utm

modules/sc-mesh-secure-deployment/src/nats/comms_nats_controller.py

@@ -98,6 +98,9 @@ def __init__(
         self.__previous_debug_config: Optional[
             str
         ] = self.__read_debug_config_from_file()
+        self.__previous_config_utm: Optional[str] = self.__read_config_from_file(
+            ConfigType.UTM_CONFIG.value
+        )
         self.__mesh_conf_request_processed = False
         self.__comms_ctrl: comms_controller.CommsController = comms_ctrl
         self.logger: logging = self.__comms_ctrl.logger.getChild("mdm_agent")
@@ -179,6 +182,8 @@ def __init__(
             StatusType.UPLOAD_CERTIFICATES.value: "OK"
             if self.__certs_uploaded
             else "FAIL",
+            #StatusType.DOWNLOAD_DEBUG_CONFIG.value: "FAIL",
+            StatusType.DOWNLOAD_UTM_CONFIG.value: "FAIL",
         }
 
         self.__config_status_mapping = {
@@ -187,6 +192,8 @@ def __init__(
             ConfigType.BIRTH_CERTIFICATE: StatusType.DOWNLOAD_CERTIFICATES,
             ConfigType.LOWER_CERTIFICATE: StatusType.DOWNLOAD_CERTIFICATES,
             ConfigType.UPPER_CERTIFICATE: StatusType.DOWNLOAD_CERTIFICATES,
+            #ConfigType.DEBUG_CONFIG: StatusType.DOWNLOAD_DEBUG_CONFIG,
+            ConfigType.UTM_CONFIG: StatusType.DOWNLOAD_UTM_CONFIG,
         }
 
         try:
@@ -314,7 +321,8 @@ async def execute(self) -> None:
                         ):
                             # Restart CBMA with new certificates
                             self.stop_cbma()
-                            self.setup_cbma()
+                            if self.__is_cbma_feature_enabled():
+                                self.setup_cbma()
                         if (
                             self.__status[StatusType.DOWNLOAD_CERTIFICATES.value]
                             == "FAIL"
@@ -329,6 +337,7 @@ async def execute(self) -> None:
             elif self.mdm_service_available:
                 await self.__loop_run_executor(self.executor, ConfigType.FEATURES)
                 await self.__loop_run_executor(self.executor, ConfigType.MESH_CONFIG)
+                await self.__loop_run_executor(self.executor, ConfigType.UTM_CONFIG)
                 if self.__mesh_conf_request_processed:
                     await self.__loop_run_executor(
                         self.executor, ConfigType.DEBUG_CONFIG
@@ -464,12 +473,49 @@ def __action_certificates(
             return "FAIL"
         return "OK"
 
+    def __action_utm_configuration(self, response: requests.Response) -> str:
+        """
+        Take utm configuration into use
+        :param response: https response
+        :return: status
+        """
+
+        config: dict = json.loads(response.text)
+
+        if self.__previous_config_utm is not None:
+            self.logger.debug(
+                f"config: {config} previous: {json.loads(self.__previous_config_utm)}"
+            )
+
+            if json.loads(self.__previous_config_utm) == config:
+                self.logger.debug(
+                    "No changes in UTM config, not updating."
+                )
+                return "OK"
+
+        self.logger.debug("No previous UTM config")
+
+        self.__config_version = int(config["version"])
+        self.__write_config_to_file(response, ConfigType.UTM_CONFIG.value)
+
+        self.__previous_config_utm = self.__read_config_from_file(
+            ConfigType.UTM_CONFIG.value
+        )
+
+        return "OK"
+
+
     def __action_radio_configuration(self, response: requests.Response) -> str:
         """
         Take radio configuration into use
         :param response: https response
         :return: status
         """
+
+        # we do not need it for UTM branch
+        # so just skip this step and return OK status
+        return "OK"
+
         config: dict = json.loads(response.text)
 
         if self.__previous_config_mesh is not None:
@@ -613,6 +659,11 @@ def __handle_received_config(
                 ret = self.__action_feature_yaml(response)
                 return ret
 
