GW_MC/YANPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: GW_MC:b823fe628185f5691570f9b371a74df772bc50e7
Branches Tags
GW_MC:master GW_MC:feature/upstream-service GW_MC:feature/agent-client GW_MC:feature/agent GW_MC:feature/frontend-login GW_MC:documentation
...
compare: GW_MC:feature/agent-client
Branches Tags
GW_MC:master GW_MC:feature/upstream-service GW_MC:feature/agent-client GW_MC:feature/agent GW_MC:feature/frontend-login GW_MC:documentation

21 Commits
b823fe6281 ... feature/ag

Author SHA1 Message Date
GW_MC
6f5596dc69 Enforce deny unwrap_used
All checks were successful
Test / test-frontend (pull_request) Successful in 26s
Details
Test / lint-frontend (pull_request) Successful in 28s
Details
Test / frontend-build (pull_request) Successful in 32s
Details
Verify / verify-generated-database-code (pull_request) Successful in 1m7s
Details
Verify / verify-generated-agent-code (pull_request) Successful in 1m10s
Details
Verify / verify-openapi-spec (pull_request) Successful in 1m9s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 7s
Details
Test / test-crates (pull_request) Successful in 54s
Details
Test / lint-crates (pull_request) Successful in 1m10s
Details
2025-12-28 19:07:17 +08:00
GW_MC
96e7f36731 feat: integrate AgentService into app service and enhance configuration handling
All checks were successful
Test / test-frontend (pull_request) Successful in 25s
Details
Test / lint-frontend (pull_request) Successful in 28s
Details
Test / frontend-build (pull_request) Successful in 32s
Details
Verify / verify-generated-database-code (pull_request) Successful in 1m7s
Details
Verify / verify-generated-agent-code (pull_request) Successful in 1m11s
Details
Verify / verify-openapi-spec (pull_request) Successful in 1m13s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 8s
Details
Test / test-crates (pull_request) Successful in 55s
Details
Test / lint-crates (pull_request) Successful in 1m9s
Details
2025-12-28 18:35:53 +08:00
GW_MC
410328a2af refactor app service 2025-12-28 18:28:28 +08:00
GW_MC
9f122566d0 feat: add agent settings configuration and update agent client service 2025-12-28 18:08:55 +08:00
GW_MC
c65dc3af47 feat: Basic agent-client service
Some checks failed
Test / test-frontend (pull_request) Successful in 27s
Details
Test / frontend-build (pull_request) Successful in 33s
Details
Verify / verify-openapi-spec (pull_request) Successful in 7s
Details
Verify / verify-generated-agent-code (pull_request) Successful in 1m7s
Details
Verify / verify-generated-database-code (pull_request) Successful in 2m14s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 6s
Details
Test / lint-crates (pull_request) Failing after 1m28s
Details
Test / test-crates (pull_request) Successful in 2m40s
Details
Test / lint-frontend (pull_request) Successful in 29s
Details
2025-12-28 17:53:27 +08:00
GW_MC
6f395ed1ae rename workflows jobs 2025-12-28 16:42:12 +08:00
GW_MC
e6e85564e7 fix: incorrect pnpm cache
All checks were successful
Test / test-frontend (pull_request) Successful in 1m17s
Details
Test / lint-frontend (pull_request) Successful in 1m19s
Details
Test / frontend-build (pull_request) Successful in 1m55s
Details
Verify / verify-openapi-spec (pull_request) Successful in 31s
Details
Verify / verify-generated-agent-code (pull_request) Successful in 2m54s
Details
Verify / verify-generated-code (pull_request) Successful in 3m57s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 8s
Details
Test / lint (pull_request) Successful in 1m25s
Details
Test / test (pull_request) Successful in 3m26s
Details
2025-12-28 16:29:31 +08:00
GW_MC
c7a090f78a fix: frontend deps not installed 2025-12-28 16:23:10 +08:00
GW_MC
8cc2775fe4 feat: auto format generated code, and ignore clippy lint in agent-client 2025-12-28 16:22:41 +08:00
GW_MC
0b64538754 added verify for untracked generated files 2025-12-28 15:56:04 +08:00
GW_MC
8009ca20ff feat: added verify generated agent code in action workflows 2025-12-28 15:55:30 +08:00
GW_MC
7a5b9471e0 feat: added agent rust client generation 2025-12-28 15:16:47 +08:00
GW_MC
bb55e37b49 feat: added openapi generation for agent 2025-12-28 15:15:42 +08:00
GW_MC
9a264a61ac Merge pull request 'feature/agent' (#11) from feature/agent into master
All checks were successful
Test / test-frontend (push) Successful in 20s
Details
Test / lint-frontend (push) Successful in 24s
Details
Verify / verify-openapi-spec (push) Successful in 4s
Details
Test / frontend-build (push) Successful in 29s
Details
Verify / verify-frontend-api-client (push) Successful in 5s
Details
Test / test (push) Successful in 53s
Details
Verify / verify-generated-code (push) Successful in 1m6s
Details
Test / lint (push) Successful in 1m10s
Details 
Reviewed-on: #11
 2025-12-22 18:29:26 +08:00
GW_MC
0eafd6a264 feat: upgrade actions/cache to v4 and clean up imports in main.rs
All checks were successful
Test / test-frontend (pull_request) Successful in 23s
Details
Test / lint-frontend (pull_request) Successful in 26s
Details
Verify / verify-openapi-spec (pull_request) Successful in 4s
Details
Test / frontend-build (pull_request) Successful in 29s
Details
Test / test (pull_request) Successful in 55s
Details
Verify / verify-generated-code (pull_request) Successful in 1m10s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 7s
Details
Test / lint (pull_request) Successful in 1m10s
Details
2025-12-22 18:26:19 +08:00
GW_MC
c14af00c08 feat: update dependencies and refactor command line argument handling for yanpm-agent
Some checks failed
Test / test-frontend (pull_request) Successful in 23s
Details
Test / lint-frontend (pull_request) Successful in 27s
Details
Verify / verify-openapi-spec (pull_request) Successful in 4s
Details
Test / frontend-build (pull_request) Successful in 30s
Details
Verify / verify-frontend-api-client (pull_request) Has been cancelled
Details
Verify / verify-generated-code (pull_request) Has been cancelled
Details
Test / test (pull_request) Has been cancelled
Details
Test / lint (pull_request) Has been cancelled
Details
2025-12-22 18:16:26 +08:00
GW_MC
dce8203322 feat: add comprehensive documentation for yanpm-agent, including API reference, configuration, deployment, usage examples, and troubleshooting 2025-12-22 17:56:18 +08:00
GW_MC
5cffb0a519 feat: add nginx reload and validation wrappers with sudo permissions 2025-12-22 17:18:36 +08:00
GW_MC
6e85bda13f Refactor container definitions 2025-12-22 14:32:57 +08:00
GW_MC
7db23b01df Add testcontainer for agent image with nginx 2025-12-22 12:54:14 +08:00
GW_MC
61ecd91219 feat: add nix dependency and enhance socket permissions handling 2025-12-21 19:32:48 +08:00
84 changed files with 6192 additions and 1690 deletions
Expand all files Collapse all files

6
.github/actions/setup-rust/action.yml vendored
View File

@@ -22,7 +22,7 @@ runs:
fetch-depth: 0
- name: Cache cargo registry
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
@@ -30,7 +30,7 @@ runs:
${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo index
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.cargo/index
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
@@ -51,7 +51,7 @@ runs:
${{ runner.os }}-rustup-
- name: Cache cargo build (target)
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: target
key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }}

17
.github/workflows/test.yml vendored
View File

@@ -12,11 +12,8 @@ on:
jobs:
# setup is now handled by a composite action used by downstream jobs to keep
# the workflow DRY. The composite action performs checkout, cache restore and
# toolchain setup.
test:
test-crates:
needs: frontend-build
runs-on: ubuntu-latest
steps:
@@ -39,7 +36,7 @@ jobs:
- name: Run tests
run: cargo test --all-features
lint:
lint-crates:
needs: frontend-build
runs-on: ubuntu-latest
steps:
@@ -83,13 +80,13 @@ jobs:
with:
node-version: 22
cache: 'pnpm'
cache-dependency-path: apps/frontend/pnpm-lock.yaml
cache-dependency-path: pnpm-lock.yaml
- name: Install frontend dependencies
run: |
cd apps/frontend
pnpm install
- name: Run frontend linter
run: |
cd apps/frontend
@@ -114,7 +111,7 @@ jobs:
with:
node-version: 22
cache: 'pnpm'
cache-dependency-path: apps/frontend/pnpm-lock.yaml
cache-dependency-path: pnpm-lock.yaml
- name: Install frontend dependencies
run: |
@@ -142,12 +139,12 @@ jobs:
with:
node-version: 22
cache: 'pnpm'
cache-dependency-path: apps/frontend/pnpm-lock.yaml
cache-dependency-path: pnpm-lock.yaml
- name: Install frontend dependencies
run: |
cd apps/frontend
pnpm install
pnpm install --frozen-lockfile
- name: Build frontend
run: |

79
.github/workflows/verify.yml vendored
View File

@@ -11,18 +11,15 @@ on:
jobs:
# setup is now handled by a composite action used by downstream jobs to keep
# the workflow DRY. The composite action performs checkout, cache restore and
# toolchain setup.
verify-generated-code:
verify-generated-database-code:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Rust, checkout and restore caches
uses: ./.github/actions/setup-rust
@@ -32,14 +29,62 @@ jobs:
cargo run -- db:migrate_and_generate --output-path ../../public/database/src/generated/entities
- name: Check for uncommitted changes in /generated/
run: |
if [[ -n $(git status --porcelain | grep '^ M .*\/generated\/') ]]; then
if [[ -n $(git status --porcelain --untracked-files=all | grep '/generated/') ]]; then
echo "Generated code is not up to date. Please run the code generation locally and commit the changes."
git status --porcelain | grep '^ M .*\/generated\/'
git status --porcelain --untracked-files=all | grep '/generated/'
exit 1
else
echo "Generated code is up to date."
fi
verify-generated-agent-code:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '21'
- name: Setup Rust, checkout and restore caches
uses: ./.github/actions/setup-rust
- name: Setup PNPM
uses: pnpm/action-setup@v4
with:
version: 10
run_install: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 22
cache: 'pnpm'
cache-dependency-path: pnpm-lock.yaml
- name: Install root dependencies
run: |
pnpm install --frozen-lockfile
- name: generate agent client code
run: |
pnpm just generate-agent-client
- name: Check for uncommitted changes in agent client code
run: |
if [[ -n $(git status --porcelain --untracked-files=all | grep 'public/agent-client/') ]]; then
echo "Agent client code is not up to date. Please run the agent client code generation locally and commit the changes."
git status --porcelain --untracked-files=all | grep 'public/agent-client/'
exit 1
else
echo "Agent client code is up to date."
fi
verify-openapi-spec:
runs-on: ubuntu-latest
steps:
@@ -83,7 +128,7 @@ jobs:
- name: Setup Rust, checkout and restore caches
if: steps.check_changes.outputs.changed == 'true'
uses: ./.github/actions/setup-rust
- name: Generate dummy frontend build (to satisfy dependencies)
if: steps.check_changes.outputs.changed == 'true'
run: |
@@ -95,13 +140,13 @@ jobs:
run: |
cd apps/api
cargo run -- generate:openapi --output-path ./swagger.json
- name: Check for uncommitted changes in swagger.json
if: steps.check_changes.outputs.changed == 'true'
run: |
if [[ -n $(git status --porcelain | grep '^ M apps/api/swagger.json') ]]; then
if [[ -n $(git status --porcelain --untracked-files=all | grep 'apps/api/swagger.json') ]]; then
echo "OpenAPI spec is not up to date. Please run the OpenAPI generation locally and commit the changes."
git status --porcelain | grep '^ M apps/api/swagger.json'
git status --porcelain --untracked-files=all | grep 'apps/api/swagger.json'
exit 1
else
echo "OpenAPI spec is up to date."
@@ -165,14 +210,14 @@ jobs:
with:
node-version: 22
cache: 'pnpm'
cache-dependency-path: apps/frontend/pnpm-lock.yaml
cache-dependency-path: pnpm-lock.yaml
- name: Install frontend dependencies
if: steps.check_swagger_changes.outputs.changed == 'true'
run: |
cd apps/frontend
pnpm install
- name: Generate frontend API client
if: steps.check_swagger_changes.outputs.changed == 'true'
run: |
@@ -182,14 +227,14 @@ jobs:
- name: Check for uncommitted changes in frontend API client
if: steps.check_swagger_changes.outputs.changed == 'true'
run: |
if [[ -n $(git status --porcelain | grep '^ M apps/frontend/app/generated/api-client') ]]; then
if [[ -n $(git status --porcelain --untracked-files=all | grep 'apps/frontend/app/generated/api-client') ]]; then
echo "Frontend API client is not up to date. Please run the API client generation locally and commit the changes."
git status --porcelain | grep '^ M apps/frontend/app/generated/api-client'
git status --porcelain --untracked-files=all | grep 'apps/frontend/app/generated/api-client'
exit 1
else
echo "Frontend API client is up to date."
fi
- name: Skip frontend API client generation (no relevant changes)
if: steps.check_swagger_changes.outputs.changed == 'false'
run: echo "No changes in apps/api/swagger.json nor apps/frontend/app/generated/api-client, skipping frontend API client generation verification."

2
.gitignore vendored
View File

@@ -27,3 +27,5 @@ target
.env.generated
generated-config.yaml
node_modules/

855
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

1
Cargo.toml
View File

@@ -4,6 +4,7 @@ members = [
"apps/container",
"apps/cli",
"apps/agent",
"public/agent-client",
"public/shared",
"public/database",
"public/migration"

4
apps/agent/Cargo.toml
View File

@@ -11,4 +11,6 @@ tracing-subscriber = { version = "0.3.20", features = ["smallvec", "fmt", "ansi"
serde_json = { version = "1.0.145", features = ["std"] }
serde = { version = "1.0.228", features = ["std", "derive"] }
tokio-cron-scheduler = { version = "0.15.1", features = ["signal"] }
clap = { version = "4", features = ["derive"] }
clap = { version = "4", features = ["derive", "env"] }
nix = { version = "0.30.1", features = ["user", "fs"] }
utoipa = { version = "5.4.0", features = ["macros", "axum_extras", "chrono", "decimal", "uuid", "time", "openapi_extensions"] }

20
apps/agent/Dockerfile
View File

@@ -23,6 +23,9 @@ ENV S6_KEEP_ENV=1
ENV YANPM_AGENT_SOCK=/var/run/yanpm/yanpm-agent.sock
ENV YANPM_NGINX_CONFIG_DIR=/etc/nginx/conf.d
ENV YANPM_AGENT_SOCK_PERM=660
ENV YANPM_AGENT_SOCK_GID=""
ENV YANPM_AGENT_UID=1000
ENV YANPM_AGENT_GID=1000
WORKDIR /app
@@ -36,23 +39,18 @@ RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && rm /tmp/s6-overlay-noarch.ta
ADD https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp/s6-overlay.tar.xz
RUN tar -C / -Jxpf /tmp/s6-overlay.tar.xz && rm /tmp/s6-overlay.tar.xz
# Create non-root user for agent and set permissions
RUN addgroup -S app && adduser -S -G app app
# add user to nginx group to allow reading of nginx configs
RUN adduser app nginx
# create directory for yanpm agent socket
RUN mkdir -p /var/run/yanpm && chown -R app:app /var/run/yanpm
# Runtime user creation handled by s6 cont-init (see /etc/cont-init.d)
# create directory for yanpm agent socket; ownership will be fixed at container start
RUN mkdir -p /var/run/yanpm
# Copy s6 service definitions (created in repo under s6/) into image
COPY ./docker/s6/services.d /etc/services.d
RUN chmod +x /etc/services.d/*/run
COPY ./docker/s6/cont-init.d /etc/cont-init.d
RUN chmod +x /etc/services.d/*/run && chmod +x /etc/cont-init.d/*
COPY --from=builder /app/target/release/yanpm-agent ./yanpm-agent
RUN chown -R app:app /app/yanpm-agent \
&& chmod +x /app/yanpm-agent \
&& chown app:app /app
RUN chmod +x /app/yanpm-agent
# s6-overlay provides /init as the init process
ENTRYPOINT ["/init"]

19
apps/agent/doc/README.md Normal file
View File

@@ -0,0 +1,19 @@
# yanpm-agent Documentation
This directory contains in-depth documentation for the yanpm agent daemon (the binary built from `apps/agent`). The agent exposes a unix-socket HTTP API for writing nginx configuration fragments, validating them, and reloading nginx safely.
Docs included:
- `architecture.md` — Detailed explanation of the program flow and components.
- `configuration.md` — CLI flags, environment variables, defaults, and permission handling.
- `usage.md` — How to run the agent, curl examples, and systemd/docker hints.
- `api.md` — HTTP API endpoints, request and response schemas, examples.
- `deployment.md` — Deployment considerations, permissions, and systemd socket/unit examples.
- `troubleshooting.md` — Common errors and solutions.
For implementation details, see the source in `apps/agent/src` (notably `main.rs`, `routes.rs`, and the `commands/` submodule).
Integration notes
- The agent is intended to run as a companion agent for the API service in `apps/api`. The API service calls the agent over the unix-domain socket to write nginx fragments, validate them, and trigger reloads.
- A production Docker image is provided by `apps/agent/Dockerfile`. That Dockerfile packages nginx + the `yanpm-agent` binary and s6-overlay service scripts so a single container can run nginx and the agent alongside each other.

