: Create publisher instance - publisher := &publisher.Publisher{ - Conn: conn, - Channel: ch, - Config: cfg, - } - - cleanup := func() error { - log.Infof(ctx, "Cleaning up RabbitMQ resources") - _ = ch.Close() - return conn.Close() - } log.Infof(ctx, "Publisher instance created successfully") - return publisher, cleanup, nil + return pub, cleanup, nil } // Provider is the instance of publisherProvider that implements the PublisherProvider interface. diff --git a/pkg/plugin/implementation/publisher/cmd/plugin_test.go b/pkg/plugin/implementation/publisher/cmd/plugin_test.go new file mode 100644 index 0000000..e3f9837 --- /dev/null +++ b/pkg/plugin/implementation/publisher/cmd/plugin_test.go @@ -0,0 +1,106 @@ +package main + +import ( + "context" + "errors" + "strings" + "testing" + + "github.com/beckn/beckn-onix/pkg/plugin/implementation/publisher" + "github.com/rabbitmq/amqp091-go" +) + +type mockChannel struct{} + +func (m *mockChannel) PublishWithContext(ctx context.Context, exchange, key string, mandatory, immediate bool, msg amqp091.Publishing) error { + return nil +} +func (m *mockChannel) ExchangeDeclare(name, kind string, durable, autoDelete, internal, noWait bool, args amqp091.Table) error { + return nil +} +func (m *mockChannel) Close() error { + return nil +} + +func TestPublisherProvider_New_Success(t *testing.T) { + // Save original dialFunc and channelFunc + originalDialFunc := publisher.DialFunc + originalChannelFunc := publisher.ChannelFunc + defer func() { + publisher.DialFunc = originalDialFunc + publisher.ChannelFunc = originalChannelFunc + }() + + // Override mocks + publisher.DialFunc = func(url string) (*amqp091.Connection, error) { + return nil, nil + } + publisher.ChannelFunc = func(conn *amqp091.Connection) (publisher.Channel, error) { + return &mockChannel{}, nil + } + + t.Setenv("RABBITMQ_USERNAME", "guest") + t.Setenv("RABBITMQ_PASSWORD", "guest") + + config := map[string]string{ + "addr": "localhost", + "exchange": "test-exchange", + "routing_key": "test.key", + "durable": "true", + "use_tls": "false", + } + + ctx := context.Background() + pub, cleanup, err := Provider.New(ctx, config) + + if err != nil { + t.Fatalf("Provider.New returned error: %v", err) + } + if pub == nil { + t.Fatal("Expected non-nil publisher") + } + if cleanup == nil { + t.Fatal("Expected non-nil cleanup function") + } + + if err := cleanup(); err != nil { + t.Errorf("Cleanup returned error: %v", err) + } +} + +func TestPublisherProvider_New_Failure(t *testing.T) { + // Save and restore dialFunc + originalDialFunc := publisher.DialFunc + defer func() { publisher.DialFunc = originalDialFunc }() + + // Simulate dial failure + publisher.DialFunc = func(url string) (*amqp091.Connection, error) { + return nil, errors.New("dial failed") + } + + t.Setenv("RABBITMQ_USERNAME", "guest") + t.Setenv("RABBITMQ_PASSWORD", "guest") + + config := map[string]string{ + "addr": "localhost", + "exchange": "test-exchange", + "routing_key": "test.key", + "durable": "true", + } + + ctx := context.Background() + pub, cleanup, err := Provider.New(ctx, config) + + if err == nil { + t.Fatal("Expected error from Provider.New but got nil") + } + if !strings.Contains(err.Error(), "dial failed") { + t.Errorf("Expected 'dial failed' error, got: %v", err) + } + if pub != nil { + t.Errorf("Expected nil publisher, got: %v", pub) + } + if cleanup != nil { + t.Error("Expected nil cleanup, got non-nil") + } +} diff --git a/pkg/plugin/implementation/publisher/publisher.go b/pkg/plugin/implementation/publisher/publisher.go index 5623775..60f531d 100644 --- a/pkg/plugin/implementation/publisher/publisher.go +++ b/pkg/plugin/implementation/publisher/publisher.go @@ -25,6 +25,8 @@ type Config struct { // Channel defines the interface for publishing messages to RabbitMQ. type Channel interface { PublishWithContext(ctx context.Context, exchange, key string, mandatory, immediate bool, msg amqp091.Publishing) error + ExchangeDeclare(name, kind string, durable, autoDelete, internal, noWait bool, args amqp091.Table) error + Close() error } // Publisher manages the RabbitMQ connection and channel to publish messages. @@ -122,3 +124,73 @@ func (p *Publisher) Publish(ctx context.Context, routingKey string, msg []byte) log.Infof(ctx, "Message published successfully to Exchange: %s, RoutingKey: %s", p.Config.Exchange, routingKey) return nil } + +// DialFunc is a function variable used to establish a connection to RabbitMQ. +var DialFunc = amqp091.Dial + +// ChannelFunc is a function variable used to open a channel on the given RabbitMQ connection. +var ChannelFunc = func(conn *amqp091.Connection) (Channel, error) { + return conn.Channel() +} + +// New initializes a new Publisher with the given config, opens a connection, +// channel, and declares the exchange. Returns the publisher and a cleanup function. +func New(cfg *Config) (*Publisher, func() error, error) { + // Step 1: Validate config + if err := Validate(cfg); err != nil { + return nil, nil, err + } + + // Step 2: Build connection URL + connURL, err := GetConnURL(cfg) + if err != nil { + return nil, nil, fmt.Errorf("%w: %v", ErrConnectionFailed, err) + } + + // Step 3: Dial connection + conn, err := DialFunc(connURL) + if err != nil { + return nil, nil, fmt.Errorf("%w: %v", ErrConnectionFailed, err) + } + + // Step 4: Open channel + ch, err := ChannelFunc(conn) + if err != nil { + conn.Close() + return nil, nil, fmt.Errorf("%w: %v", ErrChannelFailed, err) + } + + // Step 5: Declare exchange + if err := ch.ExchangeDeclare( + cfg.Exchange, + "topic", + cfg.Durable, + false, + false, + false, + nil, + ); err != nil { + ch.Close() + conn.Close() + return nil, nil, fmt.Errorf("%w: %v", ErrExchangeDeclare, err) + } + + // Step 6: Construct publisher + pub := &Publisher{ + Conn: conn, + Channel: ch, + Config: cfg, + } + + cleanup := func() error { + if ch != nil { + _ = ch.Close() + } + if conn != nil { + return conn.Close() + } + return nil + } + + return pub, cleanup, nil +} diff --git a/pkg/plugin/implementation/publisher/publisher_test.go b/pkg/plugin/implementation/publisher/publisher_test.go index 5002f29..b54fa9b 100644 --- a/pkg/plugin/implementation/publisher/publisher_test.go +++ b/pkg/plugin/implementation/publisher/publisher_test.go @@ -2,8 +2,9 @@ package publisher import ( "context" - "errors" + "fmt" "os" + "strings" "testing" "github.com/rabbitmq/amqp091-go" @@ -153,32 +154,35 @@ func TestValidateFailure(t *testing.T) { } } -type mockChannel struct { +type mockChannelForPublish struct { published bool - args amqp091.Publishing exchange string key string + body []byte fail bool } -func (m *mockChannel) PublishWithContext( - _ context.Context, - exchange, key string, - mandatory, immediate bool, - msg amqp091.Publishing, -) error { +func (m *mockChannelForPublish) PublishWithContext(ctx context.Context, exchange, key string, mandatory, immediate bool, msg amqp091.Publishing) error { if m.fail { - return errors.New("mock publish failure") + return fmt.Errorf("simulated publish failure") } m.published = true - m.args = msg m.exchange = exchange m.key = key + m.body = msg.Body + return nil +} + +func (m *mockChannelForPublish) ExchangeDeclare(name, kind string, durable, autoDelete, internal, noWait bool, args amqp091.Table) error { + return nil +} + +func (m *mockChannelForPublish) Close() error { return nil } func TestPublishSuccess(t *testing.T) { - mockCh := &mockChannel{} + mockCh := &mockChannelForPublish{} p := &Publisher{ Channel: mockCh, @@ -203,7 +207,7 @@ func TestPublishSuccess(t *testing.T) { } func TestPublishFailure(t *testing.T) { - mockCh := &mockChannel{fail: true} + mockCh := &mockChannelForPublish{fail: true} p := &Publisher{ Channel: mockCh, @@ -218,3 +222,147 @@ func TestPublishFailure(t *testing.T) { t.Error("expected error from failed publish, got nil") } } + +type mockChannel struct{} + +func (m *mockChannel) PublishWithContext(ctx context.Context, exchange, key string, mandatory, immediate bool, msg amqp091.Publishing) error { + return nil +} +func (m *mockChannel) ExchangeDeclare(name, kind string, durable, autoDelete, internal, noWait bool, args amqp091.Table) error { + return nil +} +func (m *mockChannel) Close() error { + return nil +} + +type mockConnection struct{} + +func (m *mockConnection) Close() error { + return nil +} + +func TestNewPublisherSucess(t *testing.T) { + originalDialFunc := DialFunc + originalChannelFunc := ChannelFunc + defer func() { + DialFunc = originalDialFunc + ChannelFunc = originalChannelFunc + }() + + // mockedConn := &mockConnection{} + + DialFunc = func(url string) (*amqp091.Connection, error) { + return nil, nil + } + + ChannelFunc = func(conn *amqp091.Connection) (Channel, error) { + return &mockChannel{}, nil + } + + cfg := &Config{ + Addr: "localhost", + Exchange: "test-ex", + Durable: true, + RoutingKey: "test.key", + } + + t.Setenv("RABBITMQ_USERNAME", "user") + t.Setenv("RABBITMQ_PASSWORD", "pass") + + pub, cleanup, err := New(cfg) + if err != nil { + t.Fatalf("New() failed: %v", err) + } + if pub == nil { + t.Fatal("Publisher should not be nil") + } + if cleanup == nil { + t.Fatal("Cleanup should not be nil") + } + if err := cleanup(); err != nil { + t.Errorf("Cleanup failed: %v", err) + } +} + +type mockChannelFailDeclare struct{} + +func (m *mockChannelFailDeclare) PublishWithContext(ctx context.Context, exchange, key string, mandatory, immediate bool, msg amqp091.Publishing) error { + return nil +} +func (m *mockChannelFailDeclare) ExchangeDeclare(name, kind string, durable, autoDelete, internal, noWait bool, args amqp091.Table) error { + return fmt.Errorf("simulated exchange declare error") +} +func (m *mockChannelFailDeclare) Close() error { + return nil +} + +func TestNewPublisherFailures(t *testing.T) { + tests := []struct { + name string + cfg *Config + dialFunc func(url string) (*amqp091.Connection, error) // Mocked dial function + envVars map[string]string + expectedError string + }{ + { + name: "ValidateFailure", + cfg: &Config{}, // invalid config + expectedError: "missing config.Addr", + }, + { + name: "GetConnURLFailure", + cfg: &Config{ + Addr: "localhost", + Exchange: "test-ex", + Durable: true, + RoutingKey: "test.key", + }, + envVars: map[string]string{ + "RABBITMQ_USERNAME": "", + "RABBITMQ_PASSWORD": "", + }, + expectedError: "missing RabbitMQ credentials in environment", + }, + { + name: "ConnectionFailure", + cfg: &Config{ + Addr: "localhost", + Exchange: "test-ex", + Durable: true, + RoutingKey: "test.key", + }, + dialFunc: func(url string) (*amqp091.Connection, error) { + return nil, fmt.Errorf("simulated connection failure") + }, + envVars: map[string]string{ + "RABBITMQ_USERNAME": "user", + "RABBITMQ_PASSWORD": "pass", + }, + expectedError: "failed to connect to RabbitMQ", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Set environment variables + for key, value := range tt.envVars { + t.Setenv(key, value) + } + + // Mock dialFunc if needed + originalDialFunc := DialFunc + if tt.dialFunc != nil { + DialFunc = tt.dialFunc + defer func() { + DialFunc = originalDialFunc + }() + } + + _, _, err := New(tt.cfg) + + if err == nil || (tt.expectedError != "" && !strings.Contains(err.Error(), tt.expectedError)) { + t.Errorf("Test %s failed: expected error containing %v, got: %v", tt.name, tt.expectedError, err) + } + }) + } +} From ed32b57a8052d53bdf7721498ffa9c3ef2746e4c Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Tue, 13 May 2025 12:33:32 +0530 Subject: [PATCH 05/84] fixed linting issues --- .../implementation/publisher/publisher_test.go | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/pkg/plugin/implementation/publisher/publisher_test.go b/pkg/plugin/implementation/publisher/publisher_test.go index b54fa9b..2c5915c 100644 --- a/pkg/plugin/implementation/publisher/publisher_test.go +++ b/pkg/plugin/implementation/publisher/publisher_test.go @@ -235,12 +235,6 @@ func (m *mockChannel) Close() error { return nil } -type mockConnection struct{} - -func (m *mockConnection) Close() error { - return nil -} - func TestNewPublisherSucess(t *testing.T) { originalDialFunc := DialFunc originalChannelFunc := ChannelFunc @@ -284,18 +278,6 @@ func TestNewPublisherSucess(t *testing.T) { } } -type mockChannelFailDeclare struct{} - -func (m *mockChannelFailDeclare) PublishWithContext(ctx context.Context, exchange, key string, mandatory, immediate bool, msg amqp091.Publishing) error { - return nil -} -func (m *mockChannelFailDeclare) ExchangeDeclare(name, kind string, durable, autoDelete, internal, noWait bool, args amqp091.Table) error { - return fmt.Errorf("simulated exchange declare error") -} -func (m *mockChannelFailDeclare) Close() error { - return nil -} - func TestNewPublisherFailures(t *testing.T) { tests := []struct { name string From 20883902fba4c4d3b345fe5fc20a571b50500689 Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Wed, 14 May 2025 16:11:28 +0530 Subject: [PATCH 06/84] Resolved review comments --- .../implementation/publisher/publisher.go | 6 +- .../publisher/publisher_test.go | 56 +++++++++++-------- 2 files changed, 37 insertions(+), 25 deletions(-) diff --git a/pkg/plugin/implementation/publisher/publisher.go b/pkg/plugin/implementation/publisher/publisher.go index 60f531d..db3e577 100644 --- a/pkg/plugin/implementation/publisher/publisher.go +++ b/pkg/plugin/implementation/publisher/publisher.go @@ -68,8 +68,7 @@ func GetConnURL(cfg *Config) (string, error) { if user == "" || pass == "" { return "", model.NewBadReqErr(fmt.Errorf("missing RabbitMQ credentials in environment")) } - - parts := strings.SplitN(cfg.Addr, "/", 2) + parts := strings.SplitN(strings.TrimSpace(cfg.Addr), "/", 2) hostPort := parts[0] vhost := "/" if len(parts) > 1 { @@ -93,7 +92,8 @@ func GetConnURL(cfg *Config) (string, error) { } connURL := fmt.Sprintf("%s://%s:%s@%s/%s", protocol, encodedUser, encodedPass, hostPort, encodedVHost) - log.Debugf(context.Background(), "Generated RabbitMQ connection URL: %s", connURL) + log.Debugf(context.Background(), "Generated RabbitMQ connection details: protocol=%s, hostPort=%s, vhost=%s", protocol, hostPort, vhost) + return connURL, nil } diff --git a/pkg/plugin/implementation/publisher/publisher_test.go b/pkg/plugin/implementation/publisher/publisher_test.go index 2c5915c..82b8404 100644 --- a/pkg/plugin/implementation/publisher/publisher_test.go +++ b/pkg/plugin/implementation/publisher/publisher_test.go @@ -3,7 +3,6 @@ package publisher import ( "context" "fmt" - "os" "strings" "testing" @@ -16,12 +15,13 @@ func TestGetConnURLSuccess(t *testing.T) { config *Config }{ { - name: "Valid config with credentials", + name: "Valid config with connection address", config: &Config{ Addr: "localhost:5672", UseTLS: false, }, }, + { name: "Valid config with vhost", config: &Config{ @@ -29,11 +29,18 @@ func TestGetConnURLSuccess(t *testing.T) { UseTLS: false, }, }, + { + name: "Addr with leading and trailing spaces", + config: &Config{ + Addr: " localhost:5672/myvhost ", + UseTLS: false, + }, + }, } // Set valid credentials - os.Setenv("RABBITMQ_USERNAME", "guest") - os.Setenv("RABBITMQ_PASSWORD", "guest") + t.Setenv("RABBITMQ_USERNAME", "guest") + t.Setenv("RABBITMQ_PASSWORD", "guest") for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -74,16 +81,12 @@ func TestGetConnURLFailure(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if tt.username == "" { - os.Unsetenv("RABBITMQ_USERNAME") - } else { - os.Setenv("RABBITMQ_USERNAME", tt.username) + if tt.username != "" { + t.Setenv("RABBITMQ_USERNAME", tt.username) } - if tt.password == "" { - os.Unsetenv("RABBITMQ_PASSWORD") - } else { - os.Setenv("RABBITMQ_PASSWORD", tt.password) + if tt.password != "" { + t.Setenv("RABBITMQ_PASSWORD", tt.password) } url, err := GetConnURL(tt.config) @@ -123,24 +126,29 @@ func TestValidateSuccess(t *testing.T) { func TestValidateFailure(t *testing.T) { tests := []struct { - name string - config *Config + name string + config *Config + expectedErrr string }{ { - name: "Nil config", - config: nil, + name: "Nil config", + config: nil, + expectedErrr: "config is nil", }, { - name: "Missing Addr", - config: &Config{Exchange: "ex"}, + name: "Missing Addr", + config: &Config{Exchange: "ex"}, + expectedErrr: "missing config.Addr", }, { - name: "Missing Exchange", - config: &Config{Addr: "localhost:5672"}, + name: "Missing Exchange", + config: &Config{Addr: "localhost:5672"}, + expectedErrr: "missing config.Exchange", }, { - name: "Empty Addr and Exchange", - config: &Config{Addr: " ", Exchange: " "}, + name: "Empty Addr and Exchange", + config: &Config{Addr: " ", Exchange: " "}, + expectedErrr: "missing config.Addr", }, } @@ -149,6 +157,10 @@ func TestValidateFailure(t *testing.T) { err := Validate(tt.config) if err == nil { t.Errorf("expected error for invalid config, got nil") + return + } + if !strings.Contains(err.Error(), tt.expectedErrr) { + t.Errorf("expected error to contain %q, got: %v", tt.expectedErrr, err) } }) } From 0101fe80c5a596bf323bc9e4a4849d79ad496980 Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Fri, 16 May 2025 18:06:12 +0530 Subject: [PATCH 07/84] Initial commit for the keymanager plugin --- go.mod | 21 +- go.sum | 60 ++- .../implementation/keymanager/cmd/plugin.go | 31 ++ .../implementation/keymanager/keymanager.go | 370 ++++++++++++++++++ 4 files changed, 478 insertions(+), 4 deletions(-) create mode 100644 pkg/plugin/implementation/keymanager/cmd/plugin.go create mode 100644 pkg/plugin/implementation/keymanager/keymanager.go diff --git a/go.mod b/go.mod index 12fad60..2e23b33 100644 --- a/go.mod +++ b/go.mod @@ -13,9 +13,9 @@ require ( require github.com/stretchr/testify v1.10.0 require ( - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/stretchr/objx v0.5.2 // indirect gopkg.in/yaml.v3 v3.0.1 ) @@ -25,13 +25,30 @@ require github.com/zenazn/pkcs7pad v0.0.0-20170308005700-253a5b1f0e03 require golang.org/x/text v0.23.0 // indirect require ( + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/go-jose/go-jose/v4 v4.0.1 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect + github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/hashicorp/go-rootcerts v1.0.2 // indirect + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect + github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect + github.com/hashicorp/go-sockaddr v1.0.2 // indirect + github.com/hashicorp/hcl v1.0.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/ryanuber/go-glob v1.0.0 // indirect + golang.org/x/net v0.38.0 // indirect golang.org/x/sys v0.31.0 // indirect + golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 // indirect ) require ( + github.com/google/uuid v1.6.0 github.com/hashicorp/go-retryablehttp v0.7.7 + github.com/hashicorp/vault/api v1.16.0 github.com/rs/zerolog v1.34.