Get tests running and do some cleanups

.github/workflows/main.yml

@@ -22,7 +22,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.19.x'
+          go-version: '1.20.x'
 
       - name: Install Ziti CI
         uses: netfoundry/ziti-ci@v1

.golangci.yml

@@ -2,3 +2,10 @@ run:
   deadline: 8m
   skip-dirs:
     - controller/zitiql
+
+# golangci gives false positives for implementations of methods using generics in generic interfaces
+issues:
+  exclude-rules:
+    - path: 'controller/model/.*.go'
+      linters:
+        - unused

controller/handler_edge_ctrl/common.go

@@ -115,16 +115,26 @@ type baseSessionRequestContext struct {
 }
 
 func (self *baseSessionRequestContext) newChangeContext() *change.Context {
-	return change.New().
-		SetChangeAuthorId(self.session.IdentityId).
-		SetChangeAuthorName(self.apiSession.Identity.Name).
-		SetSource(fmt.Sprintf("ctrl[edge/%v]", self.handler.getChannel().Underlay().GetRemoteAddr().String()))
+	result := change.New().SetSource(fmt.Sprintf("ctrl[edge/%v]", self.handler.getChannel().Underlay().GetRemoteAddr().String()))
+	if self.session != nil {
+		result.
+			SetChangeAuthorId(self.session.IdentityId).
+			SetChangeAuthorName(self.apiSession.Identity.Name).
+			SetChangeAuthorType("identity")
+	} else if self.sourceRouter != nil {
+		result.
+			SetChangeAuthorId(self.sourceRouter.Id).
+			SetChangeAuthorName(self.sourceRouter.Name).
+			SetChangeAuthorType("router")
+	}
+	return result
 }
 
 func (self *baseSessionRequestContext) newTunnelChangeContext() *change.Context {
 	return change.New().
 		SetChangeAuthorId(self.sourceRouter.Id).
 		SetChangeAuthorName(self.sourceRouter.Name).
+		SetChangeAuthorType("router").
 		SetSource(fmt.Sprintf("ctrl[edge:tunnel/%v]", self.handler.getChannel().Underlay().GetRemoteAddr().String()))
 }
 

controller/handler_edge_ctrl/extend_enrollment.go

@@ -36,6 +36,7 @@ func newRouterChangeContext(router interface {
 	return change.New().
 		SetChangeAuthorId(router.GetId()).
 		SetChangeAuthorName(router.GetName()).
+		SetChangeAuthorType("router").
 		SetSource(fmt.Sprintf("ctrl[edge/%v]", ch.Underlay().GetRemoteAddr().String()))
 }
 

controller/internal/policy/api_session_enforcer.go

@@ -98,7 +98,7 @@ func (s *ApiSessionEnforcer) Run() error {
 
 		logrus.Debugf("found %v expired api-sessions to remove", len(ids))
 
-		ctx := change.New().SetSource("api-session.enforcer")
+		ctx := change.New().SetSource("api-session.enforcer").SetChangeAuthorType("controller")
 		if err = s.appEnv.GetManagers().ApiSession.DeleteBatch(ids, ctx); err != nil {
 			logrus.WithError(err).Error("failure while batch deleting expired api sessions")
 

controller/internal/policy/service_policy_enforcer.go

@@ -102,7 +102,7 @@ func (enforcer *ServicePolicyEnforcer) handleServiceEvent(event *persistence.Ser
 		}
 	}
 
-	ctx := change.New().SetSource("service-policy.enforcer")
+	ctx := change.New().SetSource("service-policy.enforcer").SetChangeAuthorType("controller")
 	for _, sessionId := range sessionsToDelete {
 		_ = enforcer.appEnv.GetManagers().Session.Delete(sessionId, ctx)
 		log.Debugf("session %v deleted", sessionId)
@@ -168,7 +168,7 @@ func (enforcer *ServicePolicyEnforcer) Run() error {
 		return err
 	}
 