68
apps/agent/doc/api.md Normal file
View File

@@ -0,0 +1,68 @@
# HTTP API Reference
Base: HTTP over a unix-domain socket. Example using curl: `curl --unix-socket /path/to/socket -X POST http://localhost/<path>`
1) GET /status
- Response: 200 OK
- Body: JSON `{ "ok": true }`
2) POST /validate
- Request JSON:
```json
{
"config_name": "example",
"timestamp": 1234567890
}
```
- Behavior: validates the fragment file named by `config_name` and `timestamp` under the agent's internal subdirectory inside the configured nginx config directory. Delegates to `ValidateCommand::validate`.
- Success: 200 OK, body is `[rc, output]` tuple serialized as JSON (actual shape is `(i32, String)` returned from the command; examine responses for exact formatting).
- Error cases:
- 400 Bad Request: invalid or malformed JSON
- 500 Internal Server Error: validation error or missing fragment file
- Request JSON:
```json
{
"config_name": "example",
"timestamp": 1234567890
}
```
- Behavior: validates the fragment file named by `config_name` and `timestamp` under the agent's internal subdirectory inside the configured nginx config directory. Delegates to `ValidateCommand::validate`.
- Success: 200 OK, body is a JSON array `[rc, output]` where `rc` is the integer return code and `output` is the combined stdout/stderr string from the validation command (the command returns an `(i32, String)` tuple).
- Error cases:
- 400 Bad Request: invalid or malformed JSON
- 500 Internal Server Error: validation error or missing fragment file
3) POST /validate_and_reload
- Request JSON same as `/validate`.
- Behavior: runs validation and, on success, attempts to reload nginx. Returns an object with `rc` and `ro` (return code and combined stdout/stderr output).
- Success: 200 OK with body: `{ "rc": <int>, "ro": "<output>" }`
- Errors: 400 for malformed JSON, 500 if the validate-and-reload command fails (body presents error text).
4) POST /write_config
- Request JSON:
```json
{
"config_name": "example",
"timestamp": 1234567890,
"content": "server { ... }"
}
```
- Behavior: writes the provided `content` into an agent-managed fragment file named from `config_name` and `timestamp` in the internal subdirectory under `nginx_config_dir`.
- Success: 200 OK with empty body
- Error: 400 for malformed JSON, 500 if writing the file fails
Notes
- The agent expects callers to choose a `config_name` and `timestamp` that together form a unique filename. The concrete filename encoding is performed by `commands::run::to_file_name` in source.
- On validation failures the returned output often contains the full `nginx -t` output; inspect `ro` or the returned JSON error messages.

34
apps/agent/doc/architecture.md Normal file
View File

@@ -0,0 +1,34 @@
# Architecture and Runtime Flow
Overview
- The agent is an async HTTP server (axum) listening on a Unix domain socket and exposes a small JSON API to manage nginx configuration fragments.
- Core lifecycle is implemented in `apps/agent/src/main.rs`:
- parse CLI args and environment variables
- ensure the socket path and directory exist and have permissive but secure defaults
- bind a `tokio::net::UnixListener` to the socket
- create an `NginxService` (shared state) and an in-process cron `JobScheduler`
- mount axum routes (`/status`, `/validate`, `/validate_and_reload`, `/write_config`) and serve HTTP over the Unix socket
Key components
- `main.rs` — Bootstrapping, argument handling, socket setup and permission handling, scheduler start, and axum server startup.
- `routes.rs` — axum handlers for the HTTP API. It deserializes JSON payloads and delegates to `NginxService` methods. Handlers return appropriate HTTP status codes and JSON on error or success.
- `commands/` — Implementation of lower-level actions (writing fragment files, running `nginx -t`, validating, reloads). The `validate.rs` command contains sophisticated behavior to handle permission-limited environments by:
- creating wrapper nginx configs that include a single fragment
- trying `nginx -t` directly, attempting a privileged wrapper via `sudo` if available, and finally passing a writable PID override via `-g pid ...;` to avoid permission failures
Concurrency and state
- A single shared `NginxService` instance is stored in axum `State` and cloned into handlers; it holds the scheduler and the configured nginx config directory path.
- The JobScheduler is created with `tokio_cron_scheduler::JobScheduler` and started before serving requests.
Error handling and best-effort behavior
- Socket permission changes, GID changes, and directory creations are best-effort and log warnings on failure rather than failing hard.
- Most command failures are converted into JSON errors with appropriate HTTP status codes so callers can inspect command output.
Integration and packaging
- The agent is intended to run as a companion to the API server in `apps/api`. The API calls the agent over the unix socket to write fragments, validate them, and trigger reloads.
- `apps/agent/Dockerfile` builds a runtime image that includes `nginx` and the `yanpm-agent` binary (the Dockerfile uses s6-overlay to run multiple services). This image is suitable for deployments that prefer nginx and the agent colocated in a single container.

27
apps/agent/doc/configuration.md Normal file
View File

@@ -0,0 +1,27 @@
# Configuration and Environment
CLI flags and environment variables
- `--sock` / `YANPM_AGENT_SOCK` (default: `./yanpm-agent.sock`)
- Path to the Unix socket file the agent will bind to.
- If the socket directory does not exist the agent attempts to create it and set mode `0770`.
- `--nginx-config-dir` / `YANPM_NGINX_CONFIG_DIR` (default: `/etc/nginx/conf.d`)
- Directory where nginx fragments are written. The agent writes fragments into a subdirectory named by the agent (internal use).
- `--sock-perm` / `YANPM_AGENT_SOCK_PERM` (default: `660`)
- A 3-digit octal permission string applied to the socket file (best-effort). The program validates this is a 3-digit octal string.
- If the final digit is greater than `0` a warning is logged because that allows "others" access.
- `--sock-gid` / `YANPM_AGENT_SOCK_GID` (default: current user's primary group)
- GID to set on the socket file (best-effort).
Validation rules and behavior
- `sock_perm` must be exactly 3 octal digits (characters 0-7). The agent rejects invalid values at startup.
- When an existing path exists at the socket location the agent verifies it is a unix socket; if so it removes it before binding. If the path exists and is not a socket, startup fails.
- Setting permissions (`set_permissions`) and changing GID (`chown`) are attempted but non-fatal: failures are logged as warnings and the agent continues.
Notes about nginx config directory
- The agent writes fragments into a subdirectory (internal) of the configured `nginx_config_dir`. Ensure nginx is configured to include that subdirectory so fragments are picked up, or use `write_config` then trigger a reload.

62
apps/agent/doc/deployment.md Normal file
View File

@@ -0,0 +1,62 @@
# Deployment and Permissions
Socket location and permissions
- The agent binds a unix socket at the path given by `--sock` or `YANPM_AGENT_SOCK`. The agent will:
- create the parent directory (best-effort) and attempt to set its permissions to `0770`
- remove an existing socket file if it is a socket, or fail if the path exists and is not a socket
- apply the `sock_perm` (3-digit octal) to the socket file and optionally change its GID to `sock_gid`
Systemd socket/unit example
Create a `yanpm-agent.socket` unit that creates and owns the unix socket, and a `yanpm-agent.service` that runs the agent. Ensure the socket path used by systemd matches `--sock`.
Docker / container notes
- If running the agent inside a container and writing to host nginx config, bind-mount the host nginx config directory into the container at the path provided to `--nginx-config-dir`.
- Consider running the agent as a user with permission to write the nginx config directory or use a shared group and `sock_gid` so clients can access the socket.
- The repository provides a runtime image built by `apps/agent/Dockerfile` which packages `nginx` together with the `yanpm-agent` binary and s6-overlay service scripts. This image runs nginx and the agent in one container which is useful when the agent is acting as the runtime companion for the API (`apps/api`).
Privilege escalation for validation
- In many systems `nginx -t` may fail due to inability to access `/run/nginx.pid` or other privileged files. The agent attempts a best-effort sequence:
1. Run `nginx -t` directly.
2. If that fails with permission errors, try a privileged wrapper (e.g. `/usr/local/sbin/yanpm-nginx-validate` or `yanpm-nginx-validate-file`) via `sudo -n`.
3. If wrapper is unavailable or fails, retry `nginx -t` with a writable PID override via `-g 'pid /tmp/yanpm-validate-<pid>.pid;'`.
Security considerations
- Avoid setting `sock_perm` to allow world access unless explicitly intended.
- Prefer controlling socket group membership via `sock_gid` rather than making the socket world-writable.
s6 init scripts, wrappers and sudoers (runtime)
- Purpose: The image built by `apps/agent/Dockerfile` uses `s6-overlay` as PID 1 (the Dockerfile sets `ENTRYPOINT ["/init"]`). The repository includes `docker/s6/cont-init.d` scripts that run at container startup (one-shot) and `docker/s6/services.d` entries to run long-lived services (nginx and the agent). The cont-init scripts prepare runtime users, permissions, and helper wrappers the agent uses for privileged operations.
- Key cont-init scripts (in the repo):
- `docker/s6/cont-init.d/10-create-app-user` — ensures the `yanpm-agent` user and group exist (honoring `YANPM_AGENT_UID`, `YANPM_AGENT_GID`, and `YANPM_AGENT_SOCK_GID`), adds the user to the `nginx` group, and attempts to chown runtime directories like `/var/run/yanpm` and `/app/yanpm-agent` (logs warnings if chown fails for bind mounts or rootless containers).
- `docker/s6/cont-init.d/20-install-reload-wrapper` — installs three helper wrappers and a sudoers entry so the `yanpm-agent` user can perform narrowly-scoped privileged operations without a password.
- Wrapper scripts installed by `20-install-reload-wrapper`:
- `/usr/local/sbin/yanpm-nginx-reload` — runs `nginx -c /etc/nginx/nginx.conf -s reload` (used for reloading the running nginx master process).
- `/usr/local/sbin/yanpm-nginx-validate` — runs `nginx -c /etc/nginx/nginx.conf -t` (validates the main nginx config).
- `/usr/local/sbin/yanpm-nginx-validate-file` — securely validates a single nginx config file: it resolves the absolute path, ensures the target is a regular file (not a symlink), checks the file is owned by the `yanpm-agent` user, enforces it's not world-writable, then runs `nginx -c <file> -t`. This defends against symlink and race attacks when an unprivileged agent requests privileged validation.
- Sudoers entry:
- The init script writes `/etc/sudoers.d/yanpm-agent` with a rule allowing the configured agent user (default `yanpm-agent`) to run only the three wrappers with `NOPASSWD`. This gives the agent a limited, auditable privilege escalation surface; the agent code attempts to use these wrappers via `sudo -n` before falling back to less privileged strategies.
- Relevant environment variables (settable in the Dockerfile or at runtime):
- `YANPM_AGENT_SOCK` — unix socket path (default set in Dockerfile: `/var/run/yanpm/yanpm-agent.sock`).
- `YANPM_NGINX_CONFIG_DIR` — nginx config dir (default `/etc/nginx/conf.d`).
- `YANPM_AGENT_SOCK_PERM` — socket permissions (octal string, default `660`).
- `YANPM_AGENT_SOCK_GID` — desired GID for the socket (optional).
- `YANPM_AGENT_UID`, `YANPM_AGENT_GID` — runtime UID/GID used to create the `yanpm-agent` user in the container.
- How the agent uses these runtime helpers:
- `ValidateCommand` and `ReloadCommand` in the agent code try `nginx` operations directly; when permission problems occur they attempt the privileged wrappers via `sudo -n /usr/local/sbin/yanpm-nginx-validate` or `...-validate-file` and `...-reload`. The cont-init script's wrappers plus the sudoers entry implement that intended secure upgrade path.
- Notes and recommendations:
- The `validate-file` wrapper performs ownership and permission checks; ensure written fragments are created by the `yanpm-agent` user (the agent writes files as that user when running inside the container due to `10-create-app-user`).
- The cont-init scripts attempt to install `sudo` if missing; in minimal images you may prefer providing `sudo` at build time to avoid runtime installation attempts.
- If you bind-mount host directories (e.g., `/etc/nginx/conf.d`) into the container, ensure ownership and permissions are compatible with the agent user and `YANPM_AGENT_SOCK_GID` so the socket and files are accessible as intended.

27
apps/agent/doc/troubleshooting.md Normal file
View File

@@ -0,0 +1,27 @@
# Troubleshooting
Common issues and how to resolve them
- Socket path exists but is not a socket
- Symptom: startup fails with an error that the socket path exists and is not a socket.
- Fix: remove the file at the socket path or choose a different `--sock` path.
- Permission denied on socket directory or socket
- Symptom: socket creation or permission setting logs warnings; clients cannot connect.
- Fix: ensure the socket directory exists and has correct ownership/group and that `sock_perm` and `sock_gid` are configured appropriately. Consider using `chown`/`chmod` from a privileged context.
- `nginx -t` fails with `/run/nginx.pid: Permission denied`
- Symptom: validation fails; output contains permission denied for `/run/nginx.pid`.
- Fixes (tried by the agent):
1. If available, provide a privileged validation wrapper (e.g. `/usr/local/sbin/yanpm-nginx-validate`) that runs `nginx -t` with appropriate privileges.
2. Ensure the agent-runner has permission to read the main nginx configuration and `/run/nginx.pid` or allow the agent to use a writable PID override.
- Fragment file not found during validation
- Symptom: validate returns 500 with message `Config file not found`.
- Fix: make sure the fragment has been written via `/write_config` to the agent's internal subdirectory under `NGINX_CONFIG_DIR`, using the same `config_name` and `timestamp` as the validate call.
- Wrapper or sudo not available
- Symptom: attempts to run `sudo -n /usr/local/sbin/yanpm-nginx-validate` fail.
- Fix: install a wrapper script that allows unprivileged `sudo -n` validation or configure proper permissions on nginx state files.
If none of the above solves the problem, collect the logs produced by the agent (it uses `tracing`/`tracing_subscriber`) and include the exact command outputs from the validation steps when asking for help.

61
apps/agent/doc/usage.md Normal file
View File

@@ -0,0 +1,61 @@
# Usage and Examples
Running locally (development)
1. Build the agent (from repository root):
```sh
cargo build -p agent
```
2. Run the agent with defaults (socket in current directory):
```sh
./target/debug/yanpm-agent
```
3. Run with explicit socket and nginx config directory:
```sh
./target/debug/yanpm-agent --sock /run/yanpm/yanpm-agent.sock --nginx-config-dir /etc/nginx/conf.d
```
HTTP over unix-socket examples (using `socat` / `curl` helper)
If you want to call the API from the shell, you can use `socat` to convert the unix socket to an HTTP stream, or use tools that support unix sockets directly (e.g. `curl --unix-socket`). Examples below use `curl --unix-socket`.
Validate a fragment by name and timestamp:
```sh
curl --unix-socket ./yanpm-agent.sock -X POST http://localhost/validate \
-H 'Content-Type: application/json' \
-d '{"config_name":"example","timestamp":1234567890}'
```
Validate and reload (returns `rc` and `ro`):
```sh
curl --unix-socket ./yanpm-agent.sock -X POST http://localhost/validate_and_reload \
-H 'Content-Type: application/json' \
-d '{"config_name":"example","timestamp":1234567890}'
```
Write a fragment (create or update):
```sh
curl --unix-socket ./yanpm-agent.sock -X POST http://localhost/write_config \
-H 'Content-Type: application/json' \
-d '{"config_name":"example","timestamp":1234567890,"content":"server { listen 80; server_name example.local; }"}'
```
Status endpoint (health)
```sh
curl --unix-socket ./yanpm-agent.sock http://localhost/status
```
Notes
- Use the `config_name` and `timestamp` fields consistently: `timestamp` is typically a monotonic update ID from the caller ensuring unique file names.
- When running in containers, mount the host nginx config dir if you want the agent to write directly to host nginx configuration.
- The repository includes a runtime Docker image built by `apps/agent/Dockerfile` which bundles `nginx` and the `yanpm-agent` binary (via s6-overlay). Use that image when you want nginx and the agent colocated (the agent is intended as a runtime companion to `apps/api`).

