Merge pull request #100 from w3c/agt-docker

Agt docker

Dockerfile.agtserver

@@ -0,0 +1,60 @@
+# (C) 2023 Volvo Cars
+#
+# All files and artifacts in the repository at https://github.com/w3c/automotive-vissv2
+# are licensed under the provisions of the license provided by the LICENSE file in this repository.
+# To run with redis as state storage use docker compose. This can be used to build individual images but will not
+# run.
+
+ARG GO_VERSION=1.18.3
+ARG VSSTREE_NAME="vss_vissv2.binary"
+ARG BUILD_IMAGE="golang:latest"
+ARG RUNTIME_IMAGE="debian:bullseye-slim"
+
+#----------------------Builder-----------------------
+FROM ${BUILD_IMAGE} AS builder
+ARG VSSTREE_NAME
+WORKDIR /build
+
+#add bin folder to store the compiled files
+RUN mkdir bin
+
+#corporate proxy settings can sometimes cause tls verification error. Add root crt to docker container.
+COPY testCredGen/cicso-umbrella/cisco.crt /usr/local/share/ca-certificates/cisco.crt
+RUN update-ca-certificates
+
+#copy the content of the server and utils dir and .mod/.sum files to builder
+COPY server/ ./server
+COPY grpc_pb/ ./grpc_pb
+COPY protobuf/ ./protobuf
+COPY utils/ ./utils
+COPY go.mod go.sum ./
+
+#RUN ls -a etc/
+
+#copy cert info from testCredGen to path expected by w3c server
+COPY testCredGen/ca transport_sec/ca
+COPY testCredGen/server transport_sec/server
+COPY testCredGen/client transport_sec/client
+
+#clean up unused dependencies
+#RUN go mod tidy
+#compile all projects and place the executables in the bin folder
+RUN go build -v -o ./bin ./...
+
+#----------------------runtime-----------------------
+FROM ${RUNTIME_IMAGE} AS runtime
+RUN apt-get update && apt-get upgrade -y
+RUN apt-get update && apt-get install -y net-tools iproute2 iputils-ping
+RUN apt-get autoclean -y
+RUN apt-get autoremove -y
+COPY --from=builder /build/transport_sec/ ../transport_sec/.
+
+
+FROM golang:1.21-bookworm as agt_server
+USER root
+RUN mkdir transport_sec
+WORKDIR /app
+COPY --from=builder /build/bin/agt_server .
+COPY --from=builder /build/server/transport_sec/transportSec.json ../transport_sec/transportSec.json
+COPY --from=builder /build/server/agt_server/agt_public_key.rsa .
+COPY --from=builder /build/server/agt_server/agt_private_key.rsa .

Dockerfile → Dockerfile.rlserver

@@ -84,4 +84,11 @@ COPY --from=builder /build/server/agt_server/agt_public_key.rsa .
 ENTRYPOINT ["/app/vissv2server","-s","redis"]
 
 
-
+FROM golang:1.21-bookworm as agt_server
+USER root
+RUN mkdir transport_sec
+WORKDIR /app
+COPY --from=builder /build/bin/agt_server .
+COPY --from=builder /build/server/transport_sec/transportSec.json ../transport_sec/transportSec.json
+COPY --from=builder /build/server/agt_server/agt_public_key.rsa .
+COPY --from=builder /build/server/agt_server/agt_private_key.rsa .

README.md

@@ -1,5 +1,5 @@
-**(C) 2023 Ford Motor Company**<br>
-**(C) 2019, 2023 Volvo Cars**<br>
+**(C) 2023, 2024 Ford Motor Company**<br>
+**(C) 2019, 2023, 2024 Volvo Cars**<br>
 **(C) 2019 Geotab Inc**<br>
 **(C) 2019 Mitsubishi Electric Automotive**<br>
 

docker/README.md

@@ -7,11 +7,20 @@ The server can also be built and launched using docker and docker-compose please
 https://docs.docker.com/install/linux/docker-ce/ubuntu/
 https://docs.docker.com/compose/install/
 
-The file docker-compose-rl.yml builds and runs  a variant of the feeder(feeder-rl) which is configured and built to interface the remotive labs cloud.
+
+**Build and run**
+
+*viss-docker-rl*
+
+The file docker-compose-rl.yml builds and runs  a variant of the feeder(feeder-rl, see Readme in feeder/feeder-rl for'
+more details) - which is configured and built to interface the remotive labs cloud.
 The Remotive cloud have recorded vehicle data which we can play back to a cloud version of their data broker. We have an
 interface written in Go - https://github.com/petervolvowinz/viss-rl-interfaces -  that we have integrated into the WAII feeder application. The docker compose version should be from 3.8.
 