-	ctx := change.New().SetSource("service-policy.enforcer")
+	ctx := change.New().SetSource("service-policy.enforcer").SetChangeAuthorType("controller")
 	for _, sessionId := range sessionsToRemove {
 		_ = enforcer.appEnv.GetManagers().Session.Delete(sessionId, ctx)
 	}

controller/internal/policy/session_enforcer_test.go

@@ -22,6 +22,7 @@ import (
 	"github.com/openziti/edge/controller/persistence"
 	"github.com/openziti/edge/eid"
 	"github.com/openziti/storage/boltz"
+	"github.com/openziti/storage/boltztest"
 	"github.com/sirupsen/logrus"
 	"testing"
 	"time"
@@ -49,25 +50,25 @@ func (ctx *enforcerTestContext) testSessionsCleanup() {
 
 	identity := ctx.RequireNewIdentity("Jojo", false)
 	apiSession := persistence.NewApiSession(identity.Id)
-	ctx.RequireCreate(apiSession)
+	boltztest.RequireCreate(ctx, apiSession)
 	service := ctx.RequireNewService("test-service")
 	session := NewSession(apiSession.Id, service.Id)
-	ctx.RequireCreate(session)
-	ctx.ValidateBaseline(session, compareOpts)
+	boltztest.RequireCreate(ctx, session)
+	boltztest.ValidateBaseline(ctx, session, compareOpts)
 
 	session2 := NewSession(apiSession.Id, service.Id)
 	session2.Type = persistence.PolicyTypeBindName
-	ctx.RequireCreate(session2)
-	ctx.ValidateBaseline(session2, compareOpts)
+	boltztest.RequireCreate(ctx, session2)
+	boltztest.ValidateBaseline(ctx, session2, compareOpts)
 
 	service2 := ctx.RequireNewService("test-service-2")
 	session3 := NewSession(apiSession.Id, service2.Id)
 	session3.Tags = ctx.CreateTags()
-	ctx.RequireCreate(session3)
-	ctx.ValidateBaseline(session3, compareOpts)
+	boltztest.RequireCreate(ctx, session3)
+	boltztest.ValidateBaseline(ctx, session3, compareOpts)
 
-	ctx.RequireReload(session)
-	ctx.RequireReload(session2)
+	boltztest.RequireReload(ctx, session)
+	boltztest.RequireReload(ctx, session2)
 
 	enforcer := &ApiSessionEnforcer{
 		appEnv:         ctx,
@@ -85,10 +86,10 @@ func (ctx *enforcerTestContext) testSessionsCleanup() {
 		ctx.Fail("did not receive done notification from eventual eventer")
 	}
 
-	ctx.ValidateDeleted(apiSession.Id)
-	ctx.ValidateDeleted(session.Id)
-	ctx.ValidateDeleted(session2.Id)
-	ctx.ValidateDeleted(session3.Id)
+	boltztest.ValidateDeleted(ctx, apiSession.Id)
+	boltztest.ValidateDeleted(ctx, session.Id)
+	boltztest.ValidateDeleted(ctx, session2.Id)
+	boltztest.ValidateDeleted(ctx, session3.Id)
 }
 
 func NewSession(apiSessionId, serviceId string) *persistence.Session {

controller/model/api_session_manager.go

@@ -169,7 +169,7 @@ func (self *ApiSessionManager) MarkActivityByTokens(tokens ...string) ([]string,
 }
 
 func (self *ApiSessionManager) heartbeatFlush(beats []*Heartbeat) {
-	changeCtx := change.New().SetSource("heartbeat.flush")
+	changeCtx := change.New().SetSource("heartbeat.flush").SetChangeAuthorType("controller")
 	err := self.GetDb().Batch(changeCtx.NewMutateContext(), func(ctx boltz.MutateContext) error {
 		store := self.Store.(persistence.ApiSessionStore)
 

controller/model/enrollment_manager.go

@@ -63,6 +63,11 @@ func (self *EnrollmentManager) Create(entity *Enrollment, ctx *change.Context) e
 func (self *EnrollmentManager) ApplyCreate(cmd *command.CreateEntityCommand[*Enrollment]) error {
 	model := cmd.Entity
 
