add: ocm spec appendix C compliance

@glpatcern recommendations
moved types to spec.go
used directory urls instead of a file

Signed-off-by: Mahdi Baghbani <mahdi-baghbani@azadehafzar.io>

Author: MahdiBaghbani

internal/http/services/ocmd/client.go

@@ -114,3 +114,29 @@ func (c *OCMClient) discover(ctx context.Context, url string) ([]byte, error) {
 	}
 	return body, nil
 }
+
+// GetDirectoryService fetches a directory service listing from the given URL per OCM spec Appendix C.
+func (c *OCMClient) GetDirectoryService(ctx context.Context, directoryURL string) (*DirectoryService, error) {
+	log := appctx.GetLogger(ctx)
+
+	// TODO(@MahdiBaghbani): the discover() should be changed into a generic function that can be used to fetch any OCM endpoint. I'll do it in the security PR to minimize conflicts.
+	body, err := c.discover(ctx, directoryURL)
+	if err != nil {
+		return nil, errors.Wrap(err, "error fetching directory service")
+	}
+
+	var dirService DirectoryService
+	if err := json.Unmarshal(body, &dirService); err != nil {
+		log.Warn().Err(err).Str("url", directoryURL).Str("response", string(body)).Msg("malformed directory service response")
+		return nil, errors.Wrap(err, "invalid directory service payload")
+	}
+
+	// Validate required fields
+	if dirService.Federation == "" {
+		return nil, errtypes.InternalError("directory service missing required 'federation' field")
+	}
+	// Servers can be empty array, that's valid
+
+	log.Debug().Str("url", directoryURL).Str("federation", dirService.Federation).Int("servers", len(dirService.Servers)).Msg("fetched directory service")
+	return &dirService, nil
+}

internal/http/services/ocmd/spec.go

@@ -0,0 +1,33 @@
+// Copyright 2025 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+package ocmd
+
+// DirectoryService represents a directory service listing per OCM spec Appendix C.
+type DirectoryService struct {
+	Federation string                   `json:"federation"`
+	Servers    []DirectoryServiceServer `json:"servers"`
+}
+
+// DirectoryServiceServer represents a single OCM server in a directory service.
+type DirectoryServiceServer struct {
+	DisplayName string `json:"displayName"`
+	URL         string `json:"url"`
+	// Added after discovery, not in raw response
+	InviteAcceptDialog string `json:"inviteAcceptDialog,omitempty"`
+}

internal/http/services/sciencemesh/sciencemesh.go

@@ -60,15 +60,15 @@ func (s *svc) Close() error {
 }
 
 type config struct {
-	Prefix            string       `mapstructure:"prefix"`
-	GatewaySvc        string       `mapstructure:"gatewaysvc"         validate:"required"`
-	ProviderDomain    string       `mapstructure:"provider_domain"    validate:"required"`
-	MeshDirectoryURL  string       `mapstructure:"mesh_directory_url"`
-	OCMMountPoint     string       `mapstructure:"ocm_mount_point"`
-	FederationsFile   string       `mapstructure:"federations_file"`
-	OCMClientTimeout  int          `mapstructure:"ocm_client_timeout"`
-	OCMClientInsecure bool         `mapstructure:"ocm_client_insecure"`
-	Events            EventOptions `mapstructure:"events"`
+	Prefix               string       `mapstructure:"prefix"`
+	GatewaySvc           string       `mapstructure:"gatewaysvc"         validate:"required"`
+	ProviderDomain       string       `mapstructure:"provider_domain"    validate:"required"`
+	MeshDirectoryURL     string       `mapstructure:"mesh_directory_url"`
+	OCMMountPoint        string       `mapstructure:"ocm_mount_point"`
+	DirectoryServiceURLs string       `mapstructure:"directory_service_urls"`
+	OCMClientTimeout     int          `mapstructure:"ocm_client_timeout"`
+	OCMClientInsecure    bool         `mapstructure:"ocm_client_insecure"`
+	Events               EventOptions `mapstructure:"events"`
 }
 