-Dockerfile and docker-compose-rl.yml are located in the project root.
+The *docker-compose-rl.yml* is located in the docker/viss-docker-rl folder. The docker file *Dockerfile.rlserver* is located in the project root. 
+Placing the dockerfile which is used to build the image in the root is done for
+practical reasons. See: https://www.baeldung.com/ops/docker-include-files-outside-build-context
+
 
 To build and run the docker example see below:
 
@@ -48,15 +57,26 @@ $ docker-compose up -d --force-recreate --build
 
 ```
 
-
-**Access control**
-
 If you want to run the server with access control, we need to copy the access grant token server's public key and make
 the key available in the container. These keys will be generated at the AGT server startup if not present.
-
 If we are not using access control servers comment this row in the _vissv2server_ section of the Dockerfile in the project
 root.
 
 ```
 COPY --from=builder /build/server/agt_server/agt_public_key.rsa .
 ```
+
+**Access control**
+
+*agt-docker*
+
+The access grant token server can be built a run in a separate docker container. The typical place for the agt server
+would be in the cloud, but is not further specified. The agt server is, however, a prerequisite for the viss server to 
+be able to run with access control. The *docker-compose-agt.yml* can be used to
+build and run the agt server. The docker file *Dockerfile.agt* is also located in the project root.
+
+```
+$ docker compose -f docker-compose-agt.yml build
+$ docker compose -f docker-compose-agt.yml up
+```
+

docker/agt-docker/Readme.md

@@ -0,0 +1,16 @@
+**DOCKER**
+
+**(C) 2023 Volvo Cars**<br>
+
+Running the Access Grant token server in a docker container. The docker file: *Dockerfile.agtserver* is located in the
+project root and the current setup have the agt server to listen on port 7500.
+
+To build and run the agt docker
+container.
+```
+cd docker/agt-docker
+docker compose -f docker-compose-agt.yml build
+docker compose -f docker-compose-agt.yml up
+```
+
+

docker/agt-docker/docker-compose-agt.yml

@@ -0,0 +1,14 @@
+version: '3.8'
+services:
+
+  agt_server:
+    container_name: agt_server
+    build:
+      context: ../../  # context set to repo root
+      dockerfile: Dockerfile.agtserver
+      target: agt_server
+    entrypoint: [/app/agt_server]
+    ports:
+      - "0.0.0.0:7500:7500"
+    volumes:
+      - ./logs:/app/logs

docker-compose-rl.yml → docker/viss-docker-rl/docker-compose-rl.yml

@@ -9,19 +9,20 @@ services:
     volumes:
       - /tmp/docker/
 
-  feeder:
-    container_name: feeder
+  feeder-rl:
+    container_name: feeder-rl
     user: root
     build:
-      context: .
+      context: ../../
+      dockerfile: Dockerfile.rlserver
       target: feeder
     entrypoint: [/app/feeder,--dataprovider, remotive, --rdb, /tmp/docker/redisDB.sock,--fch,/tmp/docker/server-feeder-channel.sock]
     ports:
       - "443:443"
-    volumes:
-      - ./feeder/feeder-rl/certificate.pem:/app/certificate.pem
-      - ./feeder/feeder-rl/config.json:/app/config.json
-      - ./feeder/feeder-rl/VehicleVssMapData.json:/app/VehicleVssMapData.json
+    #volumes:
+      #- ./feeder/feeder-rl/certificate.pem:/app/certificate.pem
+      #- ./feeder/feeder-rl/config.json:/app/config.json
+      #- ./feeder/feeder-rl/VehicleVssMapData.json:/app/VehicleVssMapData.json
     volumes_from:
       - tmp
 
@@ -32,14 +33,15 @@ services:
     user: root
     command: redis-server /etc/redis.conf
     volumes:
-      - ./redis/redis.conf:/etc/redis.conf
+      - ../../redis/redis.conf:/etc/redis.conf
     volumes_from:
       - tmp
 
   vissv2server:
     container_name: vissv2server
     build:
-      context: .  # context set to repo root
+      context: ../../  # context set to repo root
+      dockerfile: Dockerfile.rlserver
       target: vissv2server
     entrypoint: [ /app/vissv2server,-s,redis]
     ports:

feeder/feeder-rl/README.md

@@ -35,10 +35,12 @@ The file VehicleVssMapData.json is used if the feeder is executed with
 --dataprovider sim
 ```
 
