GW_MC/YANPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: GW_MC:feature/frontend-login
Branches Tags
GW_MC:master GW_MC:feature/upstream-service GW_MC:feature/agent-client GW_MC:feature/agent GW_MC:feature/frontend-login GW_MC:documentation
..
compare: GW_MC:c65dc3af47265aea0668ac4965140f1dbe059f9e
Branches Tags
GW_MC:master GW_MC:feature/upstream-service GW_MC:feature/agent-client GW_MC:feature/agent GW_MC:feature/frontend-login GW_MC:documentation

21 Commits
feature/fr ... c65dc3af47

Author SHA1 Message Date
GW_MC
c65dc3af47 feat: Basic agent-client service
Some checks failed
Test / test-frontend (pull_request) Successful in 27s
Details
Test / frontend-build (pull_request) Successful in 33s
Details
Verify / verify-openapi-spec (pull_request) Successful in 7s
Details
Verify / verify-generated-agent-code (pull_request) Successful in 1m7s
Details
Verify / verify-generated-database-code (pull_request) Successful in 2m14s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 6s
Details
Test / lint-crates (pull_request) Failing after 1m28s
Details
Test / test-crates (pull_request) Successful in 2m40s
Details
Test / lint-frontend (pull_request) Successful in 29s
Details
2025-12-28 17:53:27 +08:00
GW_MC
6f395ed1ae rename workflows jobs 2025-12-28 16:42:12 +08:00
GW_MC
e6e85564e7 fix: incorrect pnpm cache
All checks were successful
Test / test-frontend (pull_request) Successful in 1m17s
Details
Test / lint-frontend (pull_request) Successful in 1m19s
Details
Test / frontend-build (pull_request) Successful in 1m55s
Details
Verify / verify-openapi-spec (pull_request) Successful in 31s
Details
Verify / verify-generated-agent-code (pull_request) Successful in 2m54s
Details
Verify / verify-generated-code (pull_request) Successful in 3m57s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 8s
Details
Test / lint (pull_request) Successful in 1m25s
Details
Test / test (pull_request) Successful in 3m26s
Details
2025-12-28 16:29:31 +08:00
GW_MC
c7a090f78a fix: frontend deps not installed 2025-12-28 16:23:10 +08:00
GW_MC
8cc2775fe4 feat: auto format generated code, and ignore clippy lint in agent-client 2025-12-28 16:22:41 +08:00
GW_MC
0b64538754 added verify for untracked generated files 2025-12-28 15:56:04 +08:00
GW_MC
8009ca20ff feat: added verify generated agent code in action workflows 2025-12-28 15:55:30 +08:00
GW_MC
7a5b9471e0 feat: added agent rust client generation 2025-12-28 15:16:47 +08:00
GW_MC
bb55e37b49 feat: added openapi generation for agent 2025-12-28 15:15:42 +08:00
GW_MC
9a264a61ac Merge pull request 'feature/agent' (#11) from feature/agent into master
All checks were successful
Test / test-frontend (push) Successful in 20s
Details
Test / lint-frontend (push) Successful in 24s
Details
Verify / verify-openapi-spec (push) Successful in 4s
Details
Test / frontend-build (push) Successful in 29s
Details
Verify / verify-frontend-api-client (push) Successful in 5s
Details
Test / test (push) Successful in 53s
Details
Verify / verify-generated-code (push) Successful in 1m6s
Details
Test / lint (push) Successful in 1m10s
Details 
Reviewed-on: #11
 2025-12-22 18:29:26 +08:00
GW_MC
0eafd6a264 feat: upgrade actions/cache to v4 and clean up imports in main.rs
All checks were successful
Test / test-frontend (pull_request) Successful in 23s
Details
Test / lint-frontend (pull_request) Successful in 26s
Details
Verify / verify-openapi-spec (pull_request) Successful in 4s
Details
Test / frontend-build (pull_request) Successful in 29s
Details
Test / test (pull_request) Successful in 55s
Details
Verify / verify-generated-code (pull_request) Successful in 1m10s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 7s
Details
Test / lint (pull_request) Successful in 1m10s
Details
2025-12-22 18:26:19 +08:00
GW_MC
c14af00c08 feat: update dependencies and refactor command line argument handling for yanpm-agent
Some checks failed
Test / test-frontend (pull_request) Successful in 23s
Details
Test / lint-frontend (pull_request) Successful in 27s
Details
Verify / verify-openapi-spec (pull_request) Successful in 4s
Details
Test / frontend-build (pull_request) Successful in 30s
Details
Verify / verify-frontend-api-client (pull_request) Has been cancelled
Details
Verify / verify-generated-code (pull_request) Has been cancelled
Details
Test / test (pull_request) Has been cancelled
Details
Test / lint (pull_request) Has been cancelled
Details
2025-12-22 18:16:26 +08:00
GW_MC
dce8203322 feat: add comprehensive documentation for yanpm-agent, including API reference, configuration, deployment, usage examples, and troubleshooting 2025-12-22 17:56:18 +08:00
GW_MC
5cffb0a519 feat: add nginx reload and validation wrappers with sudo permissions 2025-12-22 17:18:36 +08:00
GW_MC
6e85bda13f Refactor container definitions 2025-12-22 14:32:57 +08:00
GW_MC
7db23b01df Add testcontainer for agent image with nginx 2025-12-22 12:54:14 +08:00
GW_MC
61ecd91219 feat: add nix dependency and enhance socket permissions handling 2025-12-21 19:32:48 +08:00
GW_MC
b823fe6281 feat: Fix permission and env errors, add loggings, socket perm args 2025-12-21 18:52:26 +08:00
GW_MC
7781878c2d feat: implement Dockerfile and service scripts for yanpm-agent 2025-12-21 17:51:43 +08:00
GW_MC
4ca59d2bb6 feat: add agent module with Nginx service commands and routes 
- Introduced a new agent module with commands for managing Nginx configurations.
- Implemented `NginxService` for handling reload, validation, and configuration writing.
- Added routes for status, validation, and configuration writing using Axum.
- Created necessary command files: `reload.rs`, `run.rs`, `validate.rs`, `write_config.rs`.
- Updated `Cargo.toml` and `Cargo.lock` to include new dependencies.
- Added `.gitignore` for the agent module.
- Updated `justfile` to include OpenAPI generation for the agent.
 2025-12-21 15:32:42 +08:00
GW_MC
8334da8cf1 Merge pull request 'feature/frontend-login' (#10) from feature/frontend-login into master
All checks were successful
Test / test-frontend (push) Successful in 20s
Details
Test / lint-frontend (push) Successful in 23s
Details
Test / frontend-build (push) Successful in 27s
Details
Test / test (push) Successful in 45s
Details
Verify / verify-generated-code (push) Successful in 58s
Details
Verify / verify-openapi-spec (push) Successful in 58s
Details
Verify / verify-frontend-api-client (push) Successful in 19s
Details
Test / lint (push) Successful in 1m1s
Details 
Reviewed-on: #10
 2025-12-20 19:01:04 +08:00
78 changed files with 7095 additions and 1548 deletions
Expand all files Collapse all files

6
.github/actions/setup-rust/action.yml vendored
View File

@@ -22,7 +22,7 @@ runs:
fetch-depth: 0 fetch-depth: 0
- name: Cache cargo registry - name: Cache cargo registry
uses: actions/cache@v3 uses: actions/cache@v4
with: with:
path: ~/.cargo/registry path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
@@ -30,7 +30,7 @@ runs:
${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo index - name: Cache cargo index
uses: actions/cache@v3 uses: actions/cache@v4
with: with:
path: ~/.cargo/index path: ~/.cargo/index
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
@@ -51,7 +51,7 @@ runs:
${{ runner.os }}-rustup- ${{ runner.os }}-rustup-
- name: Cache cargo build (target) - name: Cache cargo build (target)
uses: actions/cache@v3 uses: actions/cache@v4
with: with:
path: target path: target
key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }} key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }}

15
.github/workflows/test.yml vendored
View File

@@ -12,11 +12,8 @@ on:
jobs: jobs:
# setup is now handled by a composite action used by downstream jobs to keep
# the workflow DRY. The composite action performs checkout, cache restore and
# toolchain setup.
test: test-crates:
needs: frontend-build needs: frontend-build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@@ -39,7 +36,7 @@ jobs:
- name: Run tests - name: Run tests
run: cargo test --all-features run: cargo test --all-features
lint: lint-crates:
needs: frontend-build needs: frontend-build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@@ -83,7 +80,7 @@ jobs:
with: with:
node-version: 22 node-version: 22
cache: 'pnpm' cache: 'pnpm'
cache-dependency-path: apps/frontend/pnpm-lock.yaml cache-dependency-path: pnpm-lock.yaml
- name: Install frontend dependencies - name: Install frontend dependencies
run: | run: |
@@ -114,7 +111,7 @@ jobs:
with: with:
node-version: 22 node-version: 22
cache: 'pnpm' cache: 'pnpm'
cache-dependency-path: apps/frontend/pnpm-lock.yaml cache-dependency-path: pnpm-lock.yaml
- name: Install frontend dependencies - name: Install frontend dependencies
run: | run: |
@@ -142,12 +139,12 @@ jobs:
with: with:
node-version: 22 node-version: 22
cache: 'pnpm' cache: 'pnpm'
cache-dependency-path: apps/frontend/pnpm-lock.yaml cache-dependency-path: pnpm-lock.yaml
- name: Install frontend dependencies - name: Install frontend dependencies
run: | run: |
cd apps/frontend cd apps/frontend
pnpm install pnpm install --frozen-lockfile
- name: Build frontend - name: Build frontend
run: | run: |

67
.github/workflows/verify.yml vendored
View File

@@ -11,11 +11,8 @@ on:
jobs: jobs:
# setup is now handled by a composite action used by downstream jobs to keep
# the workflow DRY. The composite action performs checkout, cache restore and
# toolchain setup.
verify-generated-code: verify-generated-database-code:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout repository - name: Checkout repository
@@ -32,14 +29,62 @@ jobs:
cargo run -- db:migrate_and_generate --output-path ../../public/database/src/generated/entities cargo run -- db:migrate_and_generate --output-path ../../public/database/src/generated/entities
- name: Check for uncommitted changes in /generated/ - name: Check for uncommitted changes in /generated/
run: | run: |
if [[ -n $(git status --porcelain | grep '^ M .*\/generated\/') ]]; then if [[ -n $(git status --porcelain --untracked-files=all | grep '/generated/') ]]; then
echo "Generated code is not up to date. Please run the code generation locally and commit the changes." echo "Generated code is not up to date. Please run the code generation locally and commit the changes."
git status --porcelain | grep '^ M .*\/generated\/' git status --porcelain --untracked-files=all | grep '/generated/'
exit 1 exit 1
else else
echo "Generated code is up to date." echo "Generated code is up to date."
fi fi
verify-generated-agent-code:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '21'
- name: Setup Rust, checkout and restore caches
uses: ./.github/actions/setup-rust
- name: Setup PNPM
uses: pnpm/action-setup@v4
with:
version: 10
run_install: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 22
cache: 'pnpm'
cache-dependency-path: pnpm-lock.yaml
- name: Install root dependencies
run: |
pnpm install --frozen-lockfile
- name: generate agent client code
run: |
pnpm just generate-agent-client
- name: Check for uncommitted changes in agent client code
run: |
if [[ -n $(git status --porcelain --untracked-files=all | grep 'public/agent-client/') ]]; then
echo "Agent client code is not up to date. Please run the agent client code generation locally and commit the changes."
git status --porcelain --untracked-files=all | grep 'public/agent-client/'
exit 1
else
echo "Agent client code is up to date."
fi
verify-openapi-spec: verify-openapi-spec:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@@ -99,9 +144,9 @@ jobs:
- name: Check for uncommitted changes in swagger.json - name: Check for uncommitted changes in swagger.json
if: steps.check_changes.outputs.changed == 'true' if: steps.check_changes.outputs.changed == 'true'
run: | run: |
if [[ -n $(git status --porcelain | grep '^ M apps/api/swagger.json') ]]; then if [[ -n $(git status --porcelain --untracked-files=all | grep 'apps/api/swagger.json') ]]; then
echo "OpenAPI spec is not up to date. Please run the OpenAPI generation locally and commit the changes." echo "OpenAPI spec is not up to date. Please run the OpenAPI generation locally and commit the changes."
git status --porcelain | grep '^ M apps/api/swagger.json' git status --porcelain --untracked-files=all | grep 'apps/api/swagger.json'
exit 1 exit 1
else else
echo "OpenAPI spec is up to date." echo "OpenAPI spec is up to date."
@@ -165,7 +210,7 @@ jobs:
with: with:
node-version: 22 node-version: 22
cache: 'pnpm' cache: 'pnpm'
cache-dependency-path: apps/frontend/pnpm-lock.yaml cache-dependency-path: pnpm-lock.yaml
- name: Install frontend dependencies - name: Install frontend dependencies
if: steps.check_swagger_changes.outputs.changed == 'true' if: steps.check_swagger_changes.outputs.changed == 'true'
@@ -182,9 +227,9 @@ jobs:
- name: Check for uncommitted changes in frontend API client - name: Check for uncommitted changes in frontend API client
if: steps.check_swagger_changes.outputs.changed == 'true' if: steps.check_swagger_changes.outputs.changed == 'true'
run: | run: |
if [[ -n $(git status --porcelain | grep '^ M apps/frontend/app/generated/api-client') ]]; then if [[ -n $(git status --porcelain --untracked-files=all | grep 'apps/frontend/app/generated/api-client') ]]; then
echo "Frontend API client is not up to date. Please run the API client generation locally and commit the changes." echo "Frontend API client is not up to date. Please run the API client generation locally and commit the changes."
git status --porcelain | grep '^ M apps/frontend/app/generated/api-client' git status --porcelain --untracked-files=all | grep 'apps/frontend/app/generated/api-client'
exit 1 exit 1
else else
echo "Frontend API client is up to date." echo "Frontend API client is up to date."

2
.gitignore vendored
View File

@@ -27,3 +27,5 @@ target
.env.generated .env.generated
generated-config.yaml generated-config.yaml
node_modules/

984
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

2
Cargo.toml
View File

@@ -3,6 +3,8 @@ members = [
"apps/api", "apps/api",
"apps/container", "apps/container",
"apps/cli", "apps/cli",
"apps/agent",
"public/agent-client",
"public/shared", "public/shared",
"public/database", "public/database",
"public/migration" "public/migration"

1
apps/agent/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
*.sock

16
apps/agent/Cargo.toml Normal file
View File

@@ -0,0 +1,16 @@
[package]
name = "yanpm-agent"
version = "0.1.0"
edition = "2024"
[dependencies]
axum = { version = "0.8.7", features = ["form", "http1", "json", "matched-path", "original-uri", "query", "tokio", "tower-log", "tracing", "macros"] }
tokio = { version = "1", features = ["fs", "io-util", "io-std", "macros", "net", "parking_lot", "process", "rt", "rt-multi-thread", "signal", "sync", "time", "tracing"] }
tracing = { version = "0.1.41", features = ["std", "attributes"] }
tracing-subscriber = { version = "0.3.20", features = ["smallvec", "fmt", "ansi", "tracing-log", "std", "json", "serde", "serde_json", "time", "tracing"] }
serde_json = { version = "1.0.145", features = ["std"] }
serde = { version = "1.0.228", features = ["std", "derive"] }
tokio-cron-scheduler = { version = "0.15.1", features = ["signal"] }
clap = { version = "4", features = ["derive", "env"] }
nix = { version = "0.30.1", features = ["user", "fs"] }
utoipa = { version = "5.4.0", features = ["macros", "axum_extras", "chrono", "decimal", "uuid", "time", "openapi_extensions"] }

56
apps/agent/Dockerfile Normal file
View File

@@ -0,0 +1,56 @@
FROM rust:1.92-alpine3.23 AS builder
# Install build deps and binutils (for strip)
RUN apk add --no-cache build-base musl-dev openssl-dev pkgconfig ca-certificates curl binutils
WORKDIR /app
# Copy manifest first to leverage Docker layer caching for dependencies
COPY ./Cargo.toml ./
RUN cargo fetch --locked || true
COPY ./src ./src
# Build the release binary and strip it to reduce size
RUN cargo build --release --bin yanpm-agent && \
strip target/release/yanpm-agent || true
FROM nginx:mainline-alpine3.23 AS base
# Expose typical HTTP ports used by nginx
EXPOSE 80 443
ENV S6_KEEP_ENV=1
ENV YANPM_AGENT_SOCK=/var/run/yanpm/yanpm-agent.sock
ENV YANPM_NGINX_CONFIG_DIR=/etc/nginx/conf.d
ENV YANPM_AGENT_SOCK_PERM=660
ENV YANPM_AGENT_SOCK_GID=""
ENV YANPM_AGENT_UID=1000
ENV YANPM_AGENT_GID=1000
WORKDIR /app
# Install ca-certificates for TLS and minimal tools
RUN apk add --no-cache ca-certificates curl
# Install s6-overlay
ENV S6_OVERLAY_VERSION=v3.2.1.0
ADD https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && rm /tmp/s6-overlay-noarch.tar.xz
ADD https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp/s6-overlay.tar.xz
RUN tar -C / -Jxpf /tmp/s6-overlay.tar.xz && rm /tmp/s6-overlay.tar.xz
# Runtime user creation handled by s6 cont-init (see /etc/cont-init.d)
# create directory for yanpm agent socket; ownership will be fixed at container start
RUN mkdir -p /var/run/yanpm
# Copy s6 service definitions (created in repo under s6/) into image
COPY ./docker/s6/services.d /etc/services.d
COPY ./docker/s6/cont-init.d /etc/cont-init.d
RUN chmod +x /etc/services.d/*/run && chmod +x /etc/cont-init.d/*
COPY --from=builder /app/target/release/yanpm-agent ./yanpm-agent
RUN chmod +x /app/yanpm-agent
# s6-overlay provides /init as the init process
ENTRYPOINT ["/init"]

19
apps/agent/doc/README.md Normal file
View File

@@ -0,0 +1,19 @@
# yanpm-agent Documentation
This directory contains in-depth documentation for the yanpm agent daemon (the binary built from `apps/agent`). The agent exposes a unix-socket HTTP API for writing nginx configuration fragments, validating them, and reloading nginx safely.
Docs included:
- `architecture.md` — Detailed explanation of the program flow and components.
- `configuration.md` — CLI flags, environment variables, defaults, and permission handling.
- `usage.md` — How to run the agent, curl examples, and systemd/docker hints.
- `api.md` — HTTP API endpoints, request and response schemas, examples.
- `deployment.md` — Deployment considerations, permissions, and systemd socket/unit examples.
- `troubleshooting.md` — Common errors and solutions.
For implementation details, see the source in `apps/agent/src` (notably `main.rs`, `routes.rs`, and the `commands/` submodule).
Integration notes
- The agent is intended to run as a companion agent for the API service in `apps/api`. The API service calls the agent over the unix-domain socket to write nginx fragments, validate them, and trigger reloads.
- A production Docker image is provided by `apps/agent/Dockerfile`. That Dockerfile packages nginx + the `yanpm-agent` binary and s6-overlay service scripts so a single container can run nginx and the agent alongside each other.