 // EventOptions are the configurable options for events
@@ -89,9 +89,6 @@ func (c *config) ApplyDefaults() {
 	if c.OCMMountPoint == "" {
 		c.OCMMountPoint = "/ocm"
 	}
-	if c.FederationsFile == "" {
-		c.FederationsFile = "/etc/revad/federations.json"
-	}
 	if c.OCMClientTimeout == 0 {
 		c.OCMClientTimeout = 10
 	}

internal/http/services/sciencemesh/wayf.go

@@ -24,7 +24,6 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
-	"os"
 	"strings"
 	"time"
 
@@ -34,31 +33,8 @@ import (
 )
 
 type wayfHandler struct {
-	federations []Federation
-	ocmClient   *ocmd.OCMClient
-}
-
-type Federation struct {
-	Federation string             `json:"federation"`
-	Servers    []FederationServer `json:"servers"`
-}
-
-// FederationServer represents a single provider with discovery info
-type FederationServer struct {
-	DisplayName        string `json:"displayName"`
-	URL                string `json:"url"`
-	InviteAcceptDialog string `json:"inviteAcceptDialog,omitempty"`
-}
-
-// federationFile is the on-disk structure without inviteAcceptDialog
-type federationFile struct {
-	Federation string                 `json:"federation"`
-	Servers    []federationServerFile `json:"servers"`
-}
-
-type federationServerFile struct {
-	DisplayName string `json:"displayName"`
-	URL         string `json:"url"`
+	directoryServices []ocmd.DirectoryService
+	ocmClient         *ocmd.OCMClient
 }
 
 type DiscoverRequest struct {
@@ -79,55 +55,52 @@ func (h *wayfHandler) init(c *config) error {
 		Bool("insecure", c.OCMClientInsecure).
 		Msg("Created OCM client for discovery")
 
-	log.Debug().Str("file", c.FederationsFile).Msg("Initializing WAYF handler with federations file")
-
-	data, err := os.ReadFile(c.FederationsFile)
-	if err != nil {
-		if os.IsNotExist(err) {
-			log.Warn().Str("file", c.FederationsFile).Msg("Federations file not found, starting with empty list")
-			h.federations = []Federation{}
-			return nil
-		}
-		log.Error().Err(err).Str("file", c.FederationsFile).Msg("Failed to read federations file")
-		return err
-	}
-
-	var fileData []federationFile
-	if err := json.Unmarshal(data, &fileData); err != nil {
-		log.Error().Err(err).Str("file", c.FederationsFile).Msg("Failed to parse federations file")
-		return err
+	urls := strings.Fields(c.DirectoryServiceURLs)
+	if len(urls) == 0 {
+		log.Info().Msg("No directory service URLs configured, starting with empty list")
+		h.directoryServices = []ocmd.DirectoryService{}
+		return nil
 	}
 
-	log.Debug().Int("federations_count", len(fileData)).Msg("Loaded federations from file")
+	log.Debug().Int("url_count", len(urls)).Strs("urls", urls).Msg("Initializing WAYF handler with directory service URLs")
 
 	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
 	defer cancel()
 
-	// Discover each server and populate inviteAcceptDialog
-	h.federations = []Federation{}
+	h.directoryServices = []ocmd.DirectoryService{}
 	discoveryErrors := 0
 	validServersCount := 0
+	fetchErrors := 0
+
+	for _, directoryURL := range urls {
+		log.Debug().Str("url", directoryURL).Msg("Fetching directory service")
+
+		directoryService, err := h.ocmClient.GetDirectoryService(ctx, directoryURL)
+		if err != nil {
+			log.Info().Err(err).Str("url", directoryURL).Msg("Failed to fetch directory service, skipping")
+			fetchErrors++
+			continue
+		}
 
-	for _, fed := range fileData {
-		log.Debug().Str("federation", fed.Federation).Int("servers_count", len(fed.Servers)).Msg("Processing federation")
-		var validServers []FederationServer
+		log.Debug().Str("federation", directoryService.Federation).Int("servers_count", len(directoryService.Servers)).Msg("Processing directory service")
 
-		for _, srv := range fed.Servers {
+		var validServers []ocmd.DirectoryServiceServer
+		for _, srv := range directoryService.Servers {
 			if srv.DisplayName == "" || srv.URL == "" {
-				log.Debug().Str("federation", fed.Federation).
+				log.Debug().Str("federation", directoryService.Federation).
 					Str("displayName", srv.DisplayName).
 					Str("url", srv.URL).
 					Msg("Skipping server with missing displayName or url")
 				continue
 			}
 
