use of software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient in project aws-greengrass-nucleus by aws-greengrass.
the class DynamicComponentConfigurationValidationTest method GIVEN_deployment_changes_component_config_WHEN_component_validates_config_THEN_deployment_is_successful.
@Test
void GIVEN_deployment_changes_component_config_WHEN_component_validates_config_THEN_deployment_is_successful() throws Throwable {
LogConfig.getRootLogConfig().setLevel(Level.DEBUG);
// Subscribe to config validation on behalf of the running service
CountDownLatch eventReceivedByClient = new CountDownLatch(1);
Topics servicePrivateConfig = kernel.getConfig().findTopics(SERVICES_NAMESPACE_TOPIC, "OldService", PRIVATE_STORE_NAMESPACE_TOPIC);
String authToken = Coerce.toString(servicePrivateConfig.find(SERVICE_UNIQUE_ID_KEY));
CountDownLatch subscriptionLatch = new CountDownLatch(1);
try (EventStreamRPCConnection clientConnection = IPCTestUtils.connectToGGCOverEventStreamIPC(socketOptions, authToken, kernel);
AutoCloseable l = TestUtils.createCloseableLogListener(m -> {
if (m.getMessage().contains("Config IPC subscribe to config validation request")) {
subscriptionLatch.countDown();
}
})) {
GreengrassCoreIPCClient greengrassCoreIPCClient = new GreengrassCoreIPCClient(clientConnection);
SubscribeToValidateConfigurationUpdatesRequest subscribe = new SubscribeToValidateConfigurationUpdatesRequest();
greengrassCoreIPCClient.subscribeToValidateConfigurationUpdates(subscribe, Optional.of(new StreamResponseHandler<ValidateConfigurationUpdateEvents>() {
@Override
public void onStreamEvent(ValidateConfigurationUpdateEvents events) {
assertNotNull(events);
assertNotNull(events.getValidateConfigurationUpdateEvent());
assertNotNull(events.getValidateConfigurationUpdateEvent().getConfiguration());
assertThat(events.getValidateConfigurationUpdateEvent().getConfiguration(), IsMapContaining.hasEntry("ConfigKey1", "ConfigValue2"));
eventReceivedByClient.countDown();
SendConfigurationValidityReportRequest reportRequest = new SendConfigurationValidityReportRequest();
ConfigurationValidityReport report = new ConfigurationValidityReport();
report.setStatus(ConfigurationValidityStatus.ACCEPTED);
report.setDeploymentId(events.getValidateConfigurationUpdateEvent().getDeploymentId());
reportRequest.setConfigurationValidityReport(report);
try {
greengrassCoreIPCClient.sendConfigurationValidityReport(reportRequest, Optional.empty()).getResponse().get(10, TimeUnit.SECONDS);
} catch (InterruptedException | ExecutionException | TimeoutException e) {
fail("received invalid update validate configuration event", e);
}
}
@Override
public boolean onStreamError(Throwable error) {
log.atError().log("Received stream error.", error);
return false;
}
@Override
public void onStreamClosed() {
}
}));
assertTrue(subscriptionLatch.await(20, TimeUnit.SECONDS));
// Attempt changing the configuration for the running service
Map<String, Object> newConfig = new HashMap<String, Object>() {
{
put(SERVICES_NAMESPACE_TOPIC, new HashMap<String, Object>() {
{
put("main", kernel.getMain().getServiceConfig().toPOJO());
put("OldService", new HashMap<String, Object>() {
{
put(CONFIGURATION_CONFIG_KEY, new HashMap<String, Object>() {
{
put("ConfigKey1", "ConfigValue2");
}
});
put(SERVICE_LIFECYCLE_NAMESPACE_TOPIC, new HashMap<String, Object>() {
{
put(LIFECYCLE_RUN_NAMESPACE_TOPIC, "echo Running OldService");
}
});
put(VERSION_CONFIG_KEY, DEFAULT_EXISTING_SERVICE_VERSION);
}
});
put(DEFAULT_NUCLEUS_COMPONENT_NAME, getNucleusConfig(kernel));
}
});
}
};
DeploymentResult result = deploymentConfigMerger.mergeInNewConfig(createTestDeployment(), newConfig).get(60, TimeUnit.SECONDS);
assertEquals(DeploymentResult.DeploymentStatus.SUCCESSFUL, result.getDeploymentStatus());
assertTrue(eventReceivedByClient.await(20, TimeUnit.SECONDS));
}
}
use of software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient in project aws-greengrass-nucleus by aws-greengrass.
the class IPCPubSubRemovalTest method GIVEN_pubsubclient_WHEN_authorized_THEN_ACL_child_removed_THEN_updates.
