Search in sources :

Example 1 with GreengrassCoreIPCClient

use of software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient in project aws-greengrass-nucleus by aws-greengrass.

the class DynamicComponentConfigurationValidationTest method GIVEN_deployment_changes_component_config_WHEN_component_validates_config_THEN_deployment_is_successful.

@Test
void GIVEN_deployment_changes_component_config_WHEN_component_validates_config_THEN_deployment_is_successful() throws Throwable {
    LogConfig.getRootLogConfig().setLevel(Level.DEBUG);
    // Subscribe to config validation on behalf of the running service
    CountDownLatch eventReceivedByClient = new CountDownLatch(1);
    Topics servicePrivateConfig = kernel.getConfig().findTopics(SERVICES_NAMESPACE_TOPIC, "OldService", PRIVATE_STORE_NAMESPACE_TOPIC);
    String authToken = Coerce.toString(servicePrivateConfig.find(SERVICE_UNIQUE_ID_KEY));
    CountDownLatch subscriptionLatch = new CountDownLatch(1);
    try (EventStreamRPCConnection clientConnection = IPCTestUtils.connectToGGCOverEventStreamIPC(socketOptions, authToken, kernel);
        AutoCloseable l = TestUtils.createCloseableLogListener(m -> {
            if (m.getMessage().contains("Config IPC subscribe to config validation request")) {
                subscriptionLatch.countDown();
            }
        })) {
        GreengrassCoreIPCClient greengrassCoreIPCClient = new GreengrassCoreIPCClient(clientConnection);
        SubscribeToValidateConfigurationUpdatesRequest subscribe = new SubscribeToValidateConfigurationUpdatesRequest();
        greengrassCoreIPCClient.subscribeToValidateConfigurationUpdates(subscribe, Optional.of(new StreamResponseHandler<ValidateConfigurationUpdateEvents>() {

            @Override
            public void onStreamEvent(ValidateConfigurationUpdateEvents events) {
                assertNotNull(events);
                assertNotNull(events.getValidateConfigurationUpdateEvent());
                assertNotNull(events.getValidateConfigurationUpdateEvent().getConfiguration());
                assertThat(events.getValidateConfigurationUpdateEvent().getConfiguration(), IsMapContaining.hasEntry("ConfigKey1", "ConfigValue2"));
                eventReceivedByClient.countDown();
                SendConfigurationValidityReportRequest reportRequest = new SendConfigurationValidityReportRequest();
                ConfigurationValidityReport report = new ConfigurationValidityReport();
                report.setStatus(ConfigurationValidityStatus.ACCEPTED);
                report.setDeploymentId(events.getValidateConfigurationUpdateEvent().getDeploymentId());
                reportRequest.setConfigurationValidityReport(report);
                try {
                    greengrassCoreIPCClient.sendConfigurationValidityReport(reportRequest, Optional.empty()).getResponse().get(10, TimeUnit.SECONDS);
                } catch (InterruptedException | ExecutionException | TimeoutException e) {
                    fail("received invalid update validate configuration event", e);
                }
            }

            @Override
            public boolean onStreamError(Throwable error) {
                log.atError().log("Received stream error.", error);
                return false;
            }

            @Override
            public void onStreamClosed() {
            }
        }));
        assertTrue(subscriptionLatch.await(20, TimeUnit.SECONDS));
        // Attempt changing the configuration for the running service
        Map<String, Object> newConfig = new HashMap<String, Object>() {

            {
                put(SERVICES_NAMESPACE_TOPIC, new HashMap<String, Object>() {

                    {
                        put("main", kernel.getMain().getServiceConfig().toPOJO());
                        put("OldService", new HashMap<String, Object>() {

                            {
                                put(CONFIGURATION_CONFIG_KEY, new HashMap<String, Object>() {

                                    {
                                        put("ConfigKey1", "ConfigValue2");
                                    }
                                });
                                put(SERVICE_LIFECYCLE_NAMESPACE_TOPIC, new HashMap<String, Object>() {