-			log.Debug().Str("federation", fed.Federation).Str("server", srv.DisplayName).Str("url", srv.URL).Msg("Discovering server")
+			log.Debug().Str("federation", directoryService.Federation).Str("server", srv.DisplayName).Str("url", srv.URL).Msg("Discovering server")
 
 			// Discover inviteAcceptDialog from OCM endpoint
 			disco, err := h.ocmClient.Discover(ctx, srv.URL)
 			if err != nil {
-				log.Warn().Err(err).
-					Str("federation", fed.Federation).
+				log.Debug().Err(err).
+					Str("federation", directoryService.Federation).
 					Str("server", srv.DisplayName).
 					Str("url", srv.URL).
 					Msg("Failed to discover server, skipping")
@@ -144,43 +117,44 @@ func (h *wayfHandler) init(c *config) error {
 					inviteDialog = baseURL.Scheme + "://" + baseURL.Host + inviteDialog
 					log.Debug().Str("original", disco.InviteAcceptDialog).Str("converted", inviteDialog).Msg("Converted relative path to absolute")
 				} else {
-					log.Warn().Err(parseErr).
+					log.Debug().Err(parseErr).
 						Str("url", srv.URL).
 						Str("inviteDialog", disco.InviteAcceptDialog).
 						Msg("Failed to parse server URL for relative path conversion")
 					continue
 				}
 			}
 
-			validServers = append(validServers, FederationServer{
+			validServers = append(validServers, ocmd.DirectoryServiceServer{
 				DisplayName:        srv.DisplayName,
 				URL:                srv.URL,
 				InviteAcceptDialog: inviteDialog,
 			})
 			validServersCount++
 
 			log.Debug().
-				Str("federation", fed.Federation).
+				Str("federation", directoryService.Federation).
 				Str("server", srv.DisplayName).
 				Str("inviteAcceptDialog", inviteDialog).
 				Msg("Successfully discovered server")
 		}
 
 		if len(validServers) > 0 {
-			h.federations = append(h.federations, Federation{
-				Federation: fed.Federation,
+			h.directoryServices = append(h.directoryServices, ocmd.DirectoryService{
+				Federation: directoryService.Federation,
 				Servers:    validServers,
 			})
-			log.Debug().Str("federation", fed.Federation).Int("valid_servers", len(validServers)).Msg("Added federation with valid servers")
+			log.Debug().Str("federation", directoryService.Federation).Int("valid_servers", len(validServers)).Msg("Added directory service with valid servers")
 		} else {
-			log.Warn().Str("federation", fed.Federation).
-				Msg("Federation has no valid servers, skipping entirely")
+			log.Info().Str("federation", directoryService.Federation).
+				Msg("Directory service has no valid servers, skipping entirely")
 		}
 	}
 
 	log.Info().
-		Int("federations", len(h.federations)).
+		Int("directory_services", len(h.directoryServices)).
 		Int("valid_servers", validServersCount).
+		Int("fetch_errors", fetchErrors).
 		Int("discovery_errors", discoveryErrors).
 		Msg("WAYF handler initialization completed")
 
@@ -191,7 +165,7 @@ func (h *wayfHandler) GetFederations(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 
-	if err := json.NewEncoder(w).Encode(h.federations); err != nil {
+	if err := json.NewEncoder(w).Encode(h.directoryServices); err != nil {
 		reqres.WriteError(w, r, reqres.APIErrorServerError, "error encoding response", err)
 		return
 	}
@@ -226,7 +200,7 @@ func (h *wayfHandler) DiscoverProvider(w http.ResponseWriter, r *http.Request) {
 	log.Debug().Str("domain", domain).Msg("Attempting OCM discovery")
 	disco, err := h.ocmClient.Discover(ctx, domain)
 	if err != nil {
-		log.Warn().Err(err).Str("domain", domain).Msg("Discovery failed")
+		log.Info().Err(err).Str("domain", domain).Msg("Discovery failed")
 		reqres.WriteError(w, r, reqres.APIErrorNotFound,
 			fmt.Sprintf("Provider at '%s' does not support OCM discovery", req.Domain), err)
 		return