68
apps/agent/doc/api.md Normal file
View File

@@ -0,0 +1,68 @@
# HTTP API Reference
Base: HTTP over a unix-domain socket. Example using curl: `curl --unix-socket /path/to/socket -X POST http://localhost/<path>`
1) GET /status
- Response: 200 OK
- Body: JSON `{ "ok": true }`
2) POST /validate
- Request JSON:
```json
{
"config_name": "example",
"timestamp": 1234567890
}
```
- Behavior: validates the fragment file named by `config_name` and `timestamp` under the agent's internal subdirectory inside the configured nginx config directory. Delegates to `ValidateCommand::validate`.
- Success: 200 OK, body is `[rc, output]` tuple serialized as JSON (actual shape is `(i32, String)` returned from the command; examine responses for exact formatting).
- Error cases:
- 400 Bad Request: invalid or malformed JSON
- 500 Internal Server Error: validation error or missing fragment file
- Request JSON:
```json
{
"config_name": "example",
"timestamp": 1234567890
}
```
- Behavior: validates the fragment file named by `config_name` and `timestamp` under the agent's internal subdirectory inside the configured nginx config directory. Delegates to `ValidateCommand::validate`.
- Success: 200 OK, body is a JSON array `[rc, output]` where `rc` is the integer return code and `output` is the combined stdout/stderr string from the validation command (the command returns an `(i32, String)` tuple).
- Error cases:
- 400 Bad Request: invalid or malformed JSON
- 500 Internal Server Error: validation error or missing fragment file
3) POST /validate_and_reload
- Request JSON same as `/validate`.
- Behavior: runs validation and, on success, attempts to reload nginx. Returns an object with `rc` and `ro` (return code and combined stdout/stderr output).
- Success: 200 OK with body: `{ "rc": <int>, "ro": "<output>" }`
- Errors: 400 for malformed JSON, 500 if the validate-and-reload command fails (body presents error text).
4) POST /write_config
- Request JSON:
```json
{
"config_name": "example",
"timestamp": 1234567890,
"content": "server { ... }"
}
```
- Behavior: writes the provided `content` into an agent-managed fragment file named from `config_name` and `timestamp` in the internal subdirectory under `nginx_config_dir`.
- Success: 200 OK with empty body
- Error: 400 for malformed JSON, 500 if writing the file fails
Notes
- The agent expects callers to choose a `config_name` and `timestamp` that together form a unique filename. The concrete filename encoding is performed by `commands::run::to_file_name` in source.
- On validation failures the returned output often contains the full `nginx -t` output; inspect `ro` or the returned JSON error messages.

34
apps/agent/doc/architecture.md Normal file
View File

@@ -0,0 +1,34 @@
# Architecture and Runtime Flow
Overview
- The agent is an async HTTP server (axum) listening on a Unix domain socket and exposes a small JSON API to manage nginx configuration fragments.
- Core lifecycle is implemented in `apps/agent/src/main.rs`:
- parse CLI args and environment variables
- ensure the socket path and directory exist and have permissive but secure defaults
- bind a `tokio::net::UnixListener` to the socket
- create an `NginxService` (shared state) and an in-process cron `JobScheduler`
- mount axum routes (`/status`, `/validate`, `/validate_and_reload`, `/write_config`) and serve HTTP over the Unix socket
Key components
- `main.rs` — Bootstrapping, argument handling, socket setup and permission handling, scheduler start, and axum server startup.
- `routes.rs` — axum handlers for the HTTP API. It deserializes JSON payloads and delegates to `NginxService` methods. Handlers return appropriate HTTP status codes and JSON on error or success.
- `commands/` — Implementation of lower-level actions (writing fragment files, running `nginx -t`, validating, reloads). The `validate.rs` command contains sophisticated behavior to handle permission-limited environments by:
- creating wrapper nginx configs that include a single fragment
- trying `nginx -t` directly, attempting a privileged wrapper via `sudo` if available, and finally passing a writable PID override via `-g pid ...;` to avoid permission failures
Concurrency and state
- A single shared `NginxService` instance is stored in axum `State` and cloned into handlers; it holds the scheduler and the configured nginx config directory path.
- The JobScheduler is created with `tokio_cron_scheduler::JobScheduler` and started before serving requests.
Error handling and best-effort behavior
- Socket permission changes, GID changes, and directory creations are best-effort and log warnings on failure rather than failing hard.
- Most command failures are converted into JSON errors with appropriate HTTP status codes so callers can inspect command output.
Integration and packaging
- The agent is intended to run as a companion to the API server in `apps/api`. The API calls the agent over the unix socket to write fragments, validate them, and trigger reloads.
- `apps/agent/Dockerfile` builds a runtime image that includes `nginx` and the `yanpm-agent` binary (the Dockerfile uses s6-overlay to run multiple services). This image is suitable for deployments that prefer nginx and the agent colocated in a single container.

27
apps/agent/doc/configuration.md Normal file
View File

@@ -0,0 +1,27 @@
# Configuration and Environment
CLI flags and environment variables
- `--sock` / `YANPM_AGENT_SOCK` (default: `./yanpm-agent.sock`)
- Path to the Unix socket file the agent will bind to.
- If the socket directory does not exist the agent attempts to create it and set mode `0770`.
- `--nginx-config-dir` / `YANPM_NGINX_CONFIG_DIR` (default: `/etc/nginx/conf.d`)
- Directory where nginx fragments are written. The agent writes fragments into a subdirectory named by the agent (internal use).
- `--sock-perm` / `YANPM_AGENT_SOCK_PERM` (default: `660`)
- A 3-digit octal permission string applied to the socket file (best-effort). The program validates this is a 3-digit octal string.
- If the final digit is greater than `0` a warning is logged because that allows "others" access.
- `--sock-gid` / `YANPM_AGENT_SOCK_GID` (default: current user's primary group)
- GID to set on the socket file (best-effort).
Validation rules and behavior
- `sock_perm` must be exactly 3 octal digits (characters 0-7). The agent rejects invalid values at startup.
- When an existing path exists at the socket location the agent verifies it is a unix socket; if so it removes it before binding. If the path exists and is not a socket, startup fails.
- Setting permissions (`set_permissions`) and changing GID (`chown`) are attempted but non-fatal: failures are logged as warnings and the agent continues.
Notes about nginx config directory
- The agent writes fragments into a subdirectory (internal) of the configured `nginx_config_dir`. Ensure nginx is configured to include that subdirectory so fragments are picked up, or use `write_config` then trigger a reload.

62
apps/agent/doc/deployment.md Normal file
View File

@@ -0,0 +1,62 @@
# Deployment and Permissions
Socket location and permissions
- The agent binds a unix socket at the path given by `--sock` or `YANPM_AGENT_SOCK`. The agent will:
- create the parent directory (best-effort) and attempt to set its permissions to `0770`
- remove an existing socket file if it is a socket, or fail if the path exists and is not a socket
- apply the `sock_perm` (3-digit octal) to the socket file and optionally change its GID to `sock_gid`
Systemd socket/unit example
Create a `yanpm-agent.socket` unit that creates and owns the unix socket, and a `yanpm-agent.service` that runs the agent. Ensure the socket path used by systemd matches `--sock`.
Docker / container notes
- If running the agent inside a container and writing to host nginx config, bind-mount the host nginx config directory into the container at the path provided to `--nginx-config-dir`.
- Consider running the agent as a user with permission to write the nginx config directory or use a shared group and `sock_gid` so clients can access the socket.
- The repository provides a runtime image built by `apps/agent/Dockerfile` which packages `nginx` together with the `yanpm-agent` binary and s6-overlay service scripts. This image runs nginx and the agent in one container which is useful when the agent is acting as the runtime companion for the API (`apps/api`).
Privilege escalation for validation
- In many systems `nginx -t` may fail due to inability to access `/run/nginx.pid` or other privileged files. The agent attempts a best-effort sequence:
1. Run `nginx -t` directly.
2. If that fails with permission errors, try a privileged wrapper (e.g. `/usr/local/sbin/yanpm-nginx-validate` or `yanpm-nginx-validate-file`) via `sudo -n`.
3. If wrapper is unavailable or fails, retry `nginx -t` with a writable PID override via `-g 'pid /tmp/yanpm-validate-<pid>.pid;'`.
Security considerations
- Avoid setting `sock_perm` to allow world access unless explicitly intended.
- Prefer controlling socket group membership via `sock_gid` rather than making the socket world-writable.
s6 init scripts, wrappers and sudoers (runtime)
- Purpose: The image built by `apps/agent/Dockerfile` uses `s6-overlay` as PID 1 (the Dockerfile sets `ENTRYPOINT ["/init"]`). The repository includes `docker/s6/cont-init.d` scripts that run at container startup (one-shot) and `docker/s6/services.d` entries to run long-lived services (nginx and the agent). The cont-init scripts prepare runtime users, permissions, and helper wrappers the agent uses for privileged operations.
- Key cont-init scripts (in the repo):
- `docker/s6/cont-init.d/10-create-app-user` — ensures the `yanpm-agent` user and group exist (honoring `YANPM_AGENT_UID`, `YANPM_AGENT_GID`, and `YANPM_AGENT_SOCK_GID`), adds the user to the `nginx` group, and attempts to chown runtime directories like `/var/run/yanpm` and `/app/yanpm-agent` (logs warnings if chown fails for bind mounts or rootless containers).
- `docker/s6/cont-init.d/20-install-reload-wrapper` — installs three helper wrappers and a sudoers entry so the `yanpm-agent` user can perform narrowly-scoped privileged operations without a password.
- Wrapper scripts installed by `20-install-reload-wrapper`:
- `/usr/local/sbin/yanpm-nginx-reload` — runs `nginx -c /etc/nginx/nginx.conf -s reload` (used for reloading the running nginx master process).
- `/usr/local/sbin/yanpm-nginx-validate` — runs `nginx -c /etc/nginx/nginx.conf -t` (validates the main nginx config).
- `/usr/local/sbin/yanpm-nginx-validate-file` — securely validates a single nginx config file: it resolves the absolute path, ensures the target is a regular file (not a symlink), checks the file is owned by the `yanpm-agent` user, enforces it's not world-writable, then runs `nginx -c <file> -t`. This defends against symlink and race attacks when an unprivileged agent requests privileged validation.
- Sudoers entry:
- The init script writes `/etc/sudoers.d/yanpm-agent` with a rule allowing the configured agent user (default `yanpm-agent`) to run only the three wrappers with `NOPASSWD`. This gives the agent a limited, auditable privilege escalation surface; the agent code attempts to use these wrappers via `sudo -n` before falling back to less privileged strategies.
- Relevant environment variables (settable in the Dockerfile or at runtime):
- `YANPM_AGENT_SOCK` — unix socket path (default set in Dockerfile: `/var/run/yanpm/yanpm-agent.sock`).
- `YANPM_NGINX_CONFIG_DIR` — nginx config dir (default `/etc/nginx/conf.d`).
- `YANPM_AGENT_SOCK_PERM` — socket permissions (octal string, default `660`).
- `YANPM_AGENT_SOCK_GID` — desired GID for the socket (optional).
- `YANPM_AGENT_UID`, `YANPM_AGENT_GID` — runtime UID/GID used to create the `yanpm-agent` user in the container.
- How the agent uses these runtime helpers:
- `ValidateCommand` and `ReloadCommand` in the agent code try `nginx` operations directly; when permission problems occur they attempt the privileged wrappers via `sudo -n /usr/local/sbin/yanpm-nginx-validate` or `...-validate-file` and `...-reload`. The cont-init script's wrappers plus the sudoers entry implement that intended secure upgrade path.
- Notes and recommendations:
- The `validate-file` wrapper performs ownership and permission checks; ensure written fragments are created by the `yanpm-agent` user (the agent writes files as that user when running inside the container due to `10-create-app-user`).
- The cont-init scripts attempt to install `sudo` if missing; in minimal images you may prefer providing `sudo` at build time to avoid runtime installation attempts.
- If you bind-mount host directories (e.g., `/etc/nginx/conf.d`) into the container, ensure ownership and permissions are compatible with the agent user and `YANPM_AGENT_SOCK_GID` so the socket and files are accessible as intended.

27
apps/agent/doc/troubleshooting.md Normal file
View File

@@ -0,0 +1,27 @@
# Troubleshooting
Common issues and how to resolve them
- Socket path exists but is not a socket
- Symptom: startup fails with an error that the socket path exists and is not a socket.
- Fix: remove the file at the socket path or choose a different `--sock` path.
- Permission denied on socket directory or socket
- Symptom: socket creation or permission setting logs warnings; clients cannot connect.
- Fix: ensure the socket directory exists and has correct ownership/group and that `sock_perm` and `sock_gid` are configured appropriately. Consider using `chown`/`chmod` from a privileged context.
- `nginx -t` fails with `/run/nginx.pid: Permission denied`
- Symptom: validation fails; output contains permission denied for `/run/nginx.pid`.
- Fixes (tried by the agent):
1. If available, provide a privileged validation wrapper (e.g. `/usr/local/sbin/yanpm-nginx-validate`) that runs `nginx -t` with appropriate privileges.
2. Ensure the agent-runner has permission to read the main nginx configuration and `/run/nginx.pid` or allow the agent to use a writable PID override.
- Fragment file not found during validation
- Symptom: validate returns 500 with message `Config file not found`.
- Fix: make sure the fragment has been written via `/write_config` to the agent's internal subdirectory under `NGINX_CONFIG_DIR`, using the same `config_name` and `timestamp` as the validate call.
- Wrapper or sudo not available
- Symptom: attempts to run `sudo -n /usr/local/sbin/yanpm-nginx-validate` fail.
- Fix: install a wrapper script that allows unprivileged `sudo -n` validation or configure proper permissions on nginx state files.
If none of the above solves the problem, collect the logs produced by the agent (it uses `tracing`/`tracing_subscriber`) and include the exact command outputs from the validation steps when asking for help.

61
apps/agent/doc/usage.md Normal file
View File

@@ -0,0 +1,61 @@
# Usage and Examples
Running locally (development)
1. Build the agent (from repository root):
```sh
cargo build -p agent
```
2. Run the agent with defaults (socket in current directory):
```sh
./target/debug/yanpm-agent
```
3. Run with explicit socket and nginx config directory:
```sh
./target/debug/yanpm-agent --sock /run/yanpm/yanpm-agent.sock --nginx-config-dir /etc/nginx/conf.d
```
HTTP over unix-socket examples (using `socat` / `curl` helper)
If you want to call the API from the shell, you can use `socat` to convert the unix socket to an HTTP stream, or use tools that support unix sockets directly (e.g. `curl --unix-socket`). Examples below use `curl --unix-socket`.
Validate a fragment by name and timestamp:
```sh
curl --unix-socket ./yanpm-agent.sock -X POST http://localhost/validate \
-H 'Content-Type: application/json' \
-d '{"config_name":"example","timestamp":1234567890}'
```
Validate and reload (returns `rc` and `ro`):
```sh
curl --unix-socket ./yanpm-agent.sock -X POST http://localhost/validate_and_reload \
-H 'Content-Type: application/json' \
-d '{"config_name":"example","timestamp":1234567890}'
```
Write a fragment (create or update):
```sh
curl --unix-socket ./yanpm-agent.sock -X POST http://localhost/write_config \
-H 'Content-Type: application/json' \
-d '{"config_name":"example","timestamp":1234567890,"content":"server { listen 80; server_name example.local; }"}'
```
Status endpoint (health)
```sh
curl --unix-socket ./yanpm-agent.sock http://localhost/status
```
Notes
- Use the `config_name` and `timestamp` fields consistently: `timestamp` is typically a monotonic update ID from the caller ensuring unique file names.
- When running in containers, mount the host nginx config dir if you want the agent to write directly to host nginx configuration.
- The repository includes a runtime Docker image built by `apps/agent/Dockerfile` which bundles `nginx` and the `yanpm-agent` binary (via s6-overlay). Use that image when you want nginx and the agent colocated (the agent is intended as a runtime companion to `apps/api`).