+            # UTM configuration actions
+            if config.value == ConfigType.UTM_CONFIG.value:
+                ret = self.__action_utm_configuration(response)
+                return ret
+
     @staticmethod
     def __read_config_from_file(config: str) -> Optional[str]:
         """
@@ -1283,8 +1334,22 @@ def __validate_response(
                     self.logger.error(
                         "Debug config field not found in config"
                     )
+            elif config == ConfigType.UTM_CONFIG:
+                try:
+                    if json.loads(response.text)["payload"]["utm_conf"]:
+                        status = "OK"
+                except KeyError:
+                    self.logger.error(
+                        "UTM config field not found in config"
+                    )
             else:
                 self.logger.error("Validation not implemented, unknown config")
+        elif response.status_code == 405:
+            if config == ConfigType.DEBUG_CONFIG:
+                # It is OK: server do not support debug mode
+                status = "OK"
+            else:
+                status = "FAIL"
         else:
             status = "FAIL"
 
@@ -1320,14 +1385,17 @@ async def __loop_run_executor(self, executor, config: ConfigType) -> None:
                 response.status_code == 200
                 and self.__previous_debug_config != response.text.strip()
             ):
-                self.__handle_received_config(response, ConfigType.DEBUG_CONFIG)
+                ret = self.__handle_received_config(response, ConfigType.DEBUG_CONFIG)
                 self.__mesh_conf_request_processed = False
+                if ret == "OK":
+                    self.__status[status_type] = "OK"
             elif (
                 response.status_code == 200
                 and self.__previous_debug_config == response.text.strip()
             ):
                 self.__debug_config_interval = Constants.OK_POLLING_TIME_SECONDS.value
                 self.__mesh_conf_request_processed = False
+                self.__status[status_type] = "OK"
             elif response.text.strip() == "" or response.status_code != 200:
                 self.__debug_config_interval = Constants.FAIL_POLLING_TIME_SECONDS.value
                 if response.status_code == 405:
@@ -1338,20 +1406,23 @@ async def __loop_run_executor(self, executor, config: ConfigType) -> None:
                         Constants.OK_POLLING_TIME_SECONDS.value
                     )
                     self.__mesh_conf_request_processed = False
+                    self.__status[status_type] = "OK"
         else:
             if response.status_code == 200:
                 ret = self.__handle_received_config(response, config)
                 self.logger.debug("config: %s, ret: %s", config, ret)
                 if ret == "OK":
                     self.__status[status_type] = "OK"
-                if config.value == ConfigType.MESH_CONFIG.value and ret == "OK":
-                    self.__mesh_conf_request_processed = True
             elif response.status_code != 200:
                 self.__status[status_type] = "FAIL"
 
             # if all statuses are OK, then we can start the OK polling
             if all(value == "OK" for value in self.__status.values()):
                 self.__interval = Constants.OK_POLLING_TIME_SECONDS.value
+                self.__mesh_conf_request_processed = True
+                self.logger.debug(
+                    "All statuses are OK."
+                )
             else:
                 self.__interval = Constants.FAIL_POLLING_TIME_SECONDS.value
 

modules/sc-mesh-secure-deployment/src/nats/src/constants.py

@@ -14,6 +14,7 @@ class ConfigType(str, Enum):
     LOWER_CERTIFICATE: str = "lower_certificates"
     FEATURES: str = "features"
     DEBUG_CONFIG: str = "debug_conf"
+    UTM_CONFIG: str = "utm_conf"
 
 
 class StatusType(str, Enum):
@@ -26,6 +27,8 @@ class StatusType(str, Enum):
     DOWNLOAD_FEATURES: str = "download_features"
     DOWNLOAD_CERTIFICATES: str = "download_certificates"
     UPLOAD_CERTIFICATES: str = "upload_certificates"
+    DOWNLOAD_DEBUG_CONFIG: str = "download_debug_config"
+    DOWNLOAD_UTM_CONFIG: str = "download_utm_config"
 
 # pylint: disable=too-few-public-methods, too-many-instance-attributes, disable=invalid-name
 class Constants(Enum):

modules/utils/docker/entrypoint_mdm_agent_utm.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+source /opt/mesh-helper.sh
+
+#######################################
+# BC needs to be on place before this #
+#######################################
+
+# TODO: Identity from BC or HSM?
+if [ ! -f "/opt/identity" ]; then
+    echo "generates identity id"
+    generate_identity_id
+fi
+
+#######################################
+# Enable MDM stuff                    #
+#######################################
+echo "starting mdm agent"
+/opt/S90mdm_agent start