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index 821e117..c909290 100644 --- a/go.sum +++ b/go.sum @@ -1,18 +1,52 @@ +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI= github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= +github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw= +github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= +github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= +github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= +github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/vault/api v1.16.0 h1:nbEYGJiAPGzT9U4oWgaaB0g+Rj8E59QuHKyA5LhwQN4= +github.com/hashicorp/vault/api v1.16.0/go.mod h1:KhuUhzOD8lDSk29AtzNjgAu2kxRA9jL9NAbkFlqvkBA= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -20,32 +54,51 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY= github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ= +github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= +github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 h1:PKK9DyHxif4LZo+uQSgXNqs0jj5+xZwwfKHgph2lxBw= github.com/santhosh-tekuri/jsonschema/v6 v6.0.1/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/zenazn/pkcs7pad v0.0.0-20170308005700-253a5b1f0e03 h1:m1h+vudopHsI67FPT9MOncyndWhTcdUoBtI1R1uajGY= github.com/zenazn/pkcs7pad v0.0.0-20170308005700-253a5b1f0e03/go.mod h1:8sheVFH84v3PCyFY/O02mIgSQY9I6wMYPWsq7mDnEZY= golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -53,6 +106,8 @@ golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 h1:NusfzzA6yGQ+ua51ck7E3omNUX/JuqbFSaRGqU8CcLI= +golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -60,5 +115,6 @@ gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/pkg/plugin/implementation/keymanager/cmd/plugin.go b/pkg/plugin/implementation/keymanager/cmd/plugin.go new file mode 100644 index 0000000..9326a8b --- /dev/null +++ b/pkg/plugin/implementation/keymanager/cmd/plugin.go @@ -0,0 +1,31 @@ +package main + +import ( + "context" + + "github.com/beckn/beckn-onix/pkg/log" + "github.com/beckn/beckn-onix/pkg/plugin/definition" + "github.com/beckn/beckn-onix/pkg/plugin/implementation/keymanager" +) + +// keyManagerProvider implements the plugin provider for the KeyManager plugin. +type keyManagerProvider struct{} + +// New creates and initializes a new KeyManager instance using the provided cache, registry lookup, and configuration. +func (k *keyManagerProvider) New(ctx context.Context, cache definition.Cache, registry definition.RegistryLookup, cfg map[string]string) (definition.KeyManager, func() error, error) { + config := &keymanager.Config{ + VaultAddr: cfg["vault_addr"], + KVVersion: cfg["kv_version"], + } + log.Debugf(ctx, "Keymanager config mapped: %+v", cfg) + km, cleanup, err := keymanager.New(ctx, cache, registry, config) + if err != nil { + log.Error(ctx, err, "Failed to initialize KeyManager") + return nil, nil, err + } + log.Debugf(ctx, "KeyManager instance created successfully") + return km, cleanup, nil +} + +// Provider is the exported instance of keyManagerProvider used for plugin registration. +var Provider = keyManagerProvider{} diff --git a/pkg/plugin/implementation/keymanager/keymanager.go b/pkg/plugin/implementation/keymanager/keymanager.go new file mode 100644 index 0000000..229fa2b --- /dev/null +++ b/pkg/plugin/implementation/keymanager/keymanager.go @@ -0,0 +1,370 @@ +package keymanager + +import ( + "context" + "crypto/ecdh" + "crypto/ed25519" + "crypto/rand" + "encoding/base64" + "encoding/json" + "errors" + "fmt" + "os" + "time" + + "github.com/beckn/beckn-onix/pkg/log" + "github.com/beckn/beckn-onix/pkg/model" + "github.com/beckn/beckn-onix/pkg/plugin/definition" + "github.com/google/uuid" + vault "github.com/hashicorp/vault/api" +) + +// Config holds configuration parameters for connecting to Vault. +type Config struct { + VaultAddr string + KVVersion string +} + +// KeyMgr provides methods for managing cryptographic keys using Vault. +type KeyMgr struct { + VaultClient *vault.Client + Registry definition.RegistryLookup + Cache definition.Cache + KvVersion string + SecretPath string +} + +var ( + // ErrEmptyKeyID indicates that the provided key ID is empty. + ErrEmptyKeyID = errors.New("invalid request: keyID cannot be empty") + + // ErrNilKeySet indicates that the provided keyset is nil. + ErrNilKeySet = errors.New("keyset cannot be nil") + + // ErrEmptySubscriberID indicates that the provided subscriber ID is empty. + ErrEmptySubscriberID = errors.New("invalid request: subscriberID cannot be empty") + + // ErrEmptyUniqueKeyID indicates that the provided unique key ID is empty. + ErrEmptyUniqueKeyID = errors.New("invalid request: uniqueKeyID cannot be empty") + + // ErrSubscriberNotFound indicates that no subscriber was found with the provided credentials. + ErrSubscriberNotFound = errors.New("no subscriber found with given credentials") + + // ErrNilCache indicates that the cache implementation is nil. + ErrNilCache = errors.New("cache implementation cannot be nil") + + // ErrNilRegistryLookup indicates that the registry lookup implementation is nil. + ErrNilRegistryLookup = errors.New("registry lookup implementation cannot be nil") +) + +// ValidateCfg validates the Vault configuration and sets default KV version if missing. +func ValidateCfg(cfg *Config) error { + if cfg.VaultAddr == "" { + return errors.New("invalid config: VaultAddr cannot be empty") + } + if cfg.KVVersion == "" { + cfg.KVVersion = "v1" + } else if cfg.KVVersion != "v1" && cfg.KVVersion != "v2" { + return fmt.Errorf("invalid KVVersion: must be 'v1' or 'v2'") + } + return nil +} + +func New(ctx context.Context, cache definition.Cache, registryLookup definition.RegistryLookup, cfg *Config) (*KeyMgr, func() error, error) { + log.Info(ctx, "Initializing KeyManager plugin") + // Validate configuration. + if err := ValidateCfg(cfg); err != nil { + log.Error(ctx, err, "Invalid configuration for KeyManager") + return nil, nil, err + } + // Check if cache implementation is provided. + if cache == nil { + log.Error(ctx, ErrNilCache, "Cache is nil in KeyManager initialization") + return nil, nil, ErrNilCache + } + + // Check if registry lookup implementation is provided. + if registryLookup == nil { + log.Error(ctx, ErrNilRegistryLookup, "RegistryLookup is nil in KeyManager initialization") + return nil, nil, ErrNilRegistryLookup + } + + // Initialize Vault client. + log.Debugf(ctx, "Creating Vault client with address: %s", cfg.VaultAddr) + vaultClient, err := GetVaultClient(ctx, cfg.VaultAddr) + if err != nil { + log.Errorf(ctx, err, "Failed to create Vault client at address: %s", cfg.VaultAddr) + return nil, nil, fmt.Errorf("failed to create vault client: %w", err) + } + + log.Info(ctx, "Successfully created Vault client") + + // Create KeyManager instance. + km := &KeyMgr{ + VaultClient: vaultClient, + Registry: registryLookup, + Cache: cache, + KvVersion: cfg.KVVersion, + } + + // Cleanup function to release KeyManager resources. + cleanup := func() error { + log.Info(ctx, "Cleaning up KeyManager resources") + km.VaultClient = nil + km.Cache = nil + km.Registry = nil + return nil + } + + log.Info(ctx, "KeyManager plugin initialized successfully") + return km, cleanup, nil +} + +// GetVaultClient creates and authenticates a Vault client using AppRole. +func GetVaultClient(ctx context.Context, vaultAddr string) (*vault.Client, error) { + roleID := os.Getenv("VAULT_ROLE_ID") + secretID := os.Getenv("VAULT_SECRET_ID") + + if roleID == "" || secretID == "" { + log.Error(ctx, fmt.Errorf("missing credentials"), "VAULT_ROLE_ID or VAULT_SECRET_ID is not set") + return nil, fmt.Errorf("VAULT_ROLE_ID or VAULT_SECRET_ID is not set") + } + + config := vault.DefaultConfig() + config.Address = vaultAddr + + client, err := vault.NewClient(config) + if err != nil { + log.Error(ctx, err, "failed to create Vault client") + return nil, fmt.Errorf("failed to create Vault client: %w", err) + } + + data := map[string]interface{}{ + "role_id": roleID, + "secret_id": secretID, + } + + log.Info(ctx, "Logging into Vault with AppRole") + resp, err := client.Logical().Write("auth/approle/login", data) + if err != nil { + log.Error(ctx, err, "failed to login with AppRole") + return nil, fmt.Errorf("failed to login with AppRole: %w", err) + } + if resp == nil || resp.Auth == nil { + log.Error(ctx, nil, "AppRole login failed: no auth info returned") + return nil, errors.New("AppRole login failed: no auth info returned") + } + + log.Info(ctx, "Vault login successful") + client.SetToken(resp.Auth.ClientToken) + return client, nil +} + +// GenerateKeyPairs generates a new signing (Ed25519) and encryption (X25519) key pair. +func (km *KeyMgr) GenerateKeyPairs() (*model.Keyset, error) { + signingPublic, signingPrivate, err := ed25519.GenerateKey(rand.Reader) + if err != nil { + return nil, fmt.Errorf("failed to generate signing key pair: %w", err) + } + + encrPrivateKey, err := ecdh.X25519().GenerateKey(rand.Reader) + if err != nil { + return nil, fmt.Errorf("failed to generate encryption key pair: %w", err) + } + encrPublicKey := encrPrivateKey.PublicKey().Bytes() + uuid, err := uuid.NewRandom() + if err != nil { + return nil, fmt.Errorf("failed to generate unique key id uuid: %w", err) + } + return &model.Keyset{ + UniqueKeyID: uuid.String(), + SigningPrivate: encodeBase64(signingPrivate.Seed()), + SigningPublic: encodeBase64(signingPublic), + EncrPrivate: encodeBase64(encrPrivateKey.Bytes()), + EncrPublic: encodeBase64(encrPublicKey), + }, nil +} + +// StorePrivateKeys stores the given keyset in Vault under the specified key ID. +func (km *KeyMgr) StorePrivateKeys(ctx context.Context, keyID string, keys *model.Keyset) error { + if keyID == "" { + return ErrEmptyKeyID + } + if keys == nil { + return ErrNilKeySet + } + + keyData := map[string]interface{}{ + "uniqueKeyID": keys.UniqueKeyID, + "signingPublicKey": keys.SigningPublic, + "signingPrivateKey": keys.SigningPrivate, + "encrPublicKey": keys.EncrPublic, + "encrPrivateKey": keys.EncrPrivate, + } + var path string + var payload map[string]interface{} + if km.KvVersion == "v2" { + path = fmt.Sprintf("secret/data/keys/%s", keyID) + payload = map[string]interface{}{"data": keyData} + } else { + path = fmt.Sprintf("secret/keys/%s", keyID) + payload = keyData + } + + _, err := km.VaultClient.Logical().Write(path, payload) + if err != nil { + return fmt.Errorf("failed to store secret in Vault: %w", err) + } + return nil +} + +// SigningPrivateKey retrieves the unique key ID and signing private key for the given key ID. +func (km *KeyMgr) SigningPrivateKey(ctx context.Context, keyID string) (string, string, error) { + keys, err := km.getKeys(ctx, keyID) + if err != nil { + return "", "", err + } + return keys.UniqueKeyID, keys.SigningPrivate, nil +} + +// EncrPrivateKey retrieves the unique key ID and encryption private key for the given key ID. +func (km *KeyMgr) EncrPrivateKey(ctx context.Context, keyID string) (string, string, error) { + keys, err := km.getKeys(ctx, keyID) + if err != nil { + return "", "", err + } + return keys.UniqueKeyID, keys.EncrPrivate, nil +} + +// SigningPublicKey returns the signing public key for the given subscriber ID and key ID. +func (km *KeyMgr) SigningPublicKey(ctx context.Context, subscriberID, uniqueKeyID string) (string, error) { + keys, err := km.getPublicKeys(ctx, subscriberID, uniqueKeyID) + if err != nil { + return "", err + } + return keys.SigningPublic, nil +} + +// EncrPublicKey returns the encryption public key for the given subscriber ID and key ID. +func (km *KeyMgr) EncrPublicKey(ctx context.Context, subscriberID, uniqueKeyID string) (string, error) { + keys, err := km.getPublicKeys(ctx, subscriberID, uniqueKeyID) + if err != nil { + return "", err + } + return keys.EncrPublic, nil +} + +// DeletePrivateKeys deletes the private keys for the given key ID from Vault. +func (km *KeyMgr) DeletePrivateKeys(ctx context.Context, keyID string) error { + if keyID == "" { + return ErrEmptyKeyID + } + var path string + if km.KvVersion == "v2" { + path = fmt.Sprintf("secret/data/private_keys/%s", keyID) + } else { + path = fmt.Sprintf("secret/private_keys/%s", keyID) + } + return km.VaultClient.KVv2(path).Delete(ctx, keyID) +} + +// getKeys retrieves the full keyset from Vault for the given key ID. +func (km *KeyMgr) getKeys(ctx context.Context, keyID string) (*model.Keyset, error) { + if keyID == "" { + return nil, ErrEmptyKeyID + } + + var path string + if km.KvVersion == "v2" { + path = fmt.Sprintf("secret/data/private_keys/%s", keyID) + } else { + path = fmt.Sprintf("secret/private_keys/%s", keyID) + } + + secret, err := km.VaultClient.Logical().Read(path) + if err != nil || secret == nil { + return nil, fmt.Errorf("failed to read secret from Vault: %w", err) + } + + var data map[string]interface{} + if km.KvVersion == "v2" { + dataRaw, ok := secret.Data["data"] + if !ok { + return nil, errors.New("missing 'data' in secret response") + } + data, ok = dataRaw.(map[string]interface{}) + if !ok { + return nil, errors.New("invalid 'data' format in Vault response") + } + } else { + data = secret.Data + } + + return &model.Keyset{ + UniqueKeyID: data["uniqueKeyID"].(string), + SigningPublic: data["signingPublicKey"].(string), + SigningPrivate: data["signingPrivateKey"].(string), + EncrPublic: data["encrPublicKey"].(string), + EncrPrivate: data["encrPrivateKey"].(string), + }, nil +} + +// getPublicKeys fetches the public keys from cache or registry for the given subscriber and key ID. +func (km *KeyMgr) getPublicKeys(ctx context.Context, subscriberID, uniqueKeyID string) (*model.Keyset, error) { + if err := validateParams(subscriberID, uniqueKeyID); err != nil { + return nil, err + } + cacheKey := fmt.Sprintf("%s_%s", subscriberID, uniqueKeyID) + cachedData, err := km.Cache.Get(ctx, cacheKey) + if err == nil { + var keys model.Keyset + if err := json.Unmarshal([]byte(cachedData), &keys); err == nil { + return &keys, nil + } + } + publicKeys, err := km.lookupRegistry(ctx, subscriberID, uniqueKeyID) + if err != nil { + return nil, err + } + cacheValue, err := json.Marshal(publicKeys) + if err == nil { + _ = km.Cache.Set(ctx, cacheKey, string(cacheValue), time.Hour) + } + return publicKeys, nil +} + +// lookupRegistry queries the registry for public keys based on subscriber ID and key ID. +func (km *KeyMgr) lookupRegistry(ctx context.Context, subscriberID, uniqueKeyID string) (*model.Keyset, error) { + subscribers, err := km.Registry.Lookup(ctx, &model.Subscription{ + Subscriber: model.Subscriber{ + SubscriberID: subscriberID, + }, + KeyID: uniqueKeyID, + }) + if err != nil { + return nil, fmt.Errorf("failed to lookup registry: %w", err) + } + if len(subscribers) == 0 { + return nil, ErrSubscriberNotFound + } + return &model.Keyset{ + SigningPublic: subscribers[0].SigningPublicKey, + EncrPublic: subscribers[0].EncrPublicKey, + }, nil +} + +// validateParams checks that subscriberID and uniqueKeyID are not empty. +func validateParams(subscriberID, uniqueKeyID string) error { + if subscriberID == "" { + return ErrEmptySubscriberID + } + if uniqueKeyID == "" { + return ErrEmptyUniqueKeyID + } + return nil +} + +// encodeBase64 returns the base64-encoded string of the given data. +func encodeBase64(data []byte) string { + return base64.StdEncoding.EncodeToString(data) +} From 63e1bc44d9c37db938f0917bd3314dfb02bd2bbc Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Tue, 20 May 2025 12:01:14 +0530 Subject: [PATCH 08/84] added test cases for keymanager and plugin --- .../implementation/keymanager/cmd/plugin.go | 9 +- .../keymanager/cmd/plugin_test.go | 164 +++ .../implementation/keymanager/keymanager.go | 25 +- .../keymanager/keymanager_test.go | 1182 +++++++++++++++++ 4 files changed, 1373 insertions(+), 7 deletions(-) create mode 100644 pkg/plugin/implementation/keymanager/cmd/plugin_test.go create mode 100644 pkg/plugin/implementation/keymanager/keymanager_test.go diff --git a/pkg/plugin/implementation/keymanager/cmd/plugin.go b/pkg/plugin/implementation/keymanager/cmd/plugin.go index 9326a8b..5e37af4 100644 --- a/pkg/plugin/implementation/keymanager/cmd/plugin.go +++ b/pkg/plugin/implementation/keymanager/cmd/plugin.go @@ -9,7 +9,12 @@ import ( ) // keyManagerProvider implements the plugin provider for the KeyManager plugin. -type keyManagerProvider struct{} +type keyManagerProvider struct { + newFunc func(ctx context.Context, cache definition.Cache, registry definition.RegistryLookup, cfg *keymanager.Config) (definition.KeyManager, func() error, error) +} + +// newKeyManagerFunc is a function type that creates a new KeyManager instance. +var newKeyManagerFunc = keymanager.New // New creates and initializes a new KeyManager instance using the provided cache, registry lookup, and configuration. func (k *keyManagerProvider) New(ctx context.Context, cache definition.Cache, registry definition.RegistryLookup, cfg map[string]string) (definition.KeyManager, func() error, error) { @@ -18,7 +23,7 @@ func (k *keyManagerProvider) New(ctx context.Context, cache definition.Cache, re KVVersion: cfg["kv_version"], } log.Debugf(ctx, "Keymanager config mapped: %+v", cfg) - km, cleanup, err := keymanager.New(ctx, cache, registry, config) + km, cleanup, err := newKeyManagerFunc(ctx, cache, registry, config) if err != nil { log.Error(ctx, err, "Failed to initialize KeyManager") return nil, nil, err diff --git a/pkg/plugin/implementation/keymanager/cmd/plugin_test.go b/pkg/plugin/implementation/keymanager/cmd/plugin_test.go new file mode 100644 index 0000000..bec7c6f --- /dev/null +++ b/pkg/plugin/implementation/keymanager/cmd/plugin_test.go @@ -0,0 +1,164 @@ +package main + +import ( + "context" + "fmt" + "testing" + "time" + + "github.com/beckn/beckn-onix/pkg/model" + "github.com/beckn/beckn-onix/pkg/plugin/definition" + "github.com/beckn/beckn-onix/pkg/plugin/implementation/keymanager" +) + +// Mock KeyManager implementation +type mockKeyManager struct{} + +func (m *mockKeyManager) SigningPublicKey(ctx context.Context, subscriberID, keyID string) (string, error) { + return "mock-signing-public-key", nil +} + +func (m *mockKeyManager) SigningPrivateKey(ctx context.Context, subscriberID string) (string, string, error) { + return "mock-key-id", "mock-signing-private-key", nil +} + +func (m *mockKeyManager) EncrPublicKey(ctx context.Context, subscriberID, keyID string) (string, error) { + return "mock-encryption-public-key", nil +} + +func (m *mockKeyManager) EncrPrivateKey(ctx context.Context, subscriberID string) (string, string, error) { + return "mock-key-id", "mock-encryption-private-key", nil +} + +func (m *mockKeyManager) DeletePrivateKeys(ctx context.Context, subscriberID string) error { + return nil +} + +func (m *mockKeyManager) StorePrivateKeys(ctx context.Context, subscriberID string, keys *model.Keyset) error { + return nil +} + +func (m *mockKeyManager) GenerateKeyPairs() (*model.Keyset, error) { + return &model.Keyset{ + UniqueKeyID: "mock-key-id", + SigningPrivate: "mock-signing-private-key", + SigningPublic: "mock-signing-public-key", + EncrPrivate: "mock-encryption-private-key", + EncrPublic: "mock-encryption-public-key", + }, nil +} + +type mockRegistry struct { + LookupFunc func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) +} + +func (m *mockRegistry) Lookup(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + if m.LookupFunc != nil { + return m.LookupFunc(ctx, sub) + } + return []model.Subscription{ + { + Subscriber: model.Subscriber{ + SubscriberID: sub.SubscriberID, + URL: "https://mock.registry/subscriber", + Type: "BPP", + Domain: "retail", + }, + KeyID: sub.KeyID, + SigningPublicKey: "mock-signing-public-key", + EncrPublicKey: "mock-encryption-public-key", + ValidFrom: time.Now().Add(-time.Hour), + ValidUntil: time.Now().Add(time.Hour), + Status: "SUBSCRIBED", + Created: time.Now().Add(-2 * time.Hour), + Updated: time.Now(), + Nonce: "mock-nonce", + }, + }, nil +} + +type mockCache struct{} + +func (m *mockCache) Get(ctx context.Context, key string) (string, error) { + return "", nil +} +func (m *mockCache) Set(ctx context.Context, key string, value string, ttl time.Duration) error { + return nil +} +func (m *mockCache) Clear(ctx context.Context) error { + return nil +} + +func (m *mockCache) Delete(ctx context.Context, key string) error { + return nil +} + +func TestNewSuccess(t *testing.T) { + // Setup dummy implementations and variables + ctx := context.Background() + cache := &mockCache{} + registry := &mockRegistry{} + cfg := map[string]string{ + "vault_addr": "http://dummy-vault", + "kv_version": "2", + } + + cleanupCalled := false + fakeCleanup := func() error { + cleanupCalled = true + return nil + } + + newKeyManagerFunc = func(ctx context.Context, cache definition.Cache, registry definition.RegistryLookup, cfg *keymanager.Config) (*keymanager.KeyMgr, func() error, error) { + // return a mock struct pointer of *keymanager.KeyMgr or a stub instance + return &keymanager.KeyMgr{}, fakeCleanup, nil + } + + // Create provider and call New + provider := &keyManagerProvider{} + km, cleanup, err := provider.New(ctx, cache, registry, cfg) + if err != nil { + t.Fatalf("Expected no error, got %v", err) + } + if km == nil { + t.Fatal("Expected non-nil KeyManager instance") + } + if cleanup == nil { + t.Fatal("Expected non-nil cleanup function") + } + + // Call cleanup and check if it behaves correctly + if err := cleanup(); err != nil { + t.Fatalf("Expected no error from cleanup, got %v", err) + } + if !cleanupCalled { + t.Error("Expected cleanup function to be called") + } +} + +func TestNewFailure(t *testing.T) { + // Setup dummy variables + ctx := context.Background() + cache := &mockCache{} + registry := &mockRegistry{} + cfg := map[string]string{ + "vault_addr": "http://dummy-vault", + "kv_version": "2", + } + + newKeyManagerFunc = func(ctx context.Context, cache definition.Cache, registry definition.RegistryLookup, cfg *keymanager.Config) (*keymanager.KeyMgr, func() error, error) { + return nil, nil, fmt.Errorf("some error") + } + + provider := &keyManagerProvider{} + km, cleanup, err := provider.New(ctx, cache, registry, cfg) + if err == nil { + t.Fatal("Expected error, got nil") + } + if km != nil { + t.Error("Expected nil KeyManager on error") + } + if cleanup != nil { + t.Error("Expected nil cleanup function on error") + } +} diff --git a/pkg/plugin/implementation/keymanager/keymanager.go b/pkg/plugin/implementation/keymanager/keymanager.go index 229fa2b..c50079d 100644 --- a/pkg/plugin/implementation/keymanager/keymanager.go +++ b/pkg/plugin/implementation/keymanager/keymanager.go @@ -70,6 +70,11 @@ func ValidateCfg(cfg *Config) error { return nil } +// getVaultClient is a function that creates a new Vault client. +// This is exported for testing purposes. +var getVaultClient = GetVaultClient + +// New creates a new KeyMgr instance with the provided configuration, cache, and registry lookup. func New(ctx context.Context, cache definition.Cache, registryLookup definition.RegistryLookup, cfg *Config) (*KeyMgr, func() error, error) { log.Info(ctx, "Initializing KeyManager plugin") // Validate configuration. @@ -91,7 +96,7 @@ func New(ctx context.Context, cache definition.Cache, registryLookup definition. // Initialize Vault client. log.Debugf(ctx, "Creating Vault client with address: %s", cfg.VaultAddr) - vaultClient, err := GetVaultClient(ctx, cfg.VaultAddr) + vaultClient, err := getVaultClient(ctx, cfg.VaultAddr) if err != nil { log.Errorf(ctx, err, "Failed to create Vault client at address: %s", cfg.VaultAddr) return nil, nil, fmt.Errorf("failed to create vault client: %w", err) @@ -120,6 +125,10 @@ func New(ctx context.Context, cache definition.Cache, registryLookup definition. return km, cleanup, nil } +// NewVaultClient creates a new Vault client instance. +// This function is exported for testing purposes. +var NewVaultClient = vault.NewClient + // GetVaultClient creates and authenticates a Vault client using AppRole. func GetVaultClient(ctx context.Context, vaultAddr string) (*vault.Client, error) { roleID := os.Getenv("VAULT_ROLE_ID") @@ -133,7 +142,7 @@ func GetVaultClient(ctx context.Context, vaultAddr string) (*vault.Client, error config := vault.DefaultConfig() config.Address = vaultAddr - client, err := vault.NewClient(config) + client, err := NewVaultClient(config) if err != nil { log.Error(ctx, err, "failed to create Vault client") return nil, fmt.Errorf("failed to create Vault client: %w", err) @@ -160,19 +169,25 @@ func GetVaultClient(ctx context.Context, vaultAddr string) (*vault.Client, error return client, nil } +var ( + ed25519KeyGenFunc = ed25519.GenerateKey + x25519KeyGenFunc = ecdh.X25519().GenerateKey + uuidGenFunc = uuid.NewRandom +) + // GenerateKeyPairs generates a new signing (Ed25519) and encryption (X25519) key pair. func (km *KeyMgr) GenerateKeyPairs() (*model.Keyset, error) { - signingPublic, signingPrivate, err := ed25519.GenerateKey(rand.Reader) + signingPublic, signingPrivate, err := ed25519KeyGenFunc(rand.Reader) if err != nil { return nil, fmt.Errorf("failed to generate signing key pair: %w", err) } - encrPrivateKey, err := ecdh.X25519().GenerateKey(rand.Reader) + encrPrivateKey, err := x25519KeyGenFunc(rand.Reader) if err != nil { return nil, fmt.Errorf("failed to generate encryption key pair: %w", err) } encrPublicKey := encrPrivateKey.PublicKey().Bytes() - uuid, err := uuid.NewRandom() + uuid, err := uuidGenFunc() if err != nil { return nil, fmt.Errorf("failed to generate unique key id uuid: %w", err) } diff --git a/pkg/plugin/implementation/keymanager/keymanager_test.go b/pkg/plugin/implementation/keymanager/keymanager_test.go new file mode 100644 index 0000000..b08215e --- /dev/null +++ b/pkg/plugin/implementation/keymanager/keymanager_test.go @@ -0,0 +1,1182 @@ +package keymanager + +import ( + "context" + "crypto/ecdh" + "crypto/ed25519" + "errors" + "fmt" + "io" + "net/http" + "net/http/httptest" + "os" + "strings" + "testing" + "time" + + "github.com/beckn/beckn-onix/pkg/model" + "github.com/beckn/beckn-onix/pkg/plugin/definition" + "github.com/google/uuid" + "github.com/hashicorp/vault/api" + vault "github.com/hashicorp/vault/api" +) + +type mockRegistry struct { + LookupFunc func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) +} + +func (m *mockRegistry) Lookup(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + if m.LookupFunc != nil { + return m.LookupFunc(ctx, sub) + } + return []model.Subscription{ + { + Subscriber: model.Subscriber{ + SubscriberID: sub.SubscriberID, + URL: "https://mock.registry/subscriber", + Type: "BPP", + Domain: "retail", + }, + KeyID: sub.KeyID, + SigningPublicKey: "mock-signing-public-key", + EncrPublicKey: "mock-encryption-public-key", + ValidFrom: time.Now().Add(-time.Hour), + ValidUntil: time.Now().Add(time.Hour), + Status: "SUBSCRIBED", + Created: time.Now().Add(-2 * time.Hour), + Updated: time.Now(), + Nonce: "mock-nonce", + }, + }, nil +} + +type mockCache struct{} + +func (m *mockCache) Get(ctx context.Context, key string) (string, error) { + return "", nil +} +func (m *mockCache) Set(ctx context.Context, key string, value string, ttl time.Duration) error { + return nil +} +func (m *mockCache) Clear(ctx context.Context) error { + return nil +} + +func (m *mockCache) Delete(ctx context.Context, key string) error { + return nil +} + +func TestValidateCfgSuccess(t *testing.T) { + tests := []struct { + name string + cfg *Config + wantKV string + }{ + { + name: "valid config with v1", + cfg: &Config{VaultAddr: "http://localhost:8200", KVVersion: "v1"}, + wantKV: "v1", + }, + { + name: "valid config with v2", + cfg: &Config{VaultAddr: "http://localhost:8200", KVVersion: "v2"}, + wantKV: "v2", + }, + { + name: "default KV version applied", + cfg: &Config{VaultAddr: "http://localhost:8200"}, + wantKV: "v1", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := ValidateCfg(tt.cfg) + if err != nil { + t.Errorf("expected no error, got %v", err) + } + if tt.cfg.KVVersion != tt.wantKV { + t.Errorf("expected KVVersion %s, got %s", tt.wantKV, tt.cfg.KVVersion) + } + }) + } +} + +func TestValidateCfgFailure(t *testing.T) { + tests := []struct { + name string + cfg *Config + }{ + { + name: "missing Vault address", + cfg: &Config{VaultAddr: "", KVVersion: "v1"}, + }, + { + name: "invalid KV version", + cfg: &Config{VaultAddr: "http://localhost:8200", KVVersion: "v3"}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := ValidateCfg(tt.cfg) + if err == nil { + t.Errorf("expected error, got nil") + } + }) + } +} + +func TestGenerateKeyPairs(t *testing.T) { + originalEd25519 := ed25519KeyGenFunc + originalX25519 := x25519KeyGenFunc + originalUUID := uuidGenFunc + + defer func() { + ed25519KeyGenFunc = originalEd25519 + x25519KeyGenFunc = originalX25519 + uuidGenFunc = originalUUID + }() + + tests := []struct { + name string + mockEd25519Err error + mockX25519Err error + mockUUIDErr error + expectErr bool + }{ + { + name: "success case", + expectErr: false, + }, + { + name: "ed25519 key generation failure", + mockEd25519Err: errors.New("mock ed25519 failure"), + expectErr: true, + }, + { + name: "x25519 key generation failure", + mockX25519Err: errors.New("mock x25519 failure"), + expectErr: true, + }, + { + name: "UUID generation failure", + mockUUIDErr: errors.New("mock uuid failure"), + expectErr: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if tt.mockEd25519Err != nil { + ed25519KeyGenFunc = func(_ io.Reader) (ed25519.PublicKey, ed25519.PrivateKey, error) { + return nil, nil, tt.mockEd25519Err + } + } else { + ed25519KeyGenFunc = ed25519.GenerateKey + } + + if tt.mockX25519Err != nil { + x25519KeyGenFunc = func(_ io.Reader) (*ecdh.PrivateKey, error) { + return nil, tt.mockX25519Err + } + } else { + x25519KeyGenFunc = ecdh.X25519().GenerateKey + } + + if tt.mockUUIDErr != nil { + uuidGenFunc = func() (uuid.UUID, error) { + return uuid.Nil, tt.mockUUIDErr + } + } else { + uuidGenFunc = uuid.NewRandom + } + + km := &KeyMgr{} + keyset, err := km.GenerateKeyPairs() + + if tt.expectErr { + if err == nil { + t.Errorf("expected error, got nil") + } + if keyset != nil { + t.Errorf("expected nil keyset, got non-nil") + } + } else { + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if keyset == nil { + t.Fatal("expected keyset, got nil") + } + if keyset.SigningPrivate == "" || keyset.SigningPublic == "" || keyset.EncrPrivate == "" || keyset.EncrPublic == "" { + t.Error("expected all keys to be populated and base64-encoded") + } + if keyset.UniqueKeyID == "" { + t.Error("expected UniqueKeyID to be non-empty") + } + } + }) + } +} + +type mockLogical struct { + writeFn func(path string, data map[string]interface{}) (*vault.Secret, error) +} + +func (m *mockLogical) Write(path string, data map[string]interface{}) (*vault.Secret, error) { + return m.writeFn(path, data) +} + +type mockClient struct { + *vault.Client + setTokenFn func(string) + logicalFn func() *vault.Logical +} + +func (m *mockClient) SetToken(token string) { + if m.setTokenFn != nil { + m.setTokenFn(token) + } +} + +func (m *mockClient) Logical() *vault.Logical { + if m.logicalFn != nil { + return m.logicalFn() + } + return &vault.Logical{} +} + +func TestGetVaultClient_Failures(t *testing.T) { + originalNewVaultClient := NewVaultClient + defer func() { NewVaultClient = originalNewVaultClient }() + + ctx := context.Background() + + tests := []struct { + name string + roleID string + secretID string + setupServer func(t *testing.T) *httptest.Server + expectErr string + }{ + { + name: "missing credentials", + roleID: "", + secretID: "", + expectErr: "VAULT_ROLE_ID or VAULT_SECRET_ID is not set", + }, + { + name: "vault client creation failure", + roleID: "test-role", + secretID: "test-secret", + setupServer: func(t *testing.T) *httptest.Server { + NewVaultClient = func(cfg *vault.Config) (*vault.Client, error) { + return nil, errors.New("mock client creation error") + } + return nil + }, + expectErr: "failed to create Vault client: mock client creation error", + }, + { + name: "AppRole login failure", + roleID: "test-role", + secretID: "test-secret", + setupServer: func(t *testing.T) *httptest.Server { + return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.Error(w, "login failed", http.StatusBadRequest) + })) + }, + expectErr: "failed to login with AppRole: Error making API request", + }, + { + name: "AppRole login returns nil auth", + roleID: "test-role", + secretID: "test-secret", + setupServer: func(t *testing.T) *httptest.Server { + return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + w.Header().Set("Content-Type", "application/json") + io.WriteString(w, `{ "auth": null }`) + })) + }, + expectErr: "AppRole login failed: no auth info returned", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + os.Setenv("VAULT_ROLE_ID", tt.roleID) + os.Setenv("VAULT_SECRET_ID", tt.secretID) + + var server *httptest.Server + if tt.setupServer != nil { + server = tt.setupServer(t) + if server != nil { + NewVaultClient = func(cfg *vault.Config) (*vault.Client, error) { + cfg.Address = server.URL + return vault.NewClient(cfg) + } + defer server.Close() + } + } + + client, err := GetVaultClient(ctx, "http://ignored") + if err == nil || !strings.Contains(err.Error(), tt.expectErr) { + t.Errorf("expected error to contain '%s', got: %v", tt.expectErr, err) + } + if client != nil { + t.Error("expected client to be nil on failure") + } + }) + } +} + +func TestGetVaultClient_Success(t *testing.T) { + originalNewVaultClient := NewVaultClient + defer func() { NewVaultClient = originalNewVaultClient }() + + ctx := context.Background() + + os.Setenv("VAULT_ROLE_ID", "test-role") + os.Setenv("VAULT_SECRET_ID", "test-secret") + + // Mock Vault server + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if !strings.HasSuffix(r.URL.Path, "/auth/approle/login") { + t.Errorf("unexpected request path: %s", r.URL.Path) + } + w.WriteHeader(http.StatusOK) + w.Header().Set("Content-Type", "application/json") + io.WriteString(w, `{ + "auth": { + "client_token": "mock-token" + } + }`) + })) + defer server.Close() + + NewVaultClient = func(cfg *vault.Config) (*vault.Client, error) { + cfg.Address = server.URL + return vault.NewClient(cfg) + } + + client, err := GetVaultClient(ctx, "http://ignored") + if err != nil { + t.Fatalf("expected success, got error: %v", err) + } + if client == nil { + t.Fatal("expected non-nil client") + } + if token := client.Token(); token != "mock-token" { + t.Errorf("expected token to be 'mock-token', got: %s", token) + } +} + +type mockRegistryLookup struct{} + +func (m *mockRegistryLookup) Lookup(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + return []model.Subscription{ + { + Subscriber: model.Subscriber{ + SubscriberID: sub.SubscriberID, + Type: sub.Type, + }, + KeyID: "mock-key-id", + SigningPublicKey: "mock-signing-pubkey", + EncrPublicKey: "mock-encryption-pubkey", + ValidFrom: time.Now().Add(-time.Hour), + ValidUntil: time.Now().Add(time.Hour), + Status: "SUBSCRIBED", + Created: time.Now(), + Updated: time.Now(), + Nonce: "mock-nonce", + }, + }, nil +} + +func TestNewSuccess(t *testing.T) { + tests := []struct { + name string + cfg *Config + cache definition.Cache + registry definition.RegistryLookup + mockVaultStatus int + mockVaultBody string + }{ + { + name: "valid config", + cfg: &Config{ + VaultAddr: "http://dummy", + KVVersion: "v2", + }, + cache: &mockCache{}, + registry: &mockRegistryLookup{}, + mockVaultStatus: http.StatusOK, + mockVaultBody: `{}`, + }, + } + + originalGetVaultClient := getVaultClient + defer func() { getVaultClient = originalGetVaultClient }() + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + vaultServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(tt.mockVaultStatus) + fmt.Fprint(w, tt.mockVaultBody) + })) + defer vaultServer.Close() + + tt.cfg.VaultAddr = vaultServer.URL + + getVaultClient = func(ctx context.Context, addr string) (*vault.Client, error) { + cfg := vault.DefaultConfig() + cfg.Address = addr + return vault.NewClient(cfg) + } + + ctx := context.Background() + km, cleanup, err := New(ctx, tt.cache, tt.registry, tt.cfg) + + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if km == nil { + t.Fatalf("expected KeyMgr instance, got nil") + } + if cleanup == nil { + t.Fatalf("expected cleanup function, got nil") + } + _ = cleanup() + }) + } +} + +func TestNewFailure(t *testing.T) { + tests := []struct { + name string + cfg *Config + cache definition.Cache + registry definition.RegistryLookup + mockVaultStatus int + mockVaultBody string + }{ + { + name: "nil cache", + cfg: &Config{ + VaultAddr: "http://dummy", + KVVersion: "v2", + }, + cache: nil, + registry: &mockRegistryLookup{}, + mockVaultStatus: http.StatusOK, + mockVaultBody: `{}`, + }, + { + name: "nil registry", + cfg: &Config{ + VaultAddr: "http://dummy", + KVVersion: "v2", + }, + cache: &mockCache{}, + registry: nil, + mockVaultStatus: http.StatusOK, + mockVaultBody: `{}`, + }, + { + name: "invalid config", + cfg: &Config{ + VaultAddr: "", // Invalid + KVVersion: "v3", // Unsupported + }, + cache: &mockCache{}, + registry: &mockRegistryLookup{}, + mockVaultStatus: http.StatusOK, + mockVaultBody: `{}`, + }, + { + name: "vault client creation failure", + cfg: &Config{ + VaultAddr: "http://dummy", + KVVersion: "v2", + }, + cache: &mockCache{}, + registry: &mockRegistryLookup{}, + mockVaultStatus: http.StatusOK, + mockVaultBody: `{}`, + }, + } + + originalGetVaultClient := getVaultClient + defer func() { getVaultClient = originalGetVaultClient }() + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + vaultServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(tt.mockVaultStatus) + fmt.Fprint(w, tt.mockVaultBody) + })) + defer vaultServer.Close() + + if tt.cfg != nil { + tt.cfg.VaultAddr = vaultServer.URL + } + + getVaultClient = func(ctx context.Context, addr string) (*vault.Client, error) { + if tt.name == "vault client creation failure" { + return nil, errors.New("simulated vault client creation error") + } + cfg := vault.DefaultConfig() + cfg.Address = addr + return vault.NewClient(cfg) + } + + ctx := context.Background() + km, cleanup, err := New(ctx, tt.cache, tt.registry, tt.cfg) + + if err == nil { + t.Error("expected error, got nil") + } + if km != nil { + t.Error("expected KeyMgr to be nil, got non-nil") + } + if cleanup != nil { + t.Error("expected cleanup to be nil, got non-nil") + } + }) + } + +} + +func TestStorePrivateKeysSuccess(t *testing.T) { + ctx := context.Background() + + keys := &model.Keyset{ + UniqueKeyID: "uuid", + SigningPublic: "signPub", + SigningPrivate: "signPriv", + EncrPublic: "encrPub", + EncrPrivate: "encrPriv", + } + + tests := []struct { + name string + kvVersion string + keyID string + keys *model.Keyset + }{ + { + name: "success kv v1", + kvVersion: "v1", + keyID: "mykeyid", + keys: keys, + }, + { + name: "success kv v2", + kvVersion: "v2", + keyID: "mykeyid", + keys: keys, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + expectedPath := "" + if tt.kvVersion == "v2" { + expectedPath = "/v1/secret/data/keys/" + tt.keyID + } else { + expectedPath = "/v1/secret/keys/" + tt.keyID + } + + if r.URL.Path != expectedPath { + t.Errorf("unexpected request path: got %s, want %s", r.URL.Path, expectedPath) + } + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(200) + fmt.Fprintln(w, `{"data":{}}`) + })) + defer server.Close() + + config := api.DefaultConfig() + config.Address = server.URL + client, err := api.NewClient(config) + if err != nil { + t.Fatalf("failed to create Vault client: %v", err) + } + + km := &KeyMgr{ + VaultClient: client, + KvVersion: tt.kvVersion, + } + + err = km.StorePrivateKeys(ctx, tt.keyID, tt.keys) + if err != nil { + t.Errorf("expected no error, got %v", err) + } + }) + } +} + +func TestStorePrivateKeysFailure(t *testing.T) { + ctx := context.Background() + + keys := &model.Keyset{ + UniqueKeyID: "uuid", + SigningPublic: "signPub", + SigningPrivate: "signPriv", + EncrPublic: "encrPub", + EncrPrivate: "encrPriv", + } + + tests := []struct { + name string + kvVersion string + keyID string + keys *model.Keyset + statusCode int // for HTTP error simulation + expectedErr string + }{ + { + name: "empty keyID", + keyID: "", + keys: keys, + expectedErr: ErrEmptyKeyID.Error(), + }, + { + name: "nil keys", + keyID: "mykeyid", + keys: nil, + expectedErr: ErrNilKeySet.Error(), + }, + { + name: "vault write error", + kvVersion: "v1", + keyID: "mykeyid", + keys: keys, + statusCode: 500, + expectedErr: "failed to store secret in Vault: Error making API request", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + var server *httptest.Server + if tt.statusCode != 0 { + // Setup test HTTP server to simulate Vault error + server = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.Error(w, "internal error", tt.statusCode) + })) + defer server.Close() + } + + var client *api.Client + var err error + if server != nil { + config := api.DefaultConfig() + config.Address = server.URL + client, err = api.NewClient(config) + if err != nil { + t.Fatalf("failed to create Vault client: %v", err) + } + } else { + client = nil + } + + km := &KeyMgr{ + VaultClient: client, + KvVersion: tt.kvVersion, + } + + err = km.StorePrivateKeys(ctx, tt.keyID, tt.keys) + + if err == nil { + t.Fatalf("expected error %q but got nil", tt.expectedErr) + } + if !strings.Contains(err.Error(), tt.expectedErr) { + t.Errorf("expected error containing %q, got %v", tt.expectedErr, err) + } + }) + } +} + +func TestDeletePrivateKeys(t *testing.T) { + tests := []struct { + name string + kvVersion string + keyID string + wantPath string + wantErr error + }{ + { + name: "empty keyID", + kvVersion: "v1", + keyID: "", + wantErr: ErrEmptyKeyID, + }, + { + name: "v1 delete", + kvVersion: "v1", + keyID: "key123", + wantPath: "/v1/secret/private_keys/key123/data/key123", + wantErr: nil, + }, + { + name: "v2 delete", + kvVersion: "v2", + keyID: "key123", + wantPath: "/v1/secret/data/private_keys/key123/data/key123", + wantErr: nil, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // If empty keyID, no Vault calls, just check error + if tt.keyID == "" { + km := &KeyMgr{ + KvVersion: tt.kvVersion, + VaultClient: nil, + } + err := km.DeletePrivateKeys(context.Background(), tt.keyID) + if err != tt.wantErr { + t.Errorf("expected error %v, got %v", tt.wantErr, err) + } + return + } + + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodDelete { + t.Errorf("Expected DELETE method, got %s", r.Method) + } + if r.URL.Path != tt.wantPath { + t.Errorf("Expected path %s, got %s", tt.wantPath, r.URL.Path) + } + w.WriteHeader(http.StatusNoContent) + })) + defer ts.Close() + + vaultClient, err := NewVaultClient(&vault.Config{Address: ts.URL}) + if err != nil { + t.Fatalf("failed to create vault client: %v", err) + } + + km := &KeyMgr{ + KvVersion: tt.kvVersion, + VaultClient: vaultClient, + } + + err = km.DeletePrivateKeys(context.Background(), tt.keyID) + if err != tt.wantErr { + t.Errorf("DeletePrivateKeys() error = %v, want %v", err, tt.wantErr) + } + }) + } +} + +func setupMockVaultServer(t *testing.T, kvVersion, keyID string, success bool) *httptest.Server { + t.Helper() + + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Check that request path is expected + expectedPathV1 := fmt.Sprintf("/v1/secret/private_keys/%s", keyID) + expectedPathV2 := fmt.Sprintf("/v1/secret/data/private_keys/%s", keyID) + + if (kvVersion == "v2" && r.URL.Path != expectedPathV2) || (kvVersion != "v2" && r.URL.Path != expectedPathV1) { + http.Error(w, "not found", http.StatusNotFound) + return + } + + if !success { + // Simulate Vault error or not found + http.Error(w, `{"errors":["key not found"]}`, http.StatusNotFound) + return + } + + // Success response JSON, different for v1 and v2 + if kvVersion == "v2" { + resp := fmt.Sprintf(`{ + "data": { + "data": { + "uniqueKeyID": "%s", + "signingPublicKey": "sign-pub", + "signingPrivateKey": "sign-priv", + "encrPublicKey": "encr-pub", + "encrPrivateKey": "encr-priv" + } + } + }`, keyID) + w.Header().Set("Content-Type", "application/json") + w.Write([]byte(resp)) + } else { + resp := fmt.Sprintf(`{ + "data": { + "uniqueKeyID": "%s", + "signingPublicKey": "sign-pub", + "signingPrivateKey": "sign-priv", + "encrPublicKey": "encr-pub", + "encrPrivateKey": "encr-priv" + } + }`, keyID) + w.Header().Set("Content-Type", "application/json") + w.Write([]byte(resp)) + } + }) + + return httptest.NewServer(handler) +} + +func TestGetKeysSuccess(t *testing.T) { + tests := []struct { + name string + kvVersion string + keyID string + }{ + { + name: "success with KV v2", + kvVersion: "v2", + keyID: "test-key-v2", + }, + { + name: "success with KV v1", + kvVersion: "v1", + keyID: "test-key-v1", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ts := setupMockVaultServer(t, tt.kvVersion, tt.keyID, true) + defer ts.Close() + + cfg := vault.DefaultConfig() + cfg.Address = ts.URL + + client, err := vault.NewClient(cfg) + if err != nil { + t.Fatalf("failed to create Vault client: %v", err) + } + + km := &KeyMgr{ + VaultClient: client, + KvVersion: tt.kvVersion, + } + + keys, err := km.getKeys(context.Background(), tt.keyID) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if keys == nil { + t.Fatalf("expected keys but got nil") + } + if keys.UniqueKeyID != tt.keyID { + t.Errorf("expected UniqueKeyID %q, got %q", tt.keyID, keys.UniqueKeyID) + } + if keys.SigningPrivate != "sign-priv" { + t.Errorf("expected SigningPrivate 'sign-priv', got %q", keys.SigningPrivate) + } + }) + } +} + +func TestGetKeysFailure(t *testing.T) { + tests := []struct { + name string + kvVersion string + keyID string + success bool + }{ + { + name: "failure: vault returns 404 v2", + kvVersion: "v2", + keyID: "missing-key-v2", + success: false, + }, + { + name: "failure: vault returns 404 v1", + kvVersion: "v1", + keyID: "missing-key-v1", + success: false, + }, + { + name: "failure: empty keyID", + kvVersion: "v2", + keyID: "", + success: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + var ts *httptest.Server + if tt.keyID != "" { + ts = setupMockVaultServer(t, tt.kvVersion, tt.keyID, tt.success) + defer ts.Close() + } + + cfg := vault.DefaultConfig() + if ts != nil { + cfg.Address = ts.URL + } else { + // For empty keyID case or no mock server, use invalid