58
apps/agent/docker/s6/cont-init.d/10-create-app-user Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/sh
set -eu
YANPM_AGENT_UID="${YANPM_AGENT_UID:-1000}"
YANPM_AGENT_GID="${YANPM_AGENT_GID:-1000}"
# If a specific socket GID is requested, prefer that for the app group
YANPM_AGENT_GID_EFFECTIVE="${YANPM_AGENT_SOCK_GID:-${YANPM_AGENT_GID}}"
YANPM_AGENT_USER="${YANPM_AGENT_USER:-yanpm-agent}"
YANPM_AGENT_GROUP="${YANPM_AGENT_GROUP:-yanpm-agent}"
# Ensure group exists with desired GID
if grep -qE "^${YANPM_AGENT_GROUP}:" /etc/group 2>/dev/null; then
existing_gid=$(awk -F: -v g="${YANPM_AGENT_GROUP}" '$1==g{print $3}' /etc/group)
if [ "${existing_gid}" != "${YANPM_AGENT_GID_EFFECTIVE}" ]; then
delgroup "${YANPM_AGENT_GROUP}" || true
addgroup -g "${YANPM_AGENT_GID_EFFECTIVE}" "${YANPM_AGENT_GROUP}"
fi
else
addgroup -g "${YANPM_AGENT_GID_EFFECTIVE}" "${YANPM_AGENT_GROUP}"
fi
# Ensure user exists with desired UID and primary group
if grep -qE "^${YANPM_AGENT_USER}:" /etc/passwd 2>/dev/null; then
existing_uid=$(awk -F: -v u="${YANPM_AGENT_USER}" '$1==u{print $3}' /etc/passwd)
if [ "${existing_uid}" != "${YANPM_AGENT_UID}" ]; then
deluser "${YANPM_AGENT_USER}" || true
adduser -D -u "${YANPM_AGENT_UID}" -G "${YANPM_AGENT_GROUP}" "${YANPM_AGENT_USER}"
fi
else
adduser -D -u "${YANPM_AGENT_UID}" -G "${YANPM_AGENT_GROUP}" "${YANPM_AGENT_USER}"
fi
# Add app user to nginx group to allow reading configs
addgroup "${YANPM_AGENT_USER}" nginx || true
# Ensure runtime directories exist and fix ownership
mkdir -p /var/run/yanpm /app
if chown -R "${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}" /var/run/yanpm 2>/dev/null; then
echo "chown: /var/run/yanpm -> ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}"
else
echo "Warning: failed to chown /var/run/yanpm to ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}. This is common for bind-mounted host volumes or rootless Docker." >&2
fi
if chown -R "${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}" /app/yanpm-agent 2>/dev/null; then
echo "chown: /app/yanpm-agent -> ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}"
else
echo "Warning: failed to chown /app/yanpm-agent to ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}. Binary will still be used if permissions allow." >&2
fi
if chown "${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}" /app 2>/dev/null; then
echo "chown: /app -> ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}"
else
echo "Warning: failed to chown /app to ${YANPM_AGENT_UID}:${YANPM_AGENT_GID_EFFECTIVE}." >&2
fi
echo "App user and group setup complete. UID:${YANPM_AGENT_UID} GID:${YANPM_AGENT_GID_EFFECTIVE}"
exit 0

170
apps/agent/docker/s6/cont-init.d/20-install-reload-wrapper Normal file
View File

@@ -0,0 +1,170 @@
#!/bin/sh
set -eu
# This init script installs a minimal nginx reload wrapper and a sudoers
# entry so the `yanpm-agent` user can perform a controlled reload via sudo.
WRAPPER_PATH="/usr/local/sbin/yanpm-nginx-reload"
SUDOERS_PATH="/etc/sudoers.d/yanpm-agent"
AGENT_USER="${YANPM_AGENT_USER:-yanpm-agent}"
# validate wrapper
VALIDATE_PATH="/usr/local/sbin/yanpm-nginx-validate"
# validate file wrapper
VALIDATE_FILE_PATH="/usr/local/sbin/yanpm-nginx-validate-file"
echo "[cont-init.d] install-reload-wrapper: setting up nginx reload helper"
# find nginx binary
NGINX_BIN="$(command -v nginx || true)"
if [ -z "${NGINX_BIN}" ]; then
echo "Warning: nginx binary not found in PATH; wrapper will still be created but may fail at runtime." >&2
NGINX_BIN="/usr/sbin/nginx"
fi
# Create wrapper
mkdir -p /usr/local/sbin /etc/sudoers.d
cat > "${WRAPPER_PATH}" <<- 'EOF'
#!/bin/sh
exec "@NGINX_BIN@" -c /etc/nginx/nginx.conf -s reload
EOF
# Replace placeholder with actual path
sed -i "s|@NGINX_BIN@|${NGINX_BIN}|g" "${WRAPPER_PATH}" || true
chmod 0750 "${WRAPPER_PATH}"
chown root:root "${WRAPPER_PATH}" || true
#
#
#
# Create validate wrapper
cat > "${VALIDATE_PATH}" <<- 'EOF'
#!/bin/sh
exec "@NGINX_BIN@" -c /etc/nginx/nginx.conf -t
EOF
# Replace placeholder with actual path in validate wrapper
sed -i "s|@NGINX_BIN@|${NGINX_BIN}|g" "${VALIDATE_PATH}" || true
chmod 0750 "${VALIDATE_PATH}"
chown root:root "${VALIDATE_PATH}" || true
#
#
#
# Create validate file wrapper (secure)
cat > "${VALIDATE_FILE_PATH}" <<-'EOF'
#!/bin/sh
set -eu
if [ $# -ne 1 ]; then
echo "Usage: $0 <nginx-config-file>" >&2
exit 2
fi
INPUT="$1"
# Resolve absolute path
if command -v readlink >/dev/null 2>&1; then
TARGET="$(readlink -f -- "$INPUT" 2>/dev/null || true)"
elif command -v realpath >/dev/null 2>&1; then
TARGET="$(realpath -- "$INPUT" 2>/dev/null || true)"
else
echo "Error: no path resolver (readlink/realpath) available" >&2
exit 3
fi
if [ -z "$TARGET" ]; then
echo "Error: cannot resolve path: $INPUT" >&2
exit 4
fi
# Must be a regular file and not a symlink
if [ ! -f "$TARGET" ] || [ -L "$TARGET" ]; then
echo "Error: ${TARGET} is not a regular file" >&2
exit 5
fi
# must be created by agent user
AGENT_UID="$(id -u yanpm-agent 2>/dev/null || true)"
if [ -z "$AGENT_UID" ]; then
echo "Error: yanpm-agent user not found" >&2
exit 6
fi
FILE_UID="$(stat -c %u -- "$TARGET" 2>/dev/null || true)"
if [ "$FILE_UID" != "$AGENT_UID" ]; then
echo "Error: ${TARGET} not owned by yanpm-agent user" >&2
exit 7
fi
# Ensure file is not world-writable; allow typical 664 (rw-rw-r--)
if command -v stat >/dev/null 2>&1; then
MODE="$(stat -c %a -- "$TARGET" 2>/dev/null || true)"
if [ -n "$MODE" ]; then
OTHERS=$(( MODE % 10 ))
if [ $(( OTHERS & 2 )) -ne 0 ]; then
echo "Error: ${TARGET} is world-writable" >&2
exit 8
fi
fi
elif command -v find >/dev/null 2>&1; then
if find "$TARGET" -maxdepth 0 -perm /002 -print -quit >/dev/null 2>&1; then
echo "Error: ${TARGET} is world-writable" >&2
exit 8
fi
fi
exec "@NGINX_BIN@" -c "$TARGET" -t
EOF
# Replace placeholder with actual path in validate file wrapper
sed -i "s|@NGINX_BIN@|${NGINX_BIN}|g" "${VALIDATE_FILE_PATH}" || true
chmod 0750 "${VALIDATE_FILE_PATH}"
chown root:root "${VALIDATE_FILE_PATH}" || true
echo "Created wrapper: ${WRAPPER_PATH} (owned by root, mode 750)"
#
#
#
# Ensure sudoers entry exists allowing the agent to run only this wrapper as root
if command -v sudo >/dev/null 2>&1; then
echo "sudo present; creating sudoers entry"
cat > "${SUDOERS_PATH}" <<- EOF
# Allow ${AGENT_USER} to run the nginx reload and validate wrappers without a password
${AGENT_USER} ALL=(root) NOPASSWD: ${WRAPPER_PATH}, ${VALIDATE_PATH}, ${VALIDATE_FILE_PATH}
EOF
chmod 0440 "${SUDOERS_PATH}" || true
echo "Wrote sudoers entry: ${SUDOERS_PATH}"
else
echo "sudo not found; attempting to install"
if command -v apk >/dev/null 2>&1; then
apk add --no-cache sudo || true
elif command -v apt-get >/dev/null 2>&1; then
apt-get update || true
apt-get install -y sudo || true
elif command -v yum >/dev/null 2>&1; then
yum install -y sudo || true
else
echo "No known package manager to install sudo; please ensure sudo is available in the image." >&2
fi
if command -v sudo >/dev/null 2>&1; then
cat > "${SUDOERS_PATH}" <<- EOF
# Allow ${AGENT_USER} to run the nginx reload and validate wrappers without a password
${AGENT_USER} ALL=(root) NOPASSWD: ${WRAPPER_PATH}, ${VALIDATE_PATH}, ${VALIDATE_FILE_PATH}
EOF
chmod 0440 "${SUDOERS_PATH}" || true
echo "Installed sudo and wrote sudoers entry: ${SUDOERS_PATH}"
else
echo "Failed to install sudo; the agent will not be able to reload nginx via sudo." >&2
fi
fi
exit 0

5
apps/agent/docker/s6/services.d/agent/run Normal file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
# Run the agent as the unprivileged 'yanpm-agent' user
cd /app
echo "Starting yanpm-agent..."
exec s6-setuidgid yanpm-agent ./yanpm-agent

3
apps/agent/docker/s6/services.d/nginx/run Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/sh
# Run nginx in foreground (s6 will supervise it)
exec nginx -g 'daemon off;'

2
apps/agent/justfile Normal file
View File

@@ -0,0 +1,2 @@
build-docker:
docker build -t yanpm/agent:latest .

292
apps/agent/src/commands.rs Normal file
View File

@@ -0,0 +1,292 @@
mod reload;
mod run;
mod validate;
mod write_config;
use std::{
collections::HashMap,
sync::{
Arc,
atomic::{AtomicU64, Ordering},
},
};
use tokio::sync::{Mutex, RwLock};
use tokio_cron_scheduler::{Job, JobScheduler};
use tracing::{error, info};
use crate::commands::write_config::INTERNAL_CONFIG_FOLDER_NAME;
const OLD_CONFIG_CLEANUP_THRESHOLD: u64 = 3600;
pub struct NginxService {
// lock for nginx reload, and timestamp tracking
nginx_lock: Mutex<()>,
last_applied: AtomicU64,
// lock for write_config per (config_name, timestamp)
#[allow(clippy::type_complexity)]
write_config_lock: RwLock<HashMap<(String, u64), Arc<RwLock<()>>>>,
// commands
reload_cmd: Arc<reload::ReloadCommand>,
validate_cmd: Arc<validate::ValidateCommand>,
write_config_cmd: Arc<write_config::WriteConfigCommand>,
}
impl NginxService {
pub async fn new(
scheduler: Arc<JobScheduler>,
nginx_config_dir: std::path::PathBuf,
) -> Result<Arc<Self>, Box<dyn std::error::Error + Send + Sync>> {
let nginx_service = Arc::new(NginxService {
nginx_lock: Mutex::new(()),
last_applied: AtomicU64::new(0),
write_config_lock: RwLock::new(HashMap::new()),
// commands
reload_cmd: Arc::new(reload::ReloadCommand::default()),
validate_cmd: Arc::new(validate::ValidateCommand::new(nginx_config_dir.clone())),
write_config_cmd: Arc::new(write_config::WriteConfigCommand::new(nginx_config_dir)),
});
let mut nginx_service_clone = nginx_service.clone();
scheduler
.clone()
// cleanup every 10 minutes
.add(Job::new_async("0 */10 * * * *", move |_uuid, _l| {
info!("Running nginx_service cleanup job");
let nginx_service_clone = nginx_service_clone.clone();
let job = Box::pin(async move {
nginx_service_clone.cleanup_unused_lock().await;
});
info!("NginxService cleanup job completed");
job
})?)
.await?;
nginx_service_clone = nginx_service.clone();
scheduler
.clone()
// cleanup every hour
.add(Job::new_async("0 0 */1 * * *", move |_uuid, _l| {
info!("Running nginx_service old config cleanup job");
let nginx_service_clone = nginx_service_clone.clone();
let job = Box::pin(async move {
nginx_service_clone.cleanup_old_configs().await;
});
info!("NginxService old config cleanup job completed");
job
})?)
.await?;
Ok(nginx_service)
}
pub async fn validate_and_reload(
&self,
config_name: &str,
timestamp: u64,
) -> Result<(i32, String), Box<dyn std::error::Error + Send + Sync>> {
let cur = self.last_applied.load(Ordering::SeqCst);
if cur > timestamp {
return Err("Another operation is in progress with higher timestamp value".into());
}
// acquire write lock to update nginx_lock
let _nginx_guard = self.nginx_lock.lock().await;
// acquire write lock for this config+timestamp
let rw_lock = self.acquire_file_write_lock(config_name, timestamp).await;
let _guard = rw_lock.write().await;
match self
.reload_cmd
.validate_and_reload(config_name, timestamp, self.validate_cmd.clone())
.await
{
Ok((code, output)) => {
// update last_applied
self.last_applied.store(timestamp, Ordering::SeqCst);
Ok((code, output))
}
Err(e) => Err(e),
}
}
pub async fn write_config(
&self,
config_name: &str,
timestamp: u64,
content: &str,
) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
let rw_lock = self.acquire_file_write_lock(config_name, timestamp).await;
let _guard = rw_lock.write().await;
// call the write_config command
self.write_config_cmd
.write_config(config_name, timestamp, content)
.await
}
pub async fn validate(
&self,
config_name: &str,
timestamp: u64,
) -> Result<(i32, String), Box<dyn std::error::Error + Send + Sync>> {
self.validate_cmd.validate(config_name, timestamp).await
}
async fn cleanup_unused_lock(&self) {
let mut _write_lock = self.write_config_lock.write().await;
(*_write_lock).retain(|_, lock| {
// retain only locks that are currently held (readers or writers)
lock.try_write().is_err()
});
}
async fn cleanup_old_configs(&self) {
// list all files within nginx_config_dir/YANPM that is older than now - OLD_CONFIG_CLEANUP_THRESHOLD
let cutoff = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_secs()
- OLD_CONFIG_CLEANUP_THRESHOLD;
let nginx_config_dir = self.validate_cmd.nginx_config_dir();
let yanpm_dir = nginx_config_dir.join(INTERNAL_CONFIG_FOLDER_NAME);
let read_dir = match tokio::fs::read_dir(&yanpm_dir).await {
Ok(rd) => rd,
Err(e) if e.kind() == std::io::ErrorKind::NotFound => {
// directory does not exist, nothing to clean up
return;
}
Err(e) => {
error!(
"Error reading {} config directory {}: {}",
INTERNAL_CONFIG_FOLDER_NAME,
yanpm_dir.display(),
e
);
return;
}
};
tokio::pin!(read_dir);
while let Some(entry) = read_dir.next_entry().await.unwrap_or(None) {
let metadata = match entry.metadata().await {
Ok(md) => md,
Err(e) => {
error!(
"Error getting metadata for file {}: {}",
entry.path().display(),
e
);
continue;
}
};
if let Ok(modified) = metadata.modified()
&& let Ok(duration) = modified.duration_since(std::time::UNIX_EPOCH)
{
let mtime_secs = duration.as_secs();
if mtime_secs < cutoff {
// file is older than cutoff, remove it
if let Err(e) = tokio::fs::remove_file(entry.path()).await {
error!(
"Error removing old config file {}: {}",
entry.path().display(),
e
);
} else {
info!("Removed old config file {}", entry.path().display());
}
}
}
}
}
async fn acquire_file_write_lock(&self, config_name: &str, timestamp: u64) -> Arc<RwLock<()>> {
let mut write_lock = self.write_config_lock.write().await;
write_lock
.entry((config_name.to_string(), timestamp))
.or_insert_with(|| Arc::new(RwLock::new(())))
.clone()
}
}
#[cfg(test)]
mod tests {
use super::*;
use std::error::Error;
use std::sync::Arc as StdArc;
use tokio::time::{Duration, sleep};
impl NginxService {
// Test helper that simulates a long-running reload without invoking external commands.
pub async fn test_simulated_reload(
&self,
config_name: &str,
timestamp: u64,
delay_ms: u64,
) -> Result<(), Box<dyn Error + Send + Sync>> {
// pre-check
let cur = self.last_applied.load(Ordering::SeqCst);
if cur >= timestamp {
return Err("stale".into());
}
// acquire exclusive lock and re-check
let _nginx_guard = self.nginx_lock.lock().await;
let cur2 = self.last_applied.load(Ordering::SeqCst);
if cur2 >= timestamp {
return Err("stale".into());
}
// per-file lock
let rw_lock = self.acquire_file_write_lock(config_name, timestamp).await;
let _guard = rw_lock.write().await;
// simulate operation
sleep(Duration::from_millis(delay_ms)).await;
// on success update last_applied
let mut prev = self.last_applied.load(Ordering::SeqCst);
while prev < timestamp {
match self.last_applied.compare_exchange(
prev,
timestamp,
Ordering::SeqCst,
Ordering::SeqCst,
) {
Ok(_) => break,
Err(next) => prev = next,
}
}
Ok(())
}
}
#[tokio::test]
async fn concurrent_stale_is_rejected() {
let scheduler = StdArc::new(JobScheduler::new().await.unwrap());
let svc = NginxService::new(scheduler.clone(), std::env::temp_dir())
.await
.unwrap();
let s1 = svc.clone();
let h1 = tokio::spawn(async move { s1.test_simulated_reload("cfg", 2, 200).await });
// let second start shortly after first so it will wait for the mutex
sleep(Duration::from_millis(20)).await;
let s2 = svc.clone();
let h2 = tokio::spawn(async move { s2.test_simulated_reload("cfg", 1, 10).await });
let r1 = h1.await.unwrap();
assert!(r1.is_ok(), "first (newer) task should succeed");
let r2 = h2.await.unwrap();
assert!(
r2.is_err(),
"second (older) task should be rejected as stale"
);
}
}

109
apps/agent/src/commands/reload.rs Normal file
View File

@@ -0,0 +1,109 @@
use std::path::Path;
use std::sync::Arc;
use std::time::{SystemTime, UNIX_EPOCH};
use tokio::sync::Mutex;
use tracing::error;
use crate::commands::write_config::INTERNAL_CONFIG_FOLDER_NAME;
use crate::commands::{run::run_cmd, validate::ValidateCommand};
pub struct ReloadCommand {
is_reloading: Mutex<bool>,
}
struct ReloadResetGuard<'a> {
guard: tokio::sync::MutexGuard<'a, bool>,
}
impl<'a> Drop for ReloadResetGuard<'a> {
fn drop(&mut self) {
*self.guard = false;
}
}
impl Default for ReloadCommand {
fn default() -> Self {
Self {
is_reloading: Mutex::new(false),
}
}
}
impl ReloadCommand {
pub async fn validate_and_reload(
&self,
config_name: &str,
timestamp: u64,
validate_cmd: Arc<ValidateCommand>,
) -> Result<(i32, String), Box<dyn std::error::Error + Send + Sync>> {
// ensure the written fragment exists
validate_cmd.validate(config_name, timestamp).await?;
// Now atomically swap the YANPM.conf symlink to point to the new fragment
// so nginx -t validates the composed main config. If validation fails,
// attempt to restore the previous symlink.
let filename = crate::commands::run::to_file_name(config_name, timestamp)?;
let nginx_dir = validate_cmd.nginx_config_dir();
let symlink_path = nginx_dir.join("YANPM.conf");
let now = SystemTime::now().duration_since(UNIX_EPOCH)?.as_nanos();
let tmp_name = format!("YANPM.conf.tmp.{}.{}", std::process::id(), now);
let tmp_path = nginx_dir.join(&tmp_name);
// prepare relative target: INTERNAL_CONFIG_FOLDER_NAME/<filename>
let rel_target = Path::new(INTERNAL_CONFIG_FOLDER_NAME).join(&filename);
// read previous target if exists
let previous_target = std::fs::read_link(&symlink_path).ok();
// Acquire reload guard before mutating the symlink to avoid races
let reloading_lock = self.is_reloading.lock().await;
if *reloading_lock {
return Err("Reload already in progress".into());
}
// set flag to true and ensure it is reset on drop
let mut mut_guard = reloading_lock;
*mut_guard = true;
let _reset_guard = ReloadResetGuard { guard: mut_guard };
// create temporary symlink and atomically rename into place
std::os::unix::fs::symlink(&rel_target, &tmp_path)?;
tokio::fs::rename(&tmp_path, &symlink_path).await?;
// validate composed main config now that symlink points to new fragment
if let Err(e) = validate_cmd.validate_all().await {
// restore previous symlink state while still holding the guard
if let Some(prev) = previous_target {
let restore_tmp =
nginx_dir.join(format!("YANPM.conf.restore.{}.{}", std::process::id(), now));
std::os::unix::fs::symlink(&prev, &restore_tmp)?;
if let Err(err) = tokio::fs::rename(&restore_tmp, &symlink_path).await {
error!(
"Failed to restore previous YANPM.conf symlink after validation error: {}",
err
);
}
} else if let Err(err) = tokio::fs::remove_file(&symlink_path).await {
error!(
"Failed to remove YANPM.conf symlink after validation error: {}",
err
);
}
return Err(e);
}
// reload the running nginx master process (no -c) so it reloads its configured main config
// Prefer the restricted sudo wrapper if available, fall back to direct nginx reload.
// TODO: allow configuring the path to the wrapper
match run_cmd("sudo", &["-n", "/usr/local/sbin/yanpm-nginx-reload"], 10).await {
Ok(res) => Ok(res),
Err(e) => {
error!(
"sudo reload wrapper failed, falling back to direct nginx reload: {}",
e
);
run_cmd("nginx", &["-s", "reload"], 10).await
}
}
}
}