58
apps/agent/docker/s6/cont-init.d/10-create-app-user Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/sh
set -eu
YANPM_AGENT_UID="${YANPM_AGENT_UID:-1000}"
YANPM_AGENT_GID="${YANPM_AGENT_GID:-1000}"
# If a specific socket GID is requested, prefer that for the app group
YANPM_AGENT_GID_EFFECTIVE="${YANPM_AGENT_SOCK_GID:-${YANPM_AGENT_GID}}"
YANPM_AGENT_USER="${YANPM_AGENT_USER:-yanpm-agent}"
YANPM_AGENT_GROUP="${YANPM_AGENT_GROUP:-yanpm-agent}"
# Ensure group exists with desired GID
if grep -qE "^${YANPM_AGENT_GROUP}:" /etc/group 2>/dev/null; then
existing_gid=$(awk -F: -v g="${YANPM_AGENT_GROUP}" '$1==g{print $3}' /etc/group)
if [ "${existing_gid}" != "${YANPM_AGENT_GID_EFFECTIVE}" ]; then
delgroup "${YANPM_AGENT_GROUP}" || true
addgroup -g "${YANPM_AGENT_GID_EFFECTIVE}" "${YANPM_AGENT_GROUP}"
fi
else
addgroup -g "${YANPM_AGENT_GID_EFFECTIVE}" "${YANPM_AGENT_GROUP}"
fi
# Ensure user exists with desired UID and primary group
if grep -qE "^${YANPM_AGENT_USER}:" /etc/passwd 2>/dev/null; then
existing_uid=$(awk -F: -v u="${YANPM_AGENT_USER}" '$1==u{print $3}' /etc/passwd)
if [ "${existing_uid}" != "${YANPM_AGENT_UID}" ]; then
deluser "${YANPM_AGENT_USER}" || true
adduser -D -u "${YANPM_AGENT_UID}" -G "${YANPM_AGENT_GROUP}" "${YANPM_AGENT_USER}"
fi
else
adduser -D -u "${YANPM_AGENT_UID}" -G "${YANPM_AGENT_GROUP}" "${YANPM_AGENT_USER}"
fi
# Add app user to nginx group to allow reading configs
addgroup "${YANPM_AGENT_USER}" nginx || true
# Ensure runtime directories exist and fix ownership
mkdir -p /var/run/yanpm /app
if chown -R "${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}" /var/run/yanpm 2>/dev/null; then
echo "chown: /var/run/yanpm -> ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}"
else
echo "Warning: failed to chown /var/run/yanpm to ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}. This is common for bind-mounted host volumes or rootless Docker." >&2
fi
if chown -R "${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}" /app/yanpm-agent 2>/dev/null; then
echo "chown: /app/yanpm-agent -> ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}"
else
echo "Warning: failed to chown /app/yanpm-agent to ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}. Binary will still be used if permissions allow." >&2
fi
if chown "${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}" /app 2>/dev/null; then
echo "chown: /app -> ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}"
else
echo "Warning: failed to chown /app to ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}." >&2
fi
echo "App user and group setup complete. UID:${YANPM_AGENT_UID} GID:${YANPM_AGENT_GID_EFFECTIVE}"
exit 0

170
apps/agent/docker/s6/cont-init.d/20-install-reload-wrapper Normal file
View File

@@ -0,0 +1,170 @@
#!/bin/sh
set -eu
# This init script installs a minimal nginx reload wrapper and a sudoers
# entry so the `yanpm-agent` user can perform a controlled reload via sudo.
WRAPPER_PATH="/usr/local/sbin/yanpm-nginx-reload"
SUDOERS_PATH="/etc/sudoers.d/yanpm-agent"
AGENT_USER="${YANPM_AGENT_USER:-yanpm-agent}"
# validate wrapper
VALIDATE_PATH="/usr/local/sbin/yanpm-nginx-validate"
# validate file wrapper
VALIDATE_FILE_PATH="/usr/local/sbin/yanpm-nginx-validate-file"
echo "[cont-init.d] install-reload-wrapper: setting up nginx reload helper"
# find nginx binary
NGINX_BIN="$(command -v nginx || true)"
if [ -z "${NGINX_BIN}" ]; then
echo "Warning: nginx binary not found in PATH; wrapper will still be created but may fail at runtime." >&2
NGINX_BIN="/usr/sbin/nginx"
fi
# Create wrapper
mkdir -p /usr/local/sbin /etc/sudoers.d
cat > "${WRAPPER_PATH}" <<- 'EOF'
#!/bin/sh
exec "@NGINX_BIN@" -c /etc/nginx/nginx.conf -s reload
EOF
# Replace placeholder with actual path
sed -i "s|@NGINX_BIN@|${NGINX_BIN}|g" "${WRAPPER_PATH}" || true
chmod 0750 "${WRAPPER_PATH}"
chown root:root "${WRAPPER_PATH}" || true
#
#
#
# Create validate wrapper
cat > "${VALIDATE_PATH}" <<- 'EOF'
#!/bin/sh
exec "@NGINX_BIN@" -c /etc/nginx/nginx.conf -t
EOF
# Replace placeholder with actual path in validate wrapper
sed -i "s|@NGINX_BIN@|${NGINX_BIN}|g" "${VALIDATE_PATH}" || true
chmod 0750 "${VALIDATE_PATH}"
chown root:root "${VALIDATE_PATH}" || true
#
#
#
# Create validate file wrapper (secure)
cat > "${VALIDATE_FILE_PATH}" <<-'EOF'
#!/bin/sh
set -eu
if [ $# -ne 1 ]; then
echo "Usage: $0 <nginx-config-file>" >&2
exit 2
fi
INPUT="$1"
# Resolve absolute path
if command -v readlink >/dev/null 2>&1; then
TARGET="$(readlink -f -- "$INPUT" 2>/dev/null || true)"
elif command -v realpath >/dev/null 2>&1; then
TARGET="$(realpath -- "$INPUT" 2>/dev/null || true)"
else
echo "Error: no path resolver (readlink/realpath) available" >&2
exit 3
fi
if [ -z "$TARGET" ]; then
echo "Error: cannot resolve path: $INPUT" >&2
exit 4
fi
# Must be a regular file and not a symlink
if [ ! -f "$TARGET" ] || [ -L "$TARGET" ]; then
echo "Error: ${TARGET} is not a regular file" >&2
exit 5
fi
# must be created by agent user
AGENT_UID="$(id -u yanpm-agent 2>/dev/null || true)"
if [ -z "$AGENT_UID" ]; then
echo "Error: yanpm-agent user not found" >&2
exit 6
fi
FILE_UID="$(stat -c %u -- "$TARGET" 2>/dev/null || true)"
if [ "$FILE_UID" != "$AGENT_UID" ]; then
echo "Error: ${TARGET} not owned by yanpm-agent user" >&2
exit 7
fi
# Ensure file is not world-writable; allow typical 664 (rw-rw-r--)
if command -v stat >/dev/null 2>&1; then
MODE="$(stat -c %a -- "$TARGET" 2>/dev/null || true)"
if [ -n "$MODE" ]; then
OTHERS=$(( MODE % 10 ))
if [ $(( OTHERS & 2 )) -ne 0 ]; then
echo "Error: ${TARGET} is world-writable" >&2
exit 8
fi
fi
elif command -v find >/dev/null 2>&1; then
if find "$TARGET" -maxdepth 0 -perm /002 -print -quit >/dev/null 2>&1; then
echo "Error: ${TARGET} is world-writable" >&2
exit 8
fi
fi
exec "@NGINX_BIN@" -c "$TARGET" -t
EOF
# Replace placeholder with actual path in validate file wrapper
sed -i "s|@NGINX_BIN@|${NGINX_BIN}|g" "${VALIDATE_FILE_PATH}" || true
chmod 0750 "${VALIDATE_FILE_PATH}"
chown root:root "${VALIDATE_FILE_PATH}" || true
echo "Created wrapper: ${WRAPPER_PATH} (owned by root, mode 750)"
#
#
#
# Ensure sudoers entry exists allowing the agent to run only this wrapper as root
if command -v sudo >/dev/null 2>&1; then
echo "sudo present; creating sudoers entry"
cat > "${SUDOERS_PATH}" <<- EOF
# Allow ${AGENT_USER} to run the nginx reload and validate wrappers without a password
${AGENT_USER} ALL=(root) NOPASSWD: ${WRAPPER_PATH}, ${VALIDATE_PATH}, ${VALIDATE_FILE_PATH}
EOF
chmod 0440 "${SUDOERS_PATH}" || true
echo "Wrote sudoers entry: ${SUDOERS_PATH}"
else
echo "sudo not found; attempting to install"
if command -v apk >/dev/null 2>&1; then
apk add --no-cache sudo || true
elif command -v apt-get >/dev/null 2>&1; then
apt-get update || true
apt-get install -y sudo || true
elif command -v yum >/dev/null 2>&1; then
yum install -y sudo || true
else
echo "No known package manager to install sudo; please ensure sudo is available in the image." >&2
fi
if command -v sudo >/dev/null 2>&1; then
cat > "${SUDOERS_PATH}" <<- EOF
# Allow ${AGENT_USER} to run the nginx reload and validate wrappers without a password
${AGENT_USER} ALL=(root) NOPASSWD: ${WRAPPER_PATH}, ${VALIDATE_PATH}, ${VALIDATE_FILE_PATH}
EOF
chmod 0440 "${SUDOERS_PATH}" || true
echo "Installed sudo and wrote sudoers entry: ${SUDOERS_PATH}"
else
echo "Failed to install sudo; the agent will not be able to reload nginx via sudo." >&2
fi
fi
exit 0

4
apps/agent/docker/s6/services.d/agent/run
View File

@@ -1,5 +1,5 @@
#!/bin/sh
# Run the agent as the unprivileged 'app' user
# Run the agent as the unprivileged 'yanpm-agent' user
cd /app
echo "Starting yanpm-agent..."
exec s6-setuidgid app ./yanpm-agent
exec s6-setuidgid yanpm-agent ./yanpm-agent

2
apps/agent/justfile Normal file
View File

@@ -0,0 +1,2 @@
build-docker:
docker build -t yanpm/agent:latest .

13
apps/agent/src/commands/reload.rs
View File

@@ -93,6 +93,17 @@ impl ReloadCommand {
}
// reload the running nginx master process (no -c) so it reloads its configured main config
run_cmd("nginx", &["-s", "reload"], 10).await
// Prefer the restricted sudo wrapper if available, fall back to direct nginx reload.
// TODO: allow configuring the path to the wrapper
match run_cmd("sudo", &["-n", "/usr/local/sbin/yanpm-nginx-reload"], 10).await {
Ok(res) => Ok(res),
Err(e) => {
error!(
"sudo reload wrapper failed, falling back to direct nginx reload: {}",
e
);
run_cmd("nginx", &["-s", "reload"], 10).await
}
}
}
}

133
apps/agent/src/commands/validate.rs
View File

@@ -1,3 +1,5 @@
use tracing::{info, warn};
use crate::commands::{run::run_cmd, write_config::INTERNAL_CONFIG_FOLDER_NAME};
use std::path::PathBuf;
@@ -17,7 +19,51 @@ impl ValidateCommand {
pub async fn validate_all(
&self,
) -> Result<(i32, String), Box<dyn std::error::Error + Send + Sync>> {
run_cmd("nginx", &["-t"], 10).await
// Try a normal config test first. If it fails due to pid permission
// errors (common when running unprivileged against /run/nginx.pid),
// retry with a writable pid override so validation can succeed.
match run_cmd("nginx", &["-t"], 10).await {
Ok(res) => Ok(res),
Err(e) => {
info!(
"nginx -t failed: {}. Trying with privileged wrapper or writable pid override.",
e
);
let es = e.to_string();
if es.contains("/run/nginx.pid") && es.contains("Permission denied") {
// Try privileged validate wrapper if available (allows the agent to run
// nginx -t via sudo without modifying the main config).
match run_cmd(
"sudo",
// TODO: allow configuring the path to the wrapper
&["-n", "/usr/local/sbin/yanpm-nginx-validate"],
10,
)
.await
{
Ok(res) => return Ok(res),
Err(e) => {
warn!(
"Privileged validate wrapper failed: {}. Falling back to writable pid override.",
e
);
// Fallback to the existing writable-pid override if sudo wrapper
// isn't available or fails.
let pid_path = format!(
"{}/yanpm-validate-{}.pid",
std::env::temp_dir().display(),
std::process::id()
);
let g_arg = format!("pid {};", pid_path);
let args_vec = ["-t".to_string(), "-g".to_string(), g_arg];
let args_ref: Vec<&str> = args_vec.iter().map(|s| s.as_str()).collect();
return run_cmd("nginx", args_ref.as_slice(), 10).await;
}
}
}
Err(e)
}
}
}
pub async fn validate(
@@ -37,11 +83,84 @@ impl ValidateCommand {
return Err(format!("Config file not found: {}", full_path.display()).into());
}
run_cmd(
"nginx",
&["-t", "-c", full_path.to_str().ok_or("invalid config path")?],
10,
)
.await
// Create a temporary wrapper nginx config that provides the required
// top-level sections (`events` and `http`) and includes the fragment.
let fragment_path = full_path.to_str().ok_or("invalid config path")?.to_string();
let mut tmp_path = std::env::temp_dir();
let tmp_name = format!("yanpm-validate-{}-{}.conf", timestamp, std::process::id());
tmp_path.push(tmp_name);
let wrapper = format!(
"worker_processes 1;\nevents {{ worker_connections 1024; }}\nhttp {{\n include {};\n}}\n",
fragment_path
);
// Write the temporary wrapper file
tokio::fs::write(&tmp_path, wrapper).await?;
let tmp_path_str = tmp_path
.to_str()
.ok_or("invalid temp config path")?
.to_string();
// Run the test against the wrapper, telling nginx to place its pid
// somewhere writable so the config test doesn't fail with permission
// errors when running as an unprivileged user.
let result = match run_cmd("nginx", &["-t", "-c", &tmp_path_str], 10).await {
Ok(res) => Ok(res),
Err(e) => {
info!(
"nginx -t failed: {}. Trying with privileged wrapper or writable pid override.",
e
);
let es = e.to_string();
if es.contains("/run/nginx.pid") && es.contains("Permission denied") {
// Try privileged validate wrapper if available (allows the agent to run
// nginx -t via sudo without modifying the main config).
match run_cmd(
"sudo",
// TODO: allow configuring the path to the wrapper
&[
"-n",
"/usr/local/sbin/yanpm-nginx-validate-file",
&tmp_path_str,
],
10,
)
.await
{
Ok(res) => return Ok(res),
Err(e) => {
warn!(
"Privileged validate wrapper failed: {}. Falling back to writable pid override.",
e
);
let pid_path = format!(
"{}/yanpm-validate-{}.pid",
std::env::temp_dir().display(),
std::process::id()
);
let g_arg = format!("pid {};", pid_path);
let args_vec = [
"-t".to_string(),
"-c".to_string(),
tmp_path_str.clone(),
"-g".to_string(),
g_arg,
];
let args_ref: Vec<&str> = args_vec.iter().map(|s| s.as_str()).collect();
return run_cmd("nginx", args_ref.as_slice(), 10).await;
}
}
}
Err(e)
}
};
let _ = tokio::fs::remove_file(&tmp_path).await;
result
}
}

4
apps/agent/src/commands/write_config.rs
View File

@@ -2,6 +2,7 @@ use std::os::unix::fs::PermissionsExt;
use std::path::PathBuf;
use std::time::{SystemTime, UNIX_EPOCH};
use tokio::io::AsyncWriteExt;
use tracing::info;
use crate::commands::run::to_file_name;
@@ -26,6 +27,7 @@ impl WriteConfigCommand {
let path = self.nginx_config_dir.clone();
// ensure main config dir exists
tokio::fs::create_dir_all(&path).await?;
info!("Writing config to {:?}", path.join(&filename));
// create YANPM subdir where fragment files live
let yanpm_dir = path.join(INTERNAL_CONFIG_FOLDER_NAME);
@@ -62,7 +64,7 @@ impl WriteConfigCommand {
// set explicit permissions (rw-r-----)
tokio::fs::set_permissions(&final_path, std::fs::Permissions::from_mode(0o640)).await?;
info!("Config written and permissions set for {:?}", final_path);
Ok(())
}
}