URL to force error + cfg.Address = "http://invalid" + } + + client, err := vault.NewClient(cfg) + if err != nil { + t.Fatalf("failed to create Vault client: %v", err) + } + + km := &KeyMgr{ + VaultClient: client, + KvVersion: tt.kvVersion, + } + + keys, err := km.getKeys(context.Background(), tt.keyID) + if err == nil { + t.Fatalf("expected error but got nil") + } + if keys != nil { + t.Fatalf("expected nil keys but got %+v", keys) + } + }) + } +} + +func TestGetPublicKeysSuccess(t *testing.T) { + km := &KeyMgr{ + Cache: &mockCache{}, + Registry: &mockRegistry{ + LookupFunc: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + return []model.Subscription{ + { + Subscriber: model.Subscriber{ + SubscriberID: sub.SubscriberID, + }, + KeyID: sub.KeyID, + SigningPublicKey: "mock-signing-public-key", + EncrPublicKey: "mock-encryption-public-key", + }, + }, nil + }, + }, + } + + got, err := km.getPublicKeys(context.Background(), "sub-id", "key-id") + if err != nil { + t.Fatalf("getPublicKeys() unexpected error: %v", err) + } + if got == nil { + t.Fatal("getPublicKeys() returned nil Keyset") + } + if got.SigningPublic != "mock-signing-public-key" { + t.Errorf("SigningPublic = %v, want %v", got.SigningPublic, "mock-signing-public-key") + } + if got.EncrPublic != "mock-encryption-public-key" { + t.Errorf("EncrPublic = %v, want %v", got.EncrPublic, "mock-encryption-public-key") + } +} + +func TestGetPublicKeysFailure(t *testing.T) { + type fields struct { + cache definition.Cache + registry definition.RegistryLookup + } + type args struct { + subscriberID string + uniqueKeyID string + } + tests := []struct { + name string + fields fields + args args + errMessage string + }{ + { + name: "failure - invalid parameters", + fields: fields{ + cache: &mockCache{}, + registry: &mockRegistry{}, + }, + args: args{ + subscriberID: "", + uniqueKeyID: "", + }, + errMessage: "invalid", + }, + { + name: "failure - registry lookup fails", + fields: fields{ + cache: &mockCache{}, + registry: &mockRegistry{ + LookupFunc: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + return nil, fmt.Errorf("registry down") + }, + }, + }, + args: args{ + subscriberID: "sub-id", + uniqueKeyID: "key-id", + }, + errMessage: "registry down", + }, + { + name: "failure - registry returns empty", + fields: fields{ + cache: &mockCache{}, + registry: &mockRegistry{ + LookupFunc: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + return []model.Subscription{}, nil + }, + }, + }, + args: args{ + subscriberID: "sub-id", + uniqueKeyID: "key-id", + }, + errMessage: "no subscriber found", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + km := &KeyMgr{ + Cache: tt.fields.cache, + Registry: tt.fields.registry, + } + got, err := km.getPublicKeys(context.Background(), tt.args.subscriberID, tt.args.uniqueKeyID) + if err == nil { + t.Errorf("getPublicKeys() expected error but got none, result: %v", got) + return + } + if !strings.Contains(err.Error(), tt.errMessage) { + t.Errorf("getPublicKeys() error = %v, want error message to contain %v", err.Error(), tt.errMessage) + } + }) + } +} + +func TestLookupRegistrySuccess(t *testing.T) { + km := &KeyMgr{ + Registry: &mockRegistry{ + LookupFunc: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + return []model.Subscription{ + { + Subscriber: model.Subscriber{ + SubscriberID: sub.SubscriberID, + }, + KeyID: sub.KeyID, + SigningPublicKey: "signing-key", + EncrPublicKey: "encryption-key", + }, + }, nil + }, + }, + } + + got, err := km.lookupRegistry(context.Background(), "test-subscriber", "key123") + if err != nil { + t.Fatalf("expected no error, got %v", err) + } + + want := &model.Keyset{ + SigningPublic: "signing-key", + EncrPublic: "encryption-key", + } + + if got.SigningPublic != want.SigningPublic { + t.Errorf("SigningPublic = %v, want %v", got.SigningPublic, want.SigningPublic) + } + if got.EncrPublic != want.EncrPublic { + t.Errorf("EncrPublic = %v, want %v", got.EncrPublic, want.EncrPublic) + } +} + +func TestLookupRegistryFailure(t *testing.T) { + tests := []struct { + name string + mockLookup func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) + wantErr error + }{ + { + name: "lookup error", + mockLookup: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + return nil, fmt.Errorf("registry failure") + }, + wantErr: fmt.Errorf("registry failure"), + }, + { + name: "no subscriber found", + mockLookup: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + return []model.Subscription{}, nil + }, + wantErr: ErrSubscriberNotFound, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + km := &KeyMgr{ + Registry: &mockRegistry{ + LookupFunc: tt.mockLookup, + }, + } + got, err := km.lookupRegistry(context.Background(), "some-id", "key-id") + if err == nil { + t.Fatalf("expected error, got none") + } + if got != nil { + t.Errorf("expected nil keyset, got %v", got) + } + }) + } +} + +func TestValidateParamsSuccess(t *testing.T) { + err := validateParams("someSubscriberID", "someUniqueKeyID") + if err != nil { + t.Fatalf("expected no error, got %v", err) + } +} + +func TestValidateParamsFailure(t *testing.T) { + tests := []struct { + name string + subscriberID string + uniqueKeyID string + wantErr error + }{ + { + name: "empty subscriberID", + subscriberID: "", + uniqueKeyID: "validKeyID", + wantErr: ErrEmptySubscriberID, + }, + { + name: "empty uniqueKeyID", + subscriberID: "validSubscriberID", + uniqueKeyID: "", + wantErr: ErrEmptyUniqueKeyID, + }, + { + name: "both empty", + subscriberID: "", + uniqueKeyID: "", + wantErr: ErrEmptySubscriberID, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := validateParams(tt.subscriberID, tt.uniqueKeyID) + if err == nil { + t.Fatalf("expected error %v but got nil", tt.wantErr) + } + if err != tt.wantErr { + t.Errorf("expected error %v, got %v", tt.wantErr, err) + } + }) + } +} From 019b526b6fb11dc859cb9658ec809828daf88e2d Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Tue, 20 May 2025 12:10:58 +0530 Subject: [PATCH 09/84] Resolved linting issues --- .../implementation/keymanager/cmd/plugin.go | 4 +- .../keymanager/cmd/plugin_test.go | 37 --------------- .../keymanager/keymanager_test.go | 46 +++++++------------ 3 files changed, 17 insertions(+), 70 deletions(-) diff --git a/pkg/plugin/implementation/keymanager/cmd/plugin.go b/pkg/plugin/implementation/keymanager/cmd/plugin.go index 5e37af4..b4450d3 100644 --- a/pkg/plugin/implementation/keymanager/cmd/plugin.go +++ b/pkg/plugin/implementation/keymanager/cmd/plugin.go @@ -9,9 +9,7 @@ import ( ) // keyManagerProvider implements the plugin provider for the KeyManager plugin. -type keyManagerProvider struct { - newFunc func(ctx context.Context, cache definition.Cache, registry definition.RegistryLookup, cfg *keymanager.Config) (definition.KeyManager, func() error, error) -} +type keyManagerProvider struct{} // newKeyManagerFunc is a function type that creates a new KeyManager instance. var newKeyManagerFunc = keymanager.New diff --git a/pkg/plugin/implementation/keymanager/cmd/plugin_test.go b/pkg/plugin/implementation/keymanager/cmd/plugin_test.go index bec7c6f..881b837 100644 --- a/pkg/plugin/implementation/keymanager/cmd/plugin_test.go +++ b/pkg/plugin/implementation/keymanager/cmd/plugin_test.go @@ -11,43 +11,6 @@ import ( "github.com/beckn/beckn-onix/pkg/plugin/implementation/keymanager" ) -// Mock KeyManager implementation -type mockKeyManager struct{} - -func (m *mockKeyManager) SigningPublicKey(ctx context.Context, subscriberID, keyID string) (string, error) { - return "mock-signing-public-key", nil -} - -func (m *mockKeyManager) SigningPrivateKey(ctx context.Context, subscriberID string) (string, string, error) { - return "mock-key-id", "mock-signing-private-key", nil -} - -func (m *mockKeyManager) EncrPublicKey(ctx context.Context, subscriberID, keyID string) (string, error) { - return "mock-encryption-public-key", nil -} - -func (m *mockKeyManager) EncrPrivateKey(ctx context.Context, subscriberID string) (string, string, error) { - return "mock-key-id", "mock-encryption-private-key", nil -} - -func (m *mockKeyManager) DeletePrivateKeys(ctx context.Context, subscriberID string) error { - return nil -} - -func (m *mockKeyManager) StorePrivateKeys(ctx context.Context, subscriberID string, keys *model.Keyset) error { - return nil -} - -func (m *mockKeyManager) GenerateKeyPairs() (*model.Keyset, error) { - return &model.Keyset{ - UniqueKeyID: "mock-key-id", - SigningPrivate: "mock-signing-private-key", - SigningPublic: "mock-signing-public-key", - EncrPrivate: "mock-encryption-private-key", - EncrPublic: "mock-encryption-public-key", - }, nil -} - type mockRegistry struct { LookupFunc func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) } diff --git a/pkg/plugin/implementation/keymanager/keymanager_test.go b/pkg/plugin/implementation/keymanager/keymanager_test.go index b08215e..f70e345 100644 --- a/pkg/plugin/implementation/keymanager/keymanager_test.go +++ b/pkg/plugin/implementation/keymanager/keymanager_test.go @@ -220,33 +220,6 @@ func TestGenerateKeyPairs(t *testing.T) { } } -type mockLogical struct { - writeFn func(path string, data map[string]interface{}) (*vault.Secret, error) -} - -func (m *mockLogical) Write(path string, data map[string]interface{}) (*vault.Secret, error) { - return m.writeFn(path, data) -} - -type mockClient struct { - *vault.Client - setTokenFn func(string) - logicalFn func() *vault.Logical -} - -func (m *mockClient) SetToken(token string) { - if m.setTokenFn != nil { - m.setTokenFn(token) - } -} - -func (m *mockClient) Logical() *vault.Logical { - if m.logicalFn != nil { - return m.logicalFn() - } - return &vault.Logical{} -} - func TestGetVaultClient_Failures(t *testing.T) { originalNewVaultClient := NewVaultClient defer func() { NewVaultClient = originalNewVaultClient }() @@ -297,7 +270,9 @@ func TestGetVaultClient_Failures(t *testing.T) { return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) w.Header().Set("Content-Type", "application/json") - io.WriteString(w, `{ "auth": null }`) + if _, err := io.WriteString(w, `{ "auth": null }`); err != nil { + t.Fatalf("failed to write response: %v", err) + } })) }, expectErr: "AppRole login failed: no auth info returned", @@ -353,6 +328,13 @@ func TestGetVaultClient_Success(t *testing.T) { "client_token": "mock-token" } }`) + if _, err := io.WriteString(w, `{ + "auth": { + "client_token": "mock-token" + } + }`); err != nil { + t.Fatalf("failed to write response: %v", err) + } })) defer server.Close() @@ -809,7 +791,9 @@ func setupMockVaultServer(t *testing.T, kvVersion, keyID string, success bool) * } }`, keyID) w.Header().Set("Content-Type", "application/json") - w.Write([]byte(resp)) + if _, err := w.Write([]byte(resp)); err != nil { + t.Fatalf("failed to write response: %v", err) + } } else { resp := fmt.Sprintf(`{ "data": { @@ -821,7 +805,9 @@ func setupMockVaultServer(t *testing.T, kvVersion, keyID string, success bool) * } }`, keyID) w.Header().Set("Content-Type", "application/json") - w.Write([]byte(resp)) + if _, err := w.Write([]byte(resp)); err != nil { + t.Fatalf("failed to write response: %v", err) + } } }) From 0eb0cc572f9c8def723d27dd85d1cd75c8786670 Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Tue, 20 May 2025 12:12:36 +0530 Subject: [PATCH 10/84] fixed linting issue for not checked --- pkg/plugin/implementation/keymanager/keymanager_test.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/pkg/plugin/implementation/keymanager/keymanager_test.go b/pkg/plugin/implementation/keymanager/keymanager_test.go index f70e345..c66b2fe 100644 --- a/pkg/plugin/implementation/keymanager/keymanager_test.go +++ b/pkg/plugin/implementation/keymanager/keymanager_test.go @@ -323,11 +323,6 @@ func TestGetVaultClient_Success(t *testing.T) { } w.WriteHeader(http.StatusOK) w.Header().Set("Content-Type", "application/json") - io.WriteString(w, `{ - "auth": { - "client_token": "mock-token" - } - }`) if _, err := io.WriteString(w, `{ "auth": { "client_token": "mock-token" From bc6d21d7a0be7ef4968d2fc07b7d7e668e4f1fa0 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:16:21 +0530 Subject: [PATCH 11/84] Create build-and-deploy-plugins.yml --- .../workflows/build-and-deploy-plugins.yml | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 .github/workflows/build-and-deploy-plugins.yml diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml new file mode 100644 index 0000000..2b8f2db --- /dev/null +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -0,0 +1,71 @@ +name: Build and Upload Plugins + +on: + workflow_dispatch: + +jobs: + build-and-upload: + runs-on: ubuntu-latest + env: + PLUGIN_OUTPUT_DIR: ./generated + ZIP_FILE: plugins_bundle.zip + + steps: + - name: Checkout this repo + uses: actions/checkout@v4 + + - name: Set up Git + run: | + git config --global url."https://${{ secrets.PAT_GITHUB }}:@github.com/beckn/beckn-onix.git".insteadOf "https://github.com/" + git config --global url."https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev/".insteadOf "https://gerrit.example.com/" + + - name: Clone GitHub and Gerrit plugin repos + run: | + # Example GitHub clone + git -b beckn-onix-v1.0-develop clone https://github.com/beckn/beckn-onix.git github-repo + + # Example Gerrit clone + git clone https://open-networks.googlesource.com/onix-dev/ + + - name: Build Go plugins in Docker + run: | + set -e + mkdir -p $PLUGIN_OUTPUT_DIR + BUILD_CMDS="" + + # GitHub plugins + for dir in beckn-onix-v1.0-develop/pkg/plugin/implementation/*; do + plugin=$(basename "$dir") + BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " + done + + # Gerrit plugins + for dir in onix-dev/plugins/*; do + plugin=$(basename "$dir") + BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " + done + + BUILD_CMDS=${BUILD_CMDS%" && "} + docker run --rm -v "$(pwd)":/app -w /app golang:1.24-bullseye sh -c "$BUILD_CMDS" + + - name: Zip the plugin binaries + run: | + cd $PLUGIN_OUTPUT_DIR + zip -r ../$ZIP_FILE *.so + cd .. + + - name: Authenticate to GCP + run: | + echo "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}" > gcloud-key.json + gcloud auth activate-service-account --key-file=gcloud-key.json + gcloud config set project trusty-relic-370809 + env: + GOOGLE_APPLICATION_CREDENTIALS: gcloud-key.json + + - name: Upload to GCS + run: | + gsutil -m cp -r $ZIP_FILE gs://${GCS_BUCKET}/ + + - name: Cleanup + run: | + rm -rf $PLUGIN_OUTPUT_DIR $ZIP_FILE gcloud-key.json From 981b0017c4dafd117e34365540de40ae0d5f2c5e Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:17:24 +0530 Subject: [PATCH 12/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 2b8f2db..ac716c4 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -1,6 +1,7 @@ name: Build and Upload Plugins on: + push: workflow_dispatch: jobs: From df61e55d7b3d9f568736d291142f010091b9074b Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:18:19 +0530 Subject: [PATCH 13/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index ac716c4..488657f 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -23,7 +23,7 @@ jobs: - name: Clone GitHub and Gerrit plugin repos run: | # Example GitHub clone - git -b beckn-onix-v1.0-develop clone https://github.com/beckn/beckn-onix.git github-repo + git clone -b beckn-onix-v1.0-develop clone https://github.com/beckn/beckn-onix.git github-repo # Example Gerrit clone git clone https://open-networks.googlesource.com/onix-dev/ From 229cf731423a022566f562feefcef5dffd7ada84 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:21:02 +0530 Subject: [PATCH 14/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 488657f..d28bcc1 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -23,7 +23,7 @@ jobs: - name: Clone GitHub and Gerrit plugin repos run: | # Example GitHub clone - git clone -b beckn-onix-v1.0-develop clone https://github.com/beckn/beckn-onix.git github-repo + git clone -b beckn-onix-v1.0-develop https://github.com/beckn/beckn-onix.git github-repo # Example Gerrit clone git clone https://open-networks.googlesource.com/onix-dev/ From 53653fc7bb302aca5e8160c844d2bb4b988f2f3a Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:24:44 +0530 Subject: [PATCH 15/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index d28bcc1..1740fb7 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -17,8 +17,8 @@ jobs: - name: Set up Git run: | - git config --global url."https://${{ secrets.PAT_GITHUB }}:@github.com/beckn/beckn-onix.git".insteadOf "https://github.com/" - git config --global url."https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev/".insteadOf "https://gerrit.example.com/" + git config --global url."https://${{ secrets.PAT_GITHUB }}:@github.com/".insteadOf "https://github.com/" + git config --global url."https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/".insteadOf "https://open-networks.googlesource.com/" - name: Clone GitHub and Gerrit plugin repos run: | @@ -26,7 +26,7 @@ jobs: git clone -b beckn-onix-v1.0-develop https://github.com/beckn/beckn-onix.git github-repo # Example Gerrit clone - git clone https://open-networks.googlesource.com/onix-dev/ + git clone https://open-networks.googlesource.com/onix-dev gerrit-repo - name: Build Go plugins in Docker run: | From ad9540c261718670d016129b9453eaabace2ef5f Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:27:36 +0530 Subject: [PATCH 16/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 1740fb7..f85b053 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -35,7 +35,7 @@ jobs: BUILD_CMDS="" # GitHub plugins - for dir in beckn-onix-v1.0-develop/pkg/plugin/implementation/*; do + for dir in pkg/plugin/implementation/*; do plugin=$(basename "$dir") BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " done From 98b0fc3e77b55e7746c474a8f507343c9668a46d Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:31:37 +0530 Subject: [PATCH 17/84] Update build-and-deploy-plugins.yml --- .../workflows/build-and-deploy-plugins.yml | 56 +++++-------------- 1 file changed, 15 insertions(+), 41 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index f85b053..5d0a8b3 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -28,45 +28,19 @@ jobs: # Example Gerrit clone git clone https://open-networks.googlesource.com/onix-dev gerrit-repo - - name: Build Go plugins in Docker + - name: List directory structure run: | - set -e - mkdir -p $PLUGIN_OUTPUT_DIR - BUILD_CMDS="" - - # GitHub plugins - for dir in pkg/plugin/implementation/*; do - plugin=$(basename "$dir") - BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " - done - - # Gerrit plugins - for dir in onix-dev/plugins/*; do - plugin=$(basename "$dir") - BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " - done - - BUILD_CMDS=${BUILD_CMDS%" && "} - docker run --rm -v "$(pwd)":/app -w /app golang:1.24-bullseye sh -c "$BUILD_CMDS" - - - name: Zip the plugin binaries - run: | - cd $PLUGIN_OUTPUT_DIR - zip -r ../$ZIP_FILE *.so - cd .. - - - name: Authenticate to GCP - run: | - echo "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}" > gcloud-key.json - gcloud auth activate-service-account --key-file=gcloud-key.json - gcloud config set project trusty-relic-370809 - env: - GOOGLE_APPLICATION_CREDENTIALS: gcloud-key.json - - - name: Upload to GCS - run: | - gsutil -m cp -r $ZIP_FILE gs://${GCS_BUCKET}/ - - - name: Cleanup - run: | - rm -rf $PLUGIN_OUTPUT_DIR $ZIP_FILE gcloud-key.json + echo "📂 Contents of root:" + ls -alh + + echo "📂 Contents of GitHub repo:" + ls -alh github-repo + + echo "📂 Deep list of GitHub repo:" + find github-repo + + echo "📂 Contents of Gerrit repo:" + ls -alh gerrit-repo + + echo "📂 Deep list of Gerrit repo:" + find gerrit-repo From 9eb9b74c8a5397925c40bd2757e7778f4e4fee4c Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:37:28 +0530 Subject: [PATCH 18/84] Update build-and-deploy-plugins.yml --- .../workflows/build-and-deploy-plugins.yml | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 5d0a8b3..12cd6e4 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -44,3 +44,46 @@ jobs: echo "📂 Deep list of Gerrit repo:" find gerrit-repo + + - name: Build Go plugins in Docker + run: | + set -e + mkdir -p $PLUGIN_OUTPUT_DIR + BUILD_CMDS="" + + # GitHub plugins + for dir in github-repo/pkg/plugin/implementation/*; do + plugin=$(basename "$dir") + BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " + done + + # Gerrit plugins + for dir in gerrit-repo/plugins/*; do + plugin=$(basename "$dir") + BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " + done + + BUILD_CMDS=${BUILD_CMDS%" && "} + docker run --rm -v "$(pwd)":/app -w /app golang:1.24-bullseye sh -c "$BUILD_CMDS" + + - name: Zip the plugin binaries + run: | + cd $PLUGIN_OUTPUT_DIR + zip -r ../$ZIP_FILE *.so + cd .. + + - name: Authenticate to GCP + run: | + echo "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}" > gcloud-key.json + gcloud auth activate-service-account --key-file=gcloud-key.json + gcloud config set project trusty-relic-370809 + env: + GOOGLE_APPLICATION_CREDENTIALS: gcloud-key.json + + - name: Upload to GCS + run: | + gsutil -m cp -r *.zip gs://${GCS_BUCKET}/ + + - name: Cleanup + run: | + rm -rf $PLUGIN_OUTPUT_DIR $ZIP_FILE gcloud-key.json From f8248f3a52e1ad69b828906a1fe4d76c9c11bdd1 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:38:56 +0530 Subject: [PATCH 19/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 12cd6e4..78de5fe 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -52,13 +52,13 @@ jobs: BUILD_CMDS="" # GitHub plugins - for dir in github-repo/pkg/plugin/implementation/*; do + for dir in pkg/plugin/implementation/*; do plugin=$(basename "$dir") BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " done # Gerrit plugins - for dir in gerrit-repo/plugins/*; do + for dir in plugins/*; do plugin=$(basename "$dir") BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " done From 6074a8ed8e3955b213974e1ae46216a6e6191f1f Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:41:49 +0530 Subject: [PATCH 20/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 78de5fe..da3b2d1 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -15,18 +15,13 @@ jobs: - name: Checkout this repo uses: actions/checkout@v4 - - name: Set up Git - run: | - git config --global url."https://${{ secrets.PAT_GITHUB }}:@github.com/".insteadOf "https://github.com/" - git config --global url."https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/".insteadOf "https://open-networks.googlesource.com/" - - name: Clone GitHub and Gerrit plugin repos run: | # Example GitHub clone - git clone -b beckn-onix-v1.0-develop https://github.com/beckn/beckn-onix.git github-repo + git clone -b beckn-onix-v1.0-develop https://${{ secrets.PAT_GITHUB }}:@github.com/beckn/beckn-onix.git github-repo # Example Gerrit clone - git clone https://open-networks.googlesource.com/onix-dev gerrit-repo + git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo - name: List directory structure run: | From 91c0154fff03202a919bfd3191485eaaa5693ec1 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:47:06 +0530 Subject: [PATCH 21/84] Update build-and-deploy-plugins.yml --- .../workflows/build-and-deploy-plugins.yml | 26 ++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index da3b2d1..6a57afa 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -46,20 +46,22 @@ jobs: mkdir -p $PLUGIN_OUTPUT_DIR BUILD_CMDS="" - # GitHub plugins - for dir in pkg/plugin/implementation/*; do - plugin=$(basename "$dir") - BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " + # GitHub Plugins (confirmed path: github-repo/pkg/plugin/implementation/*/cmd) + for dir in github-repo/pkg/plugin/implementation/*; do + if [ -d "$dir/cmd" ]; then + plugin=$(basename "$dir") + BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " + fi + done + + # Gerrit Plugins (confirmed path: gerrit-repo/plugins/*/cmd) + for dir in gerrit-repo/plugins/*; do + if [ -d "$dir/cmd" ]; then + plugin=$(basename "$dir") + BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " + fi done - # Gerrit plugins - for dir in plugins/*; do - plugin=$(basename "$dir") - BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " - done - - BUILD_CMDS=${BUILD_CMDS%" && "} - docker run --rm -v "$(pwd)":/app -w /app golang:1.24-bullseye sh -c "$BUILD_CMDS" - name: Zip the plugin binaries run: | From bab3a90476b7b0bf0dd712a303610ec05fb8cce4 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:48:12 +0530 Subject: [PATCH 22/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 6a57afa..2bf84aa 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -79,7 +79,7 @@ jobs: - name: Upload to GCS run: | - gsutil -m cp -r *.zip gs://${GCS_BUCKET}/ + gsutil -m cp -r $ZIP_FILE gs://${GCS_BUCKET}/ - name: Cleanup run: | From 457ea09dd3c7c70520b09a6528594582e1a98a64 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:51:48 +0530 Subject: [PATCH 23/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 2bf84aa..44368b3 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -62,12 +62,16 @@ jobs: fi done + BUILD_CMDS=${BUILD_CMDS%" && "} + echo "🛠️ Running build commands inside Docker:" + echo "$BUILD_CMDS" + + docker run --rm -v "$(pwd)":/app -w /app golang:1.24-bullseye sh -c "$BUILD_CMDS" - - name: Zip the plugin binaries + - name: List zip output run: | - cd $PLUGIN_OUTPUT_DIR - zip -r ../$ZIP_FILE *.so - cd .. + ls -lh plugins_bundle.zip + - name: Authenticate to GCP run: | From 80ae5ca394899e05a2f4b4011c8eae41a718d6ae Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:53:29 +0530 Subject: [PATCH 24/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 44368b3..4577020 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -46,11 +46,11 @@ jobs: mkdir -p $PLUGIN_OUTPUT_DIR BUILD_CMDS="" - # GitHub Plugins (confirmed path: github-repo/pkg/plugin/implementation/*/cmd) + # GitHub Plugins for dir in github-repo/pkg/plugin/implementation/*; do if [ -d "$dir/cmd" ]; then plugin=$(basename "$dir") - BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " + BUILD_CMDS+="cd github-repo && go build -buildmode=plugin -buildvcs=false -o ../${PLUGIN_OUTPUT_DIR}/${plugin}.so ./pkg/plugin/implementation/${plugin}/cmd && cd - && " fi done From 70c9e04af731be258ada845ad8c2753605839bd9 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:57:12 +0530 Subject: [PATCH 25/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 4577020..731a42e 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -53,15 +53,22 @@ jobs: BUILD_CMDS+="cd github-repo && go build -buildmode=plugin -buildvcs=false -o ../${PLUGIN_OUTPUT_DIR}/${plugin}.so ./pkg/plugin/implementation/${plugin}/cmd && cd - && " fi done - - # Gerrit Plugins (confirmed path: gerrit-repo/plugins/*/cmd) + for dir in gerrit-repo/plugins/*; do if [ -d "$dir/cmd" ]; then plugin=$(basename "$dir") - BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " + BUILD_CMDS+="cd $dir/cmd && go mod init temp/$plugin && go build -buildmode=plugin -o /app/${PLUGIN_OUTPUT_DIR}/${plugin}.so && cd - && " fi done + # Gerrit Plugins (confirmed path: gerrit-repo/plugins/*/cmd) + #for dir in gerrit-repo/plugins/*; do + # if [ -d "$dir/cmd" ]; then + # plugin=$(basename "$dir") + # BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " + # fi + #done + BUILD_CMDS=${BUILD_CMDS%" && "} echo "🛠️ Running build commands inside Docker:" echo "$BUILD_CMDS" From 14d3f42ec0515a00a5562141693ba8fc05bb4a46 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 15:59:47 +0530 Subject: [PATCH 26/84] Update build-and-deploy-plugins.yml --- .../workflows/build-and-deploy-plugins.yml | 30 ++++++++++--------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 731a42e..aa44d2f 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -40,41 +40,43 @@ jobs: echo "📂 Deep list of Gerrit repo:" find gerrit-repo + - name: Build Go plugins in Docker run: | set -e - mkdir -p $PLUGIN_OUTPUT_DIR + mkdir -p $PLUGIN_OUTPUT_DIR github-repo/plugins-temp + BUILD_CMDS="" - - # GitHub Plugins + + # GitHub plugins for dir in github-repo/pkg/plugin/implementation/*; do if [ -d "$dir/cmd" ]; then plugin=$(basename "$dir") BUILD_CMDS+="cd github-repo && go build -buildmode=plugin -buildvcs=false -o ../${PLUGIN_OUTPUT_DIR}/${plugin}.so ./pkg/plugin/implementation/${plugin}/cmd && cd - && " fi done - + + # Copy Gerrit plugins into GitHub repo so they inherit its go.mod for dir in gerrit-repo/plugins/*; do + plugin=$(basename "$dir") + cp -r "$dir" "github-repo/plugins-temp/$plugin" + done + + # Build copied Gerrit plugins + for dir in github-repo/plugins-temp/*; do if [ -d "$dir/cmd" ]; then plugin=$(basename "$dir") - BUILD_CMDS+="cd $dir/cmd && go mod init temp/$plugin && go build -buildmode=plugin -o /app/${PLUGIN_OUTPUT_DIR}/${plugin}.so && cd - && " + BUILD_CMDS+="cd github-repo && go build -buildmode=plugin -buildvcs=false -o ../${PLUGIN_OUTPUT_DIR}/${plugin}.so ./plugins-temp/${plugin}/cmd && cd - && " fi done - - # Gerrit Plugins (confirmed path: gerrit-repo/plugins/*/cmd) - #for dir in gerrit-repo/plugins/*; do - # if [ -d "$dir/cmd" ]; then - # plugin=$(basename "$dir") - # BUILD_CMDS+="go build -buildmode=plugin -buildvcs=false -o ${PLUGIN_OUTPUT_DIR}/${plugin}.so ./${dir}/cmd && " - # fi - #done - + BUILD_CMDS=${BUILD_CMDS%" && "} echo "🛠️ Running build commands inside Docker:" echo "$BUILD_CMDS" docker run --rm -v "$(pwd)":/app -w /app golang:1.24-bullseye sh -c "$BUILD_CMDS" + - name: List zip output run: | ls -lh plugins_bundle.zip From f5a47cf30fc8b3bf4520d870ffa680e324e77127 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 16:03:05 +0530 Subject: [PATCH 27/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index aa44d2f..86a57c9 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -44,7 +44,7 @@ jobs: - name: Build Go plugins in Docker run: | set -e - mkdir -p $PLUGIN_OUTPUT_DIR github-repo/plugins-temp + mkdir -p $PLUGIN_OUTPUT_DIR BUILD_CMDS="" @@ -56,17 +56,11 @@ jobs: fi done - # Copy Gerrit plugins into GitHub repo so they inherit its go.mod + # Gerrit plugins — build in their own repo/module context for dir in gerrit-repo/plugins/*; do - plugin=$(basename "$dir") - cp -r "$dir" "github-repo/plugins-temp/$plugin" - done - - # Build copied Gerrit plugins - for dir in github-repo/plugins-temp/*; do if [ -d "$dir/cmd" ]; then plugin=$(basename "$dir") - BUILD_CMDS+="cd github-repo && go build -buildmode=plugin -buildvcs=false -o ../${PLUGIN_OUTPUT_DIR}/${plugin}.so ./plugins-temp/${plugin}/cmd && cd - && " + BUILD_CMDS+="cd gerrit-repo && go build -buildmode=plugin -buildvcs=false -o ../${PLUGIN_OUTPUT_DIR}/${plugin}.so ./plugins/${plugin}/cmd && cd - && " fi done @@ -77,6 +71,7 @@ jobs: docker run --rm -v "$(pwd)":/app -w /app golang:1.24-bullseye sh -c "$BUILD_CMDS" + - name: List zip output run: | ls -lh plugins_bundle.zip From 8d47756b9e635b6fa39aac845f1122f60533097c Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 16:06:27 +0530 Subject: [PATCH 28/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 86a57c9..491f667 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -70,6 +70,13 @@ jobs: docker run --rm -v "$(pwd)":/app -w /app golang:1.24-bullseye sh -c "$BUILD_CMDS" + - name: List built plugin files + run: | + echo "Looking in $PLUGIN_OUTPUT_DIR" + ls -lh $PLUGIN_OUTPUT_DIR || echo "⚠️ Directory does not exist" + find $PLUGIN_OUTPUT_DIR -name '*.so' || echo "⚠️ No .so files found" + + - name: List zip output From 4713eaec0557c580279e8b481e43300d170eefa5 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 16:10:48 +0530 Subject: [PATCH 29/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 491f667..c7e23ed 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -79,9 +79,9 @@ jobs: - - name: List zip output - run: | - ls -lh plugins_bundle.zip + #- name: List zip output + # run: | + # ls -lh plugins_bundle.zip - name: Authenticate to GCP From 5eff6a27be222f91493aeff324f543945ac5839b Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 16:15:51 +0530 Subject: [PATCH 30/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index c7e23ed..8417ff5 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -86,7 +86,7 @@ jobs: - name: Authenticate to GCP run: | - echo "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}" > gcloud-key.json + echo '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}' > gcloud-key.json gcloud auth activate-service-account --key-file=gcloud-key.json gcloud config set project trusty-relic-370809 env: From 76d63260beb0bd738e186ca66db97ba6376fd820 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 16:20:22 +0530 Subject: [PATCH 31/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 8417ff5..8187730 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -8,6 +8,7 @@ jobs: build-and-upload: runs-on: ubuntu-latest env: + GCS_BUCKET: ${{ secrets.GCS_BUCKET }} PLUGIN_OUTPUT_DIR: ./generated ZIP_FILE: plugins_bundle.zip From bc9d2fe8ab99d27f301d86cb5b7a0df0dbb75685 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 16:22:52 +0530 Subject: [PATCH 32/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 8187730..0870ff9 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -78,11 +78,9 @@ jobs: find $PLUGIN_OUTPUT_DIR -name '*.so' || echo "⚠️ No .so files found" - - - #- name: List zip output - # run: | - # ls -lh plugins_bundle.zip + - name: List zip output + run: | + ls -lh plugins_bundle.zip - name: Authenticate to GCP From 8cb521f5fbb7e547921013552cd620f7d466b28b Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 20 May 2025 16:33:47 +0530 Subject: [PATCH 33/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 0870ff9..3b76121 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -77,6 +77,11 @@ jobs: ls -lh $PLUGIN_OUTPUT_DIR || echo "⚠️ Directory does not exist" find $PLUGIN_OUTPUT_DIR -name '*.so' || echo "⚠️ No .so files found" + echo "Creating zip archive..." + cd "$PLUGIN_OUTPUT_DIR" + zip -r "../$ZIP_FILE" *.so + echo "Created $ZIP_FILE" + cd .. - name: List zip output run: | From ea872338f6d9b71242b5076988c9523ed3d85c41 Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Thu, 22 May 2025 12:53:54 +0530 Subject: [PATCH 34/84] change in the keymanager interface --- pkg/plugin/definition/keymanager.go | 12 +- .../implementation/keymanager/keymanager.go | 84 +---- .../keymanager/keymanager_test.go | 334 +++++++----------- 3 files changed, 154 insertions(+), 276 deletions(-) diff --git a/pkg/plugin/definition/keymanager.go b/pkg/plugin/definition/keymanager.go index f2c0e2f..749ad0a 100644 --- a/pkg/plugin/definition/keymanager.go +++ b/pkg/plugin/definition/keymanager.go @@ -8,13 +8,11 @@ import ( // KeyManager defines the interface for key management operations/methods. type KeyManager interface { - GenerateKeyPairs() (*model.Keyset, error) - StorePrivateKeys(ctx context.Context, keyID string, keys *model.Keyset) error - SigningPrivateKey(ctx context.Context, keyID string) (string, string, error) - EncrPrivateKey(ctx context.Context, keyID string) (string, string, error) - SigningPublicKey(ctx context.Context, subscriberID, uniqueKeyID string) (string, error) - EncrPublicKey(ctx context.Context, subscriberID, uniqueKeyID string) (string, error) - DeletePrivateKeys(ctx context.Context, keyID string) error + GenerateKeyset() (*model.Keyset, error) + InsertKeyset(ctx context.Context, keyID string, keyset *model.Keyset) error + Keyset(ctx context.Context, keyID string) (*model.Keyset, error) + LookupNPKeys(ctx context.Context, subscriberID, uniqueKeyID string) (string, string, error) + DeleteKeyset(ctx context.Context, keyID string) error } // KeyManagerProvider initializes a new signer instance. diff --git a/pkg/plugin/implementation/keymanager/keymanager.go b/pkg/plugin/implementation/keymanager/keymanager.go index c50079d..c79b8c1 100644 --- a/pkg/plugin/implementation/keymanager/keymanager.go +++ b/pkg/plugin/implementation/keymanager/keymanager.go @@ -10,7 +10,6 @@ import ( "errors" "fmt" "os" - "time" "github.com/beckn/beckn-onix/pkg/log" "github.com/beckn/beckn-onix/pkg/model" @@ -175,8 +174,8 @@ var ( uuidGenFunc = uuid.NewRandom ) -// GenerateKeyPairs generates a new signing (Ed25519) and encryption (X25519) key pair. -func (km *KeyMgr) GenerateKeyPairs() (*model.Keyset, error) { +// GenerateKeyset generates a new signing (Ed25519) and encryption (X25519) key pair. +func (km *KeyMgr) GenerateKeyset() (*model.Keyset, error) { signingPublic, signingPrivate, err := ed25519KeyGenFunc(rand.Reader) if err != nil { return nil, fmt.Errorf("failed to generate signing key pair: %w", err) @@ -200,8 +199,8 @@ func (km *KeyMgr) GenerateKeyPairs() (*model.Keyset, error) { }, nil } -// StorePrivateKeys stores the given keyset in Vault under the specified key ID. -func (km *KeyMgr) StorePrivateKeys(ctx context.Context, keyID string, keys *model.Keyset) error { +// InsertKeyset stores the given keyset in Vault under the specified key ID. +func (km *KeyMgr) InsertKeyset(ctx context.Context, keyID string, keys *model.Keyset) error { if keyID == "" { return ErrEmptyKeyID } @@ -233,44 +232,8 @@ func (km *KeyMgr) StorePrivateKeys(ctx context.Context, keyID string, keys *mode return nil } -// SigningPrivateKey retrieves the unique key ID and signing private key for the given key ID. -func (km *KeyMgr) SigningPrivateKey(ctx context.Context, keyID string) (string, string, error) { - keys, err := km.getKeys(ctx, keyID) - if err != nil { - return "", "", err - } - return keys.UniqueKeyID, keys.SigningPrivate, nil -} - -// EncrPrivateKey retrieves the unique key ID and encryption private key for the given key ID. -func (km *KeyMgr) EncrPrivateKey(ctx context.Context, keyID string) (string, string, error) { - keys, err := km.getKeys(ctx, keyID) - if err != nil { - return "", "", err - } - return keys.UniqueKeyID, keys.EncrPrivate, nil -} - -// SigningPublicKey returns the signing public key for the given subscriber ID and key ID. -func (km *KeyMgr) SigningPublicKey(ctx context.Context, subscriberID, uniqueKeyID string) (string, error) { - keys, err := km.getPublicKeys(ctx, subscriberID, uniqueKeyID) - if err != nil { - return "", err - } - return keys.SigningPublic, nil -} - -// EncrPublicKey returns the encryption public key for the given subscriber ID and key ID. -func (km *KeyMgr) EncrPublicKey(ctx context.Context, subscriberID, uniqueKeyID string) (string, error) { - keys, err := km.getPublicKeys(ctx, subscriberID, uniqueKeyID) - if err != nil { - return "", err - } - return keys.EncrPublic, nil -} - -// DeletePrivateKeys deletes the private keys for the given key ID from Vault. -func (km *KeyMgr) DeletePrivateKeys(ctx context.Context, keyID string) error { +// DeleteKeyset deletes the private keys for the given key ID from Vault. +func (km *KeyMgr) DeleteKeyset(ctx context.Context, keyID string) error { if keyID == "" { return ErrEmptyKeyID } @@ -283,8 +246,8 @@ func (km *KeyMgr) DeletePrivateKeys(ctx context.Context, keyID string) error { return km.VaultClient.KVv2(path).Delete(ctx, keyID) } -// getKeys retrieves the full keyset from Vault for the given key ID. -func (km *KeyMgr) getKeys(ctx context.Context, keyID string) (*model.Keyset, error) { +// Keyset retrieves the keyset for the given key ID from Vault and public keys from the registry. +func (km *KeyMgr) Keyset(ctx context.Context, keyID string) (*model.Keyset, error) { if keyID == "" { return nil, ErrEmptyKeyID } @@ -324,32 +287,16 @@ func (km *KeyMgr) getKeys(ctx context.Context, keyID string) (*model.Keyset, err }, nil } -// getPublicKeys fetches the public keys from cache or registry for the given subscriber and key ID. -func (km *KeyMgr) getPublicKeys(ctx context.Context, subscriberID, uniqueKeyID string) (*model.Keyset, error) { - if err := validateParams(subscriberID, uniqueKeyID); err != nil { - return nil, err - } +// LookupNPKeys retrieves the signing and encryption public keys for the given subscriber ID and unique key ID. +func (km *KeyMgr) LookupNPKeys(ctx context.Context, subscriberID, uniqueKeyID string) (string, string, error) { cacheKey := fmt.Sprintf("%s_%s", subscriberID, uniqueKeyID) cachedData, err := km.Cache.Get(ctx, cacheKey) if err == nil { var keys model.Keyset if err := json.Unmarshal([]byte(cachedData), &keys); err == nil { - return &keys, nil + return keys.SigningPublic, keys.EncrPublic, nil } } - publicKeys, err := km.lookupRegistry(ctx, subscriberID, uniqueKeyID) - if err != nil { - return nil, err - } - cacheValue, err := json.Marshal(publicKeys) - if err == nil { - _ = km.Cache.Set(ctx, cacheKey, string(cacheValue), time.Hour) - } - return publicKeys, nil -} - -// lookupRegistry queries the registry for public keys based on subscriber ID and key ID. -func (km *KeyMgr) lookupRegistry(ctx context.Context, subscriberID, uniqueKeyID string) (*model.Keyset, error) { subscribers, err := km.Registry.Lookup(ctx, &model.Subscription{ Subscriber: model.Subscriber{ SubscriberID: subscriberID, @@ -357,15 +304,12 @@ func (km *KeyMgr) lookupRegistry(ctx context.Context, subscriberID, uniqueKeyID KeyID: uniqueKeyID, }) if err != nil { - return nil, fmt.Errorf("failed to lookup registry: %w", err) + return "", "", fmt.Errorf("failed to lookup registry: %w", err) } if len(subscribers) == 0 { - return nil, ErrSubscriberNotFound + return "", "", ErrSubscriberNotFound } - return &model.Keyset{ - SigningPublic: subscribers[0].SigningPublicKey, - EncrPublic: subscribers[0].EncrPublicKey, - }, nil + return subscribers[0].SigningPublicKey, subscribers[0].EncrPublicKey, nil } // validateParams checks that subscriberID and uniqueKeyID are not empty. diff --git a/pkg/plugin/implementation/keymanager/keymanager_test.go b/pkg/plugin/implementation/keymanager/keymanager_test.go index c66b2fe..47d0fa2 100644 --- a/pkg/plugin/implementation/keymanager/keymanager_test.go +++ b/pkg/plugin/implementation/keymanager/keymanager_test.go @@ -50,7 +50,9 @@ func (m *mockRegistry) Lookup(ctx context.Context, sub *model.Subscription) ([]m }, nil } -type mockCache struct{} +type mockCache struct { + GetFunc func(ctx context.Context, key string) (string, error) +} func (m *mockCache) Get(ctx context.Context, key string) (string, error) { return "", nil @@ -193,7 +195,7 @@ func TestGenerateKeyPairs(t *testing.T) { } km := &KeyMgr{} - keyset, err := km.GenerateKeyPairs() + keyset, err := km.GenerateKeyset() if tt.expectErr { if err == nil { @@ -589,7 +591,7 @@ func TestStorePrivateKeysSuccess(t *testing.T) { KvVersion: tt.kvVersion, } - err = km.StorePrivateKeys(ctx, tt.keyID, tt.keys) + err = km.InsertKeyset(ctx, tt.keyID, tt.keys) if err != nil { t.Errorf("expected no error, got %v", err) } @@ -667,7 +669,7 @@ func TestStorePrivateKeysFailure(t *testing.T) { KvVersion: tt.kvVersion, } - err = km.StorePrivateKeys(ctx, tt.keyID, tt.keys) + err = km.InsertKeyset(ctx, tt.keyID, tt.keys) if err == nil { t.Fatalf("expected error %q but got nil", tt.expectedErr) @@ -717,7 +719,7 @@ func TestDeletePrivateKeys(t *testing.T) { KvVersion: tt.kvVersion, VaultClient: nil, } - err := km.DeletePrivateKeys(context.Background(), tt.keyID) + err := km.DeleteKeyset(context.Background(), tt.keyID) if err != tt.wantErr { t.Errorf("expected error %v, got %v", tt.wantErr, err) } @@ -745,7 +747,7 @@ func TestDeletePrivateKeys(t *testing.T) { VaultClient: vaultClient, } - err = km.DeletePrivateKeys(context.Background(), tt.keyID) + err = km.DeleteKeyset(context.Background(), tt.keyID) if err != tt.wantErr { t.Errorf("DeletePrivateKeys() error = %v, want %v", err, tt.wantErr) } @@ -809,7 +811,7 @@ func