85
apps/agent/src/commands/run.rs Normal file
View File

@@ -0,0 +1,85 @@
use std::time::Duration;
use tokio::{process::Command, time::timeout};
use tracing::error;
pub fn to_file_name(
config_name: &str,
timestamp: u64,
) -> Result<String, Box<dyn std::error::Error + Send + Sync>> {
// reject empty or unsafe names to avoid path traversal or invalid filesystem chars
if config_name.is_empty() {
return Err("config_name is empty".into());
}
if config_name.len() > 255 {
return Err("config_name too long".into());
}
if config_name.contains('/') || config_name.contains('\\') || config_name.contains("..") {
return Err("config_name contains invalid path characters".into());
}
if !config_name
.chars()
.all(|c| c.is_ascii_alphanumeric() || "-._".contains(c))
{
return Err("config_name contains invalid characters".into());
}
Ok(format!("{}_{}.conf", timestamp, config_name))
}
pub async fn run_cmd(
cmd: &str,
args: &[&str],
dur_s: u64,
) -> Result<(i32, String), Box<dyn std::error::Error + Send + Sync>> {
let mut c = Command::new(cmd);
c.args(args);
let res = timeout(Duration::from_secs(dur_s), c.output()).await;
let out = match res {
Ok(Ok(out)) => out,
Ok(Err(e)) => return Err(Box::new(e)),
Err(_) => {
return Err(Box::new(std::io::Error::new(
std::io::ErrorKind::TimedOut,
"command timeout",
)));
}
};
let code = out.status.code().unwrap_or(-1);
let output = String::from_utf8_lossy(&[out.stdout, out.stderr].concat()).to_string();
if code != 0 {
error!("command failed ({}): {}", code, output);
return Err(format!("command failed ({}): {}", code, output).into());
}
Ok((code, output))
}
#[cfg(test)]
mod tests {
use super::to_file_name;
#[test]
fn to_file_name_valid() {
let res = to_file_name("myconf", 1234).expect("should succeed");
assert_eq!(res, "1234_myconf.conf");
}
#[test]
fn to_file_name_empty() {
assert!(to_file_name("", 1).is_err());
}
#[test]
fn to_file_name_invalid_chars() {
assert!(to_file_name("bad/name", 1).is_err());
assert!(to_file_name("bad\\name", 1).is_err());
assert!(to_file_name("bad..name", 1).is_err());
assert!(to_file_name("bad$name", 1).is_err());
}
#[test]
fn to_file_name_too_long() {
let long = "a".repeat(300);
assert!(to_file_name(&long, 1).is_err());
}
}

166
apps/agent/src/commands/validate.rs Normal file
View File

@@ -0,0 +1,166 @@
use tracing::{info, warn};
use crate::commands::{run::run_cmd, write_config::INTERNAL_CONFIG_FOLDER_NAME};
use std::path::PathBuf;
pub struct ValidateCommand {
nginx_config_dir: PathBuf,
}
impl ValidateCommand {
pub fn new(nginx_config_dir: PathBuf) -> Self {
Self { nginx_config_dir }
}
pub fn nginx_config_dir(&self) -> PathBuf {
self.nginx_config_dir.clone()
}
pub async fn validate_all(
&self,
) -> Result<(i32, String), Box<dyn std::error::Error + Send + Sync>> {
// Try a normal config test first. If it fails due to pid permission
// errors (common when running unprivileged against /run/nginx.pid),
// retry with a writable pid override so validation can succeed.
match run_cmd("nginx", &["-t"], 10).await {
Ok(res) => Ok(res),
Err(e) => {
info!(
"nginx -t failed: {}. Trying with privileged wrapper or writable pid override.",
e
);
let es = e.to_string();
if es.contains("/run/nginx.pid") && es.contains("Permission denied") {
// Try privileged validate wrapper if available (allows the agent to run
// nginx -t via sudo without modifying the main config).
match run_cmd(
"sudo",
// TODO: allow configuring the path to the wrapper
&["-n", "/usr/local/sbin/yanpm-nginx-validate"],
10,
)
.await
{
Ok(res) => return Ok(res),
Err(e) => {
warn!(
"Privileged validate wrapper failed: {}. Falling back to writable pid override.",
e
);
// Fallback to the existing writable-pid override if sudo wrapper
// isn't available or fails.
let pid_path = format!(
"{}/yanpm-validate-{}.pid",
std::env::temp_dir().display(),
std::process::id()
);
let g_arg = format!("pid {};", pid_path);
let args_vec = ["-t".to_string(), "-g".to_string(), g_arg];
let args_ref: Vec<&str> = args_vec.iter().map(|s| s.as_str()).collect();
return run_cmd("nginx", args_ref.as_slice(), 10).await;
}
}
}
Err(e)
}
}
}
pub async fn validate(
&self,
config_name: &str,
timestamp: u64,
) -> Result<(i32, String), Box<dyn std::error::Error + Send + Sync>> {
let filename = crate::commands::run::to_file_name(config_name, timestamp)?;
// fragments are written into the YANPM subdirectory
let full_path = self
.nginx_config_dir
.join(INTERNAL_CONFIG_FOLDER_NAME)
.join(&filename);
// ensure the fragment file exists
if tokio::fs::metadata(&full_path).await.is_err() {
return Err(format!("Config file not found: {}", full_path.display()).into());
}
// Create a temporary wrapper nginx config that provides the required
// top-level sections (`events` and `http`) and includes the fragment.
let fragment_path = full_path.to_str().ok_or("invalid config path")?.to_string();
let mut tmp_path = std::env::temp_dir();
let tmp_name = format!("yanpm-validate-{}-{}.conf", timestamp, std::process::id());
tmp_path.push(tmp_name);
let wrapper = format!(
"worker_processes 1;\nevents {{ worker_connections 1024; }}\nhttp {{\n include {};\n}}\n",
fragment_path
);
// Write the temporary wrapper file
tokio::fs::write(&tmp_path, wrapper).await?;
let tmp_path_str = tmp_path
.to_str()
.ok_or("invalid temp config path")?
.to_string();
// Run the test against the wrapper, telling nginx to place its pid
// somewhere writable so the config test doesn't fail with permission
// errors when running as an unprivileged user.
let result = match run_cmd("nginx", &["-t", "-c", &tmp_path_str], 10).await {
Ok(res) => Ok(res),
Err(e) => {
info!(
"nginx -t failed: {}. Trying with privileged wrapper or writable pid override.",
e
);
let es = e.to_string();
if es.contains("/run/nginx.pid") && es.contains("Permission denied") {
// Try privileged validate wrapper if available (allows the agent to run
// nginx -t via sudo without modifying the main config).
match run_cmd(
"sudo",
// TODO: allow configuring the path to the wrapper
&[
"-n",
"/usr/local/sbin/yanpm-nginx-validate-file",
&tmp_path_str,
],
10,
)
.await
{
Ok(res) => return Ok(res),
Err(e) => {
warn!(
"Privileged validate wrapper failed: {}. Falling back to writable pid override.",
e
);
let pid_path = format!(
"{}/yanpm-validate-{}.pid",
std::env::temp_dir().display(),
std::process::id()
);
let g_arg = format!("pid {};", pid_path);
let args_vec = [
"-t".to_string(),
"-c".to_string(),
tmp_path_str.clone(),
"-g".to_string(),
g_arg,
];
let args_ref: Vec<&str> = args_vec.iter().map(|s| s.as_str()).collect();
return run_cmd("nginx", args_ref.as_slice(), 10).await;
}
}
}
Err(e)
}
};
let _ = tokio::fs::remove_file(&tmp_path).await;
result
}
}

133
apps/agent/src/commands/write_config.rs Normal file
View File

@@ -0,0 +1,133 @@
use std::os::unix::fs::PermissionsExt;
use std::path::PathBuf;
use std::time::{SystemTime, UNIX_EPOCH};
use tokio::io::AsyncWriteExt;
use tracing::info;
use crate::commands::run::to_file_name;
pub const INTERNAL_CONFIG_FOLDER_NAME: &str = "YANPM";
const FILE_SIZE_LIMIT: usize = 10 * 1024 * 1024; // 10MB
pub struct WriteConfigCommand {
nginx_config_dir: PathBuf,
}
impl WriteConfigCommand {
pub fn new(nginx_config_dir: PathBuf) -> Self {
Self { nginx_config_dir }
}
pub async fn write_config(
&self,
config_name: &str,
timestamp: u64,
content: &str,
) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
let filename = to_file_name(config_name, timestamp)?;
let path = self.nginx_config_dir.clone();
// ensure main config dir exists
tokio::fs::create_dir_all(&path).await?;
info!("Writing config to {:?}", path.join(&filename));
// create YANPM subdir where fragment files live
let yanpm_dir = path.join(INTERNAL_CONFIG_FOLDER_NAME);
tokio::fs::create_dir_all(&yanpm_dir).await?;
let final_path = yanpm_dir.join(&filename);
// limit size to 10MB
if content.len() > FILE_SIZE_LIMIT {
return Err(format!(
"content exceeds {}MB size limit",
FILE_SIZE_LIMIT / (1024 * 1024)
)
.into());
}
// create a temporary filename in the same directory for atomic replace
let now = SystemTime::now().duration_since(UNIX_EPOCH)?.as_nanos();
let tmp_filename = format!("{}.tmp.{}.{}", filename, std::process::id(), now);
// create tmp file in the same directory as final file to ensure atomic rename
let tmp_path = yanpm_dir.join(tmp_filename);
let mut file = tokio::fs::OpenOptions::new()
.create(true)
.write(true)
.truncate(true)
.open(&tmp_path)
.await?;
file.write_all(content.as_bytes()).await?;
// ensure data is flushed to disk; propagate errors
file.sync_all().await?;
// atomically move the tmp file into the YANPM dir
tokio::fs::rename(&tmp_path, &final_path).await?;
// set explicit permissions (rw-r-----)
tokio::fs::set_permissions(&final_path, std::fs::Permissions::from_mode(0o640)).await?;
info!("Config written and permissions set for {:?}", final_path);
Ok(())
}
}
#[cfg(test)]
mod tests {
use super::{INTERNAL_CONFIG_FOLDER_NAME, WriteConfigCommand};
use std::time::SystemTime;
use std::time::UNIX_EPOCH;
#[tokio::test]
async fn write_config_success_and_cleanup() {
let base = std::env::temp_dir().join(format!(
"yanpm_test_{}_{}",
std::process::id(),
SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos()
));
// ensure clean
let _ = tokio::fs::remove_dir_all(&base).await;
let cmd = WriteConfigCommand::new(base.clone());
let config_name = "unittest";
let timestamp = 42u64;
let content = "hello world";
cmd.write_config(config_name, timestamp, content)
.await
.expect("write should succeed");
let filename = super::to_file_name(config_name, timestamp).unwrap();
let final_path = base.join(INTERNAL_CONFIG_FOLDER_NAME).join(&filename);
let data = tokio::fs::read_to_string(&final_path)
.await
.expect("file should exist");
assert_eq!(data, content);
// cleanup
tokio::fs::remove_dir_all(&base).await.expect("cleanup");
}
#[tokio::test]
async fn write_config_size_limit() {
let base = std::env::temp_dir().join(format!(
"yanpm_test_{}_{}",
std::process::id(),
SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos()
));
let _ = tokio::fs::remove_dir_all(&base).await;
let cmd = WriteConfigCommand::new(base.clone());
// exceed 10MB limit
let large = vec![b'a'; 10 * 1024 * 1024 + 1];
let large_str = String::from_utf8_lossy(&large).to_string();
let res = cmd.write_config("big", 1, &large_str).await;
assert!(res.is_err());
let _ = tokio::fs::remove_dir_all(&base).await;
}
}

221
apps/agent/src/main.rs Normal file
View File

@@ -0,0 +1,221 @@
#![forbid(unsafe_code)]
mod commands;
mod openapi;
mod routes;
use axum::routing::get;
use axum::{Router, routing::post};
use clap::Parser;
use std::os::unix::fs::PermissionsExt;
use std::path::PathBuf;
use std::sync::Arc;
use tokio::net::UnixListener;
use tracing::{error, info, warn};
use crate::commands::NginxService;
use crate::openapi::{GenerateOpenapiArgs, generate_openapi_doc};
use crate::routes::{status, validate, validate_and_reload, write_config};
const SOCK_ENV: &str = "YANPM_AGENT_SOCK";
const SOCK_PERM_ENV: &str = "YANPM_AGENT_SOCK_PERM";
const NGINX_CONFIG_DIR_ENV: &str = "YANPM_NGINX_CONFIG_DIR";
const SOCK_GID_ENV: &str = "YANPM_AGENT_SOCK_GID";
const SOCK_DEFAULT: &str = "./yanpm-agent.sock";
const NGINX_CONFIG_DIR_DEFAULT: &str = "/etc/nginx/conf.d";
const SOCK_PERM_DEFAULT: &str = "660";
const SOCK_GID_DEFAULT: &str = "";
/// Command line arguments
#[derive(Parser, Debug)]
#[command(author, version, about, long_about = None)]
struct Args {
/// Unix socket path to bind the agent daemon to
#[arg(short = 's', long, default_value_t = String::from(SOCK_DEFAULT), env = SOCK_ENV)]
sock: String,
/// Directory where generated nginx config files will be written
#[arg(short = 'd', long, default_value_t = String::from(NGINX_CONFIG_DIR_DEFAULT), env = NGINX_CONFIG_DIR_ENV)]
nginx_config_dir: String,
/// Permissions to set on the unix socket (in octal), e.g. 660
#[arg(long, default_value_t = String::from(SOCK_PERM_DEFAULT), env = SOCK_PERM_ENV)]
sock_perm: String,
/// GID to set on the unix socket, default: current user's primary group
#[arg(long, default_value_t = String::from(SOCK_GID_DEFAULT), env = SOCK_GID_ENV)]
sock_gid: String,
#[command(subcommand)]
command: Option<SubCommand>,
}
#[derive(clap::Subcommand, Debug)]
pub enum SubCommand {
/// Generate OpenAPI spec to file or stdout
GenerateOpenapi {
/// Output file path.
#[arg(short = 'o', long)]
output: String,
},
}
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
let subscriber = tracing_subscriber::fmt()
.with_max_level(tracing::Level::INFO)
.with_target(false)
.with_level(true)
.with_timer(tracing_subscriber::fmt::time::SystemTime)
.finish();
tracing::subscriber::set_global_default(subscriber)
.expect("Failed to set global default subscriber");
let args = Args::parse();
if let Some(cmd) = &args.command {
match cmd {
SubCommand::GenerateOpenapi { output } => {
generate_openapi_doc(&GenerateOpenapiArgs {
output: output.clone(),
})
.await?;
return Ok(());
}
}
}
let (sock, nginx_config_dir, sock_perm, sock_gid) = get_args(&args).await?;
let path = PathBuf::from(&sock);
if let Some(dir) = path.parent() {
tokio::fs::create_dir_all(dir).await.unwrap_or_else(|err| {
error!(
"Warning: failed to create socket directory {}: {}",
dir.display(),
err
)
});
// permissive; set tighter perms in production via image/build steps
tokio::fs::set_permissions(dir, std::fs::Permissions::from_mode(0o770))
.await
.unwrap_or_else(|err| {
error!(
"Warning: failed to set permissions on socket directory {}: {}",
dir.display(),
err
)
});
}
// If an existing path exists at the socket location, ensure it's a socket
match tokio::fs::metadata(&path).await {
Ok(md) => {
use std::os::unix::fs::FileTypeExt;
if md.file_type().is_socket() {
tokio::fs::remove_file(&path).await.unwrap_or_else(|err| {
error!(
"Warning: failed to remove existing socket file {}: {}",
path.display(),
err
)
});
} else {
return Err(
format!("Socket path {} exists and is not a socket", path.display()).into(),
);
}
}
Err(e) if e.kind() == std::io::ErrorKind::NotFound => {}
Err(e) => {
return Err(format!("Failed to stat socket path {}: {}", path.display(), e).into());
}
}
// bind using tokio's UnixListener (avoids converting a blocking std listener)
let listener = UnixListener::bind(&path).expect("Failed to bind to unix socket");
// set socket perms to sock_perm (best-effort)
if let Err(err) =
tokio::fs::set_permissions(&path, std::fs::Permissions::from_mode(sock_perm)).await
{
error!(
"Warning: failed to set permissions on socket {}: {}",
path.display(),
err
);
}
// set socket gid to sock_gid (best-effort)
if !sock_gid.is_empty() {
use nix::unistd::{Gid, chown};
if let Err(err) = chown(
&path,
None,
Some(Gid::from_raw(
sock_gid
.parse()
.map_err(|e| format!("Failed to parse socket GID {}: {}", sock_gid, e))
.unwrap_or_else(|_| nix::unistd::getgid().as_raw()),
)),
) {
error!(
"Warning: failed to set GID on socket {}: {}",
path.display(),
err
);
}
}
let scheduler = Arc::new(tokio_cron_scheduler::JobScheduler::new().await?);
let app = Router::new()
.route("/status", get(status))
.route("/validate_and_reload", post(validate_and_reload))
.route("/validate", post(validate))
.route("/write_config", post(write_config))
.with_state(NginxService::new(scheduler.clone(), PathBuf::from(nginx_config_dir)).await?);
scheduler.clone().start().await?;
info!("Starting yanpm-daemon on unix socket: {}", sock);
axum::serve::serve(listener, app)
.await
.expect("Failed to start axum server");
info!("Shutting down yanpm-daemon");
Ok(())
}
async fn get_args(
args: &Args,
) -> Result<(String, String, u32, String), Box<dyn std::error::Error + Send + Sync>> {
let sock = args.sock.clone();
let nginx_config_dir = args.nginx_config_dir.clone();
let sock_perm = args.sock_perm.clone();
let sock_gid = args.sock_gid.clone();
if sock_perm.len() != 3 || !sock_perm.chars().all(|c| ('0'..='7').contains(&c)) {
return Err(std::io::Error::new(
std::io::ErrorKind::InvalidInput,
format!(
"Invalid socket permission string: {}. Must be a 3-digit octal number.",
sock_perm
),
)
.into());
}
if sock_perm.chars().last().unwrap() > '0' {
warn!(
"Socket permission string {} allows others to access the socket. This may be a security risk. Consider setting {} to a desired group and using a socket permission string that does not allow others to access the socket.",
sock_perm, SOCK_GID_ENV
);
};
Ok((
sock,
nginx_config_dir,
u32::from_str_radix(&sock_perm, 8).expect("Failed to parse socket permission string"),
sock_gid,
))
}