135
apps/agent/src/main.rs
View File

@@ -1,11 +1,12 @@
#![forbid(unsafe_code)]
mod commands;
mod openapi;
mod routes;
use axum::routing::get;
use axum::{Router, routing::post};
use clap::{Arg, Command};
use clap::Parser;
use std::os::unix::fs::PermissionsExt;
use std::path::PathBuf;
use std::sync::Arc;
@@ -13,17 +14,51 @@ use tokio::net::UnixListener;
use tracing::{error, info, warn};
use crate::commands::NginxService;
use crate::openapi::{GenerateOpenapiArgs, generate_openapi_doc};
use crate::routes::{status, validate, validate_and_reload, write_config};
const SOCK_ARG: &str = "sock";
const NGINX_CONFIG_DIR_ARG: &str = "nginx_config_dir";
const SOCK_PERM_ARG: &str = "sock_perm";
const SOCK_ENV: &str = "YANPM_AGENT_SOCK";
const SOCK_PERM_ENV: &str = "YANPM_AGENT_SOCK_PERM";
const NGINX_CONFIG_DIR_ENV: &str = "YANPM_NGINX_CONFIG_DIR";
const SOCK_GID_ENV: &str = "YANPM_AGENT_SOCK_GID";
const SOCK_DEFAULT: &str = "./yanpm-agent.sock";
const NGINX_CONFIG_DIR_DEFAULT: &str = "/etc/nginx/conf.d";
const SOCK_PERM_DEFAULT: &str = "660";
const SOCK_GID_DEFAULT: &str = "";
/// Command line arguments
#[derive(Parser, Debug)]
#[command(author, version, about, long_about = None)]
struct Args {
/// Unix socket path to bind the agent daemon to
#[arg(short = 's', long, default_value_t = String::from(SOCK_DEFAULT), env = SOCK_ENV)]
sock: String,
/// Directory where generated nginx config files will be written
#[arg(short = 'd', long, default_value_t = String::from(NGINX_CONFIG_DIR_DEFAULT), env = NGINX_CONFIG_DIR_ENV)]
nginx_config_dir: String,
/// Permissions to set on the unix socket (in octal), e.g. 660
#[arg(long, default_value_t = String::from(SOCK_PERM_DEFAULT), env = SOCK_PERM_ENV)]
sock_perm: String,
/// GID to set on the unix socket, default: current user's primary group
#[arg(long, default_value_t = String::from(SOCK_GID_DEFAULT), env = SOCK_GID_ENV)]
sock_gid: String,
#[command(subcommand)]
command: Option<SubCommand>,
}
#[derive(clap::Subcommand, Debug)]
pub enum SubCommand {
/// Generate OpenAPI spec to file or stdout
GenerateOpenapi {
/// Output file path.
#[arg(short = 'o', long)]
output: String,
},
}
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
@@ -37,34 +72,21 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
tracing::subscriber::set_global_default(subscriber)
.expect("Failed to set global default subscriber");
let args = Command::new("yanpm-agent")
.arg(
Arg::new("sock")
.short('s')
.long("sock")
.value_name("SOCK_PATH")
.help("Unix socket path to bind the agent daemon to")
.required(false),
)
.arg(
Arg::new("nginx_config_dir")
.short('d')
.long("nginx-config-dir")
.value_name("NGINX_CONFIG_DIR")
.help("Directory where generated nginx config files will be written")
.required(false),
)
.arg(
Arg::new("sock_perm")
.long("sock-perm")
.value_name("SOCK_PERM")
.help("Permissions to set on the unix socket (in octal), e.g. 660")
.required(false),
)
.about("YANPM Agent Daemon")
.get_matches();
let args = Args::parse();
let (sock, nginx_config_dir, sock_perm) = get_args(&args).await?;
if let Some(cmd) = &args.command {
match cmd {
SubCommand::GenerateOpenapi { output } => {
generate_openapi_doc(&GenerateOpenapiArgs {
output: output.clone(),
})
.await?;
return Ok(());
}
}
}
let (sock, nginx_config_dir, sock_perm, sock_gid) = get_args(&args).await?;
let path = PathBuf::from(&sock);
if let Some(dir) = path.parent() {
@@ -123,6 +145,27 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
);
}
// set socket gid to sock_gid (best-effort)
if !sock_gid.is_empty() {
use nix::unistd::{Gid, chown};
if let Err(err) = chown(
&path,
None,
Some(Gid::from_raw(
sock_gid
.parse()
.map_err(|e| format!("Failed to parse socket GID {}: {}", sock_gid, e))
.unwrap_or_else(|_| nix::unistd::getgid().as_raw()),
)),
) {
error!(
"Warning: failed to set GID on socket {}: {}",
path.display(),
err
);
}
}
let scheduler = Arc::new(tokio_cron_scheduler::JobScheduler::new().await?);
let app = Router::new()
@@ -144,25 +187,12 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
}
async fn get_args(
args: &clap::ArgMatches,
) -> Result<(String, String, u32), Box<dyn std::error::Error + Send + Sync>> {
let sock = args
.get_one::<String>(SOCK_ARG)
.cloned()
.unwrap_or_else(|| std::env::var(SOCK_ENV).unwrap_or_else(|_| SOCK_DEFAULT.to_string()));
let nginx_config_dir = args
.get_one::<String>(NGINX_CONFIG_DIR_ARG)
.cloned()
.unwrap_or_else(|| {
std::env::var(NGINX_CONFIG_DIR_ENV)
.unwrap_or_else(|_| NGINX_CONFIG_DIR_DEFAULT.to_string())
});
let sock_perm = args
.get_one::<String>(SOCK_PERM_ARG)
.cloned()
.unwrap_or_else(|| {
std::env::var(SOCK_PERM_ENV).unwrap_or_else(|_| SOCK_PERM_DEFAULT.to_string())
});
args: &Args,
) -> Result<(String, String, u32, String), Box<dyn std::error::Error + Send + Sync>> {
let sock = args.sock.clone();
let nginx_config_dir = args.nginx_config_dir.clone();
let sock_perm = args.sock_perm.clone();
let sock_gid = args.sock_gid.clone();
if sock_perm.len() != 3 || !sock_perm.chars().all(|c| ('0'..='7').contains(&c)) {
return Err(std::io::Error::new(
@@ -177,8 +207,8 @@ async fn get_args(
if sock_perm.chars().last().unwrap() > '0' {
warn!(
"Socket permission string {} allows others to access the socket. This may be a security risk.",
sock_perm
"Socket permission string {} allows others to access the socket. This may be a security risk. Consider setting {} to a desired group and using a socket permission string that does not allow others to access the socket.",
sock_perm, SOCK_GID_ENV
);
};
@@ -186,5 +216,6 @@ async fn get_args(
sock,
nginx_config_dir,
u32::from_str_radix(&sock_perm, 8).expect("Failed to parse socket permission string"),
sock_gid,
))
}

45
apps/agent/src/openapi.rs Normal file
View File

@@ -0,0 +1,45 @@
use tracing::info;
use utoipa::OpenApi;
pub mod tag {
/// nginx
pub const NGINX_TAG: &str = "Nginx Agent";
}
#[derive(utoipa::OpenApi)]
#[openapi(
paths(
crate::routes::status,
crate::routes::validate,
crate::routes::validate_and_reload,
crate::routes::write_config,
),
components(
schemas(crate::routes::StatusResp),
schemas(crate::routes::ValidateAndReloadResp),
schemas(crate::routes::ValidateBody),
schemas(crate::routes::WriteConfigBody),
schemas(crate::routes::ValidateAndReloadBody),
),
tags(
(name = tag::NGINX_TAG, description = "Nginx Agent API"),
)
)]
struct ApiDoc;
pub struct GenerateOpenapiArgs {
pub output: String,
}
pub async fn generate_openapi_doc(
args: &GenerateOpenapiArgs,
) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
info!("Generating OpenAPI documentation...");
let doc = ApiDoc::openapi();
let json = doc
.to_pretty_json()
.expect("Failed to serialize OpenAPI doc to JSON");
std::fs::write(&args.output, json).expect("Failed to write OpenAPI doc to file");
info!("OpenAPI documentation generated at {}", args.output);
Ok(())
}

51
apps/agent/src/routes.rs
View File

@@ -9,28 +9,46 @@ use tracing::warn;
use crate::commands::NginxService;
#[derive(Serialize)]
#[derive(Serialize, utoipa::ToSchema)]
pub struct StatusResp {
pub ok: bool,
}
/// Health check endpoint
#[utoipa::path(
get,
path = "/status",
responses(
(status = 200, description = "Status response", body = StatusResp)
),
tag = crate::openapi::tag::NGINX_TAG
)]
pub async fn status() -> impl IntoResponse {
let resp = StatusResp { ok: true };
(axum::http::StatusCode::OK, axum::Json(resp))
}
#[derive(Serialize)]
#[derive(Serialize, utoipa::ToSchema)]
pub struct ValidateAndReloadResp {
pub rc: i32,
pub ro: String,
}
#[derive(Deserialize)]
#[derive(Deserialize, utoipa::ToSchema)]
pub struct ValidateBody {
config_name: String,
timestamp: u64,
}
#[utoipa::path(
post,
path = "/validate",
request_body = ValidateBody,
responses(
(status = 200, description = "Validation response", body = serde_json::Value)
),
tag = crate::openapi::tag::NGINX_TAG
)]
pub async fn validate(
State(nginx_controller): State<Arc<NginxService>>,
Json(payload): Json<Value>,
@@ -43,7 +61,7 @@ pub async fn validate(
}
};
let (_code, _output) = match nginx_controller
let resp = match nginx_controller
.validate(&params.config_name, params.timestamp)
.await
{
@@ -54,15 +72,24 @@ pub async fn validate(
}
};
(axum::http::StatusCode::OK,).into_response()
(axum::http::StatusCode::OK, axum::Json(resp)).into_response()
}
#[derive(Deserialize)]
#[derive(Deserialize, utoipa::ToSchema)]
pub struct ValidateAndReloadBody {
config_name: String,
timestamp: u64,
}
#[utoipa::path(
post,
path = "/validate_and_reload",
request_body = ValidateAndReloadBody,
responses(
(status = 200, description = "Validate and reload response", body = ValidateAndReloadResp)
),
tag = crate::openapi::tag::NGINX_TAG
)]
pub async fn validate_and_reload(
State(nginx_controller): State<Arc<NginxService>>,
Json(payload): Json<Value>,
@@ -96,13 +123,23 @@ pub async fn validate_and_reload(
(axum::http::StatusCode::OK, axum::Json(resp)).into_response()
}
#[derive(Deserialize)]
#[derive(Deserialize, utoipa::ToSchema)]
pub struct WriteConfigBody {
config_name: String,
timestamp: u64,
content: String,
}
#[utoipa::path(
post,
path = "/write_config",
request_body = WriteConfigBody,
responses(
(status = 200, description = "Write config response"),
(status = 500, description = "Internal server error", body = serde_json::Value)
),
tag = crate::openapi::tag::NGINX_TAG
)]
pub async fn write_config(
State(nginx_controller): State<Arc<NginxService>>,
Json(payload): Json<Value>,

215
apps/agent/swagger.json Normal file
View File

@@ -0,0 +1,215 @@
{
"openapi": "3.1.0",
"info": {
"title": "yanpm-agent",
"description": "",
"license": {
"name": ""
},
"version": "0.1.0"
},
"paths": {
"/status": {
"get": {
"tags": [
"Nginx Agent"
],
"summary": "Health check endpoint",
"operationId": "status",
"responses": {
"200": {
"description": "Status response",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/StatusResp"
}
}
}
}
}
}
},
"/validate": {
"post": {
"tags": [
"Nginx Agent"
],
"operationId": "validate",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidateBody"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Validation response",
"content": {
"application/json": {
"schema": {}
}
}
}
}
}
},
"/validate_and_reload": {
"post": {
"tags": [
"Nginx Agent"
],
"operationId": "validate_and_reload",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidateAndReloadBody"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Validate and reload response",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidateAndReloadResp"
}
}
}
}
}
}
},
"/write_config": {
"post": {
"tags": [
"Nginx Agent"
],
"operationId": "write_config",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/WriteConfigBody"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Write config response"
},
"500": {
"description": "Internal server error",
"content": {
"application/json": {
"schema": {}
}
}
}
}
}
}
},
"components": {
"schemas": {
"StatusResp": {
"type": "object",
"required": [
"ok"
],
"properties": {
"ok": {
"type": "boolean"
}
}
},
"ValidateAndReloadBody": {
"type": "object",
"required": [
"config_name",
"timestamp"
],
"properties": {
"config_name": {
"type": "string"
},
"timestamp": {
"type": "integer",
"format": "int64",
"minimum": 0
}
}
},
"ValidateAndReloadResp": {
"type": "object",
"required": [
"rc",
"ro"
],
"properties": {
"rc": {
"type": "integer",
"format": "int32"
},
"ro": {
"type": "string"
}
}
},
"ValidateBody": {
"type": "object",
"required": [
"config_name",
"timestamp"
],
"properties": {
"config_name": {
"type": "string"
},
"timestamp": {
"type": "integer",
"format": "int64",
"minimum": 0
}
}
},
"WriteConfigBody": {
"type": "object",
"required": [
"config_name",
"timestamp",
"content"
],
"properties": {
"config_name": {
"type": "string"
},
"content": {
"type": "string"
},
"timestamp": {
"type": "integer",
"format": "int64",
"minimum": 0
}
}
}
}
},
"tags": [
{
"name": "Nginx Agent",
"description": "Nginx Agent API"
}
]
}

7
apps/api/Cargo.toml
View File

@@ -6,6 +6,7 @@ edition = "2024"
[dependencies]
database = { path = "../../public/database" }
migration = { path = "../../public/migration" }
agent_client = { path = "../../public/agent-client" }
axum = { version = "0.8.7", features = ["form", "http1", "http2", "json", "matched-path", "original-uri", "query", "tokio", "tower-log", "tracing", "macros"] }
axum-extra = { version = "0.12.2", features = ["cookie"] }
@@ -28,4 +29,10 @@ argon2 = { version = "0.5.3", features = ["std"] }
jsonwebtoken = { version = "10.2.0", features = ["rust_crypto"] }
uuid = { version = "1.19.0", features = ["v4", "serde", "fast-rng"] }
tower-http = { version = "0.6.8", features = ["cors"] }
reqwest = { version = "^0.12", features = ["json", "multipart", "stream"] }
[dev-dependencies]
tempfile = "3"
[lints.clippy]
unwrap_used = "deny"

2
apps/api/src/cmd/generate_openapi.rs
View File

@@ -28,7 +28,7 @@ fn action(
_matches: &clap::ArgMatches,
) -> std::pin::Pin<Box<dyn std::future::Future<Output = ()> + Send>> {
let output_path = _matches.get_one::<String>("output_path");
let output_path = output_path.unwrap().to_string();
let output_path = output_path.expect("output_path is required").to_string();
Box::pin(async move {
tracing::subscriber::with_default(log::make_temporary_subscriber(), || {

25
apps/api/src/cmd/start_server.rs
View File

@@ -11,15 +11,8 @@ use crate::{
cmd::CliCommand,
configs::{ProgramSettings, get_program_settings, logging::LoggingSettings},
log,
routes::{self, AppService, AppState},
services::{
auth::{
authentication::{AuthenticationServiceImpl, strategies::password::PasswordStrategy},
user::UserServiceImpl,
},
server_state::ServerStateService,
settings::SettingsService,
},
routes::{self, AppState},
services::get_app_service,
tasks,
};
@@ -148,19 +141,7 @@ fn get_app_state(
AppState {
database_connection: db_connection.clone(),
config: Arc::new(settings.clone()),
service: Arc::new(AppService {
server_state: Arc::new(ServerStateService::new(db_connection.clone())),
settings: Arc::new(SettingsService::new(db_connection.clone())),
auth_state: routes::AuthState {
strategy: routes::AuthStrategy {
password: Arc::new(PasswordStrategy::new(db_connection.clone())),
},
authentication: Arc::new(AuthenticationServiceImpl::new(
settings.auth.jwt_secret.clone(),
)),
},
user: Arc::new(UserServiceImpl::new(db_connection.clone())),
}),
service: Arc::new(get_app_service(db_connection, settings)),
}
}

4
apps/api/src/configs.rs
View File

@@ -1,3 +1,4 @@
pub mod agent;
pub mod auth;
pub mod database;
pub mod logging;
@@ -21,6 +22,7 @@ pub struct ProgramSettings {
pub database: database::DatabaseSettings,
pub server: server::ServerSettings,
pub auth: auth::AuthSettings,
pub agent: agent::AgentSettings,
}
impl FromConfig for ProgramSettings {
@@ -30,6 +32,7 @@ impl FromConfig for ProgramSettings {
database: database::DatabaseSettings::from_config(_config)?,
server: server::ServerSettings::from_config(_config)?,
auth: auth::AuthSettings::from_config(_config)?,
agent: agent::AgentSettings::from_config(_config)?,
};
config.validate()?;
Ok(config)
@@ -50,6 +53,7 @@ impl FromConfig for ProgramSettings {
database: database::DatabaseSettings::mock(),
server: server::ServerSettings::mock(),
auth: auth::AuthSettings::mock(),
agent: agent::AgentSettings::mock(),
}
}
}

58
apps/api/src/configs/agent.rs Normal file
View File

@@ -0,0 +1,58 @@
use config::Config;
use tracing::error;
use crate::configs::key::AGENT_SOCK_PATH_KEY;
use super::FromConfig;
#[derive(Debug, Clone)]
pub struct AgentSettings {
pub socket_path: String,
}
impl FromConfig for AgentSettings {
fn from_config(_config: &Config) -> Result<Self, String> {
Ok(AgentSettings {
socket_path: _config.get_string(AGENT_SOCK_PATH_KEY).map_err(|err| {
format!(
"Failed to get {} from configuration. Err: {}",
AGENT_SOCK_PATH_KEY, err
)
})?,
})
}
fn validate(&self) -> Result<(), String> {
// ensure socket_path exists and is readable and writable
if !std::path::Path::new(&self.socket_path).exists() {
let msg = format!("Agent socket path '{}' does not exist", self.socket_path);
error!("{}", msg);
return Err(msg);
}
if std::path::Path::new(&self.socket_path)
.metadata()
.map(|meta| {
let permissions = meta.permissions();
// Check read and write permissions for the owner
!permissions.readonly()
})
.unwrap_or(false)
{
Ok(())
} else {
let msg = format!(
"Agent socket path '{}' is not readable/writable",
self.socket_path
);
error!("{}", msg);
Err(msg)
}
}
#[cfg(test)]
fn mock() -> Self {
AgentSettings {
socket_path: "/tmp/agent.sock".to_string(),
}
}
}