@Test
void GIVEN_pubsubclient_WHEN_authorized_THEN_ACL_child_removed_THEN_updates() throws Exception {
try (EventStreamRPCConnection connection = IPCTestUtils.getEventStreamRpcConnection(kernel, "DoAll1")) {
GreengrassCoreIPCClient ipcClient = new GreengrassCoreIPCClient(connection);
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
Pair<CompletableFuture<Void>, Consumer<byte[]>> cb = asyncAssertOnConsumer((m) -> {
assertEquals("some message", new String(m, StandardCharsets.UTF_8));
});
subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight());
publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message");
cb.getLeft().get(TIMEOUT_FOR_PUBSUB_SECONDS, TimeUnit.SECONDS);
Topics serviceTopic = kernel.findServiceTopic("DoAll1");
Topics parameters = serviceTopic.findTopics(CONFIGURATION_CONFIG_KEY);
Topic acl = parameters.find(ACCESS_CONTROL_NAMESPACE_TOPIC, "aws.greengrass.ipc.pubsub", "policyId5", "operations");
if (acl != null) {
acl.withValue(Collections.emptyList());
}
// Block until events are completed
kernel.getContext().waitForPublishQueueToClear();
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
// Now the authorization policies should have been removed and these should fail
ExecutionException executionException = assertThrows(ExecutionException.class, () -> subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight()));
assertTrue(executionException.getCause() instanceof UnauthorizedError);
ExecutionException executionException1 = assertThrows(ExecutionException.class, () -> publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message"));
assertTrue(executionException1.getCause() instanceof UnauthorizedError);
serviceTopic = kernel.findServiceTopic("DoAll1");
parameters = serviceTopic.findTopics(CONFIGURATION_CONFIG_KEY);
Topics aclTopics = parameters.findTopics(ACCESS_CONTROL_NAMESPACE_TOPIC);
if (aclTopics != null) {
aclTopics.remove();
}
// Block until events are completed
kernel.getContext().waitForPublishQueueToClear();
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
// Now the authorization policies should have been removed and these should fail
executionException = assertThrows(ExecutionException.class, () -> subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight()));
assertTrue(executionException.getCause() instanceof UnauthorizedError);
executionException1 = assertThrows(ExecutionException.class, () -> publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message"));
assertTrue(executionException1.getCause() instanceof UnauthorizedError);
}
}
use of software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient in project aws-greengrass-nucleus by aws-greengrass.
the class IPCPubSubRemovalTest method GIVEN_pubsubclient_WHEN_authorized_THEN_component_removed_via_deployment_THEN_updates.
@Test
void GIVEN_pubsubclient_WHEN_authorized_THEN_component_removed_via_deployment_THEN_updates(ExtensionContext context) throws Exception {
try (EventStreamRPCConnection connection = IPCTestUtils.getEventStreamRpcConnection(kernel, "SubscribeAndPublish")) {
GreengrassCoreIPCClient ipcClient = new GreengrassCoreIPCClient(connection);
Pair<CompletableFuture<Void>, Consumer<byte[]>> cb = asyncAssertOnConsumer((m) -> {
assertEquals("some message", new String(m, StandardCharsets.UTF_8));
}, -1);
Permission policyId1 = Permission.builder().principal("SubscribeAndPublish").operation("*").resource("*").build();
Permission policyId2 = Permission.builder().principal("PublishNotSubscribe").operation("aws.greengrass#PublishToTopic").resource("*").build();
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId2));
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight());
publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message");
cb.getLeft().get(TIMEOUT_FOR_PUBSUB_SECONDS, TimeUnit.SECONDS);
// Remove component SubscribeAndPublish
GreengrassService subscribeAndPublish = kernel.locate("SubscribeAndPublish");
subscribeAndPublish.close().get(1, TimeUnit.MINUTES);
subscribeAndPublish.getConfig().remove();
kernel.getContext().waitForPublishQueueToClear();
assertFalse(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
// GG_NEEDS_REVIEW: TODO: convert all these integ tests to use only recipe merging instead of loading a kernel config file
// Otherwise the removal of "SubscribeAndPublish" also inadvertently results in the "PublishNotSubscribe"
// component (and all other components) and its policies being removed, since it is not part of the deployment.