45
apps/agent/src/openapi.rs Normal file
View File

@@ -0,0 +1,45 @@
use tracing::info;
use utoipa::OpenApi;
pub mod tag {
/// nginx
pub const NGINX_TAG: &str = "Nginx Agent";
}
#[derive(utoipa::OpenApi)]
#[openapi(
paths(
crate::routes::status,
crate::routes::validate,
crate::routes::validate_and_reload,
crate::routes::write_config,
),
components(
schemas(crate::routes::StatusResp),
schemas(crate::routes::ValidateAndReloadResp),
schemas(crate::routes::ValidateBody),
schemas(crate::routes::WriteConfigBody),
schemas(crate::routes::ValidateAndReloadBody),
),
tags(
(name = tag::NGINX_TAG, description = "Nginx Agent API"),
)
)]
struct ApiDoc;
pub struct GenerateOpenapiArgs {
pub output: String,
}
pub async fn generate_openapi_doc(
args: &GenerateOpenapiArgs,
) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
info!("Generating OpenAPI documentation...");
let doc = ApiDoc::openapi();
let json = doc
.to_pretty_json()
.expect("Failed to serialize OpenAPI doc to JSON");
std::fs::write(&args.output, json).expect("Failed to write OpenAPI doc to file");
info!("OpenAPI documentation generated at {}", args.output);
Ok(())
}

167
apps/agent/src/routes.rs Normal file
View File

@@ -0,0 +1,167 @@
use axum::Json;
use axum::extract::State;
use axum::http::StatusCode;
use axum::response::IntoResponse;
use serde::{Deserialize, Serialize};
use serde_json::{Value, from_value};
use std::sync::Arc;
use tracing::warn;
use crate::commands::NginxService;
#[derive(Serialize, utoipa::ToSchema)]
pub struct StatusResp {
pub ok: bool,
}
/// Health check endpoint
#[utoipa::path(
get,
path = "/status",
responses(
(status = 200, description = "Status response", body = StatusResp)
),
tag = crate::openapi::tag::NGINX_TAG
)]
pub async fn status() -> impl IntoResponse {
let resp = StatusResp { ok: true };
(axum::http::StatusCode::OK, axum::Json(resp))
}
#[derive(Serialize, utoipa::ToSchema)]
pub struct ValidateAndReloadResp {
pub rc: i32,
pub ro: String,
}
#[derive(Deserialize, utoipa::ToSchema)]
pub struct ValidateBody {
config_name: String,
timestamp: u64,
}
#[utoipa::path(
post,
path = "/validate",
request_body = ValidateBody,
responses(
(status = 200, description = "Validation response", body = serde_json::Value)
),
tag = crate::openapi::tag::NGINX_TAG
)]
pub async fn validate(
State(nginx_controller): State<Arc<NginxService>>,
Json(payload): Json<Value>,
) -> impl IntoResponse {
let params: ValidateBody = match from_value(payload) {
Ok(req) => req,
Err(e) => {
warn!("Invalid validate request: {}", e);
return (StatusCode::BAD_REQUEST).into_response();
}
};
let resp = match nginx_controller
.validate(&params.config_name, params.timestamp)
.await
{
Ok(res) => res,
Err(e) => {
let resp = serde_json::json!({ "error": e.to_string() });
return (StatusCode::INTERNAL_SERVER_ERROR, axum::Json(resp)).into_response();
}
};
(axum::http::StatusCode::OK, axum::Json(resp)).into_response()
}
#[derive(Deserialize, utoipa::ToSchema)]
pub struct ValidateAndReloadBody {
config_name: String,
timestamp: u64,
}
#[utoipa::path(
post,
path = "/validate_and_reload",
request_body = ValidateAndReloadBody,
responses(
(status = 200, description = "Validate and reload response", body = ValidateAndReloadResp)
),
tag = crate::openapi::tag::NGINX_TAG
)]
pub async fn validate_and_reload(
State(nginx_controller): State<Arc<NginxService>>,
Json(payload): Json<Value>,
) -> impl IntoResponse {
let params: ValidateAndReloadBody = match from_value(payload) {
Ok(req) => req,
Err(e) => {
warn!("Invalid validate_and_reload request: {}", e);
return (StatusCode::BAD_REQUEST).into_response();
}
};
let (code, output) = match nginx_controller
.validate_and_reload(&params.config_name, params.timestamp)
.await
{
Ok(res) => res,
Err(e) => {
let resp = ValidateAndReloadResp {
rc: -1,
ro: e.to_string(),
};
return (StatusCode::INTERNAL_SERVER_ERROR, axum::Json(resp)).into_response();
}
};
let resp = ValidateAndReloadResp {
rc: code,
ro: output,
};
(axum::http::StatusCode::OK, axum::Json(resp)).into_response()
}
#[derive(Deserialize, utoipa::ToSchema)]
pub struct WriteConfigBody {
config_name: String,
timestamp: u64,
content: String,
}
#[utoipa::path(
post,
path = "/write_config",
request_body = WriteConfigBody,
responses(
(status = 200, description = "Write config response"),
(status = 500, description = "Internal server error", body = serde_json::Value)
),
tag = crate::openapi::tag::NGINX_TAG
)]
pub async fn write_config(
State(nginx_controller): State<Arc<NginxService>>,
Json(payload): Json<Value>,
) -> impl IntoResponse {
let body: WriteConfigBody = match from_value(payload) {
Ok(req) => req,
Err(e) => {
warn!("Invalid write_config request: {}", e);
return (StatusCode::BAD_REQUEST).into_response();
}
};
match nginx_controller
.write_config(&body.config_name, body.timestamp, &body.content)
.await
{
Ok(_) => (),
Err(e) => {
let resp = serde_json::json!({ "error": e.to_string() });
return (StatusCode::INTERNAL_SERVER_ERROR, axum::Json(resp)).into_response();
}
};
(axum::http::StatusCode::OK,).into_response()
}

215
apps/agent/swagger.json Normal file
View File

@@ -0,0 +1,215 @@
{
"openapi": "3.1.0",
"info": {
"title": "yanpm-agent",
"description": "",
"license": {
"name": ""
},
"version": "0.1.0"
},
"paths": {
"/status": {
"get": {
"tags": [
"Nginx Agent"
],
"summary": "Health check endpoint",
"operationId": "status",
"responses": {
"200": {
"description": "Status response",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/StatusResp"
}
}
}
}
}
}
},
"/validate": {
"post": {
"tags": [
"Nginx Agent"
],
"operationId": "validate",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidateBody"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Validation response",
"content": {
"application/json": {
"schema": {}
}
}
}
}
}
},
"/validate_and_reload": {
"post": {
"tags": [
"Nginx Agent"
],
"operationId": "validate_and_reload",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidateAndReloadBody"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Validate and reload response",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidateAndReloadResp"
}
}
}
}
}
}
},
"/write_config": {
"post": {
"tags": [
"Nginx Agent"
],
"operationId": "write_config",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/WriteConfigBody"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Write config response"
},
"500": {
"description": "Internal server error",
"content": {
"application/json": {
"schema": {}
}
}
}
}
}
}
},
"components": {
"schemas": {
"StatusResp": {
"type": "object",
"required": [
"ok"
],
"properties": {
"ok": {
"type": "boolean"
}
}
},
"ValidateAndReloadBody": {
"type": "object",
"required": [
"config_name",
"timestamp"
],
"properties": {
"config_name": {
"type": "string"
},
"timestamp": {
"type": "integer",
"format": "int64",
"minimum": 0
}
}
},
"ValidateAndReloadResp": {
"type": "object",
"required": [
"rc",
"ro"
],
"properties": {
"rc": {
"type": "integer",
"format": "int32"
},
"ro": {
"type": "string"
}
}
},
"ValidateBody": {
"type": "object",
"required": [
"config_name",
"timestamp"
],
"properties": {
"config_name": {
"type": "string"
},
"timestamp": {
"type": "integer",
"format": "int64",
"minimum": 0
}
}
},
"WriteConfigBody": {
"type": "object",
"required": [
"config_name",
"timestamp",
"content"
],
"properties": {
"config_name": {
"type": "string"
},
"content": {
"type": "string"
},
"timestamp": {
"type": "integer",
"format": "int64",
"minimum": 0
}
}
}
}
},
"tags": [
{
"name": "Nginx Agent",
"description": "Nginx Agent API"
}
]
}

4
apps/api/Cargo.toml
View File

@@ -6,6 +6,7 @@ edition = "2024"
[dependencies] [dependencies]
database = { path = "../../public/database" } database = { path = "../../public/database" }
migration = { path = "../../public/migration" } migration = { path = "../../public/migration" }
agent_client = { path = "../../public/agent-client" }
axum = { version = "0.8.7", features = ["form", "http1", "http2", "json", "matched-path", "original-uri", "query", "tokio", "tower-log", "tracing", "macros"] } axum = { version = "0.8.7", features = ["form", "http1", "http2", "json", "matched-path", "original-uri", "query", "tokio", "tower-log", "tracing", "macros"] }
axum-extra = { version = "0.12.2", features = ["cookie"] } axum-extra = { version = "0.12.2", features = ["cookie"] }
@@ -28,4 +29,7 @@ argon2 = { version = "0.5.3", features = ["std"] }
jsonwebtoken = { version = "10.2.0", features = ["rust_crypto"] } jsonwebtoken = { version = "10.2.0", features = ["rust_crypto"] }
uuid = { version = "1.19.0", features = ["v4", "serde", "fast-rng"] } uuid = { version = "1.19.0", features = ["v4", "serde", "fast-rng"] }
tower-http = { version = "0.6.8", features = ["cors"] } tower-http = { version = "0.6.8", features = ["cors"] }
reqwest = { version = "^0.12", features = ["json", "multipart", "stream"] }
[dev-dependencies]
tempfile = "3"

1
apps/api/src/services.rs
View File

@@ -1,3 +1,4 @@
pub mod agent_client;
pub mod auth; pub mod auth;
pub mod server_state; pub mod server_state;
pub mod settings; pub mod settings;

92
apps/api/src/services/agent_client.rs Normal file
View File

@@ -0,0 +1,92 @@
use std::sync::Arc;
use agent_client::apis::{ApiClient, configuration::Configuration};
pub struct AgentService {
client: Arc<ApiClient>,
}
impl AgentService {
pub fn new(config: impl Into<Arc<Configuration>>) -> Self {
let client = ApiClient::new(config.into());
AgentService {
client: Arc::new(client),
}
}
pub fn get_client(&self) -> Arc<ApiClient> {
Arc::clone(&self.client)
}
}
#[cfg(test)]
mod tests {
use super::*;
use agent_client::{
apis::{Api, nginx_agent_api::StatusSuccess},
models::StatusResp,
};
use axum::{http::StatusCode, response::Json};
use std::time::Duration;
use tempfile::tempdir;
use tokio::time::sleep;
#[test]
fn test_agent_service_creation() {
let config = Configuration::default();
let service = AgentService::new(config);
let client = service.get_client();
assert!(Arc::ptr_eq(&client, &service.client));
}
#[tokio::test]
async fn test_agent_socket_support() {
// create temporary socket path
let dir = tempdir().expect("Failed to create temp dir");
let socket_path = dir.path().join("agent.sock");
// create axum app with a simple /status route
let app = axum::Router::new().route(
"/status",
axum::routing::get(|| async {
let result: (StatusCode, StatusResp) = (StatusCode::OK, StatusResp { ok: true });
(result.0, Json(result.1))
}),
);
// bind tokio unix listener and serve in background
let listener =
tokio::net::UnixListener::bind(&socket_path).expect("Failed to bind to unix socket");
let server_fut = axum::serve::serve(listener, app);
let _srv = tokio::spawn(async move {
let _ = server_fut.await;
});
// give server a moment to start
sleep(Duration::from_millis(50)).await;
let client: ApiClient = ApiClient::new(Arc::new(Configuration {
base_path: "http://localhost".to_string(),
client: reqwest::Client::builder()
.unix_socket(socket_path.clone())
.build()
.expect("Failed to build reqwest client"),
..Default::default()
}));
let res = client
.nginx_agent_api()
.status()
.await
.expect("Failed to get status");
let body = res.entity.expect("Response entity is missing");
assert!(res.status.is_success());
if let StatusSuccess::Status200(body) = body {
assert!(body.ok);
} else {
panic!("Unexpected response body");
}
}
}

2
apps/cli/Cargo.toml
View File

@@ -8,7 +8,7 @@ async-trait = "0.1.89"
container-simulate = { path = "../container" } container-simulate = { path = "../container" }
migration = {path = "../../public/migration"} migration = {path = "../../public/migration"}
shared = {path = "../../public/shared"} shared = {path = "../../public/shared"}
testcontainers = "0.24.0" testcontainers = "0.26.0"
tokio = { version = "1.47.0", features = ["full"] } tokio = { version = "1.47.0", features = ["full"] }
url = "2.5.7" url = "2.5.7"
clap = { version = "4.5.48", features = ["derive", "env"] } clap = { version = "4.5.48", features = ["derive", "env"] }

5
apps/cli/src/cmd/db_migrate_and_generate.rs
View File

@@ -1,7 +1,7 @@
use clap::{Arg, Command}; use clap::{Arg, Command};
use container::{ use container::containers::{
ConfigInfoType,
db::{DBInfo, sqlite::SQLiteContainer}, db::{DBInfo, sqlite::SQLiteContainer},
types::ConfigInfoType,
}; };
use migration::{generate_entity, migrate_database}; use migration::{generate_entity, migrate_database};
use shared::db_type::DBType; use shared::db_type::DBType;
@@ -54,6 +54,7 @@ fn action(
for db_config in database_configs { for db_config in database_configs {
let config = container::Config { let config = container::Config {
database: db_config, database: db_config,
agent: None,
}; };
let mut detached_handler = container::start_detached(&config).await; let mut detached_handler = container::start_detached(&config).await;
match migrate_and_generate_entity(&config, &output_path).await { match migrate_and_generate_entity(&config, &output_path).await {

2
apps/container/Cargo.toml
View File

@@ -9,7 +9,7 @@ path = "src/lib.rs"
[dependencies] [dependencies]
async-trait = "0.1.89" async-trait = "0.1.89"
testcontainers = "0.24.0" testcontainers = { version = "0.26.0" }
shared = { path = "../../public/shared" } shared = { path = "../../public/shared" }
tokio = { version = "1.47.0", features = ["full"] } tokio = { version = "1.47.0", features = ["full"] }
url = "2.5.7" url = "2.5.7"

40
apps/container/src/containers.rs Normal file
View File

@@ -0,0 +1,40 @@
pub mod agent;
pub mod db;
use std::{pin::Pin, sync::Arc};
use testcontainers::{ContainerAsync, GenericImage, TestcontainersError};
use crate::containers::{
agent::AgentContainerInfo,
db::{ContainerizedDBInfo, PreExistingDBInfo},
};
pub type UnStartedContainer =
Pin<Box<dyn Future<Output = Result<ContainerAsync<GenericImage>, TestcontainersError>> + Send>>;
pub type AgentConfigInfoType = ConfigInfoType<AgentContainerInfo, ()>;
pub type DBConfigInfoType = ConfigInfoType<ContainerizedDBInfo, PreExistingDBInfo>;
pub trait WithContainer {
fn container(&self) -> &Arc<ContainerAsync<GenericImage>>;
}
pub trait WithoutContainer {
fn on_delete(&self);
}
impl WithoutContainer for () {
fn on_delete(&self) {}
}
#[derive(Clone)]
pub enum ConfigInfoType<T, U>
where
T: WithContainer,
U: WithoutContainer,
{
Containerized(T),
PreExisting(U),
}

