test-cloud-server: build and publish test-cloud-server image (#510)

* test-cloud-server: build and publish test-cloud-server image

Author: jkralik

.github/workflows/publishTestCloudServer.yml

@@ -0,0 +1,57 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Create and publish a test-cloud-server image
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - '*'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}/test-cloud-server
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for test-cloud-server
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+      
+      - name: Build hub-build image
+        run: make hub-build
+
+      - name: Build and push test-cloud-server docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: ./test/cloud-server
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Makefile

@@ -82,11 +82,13 @@ env: clean certificates nats mongo privateKeys
 	if [ "${TRAVIS_OS_NAME}" == "linux" ]; then \
 		sudo sh -c 'echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6'; \
 	fi
+	mkdir -p $(WORKING_DIRECTORY)/.tmp/devsim
 	docker run \
 		-d \
 		--privileged \
 		--name=devsim \
 		--network=host \
+		-v $(WORKING_DIRECTORY)/.tmp/devsim:/tmp \
 		ghcr.io/iotivity/iotivity-lite/cloud-server-debug:latest \
 		devsim-$(SIMULATOR_NAME_SUFFIX)
 
@@ -158,6 +160,7 @@ clean:
 	docker rm -f nats || true
 	docker rm -f nats-cloud-connector || true
 	docker rm -f devsim || true
+	sudo rm -rf ./.tmp/devsim
 	sudo rm -rf ./.tmp/certs || true
 	sudo rm -rf ./.tmp/mongo || true
 	sudo rm -rf ./.tmp/home || true

bundle/client/ob/main.go

@@ -7,10 +7,13 @@ import (
 	"flag"
 	"fmt"
 	"log"
+	"net"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/plgd-dev/device/client"
+	"github.com/plgd-dev/device/schema/device"
 	capb "github.com/plgd-dev/hub/certificate-authority/pb"
 	"github.com/plgd-dev/hub/grpc-gateway/pb"
 	grpcCloud "github.com/plgd-dev/hub/pkg/net/grpc"
@@ -86,18 +89,31 @@ func ownAndOnboard(ctx context.Context, c *OcfClient, deviceID, apn, authCode st
 
 func main() {
 	addr := flag.String("addr", "localhost:443", "address")
-	accessToken := flag.String("accessToken", "", "accessToken")
-	authCode := flag.String("authCode", "test", "authCode")
-	deviceID := flag.String("deviceId", "", "deviceId")
-	discoverTimeout := flag.Duration("discoverTimeout", time.Second, "discoverTimeout")
-	apn := flag.String("authorizationProvider", "plgd", "authorizationProvider")
+	authAddr := flag.String("authAddr", "", "auth address to get access token from mock oauth server")
+	accessToken := flag.String("accessToken", "", "use directly access token without contacting mock oauth server")
+	authCode := flag.String("authCode", "test", "use authorization code for registration device to the cloud")
+	deviceID := flag.String("deviceId", "", "onboard the device")
+	listDevices := flag.Bool("listDevices", false, "list devices which can be onboard to the cloud")
+	discoverDuration := flag.Duration("discoverDuration", time.Second, "discover devices for X seconds")
+	apn := flag.String("authorizationProvider", "plgd", "use authorization provider for registration device to the cloud")
 	flag.Parse()
 
+	if *authAddr == "" {
+		*authAddr = *addr
+	}
 	if *accessToken == "" {
 		var err error
-		*accessToken, err = getServiceToken(*addr)
+		*accessToken, err = getServiceToken(*authAddr)
 		if err != nil {
-			log.Fatalf("cannot get access token")
+			log.Fatalf("cannot get access token: %v", err)
+		}
+	}
+
+	// check if port is part of address, otherwise append ":443"
+	_, _, err := net.SplitHostPort(*addr)
+	if err != nil {
+		if strings.Contains(err.Error(), "missing port in address") {
+			*addr = *addr + ":443"
 		}
 	}
 