// Hence the next line is commented out
// assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME,policyId2));
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
// Now the authorization policies should have been removed and these should fail
ExecutionException e = assertThrows(ExecutionException.class, () -> subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight()));
assertTrue(e.getCause() instanceof UnauthorizedError);
e = assertThrows(ExecutionException.class, () -> publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message"));
}
}
use of software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient in project aws-greengrass-nucleus by aws-greengrass.
the class IPCPubSubRemovalTest method GIVEN_pubsubclient_WHEN_authorized_THEN_parameters_child_removed_THEN_updates.
@Test
void GIVEN_pubsubclient_WHEN_authorized_THEN_parameters_child_removed_THEN_updates() throws Exception {
try (EventStreamRPCConnection connection = IPCTestUtils.getEventStreamRpcConnection(kernel, "DoAll2")) {
GreengrassCoreIPCClient ipcClient = new GreengrassCoreIPCClient(connection);
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
Pair<CompletableFuture<Void>, Consumer<byte[]>> cb = asyncAssertOnConsumer((m) -> {
assertEquals("some message", new String(m, StandardCharsets.UTF_8));
});
// this should succeed
subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight());
publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message");
cb.getLeft().get(TIMEOUT_FOR_PUBSUB_SECONDS, TimeUnit.SECONDS);
Topics serviceTopic = kernel.findServiceTopic("DoAll2");
Topics parameters = serviceTopic.findTopics(CONFIGURATION_CONFIG_KEY);
if (parameters != null) {
parameters.remove();
}
// Block until events are completed
kernel.getContext().waitForPublishQueueToClear();
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
// Now the authorization policies should have been removed and these should fail
ExecutionException e = assertThrows(ExecutionException.class, () -> subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight()));
assertTrue(e.getCause() instanceof UnauthorizedError);
e = assertThrows(ExecutionException.class, () -> publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message"));
assertTrue(e.getCause() instanceof UnauthorizedError);
}
}
use of software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient in project aws-greengrass-nucleus by aws-greengrass.
the class IPCPubSubRemovalTest method GIVEN_pubsubclient_WHEN_service_removed_and_added_THEN_fail_and_succeed.
@Test
void GIVEN_pubsubclient_WHEN_service_removed_and_added_THEN_fail_and_succeed() throws Exception {
try (EventStreamRPCConnection connection = IPCTestUtils.getEventStreamRpcConnection(kernel, "SubscribeAndPublish")) {
GreengrassCoreIPCClient ipcClient = new GreengrassCoreIPCClient(connection);
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
Pair<CompletableFuture<Void>, Consumer<byte[]>> cb = asyncAssertOnConsumer((m) -> {
assertEquals("some message", new String(m, StandardCharsets.UTF_8));
}, -1);
Permission policyId1 = Permission.builder().principal("SubscribeAndPublish").operation("*").resource("*").build();
Permission policyId2 = Permission.builder().principal("PublishNotSubscribe").operation("aws.greengrass#PublishToTopic").resource("*").build();
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId2));
subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight());
publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message");
cb.getLeft().get(TIMEOUT_FOR_PUBSUB_SECONDS, TimeUnit.SECONDS);
// Remove the service topic
Topics serviceTopic = kernel.findServiceTopic("SubscribeAndPublish");
if (serviceTopic != null) {
serviceTopic.remove();
}
kernel.getContext().waitForPublishQueueToClear();
assertFalse(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId2));
ExecutionException e = assertThrows(ExecutionException.class, () -> subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight()));
assertTrue(e.getCause() instanceof UnauthorizedError);
e = assertThrows(ExecutionException.class, () -> publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message"));
assertTrue(e.getCause() instanceof UnauthorizedError);
// Reload the kernel with the service and correct authorization policy
kernel.getConfig().read(new URL(IPCPubSubTest.class.getResource("pubsub.yaml").toString()), false);
kernel.getContext().waitForPublishQueueToClear();
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId2));
assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
// now this should succeed
subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight());
publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message");
cb.getLeft().get(TIMEOUT_FOR_PUBSUB_SECONDS, TimeUnit.SECONDS);
}
}
Aggregations