115
apps/container/src/containers/agent.rs Normal file
View File

@@ -0,0 +1,115 @@
use std::{error::Error, sync::Arc};
use testcontainers::{
ContainerAsync, GenericBuildableImage, GenericImage, ImageExt,
core::{AccessMode, BuildImageOptions, ContainerPort, Mount, WaitFor},
runners::{AsyncBuilder, AsyncRunner},
};
use crate::{WithContainer, containers::UnStartedContainer};
pub const SOCK_NAME: &str = "yanpm-agent.sock";
const SOCK_FOLDER: &str = "/var/run/yanpm";
const NGINX_CONFIG_DIR: &str = "/etc/nginx/conf.d";
#[derive(Clone)]
pub struct AgentContainerConfig {
pub image: String,
pub tag: String,
pub container_name: String,
pub dockerfile_path: String,
pub force_build: bool,
pub agent_config: AgentConfig,
pub nginx_config: NginxConfig,
}
#[derive(Clone)]
pub struct AgentContainerInfo {
pub container: Arc<ContainerAsync<GenericImage>>,
pub config: AgentContainerConfig,
}
impl WithContainer for AgentContainerInfo {
fn container(&self) -> &Arc<ContainerAsync<GenericImage>> {
&self.container
}
}
#[derive(Clone)]
pub struct AgentConfig {
pub sock_folder: String, // path to be mounted to host for unix socket
pub nginx_config_dir: String, // path to be mounted to host for nginx config files, only the agent generated folder will be mounted
pub sock_perm: u32, // permissions to set on the unix socket
pub sock_gid: String, // GID to set on the unix socket
}
#[derive(Clone)]
pub struct NginxConfig {
pub expose_http: bool,
pub expose_https: bool,
}
impl AgentContainerConfig {
pub fn new(
image: String,
tag: String,
container_name: String,
dockerfile_path: String,
force_build: bool,
// agent configs
agent_config: AgentConfig,
nginx_config: NginxConfig,
) -> Self {
AgentContainerConfig {
image,
tag,
container_name,
dockerfile_path,
force_build,
// default agent configs
agent_config,
nginx_config,
}
}
pub async fn get_unstarted_container(&self) -> Result<UnStartedContainer, Box<dyn Error>> {
let mut image = GenericBuildableImage::new(&self.image, &self.tag)
.with_dockerfile(&self.dockerfile_path)
.build_image_with(BuildImageOptions::new().with_skip_if_exists(!self.force_build))
.await?;
if self.nginx_config.expose_http {
image = image.with_exposed_port(ContainerPort::Tcp(80));
}
if self.nginx_config.expose_https {
image = image.with_exposed_port(ContainerPort::Tcp(443));
}
image = image.with_wait_for(WaitFor::message_on_either_std("Starting yanpm-daemon on"));
Ok(image
.with_container_name(self.container_name.clone())
.with_env_var("YANPM_AGENT_SOCK", format!("{}/{}", SOCK_FOLDER, SOCK_NAME))
.with_env_var("YANPM_NGINX_CONFIG_DIR", NGINX_CONFIG_DIR.to_string())
.with_env_var(
"YANPM_AGENT_SOCK_PERM",
self.agent_config.sock_perm.to_string(),
)
.with_env_var("YANPM_AGENT_SOCK_GID", self.agent_config.sock_gid.clone())
.with_mount(
Mount::bind_mount(
self.agent_config.sock_folder.clone(),
SOCK_FOLDER.to_string(),
)
.with_access_mode(AccessMode::ReadWrite),
)
.with_mount(
Mount::bind_mount(
self.agent_config.nginx_config_dir.clone(),
NGINX_CONFIG_DIR.to_string(),
)
.with_access_mode(AccessMode::ReadWrite),
)
.start())
}
}

15
apps/container/src/db.rs → apps/container/src/containers/db.rs
View File

@@ -5,18 +5,15 @@ pub mod sqlite;
use async_trait::async_trait; use async_trait::async_trait;
use shared::db_type::DBType; use shared::db_type::DBType;
use std::error::Error; use std::error::Error;
use std::future::Future; use std::sync::Arc;
use std::{pin::Pin, sync::Arc};
use url::Host; use url::Host;
use testcontainers::{ContainerAsync, GenericImage, TestcontainersError}; use testcontainers::{ContainerAsync, GenericImage};
use crate::{ConfigInfoType, WithContainer, WithoutContainer}; use crate::{
WithContainer, WithoutContainer,
pub type UnStartedContainer = containers::{DBConfigInfoType, UnStartedContainer},
Pin<Box<dyn Future<Output = Result<ContainerAsync<GenericImage>, TestcontainersError>> + Send>>; };
pub type DBConfigInfoType = ConfigInfoType<ContainerizedDBInfo, PreExistingDBInfo>;
#[derive(Clone)] #[derive(Clone)]
pub struct PreExistingDBInfo { pub struct PreExistingDBInfo {

6
apps/container/src/db/config.rs → apps/container/src/containers/db/config.rs
View File

@@ -9,7 +9,7 @@ pub struct OptionalContainerConfig {
} }
#[derive(Clone)] #[derive(Clone)]
pub struct ContainerConfig { pub struct DatabaseContainerConfig {
pub image: String, pub image: String,
pub tag: String, pub tag: String,
pub container_name: String, pub container_name: String,
@@ -19,8 +19,8 @@ pub struct ContainerConfig {
} }
impl OptionalContainerConfig { impl OptionalContainerConfig {
pub fn fill_with(&self, other: &ContainerConfig) -> ContainerConfig { pub fn fill_with(&self, other: &DatabaseContainerConfig) -> DatabaseContainerConfig {
ContainerConfig { DatabaseContainerConfig {
image: self.image.clone().unwrap_or_else(|| other.image.clone()), image: self.image.clone().unwrap_or_else(|| other.image.clone()),
tag: self.tag.clone().unwrap_or_else(|| other.tag.clone()), tag: self.tag.clone().unwrap_or_else(|| other.tag.clone()),
container_name: self container_name: self

15
apps/container/src/db/postgresql.rs → apps/container/src/containers/db/postgresql.rs
View File

@@ -9,14 +9,17 @@ use testcontainers::{
use crate::{ use crate::{
ConfigInfoType, ConfigInfoType,
containers::{
UnStartedContainer,
db::{ db::{
ContainerizedDBInfo, DBConfigInfoType, DBInfo, UnStartedContainer, ContainerizedDBInfo, DBConfigInfoType, DBInfo,
config::{ContainerConfig, OptionalContainerConfig}, config::{DatabaseContainerConfig, OptionalContainerConfig},
},
}, },
}; };
pub fn get_default_config() -> ContainerConfig { pub fn get_default_config() -> DatabaseContainerConfig {
ContainerConfig { DatabaseContainerConfig {
container_name: "yanpm-postgres".to_string(), container_name: "yanpm-postgres".to_string(),
database_name: "postgres".to_string(), database_name: "postgres".to_string(),
user: "postgres".to_string(), user: "postgres".to_string(),
@@ -27,7 +30,7 @@ pub fn get_default_config() -> ContainerConfig {
} }
pub struct PostgreSQLContainer { pub struct PostgreSQLContainer {
pub config: ContainerConfig, pub config: DatabaseContainerConfig,
} }
#[async_trait] #[async_trait]
@@ -53,7 +56,7 @@ impl DBInfo<OptionalContainerConfig> for PostgreSQLContainer {
); );
ConfigInfoType::Containerized(ContainerizedDBInfo { ConfigInfoType::Containerized(ContainerizedDBInfo {
db_type: crate::db::DBType::PostgreSQL, db_type: crate::containers::db::DBType::PostgreSQL,
container: Arc::new(pg_container), container: Arc::new(pg_container),
container_name: self.config.container_name.clone(), container_name: self.config.container_name.clone(),
database_name: self.config.database_name.clone(), database_name: self.config.database_name.clone(),

4
apps/container/src/db/sqlite.rs → apps/container/src/containers/db/sqlite.rs
View File

@@ -4,7 +4,7 @@ use async_trait::async_trait;
use crate::{ use crate::{
ConfigInfoType, ConfigInfoType,
db::{DBConfigInfoType, DBInfo, PreExistingDBInfo, UnStartedContainer}, containers::db::{DBConfigInfoType, DBInfo, PreExistingDBInfo, UnStartedContainer},
util::to_absolute_path, util::to_absolute_path,
}; };
@@ -69,7 +69,7 @@ impl DBInfo<OptionalContainerConfig> for SQLiteContainer {
.expect("Failed to create SQLite database file"); .expect("Failed to create SQLite database file");
// //
ConfigInfoType::PreExisting(PreExistingDBInfo { ConfigInfoType::PreExisting(PreExistingDBInfo {
db_type: crate::db::DBType::SQLite, db_type: crate::containers::db::DBType::SQLite,
url: sqlite_url, url: sqlite_url,
on_delete: { on_delete: {
let db_path = self.get_db_absolute_path(); let db_path = self.get_db_absolute_path();

35
apps/container/src/env.rs
View File

@@ -1,7 +1,5 @@
use std::io::Write; use std::io::Write;
use shared::db_type::DBType;
#[derive(Clone, Copy)] #[derive(Clone, Copy)]
pub enum EnvFileType { pub enum EnvFileType {
DotEnv, DotEnv,
@@ -11,25 +9,20 @@ pub enum EnvFileType {
#[derive(Clone)] #[derive(Clone)]
pub struct EnvFile { pub struct EnvFile {
pub file_type: EnvFileType, pub file_type: EnvFileType,
pub db_type: DBType,
pub db_url: String,
// //
buffer: serde_json::Value, buffer: serde_json::Value,
} }
impl EnvFile { impl EnvFile {
pub fn new(file_type: EnvFileType, db_type: DBType, db_url: String) -> Self { pub fn new(file_type: EnvFileType) -> Self {
let mut env_file = EnvFile { EnvFile {
file_type, file_type,
db_type,
db_url,
buffer: serde_json::Value::Object(serde_json::Map::new()), buffer: serde_json::Value::Object(serde_json::Map::new()),
}; }
}
env_file._write_line_buffer("DATABASE__TYPE", &env_file.db_type.to_string()); pub fn write_line(&mut self, key: &str, value: &str) {
env_file._write_line_buffer("DATABASE__URL", &env_file.db_url.to_string()); self._write_line_buffer(key, value);
env_file
} }
pub fn write(&mut self, stream: &mut dyn Write, with_prefix: bool) { pub fn write(&mut self, stream: &mut dyn Write, with_prefix: bool) {
@@ -127,12 +120,10 @@ mod tests {
#[test] #[test]
fn test_env_file_write_yaml() { fn test_env_file_write_yaml() {
let mut env_file_nested = EnvFile::new( let mut env_file_nested = EnvFile::new(EnvFileType::Yaml);
EnvFileType::Yaml,
DBType::SQLite,
"mysql://user:pass@localhost/db".to_string(),
);
env_file_nested.write_line("DATABASE__TYPE", "SQLite");
env_file_nested.write_line("DATABASE__URL", "mysql://user:pass@localhost/db");
let mut output_stream = Vec::new(); let mut output_stream = Vec::new();
env_file_nested.write(&mut output_stream, false); env_file_nested.write(&mut output_stream, false);
let output_string = String::from_utf8(output_stream).unwrap(); let output_string = String::from_utf8(output_stream).unwrap();
@@ -146,11 +137,9 @@ DATABASE:
#[test] #[test]
fn test_env_file_write_env() { fn test_env_file_write_env() {
let mut env_file_nested = EnvFile::new( let mut env_file_nested = EnvFile::new(EnvFileType::DotEnv);
EnvFileType::DotEnv, env_file_nested.write_line("DATABASE__TYPE", "PostgreSQL");
DBType::PostgreSQL, env_file_nested.write_line("DATABASE__URL", "postgres://user:pass@localhost/db");
"postgres://user:pass@localhost/db".to_string(),
);
let mut output_stream = Vec::new(); let mut output_stream = Vec::new();
env_file_nested.write(&mut output_stream, true); env_file_nested.write(&mut output_stream, true);
let output_string = String::from_utf8(output_stream).unwrap(); let output_string = String::from_utf8(output_stream).unwrap();

24
apps/container/src/lib.rs
View File

@@ -1,11 +1,11 @@
pub mod db; pub mod containers;
mod env; mod env;
pub mod types;
mod util; mod util;
use crate::{ use crate::{
db::DBConfigInfoType, containers::{
types::{ConfigInfoType, WithContainer, WithoutContainer}, AgentConfigInfoType, ConfigInfoType, DBConfigInfoType, WithContainer, WithoutContainer,
},
util::{ util::{
await_termination_signal, remove_file_if_exists, stop_container, to_absolute_path, await_termination_signal, remove_file_if_exists, stop_container, to_absolute_path,
write_env_files, write_env_files,
@@ -15,6 +15,7 @@ use crate::{
#[derive(Clone)] #[derive(Clone)]
pub struct Config { pub struct Config {
pub database: DBConfigInfoType, pub database: DBConfigInfoType,
pub agent: Option<AgentConfigInfoType>,
} }
// relative to the pwd // relative to the pwd
@@ -56,26 +57,29 @@ impl<'a> Drop for DetachedHandle<'a> {
} }
async fn start(config: &Config) { async fn start(config: &Config) {
let db_config = &config.database;
//
// write the config files for the api server and database client // write the config files for the api server and database client
println!("Writing config files..."); println!("Writing config files...");
write_env_files(db_config); write_env_files(&config.database, &config.agent);
println!("Config files written to:"); println!("Config files written to:");
println!(" - {}", to_absolute_path(API_CONFIG_PATH).display()); println!(" - {}", to_absolute_path(API_CONFIG_PATH).display());
println!(" - {}", to_absolute_path(DB_CONFIG_PATH).display()); println!(" - {}", to_absolute_path(DB_CONFIG_PATH).display());
} }
async fn stop(config: &Config) { async fn stop(config: &Config) {
let db_config = &config.database;
// stop the container // stop the container
println!("Stopping container..."); println!("Stopping container...");
stop_container(db_config, "database".to_string()).await; println!("Stopping database container...");
stop_container(&config.database, "database".to_string()).await;
if let Some(agent) = &config.agent {
println!("Stopping agent container...");
stop_container(agent, "agent".to_string()).await;
}
println!("Container stopped.");
// remove the generated config file // remove the generated config file
println!("Removing generated config file..."); println!("Removing generated config file...");
remove_file_if_exists(DB_CONFIG_PATH); remove_file_if_exists(DB_CONFIG_PATH);
remove_file_if_exists(API_CONFIG_PATH); remove_file_if_exists(API_CONFIG_PATH);
println!("Container stopped."); println!("Generated config files removed.");
} }
pub async fn start_attached(config: &Config) { pub async fn start_attached(config: &Config) {

156
apps/container/src/main.rs
View File

@@ -1,8 +1,15 @@
use clap::Parser; use std::sync::Arc;
use container::Config;
use container::start_attached;
use container::db::DBInfo; use clap::Parser;
use container::{
Config,
containers::{
ConfigInfoType,
agent::{AgentConfig, AgentContainerConfig, AgentContainerInfo, NginxConfig},
db::DBInfo,
},
start_attached,
};
/// Command line arguments /// Command line arguments
#[derive(Parser, Debug)] #[derive(Parser, Debug)]
@@ -11,17 +18,63 @@ struct Args {
/// Database type to use: 'postgres' or 'sqlite'. Can also be set with DB_TYPE env var. /// Database type to use: 'postgres' or 'sqlite'. Can also be set with DB_TYPE env var.
#[arg(long, default_value = "sqlite", env = "DB_TYPE")] #[arg(long, default_value = "sqlite", env = "DB_TYPE")]
db_type: String, db_type: String,
// agent related
/// agent image name
#[arg(long, default_value = "yanpm/agent", env = "AGENT_IMAGE_NAME")]
agent_image: String,
/// agent image tag
#[arg(long, default_value = "latest", env = "AGENT_IMAGE_TAG")]
agent_image_tag: String,
/// force build agent image
#[arg(long, default_value_t = false, env = "AGENT_FORCE_BUILD")]
agent_force_build: bool,
/// dockerfile path for building agent image
#[arg(long, env = "AGENT_DOCKERFILE_PATH", required = false)]
agent_dockerfile_path: Option<String>,
/// host's location to mount nginx config files folder generated by the agent
#[arg(long, env = "AGENT_NGINX_CONFIG_DIR", required = false)]
agent_nginx_config_dir: Option<String>,
/// host's location folder to mount the unix socket files
#[arg(long, env = "AGENT_SOCK_PATH", required = false)]
agent_sock_path: Option<String>,
/// socket permissions to set on the unix socket
#[arg(long, default_value = "660", env = "AGENT_SOCK_PERM", required = false)]
agent_sock_perm: u32,
/// socket GID to set on the unix socket
#[arg(long, default_value = "", env = "AGENT_SOCK_GID", required = false)]
agent_sock_gid: String,
/// nginx expose http port
#[arg(
long,
default_value_t = true,
env = "AGENT_NGINX_EXPOSE_HTTP",
required = false
)]
agent_nginx_expose_http: bool,
/// nginx expose https port
#[arg(
long,
default_value_t = false,
env = "AGENT_NGINX_EXPOSE_HTTPS",
required = false
)]
agent_nginx_expose_https: bool,
}
struct ParsedArgs {
db_type: String,
agent_container_config: Option<AgentContainerConfig>,
} }
#[tokio::main] #[tokio::main]
async fn main() { async fn main() {
// Parse command line arguments and environment variables let args = parse_args().await;
let args = Args::parse();
println!("Starting container with database type: {}", args.db_type); println!("Starting container with database type: {}", args.db_type);
let db_config = match args.db_type.to_lowercase().as_str() { let db_config = match args.db_type.to_lowercase().as_str() {
"postgres" | "pg" | "pgsql" => { "postgres" | "pg" | "pgsql" => {
use container::db::postgresql::PostgreSQLContainer; use container::containers::db::postgresql::PostgreSQLContainer;
println!("Using PostgreSQL database"); println!("Using PostgreSQL database");
PostgreSQLContainer::new(None) PostgreSQLContainer::new(None)
.await .await
@@ -30,7 +83,7 @@ async fn main() {
} }
"sqlite" | "sql" => { "sqlite" | "sql" => {
println!("Using SQLite database"); println!("Using SQLite database");
use container::db::sqlite::SQLiteContainer; use container::containers::db::sqlite::SQLiteContainer;
SQLiteContainer::new(None) SQLiteContainer::new(None)
.await .await
.get_db_container_config_info() .get_db_container_config_info()
@@ -43,11 +96,98 @@ async fn main() {
}; };
println!("Database configuration obtained."); println!("Database configuration obtained.");
let agent_container = if let Some(agent_config) = &args.agent_container_config {
println!(
"Agent container will be used with socket folder: {} and nginx config dir: {}",
agent_config.agent_config.sock_folder, agent_config.agent_config.nginx_config_dir
);
Some(agent_config.get_unstarted_container().await)
} else {
println!("No agent container configuration provided, skipping agent setup.");
None
};
let config = Config { let config = Config {
database: db_config, database: db_config,
agent: match agent_container {
Some(Ok(container)) => Some(ConfigInfoType::Containerized(AgentContainerInfo {
container: Arc::new(container.await.expect("Failed to start agent container")),
config: args.agent_container_config.expect("Invalid config state"),
})),
Some(Err(e)) => {
eprintln!("Failed to set up agent container: {}", e);
std::process::exit(1);
}
None => None,
},
}; };
println!("Starting container..."); println!("Starting container...");
start_attached(&config).await; start_attached(&config).await;
println!("Container stopped. Exiting..."); println!("Container stopped. Exiting...");
} }
async fn parse_args() -> ParsedArgs {
// Parse command line arguments and environment variables
let args = Args::parse();
// if any required args are missing, do not start agent
let dockerfile_path = match args.agent_dockerfile_path {
None => {
println!("Agent dockerfile path not provided, skipping agent setup.");
return ParsedArgs {
db_type: args.db_type,
agent_container_config: None,
};
}
Some(path) => path,
};
let time = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_secs();
let agent_config = AgentConfig {
sock_folder: match args.agent_sock_path {
None => {
// create a temp dir for the socket path
let temp_dir = std::env::temp_dir().join(format!("yanpm-agent-sock-{}", time));
std::fs::create_dir_all(&temp_dir)
.expect("Failed to create temp dir for agent socket");
temp_dir.to_string_lossy().to_string()
}
Some(path) => path,
},
nginx_config_dir: match args.agent_nginx_config_dir {
None => {
// create a temp dir for the nginx config dir
let temp_dir =
std::env::temp_dir().join(format!("yanpm-agent-nginx-configs-{}", time));
std::fs::create_dir_all(&temp_dir)
.expect("Failed to create temp dir for agent nginx configs");
temp_dir.to_string_lossy().to_string()
}
Some(path) => path,
},
sock_perm: args.agent_sock_perm,
sock_gid: args.agent_sock_gid.clone(),
};
ParsedArgs {
db_type: args.db_type,
agent_container_config: Some(AgentContainerConfig {
// TODO: allow customization of these fields via CLI args
image: args.agent_image,
tag: args.agent_image_tag,
container_name: format!("yanpm-agent-container-{}", time),
dockerfile_path,
force_build: args.agent_force_build,
agent_config,
nginx_config: NginxConfig {
expose_http: args.agent_nginx_expose_http,
expose_https: args.agent_nginx_expose_https,
},
}),
}
}

