Comprehensive overhaul of Harvester and Server enhancements

cmd/server/util/client.go

@@ -187,7 +187,8 @@ func (c *serverClient) GetRelationshipByID(ctx context.Context, relID uuid.UUID)
 }
 
 func (c *serverClient) GetJoinToken(ctx context.Context, trustDomainName api.TrustDomainName) (*entity.JoinToken, error) {
-	res, err := c.client.GetJoinToken(ctx, trustDomainName)
+	// TODO: this will be refactored in a follow-up PR
+	res, err := c.client.GetJoinToken(ctx, trustDomainName, nil)
 	if err != nil {
 		return nil, fmt.Errorf(errFailedRequest, err)
 	}

go.mod

@@ -21,7 +21,6 @@ require (
 	github.com/spiffe/go-spiffe/v2 v2.1.4
 	github.com/spiffe/spire-api-sdk v1.6.4
 	github.com/stretchr/testify v1.8.3
-	golang.org/x/crypto v0.9.0
 	google.golang.org/grpc v1.55.0
 )
 
@@ -86,6 +85,7 @@ require (
 	github.com/zclconf/go-cty v1.12.1 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
+	golang.org/x/crypto v0.9.0 // indirect
 	golang.org/x/mod v0.9.0 // indirect
 	golang.org/x/net v0.10.0 // indirect
 	golang.org/x/sys v0.8.0 // indirect

pkg/common/api/helper.go

@@ -9,17 +9,6 @@ import (
 )
 
 func (td TrustDomain) ToEntity() (*entity.TrustDomain, error) {
-
-	var harvesterSpiffeID spiffeid.ID
-	if td.HarvesterSpiffeId != nil {
-		hSID, err := spiffeid.FromString(*td.HarvesterSpiffeId)
-		if err != nil {
-			return nil, fmt.Errorf("malformed SPIFFE ID[%v]: %w", *td.HarvesterSpiffeId, err)
-		}
-
-		harvesterSpiffeID = hSID
-	}
-
 	tdName, err := spiffeid.TrustDomainFromString(td.Name)
 	if err != nil {
 		return nil, fmt.Errorf("malformed trust domain[%v]: %w", td.Name, err)
@@ -30,39 +19,27 @@ func (td TrustDomain) ToEntity() (*entity.TrustDomain, error) {
 		description = *td.Description
 	}
 
-	onboardingBundle := []byte{}
-	if td.OnboardingBundle != nil {
-		onboardingBundle = []byte(*td.OnboardingBundle)
-	}
-
-	uuid := uuid.NullUUID{
+	id := uuid.NullUUID{
 		UUID:  td.Id,
 		Valid: true,
 	}
 
 	return &entity.TrustDomain{
-		ID:                uuid,
-		Name:              tdName,
-		CreatedAt:         td.CreatedAt,
-		UpdatedAt:         td.UpdatedAt,
-		Description:       description,
-		OnboardingBundle:  onboardingBundle,
-		HarvesterSpiffeID: harvesterSpiffeID,
+		ID:          id,
+		Name:        tdName,
+		Description: description,
+		CreatedAt:   td.CreatedAt,
+		UpdatedAt:   td.UpdatedAt,
 	}, nil
 }
 
 func TrustDomainFromEntity(entity *entity.TrustDomain) *TrustDomain {
-	onboardingBundle := string(entity.OnboardingBundle)
-	harvesterSpiffeID := entity.HarvesterSpiffeID.String()
-
 	return &TrustDomain{
-		Id:                entity.ID.UUID,
-		Name:              entity.Name.String(),
-		Description:       &entity.Description,
-		UpdatedAt:         entity.UpdatedAt,
-		CreatedAt:         entity.CreatedAt,
-		OnboardingBundle:  &onboardingBundle,
-		HarvesterSpiffeId: &harvesterSpiffeID,
+		Id:          entity.ID.UUID,
+		Name:        entity.Name.String(),
+		Description: &entity.Description,
+		UpdatedAt:   entity.UpdatedAt,
+		CreatedAt:   entity.CreatedAt,
 	}
 }
 
