Skip to content

Commit 66a55fd

Browse files
rsdmikersdmike
committed
feat: enable CIRA connection in console
addresses Add Support for CIRA Fixes #665
1 parent e16421f commit 66a55fd

40 files changed

+1527
-283
lines changed

.gitignore

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,10 @@
44
# Config
55
.env
66
.DS_store
7-
*.pem
7+
#certs
8+
**/*.pem
9+
**/*.crt
10+
**/*.key
811
**/*.yml
912
**/*.yaml
1013
!config/config.yml
@@ -18,7 +21,7 @@ bin/
1821
*.db
1922
*.db-journal
2023
__debug_bin*
21-
24+
*.app
2225

2326
# Test binary, built with `go test -c`
2427
*.test

Dockerfile

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,11 @@ FROM golang:1.25.4-alpine@sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66
1515
COPY --from=modules /go/pkg /go/pkg
1616
COPY . /app
1717
WORKDIR /app
18+
RUN go mod tidy
1819
RUN mkdir -p /app/tmp/
1920
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
2021
go build -o /bin/app ./cmd/app
21-
22+
RUN mkdir -p /.config/device-management-toolkit
2223
# Step 3: Final
2324
FROM scratch
2425
ENV TMPDIR=/tmp
@@ -27,4 +28,5 @@ COPY --from=builder /app/config /config
2728
COPY --from=builder /app/internal/app/migrations /migrations
2829
COPY --from=builder /bin/app /app
2930
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
31+
COPY --from=builder /.config/device-management-toolkit /.config/device-management-toolkit
3032
CMD ["/app"]

cmd/app/main.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import (
1212

1313
"github.com/device-management-toolkit/console/config"
1414
"github.com/device-management-toolkit/console/internal/app"
15+
"github.com/device-management-toolkit/console/internal/certificates"
1516
"github.com/device-management-toolkit/console/internal/controller/openapi"
1617
"github.com/device-management-toolkit/console/internal/usecase"
1718
"github.com/device-management-toolkit/console/pkg/logger"
@@ -42,6 +43,16 @@ func main() {
4243
log.Fatalf("App init error: %s", err)
4344
}
4445

46+
root, privateKey, err := certificates.CheckAndLoadOrGenerateRootCertificate(true, cfg.CommonName, "US", "device-management-toolkit", true)
47+
if err != nil {
48+
log.Fatalf("Error loading or generating root certificate: %s", err)
49+
}
50+
51+
_, _, err = certificates.CheckAndLoadOrGenerateWebServerCertificate(certificates.CertAndKeyType{Cert: root, Key: privateKey}, false, cfg.CommonName, "US", "device-management-toolkit", true)
52+
if err != nil {
53+
log.Fatalf("Error loading or generating web server certificate: %s", err)
54+
}
55+
4556
handleEncryptionKey(cfg)
4657

4758
if os.Getenv("GIN_MODE") != "debug" {

config/config.go

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package config
33
import (
44
"errors"
55
"flag"
6+
"net"
67
"os"
78
"path/filepath"
89
"time"
@@ -29,6 +30,7 @@ type (
2930
Name string `env-required:"true" yaml:"name" env:"APP_NAME"`
3031
Repo string `env-required:"true" yaml:"repo" env:"APP_REPO"`
3132
Version string `env-required:"true"`
33+
CommonName string `env-required:"true" yaml:"common_name" env:"APP_COMMON_NAME"`
3234
EncryptionKey string `yaml:"encryption_key" env:"APP_ENCRYPTION_KEY"`
3335
AllowInsecureCiphers bool `yaml:"allow_insecure_ciphers" env:"APP_ALLOW_INSECURE_CIPHERS"`
3436
}
@@ -93,13 +95,36 @@ type (
9395
}
9496
)
9597

98+
// getPreferredIPAddress detects the most likely candidate IP address for this machine.
99+
// It prefers non-loopback IPv4 addresses and excludes link-local addresses.
100+
func getPreferredIPAddress() string {
101+
addrs, err := net.InterfaceAddrs()
102+
if err != nil {
103+
return "localhost"
104+
}
105+
106+
for _, addr := range addrs {
107+
if ipNet, ok := addr.(*net.IPNet); ok && !ipNet.IP.IsLoopback() {
108+
if ipNet.IP.To4() != nil {
109+
// Exclude link-local addresses (169.254.x.x)
110+
if !ipNet.IP.IsLinkLocalUnicast() {
111+
return ipNet.IP.String()
112+
}
113+
}
114+
}
115+
}
116+
117+
return "localhost"
118+
}
119+
96120
// defaultConfig constructs the in-memory default configuration.
97121
func defaultConfig() *Config {
98122
return &Config{
99123
App: App{
100124
Name: "console",
101125
Repo: "device-management-toolkit/console",
102126
Version: "DEVELOPMENT",
127+
CommonName: getPreferredIPAddress(),
103128
EncryptionKey: "",
104129
AllowInsecureCiphers: false,
105130
},