+	if model.EdgeRouterId != nil || model.TransitRouterId != nil {
+		_, err := self.createEntity(model, cmd.Context)
+		return err
+	}
+
 	if model.IdentityId == nil {
 		return apierror.NewBadRequestFieldError(*errorz.NewFieldError("identity not found", "identityId", model.IdentityId))
 	}
@@ -198,11 +203,12 @@ func (self *EnrollmentManager) ReadByToken(token string) (*Enrollment, error) {
 	return enrollment, nil
 }
 
-func (self *EnrollmentManager) ReplaceWithAuthenticator(enrollmentId string, authenticator *Authenticator) error {
+func (self *EnrollmentManager) ReplaceWithAuthenticator(enrollmentId string, authenticator *Authenticator, ctx *change.Context) error {
 	return self.Dispatch(&ReplaceEnrollmentWithAuthenticatorCmd{
 		manager:       self,
 		enrollmentId:  enrollmentId,
 		authenticator: authenticator,
+		ctx:           ctx,
 	})
 }
 
@@ -227,7 +233,7 @@ func (self *EnrollmentManager) GetClientCertChain(certRaw []byte) (string, error
 }
 
 func (self *EnrollmentManager) ApplyReplaceEncoderWithAuthenticatorCommand(cmd *ReplaceEnrollmentWithAuthenticatorCmd) error {
-	return self.env.GetDbProvider().GetDb().Update(cmd.Context.NewMutateContext(), func(ctx boltz.MutateContext) error {
+	return self.env.GetDbProvider().GetDb().Update(cmd.ctx.NewMutateContext(), func(ctx boltz.MutateContext) error {
 		err := self.env.GetStores().Enrollment.DeleteById(ctx, cmd.enrollmentId)
 		if err != nil {
 			return err
@@ -363,14 +369,14 @@ func (self *EnrollmentManager) Unmarshall(bytes []byte) (*Enrollment, error) {
 }
 
 type ReplaceEnrollmentWithAuthenticatorCmd struct {
-	Context       *change.Context
+	ctx           *change.Context
 	manager       *EnrollmentManager
 	enrollmentId  string
 	authenticator *Authenticator
 }
 
 func (self *ReplaceEnrollmentWithAuthenticatorCmd) Apply(raftIndex uint64) error {
-	self.Context.RaftIndex = raftIndex
+	self.ctx.RaftIndex = raftIndex
 	return self.manager.ApplyReplaceEncoderWithAuthenticatorCommand(self)
 }
 
@@ -381,15 +387,15 @@ func (self *ReplaceEnrollmentWithAuthenticatorCmd) Encode() ([]byte, error) {
 	}
 
 	cmd := &edge_cmd_pb.ReplaceEnrollmentWithAuthenticatorCmd{
-		Ctx:           ContextToProtobuf(self.Context),
+		Ctx:           ContextToProtobuf(self.ctx),
 		EnrollmentId:  self.enrollmentId,
 		Authenticator: authMsg,
 	}
 	return cmd_pb.EncodeProtobuf(cmd)
 }
 
 func (self *ReplaceEnrollmentWithAuthenticatorCmd) Decode(env Env, msg *edge_cmd_pb.ReplaceEnrollmentWithAuthenticatorCmd) error {
-	self.Context = ProtobufToContext(msg.Ctx)
+	self.ctx = ProtobufToContext(msg.Ctx)
 	self.manager = env.GetManagers().Enrollment
 	self.enrollmentId = msg.EnrollmentId
 	authenticator, err := env.GetManagers().Authenticator.ProtobufToAuthenticator(msg.Authenticator)

controller/model/enrollment_mod_ott.go

@@ -108,7 +108,7 @@ func (module *EnrollModuleOtt) Process(ctx EnrollmentContext) (*EnrollmentResult
 		},
 	}
 