                                    {
                                        put(LIFECYCLE_RUN_NAMESPACE_TOPIC, "echo Running OldService");
                                    }
                                });
                                put(VERSION_CONFIG_KEY, DEFAULT_EXISTING_SERVICE_VERSION);
                            }
                        });
                        put(DEFAULT_NUCLEUS_COMPONENT_NAME, getNucleusConfig(kernel));
                    }
                });
            }
        };
        DeploymentResult result = deploymentConfigMerger.mergeInNewConfig(createTestDeployment(), newConfig).get(60, TimeUnit.SECONDS);
        assertEquals(DeploymentResult.DeploymentStatus.SUCCESSFUL, result.getDeploymentStatus());
        assertTrue(eventReceivedByClient.await(20, TimeUnit.SECONDS));
    }
}
Also used : Topics(com.aws.greengrass.config.Topics) ValidateConfigurationUpdateEvents(software.amazon.awssdk.aws.greengrass.model.ValidateConfigurationUpdateEvents) SubscribeToValidateConfigurationUpdatesRequest(software.amazon.awssdk.aws.greengrass.model.SubscribeToValidateConfigurationUpdatesRequest) HashMap(java.util.HashMap) EventStreamRPCConnection(software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection) StreamResponseHandler(software.amazon.awssdk.eventstreamrpc.StreamResponseHandler) SendConfigurationValidityReportRequest(software.amazon.awssdk.aws.greengrass.model.SendConfigurationValidityReportRequest) DeploymentResult(com.aws.greengrass.deployment.model.DeploymentResult) CountDownLatch(java.util.concurrent.CountDownLatch) GreengrassCoreIPCClient(software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient) ExecutionException(java.util.concurrent.ExecutionException) ConfigurationValidityReport(software.amazon.awssdk.aws.greengrass.model.ConfigurationValidityReport) TimeoutException(java.util.concurrent.TimeoutException) Test(org.junit.jupiter.api.Test)

Example 2 with GreengrassCoreIPCClient

use of software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient in project aws-greengrass-nucleus by aws-greengrass.

the class IPCPubSubRemovalTest method GIVEN_pubsubclient_WHEN_authorized_THEN_ACL_child_removed_THEN_updates.

@Test
void GIVEN_pubsubclient_WHEN_authorized_THEN_ACL_child_removed_THEN_updates() throws Exception {
    try (EventStreamRPCConnection connection = IPCTestUtils.getEventStreamRpcConnection(kernel, "DoAll1")) {
        GreengrassCoreIPCClient ipcClient = new GreengrassCoreIPCClient(connection);
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
        Pair<CompletableFuture<Void>, Consumer<byte[]>> cb = asyncAssertOnConsumer((m) -> {
            assertEquals("some message", new String(m, StandardCharsets.UTF_8));
        });
        subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight());
        publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message");
        cb.getLeft().get(TIMEOUT_FOR_PUBSUB_SECONDS, TimeUnit.SECONDS);
        Topics serviceTopic = kernel.findServiceTopic("DoAll1");
        Topics parameters = serviceTopic.findTopics(CONFIGURATION_CONFIG_KEY);
        Topic acl = parameters.find(ACCESS_CONTROL_NAMESPACE_TOPIC, "aws.greengrass.ipc.pubsub", "policyId5", "operations");
        if (acl != null) {
            acl.withValue(Collections.emptyList());
        }
        // Block until events are completed
        kernel.getContext().waitForPublishQueueToClear();
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
        // Now the authorization policies should have been removed and these should fail
        ExecutionException executionException = assertThrows(ExecutionException.class, () -> subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight()));
        assertTrue(executionException.getCause() instanceof UnauthorizedError);
        ExecutionException executionException1 = assertThrows(ExecutionException.class, () -> publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message"));
        assertTrue(executionException1.getCause() instanceof UnauthorizedError);
        serviceTopic = kernel.findServiceTopic("DoAll1");
        parameters = serviceTopic.findTopics(CONFIGURATION_CONFIG_KEY);
        Topics aclTopics = parameters.findTopics(ACCESS_CONTROL_NAMESPACE_TOPIC);
        if (aclTopics != null) {
            aclTopics.remove();
        }
        // Block until events are completed
        kernel.getContext().waitForPublishQueueToClear();
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
        // Now the authorization policies should have been removed and these should fail
        executionException = assertThrows(ExecutionException.class, () -> subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight()));
        assertTrue(executionException.getCause() instanceof UnauthorizedError);
        executionException1 = assertThrows(ExecutionException.class, () -> publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message"));
        assertTrue(executionException1.getCause() instanceof UnauthorizedError);
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) Topics(com.aws.greengrass.config.Topics) TestUtils.asyncAssertOnConsumer(com.aws.greengrass.testcommons.testutilities.TestUtils.asyncAssertOnConsumer) Consumer(java.util.function.Consumer) GreengrassCoreIPCClient(software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient) EventStreamRPCConnection(software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection) Topic(com.aws.greengrass.config.Topic) ExecutionException(java.util.concurrent.ExecutionException) UnauthorizedError(software.amazon.awssdk.aws.greengrass.model.UnauthorizedError) Test(org.junit.jupiter.api.Test)

Example 3 with GreengrassCoreIPCClient

use of software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient in project aws-greengrass-nucleus by aws-greengrass.

the class IPCPubSubRemovalTest method GIVEN_pubsubclient_WHEN_authorized_THEN_component_removed_via_deployment_THEN_updates.