2
apps/api/src/configs/key.rs
View File

@@ -14,3 +14,5 @@ pub(crate) const DATABASE_MIGRATE_ON_STARTUP_KEY: &str = "DATABASE.MIGRATION.MIG
pub(crate) const AUTH_JWT_SECRET_KEY: &str = "AUTH.JWT_SECRET";
pub(crate) const AUTH_DEFAULT_ADMIN_USERNAME_KEY: &str = "AUTH.DEFAULT_ADMIN_USERNAME";
pub(crate) const AUTH_DEFAULT_ADMIN_PASSWORD_KEY: &str = "AUTH.DEFAULT_ADMIN_PASSWORD";
//
pub(crate) const AGENT_SOCK_PATH_KEY: &str = "AGENT.SOCK.PATH";

2
apps/api/src/configs/server.rs
View File

@@ -121,7 +121,7 @@ impl FromConfig for ServerSettings {
#[cfg(test)]
fn mock() -> Self {
ServerSettings {
address: "0.0.0.0".parse().unwrap(),
address: "0.0.0.0".parse().expect("Failed to parse mock IP address"),
port: 8080,
serve_openapi: false,
cors: CORSSettings {

17
apps/api/src/routes.rs
View File

@@ -12,12 +12,8 @@ use crate::{
configs::{ProgramSettings, server::CORSSettings},
middlewares,
services::{
auth::{
authentication::{AuthenticationService, strategies::password::PasswordStrategy},
user::UserService,
},
server_state::ServerStateStore,
settings::SettingsStore,
AppService, ServiceState,
auth::authentication::{AuthenticationService, strategies::password::PasswordStrategy},
},
};
@@ -28,8 +24,6 @@ pub struct AppState {
pub config: Arc<ProgramSettings>,
}
pub type ServiceState<T> = Arc<T>;
pub struct AuthStrategy {
pub password: ServiceState<PasswordStrategy>,
}
@@ -39,13 +33,6 @@ pub struct AuthState {
pub authentication: ServiceState<dyn AuthenticationService>,
}
pub struct AppService {
pub settings: ServiceState<dyn SettingsStore>,
pub auth_state: AuthState,
pub user: ServiceState<dyn UserService>,
pub server_state: ServiceState<dyn ServerStateStore>,
}
pub fn get_root_router(
state: impl Into<Arc<AppState>>,
cors_settings: Arc<CORSSettings>,

17
apps/api/src/routes/api/health/info.rs
View File

@@ -79,6 +79,7 @@ pub async fn get_health_info(
#[cfg(test)]
mod test {
use crate::configs::FromConfig;
use crate::services::agent_client::AgentService;
use crate::{
routes::{AppState, api::health::state::HealthState},
services::{
@@ -94,6 +95,7 @@ mod test {
};
use super::*;
use agent_client::apis::configuration::Configuration;
use axum::body::to_bytes;
use axum::{
Router,
@@ -124,6 +126,7 @@ mod test {
},
user: Arc::new(UserServiceImpl::new(db.clone())),
server_state: Arc::new(ServerStateService::new(db.clone())),
agent_client: Arc::new(AgentService::new(Configuration::default())),
}),
});
@@ -135,13 +138,21 @@ mod test {
}));
let response = app
.oneshot(Request::builder().uri("/info").body(Body::empty()).unwrap())
.oneshot(
Request::builder()
.uri("/info")
.body(Body::empty())
.expect("Failed to build request"),
)
.await
.unwrap();
assert_eq!(response.status(), StatusCode::OK);
let body = to_bytes(response.into_body(), 1024 * 1024).await.unwrap(); // Set limit to 1 MB
let health_info: HealthInfo = serde_json::from_slice(&body).unwrap();
let body = to_bytes(response.into_body(), 1024 * 1024)
.await
.expect("Failed to read response body"); // Set limit to 1 MB
let health_info: HealthInfo =
serde_json::from_slice(&body).expect("Failed to deserialize response body");
assert_eq!(health_info.status, STATUS_HEALTHY);
assert_eq!(health_info.version, env!("CARGO_PKG_VERSION"));
assert!(health_info.errors.is_none());

51
apps/api/src/services.rs
View File

@@ -1,3 +1,54 @@
pub mod agent_client;
pub mod auth;
pub mod server_state;
pub mod settings;
use std::sync::Arc;
use ::agent_client::apis::configuration::Configuration;
use crate::{
configs::ProgramSettings,
routes::{self, AuthState},
services::{
auth::{
authentication::{AuthenticationServiceImpl, strategies::password::PasswordStrategy},
user::{UserService, UserServiceImpl},
},
server_state::{ServerStateService, ServerStateStore},
settings::{SettingsService, SettingsStore},
},
};
pub type ServiceState<T> = Arc<T>;
pub struct AppService {
pub settings: ServiceState<dyn SettingsStore>,
pub auth_state: AuthState,
pub user: ServiceState<dyn UserService>,
pub server_state: ServiceState<dyn ServerStateStore>,
#[allow(dead_code)]
pub agent_client: ServiceState<agent_client::AgentService>,
}
pub fn get_app_service(
db_connection: &Arc<sea_orm::DatabaseConnection>,
settings: &ProgramSettings,
) -> AppService {
AppService {
server_state: Arc::new(ServerStateService::new(db_connection.clone())),
settings: Arc::new(SettingsService::new(db_connection.clone())),
auth_state: routes::AuthState {
strategy: routes::AuthStrategy {
password: Arc::new(PasswordStrategy::new(db_connection.clone())),
},
authentication: Arc::new(AuthenticationServiceImpl::new(
settings.auth.jwt_secret.clone(),
)),
},
user: Arc::new(UserServiceImpl::new(db_connection.clone())),
agent_client: Arc::new(agent_client::AgentService::new(Configuration::from(
settings.agent.clone(),
))),
}
}

114
apps/api/src/services/agent_client.rs Normal file
View File

@@ -0,0 +1,114 @@
use std::sync::Arc;
use agent_client::apis::{ApiClient, configuration::Configuration};
use tracing::warn;
use crate::configs::agent::AgentSettings;
pub struct AgentService {
client: Arc<ApiClient>,
}
impl From<AgentSettings> for Configuration {
fn from(settings: AgentSettings) -> Self {
let mut config = Configuration::default();
let mut builder = reqwest::Client::builder();
let url = settings.socket_path;
if url.starts_with("unix://") {
builder = builder.unix_socket(url.to_string());
config.client = builder.build().expect("Failed to build reqwest client");
} else {
warn!("AgentSettings contains a non-unix socket path: {}", url);
config.base_path = url;
}
config
}
}
impl AgentService {
pub fn new(config: impl Into<Arc<Configuration>>) -> Self {
let client = ApiClient::new(config.into());
AgentService {
client: Arc::new(client),
}
}
#[allow(dead_code)]
pub fn get_client(&self) -> Arc<ApiClient> {
Arc::clone(&self.client)
}
}
#[cfg(test)]
mod tests {
use super::*;
use agent_client::{
apis::{Api, nginx_agent_api::StatusSuccess},
models::StatusResp,
};
use axum::{http::StatusCode, response::Json};
use std::time::Duration;
use tempfile::tempdir;
use tokio::time::sleep;
#[test]
fn test_agent_service_creation() {
let config = Configuration::default();
let service = AgentService::new(config);
let client = service.get_client();
assert!(Arc::ptr_eq(&client, &service.client));
}
#[tokio::test]
async fn test_agent_socket_support() {
// create temporary socket path
let dir = tempdir().expect("Failed to create temp dir");
let socket_path = dir.path().join("agent.sock");
// create axum app with a simple /status route
let app = axum::Router::new().route(
"/status",
axum::routing::get(|| async {
let result: (StatusCode, StatusResp) = (StatusCode::OK, StatusResp { ok: true });
(result.0, Json(result.1))
}),
);
// bind tokio unix listener and serve in background
let listener =
tokio::net::UnixListener::bind(&socket_path).expect("Failed to bind to unix socket");
let server_fut = axum::serve::serve(listener, app);
let _srv = tokio::spawn(async move {
let _ = server_fut.await;
});
// give server a moment to start
sleep(Duration::from_millis(50)).await;
let client: ApiClient = ApiClient::new(Arc::new(Configuration {
base_path: "http://localhost".to_string(),
client: reqwest::Client::builder()
.unix_socket(socket_path.clone())
.build()
.expect("Failed to build reqwest client"),
..Default::default()
}));
let res = client
.nginx_agent_api()
.status()
.await
.expect("Failed to get status");
let body = res.entity.expect("Response entity is missing");
assert!(res.status.is_success());
if let StatusSuccess::Status200(body) = body {
assert!(body.ok);
} else {
panic!("Unexpected response body");
}
}
}

54
apps/api/src/services/auth/authentication.rs
View File

@@ -197,14 +197,17 @@ mod tests {
let (token, _) = service
.generate_jwt(user_id, 60)
.await
.expect("generate jwt");
.expect("Failed to generate jwt");
let valid = service
.is_valid_jwt(&token, None)
.await
.expect("validate jwt");
.expect("Failed to validate jwt");
assert!(valid.is_some(), "Generated token should be valid");
let claims = service.parse_jwt(&token).await.expect("parse jwt");
let claims = service
.parse_jwt(&token)
.await
.expect("Failed to parse jwt");
assert_eq!(claims.sub, user_id.to_string());
}
@@ -213,10 +216,16 @@ mod tests {
let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
let user_id = Uuid::new_v4();
let (token, _) = service.generate_jwt(user_id, 60).await.unwrap();
let (token, _) = service
.generate_jwt(user_id, 60)
.await
.expect("Failed to generate jwt");
let other_sub = Uuid::new_v4().to_string();
let valid = service.is_valid_jwt(&token, Some(other_sub)).await.unwrap();
let valid = service
.is_valid_jwt(&token, Some(other_sub))
.await
.expect("jwt is not valid");
assert!(
valid.is_none(),
"Token should be invalid for a different subject"
@@ -236,10 +245,19 @@ mod tests {
let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
let user_id = Uuid::new_v4();
let (token, _) = service.generate_jwt(user_id, 60).await.unwrap();
let new_token = service.refresh_jwt(&token, 120).await.unwrap();
let (token, _) = service
.generate_jwt(user_id, 60)
.await
.expect("Failed to generate jwt");
let new_token = service
.refresh_jwt(&token, 120)
.await
.expect("Failed to refresh jwt");
let claims = service.parse_jwt(&new_token).await.unwrap();
let claims = service
.parse_jwt(&new_token)
.await
.expect("Failed to parse refreshed jwt");
assert_eq!(claims.sub, user_id.to_string());
assert_eq!(claims.exp - claims.iat, 120);
}
@@ -249,10 +267,16 @@ mod tests {
let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
let user_id = Uuid::new_v4();
let (token, claims) = service.generate_jwt(user_id, 1).await.unwrap();
let (token, claims) = service
.generate_jwt(user_id, 1)
.await
.expect("Failed to generate jwt");
sleep(Duration::from_secs(2)).await;
let valid = service.is_valid_jwt(&token, None).await.unwrap();
let valid = service
.is_valid_jwt(&token, None)
.await
.expect("Failed to validate jwt");
assert!(
valid.is_none(),
"Token should be expired and thus invalid. Current time: {:?}. Diff: {}",
@@ -266,9 +290,15 @@ mod tests {
let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
let user_id = Uuid::new_v4();
let (token, _) = service.generate_jwt(user_id, 1).await.unwrap();
let (token, _) = service
.generate_jwt(user_id, 1)
.await
.expect("Failed to generate jwt");
service.invalidate_jwt(&token).await.unwrap();
service
.invalidate_jwt(&token)
.await
.expect("Failed to invalidate jwt");
// ensure entry is present
{

4
apps/api/src/services/auth/authentication/strategies/password.rs
View File

@@ -236,7 +236,7 @@ mod test {
"CorrectPassword".as_bytes(),
&SaltString::generate(&mut OsRng),
)
.unwrap()
.expect("Failed to hash password")
.to_string();
let db = MockDatabase::new(sea_orm::DatabaseBackend::Sqlite)
.append_query_results(vec![vec![user::Model {
@@ -281,7 +281,7 @@ mod test {
"CorrectPassword".as_bytes(),
&SaltString::generate(&mut OsRng),
)
.unwrap()
.expect("Failed to hash password")
.to_string();
let db = MockDatabase::new(sea_orm::DatabaseBackend::Sqlite)
.append_query_results(vec![vec![user::Model {

2
apps/cli/Cargo.toml
View File

@@ -8,7 +8,7 @@ async-trait = "0.1.89"
container-simulate = { path = "../container" }
migration = {path = "../../public/migration"}
shared = {path = "../../public/shared"}
testcontainers = "0.24.0"
testcontainers = "0.26.0"
tokio = { version = "1.47.0", features = ["full"] }
url = "2.5.7"
clap = { version = "4.5.48", features = ["derive", "env"] }

5
apps/cli/src/cmd/db_migrate_and_generate.rs
View File

@@ -1,7 +1,7 @@
use clap::{Arg, Command};
use container::{
use container::containers::{
ConfigInfoType,
db::{DBInfo, sqlite::SQLiteContainer},
types::ConfigInfoType,
};
use migration::{generate_entity, migrate_database};
use shared::db_type::DBType;
@@ -54,6 +54,7 @@ fn action(
for db_config in database_configs {
let config = container::Config {
database: db_config,
agent: None,
};
let mut detached_handler = container::start_detached(&config).await;
match migrate_and_generate_entity(&config, &output_path).await {

2
apps/container/Cargo.toml
View File

@@ -9,7 +9,7 @@ path = "src/lib.rs"
[dependencies]
async-trait = "0.1.89"
testcontainers = "0.24.0"
testcontainers = { version = "0.26.0" }
shared = { path = "../../public/shared" }
tokio = { version = "1.47.0", features = ["full"] }
url = "2.5.7"

40
apps/container/src/containers.rs Normal file
View File

@@ -0,0 +1,40 @@
pub mod agent;
pub mod db;
use std::{pin::Pin, sync::Arc};
use testcontainers::{ContainerAsync, GenericImage, TestcontainersError};
use crate::containers::{
agent::AgentContainerInfo,
db::{ContainerizedDBInfo, PreExistingDBInfo},
};
pub type UnStartedContainer =
Pin<Box<dyn Future<Output = Result<ContainerAsync<GenericImage>, TestcontainersError>> + Send>>;
pub type AgentConfigInfoType = ConfigInfoType<AgentContainerInfo, ()>;
pub type DBConfigInfoType = ConfigInfoType<ContainerizedDBInfo, PreExistingDBInfo>;
pub trait WithContainer {
fn container(&self) -> &Arc<ContainerAsync<GenericImage>>;
}
pub trait WithoutContainer {
fn on_delete(&self);
}
impl WithoutContainer for () {
fn on_delete(&self) {}
}
#[derive(Clone)]
pub enum ConfigInfoType<T, U>
where
T: WithContainer,
U: WithoutContainer,
{
Containerized(T),
PreExisting(U),
}