-	err = module.env.GetManagers().Enrollment.ReplaceWithAuthenticator(enrollment.Id, newAuthenticator)
+	err = module.env.GetManagers().Enrollment.ReplaceWithAuthenticator(enrollment.Id, newAuthenticator, ctx.GetChangeContext())
 
 	if err != nil {
 		return nil, err

controller/model/enrollment_mod_ottca.go

@@ -134,7 +134,7 @@ func (module *EnrollModuleOttCa) Process(ctx EnrollmentContext) (*EnrollmentResu
 		},
 	}
 
-	err = module.env.GetManagers().Enrollment.ReplaceWithAuthenticator(enrollment.Id, newAuthenticator)
+	err = module.env.GetManagers().Enrollment.ReplaceWithAuthenticator(enrollment.Id, newAuthenticator, ctx.GetChangeContext())
 
 	if err != nil {
 		return nil, err

controller/model/enrollment_mod_updb.go

@@ -94,7 +94,7 @@ func (module *EnrollModuleUpdb) Process(ctx EnrollmentContext) (*EnrollmentResul
 		},
 	}
 
-	err = module.env.GetManagers().Enrollment.ReplaceWithAuthenticator(enrollment.Id, newAuthenticator)
+	err = module.env.GetManagers().Enrollment.ReplaceWithAuthenticator(enrollment.Id, newAuthenticator, ctx.GetChangeContext())
 
 	if err != nil {
 		return nil, err

controller/model/identity_manager.go

@@ -68,6 +68,7 @@ func NewIdentityManager(env Env) *IdentityManager {
 
 	network.RegisterManagerDecoder[*Identity](env.GetHostController().GetNetwork().GetManagers(), manager)
 	RegisterCommand(env, &CreateIdentityWithEnrollmentsCmd{}, &edge_cmd_pb.CreateIdentityWithEnrollmentsCmd{})
+	RegisterCommand(env, &UpdateServiceConfigsCmd{}, &edge_cmd_pb.UpdateServiceConfigsCmd{})
 
 	return manager
 }
@@ -238,7 +239,7 @@ func (self *IdentityManager) InitializeDefaultAdmin(username, password, name str
 		},
 	}
 
-	ctx := change.New().SetSource("cli.init")
+	ctx := change.New().SetSource("cli.init").SetChangeAuthorType("cli")
 	if err = self.Create(defaultAdmin, ctx); err != nil {
 		return err
 	}

controller/model/posture_response_manager.go

@@ -209,7 +209,7 @@ func (self *PostureResponseManager) postureDataUpdated(env Env, identityId strin
 
 	for _, sessionId := range sessionIdsToDelete {
 		//todo: delete batch?
-		_ = self.env.GetManagers().Session.Delete(sessionId, change.New().SetSource("posture.cache"))
+		_ = self.env.GetManagers().Session.Delete(sessionId, change.New().SetSource("posture.cache").SetChangeAuthorType("controller"))
 	}
 }
 

controller/model/posture_response_model.go

@@ -153,7 +153,7 @@ func (pc *PostureCache) evaluate() {
 
 		//delete sessions that failed pc checks, clear list
 		for _, sessionId := range toDeleteSessionIds {
-			err := pc.env.GetManagers().Session.Delete(sessionId, change.New().SetSource("posture.cache"))
+			err := pc.env.GetManagers().Session.Delete(sessionId, change.New().SetSource("posture.cache").SetChangeAuthorType("controller"))
 			if err != nil {
 				log.WithError(err).Errorf("error removing session [%s] due to posture check failure, delete error: %v", sessionId, err)
 			}

controller/persistence/api_session_certificate_store.go

@@ -45,42 +45,15 @@ func (entity *ApiSessionCertificate) GetEntityType() string {
 	return EntityTypeApiSessionCertificates
 }
 