setupMockVaultServer(t *testing.T, kvVersion, keyID string, success bool) * return httptest.NewServer(handler) } -func TestGetKeysSuccess(t *testing.T) { +func TestKeysetSuccess(t *testing.T) { tests := []struct { name string kvVersion string @@ -845,7 +847,7 @@ func TestGetKeysSuccess(t *testing.T) { KvVersion: tt.kvVersion, } - keys, err := km.getKeys(context.Background(), tt.keyID) + keys, err := km.Keyset(context.Background(), tt.keyID) if err != nil { t.Fatalf("unexpected error: %v", err) } @@ -862,7 +864,7 @@ func TestGetKeysSuccess(t *testing.T) { } } -func TestGetKeysFailure(t *testing.T) { +func TestKeysetFailure(t *testing.T) { tests := []struct { name string kvVersion string @@ -915,7 +917,7 @@ func TestGetKeysFailure(t *testing.T) { KvVersion: tt.kvVersion, } - keys, err := km.getKeys(context.Background(), tt.keyID) + keys, err := km.Keyset(context.Background(), tt.keyID) if err == nil { t.Fatalf("expected error but got nil") } @@ -926,195 +928,6 @@ func TestGetKeysFailure(t *testing.T) { } } -func TestGetPublicKeysSuccess(t *testing.T) { - km := &KeyMgr{ - Cache: &mockCache{}, - Registry: &mockRegistry{ - LookupFunc: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { - return []model.Subscription{ - { - Subscriber: model.Subscriber{ - SubscriberID: sub.SubscriberID, - }, - KeyID: sub.KeyID, - SigningPublicKey: "mock-signing-public-key", - EncrPublicKey: "mock-encryption-public-key", - }, - }, nil - }, - }, - } - - got, err := km.getPublicKeys(context.Background(), "sub-id", "key-id") - if err != nil { - t.Fatalf("getPublicKeys() unexpected error: %v", err) - } - if got == nil { - t.Fatal("getPublicKeys() returned nil Keyset") - } - if got.SigningPublic != "mock-signing-public-key" { - t.Errorf("SigningPublic = %v, want %v", got.SigningPublic, "mock-signing-public-key") - } - if got.EncrPublic != "mock-encryption-public-key" { - t.Errorf("EncrPublic = %v, want %v", got.EncrPublic, "mock-encryption-public-key") - } -} - -func TestGetPublicKeysFailure(t *testing.T) { - type fields struct { - cache definition.Cache - registry definition.RegistryLookup - } - type args struct { - subscriberID string - uniqueKeyID string - } - tests := []struct { - name string - fields fields - args args - errMessage string - }{ - { - name: "failure - invalid parameters", - fields: fields{ - cache: &mockCache{}, - registry: &mockRegistry{}, - }, - args: args{ - subscriberID: "", - uniqueKeyID: "", - }, - errMessage: "invalid", - }, - { - name: "failure - registry lookup fails", - fields: fields{ - cache: &mockCache{}, - registry: &mockRegistry{ - LookupFunc: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { - return nil, fmt.Errorf("registry down") - }, - }, - }, - args: args{ - subscriberID: "sub-id", - uniqueKeyID: "key-id", - }, - errMessage: "registry down", - }, - { - name: "failure - registry returns empty", - fields: fields{ - cache: &mockCache{}, - registry: &mockRegistry{ - LookupFunc: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { - return []model.Subscription{}, nil - }, - }, - }, - args: args{ - subscriberID: "sub-id", - uniqueKeyID: "key-id", - }, - errMessage: "no subscriber found", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - km := &KeyMgr{ - Cache: tt.fields.cache, - Registry: tt.fields.registry, - } - got, err := km.getPublicKeys(context.Background(), tt.args.subscriberID, tt.args.uniqueKeyID) - if err == nil { - t.Errorf("getPublicKeys() expected error but got none, result: %v", got) - return - } - if !strings.Contains(err.Error(), tt.errMessage) { - t.Errorf("getPublicKeys() error = %v, want error message to contain %v", err.Error(), tt.errMessage) - } - }) - } -} - -func TestLookupRegistrySuccess(t *testing.T) { - km := &KeyMgr{ - Registry: &mockRegistry{ - LookupFunc: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { - return []model.Subscription{ - { - Subscriber: model.Subscriber{ - SubscriberID: sub.SubscriberID, - }, - KeyID: sub.KeyID, - SigningPublicKey: "signing-key", - EncrPublicKey: "encryption-key", - }, - }, nil - }, - }, - } - - got, err := km.lookupRegistry(context.Background(), "test-subscriber", "key123") - if err != nil { - t.Fatalf("expected no error, got %v", err) - } - - want := &model.Keyset{ - SigningPublic: "signing-key", - EncrPublic: "encryption-key", - } - - if got.SigningPublic != want.SigningPublic { - t.Errorf("SigningPublic = %v, want %v", got.SigningPublic, want.SigningPublic) - } - if got.EncrPublic != want.EncrPublic { - t.Errorf("EncrPublic = %v, want %v", got.EncrPublic, want.EncrPublic) - } -} - -func TestLookupRegistryFailure(t *testing.T) { - tests := []struct { - name string - mockLookup func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) - wantErr error - }{ - { - name: "lookup error", - mockLookup: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { - return nil, fmt.Errorf("registry failure") - }, - wantErr: fmt.Errorf("registry failure"), - }, - { - name: "no subscriber found", - mockLookup: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { - return []model.Subscription{}, nil - }, - wantErr: ErrSubscriberNotFound, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - km := &KeyMgr{ - Registry: &mockRegistry{ - LookupFunc: tt.mockLookup, - }, - } - got, err := km.lookupRegistry(context.Background(), "some-id", "key-id") - if err == nil { - t.Fatalf("expected error, got none") - } - if got != nil { - t.Errorf("expected nil keyset, got %v", got) - } - }) - } -} - func TestValidateParamsSuccess(t *testing.T) { err := validateParams("someSubscriberID", "someUniqueKeyID") if err != nil { @@ -1161,3 +974,126 @@ func TestValidateParamsFailure(t *testing.T) { }) } } + +func TestLookupNPKeysSuccess(t *testing.T) { + tests := []struct { + name string + cacheGetFunc func(ctx context.Context, key string) (string, error) + registryLookupFunc func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) + expectedSigningPub string + expectedEncrPub string + }{ + { + name: "Cache hit with valid keys", + cacheGetFunc: func(ctx context.Context, key string) (string, error) { + return `{"SigningPublic":"mock-signing-public-key","EncrPublic":"mock-encryption-public-key"}`, nil + }, + registryLookupFunc: nil, + expectedSigningPub: "mock-signing-public-key", + expectedEncrPub: "mock-encryption-public-key", + }, + { + name: "Cache miss and registry success", + cacheGetFunc: func(ctx context.Context, key string) (string, error) { + + return "", nil + }, + registryLookupFunc: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + return []model.Subscription{ + { + Subscriber: model.Subscriber{ + SubscriberID: sub.SubscriberID, + }, + KeyID: sub.KeyID, + SigningPublicKey: "mock-signing-public-key", + EncrPublicKey: "mock-encryption-public-key", + }, + }, nil + }, + expectedSigningPub: "mock-signing-public-key", + expectedEncrPub: "mock-encryption-public-key", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Set up the KeyMgr with mocks + km := &KeyMgr{ + Cache: &mockCache{ + GetFunc: tt.cacheGetFunc, + }, + Registry: &mockRegistry{ + LookupFunc: tt.registryLookupFunc, + }, + } + + // Call the method + signingPublic, encrPublic, err := km.LookupNPKeys(context.Background(), "sub-id", "key-id") + + // Validate no errors in success cases + if err != nil { + t.Fatalf("LookupNPKeys() unexpected error: %v", err) + } + + // Validate returned public keys + if signingPublic != tt.expectedSigningPub { + t.Errorf("SigningPublic = %v, want %v", signingPublic, tt.expectedSigningPub) + } + if encrPublic != tt.expectedEncrPub { + t.Errorf("EncrPublic = %v, want %v", encrPublic, tt.expectedEncrPub) + } + }) + } +} + +func TestLookupNPKeysFailure(t *testing.T) { + tests := []struct { + name string + cacheGetFunc func(ctx context.Context, key string) (string, error) + registryLookupFunc func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) + expectedError string + }{ + { + name: "Cache miss and registry failure", + cacheGetFunc: func(ctx context.Context, key string) (string, error) { + return "", nil + }, + registryLookupFunc: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + return nil, fmt.Errorf("registry down") + }, + expectedError: "registry down", + }, + { + name: "Cache miss and registry returns no subscriber", + cacheGetFunc: func(ctx context.Context, key string) (string, error) { + return "", nil + }, + registryLookupFunc: func(ctx context.Context, sub *model.Subscription) ([]model.Subscription, error) { + return nil, nil + }, + expectedError: "no subscriber found with given credentials", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Set up the KeyMgr with mocks + km := &KeyMgr{ + Cache: &mockCache{ + GetFunc: tt.cacheGetFunc, + }, + Registry: &mockRegistry{ + LookupFunc: tt.registryLookupFunc, + }, + } + _, _, err := km.LookupNPKeys(context.Background(), "sub-id", "key-id") + if err == nil { + t.Fatalf("expected an error but got none") + } + + if !strings.Contains(err.Error(), tt.expectedError) { + t.Errorf("expected error to contain %v, got %v", tt.expectedError, err.Error()) + } + }) + } +} From bea28cc8de9ac2c101499cc163efc083e480cd70 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Thu, 22 May 2025 14:49:29 +0530 Subject: [PATCH 35/84] Create deploy-to-gke.yml Deploy image in GKE Cluster --- .github/workflows/deploy-to-gke.yml | 44 +++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/deploy-to-gke.yml diff --git a/.github/workflows/deploy-to-gke.yml b/.github/workflows/deploy-to-gke.yml new file mode 100644 index 0000000..bcb43ef --- /dev/null +++ b/.github/workflows/deploy-to-gke.yml @@ -0,0 +1,44 @@ +name: Deploy to GKE + +on: + workflow_dispatch: + inputs: + service_name: + description: 'Name of the Kubernetes service to deploy' + required: true + type: string + cluster_name: + description: 'Name of the GKE cluster' + required: true + type: string + +jobs: + deploy: + runs-on: ubuntu-latest + + env: + PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} + REGION: ${{ secrets.GCP_REGION }} + GKE_CLUSTER: ${{ github.event.inputs.cluster_name }} + SERVICE_NAME: ${{ github.event.inputs.service_name }} + + steps: + - name: Checkout source + uses: actions/checkout@v3 + + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GCP_SA_KEY }} + + - name: Set up GKE credentials + uses: google-github-actions/get-gke-credentials@v1 + with: + cluster_name: ${{ env.GKE_CLUSTER }} + location: ${{ env.REGION }} + project_id: ${{ env.PROJECT_ID }} + + - name: Deploy to GKE + run: | + echo "Deploying service $SERVICE_NAME to cluster $GKE_CLUSTER" + kubectl set image deployment/$SERVICE_NAME $SERVICE_NAME=gcr.io/$PROJECT_ID/$SERVICE_NAME:latest --record From 9a5541f16bd63e83a144c2e644b4ae9560498416 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Sun, 25 May 2025 10:04:01 +0530 Subject: [PATCH 36/84] Create deploy-to-gke-updated.yaml Adding build and Deploy logic in same code --- .github/workflows/deploy-to-gke-updated.yaml | 47 ++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 .github/workflows/deploy-to-gke-updated.yaml diff --git a/.github/workflows/deploy-to-gke-updated.yaml b/.github/workflows/deploy-to-gke-updated.yaml new file mode 100644 index 0000000..58007f4 --- /dev/null +++ b/.github/workflows/deploy-to-gke-updated.yaml @@ -0,0 +1,47 @@ +name: CI/CD to GKE + +on: + push: + branches: + - beckn-onix-v1.0-develop + +jobs: + deploy: + name: Build and Deploy to GKE + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v2 + with: + credentials_json: '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}' + + - name: Set up gcloud CLI + uses: google-github-actions/setup-gcloud@v1 + with: + project_id: ${{ secrets.GCP_PROJECT }} + export_default_credentials: true + + - name: Configure Docker to use Artifact Registry + run: gcloud auth configure-docker ${{ secrets.GCP_REGION }}-docker.pkg.dev + + - name: Build Docker Image + run: | + IMAGE_NAME=${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_REPO }}/beckn-onix:${{ github.sha }} + docker build -t $IMAGE_NAME . + docker push $IMAGE_NAME + + - name: Get GKE Credentials + run: | + gcloud container clusters get-credentials ${{ secrets.GKE_CLUSTER }} \ + --zone ${{ secrets.GKE_ZONE }} \ + --project ${{ secrets.GCP_PROJECT }} + + - name: Deploy to GKE + run: | + IMAGE_NAME=${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_REPO }}/beckn-onix:${{ github.sha }} + kubectl set image deployment/${{ secrets.DEPLOYMENT_NAME }} ${{ secrets.DEPLOYMENT_NAME }}=$IMAGE_NAME + kubectl rollout status deployment/${{ secrets.DEPLOYMENT_NAME }} From c4580fa13159058bc3ac5e1c3706337fa7eaf4ee Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Sun, 25 May 2025 20:49:13 +0530 Subject: [PATCH 37/84] Update and rename deploy-to-gke-updated.yaml to deploy-to-gke-BS.yaml fixed some errors --- .../{deploy-to-gke-updated.yaml => deploy-to-gke-BS.yaml} | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) rename .github/workflows/{deploy-to-gke-updated.yaml => deploy-to-gke-BS.yaml} (96%) diff --git a/.github/workflows/deploy-to-gke-updated.yaml b/.github/workflows/deploy-to-gke-BS.yaml similarity index 96% rename from .github/workflows/deploy-to-gke-updated.yaml rename to .github/workflows/deploy-to-gke-BS.yaml index 58007f4..0564abe 100644 --- a/.github/workflows/deploy-to-gke-updated.yaml +++ b/.github/workflows/deploy-to-gke-BS.yaml @@ -1,9 +1,7 @@ name: CI/CD to GKE on: - push: - branches: - - beckn-onix-v1.0-develop + workflow_dispatch: jobs: deploy: From 88bc3654f2fa15172754bc252785c737c039d700 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Sun, 25 May 2025 21:16:34 +0530 Subject: [PATCH 38/84] Update deploy-to-gke-BS.yaml dockerfile error fixed --- .github/workflows/deploy-to-gke-BS.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-gke-BS.yaml b/.github/workflows/deploy-to-gke-BS.yaml index 0564abe..8b60c90 100644 --- a/.github/workflows/deploy-to-gke-BS.yaml +++ b/.github/workflows/deploy-to-gke-BS.yaml @@ -29,7 +29,7 @@ jobs: - name: Build Docker Image run: | IMAGE_NAME=${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_REPO }}/beckn-onix:${{ github.sha }} - docker build -t $IMAGE_NAME . + docker build -f Dockerfile.adapter -t $IMAGE_NAME . docker push $IMAGE_NAME - name: Get GKE Credentials From 92c81b6d07576e9bc49a3dcceb83b68c38099e36 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Sun, 25 May 2025 21:23:11 +0530 Subject: [PATCH 39/84] Update and rename deploy-to-gke-BS.yaml to deploy-to-gke-BS.yml name change --- .../workflows/{deploy-to-gke-BS.yaml => deploy-to-gke-BS.yml} | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) rename .github/workflows/{deploy-to-gke-BS.yaml => deploy-to-gke-BS.yml} (97%) diff --git a/.github/workflows/deploy-to-gke-BS.yaml b/.github/workflows/deploy-to-gke-BS.yml similarity index 97% rename from .github/workflows/deploy-to-gke-BS.yaml rename to .github/workflows/deploy-to-gke-BS.yml index 8b60c90..4765302 100644 --- a/.github/workflows/deploy-to-gke-BS.yaml +++ b/.github/workflows/deploy-to-gke-BS.yml @@ -1,6 +1,7 @@ -name: CI/CD to GKE +name: CI/CD to GKE updated on: + push: workflow_dispatch: jobs: From fc7088a48336be52d25a99ae7aefdc7696fd7111 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Sun, 25 May 2025 22:24:09 +0530 Subject: [PATCH 40/84] Update deploy-to-gke-BS.yml fixed the error --- .github/workflows/deploy-to-gke-BS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-gke-BS.yml b/.github/workflows/deploy-to-gke-BS.yml index 4765302..e1ea771 100644 --- a/.github/workflows/deploy-to-gke-BS.yml +++ b/.github/workflows/deploy-to-gke-BS.yml @@ -36,7 +36,7 @@ jobs: - name: Get GKE Credentials run: | gcloud container clusters get-credentials ${{ secrets.GKE_CLUSTER }} \ - --zone ${{ secrets.GKE_ZONE }} \ + --zone ${{ secrets.GCP_REGION }} \ --project ${{ secrets.GCP_PROJECT }} - name: Deploy to GKE From a36ae1f6884905bb27dde05fa0f51c8509719748 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 26 May 2025 09:45:33 +0530 Subject: [PATCH 41/84] Create deployment.yaml --- Deployment/deployment.yaml | 40 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 Deployment/deployment.yaml diff --git a/Deployment/deployment.yaml b/Deployment/deployment.yaml new file mode 100644 index 0000000..6443e69 --- /dev/null +++ b/Deployment/deployment.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: onix-demo-adapter + namespace: onix-demo-saksham #------ +spec: + replicas: 1 + selector: + matchLabels: + app: onix-demo-adapter + template: + metadata: + labels: + app: onix-demo-adapter + annotations: + gke-gcsfuse/volumes: "true" + spec: + serviceAccountName: "onix-adapter-sa" #----------- + containers: + - name: onix-adapter + image: "asia-south1-docker.pkg.dev/trusty-relic-370809/onix-adapter-beta/adapter:latest" #------ + ports: + - containerPort: 8080 + env: + - name: CONFIG_FILE + value: "/mnt/gcs/configs/onix-adapter.yaml" # Updated to GCS path + + volumeMounts: + - name: gcs-bucket + mountPath: /mnt/gcs + readOnly: false + + volumes: + - name: gcs-bucket + csi: + driver: gcsfuse.csi.storage.gke.io + readOnly: false + volumeAttributes: + bucketName: "beckn-onix-demo" #---------- + mountOptions: "implicit-dirs" From b1437d84727d925e8f64f860fb47e6d3fbe705e7 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 26 May 2025 09:46:21 +0530 Subject: [PATCH 42/84] Create service.yaml --- Deployment/service.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 Deployment/service.yaml diff --git a/Deployment/service.yaml b/Deployment/service.yaml new file mode 100644 index 0000000..c4be0d8 --- /dev/null +++ b/Deployment/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: onix-adapter-service + namespace: onix-adapter # Namespace +spec: + selector: + app: onix-adapter # This should match the app name in deployment.yaml + ports: + - protocol: TCP + port: 80 + targetPort: 8080 + type: LoadBalancer #NodePort or LoadBalancer From 552a4b1ea9f27602e808eecf2de5667893b4d353 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Mon, 26 May 2025 09:53:30 +0530 Subject: [PATCH 43/84] Update deployment.yaml fixed pointers --- Deployment/deployment.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Deployment/deployment.yaml b/Deployment/deployment.yaml index 6443e69..561fdb5 100644 --- a/Deployment/deployment.yaml +++ b/Deployment/deployment.yaml @@ -2,23 +2,23 @@ apiVersion: apps/v1 kind: Deployment metadata: name: onix-demo-adapter - namespace: onix-demo-saksham #------ + namespace: onix-adapter #------ spec: replicas: 1 selector: matchLabels: - app: onix-demo-adapter + app: onix-adapter template: metadata: labels: - app: onix-demo-adapter + app: onix-adapter annotations: gke-gcsfuse/volumes: "true" spec: - serviceAccountName: "onix-adapter-sa" #----------- + serviceAccountName: "onix-adapter-ksa" #----------- containers: - name: onix-adapter - image: "asia-south1-docker.pkg.dev/trusty-relic-370809/onix-adapter-beta/adapter:latest" #------ + image: "asia-south1-docker.pkg.dev/trusty-relic-370809/onix-adapter-cicd/beckn-onix:latest" #------ ports: - containerPort: 8080 env: @@ -36,5 +36,5 @@ spec: driver: gcsfuse.csi.storage.gke.io readOnly: false volumeAttributes: - bucketName: "beckn-onix-demo" #---------- + bucketName: "beckn-cicd-bucket" #---------- mountOptions: "implicit-dirs" From e1f9a0f9408563fd4059b60655e77f17f00484cc Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Mon, 26 May 2025 10:03:10 +0530 Subject: [PATCH 44/84] Update deploy-to-gke-BS.yml fixed errors --- .github/workflows/deploy-to-gke-BS.yml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-to-gke-BS.yml b/.github/workflows/deploy-to-gke-BS.yml index e1ea771..c54deaf 100644 --- a/.github/workflows/deploy-to-gke-BS.yml +++ b/.github/workflows/deploy-to-gke-BS.yml @@ -39,8 +39,16 @@ jobs: --zone ${{ secrets.GCP_REGION }} \ --project ${{ secrets.GCP_PROJECT }} - - name: Deploy to GKE + - name: Deploy to GKE using Kubernetes Manifests run: | IMAGE_NAME=${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_REPO }}/beckn-onix:${{ github.sha }} - kubectl set image deployment/${{ secrets.DEPLOYMENT_NAME }} ${{ secrets.DEPLOYMENT_NAME }}=$IMAGE_NAME - kubectl rollout status deployment/${{ secrets.DEPLOYMENT_NAME }} + + # Replace image in deployment YAML + sed -i "s|image: .*|image: $IMAGE_NAME|g" Deployment/deployment.yaml + + # Apply Kubernetes manifests + kubectl apply -f Deployment/deployment.yaml + kubectl apply -f Deployment/service.yaml + + # Wait for rollout to complete + kubectl rollout status Deployment/${{ secrets.DEPLOYMENT_NAME }} From d69cb93f32d29bbaa30c05ab0367327011afd788 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Mon, 26 May 2025 10:08:48 +0530 Subject: [PATCH 45/84] Update deploy-to-gke-BS.yml fixed errors --- .github/workflows/deploy-to-gke-BS.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy-to-gke-BS.yml b/.github/workflows/deploy-to-gke-BS.yml index c54deaf..935f99e 100644 --- a/.github/workflows/deploy-to-gke-BS.yml +++ b/.github/workflows/deploy-to-gke-BS.yml @@ -39,6 +39,11 @@ jobs: --zone ${{ secrets.GCP_REGION }} \ --project ${{ secrets.GCP_PROJECT }} + - name: Install gke-gcloud-auth-plugin + run: | + sudo apt-get update + sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin + - name: Deploy to GKE using Kubernetes Manifests run: | IMAGE_NAME=${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_REPO }}/beckn-onix:${{ github.sha }} From 18fe77d016c60d5d7bd3f49890093b63dff2c79b Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Mon, 26 May 2025 10:15:04 +0530 Subject: [PATCH 46/84] Update deploy-to-gke-BS.yml fixed the errors --- .github/workflows/deploy-to-gke-BS.