115
apps/container/src/containers/agent.rs Normal file
View File

@@ -0,0 +1,115 @@
use std::{error::Error, sync::Arc};
use testcontainers::{
ContainerAsync, GenericBuildableImage, GenericImage, ImageExt,
core::{AccessMode, BuildImageOptions, ContainerPort, Mount, WaitFor},
runners::{AsyncBuilder, AsyncRunner},
};
use crate::{WithContainer, containers::UnStartedContainer};
pub const SOCK_NAME: &str = "yanpm-agent.sock";
const SOCK_FOLDER: &str = "/var/run/yanpm";
const NGINX_CONFIG_DIR: &str = "/etc/nginx/conf.d";
#[derive(Clone)]
pub struct AgentContainerConfig {
pub image: String,
pub tag: String,
pub container_name: String,
pub dockerfile_path: String,
pub force_build: bool,
pub agent_config: AgentConfig,
pub nginx_config: NginxConfig,
}
#[derive(Clone)]
pub struct AgentContainerInfo {
pub container: Arc<ContainerAsync<GenericImage>>,
pub config: AgentContainerConfig,
}
impl WithContainer for AgentContainerInfo {
fn container(&self) -> &Arc<ContainerAsync<GenericImage>> {
&self.container
}
}
#[derive(Clone)]
pub struct AgentConfig {
pub sock_folder: String, // path to be mounted to host for unix socket
pub nginx_config_dir: String, // path to be mounted to host for nginx config files, only the agent generated folder will be mounted
pub sock_perm: u32, // permissions to set on the unix socket
pub sock_gid: String, // GID to set on the unix socket
}
#[derive(Clone)]
pub struct NginxConfig {
pub expose_http: bool,
pub expose_https: bool,
}
impl AgentContainerConfig {
pub fn new(
image: String,
tag: String,
container_name: String,
dockerfile_path: String,
force_build: bool,
// agent configs
agent_config: AgentConfig,
nginx_config: NginxConfig,
) -> Self {
AgentContainerConfig {
image,
tag,
container_name,
dockerfile_path,
force_build,
// default agent configs
agent_config,
nginx_config,
}
}
pub async fn get_unstarted_container(&self) -> Result<UnStartedContainer, Box<dyn Error>> {
let mut image = GenericBuildableImage::new(&self.image, &self.tag)
.with_dockerfile(&self.dockerfile_path)
.build_image_with(BuildImageOptions::new().with_skip_if_exists(!self.force_build))
.await?;
if self.nginx_config.expose_http {
image = image.with_exposed_port(ContainerPort::Tcp(80));
}
if self.nginx_config.expose_https {
image = image.with_exposed_port(ContainerPort::Tcp(443));
}
image = image.with_wait_for(WaitFor::message_on_either_std("Starting yanpm-daemon on"));
Ok(image
.with_container_name(self.container_name.clone())
.with_env_var("YANPM_AGENT_SOCK", format!("{}/{}", SOCK_FOLDER, SOCK_NAME))
.with_env_var("YANPM_NGINX_CONFIG_DIR", NGINX_CONFIG_DIR.to_string())
.with_env_var(
"YANPM_AGENT_SOCK_PERM",
self.agent_config.sock_perm.to_string(),
)
.with_env_var("YANPM_AGENT_SOCK_GID", self.agent_config.sock_gid.clone())
.with_mount(
Mount::bind_mount(
self.agent_config.sock_folder.clone(),
SOCK_FOLDER.to_string(),
)
.with_access_mode(AccessMode::ReadWrite),
)
.with_mount(
Mount::bind_mount(
self.agent_config.nginx_config_dir.clone(),
NGINX_CONFIG_DIR.to_string(),
)
.with_access_mode(AccessMode::ReadWrite),
)
.start())
}
}

15
apps/container/src/db.rs → apps/container/src/containers/db.rs
View File

@@ -5,18 +5,15 @@ pub mod sqlite;
use async_trait::async_trait;
use shared::db_type::DBType;
use std::error::Error;
use std::future::Future;
use std::{pin::Pin, sync::Arc};
use std::sync::Arc;
use url::Host;
use testcontainers::{ContainerAsync, GenericImage, TestcontainersError};
use testcontainers::{ContainerAsync, GenericImage};
use crate::{ConfigInfoType, WithContainer, WithoutContainer};
pub type UnStartedContainer =
Pin<Box<dyn Future<Output = Result<ContainerAsync<GenericImage>, TestcontainersError>> + Send>>;
pub type DBConfigInfoType = ConfigInfoType<ContainerizedDBInfo, PreExistingDBInfo>;
use crate::{
WithContainer, WithoutContainer,
containers::{DBConfigInfoType, UnStartedContainer},
};
#[derive(Clone)]
pub struct PreExistingDBInfo {

6
apps/container/src/db/config.rs → apps/container/src/containers/db/config.rs
View File

@@ -9,7 +9,7 @@ pub struct OptionalContainerConfig {
}
#[derive(Clone)]
pub struct ContainerConfig {
pub struct DatabaseContainerConfig {
pub image: String,
pub tag: String,
pub container_name: String,
@@ -19,8 +19,8 @@ pub struct ContainerConfig {
}
impl OptionalContainerConfig {
pub fn fill_with(&self, other: &ContainerConfig) -> ContainerConfig {
ContainerConfig {
pub fn fill_with(&self, other: &DatabaseContainerConfig) -> DatabaseContainerConfig {
DatabaseContainerConfig {
image: self.image.clone().unwrap_or_else(|| other.image.clone()),
tag: self.tag.clone().unwrap_or_else(|| other.tag.clone()),
container_name: self

17
apps/container/src/db/postgresql.rs → apps/container/src/containers/db/postgresql.rs
View File

@@ -9,14 +9,17 @@ use testcontainers::{
use crate::{
ConfigInfoType,
db::{
ContainerizedDBInfo, DBConfigInfoType, DBInfo, UnStartedContainer,
config::{ContainerConfig, OptionalContainerConfig},
containers::{
UnStartedContainer,
db::{
ContainerizedDBInfo, DBConfigInfoType, DBInfo,
config::{DatabaseContainerConfig, OptionalContainerConfig},
},
},
};
pub fn get_default_config() -> ContainerConfig {
ContainerConfig {
pub fn get_default_config() -> DatabaseContainerConfig {
DatabaseContainerConfig {
container_name: "yanpm-postgres".to_string(),
database_name: "postgres".to_string(),
user: "postgres".to_string(),
@@ -27,7 +30,7 @@ pub fn get_default_config() -> ContainerConfig {
}
pub struct PostgreSQLContainer {
pub config: ContainerConfig,
pub config: DatabaseContainerConfig,
}
#[async_trait]
@@ -53,7 +56,7 @@ impl DBInfo<OptionalContainerConfig> for PostgreSQLContainer {
);
ConfigInfoType::Containerized(ContainerizedDBInfo {
db_type: crate::db::DBType::PostgreSQL,
db_type: crate::containers::db::DBType::PostgreSQL,
container: Arc::new(pg_container),
container_name: self.config.container_name.clone(),
database_name: self.config.database_name.clone(),

4
apps/container/src/db/sqlite.rs → apps/container/src/containers/db/sqlite.rs
View File

@@ -4,7 +4,7 @@ use async_trait::async_trait;
use crate::{
ConfigInfoType,
db::{DBConfigInfoType, DBInfo, PreExistingDBInfo, UnStartedContainer},
containers::db::{DBConfigInfoType, DBInfo, PreExistingDBInfo, UnStartedContainer},
util::to_absolute_path,
};
@@ -69,7 +69,7 @@ impl DBInfo<OptionalContainerConfig> for SQLiteContainer {
.expect("Failed to create SQLite database file");
//
ConfigInfoType::PreExisting(PreExistingDBInfo {
db_type: crate::db::DBType::SQLite,
db_type: crate::containers::db::DBType::SQLite,
url: sqlite_url,
on_delete: {
let db_path = self.get_db_absolute_path();

35
apps/container/src/env.rs
View File

@@ -1,7 +1,5 @@
use std::io::Write;
use shared::db_type::DBType;
#[derive(Clone, Copy)]
pub enum EnvFileType {
DotEnv,
@@ -11,25 +9,20 @@ pub enum EnvFileType {
#[derive(Clone)]
pub struct EnvFile {
pub file_type: EnvFileType,
pub db_type: DBType,
pub db_url: String,
//
buffer: serde_json::Value,
}
impl EnvFile {
pub fn new(file_type: EnvFileType, db_type: DBType, db_url: String) -> Self {
let mut env_file = EnvFile {
pub fn new(file_type: EnvFileType) -> Self {
EnvFile {
file_type,
db_type,
db_url,
buffer: serde_json::Value::Object(serde_json::Map::new()),
};
}
}
env_file._write_line_buffer("DATABASE__TYPE", &env_file.db_type.to_string());
env_file._write_line_buffer("DATABASE__URL", &env_file.db_url.to_string());
env_file
pub fn write_line(&mut self, key: &str, value: &str) {
self._write_line_buffer(key, value);
}
pub fn write(&mut self, stream: &mut dyn Write, with_prefix: bool) {
@@ -127,12 +120,10 @@ mod tests {
#[test]
fn test_env_file_write_yaml() {
let mut env_file_nested = EnvFile::new(
EnvFileType::Yaml,
DBType::SQLite,
"mysql://user:pass@localhost/db".to_string(),
);
let mut env_file_nested = EnvFile::new(EnvFileType::Yaml);
env_file_nested.write_line("DATABASE__TYPE", "SQLite");
env_file_nested.write_line("DATABASE__URL", "mysql://user:pass@localhost/db");
let mut output_stream = Vec::new();
env_file_nested.write(&mut output_stream, false);
let output_string = String::from_utf8(output_stream).unwrap();
@@ -146,11 +137,9 @@ DATABASE:
#[test]
fn test_env_file_write_env() {
let mut env_file_nested = EnvFile::new(
EnvFileType::DotEnv,
DBType::PostgreSQL,
"postgres://user:pass@localhost/db".to_string(),
);
let mut env_file_nested = EnvFile::new(EnvFileType::DotEnv);
env_file_nested.write_line("DATABASE__TYPE", "PostgreSQL");
env_file_nested.write_line("DATABASE__URL", "postgres://user:pass@localhost/db");
let mut output_stream = Vec::new();
env_file_nested.write(&mut output_stream, true);
let output_string = String::from_utf8(output_stream).unwrap();

24
apps/container/src/lib.rs
View File

@@ -1,11 +1,11 @@
pub mod db;
pub mod containers;
mod env;
pub mod types;
mod util;
use crate::{
db::DBConfigInfoType,
types::{ConfigInfoType, WithContainer, WithoutContainer},
containers::{
AgentConfigInfoType, ConfigInfoType, DBConfigInfoType, WithContainer, WithoutContainer,
},
util::{
await_termination_signal, remove_file_if_exists, stop_container, to_absolute_path,
write_env_files,
@@ -15,6 +15,7 @@ use crate::{
#[derive(Clone)]
pub struct Config {
pub database: DBConfigInfoType,
pub agent: Option<AgentConfigInfoType>,
}
// relative to the pwd
@@ -56,26 +57,29 @@ impl<'a> Drop for DetachedHandle<'a> {
}
async fn start(config: &Config) {
let db_config = &config.database;
//
// write the config files for the api server and database client
println!("Writing config files...");
write_env_files(db_config);
write_env_files(&config.database, &config.agent);
println!("Config files written to:");
println!(" - {}", to_absolute_path(API_CONFIG_PATH).display());
println!(" - {}", to_absolute_path(DB_CONFIG_PATH).display());
}
async fn stop(config: &Config) {
let db_config = &config.database;
// stop the container
println!("Stopping container...");
stop_container(db_config, "database".to_string()).await;
println!("Stopping database container...");
stop_container(&config.database, "database".to_string()).await;
if let Some(agent) = &config.agent {
println!("Stopping agent container...");
stop_container(agent, "agent".to_string()).await;
}
println!("Container stopped.");
// remove the generated config file
println!("Removing generated config file...");
remove_file_if_exists(DB_CONFIG_PATH);
remove_file_if_exists(API_CONFIG_PATH);
println!("Container stopped.");
println!("Generated config files removed.");
}
pub async fn start_attached(config: &Config) {

156
apps/container/src/main.rs
View File

@@ -1,8 +1,15 @@
use clap::Parser;
use container::Config;
use container::start_attached;
use std::sync::Arc;
use container::db::DBInfo;
use clap::Parser;
use container::{
Config,
containers::{
ConfigInfoType,
agent::{AgentConfig, AgentContainerConfig, AgentContainerInfo, NginxConfig},
db::DBInfo,
},
start_attached,
};
/// Command line arguments
#[derive(Parser, Debug)]
@@ -11,17 +18,63 @@ struct Args {
/// Database type to use: 'postgres' or 'sqlite'. Can also be set with DB_TYPE env var.
#[arg(long, default_value = "sqlite", env = "DB_TYPE")]
db_type: String,
// agent related
/// agent image name
#[arg(long, default_value = "yanpm/agent", env = "AGENT_IMAGE_NAME")]
agent_image: String,
/// agent image tag
#[arg(long, default_value = "latest", env = "AGENT_IMAGE_TAG")]
agent_image_tag: String,
/// force build agent image
#[arg(long, default_value_t = false, env = "AGENT_FORCE_BUILD")]
agent_force_build: bool,
/// dockerfile path for building agent image
#[arg(long, env = "AGENT_DOCKERFILE_PATH", required = false)]
agent_dockerfile_path: Option<String>,
/// host's location to mount nginx config files folder generated by the agent
#[arg(long, env = "AGENT_NGINX_CONFIG_DIR", required = false)]
agent_nginx_config_dir: Option<String>,
/// host's location folder to mount the unix socket files
#[arg(long, env = "AGENT_SOCK_PATH", required = false)]
agent_sock_path: Option<String>,
/// socket permissions to set on the unix socket
#[arg(long, default_value = "660", env = "AGENT_SOCK_PERM", required = false)]
agent_sock_perm: u32,
/// socket GID to set on the unix socket
#[arg(long, default_value = "", env = "AGENT_SOCK_GID", required = false)]
agent_sock_gid: String,
/// nginx expose http port
#[arg(
long,
default_value_t = true,
env = "AGENT_NGINX_EXPOSE_HTTP",
required = false
)]
agent_nginx_expose_http: bool,
/// nginx expose https port
#[arg(
long,
default_value_t = false,
env = "AGENT_NGINX_EXPOSE_HTTPS",
required = false
)]
agent_nginx_expose_https: bool,
}
struct ParsedArgs {
db_type: String,
agent_container_config: Option<AgentContainerConfig>,
}
#[tokio::main]
async fn main() {
// Parse command line arguments and environment variables
let args = Args::parse();
let args = parse_args().await;
println!("Starting container with database type: {}", args.db_type);
let db_config = match args.db_type.to_lowercase().as_str() {
"postgres" | "pg" | "pgsql" => {
use container::db::postgresql::PostgreSQLContainer;
use container::containers::db::postgresql::PostgreSQLContainer;
println!("Using PostgreSQL database");
PostgreSQLContainer::new(None)
.await
@@ -30,7 +83,7 @@ async fn main() {
}
"sqlite" | "sql" => {
println!("Using SQLite database");
use container::db::sqlite::SQLiteContainer;
use container::containers::db::sqlite::SQLiteContainer;
SQLiteContainer::new(None)
.await
.get_db_container_config_info()
@@ -43,11 +96,98 @@ async fn main() {
};
println!("Database configuration obtained.");
let agent_container = if let Some(agent_config) = &args.agent_container_config {
println!(
"Agent container will be used with socket folder: {} and nginx config dir: {}",
agent_config.agent_config.sock_folder, agent_config.agent_config.nginx_config_dir
);
Some(agent_config.get_unstarted_container().await)
} else {
println!("No agent container configuration provided, skipping agent setup.");
None
};
let config = Config {
database: db_config,
agent: match agent_container {
Some(Ok(container)) => Some(ConfigInfoType::Containerized(AgentContainerInfo {
container: Arc::new(container.await.expect("Failed to start agent container")),
config: args.agent_container_config.expect("Invalid config state"),
})),
Some(Err(e)) => {
eprintln!("Failed to set up agent container: {}", e);
std::process::exit(1);
}
None => None,
},
};
println!("Starting container...");
start_attached(&config).await;
println!("Container stopped. Exiting...");
}
async fn parse_args() -> ParsedArgs {
// Parse command line arguments and environment variables
let args = Args::parse();
// if any required args are missing, do not start agent
let dockerfile_path = match args.agent_dockerfile_path {
None => {
println!("Agent dockerfile path not provided, skipping agent setup.");
return ParsedArgs {
db_type: args.db_type,
agent_container_config: None,
};
}
Some(path) => path,
};
let time = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_secs();
let agent_config = AgentConfig {
sock_folder: match args.agent_sock_path {
None => {
// create a temp dir for the socket path
let temp_dir = std::env::temp_dir().join(format!("yanpm-agent-sock-{}", time));
std::fs::create_dir_all(&temp_dir)
.expect("Failed to create temp dir for agent socket");
temp_dir.to_string_lossy().to_string()
}
Some(path) => path,
},
nginx_config_dir: match args.agent_nginx_config_dir {
None => {
// create a temp dir for the nginx config dir
let temp_dir =
std::env::temp_dir().join(format!("yanpm-agent-nginx-configs-{}", time));
std::fs::create_dir_all(&temp_dir)
.expect("Failed to create temp dir for agent nginx configs");
temp_dir.to_string_lossy().to_string()
}
Some(path) => path,
},
sock_perm: args.agent_sock_perm,
sock_gid: args.agent_sock_gid.clone(),
};
ParsedArgs {
db_type: args.db_type,
agent_container_config: Some(AgentContainerConfig {
// TODO: allow customization of these fields via CLI args
image: args.agent_image,
tag: args.agent_image_tag,
container_name: format!("yanpm-agent-container-{}", time),
dockerfile_path,
force_build: args.agent_force_build,
agent_config,
nginx_config: NginxConfig {
expose_http: args.agent_nginx_expose_http,
expose_https: args.agent_nginx_expose_https,
},
}),
}
}

21
apps/container/src/types.rs
View File

@@ -1,21 +0,0 @@
use std::sync::Arc;
use testcontainers::{ContainerAsync, GenericImage};
pub trait WithContainer {
fn container(&self) -> &Arc<ContainerAsync<GenericImage>>;
}
pub trait WithoutContainer {
fn on_delete(&self);
}
#[derive(Clone)]
pub enum ConfigInfoType<T, U>
where
T: WithContainer,
U: WithoutContainer,
{
Containerized(T),
PreExisting(U),
}