@Test
void GIVEN_pubsubclient_WHEN_authorized_THEN_component_removed_via_deployment_THEN_updates(ExtensionContext context) throws Exception {
    try (EventStreamRPCConnection connection = IPCTestUtils.getEventStreamRpcConnection(kernel, "SubscribeAndPublish")) {
        GreengrassCoreIPCClient ipcClient = new GreengrassCoreIPCClient(connection);
        Pair<CompletableFuture<Void>, Consumer<byte[]>> cb = asyncAssertOnConsumer((m) -> {
            assertEquals("some message", new String(m, StandardCharsets.UTF_8));
        }, -1);
        Permission policyId1 = Permission.builder().principal("SubscribeAndPublish").operation("*").resource("*").build();
        Permission policyId2 = Permission.builder().principal("PublishNotSubscribe").operation("aws.greengrass#PublishToTopic").resource("*").build();
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId2));
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
        subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight());
        publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message");
        cb.getLeft().get(TIMEOUT_FOR_PUBSUB_SECONDS, TimeUnit.SECONDS);
        // Remove component SubscribeAndPublish
        GreengrassService subscribeAndPublish = kernel.locate("SubscribeAndPublish");
        subscribeAndPublish.close().get(1, TimeUnit.MINUTES);
        subscribeAndPublish.getConfig().remove();
        kernel.getContext().waitForPublishQueueToClear();
        assertFalse(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
        // GG_NEEDS_REVIEW: TODO: convert all these integ tests to use only recipe merging instead of loading a kernel config file
        // Otherwise the removal of "SubscribeAndPublish" also inadvertently results in the "PublishNotSubscribe"
        // component (and all other components) and its policies being removed, since it is not part of the deployment.
        // Hence the next line is commented out
        // assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME,policyId2));
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
        // Now the authorization policies should have been removed and these should fail
        ExecutionException e = assertThrows(ExecutionException.class, () -> subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight()));
        assertTrue(e.getCause() instanceof UnauthorizedError);
        e = assertThrows(ExecutionException.class, () -> publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message"));
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) TestUtils.asyncAssertOnConsumer(com.aws.greengrass.testcommons.testutilities.TestUtils.asyncAssertOnConsumer) Consumer(java.util.function.Consumer) GreengrassService(com.aws.greengrass.lifecyclemanager.GreengrassService) GreengrassCoreIPCClient(software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient) EventStreamRPCConnection(software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection) Permission(com.aws.greengrass.authorization.Permission) ExecutionException(java.util.concurrent.ExecutionException) UnauthorizedError(software.amazon.awssdk.aws.greengrass.model.UnauthorizedError) Test(org.junit.jupiter.api.Test)

Example 4 with GreengrassCoreIPCClient

use of software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient in project aws-greengrass-nucleus by aws-greengrass.

the class IPCPubSubRemovalTest method GIVEN_pubsubclient_WHEN_authorized_THEN_parameters_child_removed_THEN_updates.

@Test
void GIVEN_pubsubclient_WHEN_authorized_THEN_parameters_child_removed_THEN_updates() throws Exception {
    try (EventStreamRPCConnection connection = IPCTestUtils.getEventStreamRpcConnection(kernel, "DoAll2")) {
        GreengrassCoreIPCClient ipcClient = new GreengrassCoreIPCClient(connection);
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
        Pair<CompletableFuture<Void>, Consumer<byte[]>> cb = asyncAssertOnConsumer((m) -> {
            assertEquals("some message", new String(m, StandardCharsets.UTF_8));
        });
        // this should succeed
        subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight());
        publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message");
        cb.getLeft().get(TIMEOUT_FOR_PUBSUB_SECONDS, TimeUnit.SECONDS);
        Topics serviceTopic = kernel.findServiceTopic("DoAll2");
        Topics parameters = serviceTopic.findTopics(CONFIGURATION_CONFIG_KEY);
        if (parameters != null) {
            parameters.remove();
        }
        // Block until events are completed
        kernel.getContext().waitForPublishQueueToClear();
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
        // Now the authorization policies should have been removed and these should fail
        ExecutionException e = assertThrows(ExecutionException.class, () -> subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight()));
        assertTrue(e.getCause() instanceof UnauthorizedError);
        e = assertThrows(ExecutionException.class, () -> publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message"));
        assertTrue(e.getCause() instanceof UnauthorizedError);
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) Topics(com.aws.greengrass.config.Topics) TestUtils.asyncAssertOnConsumer(com.aws.greengrass.testcommons.testutilities.TestUtils.asyncAssertOnConsumer) Consumer(java.util.function.Consumer) GreengrassCoreIPCClient(software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient) EventStreamRPCConnection(software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection) ExecutionException(java.util.concurrent.ExecutionException) UnauthorizedError(software.amazon.awssdk.aws.greengrass.model.UnauthorizedError) Test(org.junit.jupiter.api.Test)

Example 5 with GreengrassCoreIPCClient

use of software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient in project aws-greengrass-nucleus by aws-greengrass.

the class IPCPubSubRemovalTest method GIVEN_pubsubclient_WHEN_service_removed_and_added_THEN_fail_and_succeed.

