Merge pull request #34 from philips-software/feature/stl

Secure Transport Layer support

Author: loafoe

CHANGELOG.md

@@ -3,6 +3,14 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
+## v0.35.0
+- NEW: Secure Transport Layer (STL) support
+
+## v0.34.4
+- Fix some PKI methods
+- Add IAM token revoke calls
+
+
 ## v0.34.3
 - Remove elastic due to license change
 

README.md

@@ -12,8 +12,11 @@ A HSDP API client enabling Go programs to interact with various HSDP APIs in a s
 The current implement covers only a subset of HSDP APIs. Basically we implement functionality as needed.
 
 - [x] Cartel c.q. Container Host management ([examples](cartel/README.md))
-- [x] IronIO tasks, codes and schedules management ([examples](iron/README.md))
-- [x] PKI services
+- [x] Secure Transport Layer (STL) / Edge 
+  - [x] Device queries
+  - [x] Application Resources management
+  - [x] Device configuration management (firewall, logging)
+- [x] Public Key Infrastructe (PKI) management
 - [x] IAM/IDM management
   - [x] Groups
   - [x] Organizations
@@ -38,14 +41,15 @@ The current implement covers only a subset of HSDP APIs. Basically we implement
 - [x] Telemetry Data Repository (TDR)
   - [x] Contract management
   - [x] Data Item management
-- [x] S3 Credentials Policy management
+- [x] S3Creds Policy management
 - [x] DICOM Store
   - [x] Config management
 - [x] Hosted Application Streaming (HAS) management
-- [x] Configuration
+- [x] Service Discovery
 - [x] Console settings
   - [ ] Metrics Alerts
   - [x] Metrics Autoscalers
+- [x] IronIO tasks, codes and schedules management ([examples](iron/README.md))
 
 ## Usage
 

config/hsdp.json

@@ -41,6 +41,16 @@
         }
       }
     },
+    "dev": {
+      "service": {
+        "stl": {
+          "url": "https://console.na3.hsdp.io/api/stl/user/v1/graphql"
+        },
+        "uaa": {
+          "url": "https://uaa.cloud.phsdp.com"
+        }
+      }
+    },
     "eu-west": {
       "env": {
         "client-test": {
@@ -110,6 +120,9 @@
           "domain": "emea1.phsdp.com",
           "host": "gw-eu1.phsdp.com"
         },
+        "stl": {
+          "url": "https://console.eu1.hsdp.io/api/stl/user/v1/graphql"
+        },
         "uaa": {
           "url": "https://uaa.eu1.phsdp.com"
         }
@@ -195,6 +208,9 @@
             "logging": {
               "url": "https://logingestor2-client-test.us-east.philips-healthsuite.com"
             },
+            "pki": {
+              "url": "https://pki-client-test.us-east.philips-healthsuite.com"
+            },
             "s3creds": {
               "url": "https://s3creds-client-test.us-east.philips-healthsuite.com"
             }
@@ -259,6 +275,9 @@
           "domain": "na1.phsdp.com",
           "host": "gw-na1.phsdp.com"
         },
+        "stl": {
+          "url": "https://console.na1.hsdp.io/api/stl/user/v1/graphql"
+        },
         "uaa": {
           "url": "https://uaa.cloud.pcftest.com"
         }

config/hsdp.toml

@@ -92,6 +92,14 @@ url = "https://console.sa1.hsdp.io"
 [region.apac3.service.console]
 url = "https://console.ap3.hsdp.io"
 
+# Service STL
+[region.dev.service.stl]
+url = "https://console.na3.hsdp.io/api/stl/user/v1/graphql"
+[region.us-east.service.stl]
+url = "https://console.na1.hsdp.io/api/stl/user/v1/graphql"
+[region.eu-west.service.stl]
+url = "https://console.eu1.hsdp.io/api/stl/user/v1/graphql"
+
 # Service UAA
 [region.us-east.service.uaa]
 url = "https://uaa.cloud.pcftest.com"
@@ -101,6 +109,8 @@ url = "https://uaa.eu1.phsdp.com"
 url = "https://uaa.sys.sa1.hsdp.io"
 [region.apac3.service.uaa]
 url = "https://uaa.sys.ap3.hsdp.io"
+[region.dev.service.uaa]
+url = "https://uaa.cloud.phsdp.com"
 