27
apps/container/src/util.rs
View File

@@ -4,9 +4,11 @@ use tokio::signal::unix::{SignalKind, signal};
use crate::{
API_CONFIG_PATH, DB_CONFIG_PATH,
db::DBConfigInfoType,
containers::{
AgentConfigInfoType, ConfigInfoType, DBConfigInfoType, WithContainer, WithoutContainer,
agent::SOCK_NAME,
},
env::{self, EnvFile},
types::{ConfigInfoType, WithContainer, WithoutContainer},
};
// relative to the current working directory
@@ -20,7 +22,7 @@ pub fn to_absolute_path(path: &str) -> PathBuf {
.clean()
}
pub fn write_env_files(db_config: &DBConfigInfoType) {
pub fn write_env_files(db_config: &DBConfigInfoType, agent_config: &Option<AgentConfigInfoType>) {
let api_config_path_absolute = to_absolute_path(API_CONFIG_PATH);
let db_config_path_absolute = to_absolute_path(DB_CONFIG_PATH);
@@ -29,10 +31,27 @@ pub fn write_env_files(db_config: &DBConfigInfoType) {
DBConfigInfoType::PreExisting(config) => (config.db_type.clone(), config.url.clone()),
};
let mut api_env = EnvFile::new(env::EnvFileType::Yaml, db_type, db_url);
let mut api_env = EnvFile::new(env::EnvFileType::Yaml);
api_env.write_line("DATABASE__TYPE", db_type.to_string().as_str());
api_env.write_line("DATABASE__URL", db_url.as_str());
let mut db_env = api_env.clone();
db_env.file_type = env::EnvFileType::DotEnv;
// agent related env vars
if let Some(agent) = agent_config
&& let ConfigInfoType::Containerized(agent) = agent
{
api_env.write_line(
"AGENT__SOCK__PATH",
format!("{}/{}", &agent.config.agent_config.sock_folder, SOCK_NAME).as_str(),
);
api_env.write_line(
"AGENT__NGINX__CONFIG__DIR",
&agent.config.agent_config.nginx_config_dir,
);
}
let mut api_file =
std::fs::File::create(&api_config_path_absolute).expect("Failed to create API config file");

36
justfile
View File

@@ -2,6 +2,8 @@ set dotenv-load := true
# development environment file
set dotenv-filename := "./public/database/.env.generated"
DEFAULT_SIMULATE_ARGS := "--agent-dockerfile-path=../agent/Dockerfile"
cli *args:
cd apps/cli && \
if [ -n "{{args}}" ]; then \
@@ -13,9 +15,9 @@ cli *args:
simulate *args:
cd apps/container && \
if [ -n "{{args}}" ]; then \
cargo run --bin container-simulate -- --db-type={{args}}; \
cargo run --bin container-simulate -- {{args}}; \
else \
cargo run --bin container-simulate; \
cargo run --bin container-simulate -- {{DEFAULT_SIMULATE_ARGS}}; \
fi
# Usage: (following SeaORM migration commands)
@@ -48,13 +50,31 @@ generate-openapi:
# Generate API client for frontend
cd apps/frontend && \
pnpm generate:openapi
# Generate OpenAPI spec for agent
# Generate API client for agent
cd apps/agent && \
cargo run -- --generate-openapi --openapi-output ./openapi.yaml
# TODO: Generate API client for agent in api
cargo run -- generate-openapi --output swagger.json
generate-agent-client:
# Generate API client for agent
pnpm openapi-generator-cli generate \
-g rust --skip-validate-spec \
-o ./public/agent-client -i ./apps/agent/swagger.json \
--additional-properties=library=reqwest-trait \
--additional-properties=mockall=true \
--additional-properties=packageName=agent_client \
--additional-properties=packageVersion=0.1.0 \
--additional-properties=supportAsync=true \
--additional-properties=supportMultipleResponses=true \
--additional-properties=topLevelApiClient=true \
--additional-properties=useSingleRequestParameter=true
# format generated code
cd public/agent-client && \
cargo fmt
# append lint allows/forbids to the end of Cargo.toml to disable warnings in generated code and forbid unsafe code
cd public/agent-client && \
echo '\n[lints.clippy]\nall = "allow"\n[lints.rust]\nunsafe_code = "forbid"\n' >> Cargo.toml
generate-all: generate-entity generate-openapi
generate-all: generate-entity generate-openapi generate-agent-client
build-frontend:
# build frontend assets
@@ -66,6 +86,10 @@ build-backend:
cd apps/api && \
cargo build --release
build-docker:
cd apps/agent && \
docker build -t yanpm/agent:latest .
build-apps: build-frontend build-backend
act *args:

7
openapitools.json Normal file
View File

@@ -0,0 +1,7 @@
{
"$schema": "./node_modules/@openapitools/openapi-generator-cli/config.schema.json",
"spaces": 2,
"generator-cli": {
"version": "7.18.0"
}
}

6
package.json Normal file
View File

@@ -0,0 +1,6 @@
{
"devDependencies": {
"@openapitools/openapi-generator-cli": "^2.26.0",
"rust-just": "^1.44.0"
}
}

3418
apps/frontend/pnpm-lock.yaml → pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

7
pnpm-workspace.yaml Normal file
View File

@@ -0,0 +1,7 @@
packages:
- apps/frontend
onlyBuiltDependencies:
- '@nestjs/core'
- '@openapitools/openapi-generator-cli'
- esbuild

3
public/agent-client/.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
/target/
**/*.rs.bk
Cargo.lock

23
public/agent-client/.openapi-generator-ignore Normal file
View File

@@ -0,0 +1,23 @@
# OpenAPI Generator Ignore
# Generated by openapi-generator https://github.com/openapitools/openapi-generator
# Use this file to prevent files from being overwritten by the generator.
# The patterns follow closely to .gitignore or .dockerignore.
# As an example, the C# client generator defines ApiClient.cs.
# You can make changes and tell OpenAPI Generator to ignore just this file by uncommenting the following line:
#ApiClient.cs
# You can match any string of characters against a directory, file or extension with a single asterisk (*):
#foo/*/qux
# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux
# You can recursively match patterns against a directory, file or extension with a double asterisk (**):
#foo/**/qux
# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux
# You can also negate patterns with an exclamation (!).
# For example, you can ignore all files in a docs folder with the file extension .md:
#docs/*.md
# Then explicitly reverse the ignore rule for a single file:
#!docs/README.md

21
public/agent-client/.openapi-generator/FILES Normal file
View File

@@ -0,0 +1,21 @@
.gitignore
.travis.yml
Cargo.toml
README.md
docs/NginxAgentApi.md
docs/StatusResp.md
docs/ValidateAndReloadBody.md
docs/ValidateAndReloadResp.md
docs/ValidateBody.md
docs/WriteConfigBody.md
git_push.sh
src/apis/configuration.rs
src/apis/mod.rs
src/apis/nginx_agent_api.rs
src/lib.rs
src/models/mod.rs
src/models/status_resp.rs
src/models/validate_and_reload_body.rs
src/models/validate_and_reload_resp.rs
src/models/validate_body.rs
src/models/write_config_body.rs

1
public/agent-client/.openapi-generator/VERSION Normal file
View File

@@ -0,0 +1 @@
7.18.0

1
public/agent-client/.travis.yml Normal file
View File

@@ -0,0 +1 @@
language: rust

27
public/agent-client/Cargo.toml Normal file
View File

@@ -0,0 +1,27 @@
[package]
name = "agent_client"
version = "0.1.0"
authors = ["OpenAPI Generator team and contributors"]
description = "No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)"
license = ""
edition = "2021"
[dependencies]
serde = { version = "^1.0", features = ["derive"] }
serde_json = "^1.0"
serde_repr = "^0.1"
url = "^2.5"
async-trait = "^0.1"
reqwest = { version = "^0.12", default-features = false, features = ["json", "multipart", "stream"] }
mockall = { version = "^0.13", optional = true}
[features]
default = ["native-tls"]
native-tls = ["reqwest/native-tls"]
rustls-tls = ["reqwest/rustls-tls"]
mockall = ["dep:mockall"]
[lints.clippy]
all = "allow"
[lints.rust]
unsafe_code = "forbid"

53
public/agent-client/README.md Normal file
View File

@@ -0,0 +1,53 @@
# Rust API client for agent_client
No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
## Overview
This API client was generated by the [OpenAPI Generator](https://openapi-generator.tech) project. By using the [openapi-spec](https://openapis.org) from a remote server, you can easily generate an API client.
- API version: 0.1.0
- Package version: 0.1.0
- Generator version: 7.18.0
- Build package: `org.openapitools.codegen.languages.RustClientCodegen`
## Installation
Put the package under your project folder in a directory named `agent_client` and add the following to `Cargo.toml` under `[dependencies]`:
```
agent_client = { path = "./agent_client" }
```
## Documentation for API Endpoints
All URIs are relative to *http://localhost*
Class | Method | HTTP request | Description
------------ | ------------- | ------------- | -------------
*NginxAgentApi* | [**status**](docs/NginxAgentApi.md#status) | **GET** /status | Health check endpoint
*NginxAgentApi* | [**validate**](docs/NginxAgentApi.md#validate) | **POST** /validate |
*NginxAgentApi* | [**validate_and_reload**](docs/NginxAgentApi.md#validate_and_reload) | **POST** /validate_and_reload |
*NginxAgentApi* | [**write_config**](docs/NginxAgentApi.md#write_config) | **POST** /write_config |
## Documentation For Models
- [StatusResp](docs/StatusResp.md)
- [ValidateAndReloadBody](docs/ValidateAndReloadBody.md)
- [ValidateAndReloadResp](docs/ValidateAndReloadResp.md)
- [ValidateBody](docs/ValidateBody.md)
- [WriteConfigBody](docs/WriteConfigBody.md)
To get access to the crate's generated documentation, use:
```
cargo doc --open
```
## Author

121
public/agent-client/docs/NginxAgentApi.md Normal file
View File

@@ -0,0 +1,121 @@
# \NginxAgentApi
All URIs are relative to *http://localhost*
Method | HTTP request | Description
------------- | ------------- | -------------
[**status**](NginxAgentApi.md#status) | **GET** /status | Health check endpoint
[**validate**](NginxAgentApi.md#validate) | **POST** /validate |
[**validate_and_reload**](NginxAgentApi.md#validate_and_reload) | **POST** /validate_and_reload |
[**write_config**](NginxAgentApi.md#write_config) | **POST** /write_config |
## status
> models::StatusResp status()
Health check endpoint
### Parameters
This endpoint does not need any parameter.
### Return type
[**models::StatusResp**](StatusResp.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: Not defined
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## validate
> serde_json::Value validate(validate_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**validate_body** | [**ValidateBody**](ValidateBody.md) | | [required] |
### Return type
[**serde_json::Value**](serde_json::Value.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## validate_and_reload
> models::ValidateAndReloadResp validate_and_reload(validate_and_reload_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**validate_and_reload_body** | [**ValidateAndReloadBody**](ValidateAndReloadBody.md) | | [required] |
### Return type
[**models::ValidateAndReloadResp**](ValidateAndReloadResp.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## write_config
> write_config(write_config_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**write_config_body** | [**WriteConfigBody**](WriteConfigBody.md) | | [required] |
### Return type
(empty response body)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)

11
public/agent-client/docs/StatusResp.md Normal file
View File

@@ -0,0 +1,11 @@
# StatusResp
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**ok** | **bool** | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

121
public/agent-client/docs/TagNginxtagApi.md Normal file
View File

@@ -0,0 +1,121 @@
# \TagNginxtagApi
All URIs are relative to *http://localhost*
Method | HTTP request | Description
------------- | ------------- | -------------
[**status**](TagNginxtagApi.md#status) | **GET** /status | Health check endpoint
[**validate**](TagNginxtagApi.md#validate) | **POST** /validate |
[**validate_and_reload**](TagNginxtagApi.md#validate_and_reload) | **POST** /validate_and_reload |
[**write_config**](TagNginxtagApi.md#write_config) | **POST** /write_config |
## status
> models::StatusResp status()
Health check endpoint
### Parameters
This endpoint does not need any parameter.
### Return type
[**models::StatusResp**](StatusResp.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: Not defined
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## validate
> serde_json::Value validate(validate_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**validate_body** | [**ValidateBody**](ValidateBody.md) | | [required] |
### Return type
[**serde_json::Value**](serde_json::Value.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## validate_and_reload
> models::ValidateAndReloadResp validate_and_reload(validate_and_reload_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**validate_and_reload_body** | [**ValidateAndReloadBody**](ValidateAndReloadBody.md) | | [required] |
### Return type
[**models::ValidateAndReloadResp**](ValidateAndReloadResp.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## write_config
> write_config(write_config_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**write_config_body** | [**WriteConfigBody**](WriteConfigBody.md) | | [required] |
### Return type
(empty response body)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)

12
public/agent-client/docs/ValidateAndReloadBody.md Normal file
View File

@@ -0,0 +1,12 @@
# ValidateAndReloadBody
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**config_name** | **String** | |
**timestamp** | **i64** | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

12
public/agent-client/docs/ValidateAndReloadResp.md Normal file
View File

@@ -0,0 +1,12 @@
# ValidateAndReloadResp
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**rc** | **i32** | |
**ro** | **String** | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

12
public/agent-client/docs/ValidateBody.md Normal file
View File

@@ -0,0 +1,12 @@
# ValidateBody
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**config_name** | **String** | |
**timestamp** | **i64** | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

13
public/agent-client/docs/WriteConfigBody.md Normal file
View File

@@ -0,0 +1,13 @@
# WriteConfigBody
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**config_name** | **String** | |
**content** | **String** | |
**timestamp** | **i64** | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

57
public/agent-client/git_push.sh Normal file
View File

@@ -0,0 +1,57 @@
#!/bin/sh
# ref: https://help.github.com/articles/adding-an-existing-project-to-github-using-the-command-line/
#
# Usage example: /bin/sh ./git_push.sh wing328 openapi-petstore-perl "minor update" "gitlab.com"
git_user_id=$1
git_repo_id=$2
release_note=$3
git_host=$4
if [ "$git_host" = "" ]; then
git_host="github.com"
echo "[INFO] No command line input provided. Set \$git_host to $git_host"
fi
if [ "$git_user_id" = "" ]; then
git_user_id="GIT_USER_ID"
echo "[INFO] No command line input provided. Set \$git_user_id to $git_user_id"
fi
if [ "$git_repo_id" = "" ]; then
git_repo_id="GIT_REPO_ID"
echo "[INFO] No command line input provided. Set \$git_repo_id to $git_repo_id"
fi
if [ "$release_note" = "" ]; then
release_note="Minor update"
echo "[INFO] No command line input provided. Set \$release_note to $release_note"
fi
# Initialize the local directory as a Git repository
git init
# Adds the files in the local repository and stages them for commit.
git add .
# Commits the tracked changes and prepares them to be pushed to a remote repository.
git commit -m "$release_note"
# Sets the new remote
git_remote=$(git remote)
if [ "$git_remote" = "" ]; then # git remote not defined
if [ "$GIT_TOKEN" = "" ]; then
echo "[INFO] \$GIT_TOKEN (environment variable) is not set. Using the git credential in your environment."
git remote add origin https://${git_host}/${git_user_id}/${git_repo_id}.git
else
git remote add origin https://${git_user_id}:"${GIT_TOKEN}"@${git_host}/${git_user_id}/${git_repo_id}.git
fi
fi
git pull origin master
# Pushes (Forces) the changes in the local repository up to the remote repository
echo "Git pushing to https://${git_host}/${git_user_id}/${git_repo_id}.git"
git push origin master 2>&1 | grep -v 'To https'

48
public/agent-client/src/apis/configuration.rs Normal file
View File

@@ -0,0 +1,48 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
#[derive(Debug, Clone)]
pub struct Configuration {
pub base_path: String,
pub user_agent: Option<String>,
pub client: reqwest::Client,
pub basic_auth: Option<BasicAuth>,
pub oauth_access_token: Option<String>,
pub bearer_access_token: Option<String>,
pub api_key: Option<ApiKey>,
}
pub type BasicAuth = (String, Option<String>);
#[derive(Debug, Clone)]
pub struct ApiKey {
pub prefix: Option<String>,
pub key: String,
}
impl Configuration {
pub fn new() -> Configuration {
Configuration::default()
}
}
impl Default for Configuration {
fn default() -> Self {
Configuration {
base_path: "http://localhost".to_owned(),
user_agent: Some("OpenAPI-Generator/0.1.0/rust".to_owned()),
client: reqwest::Client::new(),
basic_auth: None,
oauth_access_token: None,
bearer_access_token: None,
api_key: None,
}
}
}