-docker-compose and Docker located in the project root files run/build the feeder, redis and the vissv2server containers.
+The docker-compose file is located in docker/viss-docker-rl folder.
+The Docker file is located the project root:  *Dockerfile.rlserver*
 
-We need docker compose to run the system:
+To build and run.
 ```
+cd docker/viss-docker-rl
 docker compose -f docker-compose-rl.yml build
 docker compose -f docker-compose-rl.yml up
 ```

go.mod

@@ -1,14 +1,14 @@
 module github.com/w3c/automotive-viss2
 
-go 1.18
+go 1.21
 
 //example on how to use replace to point to fork or local path
 //replace github.com/w3c/automotive-viss2/utils => github.com/MagnusGun/WAII/utils master
 replace github.com/w3c/automotive-viss2/utils => ./utils
 
 replace (
-//	github.com/COVESA/vss-tools/binary/go_parser/datamodel => github.com/UlfBj/vss-tools/binary/go_parser/datamodel v0.0.0-20231219145220-847ed46699dc
-//	github.com/COVESA/vss-tools/binary/go_parser/parserlib => github.com/UlfBj/vss-tools/binary/go_parser/parserlib v0.0.0-20231219145220-847ed46699dc
+	//	github.com/COVESA/vss-tools/binary/go_parser/datamodel => github.com/UlfBj/vss-tools/binary/go_parser/datamodel v0.0.0-20231219145220-847ed46699dc
+	//	github.com/COVESA/vss-tools/binary/go_parser/parserlib => github.com/UlfBj/vss-tools/binary/go_parser/parserlib v0.0.0-20231219145220-847ed46699dc
 	github.com/w3c/automotive-viss2/grpc_pb => ./grpc_pb
 	github.com/w3c/automotive-viss2/server/vissv2server/atServer => ./server/vissv2server/atServer
 	github.com/w3c/automotive-viss2/server/vissv2server/grpcMgr => ./server/vissv2server/grpcMgr

go.sum

@@ -15,6 +15,7 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cu
 github.com/eclipse/paho.mqtt.golang v1.4.3 h1:2kwcUGn8seMUfWndX0hGbvH8r7crgcJguQNCyp70xik=
 github.com/eclipse/paho.mqtt.golang v1.4.3/go.mod h1:CSYvoAlsMkhYOXh/oKyxa8EcBci6dVkLCbo5tTC1RIE=
 github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg=
 github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
@@ -24,6 +25,7 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
 github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
@@ -33,8 +35,11 @@ github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZH
 github.com/mattn/go-sqlite3 v1.14.19 h1:fhGleo2h1p8tVChob4I9HpmVFIAkKGpiukdrgQbWfGI=
 github.com/mattn/go-sqlite3 v1.14.19/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
+github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/petervolvowinz/viss-rl-interfaces v0.0.8 h1:fTcAQVfRCt3jPA9IcqDRgnavPq1REAYfYL7YSj8MrhA=
 github.com/petervolvowinz/viss-rl-interfaces v0.0.8/go.mod h1:7jOb8sy+8GhzonzaTzgcVV9XCKXMWkRDWqFHY6RnXH4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -64,6 +69,8 @@ google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

server/agt_server/agt_server.go

@@ -17,7 +17,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
-	"os/exec"
 	"strconv"
 	"strings"
 	"time"
@@ -41,11 +40,12 @@ var privKey *rsa.PrivateKey
 var jtiCache map[string]struct{}
 
 type Payload struct {
+	// Action  string `json:"action"`
 	Vin     string `json:"vin"`
 	Context string `json:"context"`
 	Proof   string `json:"proof"`
 	//Key     utils.JsonWebKey `json:"key"`
-	Key     string `json:"key"`
+	Key string `json:"key"`
 }
 
 // Handles the request depending on the url and the method for the request
@@ -217,6 +217,17 @@ func deleteJti(jti string) {
 	delete(jtiCache, jti)
 }
 