@@ -90,6 +67,8 @@ func (r Relationship) ToEntity() (*entity.Relationship, error) {
 		TrustDomainBName:    tdBName,
 		TrustDomainAConsent: entity.ConsentStatus(r.TrustDomainAConsent),
 		TrustDomainBConsent: entity.ConsentStatus(r.TrustDomainBConsent),
+		CreatedAt:           r.CreatedAt,
+		UpdatedAt:           r.UpdatedAt,
 	}, nil
 }
 

pkg/common/api/helper_test.go

@@ -34,18 +34,14 @@ func TestTrustDomainToEntity(t *testing.T) {
 
 	t.Run("Full fill correctly the entity model", func(t *testing.T) {
 		description := "A description"
-		harvesterSpiffeID := "spiffe://trust.domain/workload-teste"
-		onboardingBundle := "think that I am a bundle"
 		trustDomainName := "trust.com"
 
 		td := TrustDomain{
-			Id:                uuid.New(),
-			CreatedAt:         time.Now(),
-			UpdatedAt:         time.Now(),
-			Description:       &description,
-			Name:              trustDomainName,
-			OnboardingBundle:  &onboardingBundle,
-			HarvesterSpiffeId: &harvesterSpiffeID,
+			Id:          uuid.New(),
+			CreatedAt:   time.Now(),
+			UpdatedAt:   time.Now(),
+			Description: &description,
+			Name:        trustDomainName,
 		}
 
 		etd, err := td.ToEntity()
@@ -57,28 +53,20 @@ func TestTrustDomainToEntity(t *testing.T) {
 		assert.Equal(t, td.CreatedAt, etd.CreatedAt)
 		assert.Equal(t, td.UpdatedAt, etd.UpdatedAt)
 		assert.Equal(t, *td.Description, etd.Description)
-		assert.Equal(t, []byte(*td.OnboardingBundle), etd.OnboardingBundle)
-		assert.Equal(t, *td.HarvesterSpiffeId, etd.HarvesterSpiffeID.String())
 	})
 }
 
 func TestTrustDomainFromEntity(t *testing.T) {
 	uuid := uuid.NullUUID{UUID: uuid.New(), Valid: true}
 	description := "a really cool description"
-	onboardingBundle := []byte("think that I am a bundle")
 	trustDomain := spiffeid.RequireTrustDomainFromString("trust.com")
 
-	harversterSpiffeId, err := spiffeid.FromString("spiffe://trust.domain/workload-teste")
-	assert.NoError(t, err)
-
 	etd := entity.TrustDomain{
-		ID:                uuid,
-		CreatedAt:         time.Now(),
-		UpdatedAt:         time.Now(),
-		Name:              trustDomain,
-		Description:       description,
-		OnboardingBundle:  onboardingBundle,
-		HarvesterSpiffeID: harversterSpiffeId,
+		ID:          uuid,
+		CreatedAt:   time.Now(),
+		UpdatedAt:   time.Now(),
+		Name:        trustDomain,
+		Description: description,
 	}
 
 	td := TrustDomainFromEntity(&etd)
@@ -89,15 +77,13 @@ func TestTrustDomainFromEntity(t *testing.T) {
 	assert.Equal(t, etd.CreatedAt, td.CreatedAt)
 	assert.Equal(t, etd.UpdatedAt, td.UpdatedAt)
 	assert.Equal(t, etd.Description, *td.Description)
-	assert.Equal(t, etd.OnboardingBundle, []byte(*td.OnboardingBundle))
-	assert.Equal(t, etd.HarvesterSpiffeID.String(), *td.HarvesterSpiffeId)
 }
 
 func TestRelationshipToEntity(t *testing.T) {
 	// Arrange
 	id := uuid.New()
-	trustDomainAName := "example.org"
-	trustDomainBName := "example.com"
+	trustDomainAName := "td1"
+	trustDomainBName := "td2"
 	trustDomainAId := uuid.New()
 	trustDomainBId := uuid.New()
 
@@ -107,7 +93,7 @@ func TestRelationshipToEntity(t *testing.T) {
 		TrustDomainBName:    &trustDomainBName,
 		TrustDomainAId:      trustDomainAId,
 		TrustDomainBId:      trustDomainBId,
-		TrustDomainAConsent: Accepted,
+		TrustDomainAConsent: Approved,
 		TrustDomainBConsent: Denied,
 	}
 
@@ -121,7 +107,7 @@ func TestRelationshipToEntity(t *testing.T) {
 	require.Equal(t, trustDomainBId, ent.TrustDomainBID)
 	require.Equal(t, trustDomainAName, ent.TrustDomainAName.String())
 	require.Equal(t, trustDomainBName, ent.TrustDomainBName.String())
-	require.Equal(t, entity.ConsentStatusAccepted, ent.TrustDomainAConsent)
+	require.Equal(t, entity.ConsentStatusApproved, ent.TrustDomainAConsent)
 	require.Equal(t, entity.ConsentStatusDenied, ent.TrustDomainBConsent)
 