-type apiSessionCertificateEntityStrategy struct{}
-
-func (apiSessionCertificateEntityStrategy) NewEntity() *ApiSessionCertificate {
-	return &ApiSessionCertificate{}
-}
-
-func (apiSessionCertificateEntityStrategy) FillEntity(entity *ApiSessionCertificate, bucket *boltz.TypedBucket) {
-	entity.LoadBaseValues(bucket)
-	entity.ApiSessionId = bucket.GetStringOrError(FieldApiSessionCertificateApiSession)
-	entity.Subject = bucket.GetStringOrError(FieldApiSessionCertificateSubject)
-	entity.Fingerprint = bucket.GetStringOrError(FieldApiSessionCertificateFingerprint)
-	entity.ValidAfter = bucket.GetTime(FieldApiSessionCertificateValidAfter)
-	entity.ValidBefore = bucket.GetTime(FieldApiSessionCertificateValidBefore)
-	entity.PEM = bucket.GetStringOrError(FieldApiSessionCertificatePem)
-}
-
-func (apiSessionCertificateEntityStrategy) PersistEntity(entity *ApiSessionCertificate, ctx *boltz.PersistContext) {
-	entity.SetBaseValues(ctx)
-	ctx.SetString(FieldApiSessionCertificateApiSession, entity.ApiSessionId)
-	ctx.SetString(FieldApiSessionCertificateSubject, entity.Subject)
-	ctx.SetString(FieldApiSessionCertificateFingerprint, entity.Fingerprint)
-	ctx.SetTimeP(FieldApiSessionCertificateValidAfter, entity.ValidAfter)
-	ctx.SetTimeP(FieldApiSessionCertificateValidBefore, entity.ValidBefore)
-	ctx.SetString(FieldApiSessionCertificatePem, entity.PEM)
-}
-
 var _ ApiSessionCertificateStore = (*ApiSessionCertificateStoreImpl)(nil)
 
 type ApiSessionCertificateStore interface {
 	Store[*ApiSessionCertificate]
 }
 
 func newApiSessionCertificateStore(stores *stores) *ApiSessionCertificateStoreImpl {
-	store := &ApiSessionCertificateStoreImpl{
-		baseStore: newBaseStore[*ApiSessionCertificate](stores, apiSessionCertificateEntityStrategy{}),
-	}
+	store := &ApiSessionCertificateStoreImpl{}
+	store.baseStore = newBaseStore[*ApiSessionCertificate](stores, store)
 	store.InitImpl(store)
 	return store
 }
@@ -102,3 +75,27 @@ func (store *ApiSessionCertificateStoreImpl) initializeLocal() {
 
 func (store *ApiSessionCertificateStoreImpl) initializeLinked() {
 }
+
+func (store *ApiSessionCertificateStoreImpl) NewEntity() *ApiSessionCertificate {
+	return &ApiSessionCertificate{}
+}
+
+func (store *ApiSessionCertificateStoreImpl) FillEntity(entity *ApiSessionCertificate, bucket *boltz.TypedBucket) {
+	entity.LoadBaseValues(bucket)
+	entity.ApiSessionId = bucket.GetStringOrError(FieldApiSessionCertificateApiSession)
+	entity.Subject = bucket.GetStringOrError(FieldApiSessionCertificateSubject)
+	entity.Fingerprint = bucket.GetStringOrError(FieldApiSessionCertificateFingerprint)
+	entity.ValidAfter = bucket.GetTime(FieldApiSessionCertificateValidAfter)
+	entity.ValidBefore = bucket.GetTime(FieldApiSessionCertificateValidBefore)
+	entity.PEM = bucket.GetStringOrError(FieldApiSessionCertificatePem)
+}
+
+func (store *ApiSessionCertificateStoreImpl) PersistEntity(entity *ApiSessionCertificate, ctx *boltz.PersistContext) {
+	entity.SetBaseValues(ctx)
+	ctx.SetString(FieldApiSessionCertificateApiSession, entity.ApiSessionId)
+	ctx.SetString(FieldApiSessionCertificateSubject, entity.Subject)
+	ctx.SetString(FieldApiSessionCertificateFingerprint, entity.Fingerprint)
+	ctx.SetTimeP(FieldApiSessionCertificateValidAfter, entity.ValidAfter)
+	ctx.SetTimeP(FieldApiSessionCertificateValidBefore, entity.ValidBefore)
+	ctx.SetString(FieldApiSessionCertificatePem, entity.PEM)
+}