21
apps/container/src/types.rs
View File

@@ -1,21 +0,0 @@
use std::sync::Arc;
use testcontainers::{ContainerAsync, GenericImage};
pub trait WithContainer {
fn container(&self) -> &Arc<ContainerAsync<GenericImage>>;
}
pub trait WithoutContainer {
fn on_delete(&self);
}
#[derive(Clone)]
pub enum ConfigInfoType<T, U>
where
T: WithContainer,
U: WithoutContainer,
{
Containerized(T),
PreExisting(U),
}

27
apps/container/src/util.rs
View File

@@ -4,9 +4,11 @@ use tokio::signal::unix::{SignalKind, signal};
use crate::{ use crate::{
API_CONFIG_PATH, DB_CONFIG_PATH, API_CONFIG_PATH, DB_CONFIG_PATH,
db::DBConfigInfoType, containers::{
AgentConfigInfoType, ConfigInfoType, DBConfigInfoType, WithContainer, WithoutContainer,
agent::SOCK_NAME,
},
env::{self, EnvFile}, env::{self, EnvFile},
types::{ConfigInfoType, WithContainer, WithoutContainer},
}; };
// relative to the current working directory // relative to the current working directory
@@ -20,7 +22,7 @@ pub fn to_absolute_path(path: &str) -> PathBuf {
.clean() .clean()
} }
pub fn write_env_files(db_config: &DBConfigInfoType) { pub fn write_env_files(db_config: &DBConfigInfoType, agent_config: &Option<AgentConfigInfoType>) {
let api_config_path_absolute = to_absolute_path(API_CONFIG_PATH); let api_config_path_absolute = to_absolute_path(API_CONFIG_PATH);
let db_config_path_absolute = to_absolute_path(DB_CONFIG_PATH); let db_config_path_absolute = to_absolute_path(DB_CONFIG_PATH);
@@ -29,10 +31,27 @@ pub fn write_env_files(db_config: &DBConfigInfoType) {
DBConfigInfoType::PreExisting(config) => (config.db_type.clone(), config.url.clone()), DBConfigInfoType::PreExisting(config) => (config.db_type.clone(), config.url.clone()),
}; };
let mut api_env = EnvFile::new(env::EnvFileType::Yaml, db_type, db_url); let mut api_env = EnvFile::new(env::EnvFileType::Yaml);
api_env.write_line("DATABASE__TYPE", db_type.to_string().as_str());
api_env.write_line("DATABASE__URL", db_url.as_str());
let mut db_env = api_env.clone(); let mut db_env = api_env.clone();
db_env.file_type = env::EnvFileType::DotEnv; db_env.file_type = env::EnvFileType::DotEnv;
// agent related env vars
if let Some(agent) = agent_config
&& let ConfigInfoType::Containerized(agent) = agent
{
api_env.write_line(
"AGENT__SOCK__PATH",
format!("{}/{}", &agent.config.agent_config.sock_folder, SOCK_NAME).as_str(),
);
api_env.write_line(
"AGENT__NGINX__CONFIG__DIR",
&agent.config.agent_config.nginx_config_dir,
);
}
let mut api_file = let mut api_file =
std::fs::File::create(&api_config_path_absolute).expect("Failed to create API config file"); std::fs::File::create(&api_config_path_absolute).expect("Failed to create API config file");

35
justfile
View File

@@ -2,6 +2,8 @@ set dotenv-load := true
# development environment file # development environment file
set dotenv-filename := "./public/database/.env.generated" set dotenv-filename := "./public/database/.env.generated"
DEFAULT_SIMULATE_ARGS := "--agent-dockerfile-path=../agent/Dockerfile"
cli *args: cli *args:
cd apps/cli && \ cd apps/cli && \
if [ -n "{{args}}" ]; then \ if [ -n "{{args}}" ]; then \
@@ -13,9 +15,9 @@ cli *args:
simulate *args: simulate *args:
cd apps/container && \ cd apps/container && \
if [ -n "{{args}}" ]; then \ if [ -n "{{args}}" ]; then \
cargo run --bin container-simulate -- --db-type={{args}}; \ cargo run --bin container-simulate -- {{args}}; \
else \ else \
cargo run --bin container-simulate; \ cargo run --bin container-simulate -- {{DEFAULT_SIMULATE_ARGS}}; \
fi fi
# Usage: (following SeaORM migration commands) # Usage: (following SeaORM migration commands)
@@ -48,8 +50,31 @@ generate-openapi:
# Generate API client for frontend # Generate API client for frontend
cd apps/frontend && \ cd apps/frontend && \
pnpm generate:openapi pnpm generate:openapi
# Generate API client for agent
cd apps/agent && \
cargo run -- generate-openapi --output swagger.json
generate-all: generate-entity generate-openapi generate-agent-client:
# Generate API client for agent
pnpm openapi-generator-cli generate \
-g rust --skip-validate-spec \
-o ./public/agent-client -i ./apps/agent/swagger.json \
--additional-properties=library=reqwest-trait \
--additional-properties=mockall=true \
--additional-properties=packageName=agent_client \
--additional-properties=packageVersion=0.1.0 \
--additional-properties=supportAsync=true \
--additional-properties=supportMultipleResponses=true \
--additional-properties=topLevelApiClient=true \
--additional-properties=useSingleRequestParameter=true
# format generated code
cd public/agent-client && \
cargo fmt
# append lint allows/forbids to the end of Cargo.toml to disable warnings in generated code and forbid unsafe code
cd public/agent-client && \
echo '\n[lints.clippy]\nall = "allow"\n[lints.rust]\nunsafe_code = "forbid"\n' >> Cargo.toml
generate-all: generate-entity generate-openapi generate-agent-client
build-frontend: build-frontend:
# build frontend assets # build frontend assets
@@ -61,6 +86,10 @@ build-backend:
cd apps/api && \ cd apps/api && \
cargo build --release cargo build --release
build-docker:
cd apps/agent && \
docker build -t yanpm/agent:latest .
build-apps: build-frontend build-backend build-apps: build-frontend build-backend
act *args: act *args:

7
openapitools.json Normal file
View File

@@ -0,0 +1,7 @@
{
"$schema": "./node_modules/@openapitools/openapi-generator-cli/config.schema.json",
"spaces": 2,
"generator-cli": {
"version": "7.18.0"
}
}

6
package.json Normal file
View File

@@ -0,0 +1,6 @@
{
"devDependencies": {
"@openapitools/openapi-generator-cli": "^2.26.0",
"rust-just": "^1.44.0"
}
}

3418
apps/frontend/pnpm-lock.yaml → pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

7
pnpm-workspace.yaml Normal file
View File

@@ -0,0 +1,7 @@
packages:
- apps/frontend
onlyBuiltDependencies:
- '@nestjs/core'
- '@openapitools/openapi-generator-cli'
- esbuild

3
public/agent-client/.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
/target/
**/*.rs.bk
Cargo.lock

23
public/agent-client/.openapi-generator-ignore Normal file
View File

@@ -0,0 +1,23 @@
# OpenAPI Generator Ignore
# Generated by openapi-generator https://github.com/openapitools/openapi-generator
# Use this file to prevent files from being overwritten by the generator.
# The patterns follow closely to .gitignore or .dockerignore.
# As an example, the C# client generator defines ApiClient.cs.
# You can make changes and tell OpenAPI Generator to ignore just this file by uncommenting the following line:
#ApiClient.cs
# You can match any string of characters against a directory, file or extension with a single asterisk (*):
#foo/*/qux
# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux
# You can recursively match patterns against a directory, file or extension with a double asterisk (**):
#foo/**/qux
# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux
# You can also negate patterns with an exclamation (!).
# For example, you can ignore all files in a docs folder with the file extension .md:
#docs/*.md
# Then explicitly reverse the ignore rule for a single file:
#!docs/README.md

21
public/agent-client/.openapi-generator/FILES Normal file
View File

@@ -0,0 +1,21 @@
.gitignore
.travis.yml
Cargo.toml
README.md
docs/NginxAgentApi.md
docs/StatusResp.md
docs/ValidateAndReloadBody.md
docs/ValidateAndReloadResp.md
docs/ValidateBody.md
docs/WriteConfigBody.md
git_push.sh
src/apis/configuration.rs
src/apis/mod.rs
src/apis/nginx_agent_api.rs
src/lib.rs
src/models/mod.rs
src/models/status_resp.rs
src/models/validate_and_reload_body.rs
src/models/validate_and_reload_resp.rs
src/models/validate_body.rs
src/models/write_config_body.rs

1
public/agent-client/.openapi-generator/VERSION Normal file
View File

@@ -0,0 +1 @@
7.18.0

1
public/agent-client/.travis.yml Normal file
View File

@@ -0,0 +1 @@
language: rust

27
public/agent-client/Cargo.toml Normal file
View File

@@ -0,0 +1,27 @@
[package]
name = "agent_client"
version = "0.1.0"
authors = ["OpenAPI Generator team and contributors"]
description = "No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)"
license = ""
edition = "2021"
[dependencies]
serde = { version = "^1.0", features = ["derive"] }
serde_json = "^1.0"
serde_repr = "^0.1"
url = "^2.5"
async-trait = "^0.1"
reqwest = { version = "^0.12", default-features = false, features = ["json", "multipart", "stream"] }
mockall = { version = "^0.13", optional = true}
[features]
default = ["native-tls"]
native-tls = ["reqwest/native-tls"]
rustls-tls = ["reqwest/rustls-tls"]
mockall = ["dep:mockall"]
[lints.clippy]
all = "allow"
[lints.rust]
unsafe_code = "forbid"

53
public/agent-client/README.md Normal file
View File

@@ -0,0 +1,53 @@
# Rust API client for agent_client
No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
## Overview
This API client was generated by the [OpenAPI Generator](https://openapi-generator.tech) project. By using the [openapi-spec](https://openapis.org) from a remote server, you can easily generate an API client.
- API version: 0.1.0
- Package version: 0.1.0
- Generator version: 7.18.0
- Build package: `org.openapitools.codegen.languages.RustClientCodegen`
## Installation
Put the package under your project folder in a directory named `agent_client` and add the following to `Cargo.toml` under `[dependencies]`:
```
agent_client = { path = "./agent_client" }
```
## Documentation for API Endpoints
All URIs are relative to *http://localhost*
Class | Method | HTTP request | Description
------------ | ------------- | ------------- | -------------
*NginxAgentApi* | [**status**](docs/NginxAgentApi.md#status) | **GET** /status | Health check endpoint
*NginxAgentApi* | [**validate**](docs/NginxAgentApi.md#validate) | **POST** /validate |
*NginxAgentApi* | [**validate_and_reload**](docs/NginxAgentApi.md#validate_and_reload) | **POST** /validate_and_reload |
*NginxAgentApi* | [**write_config**](docs/NginxAgentApi.md#write_config) | **POST** /write_config |
## Documentation For Models
- [StatusResp](docs/StatusResp.md)
- [ValidateAndReloadBody](docs/ValidateAndReloadBody.md)
- [ValidateAndReloadResp](docs/ValidateAndReloadResp.md)
- [ValidateBody](docs/ValidateBody.md)
- [WriteConfigBody](docs/WriteConfigBody.md)
To get access to the crate's generated documentation, use:
```
cargo doc --open
```
## Author

121
public/agent-client/docs/NginxAgentApi.md Normal file
View File

@@ -0,0 +1,121 @@
# \NginxAgentApi
All URIs are relative to *http://localhost*
Method | HTTP request | Description
------------- | ------------- | -------------
[**status**](NginxAgentApi.md#status) | **GET** /status | Health check endpoint
[**validate**](NginxAgentApi.md#validate) | **POST** /validate |
[**validate_and_reload**](NginxAgentApi.md#validate_and_reload) | **POST** /validate_and_reload |
[**write_config**](NginxAgentApi.md#write_config) | **POST** /write_config |
## status
> models::StatusResp status()
Health check endpoint
### Parameters
This endpoint does not need any parameter.
### Return type
[**models::StatusResp**](StatusResp.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: Not defined
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## validate
> serde_json::Value validate(validate_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**validate_body** | [**ValidateBody**](ValidateBody.md) | | [required] |
### Return type
[**serde_json::Value**](serde_json::Value.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## validate_and_reload
> models::ValidateAndReloadResp validate_and_reload(validate_and_reload_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**validate_and_reload_body** | [**ValidateAndReloadBody**](ValidateAndReloadBody.md) | | [required] |
### Return type
[**models::ValidateAndReloadResp**](ValidateAndReloadResp.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## write_config
> write_config(write_config_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**write_config_body** | [**WriteConfigBody**](WriteConfigBody.md) | | [required] |
### Return type
(empty response body)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)

11
public/agent-client/docs/StatusResp.md Normal file
View File

@@ -0,0 +1,11 @@
# StatusResp
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**ok** | **bool** | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

121
public/agent-client/docs/TagNginxtagApi.md Normal file
View File

@@ -0,0 +1,121 @@
# \TagNginxtagApi
All URIs are relative to *http://localhost*
Method | HTTP request | Description
------------- | ------------- | -------------
[**status**](TagNginxtagApi.md#status) | **GET** /status | Health check endpoint
[**validate**](TagNginxtagApi.md#validate) | **POST** /validate |
[**validate_and_reload**](TagNginxtagApi.md#validate_and_reload) | **POST** /validate_and_reload |
[**write_config**](TagNginxtagApi.md#write_config) | **POST** /write_config |
## status
> models::StatusResp status()
Health check endpoint
### Parameters
This endpoint does not need any parameter.
### Return type
[**models::StatusResp**](StatusResp.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: Not defined
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## validate
> serde_json::Value validate(validate_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**validate_body** | [**ValidateBody**](ValidateBody.md) | | [required] |
### Return type
[**serde_json::Value**](serde_json::Value.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## validate_and_reload
> models::ValidateAndReloadResp validate_and_reload(validate_and_reload_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**validate_and_reload_body** | [**ValidateAndReloadBody**](ValidateAndReloadBody.md) | | [required] |
### Return type
[**models::ValidateAndReloadResp**](ValidateAndReloadResp.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
## write_config
> write_config(write_config_body)
### Parameters
Name | Type | Description | Required | Notes
------------- | ------------- | ------------- | ------------- | -------------
**write_config_body** | [**WriteConfigBody**](WriteConfigBody.md) | | [required] |
### Return type
(empty response body)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)

12
public/agent-client/docs/ValidateAndReloadBody.md Normal file
View File

@@ -0,0 +1,12 @@
# ValidateAndReloadBody
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**config_name** | **String** | |
**timestamp** | **i64** | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

12
public/agent-client/docs/ValidateAndReloadResp.md Normal file
View File

@@ -0,0 +1,12 @@
# ValidateAndReloadResp
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**rc** | **i32** | |
**ro** | **String** | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

12
public/agent-client/docs/ValidateBody.md Normal file
View File

@@ -0,0 +1,12 @@
# ValidateBody
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**config_name** | **String** | |
**timestamp** | **i64** | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

13
public/agent-client/docs/WriteConfigBody.md Normal file
View File

@@ -0,0 +1,13 @@
# WriteConfigBody
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**config_name** | **String** | |
**content** | **String** | |
**timestamp** | **i64** | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

57
public/agent-client/git_push.sh Normal file
View File

@@ -0,0 +1,57 @@
#!/bin/sh
# ref: https://help.github.com/articles/adding-an-existing-project-to-github-using-the-command-line/
#
# Usage example: /bin/sh ./git_push.sh wing328 openapi-petstore-perl "minor update" "gitlab.com"
git_user_id=$1
git_repo_id=$2
release_note=$3
git_host=$4
if [ "$git_host" = "" ]; then
git_host="github.com"
echo "[INFO] No command line input provided. Set \$git_host to $git_host"
fi
if [ "$git_user_id" = "" ]; then
git_user_id="GIT_USER_ID"
echo "[INFO] No command line input provided. Set \$git_user_id to $git_user_id"
fi
if [ "$git_repo_id" = "" ]; then
git_repo_id="GIT_REPO_ID"
echo "[INFO] No command line input provided. Set \$git_repo_id to $git_repo_id"
fi
if [ "$release_note" = "" ]; then
release_note="Minor update"
echo "[INFO] No command line input provided. Set \$release_note to $release_note"
fi
# Initialize the local directory as a Git repository
git init
# Adds the files in the local repository and stages them for commit.
git add .
# Commits the tracked changes and prepares them to be pushed to a remote repository.
git commit -m "$release_note"
# Sets the new remote
git_remote=$(git remote)
if [ "$git_remote" = "" ]; then # git remote not defined
if [ "$GIT_TOKEN" = "" ]; then
echo "[INFO] \$GIT_TOKEN (environment variable) is not set. Using the git credential in your environment."
git remote add origin https://${git_host}/${git_user_id}/${git_repo_id}.git
else
git remote add origin https://${git_user_id}:"${GIT_TOKEN}"@${git_host}/${git_user_id}/${git_repo_id}.git
fi
fi
git pull origin master
# Pushes (Forces) the changes in the local repository up to the remote repository
echo "Git pushing to https://${git_host}/${git_user_id}/${git_repo_id}.git"
git push origin master 2>&1 | grep -v 'To https'