 	// Test invalid trust domain A name
@@ -148,7 +134,7 @@ func TestRelationshipFromEntity(t *testing.T) {
 		TrustDomainAID:      uuid.New(),
 		TrustDomainBID:      uuid.New(),
 		TrustDomainAConsent: entity.ConsentStatusPending,
-		TrustDomainBConsent: entity.ConsentStatusAccepted,
+		TrustDomainBConsent: entity.ConsentStatusApproved,
 	}
 
 	r := RelationshipFromEntity(&eRelationship)
@@ -169,15 +155,15 @@ func TestMapRelationships(t *testing.T) {
 			ID:                  uuid.NullUUID{UUID: uuid.New(), Valid: true},
 			TrustDomainAID:      uuid.New(),
 			TrustDomainBID:      uuid.New(),
-			TrustDomainAConsent: "accepted",
-			TrustDomainBConsent: "accepted",
+			TrustDomainAConsent: "approved",
+			TrustDomainBConsent: "approved",
 		},
 		{
 			ID:                  uuid.NullUUID{UUID: uuid.New(), Valid: true},
 			TrustDomainAID:      uuid.New(),
 			TrustDomainBID:      uuid.New(),
 			TrustDomainAConsent: "denied",
-			TrustDomainBConsent: "accepted",
+			TrustDomainBConsent: "approved",
 		},
 	}
 

pkg/common/api/schemas.yaml

@@ -104,7 +104,7 @@ components:
     ConsentStatus:
       type: string
       enum:
-        - accepted
+        - approved
         - denied
         - pending
     JoinToken:

pkg/common/cryptoutil/certs.go

@@ -87,6 +87,21 @@ func ParseCertificate(pemBytes []byte) (*x509.Certificate, error) {
 	return cert, nil
 }
 
+// ParseCertificates parses a list of x509.Certificates from the given PEM bytes.
+func ParseCertificates(pemBytes []byte) ([]*x509.Certificate, error) {
+	var certs []*x509.Certificate
+	block, rest := pem.Decode(pemBytes)
+	for block != nil {
+		cert, err := x509.ParseCertificate(block.Bytes)
+		if err != nil {
+			return nil, fmt.Errorf("failed parsing certificate: %w", err)
+		}
+		certs = append(certs, cert)
+		block, rest = pem.Decode(rest)
+	}
+	return certs, nil
+}
+
 // EncodeCertificate encodes the given x509.Certificate into PEM format.
 func EncodeCertificate(cert *x509.Certificate) []byte {
 	return pem.EncodeToMemory(&pem.Block{Type: certType, Bytes: cert.Raw})

pkg/common/cryptoutil/certs_test.go

@@ -42,6 +42,13 @@ func TestParseCertificate(t *testing.T) {
 	require.NotNil(t, cert)
 }
 
+func TestParseCertificates(t *testing.T) {
+	chain, err := ParseCertificates(readFile(t, certChainPath))
+	require.NoError(t, err)
+	require.NotNil(t, chain)
+	require.Len(t, chain, 2)
+}
+
 func TestEncodeCertificates(t *testing.T) {
 	cert, err := LoadCertificate(certPath)
 	require.NoError(t, err)

pkg/common/entity/entities.go

@@ -10,19 +10,17 @@ import (
 type ConsentStatus string
 
 const (
-	ConsentStatusAccepted ConsentStatus = "accepted"
+	ConsentStatusApproved ConsentStatus = "approved"
 	ConsentStatusDenied   ConsentStatus = "denied"
 	ConsentStatusPending  ConsentStatus = "pending"
 )
 
 type TrustDomain struct {
-	ID                uuid.NullUUID
-	Name              spiffeid.TrustDomain
-	Description       string
-	HarvesterSpiffeID spiffeid.ID
-	OnboardingBundle  []byte
-	CreatedAt         time.Time
-	UpdatedAt         time.Time
+	ID          uuid.NullUUID
+	Name        spiffeid.TrustDomain
+	Description string
+	CreatedAt   time.Time
+	UpdatedAt   time.Time
 }
 
 type Relationship struct {

pkg/common/entity/helper_test.go

@@ -13,20 +13,20 @@ func TestFilterRelationships(t *testing.T) {
 			ID:                  uuid.NullUUID{UUID: uuid.New(), Valid: true},
 			TrustDomainAID:      uuid.New(),
 			TrustDomainBID:      uuid.New(),
-			TrustDomainAConsent: "accepted",
+			TrustDomainAConsent: "approved",
 			TrustDomainBConsent: "denied",
 		},
 		{
 			ID:                  uuid.NullUUID{UUID: uuid.New(), Valid: true},
 			TrustDomainAID:      uuid.New(),
 			TrustDomainBID:      uuid.New(),
 			TrustDomainAConsent: "denied",
-			TrustDomainBConsent: "accepted",
+			TrustDomainBConsent: "approved",
 		},
 	}
 
 	trustDomain := relationships[0].TrustDomainAID
-	status := ConsentStatus("accepted")
+	status := ConsentStatus("approved")
 
 	// Call FilterRelationships
 	filtered := FilterRelationships(relationships, status, &trustDomain)