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy-to-gke-BS.yml b/.github/workflows/deploy-to-gke-BS.yml index 935f99e..ef713eb 100644 --- a/.github/workflows/deploy-to-gke-BS.yml +++ b/.github/workflows/deploy-to-gke-BS.yml @@ -24,6 +24,9 @@ jobs: project_id: ${{ secrets.GCP_PROJECT }} export_default_credentials: true + - name: Install GKE Auth Plugin + run: gcloud components install gke-gcloud-auth-plugin --quiet + - name: Configure Docker to use Artifact Registry run: gcloud auth configure-docker ${{ secrets.GCP_REGION }}-docker.pkg.dev @@ -39,11 +42,6 @@ jobs: --zone ${{ secrets.GCP_REGION }} \ --project ${{ secrets.GCP_PROJECT }} - - name: Install gke-gcloud-auth-plugin - run: | - sudo apt-get update - sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin - - name: Deploy to GKE using Kubernetes Manifests run: | IMAGE_NAME=${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_REPO }}/beckn-onix:${{ github.sha }} From 87876924b9dffd4e281ac90ef78feeac3475cf27 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Mon, 26 May 2025 14:18:41 +0530 Subject: [PATCH 47/84] Update deploy-to-gke-BS.yml fixed the error --- .github/workflows/deploy-to-gke-BS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-gke-BS.yml b/.github/workflows/deploy-to-gke-BS.yml index ef713eb..d75dac7 100644 --- a/.github/workflows/deploy-to-gke-BS.yml +++ b/.github/workflows/deploy-to-gke-BS.yml @@ -54,4 +54,4 @@ jobs: kubectl apply -f Deployment/service.yaml # Wait for rollout to complete - kubectl rollout status Deployment/${{ secrets.DEPLOYMENT_NAME }} + kubectl rollout status Deployment/onix-demo-adapter From 9581c3f8acbd3147038491b2086c7ae61e799e73 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Mon, 26 May 2025 14:29:48 +0530 Subject: [PATCH 48/84] Update deploy-to-gke-BS.yml add namespace name --- .github/workflows/deploy-to-gke-BS.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-to-gke-BS.yml b/.github/workflows/deploy-to-gke-BS.yml index d75dac7..2ff81aa 100644 --- a/.github/workflows/deploy-to-gke-BS.yml +++ b/.github/workflows/deploy-to-gke-BS.yml @@ -50,8 +50,8 @@ jobs: sed -i "s|image: .*|image: $IMAGE_NAME|g" Deployment/deployment.yaml # Apply Kubernetes manifests - kubectl apply -f Deployment/deployment.yaml - kubectl apply -f Deployment/service.yaml + kubectl apply -f Deployment/deployment.yaml --namespace=onix-adapter + kubectl apply -f Deployment/service.yaml --namespace=onix-adapter # Wait for rollout to complete - kubectl rollout status Deployment/onix-demo-adapter + kubectl rollout status Deployment/onix-demo-adapter --namespace=onix-adapter From bfda2a1d4226260efc599ba7d0470860f90146cf Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Mon, 26 May 2025 14:42:41 +0530 Subject: [PATCH 49/84] Update build-and-deploy-plugins.yml updated the Plugins path --- .github/workflows/build-and-deploy-plugins.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index 3b76121..c6a1935 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -98,7 +98,7 @@ jobs: - name: Upload to GCS run: | - gsutil -m cp -r $ZIP_FILE gs://${GCS_BUCKET}/ + gsutil -m cp -r $ZIP_FILE gs://${GCS_BUCKET}/plugins/ - name: Cleanup run: | From 3ebf4e981550ca4fd68db1a9e793ce2d58b3f079 Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Tue, 27 May 2025 10:51:40 +0530 Subject: [PATCH 50/84] updated steps to use updated keymanager interface function --- core/module/handler/step.go | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/core/module/handler/step.go b/core/module/handler/step.go index 936ee98..9edd3b0 100644 --- a/core/module/handler/step.go +++ b/core/module/handler/step.go @@ -31,18 +31,18 @@ func newSignStep(signer definition.Signer, km definition.KeyManager) (definition // Run executes the signing step. func (s *signStep) Run(ctx *model.StepContext) error { - keyID, key, err := s.km.SigningPrivateKey(ctx, ctx.SubID) + keySet, err := s.km.Keyset(ctx, ctx.SubID) if err != nil { return fmt.Errorf("failed to get signing key: %w", err) } createdAt := time.Now().Unix() validTill := time.Now().Add(5 * time.Minute).Unix() - sign, err := s.signer.Sign(ctx, ctx.Body, key, createdAt, validTill) + sign, err := s.signer.Sign(ctx, ctx.Body, keySet.SigningPrivate, createdAt, validTill) if err != nil { return fmt.Errorf("failed to sign request: %w", err) } - authHeader := s.generateAuthHeader(ctx.SubID, keyID, createdAt, validTill, sign) + authHeader := s.generateAuthHeader(ctx.SubID, keySet.UniqueKeyID, createdAt, validTill, sign) header := model.AuthHeaderSubscriber if ctx.Role == model.RoleGateway { @@ -107,13 +107,12 @@ func (s *validateSignStep) validate(ctx *model.StepContext, value string) error if len(ids) < 2 || len(headerParts) < 3 { return fmt.Errorf("malformed sign header") } - subID := ids[1] keyID := headerParts[1] - key, err := s.km.SigningPublicKey(ctx, subID, keyID) + keySet, err := s.km.Keyset(ctx, keyID) if err != nil { return fmt.Errorf("failed to get validation key: %w", err) } - if err := s.validator.Validate(ctx, ctx.Body, value, key); err != nil { + if err := s.validator.Validate(ctx, ctx.Body, value, keySet.SigningPublic); err != nil { return fmt.Errorf("sign validation failed: %w", err) } return nil From bb5d7a7f15966e322e1ea1e961d445dec6545cfd Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 27 May 2025 11:48:20 +0530 Subject: [PATCH 51/84] Update build-and-deploy-plugins.yml added input parameter --- .github/workflows/build-and-deploy-plugins.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index c6a1935..c1bbf68 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -3,6 +3,12 @@ name: Build and Upload Plugins on: push: workflow_dispatch: + inputs: + target_branch: + description: 'Branch to deploy' + required: true + default: 'beckn-onix-v1.0-develop' + jobs: build-and-upload: @@ -15,6 +21,12 @@ jobs: steps: - name: Checkout this repo uses: actions/checkout@v4 + with: + ref: ${{ github.event.inputs.target_branch }} + + - name: Show selected branch + run: echo "Deploying branch:${{ github.event.inputs.target_branch }}" + - name: Clone GitHub and Gerrit plugin repos run: | From 11a3affa180836d31a9a8ee98323504d805b29a3 Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Tue, 27 May 2025 11:51:17 +0530 Subject: [PATCH 52/84] Update build-and-deploy-plugins.yml --- .github/workflows/build-and-deploy-plugins.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-plugins.yml b/.github/workflows/build-and-deploy-plugins.yml index c1bbf68..79c33e0 100644 --- a/.github/workflows/build-and-deploy-plugins.yml +++ b/.github/workflows/build-and-deploy-plugins.yml @@ -1,7 +1,6 @@ name: Build and Upload Plugins on: - push: workflow_dispatch: inputs: target_branch: From 1db8aa48ac88efd55493a566a94969121aa14d9b Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Wed, 28 May 2025 11:25:11 +0530 Subject: [PATCH 53/84] Resolved PR review comments --- core/module/handler/step.go | 4 +- .../implementation/keymanager/cmd/plugin.go | 4 +- .../keymanager/cmd/plugin_test.go | 8 ++-- .../implementation/keymanager/keymanager.go | 37 +++++++-------- .../keymanager/keymanager_test.go | 47 ++++++++++++------- 5 files changed, 55 insertions(+), 45 deletions(-) diff --git a/core/module/handler/step.go b/core/module/handler/step.go index 9edd3b0..3998986 100644 --- a/core/module/handler/step.go +++ b/core/module/handler/step.go @@ -108,11 +108,11 @@ func (s *validateSignStep) validate(ctx *model.StepContext, value string) error return fmt.Errorf("malformed sign header") } keyID := headerParts[1] - keySet, err := s.km.Keyset(ctx, keyID) + signingPublicKey, _, err := s.km.LookupNPKeys(ctx, ctx.SubID, keyID) if err != nil { return fmt.Errorf("failed to get validation key: %w", err) } - if err := s.validator.Validate(ctx, ctx.Body, value, keySet.SigningPublic); err != nil { + if err := s.validator.Validate(ctx, ctx.Body, value, signingPublicKey); err != nil { return fmt.Errorf("sign validation failed: %w", err) } return nil diff --git a/pkg/plugin/implementation/keymanager/cmd/plugin.go b/pkg/plugin/implementation/keymanager/cmd/plugin.go index b4450d3..f7579e9 100644 --- a/pkg/plugin/implementation/keymanager/cmd/plugin.go +++ b/pkg/plugin/implementation/keymanager/cmd/plugin.go @@ -17,8 +17,8 @@ var newKeyManagerFunc = keymanager.New // New creates and initializes a new KeyManager instance using the provided cache, registry lookup, and configuration. func (k *keyManagerProvider) New(ctx context.Context, cache definition.Cache, registry definition.RegistryLookup, cfg map[string]string) (definition.KeyManager, func() error, error) { config := &keymanager.Config{ - VaultAddr: cfg["vault_addr"], - KVVersion: cfg["kv_version"], + VaultAddr: cfg["vaultAddr"], + KVVersion: cfg["kvVersion"], } log.Debugf(ctx, "Keymanager config mapped: %+v", cfg) km, cleanup, err := newKeyManagerFunc(ctx, cache, registry, config) diff --git a/pkg/plugin/implementation/keymanager/cmd/plugin_test.go b/pkg/plugin/implementation/keymanager/cmd/plugin_test.go index 881b837..bafd4bb 100644 --- a/pkg/plugin/implementation/keymanager/cmd/plugin_test.go +++ b/pkg/plugin/implementation/keymanager/cmd/plugin_test.go @@ -62,8 +62,8 @@ func TestNewSuccess(t *testing.T) { cache := &mockCache{} registry := &mockRegistry{} cfg := map[string]string{ - "vault_addr": "http://dummy-vault", - "kv_version": "2", + "vaultAddr": "http://dummy-vault", + "kvVersion": "2", } cleanupCalled := false @@ -105,8 +105,8 @@ func TestNewFailure(t *testing.T) { cache := &mockCache{} registry := &mockRegistry{} cfg := map[string]string{ - "vault_addr": "http://dummy-vault", - "kv_version": "2", + "vaultAddr": "http://dummy-vault", + "kvVersion": "2", } newKeyManagerFunc = func(ctx context.Context, cache definition.Cache, registry definition.RegistryLookup, cfg *keymanager.Config) (*keymanager.KeyMgr, func() error, error) { diff --git a/pkg/plugin/implementation/keymanager/keymanager.go b/pkg/plugin/implementation/keymanager/keymanager.go index c79b8c1..7dcac67 100644 --- a/pkg/plugin/implementation/keymanager/keymanager.go +++ b/pkg/plugin/implementation/keymanager/keymanager.go @@ -10,6 +10,7 @@ import ( "errors" "fmt" "os" + "strings" "github.com/beckn/beckn-onix/pkg/log" "github.com/beckn/beckn-onix/pkg/model" @@ -61,11 +62,13 @@ func ValidateCfg(cfg *Config) error { if cfg.VaultAddr == "" { return errors.New("invalid config: VaultAddr cannot be empty") } - if cfg.KVVersion == "" { - cfg.KVVersion = "v1" - } else if cfg.KVVersion != "v1" && cfg.KVVersion != "v2" { + kvVersion := strings.ToLower(cfg.KVVersion) + if kvVersion == "" { + kvVersion = "v1" + } else if kvVersion != "v1" && kvVersion != "v2" { return fmt.Errorf("invalid KVVersion: must be 'v1' or 'v2'") } + cfg.KVVersion = kvVersion return nil } @@ -199,6 +202,14 @@ func (km *KeyMgr) GenerateKeyset() (*model.Keyset, error) { }, nil } +// getSecretPath constructs the Vault secret path for storing keys based on the KV version. +func (km *KeyMgr) getSecretPath(keyID string) string { + if km.KvVersion == "v2" { + return fmt.Sprintf("secret/data/keys/%s", keyID) + } + return fmt.Sprintf("secret/keys/%s", keyID) +} + // InsertKeyset stores the given keyset in Vault under the specified key ID. func (km *KeyMgr) InsertKeyset(ctx context.Context, keyID string, keys *model.Keyset) error { if keyID == "" { @@ -215,19 +226,17 @@ func (km *KeyMgr) InsertKeyset(ctx context.Context, keyID string, keys *model.Ke "encrPublicKey": keys.EncrPublic, "encrPrivateKey": keys.EncrPrivate, } - var path string + path := km.getSecretPath(keyID) var payload map[string]interface{} if km.KvVersion == "v2" { - path = fmt.Sprintf("secret/data/keys/%s", keyID) payload = map[string]interface{}{"data": keyData} } else { - path = fmt.Sprintf("secret/keys/%s", keyID) payload = keyData } _, err := km.VaultClient.Logical().Write(path, payload) if err != nil { - return fmt.Errorf("failed to store secret in Vault: %w", err) + return fmt.Errorf("failed to store secret in Vault at path %s: %w", path, err) } return nil } @@ -237,12 +246,7 @@ func (km *KeyMgr) DeleteKeyset(ctx context.Context, keyID string) error { if keyID == "" { return ErrEmptyKeyID } - var path string - if km.KvVersion == "v2" { - path = fmt.Sprintf("secret/data/private_keys/%s", keyID) - } else { - path = fmt.Sprintf("secret/private_keys/%s", keyID) - } + path := km.getSecretPath(keyID) return km.VaultClient.KVv2(path).Delete(ctx, keyID) } @@ -252,12 +256,7 @@ func (km *KeyMgr) Keyset(ctx context.Context, keyID string) (*model.Keyset, erro return nil, ErrEmptyKeyID } - var path string - if km.KvVersion == "v2" { - path = fmt.Sprintf("secret/data/private_keys/%s", keyID) - } else { - path = fmt.Sprintf("secret/private_keys/%s", keyID) - } + path := km.getSecretPath(keyID) secret, err := km.VaultClient.Logical().Read(path) if err != nil || secret == nil { diff --git a/pkg/plugin/implementation/keymanager/keymanager_test.go b/pkg/plugin/implementation/keymanager/keymanager_test.go index 47d0fa2..48a6b7c 100644 --- a/pkg/plugin/implementation/keymanager/keymanager_test.go +++ b/pkg/plugin/implementation/keymanager/keymanager_test.go @@ -636,7 +636,7 @@ func TestStorePrivateKeysFailure(t *testing.T) { keyID: "mykeyid", keys: keys, statusCode: 500, - expectedErr: "failed to store secret in Vault: Error making API request", + expectedErr: "failed to store secret in Vault at path secret/keys/mykeyid: Error making API request.", }, } @@ -699,14 +699,14 @@ func TestDeletePrivateKeys(t *testing.T) { name: "v1 delete", kvVersion: "v1", keyID: "key123", - wantPath: "/v1/secret/private_keys/key123/data/key123", + wantPath: "/v1/secret/keys/key123/data/key123", wantErr: nil, }, { name: "v2 delete", kvVersion: "v2", keyID: "key123", - wantPath: "/v1/secret/data/private_keys/key123/data/key123", + wantPath: "/v1/secret/data/keys/key123/data/key123", wantErr: nil, }, } @@ -759,9 +759,8 @@ func setupMockVaultServer(t *testing.T, kvVersion, keyID string, success bool) * t.Helper() handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // Check that request path is expected - expectedPathV1 := fmt.Sprintf("/v1/secret/private_keys/%s", keyID) - expectedPathV2 := fmt.Sprintf("/v1/secret/data/private_keys/%s", keyID) + expectedPathV1 := fmt.Sprintf("/v1/secret/keys/%s", keyID) + expectedPathV2 := fmt.Sprintf("/v1/secret/data/keys/%s", keyID) if (kvVersion == "v2" && r.URL.Path != expectedPathV2) || (kvVersion != "v2" && r.URL.Path != expectedPathV1) { http.Error(w, "not found", http.StatusNotFound) @@ -769,14 +768,18 @@ func setupMockVaultServer(t *testing.T, kvVersion, keyID string, success bool) * } if !success { - // Simulate Vault error or not found http.Error(w, `{"errors":["key not found"]}`, http.StatusNotFound) return } - // Success response JSON, different for v1 and v2 + w.Header().Set("Content-Type", "application/json") + if kvVersion == "v2" { resp := fmt.Sprintf(`{ + "request_id": "req-1234", + "lease_id": "", + "renewable": false, + "lease_duration": 0, "data": { "data": { "uniqueKeyID": "%s", @@ -784,27 +787,35 @@ func setupMockVaultServer(t *testing.T, kvVersion, keyID string, success bool) * "signingPrivateKey": "sign-priv", "encrPublicKey": "encr-pub", "encrPrivateKey": "encr-priv" + }, + "metadata": { + "created_time": "2025-05-28T00:00:00Z", + "deletion_time": "", + "destroyed": false, + "version": 1 } - } + }, + "warnings": null, + "auth": null }`, keyID) - w.Header().Set("Content-Type", "application/json") - if _, err := w.Write([]byte(resp)); err != nil { - t.Fatalf("failed to write response: %v", err) - } + w.Write([]byte(resp)) } else { resp := fmt.Sprintf(`{ + "request_id": "req-1234", + "lease_id": "", + "renewable": false, + "lease_duration": 0, "data": { "uniqueKeyID": "%s", "signingPublicKey": "sign-pub", "signingPrivateKey": "sign-priv", "encrPublicKey": "encr-pub", "encrPrivateKey": "encr-priv" - } + }, + "warnings": null, + "auth": null }`, keyID) - w.Header().Set("Content-Type", "application/json") - if _, err := w.Write([]byte(resp)); err != nil { - t.Fatalf("failed to write response: %v", err) - } + w.Write([]byte(resp)) } }) From 3fc1ef53f04c343421c83eb2fae67f632e7d3023 Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Wed, 28 May 2025 11:28:40 +0530 Subject: [PATCH 54/84] Resolved linting issue --- pkg/plugin/implementation/keymanager/keymanager_test.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pkg/plugin/implementation/keymanager/keymanager_test.go b/pkg/plugin/implementation/keymanager/keymanager_test.go index 48a6b7c..5415f46 100644 --- a/pkg/plugin/implementation/keymanager/keymanager_test.go +++ b/pkg/plugin/implementation/keymanager/keymanager_test.go @@ -798,7 +798,9 @@ func setupMockVaultServer(t *testing.T, kvVersion, keyID string, success bool) * "warnings": null, "auth": null }`, keyID) - w.Write([]byte(resp)) + if _, err := w.Write([]byte(resp)); err != nil { + t.Fatalf("failed to write response: %v", err) + } } else { resp := fmt.Sprintf(`{ "request_id": "req-1234", @@ -815,7 +817,9 @@ func setupMockVaultServer(t *testing.T, kvVersion, keyID string, success bool) * "warnings": null, "auth": null }`, keyID) - w.Write([]byte(resp)) + if _, err := w.Write([]byte(resp)); err != nil { + t.Fatalf("failed to write response: %v", err) + } } }) From 5c5a8b67264c9fd77bcc4fafce1f6d2de3d3bd8e Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Thu, 29 May 2025 11:33:40 +0530 Subject: [PATCH 55/84] Create Terraform Deploy to GCP.yaml initial setup --- .../workflows/Terraform Deploy to GCP.yaml | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/Terraform Deploy to GCP.yaml diff --git a/.github/workflows/Terraform Deploy to GCP.yaml b/.github/workflows/Terraform Deploy to GCP.yaml new file mode 100644 index 0000000..86a5080 --- /dev/null +++ b/.github/workflows/Terraform Deploy to GCP.yaml @@ -0,0 +1,41 @@ +name: Terraform Deploy to GCP + +on: + push: + branches: + - main + +jobs: + terraform: + name: Deploy with Terraform on GCP + runs-on: ubuntu-latest + env: + GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcp-key.json + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.5.0 + + - name: Authenticate to Google Cloud + run: echo "${{ secrets.GCP_CREDENTIALS }}" > gcp-key.json + shell: bash + + - name: Terraform Init + run: terraform init -var="credentials_file=gcp-key.json" + + - name: Terraform Validate + run: terraform validate + + - name: Terraform Plan + run: terraform plan -var="credentials_file=gcp-key.json" -out=tfplan + + - name: Terraform Apply + run: terraform apply -auto-approve tfplan + + - name: Clean up credentials file + run: rm -f gcp-key.json From 9040124d914997f1a81d859b53dca5a12875d0ce Mon Sep 17 00:00:00 2001 From: MohitKatare-protean Date: Fri, 30 May 2025 15:29:56 +0530 Subject: [PATCH 56/84] added tag omitZero to the subscriber and subscription struct --- pkg/model/model.go | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/pkg/model/model.go b/pkg/model/model.go index a91e2a3..004bf23 100644 --- a/pkg/model/model.go +++ b/pkg/model/model.go @@ -10,24 +10,24 @@ import ( // Subscriber represents a unique operational configuration of a trusted platform on a network. type Subscriber struct { - SubscriberID string `json:"subscriber_id"` - URL string `json:"url" format:"uri"` - Type string `json:"type" enum:"BAP,BPP,BG"` - Domain string `json:"domain"` + SubscriberID string `json:"subscriber_id,omitzero"` + URL string `json:"url,omitzero" format:"uri"` + Type string `json:"type,omitzero" enum:"BAP,BPP,BG"` + Domain string `json:"domain,omitzero"` } // Subscription represents subscription details of a network participant. type Subscription struct { Subscriber `json:",inline"` - KeyID string `json:"key_id" format:"uuid"` - SigningPublicKey string `json:"signing_public_key"` - EncrPublicKey string `json:"encr_public_key"` - ValidFrom time.Time `json:"valid_from" format:"date-time"` - ValidUntil time.Time `json:"valid_until" format:"date-time"` - Status string `json:"status" enum:"INITIATED,UNDER_SUBSCRIPTION,SUBSCRIBED,EXPIRED,UNSUBSCRIBED,INVALID_SSL"` - Created time.Time `json:"created" format:"date-time"` - Updated time.Time `json:"updated" format:"date-time"` - Nonce string + KeyID string `json:"key_id,omitzero" format:"uuid"` + SigningPublicKey string `json:"signing_public_key,omitzero"` + EncrPublicKey string `json:"encr_public_key,omitzero"` + ValidFrom time.Time `json:"valid_from,omitzero" format:"date-time"` + ValidUntil time.Time `json:"valid_until,omitzero" format:"date-time"` + Status string `json:"status,omitzero" enum:"INITIATED,UNDER_SUBSCRIPTION,SUBSCRIBED,EXPIRED,UNSUBSCRIBED,INVALID_SSL"` + Created time.Time `json:"created,omitzero" format:"date-time"` + Updated time.Time `json:"updated,omitzero" format:"date-time"` + Nonce string `json:"nonce,omitzero"` } // Authorization-related constants for headers. From 3717ea9a23dbcd6f4ad32c2b7db183c3343a5d6b Mon Sep 17 00:00:00 2001 From: BushraS-Protean Date: Mon, 2 Jun 2025 11:28:58 +0530 Subject: [PATCH 57/84] Update Terraform Deploy to GCP.yaml Fixed errors --- .../workflows/Terraform Deploy to GCP.yaml | 59 +++++++++++-------- 1 file changed, 36 insertions(+), 23 deletions(-) diff --git a/.github/workflows/Terraform Deploy to GCP.yaml b/.github/workflows/Terraform Deploy to GCP.yaml index 86a5080..8b524a5 100644 --- a/.github/workflows/Terraform Deploy to GCP.yaml +++ b/.github/workflows/Terraform Deploy to GCP.yaml @@ -1,41 +1,54 @@ name: Terraform Deploy to GCP - + on: - push: - branches: - - main - + workflow_dispatch: # Manual trigger + jobs: terraform: - name: Deploy with Terraform on GCP + name: Deploy GCP Infrastructure runs-on: ubuntu-latest env: GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcp-key.json - + steps: - - name: Checkout repository + - name: Checkout this repository uses: actions/checkout@v3 + + - name: Clone Terraform repo from Gerrit + run: | + git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo + - name: Set up Terraform uses: hashicorp/setup-terraform@v3 with: terraform_version: 1.5.0 - + - name: Authenticate to Google Cloud - run: echo "${{ secrets.GCP_CREDENTIALS }}" > gcp-key.json - shell: bash - - - name: Terraform Init - run: terraform init -var="credentials_file=gcp-key.json" - - - name: Terraform Validate - run: terraform validate - + run: echo "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}" > gcp-key.json + + - name: Terraform Init with backend + working-directory: ./onix-dev/Terraform + run: | + terraform init \ + -backend-config="bucket=your-backend-bucket-name" \ + -backend-config="prefix=terraform/state" \ + -backend-config="credentials=${{ github.workspace }}/gcp-key.json" + + - name: Terraform Plan - run: terraform plan -var="credentials_file=gcp-key.json" -out=tfplan - + working-directory: ./onix-dev/Terraform + run: terraform plan -out=tfplan -var="credentials_file=${{ github.workspace }}/gcp-key.json" + + - name: Wait for Manual Approval + uses: hmarr/auto-approve-action@v2 + if: false # prevents automatic approval + with: + github-token: ${{ secrets.PAT_GITHUB }} + - name: Terraform Apply - run: terraform apply -auto-approve tfplan - - - name: Clean up credentials file + working-directory: ./onix-dev/Terraform + run: terraform apply tfplan + + - name: Clean up credentials run: rm -f gcp-key.json From dbf00b7939d9b2d16e352ad3ff69e9ca6bea8e4a Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 12:14:54 +0530 Subject: [PATCH 58/84] Update Terraform Deploy to GCP.yaml --- .github/workflows/Terraform Deploy to GCP.