 # Service IAM
 [region.us-east.env.client-test.service.iam]
@@ -229,4 +239,6 @@ url = "https://kibana.ap3.hsdp.io"
 
 # Service PKI
 [region.eu-west.env.client-test.service.pki]
-url = "https://pki-proxy-client-test.eu-west.philips-healthsuite.com"
+url = "https://pki-proxy-client-test.eu-west.philips-healthsuite.com"
+[region.us-east.env.client-test.service.pki]
+url = "https://pki-client-test.us-east.philips-healthsuite.com"

console/client.go

@@ -3,14 +3,13 @@ package console
 
 import (
 	"bytes"
-	"context"
 	"encoding/json"
 	"fmt"
 	"github.com/philips-software/go-hsdp-api/internal"
+	"golang.org/x/oauth2"
 	"io"
 	"io/ioutil"
 	"net/http"
-	"net/http/httputil"
 	"net/url"
 	"os"
 	"strings"
@@ -19,7 +18,6 @@ import (
 
 	validator "github.com/go-playground/validator/v10"
 	"github.com/google/go-querystring/query"
-	"github.com/google/uuid"
 	autoconf "github.com/philips-software/go-hsdp-api/config"
 )
 
@@ -128,7 +126,8 @@ type Client struct {
 
 	Metrics *MetricsService
 
-	debugFile *os.File
+	debugFile  *os.File
+	consoleErr error
 
 	sync.Mutex
 }
@@ -154,25 +153,24 @@ func newClient(httpClient *http.Client, config *Config) (*Client, error) {
 	if config.UAAURL == "" {
 		return nil, ErrUAAURLCannotBeEmpty
 	}
-	if config.BaseConsoleURL == "" {
-		return nil, ErrConsoleURLCannotBeEmpty
-	}
 	c := &Client{client: httpClient, config: config, UserAgent: userAgent}
 	if err := c.SetBaseUAAURL(c.config.UAAURL); err != nil {
 		return nil, err
 	}
 	if err := c.SetBaseConsoleURL(c.config.BaseConsoleURL); err != nil {
-		return nil, err
+		c.consoleErr = err
 	}
-
 	if config.DebugLog != "" {
-		debugFile, err := os.OpenFile(config.DebugLog, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
-		if err != nil {
-			c.debugFile = nil
-		} else {
-			c.debugFile = debugFile
+		var err error
+		c.debugFile, err = os.OpenFile(config.DebugLog, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
+		if err == nil {
+			httpClient.Transport = internal.NewLoggingRoundTripper(httpClient.Transport, c.debugFile)
 		}
 	}
+	header := make(http.Header)
+	header.Set("User-Agent", userAgent)
+	httpClient.Transport = internal.NewHeaderRoundTripper(httpClient.Transport, header)
+
 	c.Metrics = &MetricsService{client: c}
 	c.validate = validator.New()
 	return c, nil
@@ -208,8 +206,8 @@ func (c *Client) HttpClient() *http.Client {
 	return c.client
 }
 
-// Token returns the current token
-func (c *Client) Token() string {
+// Token returns the current token. It also confirms to TokenSource
+func (c *Client) Token() (*oauth2.Token, error) {
 	c.Lock()
 	defer c.Unlock()
 
@@ -218,10 +216,14 @@ func (c *Client) Token() string {
 
 	if expires-now < 60 {
 		if c.TokenRefresh() != nil {
-			return ""
+			return nil, fmt.Errorf("failed to refresh console token")
 		}
 	}
-	return c.token
+	return &oauth2.Token{
+		AccessToken:  c.token,
+		RefreshToken: c.refreshToken,
+		Expiry:       c.expiresAt,
+	}, nil
 }
 
 // TokenRefresh refreshes the accessToken
@@ -320,6 +322,9 @@ func (c *Client) newRequest(endpoint, method, path string, opt interface{}, opti
 		u = *c.baseUAAURL
 		u.Opaque = c.baseUAAURL.Path + path
 	case CONSOLE:
+		if c.consoleErr != nil {
+			return nil, c.consoleErr
+		}
 		u = *c.baseConsoleURL
 		u.Opaque = c.baseConsoleURL.Path + path
 	default:
@@ -371,14 +376,10 @@ func (c *Client) newRequest(endpoint, method, path string, opt interface{}, opti
 
 	switch c.tokenType {
 	case oAuthToken:
-		if token := c.Token(); token != "" {
-			req.Header.Set("Authorization", "Bearer "+c.token)
+		if token, err := c.Token(); err == nil {
+			req.Header.Set("Authorization", "Bearer "+token.AccessToken)
 		}
 	}
-
-	if c.UserAgent != "" {
-		req.Header.Set("User-Agent", c.UserAgent)
-	}
 	return req, nil
 }
 
@@ -401,27 +402,7 @@ func newResponse(r *http.Response) *Response {
 // interface, the raw response body will be written to v, without attempting to
 // first decode it.
 func (c *Client) do(req *http.Request, v interface{}) (*Response, error) {
-	id := uuid.New()
-
-	if c.debugFile != nil {
-		dumped, _ := httputil.DumpRequest(req, true)
-		out := fmt.Sprintf("[go-hsdp-api] --- Request [%s] start ---\n%s\n[go-hsdp-api] --- Request [%s] end ---\n", id, string(dumped), id)
-		if c.debugFile != nil {
-			_, _ = c.debugFile.WriteString(out)
-		} else {
-			fmt.Println(out)
-		}
-	}
 	resp, err := c.client.Do(req)
-	if c.debugFile != nil && resp != nil {
-		dumped, _ := httputil.DumpResponse(resp, true)
-		out := fmt.Sprintf("[go-hsdp-api] --- Response [%s] start ---\n%s\n[go-hsdp-api] --- Response [%s] end ---\n", id, string(dumped), id)
-		if c.debugFile != nil {
-			_, _ = c.debugFile.WriteString(out)
-		} else {
-			fmt.Println(out)
-		}
-	}
 	if err != nil {
 		return nil, err
 	}
@@ -443,14 +424,6 @@ func (c *Client) do(req *http.Request, v interface{}) (*Response, error) {
 	return response, err
 }
 
-// WithContext runs the request with the provided context
-func WithContext(ctx context.Context) OptionFunc {
-	return func(req *http.Request) error {
-		*req = *req.WithContext(ctx)
-		return nil
-	}
-}
-
 // CheckResponse checks the API response for errors, and returns them if present.
 func checkResponse(r *http.Response) error {
 	switch r.StatusCode {

console/client_test.go

@@ -89,7 +89,11 @@ func TestLogin(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	assert.Equal(t, token, client.Token())
+	tk, err := client.Token()
+	if !assert.Nil(t, err) {
+		return
+	}
+	assert.Equal(t, token, tk.AccessToken)
 	assert.Equal(t, refreshToken, client.RefreshToken())
 }
 
@@ -109,7 +113,11 @@ func TestWithLogin(t *testing.T) {
 	if !assert.NotNil(t, c) {
 		return
 	}
-	assert.Equal(t, token, c.Token())
+	tk, err := c.Token()
+	if !assert.Nil(t, err) {
+		return
+	}
+	assert.Equal(t, token, tk.AccessToken)
 	assert.Equal(t, refreshToken, c.RefreshToken())
 }
 
@@ -136,7 +144,9 @@ func TestDebug(t *testing.T) {
 		t.Fatalf("Error: %v", err)
 	}
 	defer client.Close()
-	defer os.Remove(tmpfile.Name()) // clean up
+	defer func() {
+		_ = os.Remove(tmpfile.Name())
+	}() // clean up
 
 	err = client.Login("username", "password")
 	assert.Nil(t, err)
@@ -226,7 +236,11 @@ func TestTokenRefresh(t *testing.T) {
 
 	err = client.TokenRefresh()
 	assert.Nilf(t, err, fmt.Sprintf("Unexpected error: %v", err))
-	assert.Equal(t, newToken, client.Token())
+	tk, err := client.Token()
+	if !assert.Nil(t, err) {
+		return
+	}
+	assert.Equal(t, newToken, tk.AccessToken)
 	assert.Equal(t, newRefreshToken, client.RefreshToken())
 	httpClient := client.HttpClient()
 	assert.NotNil(t, httpClient)

console/login_test.go

@@ -20,7 +20,11 @@ func TestSetToken(t *testing.T) {
 	}
 	token := "MyToken"
 	token2 := "TokenMy"
-	assert.Equal(t, token, client.SetToken(token).Token())
+	tk, err := client.SetToken(token).Token()
+	if !assert.Nil(t, err) {
+		return
+	}
+	assert.Equal(t, token, tk.AccessToken)
 	client.SetTokens(token, token2, token, time.Now().Add(10*time.Minute).Unix())
 	assert.Equal(t, token2, client.RefreshToken())
 }

go.mod

@@ -8,10 +8,14 @@ require (
 	github.com/go-playground/validator/v10 v10.4.1
 	github.com/google/fhir/go v0.0.0-20201203001644-a2580b6ea022
 	github.com/google/go-querystring v1.0.0
-	github.com/google/uuid v1.1.1
+	github.com/google/uuid v1.2.0
+	github.com/hasura/go-graphql-client v0.2.0 // indirect
+	github.com/klauspost/compress v1.11.7 // indirect
 	github.com/philips-software/go-hsdp-signer v1.3.0
 	github.com/stretchr/testify v1.5.1
 	golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9 // indirect
+	golang.org/x/net v0.0.0-20210119194325-5f4716e94777 // indirect
+	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
 	golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	gopkg.in/yaml.v2 v2.3.0 // indirect