@@ -115,12 +131,17 @@ func main() {
 	grpcClient := pb.NewGrpcGatewayClient(grpcConn)
 
 	caClient := capb.NewCertificateAuthorityClient(grpcConn)
-	ctx, cancel := context.WithTimeout(context.Background(), *discoverTimeout+60*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), *discoverDuration+60*time.Second)
 	defer cancel()
 	ctx = grpcCloud.CtxWithToken(ctx, *accessToken)
 
+	hubConfiguration, err := grpcClient.GetHubConfiguration(ctx, &pb.HubConfigurationRequest{})
+	if err != nil {
+		log.Fatalf("cannot get hub configuration: %v", err)
+	}
+
 	c := new(OcfClient)
-	err = c.Initialize(ctx, grpcClient, caClient)
+	err = c.Initialize(ctx, hubConfiguration, caClient)
 	if err != nil {
 		log.Fatalf("cannot initialize ocf client: %v", err)
 	}
@@ -130,17 +151,29 @@ func main() {
 		return
 	}
 
-	devices, err := c.Discover(ctx, *discoverTimeout)
+	devices, err := c.Discover(ctx, *discoverDuration)
 	if err != nil {
 		log.Fatalf("cannot device devices: %v", err)
 	}
-	fmt.Printf("found %v devices with discover timeout %v\n", len(devices), *discoverTimeout)
-
+	filteredDevices := make([]client.DeviceDetails, 0, len(devices))
 	for _, d := range devices {
 		if d.IsSecured && d.OwnershipStatus == client.OwnershipStatus_ReadyToBeOwned {
+			filteredDevices = append(filteredDevices, d)
+		}
+	}
+	fmt.Printf("found %v ready to be owned devices with discover duration %v\n", len(filteredDevices), *discoverDuration)
+	for _, d := range filteredDevices {
+		if !*listDevices {
 			ownAndOnboard(ctx, c, d.ID, *apn, *authCode)
 			return
 		}
+		name := "unknown"
+		id := d.ID
+		if d.Details != nil {
+			if v, ok := d.Details.(*device.Device); ok {
+				name = v.Name
+			}
+		}
+		fmt.Printf("%v(%v)\n", name, id)
 	}
-
 }

bundle/client/ob/ocfclient.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	"github.com/plgd-dev/device/app"
@@ -11,7 +12,6 @@ import (
 	capb "github.com/plgd-dev/hub/certificate-authority/pb"
 	"github.com/plgd-dev/hub/certificate-authority/signer"
 	"github.com/plgd-dev/hub/grpc-gateway/pb"
-	"github.com/plgd-dev/kit/v2/codec/json"
 	"github.com/plgd-dev/kit/v2/security"
 )
 
@@ -21,24 +21,19 @@ type OcfClient struct {
 }
 
 // Initialize creates and initializes new local client
-func (c *OcfClient) Initialize(ctx context.Context, grpcClient pb.GrpcGatewayClient, caClient capb.CertificateAuthorityClient) error {
-	hubConfiguration, err := grpcClient.GetHubConfiguration(ctx, &pb.HubConfigurationRequest{})
-	if err != nil {
-		return err
-	}
+func (c *OcfClient) Initialize(ctx context.Context, hubConfiguration *pb.HubConfigurationResponse, caClient capb.CertificateAuthorityClient) error {
 	appCallback, err := app.NewApp(&app.AppConfig{
 		RootCA: hubConfiguration.GetCertificateAuthorities(),
 	})
 	if err != nil {
-		return err
+		return fmt.Errorf("cannot create app callback: %w", err)
 	}
 
 	signer := signer.NewIdentityCertificateSigner(caClient)
 
 	localClient, err := client.NewClientFromConfig(&client.Config{
-		DisablePeerTCPSignalMessageCSMs:   true,
-		KeepAliveConnectionTimeoutSeconds: 10,
-		ObserverPollingIntervalSeconds:    1,
+		KeepAliveConnectionTimeoutSeconds: 30,
+		ObserverPollingIntervalSeconds:    15,
 		DeviceCacheExpirationSeconds:      3600,
 		MaxMessageSize:                    512 * 1024,
 		DeviceOwnershipBackend: &client.DeviceOwnershipBackendConfig{
@@ -48,12 +43,12 @@ func (c *OcfClient) Initialize(ctx context.Context, grpcClient pb.GrpcGatewayCli
 	}, appCallback, nil, func(err error) {})
 