165
public/agent-client/src/apis/mod.rs Normal file
View File

@@ -0,0 +1,165 @@
use std::error;
use std::fmt;
#[derive(Debug, Clone)]
pub struct ResponseContent<T> {
pub status: reqwest::StatusCode,
pub content: String,
pub entity: Option<T>,
}
#[derive(Debug)]
pub enum Error<T> {
Reqwest(reqwest::Error),
Serde(serde_json::Error),
Io(std::io::Error),
ResponseError(ResponseContent<T>),
}
impl<T> fmt::Display for Error<T> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
let (module, e) = match self {
Error::Reqwest(e) => ("reqwest", e.to_string()),
Error::Serde(e) => ("serde", e.to_string()),
Error::Io(e) => ("IO", e.to_string()),
Error::ResponseError(e) => ("response", format!("status code {}", e.status)),
};
write!(f, "error in {}: {}", module, e)
}
}
impl<T: fmt::Debug> error::Error for Error<T> {
fn source(&self) -> Option<&(dyn error::Error + 'static)> {
Some(match self {
Error::Reqwest(e) => e,
Error::Serde(e) => e,
Error::Io(e) => e,
Error::ResponseError(_) => return None,
})
}
}
impl<T> From<reqwest::Error> for Error<T> {
fn from(e: reqwest::Error) -> Self {
Error::Reqwest(e)
}
}
impl<T> From<serde_json::Error> for Error<T> {
fn from(e: serde_json::Error) -> Self {
Error::Serde(e)
}
}
impl<T> From<std::io::Error> for Error<T> {
fn from(e: std::io::Error) -> Self {
Error::Io(e)
}
}
pub fn urlencode<T: AsRef<str>>(s: T) -> String {
::url::form_urlencoded::byte_serialize(s.as_ref().as_bytes()).collect()
}
pub fn parse_deep_object(prefix: &str, value: &serde_json::Value) -> Vec<(String, String)> {
if let serde_json::Value::Object(object) = value {
let mut params = vec![];
for (key, value) in object {
match value {
serde_json::Value::Object(_) => params.append(&mut parse_deep_object(
&format!("{}[{}]", prefix, key),
value,
)),
serde_json::Value::Array(array) => {
for (i, value) in array.iter().enumerate() {
params.append(&mut parse_deep_object(
&format!("{}[{}][{}]", prefix, key, i),
value,
));
}
}
serde_json::Value::String(s) => {
params.push((format!("{}[{}]", prefix, key), s.clone()))
}
_ => params.push((format!("{}[{}]", prefix, key), value.to_string())),
}
}
return params;
}
unimplemented!("Only objects are supported with style=deepObject")
}
/// Internal use only
/// A content type supported by this client.
#[allow(dead_code)]
enum ContentType {
Json,
Text,
Unsupported(String),
}
impl From<&str> for ContentType {
fn from(content_type: &str) -> Self {
if content_type.starts_with("application") && content_type.contains("json") {
return Self::Json;
} else if content_type.starts_with("text/plain") {
return Self::Text;
} else {
return Self::Unsupported(content_type.to_string());
}
}
}
pub mod nginx_agent_api;
pub mod configuration;
use std::sync::Arc;
pub trait Api {
fn nginx_agent_api(&self) -> &dyn nginx_agent_api::NginxAgentApi;
}
pub struct ApiClient {
nginx_agent_api: Box<dyn nginx_agent_api::NginxAgentApi>,
}
impl ApiClient {
pub fn new(configuration: Arc<configuration::Configuration>) -> Self {
Self {
nginx_agent_api: Box::new(nginx_agent_api::NginxAgentApiClient::new(
configuration.clone(),
)),
}
}
}
impl Api for ApiClient {
fn nginx_agent_api(&self) -> &dyn nginx_agent_api::NginxAgentApi {
self.nginx_agent_api.as_ref()
}
}
#[cfg(feature = "mockall")]
pub struct MockApiClient {
pub nginx_agent_api_mock: nginx_agent_api::MockNginxAgentApi,
}
#[cfg(feature = "mockall")]
impl MockApiClient {
pub fn new() -> Self {
Self {
nginx_agent_api_mock: nginx_agent_api::MockNginxAgentApi::new(),
}
}
}
#[cfg(feature = "mockall")]
impl Api for MockApiClient {
fn nginx_agent_api(&self) -> &dyn nginx_agent_api::NginxAgentApi {
&self.nginx_agent_api_mock
}
}

329
public/agent-client/src/apis/nginx_agent_api.rs Normal file
View File

@@ -0,0 +1,329 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use super::{configuration, Error};
use crate::apis::ContentType;
use crate::{apis::ResponseContent, models};
use async_trait::async_trait;
#[cfg(feature = "mockall")]
use mockall::automock;
use reqwest;
use serde::{de::Error as _, Deserialize, Serialize};
use std::sync::Arc;
#[cfg_attr(feature = "mockall", automock)]
#[async_trait]
pub trait NginxAgentApi: Send + Sync {
/// GET /status
///
///
async fn status(&self) -> Result<ResponseContent<StatusSuccess>, Error<StatusError>>;
/// POST /validate
///
///
async fn validate(
&self,
params: ValidateParams,
) -> Result<ResponseContent<ValidateSuccess>, Error<ValidateError>>;
/// POST /validate_and_reload
///
///
async fn validate_and_reload(
&self,
params: ValidateAndReloadParams,
) -> Result<ResponseContent<ValidateAndReloadSuccess>, Error<ValidateAndReloadError>>;
/// POST /write_config
///
///
async fn write_config(
&self,
params: WriteConfigParams,
) -> Result<ResponseContent<WriteConfigSuccess>, Error<WriteConfigError>>;
}
pub struct NginxAgentApiClient {
configuration: Arc<configuration::Configuration>,
}
impl NginxAgentApiClient {
pub fn new(configuration: Arc<configuration::Configuration>) -> Self {
Self { configuration }
}
}
/// struct for passing parameters to the method [`NginxAgentApi::validate`]
#[derive(Clone, Debug)]
pub struct ValidateParams {
pub validate_body: models::ValidateBody,
}
/// struct for passing parameters to the method [`NginxAgentApi::validate_and_reload`]
#[derive(Clone, Debug)]
pub struct ValidateAndReloadParams {
pub validate_and_reload_body: models::ValidateAndReloadBody,
}
/// struct for passing parameters to the method [`NginxAgentApi::write_config`]
#[derive(Clone, Debug)]
pub struct WriteConfigParams {
pub write_config_body: models::WriteConfigBody,
}
#[async_trait]
impl NginxAgentApi for NginxAgentApiClient {
async fn status(&self) -> Result<ResponseContent<StatusSuccess>, Error<StatusError>> {
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/status", local_var_configuration.base_path);
let mut local_var_req_builder =
local_var_client.request(reqwest::Method::GET, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder
.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<StatusSuccess> =
serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Ok(local_var_result)
} else {
let local_var_entity: Option<StatusError> =
serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Err(Error::ResponseError(local_var_error))
}
}
async fn validate(
&self,
params: ValidateParams,
) -> Result<ResponseContent<ValidateSuccess>, Error<ValidateError>> {
let ValidateParams { validate_body } = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/validate", local_var_configuration.base_path);
let mut local_var_req_builder =
local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder
.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&validate_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<ValidateSuccess> =
serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Ok(local_var_result)
} else {
let local_var_entity: Option<ValidateError> =
serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Err(Error::ResponseError(local_var_error))
}
}
async fn validate_and_reload(
&self,
params: ValidateAndReloadParams,
) -> Result<ResponseContent<ValidateAndReloadSuccess>, Error<ValidateAndReloadError>> {
let ValidateAndReloadParams {
validate_and_reload_body,
} = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str =
format!("{}/validate_and_reload", local_var_configuration.base_path);
let mut local_var_req_builder =
local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder
.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&validate_and_reload_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<ValidateAndReloadSuccess> =
serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Ok(local_var_result)
} else {
let local_var_entity: Option<ValidateAndReloadError> =
serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Err(Error::ResponseError(local_var_error))
}
}
async fn write_config(
&self,
params: WriteConfigParams,
) -> Result<ResponseContent<WriteConfigSuccess>, Error<WriteConfigError>> {
let WriteConfigParams { write_config_body } = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/write_config", local_var_configuration.base_path);
let mut local_var_req_builder =
local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder
.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&write_config_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<WriteConfigSuccess> =
serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Ok(local_var_result)
} else {
let local_var_entity: Option<WriteConfigError> =
serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Err(Error::ResponseError(local_var_error))
}
}
}
/// struct for typed successes of method [`NginxAgentApi::status`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum StatusSuccess {
Status200(models::StatusResp),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`NginxAgentApi::validate`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateSuccess {
Status200(serde_json::Value),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`NginxAgentApi::validate_and_reload`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateAndReloadSuccess {
Status200(models::ValidateAndReloadResp),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`NginxAgentApi::write_config`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum WriteConfigSuccess {
Status200(),
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`NginxAgentApi::status`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum StatusError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`NginxAgentApi::validate`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`NginxAgentApi::validate_and_reload`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateAndReloadError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`NginxAgentApi::write_config`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum WriteConfigError {
Status500(serde_json::Value),
UnknownValue(serde_json::Value),
}

280
public/agent-client/src/apis/tag_nginxtag_api.rs Normal file
View File

@@ -0,0 +1,280 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use async_trait::async_trait;
#[cfg(feature = "mockall")]
use mockall::automock;
use reqwest;
use std::sync::Arc;
use serde::{Deserialize, Serialize, de::Error as _};
use crate::{apis::ResponseContent, models};
use super::{Error, configuration};
use crate::apis::ContentType;
#[cfg_attr(feature = "mockall", automock)]
#[async_trait]
pub trait TagNginxtagApi: Send + Sync {
/// GET /status
///
///
async fn status(&self, ) -> Result<ResponseContent<StatusSuccess>, Error<StatusError>>;
/// POST /validate
///
///
async fn validate(&self, params: ValidateParams ) -> Result<ResponseContent<ValidateSuccess>, Error<ValidateError>>;
/// POST /validate_and_reload
///
///
async fn validate_and_reload(&self, params: ValidateAndReloadParams ) -> Result<ResponseContent<ValidateAndReloadSuccess>, Error<ValidateAndReloadError>>;
/// POST /write_config
///
///
async fn write_config(&self, params: WriteConfigParams ) -> Result<ResponseContent<WriteConfigSuccess>, Error<WriteConfigError>>;
}
pub struct TagNginxtagApiClient {
configuration: Arc<configuration::Configuration>
}
impl TagNginxtagApiClient {
pub fn new(configuration: Arc<configuration::Configuration>) -> Self {
Self { configuration }
}
}
/// struct for passing parameters to the method [`TagNginxtagApi::validate`]
#[derive(Clone, Debug)]
pub struct ValidateParams {
pub validate_body: models::ValidateBody
}
/// struct for passing parameters to the method [`TagNginxtagApi::validate_and_reload`]
#[derive(Clone, Debug)]
pub struct ValidateAndReloadParams {
pub validate_and_reload_body: models::ValidateAndReloadBody
}
/// struct for passing parameters to the method [`TagNginxtagApi::write_config`]
#[derive(Clone, Debug)]
pub struct WriteConfigParams {
pub write_config_body: models::WriteConfigBody
}
#[async_trait]
impl TagNginxtagApi for TagNginxtagApiClient {
async fn status(&self, ) -> Result<ResponseContent<StatusSuccess>, Error<StatusError>> {
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/status", local_var_configuration.base_path);
let mut local_var_req_builder = local_var_client.request(reqwest::Method::GET, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<StatusSuccess> = serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Ok(local_var_result)
} else {
let local_var_entity: Option<StatusError> = serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Err(Error::ResponseError(local_var_error))
}
}
async fn validate(&self, params: ValidateParams ) -> Result<ResponseContent<ValidateSuccess>, Error<ValidateError>> {
let ValidateParams {
validate_body,
} = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/validate", local_var_configuration.base_path);
let mut local_var_req_builder = local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&validate_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<ValidateSuccess> = serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Ok(local_var_result)
} else {
let local_var_entity: Option<ValidateError> = serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Err(Error::ResponseError(local_var_error))
}
}
async fn validate_and_reload(&self, params: ValidateAndReloadParams ) -> Result<ResponseContent<ValidateAndReloadSuccess>, Error<ValidateAndReloadError>> {
let ValidateAndReloadParams {
validate_and_reload_body,
} = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/validate_and_reload", local_var_configuration.base_path);
let mut local_var_req_builder = local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&validate_and_reload_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<ValidateAndReloadSuccess> = serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Ok(local_var_result)
} else {
let local_var_entity: Option<ValidateAndReloadError> = serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Err(Error::ResponseError(local_var_error))
}
}
async fn write_config(&self, params: WriteConfigParams ) -> Result<ResponseContent<WriteConfigSuccess>, Error<WriteConfigError>> {
let WriteConfigParams {
write_config_body,
} = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/write_config", local_var_configuration.base_path);
let mut local_var_req_builder = local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&write_config_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<WriteConfigSuccess> = serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Ok(local_var_result)
} else {
let local_var_entity: Option<WriteConfigError> = serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Err(Error::ResponseError(local_var_error))
}
}
}
/// struct for typed successes of method [`TagNginxtagApi::status`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum StatusSuccess {
Status200(models::StatusResp),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`TagNginxtagApi::validate`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateSuccess {
Status200(serde_json::Value),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`TagNginxtagApi::validate_and_reload`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateAndReloadSuccess {
Status200(models::ValidateAndReloadResp),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`TagNginxtagApi::write_config`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum WriteConfigSuccess {
Status200(),
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`TagNginxtagApi::status`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum StatusError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`TagNginxtagApi::validate`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`TagNginxtagApi::validate_and_reload`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateAndReloadError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`TagNginxtagApi::write_config`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum WriteConfigError {
Status500(serde_json::Value),
UnknownValue(serde_json::Value),
}

10
public/agent-client/src/lib.rs Normal file
View File

@@ -0,0 +1,10 @@
#![allow(unused_imports)]
#![allow(clippy::too_many_arguments)]
extern crate serde;
extern crate serde_json;
extern crate serde_repr;
extern crate url;
pub mod apis;
pub mod models;

10
public/agent-client/src/models/mod.rs Normal file
View File

@@ -0,0 +1,10 @@
pub mod status_resp;
pub use self::status_resp::StatusResp;
pub mod validate_and_reload_body;
pub use self::validate_and_reload_body::ValidateAndReloadBody;
pub mod validate_and_reload_resp;
pub use self::validate_and_reload_resp::ValidateAndReloadResp;
pub mod validate_body;
pub use self::validate_body::ValidateBody;
pub mod write_config_body;
pub use self::write_config_body::WriteConfigBody;

24
public/agent-client/src/models/status_resp.rs Normal file
View File

@@ -0,0 +1,24 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
use serde::{Deserialize, Serialize};
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct StatusResp {
#[serde(rename = "ok")]
pub ok: bool,
}
impl StatusResp {
pub fn new(ok: bool) -> StatusResp {
StatusResp { ok }
}
}

29
public/agent-client/src/models/validate_and_reload_body.rs Normal file
View File

@@ -0,0 +1,29 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
use serde::{Deserialize, Serialize};
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct ValidateAndReloadBody {
#[serde(rename = "config_name")]
pub config_name: String,
#[serde(rename = "timestamp")]
pub timestamp: i64,
}
impl ValidateAndReloadBody {
pub fn new(config_name: String, timestamp: i64) -> ValidateAndReloadBody {
ValidateAndReloadBody {
config_name,
timestamp,
}
}
}

26
public/agent-client/src/models/validate_and_reload_resp.rs Normal file
View File

@@ -0,0 +1,26 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
use serde::{Deserialize, Serialize};
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct ValidateAndReloadResp {
#[serde(rename = "rc")]
pub rc: i32,
#[serde(rename = "ro")]
pub ro: String,
}
impl ValidateAndReloadResp {
pub fn new(rc: i32, ro: String) -> ValidateAndReloadResp {
ValidateAndReloadResp { rc, ro }
}
}

29
public/agent-client/src/models/validate_body.rs Normal file
View File

@@ -0,0 +1,29 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
use serde::{Deserialize, Serialize};
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct ValidateBody {
#[serde(rename = "config_name")]
pub config_name: String,
#[serde(rename = "timestamp")]
pub timestamp: i64,
}
impl ValidateBody {
pub fn new(config_name: String, timestamp: i64) -> ValidateBody {
ValidateBody {
config_name,
timestamp,
}
}
}

32
public/agent-client/src/models/write_config_body.rs Normal file
View File

@@ -0,0 +1,32 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
use serde::{Deserialize, Serialize};
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct WriteConfigBody {
#[serde(rename = "config_name")]
pub config_name: String,
#[serde(rename = "content")]
pub content: String,
#[serde(rename = "timestamp")]
pub timestamp: i64,
}
impl WriteConfigBody {
pub fn new(config_name: String, content: String, timestamp: i64) -> WriteConfigBody {
WriteConfigBody {
config_name,
content,
timestamp,
}
}
}