@Test
void GIVEN_pubsubclient_WHEN_service_removed_and_added_THEN_fail_and_succeed() throws Exception {
    try (EventStreamRPCConnection connection = IPCTestUtils.getEventStreamRpcConnection(kernel, "SubscribeAndPublish")) {
        GreengrassCoreIPCClient ipcClient = new GreengrassCoreIPCClient(connection);
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
        Pair<CompletableFuture<Void>, Consumer<byte[]>> cb = asyncAssertOnConsumer((m) -> {
            assertEquals("some message", new String(m, StandardCharsets.UTF_8));
        }, -1);
        Permission policyId1 = Permission.builder().principal("SubscribeAndPublish").operation("*").resource("*").build();
        Permission policyId2 = Permission.builder().principal("PublishNotSubscribe").operation("aws.greengrass#PublishToTopic").resource("*").build();
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId2));
        subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight());
        publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message");
        cb.getLeft().get(TIMEOUT_FOR_PUBSUB_SECONDS, TimeUnit.SECONDS);
        // Remove the service topic
        Topics serviceTopic = kernel.findServiceTopic("SubscribeAndPublish");
        if (serviceTopic != null) {
            serviceTopic.remove();
        }
        kernel.getContext().waitForPublishQueueToClear();
        assertFalse(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId2));
        ExecutionException e = assertThrows(ExecutionException.class, () -> subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight()));
        assertTrue(e.getCause() instanceof UnauthorizedError);
        e = assertThrows(ExecutionException.class, () -> publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message"));
        assertTrue(e.getCause() instanceof UnauthorizedError);
        // Reload the kernel with the service and correct authorization policy
        kernel.getConfig().read(new URL(IPCPubSubTest.class.getResource("pubsub.yaml").toString()), false);
        kernel.getContext().waitForPublishQueueToClear();
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId2));
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
        // now this should succeed
        subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight());
        publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message");
        cb.getLeft().get(TIMEOUT_FOR_PUBSUB_SECONDS, TimeUnit.SECONDS);
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) Topics(com.aws.greengrass.config.Topics) TestUtils.asyncAssertOnConsumer(com.aws.greengrass.testcommons.testutilities.TestUtils.asyncAssertOnConsumer) Consumer(java.util.function.Consumer) GreengrassCoreIPCClient(software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient) EventStreamRPCConnection(software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection) Permission(com.aws.greengrass.authorization.Permission) ExecutionException(java.util.concurrent.ExecutionException) UnauthorizedError(software.amazon.awssdk.aws.greengrass.model.UnauthorizedError) URL(java.net.URL) Test(org.junit.jupiter.api.Test)

Aggregations

GreengrassCoreIPCClient (software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient)38 Test (org.junit.jupiter.api.Test)32 EventStreamRPCConnection (software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection)27 ExecutionException (java.util.concurrent.ExecutionException)21 CountDownLatch (java.util.concurrent.CountDownLatch)17 CompletableFuture (java.util.concurrent.CompletableFuture)12 UnauthorizedError (software.amazon.awssdk.aws.greengrass.model.UnauthorizedError)12 Topics (com.aws.greengrass.config.Topics)10 Consumer (java.util.function.Consumer)10 IOException (java.io.IOException)8 SocketOptions (software.amazon.awssdk.crt.io.SocketOptions)8 TestUtils.asyncAssertOnConsumer (com.aws.greengrass.testcommons.testutilities.TestUtils.asyncAssertOnConsumer)6 ComponentUpdatePolicyEvents (software.amazon.awssdk.aws.greengrass.model.ComponentUpdatePolicyEvents)6 DeferComponentUpdateRequest (software.amazon.awssdk.aws.greengrass.model.DeferComponentUpdateRequest)6 SubscribeToComponentUpdatesRequest (software.amazon.awssdk.aws.greengrass.model.SubscribeToComponentUpdatesRequest)6 StreamResponseHandler (software.amazon.awssdk.eventstreamrpc.StreamResponseHandler)6 HashMap (java.util.HashMap)5 TimeoutException (java.util.concurrent.TimeoutException)5 Matchers.containsString (org.hamcrest.Matchers.containsString)5 DeploymentResult (com.aws.greengrass.deployment.model.DeploymentResult)4