 	if err != nil {
-		return err
+		return fmt.Errorf("cannot create client: %w", err)
 	}
 
 	err = localClient.Initialization(ctx)
 	if err != nil {
-		return err
+		return fmt.Errorf("cannot initialize client: %w", err)
 	}
 
 	c.localClient = localClient
@@ -72,21 +67,6 @@ func (c *OcfClient) Discover(ctx context.Context, timeout time.Duration) (map[st
 	return c.localClient.GetDevices(ctx)
 }
 
-// GetResource retrieves, encodes and returns resource representation of specified resource
-func (c *OcfClient) GetResource(ctx context.Context, deviceID, resourceHref string) (string, error) {
-	var data interface{}
-	err := c.localClient.GetResource(ctx, deviceID, resourceHref, &data)
-	if err != nil || data == nil {
-		return "", err
-	}
-
-	dataJSON, err := json.Encode(data)
-	if err != nil {
-		return "", err
-	}
-	return string(dataJSON), nil
-}
-
 // OwnDevice transfers the ownersip of the device to user represented by the token
 func (c *OcfClient) OwnDevice(ctx context.Context, deviceID string) (string, error) {
 	return c.localClient.OwnDevice(ctx, deviceID, client.WithOTM(client.OTMType_JustWorks))

test/cloud-server/Dockerfile

@@ -0,0 +1,47 @@
+FROM hub-build AS build
+ARG root_directory=$GOPATH/src/github.com/plgd-dev/hub
+
+#grpc-gateway
+ARG service=grpc-gateway
+WORKDIR $root_directory/$service/service
+RUN go test -c -ldflags "-linkmode external -extldflags -static" -o /go/bin/grpc-gateway.test
+
+#certificate-generator
+ARG service=kit
+WORKDIR /
+RUN cd $GOPATH/pkg/mod/github.com/plgd-dev/kit/v2* && go build -ldflags "-linkmode external -extldflags -static" -o /go/bin/certificate-generator ./cmd/certificate-generator
+
+#nats
+WORKDIR $root_directory
+RUN curl -L https://github.com/nats-io/nats-server/releases/download/v2.3.1/nats-server-v2.3.1-linux-amd64.zip -o ./nats-server.zip
+RUN mkdir -p ./nats-server
+RUN unzip ./nats-server.zip -d ./nats-server
+RUN cp ./nats-server/*/nats-server /go/bin/nats-server
+
+RUN curl -L https://github.com/nats-io/natscli/releases/download/0.0.24/nats-0.0.24-linux-amd64.zip -o ./nats.zip
+RUN mkdir -p ./nats
+RUN unzip ./nats.zip -d ./nats
+RUN cp ./nats/*/nats /go/bin/nats
+
+FROM ubuntu:20.04 as service
+RUN apt update
+RUN apt install -y wget gnupg iproute2 systemctl openssl nginx ca-certificates netcat
+RUN wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add -
+RUN wget https://github.com/mikefarah/yq/releases/download/v4.6.3/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq
+RUN echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list
+RUN apt update
+RUN apt-get install -y mongodb-org-server mongodb-org
+COPY --from=build /go/bin/certificate-generator /usr/local/bin/certificate-generator
+COPY --from=build /go/bin/grpc-gateway.test /usr/local/bin/grpc-gateway.test
+COPY --from=build /go/bin/nats-server /usr/local/bin/nats-server
+COPY --from=build /go/bin/nats /usr/local/bin/nats
+COPY run.sh /usr/local/bin/run.sh
+
+ENV FQDN="localhost"
+
+# ports
+ENV MONGO_PORT=27017
+ENV NATS_PORT=4222
+
+
+ENTRYPOINT ["/usr/local/bin/run.sh"]