docker-compose.yml

Lines changed: 17 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,17 @@
11
services:
2-
postgres:
3-
container_name: postgres
4-
image: postgres
5-
networks:
6-
- openamtnetwork1
7-
volumes:
8-
- pg-data:/var/lib/postgresql
9-
environment:
10-
POSTGRES_USER: "postgresadmin"
11-
POSTGRES_PASSWORD: "admin123"
12-
POSTGRES_DB: "rpsdb"
13-
ports:
14-
- 5432:5432
2+
# postgres:
3+
# container_name: postgres
4+
# image: postgres
5+
# networks:
6+
# - openamtnetwork1
7+
# volumes:
8+
# - pg-data:/var/lib/postgresql/data
9+
# environment:
10+
# POSTGRES_USER: "postgresadmin"
11+
# POSTGRES_PASSWORD: "admin123"
12+
# POSTGRES_DB: "rpsdb"
13+
# ports:
14+
# - 5432:5432
1515
app:
1616
build: .
1717
container_name: app
@@ -25,12 +25,13 @@ services:
2525
HTTP_HOST: ""
2626
HTTP_TLS_ENABLED: "false"
2727
GIN_MODE: "debug"
28-
DB_URL: "postgres://postgresadmin:admin123@postgres:5432/rpsdb"
28+
#DB_URL: "postgres://postgresadmin:admin123@postgres:5432/rpsdb"
2929
AUTH_DISABLED: true
3030
ports:
3131
- 8181:8181
32-
depends_on:
33-
- postgres
32+
- 4433:4433
33+
# depends_on:
34+
# - postgres
3435
# integration:
3536
# build:
3637
# context: .

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ go 1.24.2
44

55
toolchain go1.24.9
66

7-
// replace github.com/device-management-toolkit/go-wsman-messages/v2 => ../go-wsman-messages
7+
replace github.com/device-management-toolkit/go-wsman-messages/v2 => ../go-wsman-messages
88

99
require (
1010
github.com/Masterminds/squirrel v1.5.4

internal/app/app.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ import (
1616

1717
"github.com/device-management-toolkit/console/config"
1818
consolehttp "github.com/device-management-toolkit/console/internal/controller/http"
19+
"github.com/device-management-toolkit/console/internal/controller/tcp/cira"
1920
wsv1 "github.com/device-management-toolkit/console/internal/controller/ws/v1"
2021
"github.com/device-management-toolkit/console/internal/usecase"
2122
"github.com/device-management-toolkit/console/pkg/db"
@@ -76,6 +77,16 @@ func Run(cfg *config.Config) {
7677
}
7778

7879
wsv1.RegisterRoutes(handler, log, usecases.Devices, upgrader)
80+
81+
// Use the same certificates that were generated in main.go
82+
ciraCertFile := fmt.Sprintf("config/%s_cert.pem", cfg.CommonName)
83+
ciraKeyFile := fmt.Sprintf("config/%s_key.pem", cfg.CommonName)
84+
85+
ciraServer, err := cira.NewServer(ciraCertFile, ciraKeyFile, usecases.Devices)
86+
if err != nil {
87+
log.Fatal("CIRA Server failed: %v", err)
88+
}
89+
7990
// Configure TLS based on config
8091
tlsEnabled := cfg.TLS.Enabled
8192
certFile := cfg.TLS.CertFile
@@ -97,11 +108,17 @@ func Run(cfg *config.Config) {
97108
log.Info("app - Run - signal: " + s.String())
98109
case err = <-httpServer.Notify():
99110
log.Error(fmt.Errorf("app - Run - httpServer.Notify: %w", err))
111+
case ciraErr := <-ciraServer.Notify():
112+
log.Error(fmt.Errorf("app - Run - ciraServer.Notify: %w", ciraErr))
100113
}
101114

102115
// Shutdown
103116
err = httpServer.Shutdown()
104117
if err != nil {
105118
log.Error(fmt.Errorf("app - Run - httpServer.Shutdown: %w", err))
106119
}
120+
err = ciraServer.Shutdown()
121+
if err != nil {
122+
log.Error(fmt.Errorf("app - Run - ciraServer.Shutdown: %w", err))
123+
}
107124
}

0 commit comments

Comments
 (0)