+// generate UUID
+func getUUID() string {
+	var unparsedId uuid.UUID
+	var err error
+	if unparsedId, err = uuid.NewRandom(); err != nil { // Generates a new uuid
+		utils.Error.Printf("generateAgt:Error generating uuid, err=%s", err)
+		return ""
+	}
+	return unparsedId.String()
+}
+
 // Generates Long Term AGT after doing all the checks related to it
 func generateLTAgt(payload Payload, pop string) string {
 	var popToken utils.PopToken
@@ -240,11 +251,6 @@ func generateLTAgt(payload Payload, pop string) string {
 	}
 	// Generates the response token
 	var jwtoken utils.JsonWebToken
-	var unparsedId uuid.UUID
-	if unparsedId, err = uuid.NewRandom(); err != nil { // Better way to generate uuid than calling an ext program
-		utils.Error.Printf("generateAgt:Error generating uuid, err=%s", err)
-		return `{"action": "agt-request", "error": "Internal error"}`
-	}
 	iat := int(time.Now().Unix())
 	exp := iat + LT_DURATION // defined by const
 	jwtoken.SetHeader("RS256")
@@ -253,10 +259,8 @@ func generateLTAgt(payload Payload, pop string) string {
 	jwtoken.AddClaim("exp", strconv.Itoa(exp))
 	jwtoken.AddClaim("clx", payload.Context)
 	jwtoken.AddClaim("aud", "w3org/gen2")
-	jwtoken.AddClaim("jti", unparsedId.String())
+	jwtoken.AddClaim("jti", getUUID())
 	jwtoken.AddClaim("pub", payload.Key)
-	//utils.Info.Printf("generateAgt:jwtHeader=%s", jwtoken.GetHeader())
-	//utils.Info.Printf("generateAgt:jwtPayload=%s", jwtoken.GetPayload())
 	jwtoken.Encode()
 	jwtoken.AssymSign(privKey)
 	return `{"action": "agt-request", "token":"` + jwtoken.GetFullToken() + `"}`
@@ -265,12 +269,7 @@ func generateLTAgt(payload Payload, pop string) string {
 // Generates an AGT (short term)
 func generateAgt(payload Payload) string {
 	var jwtoken utils.JsonWebToken
-	uuid, err := exec.Command("uuidgen").Output()
-	if err != nil {
-		utils.Error.Printf("generateAgt:Error generating uuid, err=%s", err)
-		return `{"action": "agt-request", "error": "Internal error"}`
-	}
-	uuid = uuid[:len(uuid)-1] // remove '\n' char
+
 	iat := int(time.Now().Unix())
 	exp := iat + ST_DURATION
 	// Token generation (used utils.JsonWebToken)
@@ -280,9 +279,9 @@ func generateAgt(payload Payload) string {
 	jwtoken.AddClaim("exp", strconv.Itoa(exp))
 	jwtoken.AddClaim("clx", payload.Context)
 	jwtoken.AddClaim("aud", "w3org/gen2")
-	jwtoken.AddClaim("jti", string(uuid))
-	utils.Info.Printf("generateAgt:jwtHeader=%s", jwtoken.GetHeader())
-	utils.Info.Printf("generateAgt:jwtPayload=%s", jwtoken.GetPayload())
+	jwtoken.AddClaim("jti", getUUID())
+	//utils.Info.Printf("generateAgt:jwtHeader=%s", jwtoken.GetHeader())
+	//utils.Info.Printf("generateAgt:jwtPayload=%s", jwtoken.GetPayload())
 	jwtoken.Encode()
 	jwtoken.AssymSign(privKey)
 	return `{"action": "agt-request", "token":"` + jwtoken.GetFullToken() + `"}`

server/vissv2server/README.md

@@ -18,15 +18,11 @@ $ ./W3CServer.sh startme
 To stop:
 $ ./W3CServer.sh stopme
 
-To build manually, copy the commands from the script file. 
-Depending on whether the implementation with multiple separate processes, or the implementation where they are running as threads is used, 
-the order of starting the different components must be the following for them to start up correctly:
-1. servercore.go
-2. service_mgr.go
-3. ws_mgr.go and/or http_mgr.go and/or mqtt_mgr.go
-4. agt_server.go and at_server.go (if access control is to be used)
+To build manually, have look in *Dockerfile.rlserver* in the project root. The server runs in one single process. If access
+control is to be used the access grant token server must be running. The access grant token server is a separate process,
+see *Dockerfile.agtserver* for build instructions. 
 
-At startup the VISSv2 server core reads the vss_vissv2.binary file, which contains the VSS tree in binary format. 
+At startup the VISSv2 server reads the vss_vissv2.binary file, which contains the VSS tree in binary format. 
 It then generates the file vsspathlist.json in the server parent directory. 
 Binary files containing the latest VSS tree on the VSS repo can be generated after cloning the VSS repo, and then issuing the 'make binary' command.