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Terraform Deploy to GCP.yaml b/.github/workflows/Terraform Deploy to GCP.yaml index 8b524a5..827352e 100644 --- a/.github/workflows/Terraform Deploy to GCP.yaml +++ b/.github/workflows/Terraform Deploy to GCP.yaml @@ -7,8 +7,8 @@ jobs: terraform: name: Deploy GCP Infrastructure runs-on: ubuntu-latest - env: - GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcp-key.json + #env: + # GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcp-key.json steps: - name: Checkout this repository From 681f1846a6629882cf20065057ee611e9fb47c91 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 12:17:48 +0530 Subject: [PATCH 59/84] Rename Terraform Deploy to GCP.yaml to onix-gcp-terraform-deploy.yml --- ...Terraform Deploy to GCP.yaml => onix-gcp-terraform-deploy.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{Terraform Deploy to GCP.yaml => onix-gcp-terraform-deploy.yml} (100%) diff --git a/.github/workflows/Terraform Deploy to GCP.yaml b/.github/workflows/onix-gcp-terraform-deploy.yml similarity index 100% rename from .github/workflows/Terraform Deploy to GCP.yaml rename to .github/workflows/onix-gcp-terraform-deploy.yml From 29ac7111b722556b3eb0caf0806af90498801635 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 12:38:28 +0530 Subject: [PATCH 60/84] Update onix-gcp-terraform-deploy.yml --- .../workflows/onix-gcp-terraform-deploy.yml | 46 +++++++------------ 1 file changed, 16 insertions(+), 30 deletions(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 827352e..96be4b1 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -1,54 +1,40 @@ name: Terraform Deploy to GCP - + on: workflow_dispatch: # Manual trigger - + jobs: - terraform: - name: Deploy GCP Infrastructure + plan: + name: Terraform Plan Only runs-on: ubuntu-latest - #env: - # GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcp-key.json - + steps: - name: Checkout this repository uses: actions/checkout@v3 - + - name: Clone Terraform repo from Gerrit run: | git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo - - name: Set up Terraform uses: hashicorp/setup-terraform@v3 with: terraform_version: 1.5.0 - + - name: Authenticate to Google Cloud - run: echo "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}" > gcp-key.json - + run: echo '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}' > gcp-key.json + - name: Terraform Init with backend - working-directory: ./onix-dev/Terraform + working-directory: ./gerrit-repo/Terraform run: | terraform init \ - -backend-config="bucket=your-backend-bucket-name" \ - -backend-config="prefix=terraform/state" \ + -backend-config="bucket=beckn-state-bucket-bs" \ + -backend-config="prefix=onix-terraform/state" \ -backend-config="credentials=${{ github.workspace }}/gcp-key.json" - - + - name: Terraform Plan - working-directory: ./onix-dev/Terraform - run: terraform plan -out=tfplan -var="credentials_file=${{ github.workspace }}/gcp-key.json" - - - name: Wait for Manual Approval - uses: hmarr/auto-approve-action@v2 - if: false # prevents automatic approval - with: - github-token: ${{ secrets.PAT_GITHUB }} - - - name: Terraform Apply - working-directory: ./onix-dev/Terraform - run: terraform apply tfplan - + working-directory: ./gerrit-repo/Terraform + run: terraform plan -var="credentials_file=${{ github.workspace }}/gcp-key.json" + - name: Clean up credentials run: rm -f gcp-key.json From b714c2470e8992e75a373686c6656a9463e14543 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 13:24:09 +0530 Subject: [PATCH 61/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 96be4b1..6f6c8c7 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -1,7 +1,8 @@ name: Terraform Deploy to GCP on: - workflow_dispatch: # Manual trigger + push: + workflow_dispatch: # Manual trigger jobs: plan: From 358066c5860f9614c8591547664a45edfd3bb5cc Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 13:30:03 +0530 Subject: [PATCH 62/84] Update deploy-to-gke-BS.yml --- .github/workflows/deploy-to-gke-BS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-gke-BS.yml b/.github/workflows/deploy-to-gke-BS.yml index 2ff81aa..d068829 100644 --- a/.github/workflows/deploy-to-gke-BS.yml +++ b/.github/workflows/deploy-to-gke-BS.yml @@ -1,7 +1,7 @@ name: CI/CD to GKE updated on: - push: + #push: workflow_dispatch: jobs: From 1d23dc2e4edde9a460d5b714353ff333b55c2f01 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 13:30:09 +0530 Subject: [PATCH 63/84] Update onix-gcp-terraform-deploy.yml --- .../workflows/onix-gcp-terraform-deploy.yml | 27 +++---------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 6f6c8c7..6e6a034 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -16,26 +16,7 @@ jobs: - name: Clone Terraform repo from Gerrit run: | git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo - - - name: Set up Terraform - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.5.0 - - - name: Authenticate to Google Cloud - run: echo '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}' > gcp-key.json - - - name: Terraform Init with backend - working-directory: ./gerrit-repo/Terraform - run: | - terraform init \ - -backend-config="bucket=beckn-state-bucket-bs" \ - -backend-config="prefix=onix-terraform/state" \ - -backend-config="credentials=${{ github.workspace }}/gcp-key.json" - - - name: Terraform Plan - working-directory: ./gerrit-repo/Terraform - run: terraform plan -var="credentials_file=${{ github.workspace }}/gcp-key.json" - - - name: Clean up credentials - run: rm -f gcp-key.json + echo "==== Directory contents after clone ====" + ls -la + echo "==== Contents of gerrit-repo ====" + ls -la gerrit-repo From cbe900f0eea5c20c66d61ad0ecdb755a906b75f2 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 13:31:05 +0530 Subject: [PATCH 64/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 6e6a034..01873a4 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -15,7 +15,7 @@ jobs: - name: Clone Terraform repo from Gerrit run: | - git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo + git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev/Terraform gerrit-repo echo "==== Directory contents after clone ====" ls -la echo "==== Contents of gerrit-repo ====" From 738310b92ebf014dcebb34bf4431c11103d0e13e Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 13:33:33 +0530 Subject: [PATCH 65/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 01873a4..c6611b0 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -15,8 +15,13 @@ jobs: - name: Clone Terraform repo from Gerrit run: | - git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev/Terraform gerrit-repo + git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo echo "==== Directory contents after clone ====" ls -la echo "==== Contents of gerrit-repo ====" ls -la gerrit-repo + echo "==== Contents of Terraform-dir ====" + pwd + cd Terraform + pwd + la -la From 3f8f2ee4395cbb8010a775a8ba55bd6b1b771f77 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 13:36:09 +0530 Subject: [PATCH 66/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index c6611b0..6a81631 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -17,8 +17,10 @@ jobs: run: | git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo echo "==== Directory contents after clone ====" + pwd ls -la echo "==== Contents of gerrit-repo ====" + pwd ls -la gerrit-repo echo "==== Contents of Terraform-dir ====" pwd From 16e892cb21cf2c8bd7e91f54441b26845120fa4f Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 13:38:55 +0530 Subject: [PATCH 67/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 6a81631..d0a1e9e 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -15,7 +15,7 @@ jobs: - name: Clone Terraform repo from Gerrit run: | - git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo + git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev echo "==== Directory contents after clone ====" pwd ls -la From 0f6fa91b15e04d385c6b8a24cb6f6c062597dfd8 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 13:40:47 +0530 Subject: [PATCH 68/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index d0a1e9e..8bd5174 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -15,7 +15,7 @@ jobs: - name: Clone Terraform repo from Gerrit run: | - git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev + git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo echo "==== Directory contents after clone ====" pwd ls -la @@ -24,6 +24,6 @@ jobs: ls -la gerrit-repo echo "==== Contents of Terraform-dir ====" pwd - cd Terraform + cd gerrit-repo/Terraform pwd la -la From 46ad7a74fb9b17c01c378f91f2bf4c5fce1a0b08 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Mon, 2 Jun 2025 13:41:48 +0530 Subject: [PATCH 69/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 8bd5174..82b4183 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -26,4 +26,4 @@ jobs: pwd cd gerrit-repo/Terraform pwd - la -la + ls -la From d9cdedad05afd23600f76891ffa9fef7f7730d76 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 10:39:31 +0530 Subject: [PATCH 70/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 82b4183..6961294 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -16,12 +16,12 @@ jobs: - name: Clone Terraform repo from Gerrit run: | git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo - echo "==== Directory contents after clone ====" - pwd - ls -la - echo "==== Contents of gerrit-repo ====" - pwd - ls -la gerrit-repo + #echo "==== Directory contents after clone ====" + #pwd + #ls -la + #echo "==== Contents of gerrit-repo ====" + #pwd + #ls -la gerrit-repo echo "==== Contents of Terraform-dir ====" pwd cd gerrit-repo/Terraform From 5333b98f2b1ba136370b5c3ceaebe6247c0650fb Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 10:41:27 +0530 Subject: [PATCH 71/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 6961294..01d8d4d 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -24,6 +24,6 @@ jobs: #ls -la gerrit-repo echo "==== Contents of Terraform-dir ====" pwd - cd gerrit-repo/Terraform + cd gerrit-repo/Terraform-CICD pwd ls -la From 3d90ea8cd258325442c017bb8d272147572a23b1 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 10:58:04 +0530 Subject: [PATCH 72/84] Update onix-gcp-terraform-deploy.yml --- .../workflows/onix-gcp-terraform-deploy.yml | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 01d8d4d..1540c3f 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -16,14 +16,28 @@ jobs: - name: Clone Terraform repo from Gerrit run: | git clone https://${{ secrets.GERRIT_USERNAME }}:${{ secrets.GERRIT_PAT }}@open-networks.googlesource.com/onix-dev gerrit-repo - #echo "==== Directory contents after clone ====" - #pwd - #ls -la - #echo "==== Contents of gerrit-repo ====" - #pwd - #ls -la gerrit-repo echo "==== Contents of Terraform-dir ====" pwd cd gerrit-repo/Terraform-CICD pwd ls -la + + - name: Authenticate to Google Cloud + run: echo '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}' > gcp-key.json + + - name: Terraform Init with backend + working-directory: ./gerrit-repo/Terraform-CICD + run: | + terraform init \ + -backend-config="beckn-cicd-tf-state-bucket" \ + -backend-config="prefix=terraform/state" \ + -backend-config="credentials=${{ github.workspace }}/gcp-key.json" + + - name: Terraform Plan + working-directory: ./gerrit-repo/Terraform-CICD + run: terraform plan -var="credentials_file=${{ github.workspace }}/gcp-key.json" + + #- name: Terraform Apply + # working-directory: ./gerrit-repo/Terraform + # run: terraform apply -auto-approve tfplan + From bc4f38b26fc5c4758b0d853d1d615b8e380cad1e Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:00:22 +0530 Subject: [PATCH 73/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 1540c3f..49fd1ac 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -25,11 +25,16 @@ jobs: - name: Authenticate to Google Cloud run: echo '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}' > gcp-key.json + - name: Set up Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.5.0 + - name: Terraform Init with backend working-directory: ./gerrit-repo/Terraform-CICD run: | terraform init \ - -backend-config="beckn-cicd-tf-state-bucket" \ + -backend-config="bucket=beckn-cicd-tf-state-bucket" \ -backend-config="prefix=terraform/state" \ -backend-config="credentials=${{ github.workspace }}/gcp-key.json" From 067030d58efd0099640644b68ab9273ad231856d Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:05:09 +0530 Subject: [PATCH 74/84] Update onix-gcp-terraform-deploy.yml --- .../workflows/onix-gcp-terraform-deploy.yml | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 49fd1ac..3ffeec2 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -30,13 +30,23 @@ jobs: with: terraform_version: 1.5.0 - - name: Terraform Init with backend + - name: Create backend.tf and Terraform Init working-directory: ./gerrit-repo/Terraform-CICD + env: + GCS_BUCKET: beckn-cicd-tf-state-bucket run: | - terraform init \ - -backend-config="bucket=beckn-cicd-tf-state-bucket" \ - -backend-config="prefix=terraform/state" \ - -backend-config="credentials=${{ github.workspace }}/gcp-key.json" + cat < backend.tf + terraform { + backend "gcs" { + bucket = "${GCS_BUCKET}" + prefix = "terraform/state" + credentials = "${{ github.workspace }}/gcp-key.json" + } + } + EOF + + terraform init + - name: Terraform Plan working-directory: ./gerrit-repo/Terraform-CICD From b4e2e18464e1d3be59ca9e7dbfc1665276c42a6a Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:06:16 +0530 Subject: [PATCH 75/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 3ffeec2..1fce25f 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -50,7 +50,7 @@ jobs: - name: Terraform Plan working-directory: ./gerrit-repo/Terraform-CICD - run: terraform plan -var="credentials_file=${{ github.workspace }}/gcp-key.json" + run: terraform plan #- name: Terraform Apply # working-directory: ./gerrit-repo/Terraform From c5635523675f7d17b4f716986a91b15fac90c114 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:10:06 +0530 Subject: [PATCH 76/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 1fce25f..d1e01d9 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -47,6 +47,18 @@ jobs: terraform init + - name: Create provider.tf with credentials + working-directory: ./gerrit-repo/Terraform-CICD + run: | + cat < provider.tf + provider "google" { + credentials = "${{ github.workspace }}/gcp-key.json" + project = trusty-relic-370809" + region = "asia-south1" + } + EOF + + - name: Terraform Plan working-directory: ./gerrit-repo/Terraform-CICD From bd3a998eb948945d38dd45e39d9558a262229873 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:11:11 +0530 Subject: [PATCH 77/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index d1e01d9..f37932a 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -53,7 +53,7 @@ jobs: cat < provider.tf provider "google" { credentials = "${{ github.workspace }}/gcp-key.json" - project = trusty-relic-370809" + project = "trusty-relic-370809" region = "asia-south1" } EOF From 8792a3cbddb5bd762b71b4f91d26bacda26f5e96 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:15:11 +0530 Subject: [PATCH 78/84] Update onix-gcp-terraform-deploy.yml --- .../workflows/onix-gcp-terraform-deploy.yml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index f37932a..a0544c4 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -30,6 +30,12 @@ jobs: with: terraform_version: 1.5.0 + - name: Authenticate to Google Cloud + run: echo "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}" > gcp-key.json + + - name: Export GCP Credentials to Terraform + run: echo "GOOGLE_APPLICATION_CREDENTIALS=$GITHUB_WORKSPACE/gcp-key.json" >> $GITHUB_ENV + - name: Create backend.tf and Terraform Init working-directory: ./gerrit-repo/Terraform-CICD env: @@ -46,19 +52,6 @@ jobs: EOF terraform init - - - name: Create provider.tf with credentials - working-directory: ./gerrit-repo/Terraform-CICD - run: | - cat < provider.tf - provider "google" { - credentials = "${{ github.workspace }}/gcp-key.json" - project = "trusty-relic-370809" - region = "asia-south1" - } - EOF - - - name: Terraform Plan working-directory: ./gerrit-repo/Terraform-CICD From e80dff2681fba5268a3082636ac091e0a0355cd0 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:18:00 +0530 Subject: [PATCH 79/84] Update onix-gcp-terraform-deploy.yml sa key --- .github/workflows/onix-gcp-terraform-deploy.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index a0544c4..d68615c 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -30,11 +30,11 @@ jobs: with: terraform_version: 1.5.0 - - name: Authenticate to Google Cloud - run: echo "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}" > gcp-key.json + - name: Write GCP credentials to file + run: echo '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_JSON }}' > gcp-key.json - - name: Export GCP Credentials to Terraform - run: echo "GOOGLE_APPLICATION_CREDENTIALS=$GITHUB_WORKSPACE/gcp-key.json" >> $GITHUB_ENV + - name: Export GCP credentials environment variable + run: echo "GOOGLE_APPLICATION_CREDENTIALS=$GITHUB_WORKSPACE/gcp-key.json" >> $GITHUB_ENV - name: Create backend.tf and Terraform Init working-directory: ./gerrit-repo/Terraform-CICD From 47097b9cf68bdc4c8df464ed452644491c9d2bc5 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:19:57 +0530 Subject: [PATCH 80/84] performing terraform appply --- .github/workflows/onix-gcp-terraform-deploy.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index d68615c..9722b55 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -57,7 +57,10 @@ jobs: working-directory: ./gerrit-repo/Terraform-CICD run: terraform plan - #- name: Terraform Apply - # working-directory: ./gerrit-repo/Terraform - # run: terraform apply -auto-approve tfplan + - name: Terraform Apply + working-directory: ./gerrit-repo/Terraform + run: terraform apply -auto-approve tfplan + + - name: Clean up credentials + run: rm -f gcp-key.json From ca4e6215b44c6163a214efac2ec7d44ee6876808 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:20:49 +0530 Subject: [PATCH 81/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 9722b55..744a142 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -59,7 +59,7 @@ jobs: - name: Terraform Apply working-directory: ./gerrit-repo/Terraform - run: terraform apply -auto-approve tfplan + run: terraform apply -auto-approve - name: Clean up credentials run: rm -f gcp-key.json From d06e0b0b995b54cfb3cc32f5a0489b06b6f6b354 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:22:52 +0530 Subject: [PATCH 82/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 744a142..b30efa8 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -58,7 +58,7 @@ jobs: run: terraform plan - name: Terraform Apply - working-directory: ./gerrit-repo/Terraform + working-directory: ./gerrit-repo/Terraform-CICD run: terraform apply -auto-approve - name: Clean up credentials From 18280038ed1f1de07b9bc37d2d686281a68573e5 Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:35:09 +0530 Subject: [PATCH 83/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index b30efa8..41b1998 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -59,7 +59,7 @@ jobs: - name: Terraform Apply working-directory: ./gerrit-repo/Terraform-CICD - run: terraform apply -auto-approve + run: terraform apply -var="subnet_name=onix-gke-subnet" -auto-approve - name: Clean up credentials run: rm -f gcp-key.json From d68db24ff5abaf2bcaf368dc8141872c8afaac8c Mon Sep 17 00:00:00 2001 From: AbhishekHS220 Date: Wed, 4 Jun 2025 11:52:39 +0530 Subject: [PATCH 84/84] Update onix-gcp-terraform-deploy.yml --- .github/workflows/onix-gcp-terraform-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/onix-gcp-terraform-deploy.yml b/.github/workflows/onix-gcp-terraform-deploy.yml index 41b1998..478979b 100644 --- a/.github/workflows/onix-gcp-terraform-deploy.yml +++ b/.github/workflows/onix-gcp-terraform-deploy.yml @@ -2,7 +2,7 @@ name: Terraform Deploy to GCP on: push: - workflow_dispatch: # Manual trigger + workflow_dispatch: # Manual triggerr jobs: plan: