diff --git a/modules/sc-mesh-secure-deployment/src/nats/comms_nats_controller.py b/modules/sc-mesh-secure-deployment/src/nats/comms_nats_controller.py index 68ac3fded..75566d6f6 100644 --- a/modules/sc-mesh-secure-deployment/src/nats/comms_nats_controller.py +++ b/modules/sc-mesh-secure-deployment/src/nats/comms_nats_controller.py @@ -98,6 +98,9 @@ def __init__( self.__previous_debug_config: Optional[ str ] = self.__read_debug_config_from_file() + self.__previous_config_utm: Optional[str] = self.__read_config_from_file( + ConfigType.UTM_CONFIG.value + ) self.__mesh_conf_request_processed = False self.__comms_ctrl: comms_controller.CommsController = comms_ctrl self.logger: logging = self.__comms_ctrl.logger.getChild("mdm_agent") @@ -179,6 +182,8 @@ def __init__( StatusType.UPLOAD_CERTIFICATES.value: "OK" if self.__certs_uploaded else "FAIL", + #StatusType.DOWNLOAD_DEBUG_CONFIG.value: "FAIL", + StatusType.DOWNLOAD_UTM_CONFIG.value: "FAIL", } self.__config_status_mapping = { @@ -187,6 +192,8 @@ def __init__( ConfigType.BIRTH_CERTIFICATE: StatusType.DOWNLOAD_CERTIFICATES, ConfigType.LOWER_CERTIFICATE: StatusType.DOWNLOAD_CERTIFICATES, ConfigType.UPPER_CERTIFICATE: StatusType.DOWNLOAD_CERTIFICATES, + #ConfigType.DEBUG_CONFIG: StatusType.DOWNLOAD_DEBUG_CONFIG, + ConfigType.UTM_CONFIG: StatusType.DOWNLOAD_UTM_CONFIG, } try: @@ -314,7 +321,8 @@ async def execute(self) -> None: ): # Restart CBMA with new certificates self.stop_cbma() - self.setup_cbma() + if self.__is_cbma_feature_enabled(): + self.setup_cbma() if ( self.__status[StatusType.DOWNLOAD_CERTIFICATES.value] == "FAIL" @@ -329,6 +337,7 @@ async def execute(self) -> None: elif self.mdm_service_available: await self.__loop_run_executor(self.executor, ConfigType.FEATURES) await self.__loop_run_executor(self.executor, ConfigType.MESH_CONFIG) + await self.__loop_run_executor(self.executor, ConfigType.UTM_CONFIG) if self.__mesh_conf_request_processed: await self.__loop_run_executor( self.executor, ConfigType.DEBUG_CONFIG @@ -464,12 +473,49 @@ def __action_certificates( return "FAIL" return "OK" + def __action_utm_configuration(self, response: requests.Response) -> str: + """ + Take utm configuration into use + :param response: https response + :return: status + """ + + config: dict = json.loads(response.text) + + if self.__previous_config_utm is not None: + self.logger.debug( + f"config: {config} previous: {json.loads(self.__previous_config_utm)}" + ) + + if json.loads(self.__previous_config_utm) == config: + self.logger.debug( + "No changes in UTM config, not updating." + ) + return "OK" + + self.logger.debug("No previous UTM config") + + self.__config_version = int(config["version"]) + self.__write_config_to_file(response, ConfigType.UTM_CONFIG.value) + + self.__previous_config_utm = self.__read_config_from_file( + ConfigType.UTM_CONFIG.value + ) + + return "OK" + + def __action_radio_configuration(self, response: requests.Response) -> str: """ Take radio configuration into use :param response: https response :return: status """ + + # we do not need it for UTM branch + # so just skip this step and return OK status + return "OK" + config: dict = json.loads(response.text) if self.__previous_config_mesh is not None: @@ -613,6 +659,11 @@ def __handle_received_config( ret = self.__action_feature_yaml(response) return ret + # UTM configuration actions + if config.value == ConfigType.UTM_CONFIG.value: + ret = self.__action_utm_configuration(response) + return ret + @staticmethod def __read_config_from_file(config: str) -> Optional[str]: """ @@ -1283,8 +1334,22 @@ def __validate_response( self.logger.error( "Debug config field not found in config" ) + elif config == ConfigType.UTM_CONFIG: + try: + if json.loads(response.text)["payload"]["utm_conf"]: + status = "OK" + except KeyError: + self.logger.error( + "UTM config field not found in config" + ) else: self.logger.error("Validation not implemented, unknown config") + elif response.status_code == 405: + if config == ConfigType.DEBUG_CONFIG: + # It is OK: server do not support debug mode + status = "OK" + else: + status = "FAIL" else: status = "FAIL" @@ -1320,14 +1385,17 @@ async def __loop_run_executor(self, executor, config: ConfigType) -> None: response.status_code == 200 and self.__previous_debug_config != response.text.strip() ): - self.__handle_received_config(response, ConfigType.DEBUG_CONFIG) + ret = self.__handle_received_config(response, ConfigType.DEBUG_CONFIG) self.__mesh_conf_request_processed = False + if ret == "OK": + self.__status[status_type] = "OK" elif ( response.status_code == 200 and self.__previous_debug_config == response.text.strip() ): self.__debug_config_interval = Constants.OK_POLLING_TIME_SECONDS.value self.__mesh_conf_request_processed = False + self.__status[status_type] = "OK" elif response.text.strip() == "" or response.status_code != 200: self.__debug_config_interval = Constants.FAIL_POLLING_TIME_SECONDS.value if response.status_code == 405: @@ -1338,20 +1406,23 @@ async def __loop_run_executor(self, executor, config: ConfigType) -> None: Constants.OK_POLLING_TIME_SECONDS.value ) self.__mesh_conf_request_processed = False + self.__status[status_type] = "OK" else: if response.status_code == 200: ret = self.__handle_received_config(response, config) self.logger.debug("config: %s, ret: %s", config, ret) if ret == "OK": self.__status[status_type] = "OK" - if config.value == ConfigType.MESH_CONFIG.value and ret == "OK": - self.__mesh_conf_request_processed = True elif response.status_code != 200: self.__status[status_type] = "FAIL" # if all statuses are OK, then we can start the OK polling if all(value == "OK" for value in self.__status.values()): self.__interval = Constants.OK_POLLING_TIME_SECONDS.value + self.__mesh_conf_request_processed = True + self.logger.debug( + "All statuses are OK." + ) else: self.__interval = Constants.FAIL_POLLING_TIME_SECONDS.value diff --git a/modules/sc-mesh-secure-deployment/src/nats/src/constants.py b/modules/sc-mesh-secure-deployment/src/nats/src/constants.py index 6c279786a..f3f050c26 100644 --- a/modules/sc-mesh-secure-deployment/src/nats/src/constants.py +++ b/modules/sc-mesh-secure-deployment/src/nats/src/constants.py @@ -14,6 +14,7 @@ class ConfigType(str, Enum): LOWER_CERTIFICATE: str = "lower_certificates" FEATURES: str = "features" DEBUG_CONFIG: str = "debug_conf" + UTM_CONFIG: str = "utm_conf" class StatusType(str, Enum): @@ -26,6 +27,8 @@ class StatusType(str, Enum): DOWNLOAD_FEATURES: str = "download_features" DOWNLOAD_CERTIFICATES: str = "download_certificates" UPLOAD_CERTIFICATES: str = "upload_certificates" + DOWNLOAD_DEBUG_CONFIG: str = "download_debug_config" + DOWNLOAD_UTM_CONFIG: str = "download_utm_config" # pylint: disable=too-few-public-methods, too-many-instance-attributes, disable=invalid-name class Constants(Enum): diff --git a/modules/utils/docker/entrypoint_mdm_agent_utm.sh b/modules/utils/docker/entrypoint_mdm_agent_utm.sh new file mode 100755 index 000000000..af4df0b79 --- /dev/null +++ b/modules/utils/docker/entrypoint_mdm_agent_utm.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +source /opt/mesh-helper.sh + +####################################### +# BC needs to be on place before this # +####################################### + +# TODO: Identity from BC or HSM? +if [ ! -f "/opt/identity" ]; then + echo "generates identity id" + generate_identity_id +fi + +####################################### +# Enable MDM stuff # +####################################### +echo "starting mdm agent" +/opt/S90mdm_agent start