48
public/agent-client/src/apis/configuration.rs Normal file
View File

@@ -0,0 +1,48 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
#[derive(Debug, Clone)]
pub struct Configuration {
pub base_path: String,
pub user_agent: Option<String>,
pub client: reqwest::Client,
pub basic_auth: Option<BasicAuth>,
pub oauth_access_token: Option<String>,
pub bearer_access_token: Option<String>,
pub api_key: Option<ApiKey>,
}
pub type BasicAuth = (String, Option<String>);
#[derive(Debug, Clone)]
pub struct ApiKey {
pub prefix: Option<String>,
pub key: String,
}
impl Configuration {
pub fn new() -> Configuration {
Configuration::default()
}
}
impl Default for Configuration {
fn default() -> Self {
Configuration {
base_path: "http://localhost".to_owned(),
user_agent: Some("OpenAPI-Generator/0.1.0/rust".to_owned()),
client: reqwest::Client::new(),
basic_auth: None,
oauth_access_token: None,
bearer_access_token: None,
api_key: None,
}
}
}

165
public/agent-client/src/apis/mod.rs Normal file
View File

@@ -0,0 +1,165 @@
use std::error;
use std::fmt;
#[derive(Debug, Clone)]
pub struct ResponseContent<T> {
pub status: reqwest::StatusCode,
pub content: String,
pub entity: Option<T>,
}
#[derive(Debug)]
pub enum Error<T> {
Reqwest(reqwest::Error),
Serde(serde_json::Error),
Io(std::io::Error),
ResponseError(ResponseContent<T>),
}
impl<T> fmt::Display for Error<T> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
let (module, e) = match self {
Error::Reqwest(e) => ("reqwest", e.to_string()),
Error::Serde(e) => ("serde", e.to_string()),
Error::Io(e) => ("IO", e.to_string()),
Error::ResponseError(e) => ("response", format!("status code {}", e.status)),
};
write!(f, "error in {}: {}", module, e)
}
}
impl<T: fmt::Debug> error::Error for Error<T> {
fn source(&self) -> Option<&(dyn error::Error + 'static)> {
Some(match self {
Error::Reqwest(e) => e,
Error::Serde(e) => e,
Error::Io(e) => e,
Error::ResponseError(_) => return None,
})
}
}
impl<T> From<reqwest::Error> for Error<T> {
fn from(e: reqwest::Error) -> Self {
Error::Reqwest(e)
}
}
impl<T> From<serde_json::Error> for Error<T> {
fn from(e: serde_json::Error) -> Self {
Error::Serde(e)
}
}
impl<T> From<std::io::Error> for Error<T> {
fn from(e: std::io::Error) -> Self {
Error::Io(e)
}
}
pub fn urlencode<T: AsRef<str>>(s: T) -> String {
::url::form_urlencoded::byte_serialize(s.as_ref().as_bytes()).collect()
}
pub fn parse_deep_object(prefix: &str, value: &serde_json::Value) -> Vec<(String, String)> {
if let serde_json::Value::Object(object) = value {
let mut params = vec![];
for (key, value) in object {
match value {
serde_json::Value::Object(_) => params.append(&mut parse_deep_object(
&format!("{}[{}]", prefix, key),
value,
)),
serde_json::Value::Array(array) => {
for (i, value) in array.iter().enumerate() {
params.append(&mut parse_deep_object(
&format!("{}[{}][{}]", prefix, key, i),
value,
));
}
}
serde_json::Value::String(s) => {
params.push((format!("{}[{}]", prefix, key), s.clone()))
}
_ => params.push((format!("{}[{}]", prefix, key), value.to_string())),
}
}
return params;
}
unimplemented!("Only objects are supported with style=deepObject")
}
/// Internal use only
/// A content type supported by this client.
#[allow(dead_code)]
enum ContentType {
Json,
Text,
Unsupported(String),
}
impl From<&str> for ContentType {
fn from(content_type: &str) -> Self {
if content_type.starts_with("application") && content_type.contains("json") {
return Self::Json;
} else if content_type.starts_with("text/plain") {
return Self::Text;
} else {
return Self::Unsupported(content_type.to_string());
}
}
}
pub mod nginx_agent_api;
pub mod configuration;
use std::sync::Arc;
pub trait Api {
fn nginx_agent_api(&self) -> &dyn nginx_agent_api::NginxAgentApi;
}
pub struct ApiClient {
nginx_agent_api: Box<dyn nginx_agent_api::NginxAgentApi>,
}
impl ApiClient {
pub fn new(configuration: Arc<configuration::Configuration>) -> Self {
Self {
nginx_agent_api: Box::new(nginx_agent_api::NginxAgentApiClient::new(
configuration.clone(),
)),
}
}
}
impl Api for ApiClient {
fn nginx_agent_api(&self) -> &dyn nginx_agent_api::NginxAgentApi {
self.nginx_agent_api.as_ref()
}
}
#[cfg(feature = "mockall")]
pub struct MockApiClient {
pub nginx_agent_api_mock: nginx_agent_api::MockNginxAgentApi,
}
#[cfg(feature = "mockall")]
impl MockApiClient {
pub fn new() -> Self {
Self {
nginx_agent_api_mock: nginx_agent_api::MockNginxAgentApi::new(),
}
}
}
#[cfg(feature = "mockall")]
impl Api for MockApiClient {
fn nginx_agent_api(&self) -> &dyn nginx_agent_api::NginxAgentApi {
&self.nginx_agent_api_mock
}
}

329
public/agent-client/src/apis/nginx_agent_api.rs Normal file
View File

@@ -0,0 +1,329 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use super::{configuration, Error};
use crate::apis::ContentType;
use crate::{apis::ResponseContent, models};
use async_trait::async_trait;
#[cfg(feature = "mockall")]
use mockall::automock;
use reqwest;
use serde::{de::Error as _, Deserialize, Serialize};
use std::sync::Arc;
#[cfg_attr(feature = "mockall", automock)]
#[async_trait]
pub trait NginxAgentApi: Send + Sync {
/// GET /status
///
///
async fn status(&self) -> Result<ResponseContent<StatusSuccess>, Error<StatusError>>;
/// POST /validate
///
///
async fn validate(
&self,
params: ValidateParams,
) -> Result<ResponseContent<ValidateSuccess>, Error<ValidateError>>;
/// POST /validate_and_reload
///
///
async fn validate_and_reload(
&self,
params: ValidateAndReloadParams,
) -> Result<ResponseContent<ValidateAndReloadSuccess>, Error<ValidateAndReloadError>>;
/// POST /write_config
///
///
async fn write_config(
&self,
params: WriteConfigParams,
) -> Result<ResponseContent<WriteConfigSuccess>, Error<WriteConfigError>>;
}
pub struct NginxAgentApiClient {
configuration: Arc<configuration::Configuration>,
}
impl NginxAgentApiClient {
pub fn new(configuration: Arc<configuration::Configuration>) -> Self {
Self { configuration }
}
}
/// struct for passing parameters to the method [`NginxAgentApi::validate`]
#[derive(Clone, Debug)]
pub struct ValidateParams {
pub validate_body: models::ValidateBody,
}
/// struct for passing parameters to the method [`NginxAgentApi::validate_and_reload`]
#[derive(Clone, Debug)]
pub struct ValidateAndReloadParams {
pub validate_and_reload_body: models::ValidateAndReloadBody,
}
/// struct for passing parameters to the method [`NginxAgentApi::write_config`]
#[derive(Clone, Debug)]
pub struct WriteConfigParams {
pub write_config_body: models::WriteConfigBody,
}
#[async_trait]
impl NginxAgentApi for NginxAgentApiClient {
async fn status(&self) -> Result<ResponseContent<StatusSuccess>, Error<StatusError>> {
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/status", local_var_configuration.base_path);
let mut local_var_req_builder =
local_var_client.request(reqwest::Method::GET, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder
.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<StatusSuccess> =
serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Ok(local_var_result)
} else {
let local_var_entity: Option<StatusError> =
serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Err(Error::ResponseError(local_var_error))
}
}
async fn validate(
&self,
params: ValidateParams,
) -> Result<ResponseContent<ValidateSuccess>, Error<ValidateError>> {
let ValidateParams { validate_body } = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/validate", local_var_configuration.base_path);
let mut local_var_req_builder =
local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder
.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&validate_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<ValidateSuccess> =
serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Ok(local_var_result)
} else {
let local_var_entity: Option<ValidateError> =
serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Err(Error::ResponseError(local_var_error))
}
}
async fn validate_and_reload(
&self,
params: ValidateAndReloadParams,
) -> Result<ResponseContent<ValidateAndReloadSuccess>, Error<ValidateAndReloadError>> {
let ValidateAndReloadParams {
validate_and_reload_body,
} = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str =
format!("{}/validate_and_reload", local_var_configuration.base_path);
let mut local_var_req_builder =
local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder
.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&validate_and_reload_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<ValidateAndReloadSuccess> =
serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Ok(local_var_result)
} else {
let local_var_entity: Option<ValidateAndReloadError> =
serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Err(Error::ResponseError(local_var_error))
}
}
async fn write_config(
&self,
params: WriteConfigParams,
) -> Result<ResponseContent<WriteConfigSuccess>, Error<WriteConfigError>> {
let WriteConfigParams { write_config_body } = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/write_config", local_var_configuration.base_path);
let mut local_var_req_builder =
local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder
.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&write_config_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<WriteConfigSuccess> =
serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Ok(local_var_result)
} else {
let local_var_entity: Option<WriteConfigError> =
serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent {
status: local_var_status,
content: local_var_content,
entity: local_var_entity,
};
Err(Error::ResponseError(local_var_error))
}
}
}
/// struct for typed successes of method [`NginxAgentApi::status`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum StatusSuccess {
Status200(models::StatusResp),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`NginxAgentApi::validate`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateSuccess {
Status200(serde_json::Value),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`NginxAgentApi::validate_and_reload`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateAndReloadSuccess {
Status200(models::ValidateAndReloadResp),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`NginxAgentApi::write_config`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum WriteConfigSuccess {
Status200(),
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`NginxAgentApi::status`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum StatusError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`NginxAgentApi::validate`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`NginxAgentApi::validate_and_reload`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateAndReloadError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`NginxAgentApi::write_config`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum WriteConfigError {
Status500(serde_json::Value),
UnknownValue(serde_json::Value),
}

280
public/agent-client/src/apis/tag_nginxtag_api.rs Normal file
View File

@@ -0,0 +1,280 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use async_trait::async_trait;
#[cfg(feature = "mockall")]
use mockall::automock;
use reqwest;
use std::sync::Arc;
use serde::{Deserialize, Serialize, de::Error as _};
use crate::{apis::ResponseContent, models};
use super::{Error, configuration};
use crate::apis::ContentType;
#[cfg_attr(feature = "mockall", automock)]
#[async_trait]
pub trait TagNginxtagApi: Send + Sync {
/// GET /status
///
///
async fn status(&self, ) -> Result<ResponseContent<StatusSuccess>, Error<StatusError>>;
/// POST /validate
///
///
async fn validate(&self, params: ValidateParams ) -> Result<ResponseContent<ValidateSuccess>, Error<ValidateError>>;
/// POST /validate_and_reload
///
///
async fn validate_and_reload(&self, params: ValidateAndReloadParams ) -> Result<ResponseContent<ValidateAndReloadSuccess>, Error<ValidateAndReloadError>>;
/// POST /write_config
///
///
async fn write_config(&self, params: WriteConfigParams ) -> Result<ResponseContent<WriteConfigSuccess>, Error<WriteConfigError>>;
}
pub struct TagNginxtagApiClient {
configuration: Arc<configuration::Configuration>
}
impl TagNginxtagApiClient {
pub fn new(configuration: Arc<configuration::Configuration>) -> Self {
Self { configuration }
}
}
/// struct for passing parameters to the method [`TagNginxtagApi::validate`]
#[derive(Clone, Debug)]
pub struct ValidateParams {
pub validate_body: models::ValidateBody
}
/// struct for passing parameters to the method [`TagNginxtagApi::validate_and_reload`]
#[derive(Clone, Debug)]
pub struct ValidateAndReloadParams {
pub validate_and_reload_body: models::ValidateAndReloadBody
}
/// struct for passing parameters to the method [`TagNginxtagApi::write_config`]
#[derive(Clone, Debug)]
pub struct WriteConfigParams {
pub write_config_body: models::WriteConfigBody
}
#[async_trait]
impl TagNginxtagApi for TagNginxtagApiClient {
async fn status(&self, ) -> Result<ResponseContent<StatusSuccess>, Error<StatusError>> {
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/status", local_var_configuration.base_path);
let mut local_var_req_builder = local_var_client.request(reqwest::Method::GET, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<StatusSuccess> = serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Ok(local_var_result)
} else {
let local_var_entity: Option<StatusError> = serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Err(Error::ResponseError(local_var_error))
}
}
async fn validate(&self, params: ValidateParams ) -> Result<ResponseContent<ValidateSuccess>, Error<ValidateError>> {
let ValidateParams {
validate_body,
} = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/validate", local_var_configuration.base_path);
let mut local_var_req_builder = local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&validate_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<ValidateSuccess> = serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Ok(local_var_result)
} else {
let local_var_entity: Option<ValidateError> = serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Err(Error::ResponseError(local_var_error))
}
}
async fn validate_and_reload(&self, params: ValidateAndReloadParams ) -> Result<ResponseContent<ValidateAndReloadSuccess>, Error<ValidateAndReloadError>> {
let ValidateAndReloadParams {
validate_and_reload_body,
} = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/validate_and_reload", local_var_configuration.base_path);
let mut local_var_req_builder = local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&validate_and_reload_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<ValidateAndReloadSuccess> = serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Ok(local_var_result)
} else {
let local_var_entity: Option<ValidateAndReloadError> = serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Err(Error::ResponseError(local_var_error))
}
}
async fn write_config(&self, params: WriteConfigParams ) -> Result<ResponseContent<WriteConfigSuccess>, Error<WriteConfigError>> {
let WriteConfigParams {
write_config_body,
} = params;
let local_var_configuration = &self.configuration;
let local_var_client = &local_var_configuration.client;
let local_var_uri_str = format!("{}/write_config", local_var_configuration.base_path);
let mut local_var_req_builder = local_var_client.request(reqwest::Method::POST, local_var_uri_str.as_str());
if let Some(ref local_var_user_agent) = local_var_configuration.user_agent {
local_var_req_builder = local_var_req_builder.header(reqwest::header::USER_AGENT, local_var_user_agent.clone());
}
local_var_req_builder = local_var_req_builder.json(&write_config_body);
let local_var_req = local_var_req_builder.build()?;
let local_var_resp = local_var_client.execute(local_var_req).await?;
let local_var_status = local_var_resp.status();
let local_var_content = local_var_resp.text().await?;
if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
let local_var_entity: Option<WriteConfigSuccess> = serde_json::from_str(&local_var_content).ok();
let local_var_result = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Ok(local_var_result)
} else {
let local_var_entity: Option<WriteConfigError> = serde_json::from_str(&local_var_content).ok();
let local_var_error = ResponseContent { status: local_var_status, content: local_var_content, entity: local_var_entity };
Err(Error::ResponseError(local_var_error))
}
}
}
/// struct for typed successes of method [`TagNginxtagApi::status`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum StatusSuccess {
Status200(models::StatusResp),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`TagNginxtagApi::validate`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateSuccess {
Status200(serde_json::Value),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`TagNginxtagApi::validate_and_reload`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateAndReloadSuccess {
Status200(models::ValidateAndReloadResp),
UnknownValue(serde_json::Value),
}
/// struct for typed successes of method [`TagNginxtagApi::write_config`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum WriteConfigSuccess {
Status200(),
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`TagNginxtagApi::status`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum StatusError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`TagNginxtagApi::validate`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`TagNginxtagApi::validate_and_reload`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum ValidateAndReloadError {
UnknownValue(serde_json::Value),
}
/// struct for typed errors of method [`TagNginxtagApi::write_config`]
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(untagged)]
pub enum WriteConfigError {
Status500(serde_json::Value),
UnknownValue(serde_json::Value),
}

10
public/agent-client/src/lib.rs Normal file
View File

@@ -0,0 +1,10 @@
#![allow(unused_imports)]
#![allow(clippy::too_many_arguments)]
extern crate serde;
extern crate serde_json;
extern crate serde_repr;
extern crate url;
pub mod apis;
pub mod models;

10
public/agent-client/src/models/mod.rs Normal file
View File

@@ -0,0 +1,10 @@
pub mod status_resp;
pub use self::status_resp::StatusResp;
pub mod validate_and_reload_body;
pub use self::validate_and_reload_body::ValidateAndReloadBody;
pub mod validate_and_reload_resp;
pub use self::validate_and_reload_resp::ValidateAndReloadResp;
pub mod validate_body;
pub use self::validate_body::ValidateBody;
pub mod write_config_body;
pub use self::write_config_body::WriteConfigBody;

24
public/agent-client/src/models/status_resp.rs Normal file
View File

@@ -0,0 +1,24 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
use serde::{Deserialize, Serialize};
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct StatusResp {
#[serde(rename = "ok")]
pub ok: bool,
}
impl StatusResp {
pub fn new(ok: bool) -> StatusResp {
StatusResp { ok }
}
}

29
public/agent-client/src/models/validate_and_reload_body.rs Normal file
View File

@@ -0,0 +1,29 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
use serde::{Deserialize, Serialize};
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct ValidateAndReloadBody {
#[serde(rename = "config_name")]
pub config_name: String,
#[serde(rename = "timestamp")]
pub timestamp: i64,
}
impl ValidateAndReloadBody {
pub fn new(config_name: String, timestamp: i64) -> ValidateAndReloadBody {
ValidateAndReloadBody {
config_name,
timestamp,
}
}
}

26
public/agent-client/src/models/validate_and_reload_resp.rs Normal file
View File

@@ -0,0 +1,26 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
use serde::{Deserialize, Serialize};
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct ValidateAndReloadResp {
#[serde(rename = "rc")]
pub rc: i32,
#[serde(rename = "ro")]
pub ro: String,
}
impl ValidateAndReloadResp {
pub fn new(rc: i32, ro: String) -> ValidateAndReloadResp {
ValidateAndReloadResp { rc, ro }
}
}

29
public/agent-client/src/models/validate_body.rs Normal file
View File

@@ -0,0 +1,29 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
use serde::{Deserialize, Serialize};
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct ValidateBody {
#[serde(rename = "config_name")]
pub config_name: String,
#[serde(rename = "timestamp")]
pub timestamp: i64,
}
impl ValidateBody {
pub fn new(config_name: String, timestamp: i64) -> ValidateBody {
ValidateBody {
config_name,
timestamp,
}
}
}

32
public/agent-client/src/models/write_config_body.rs Normal file
View File

@@ -0,0 +1,32 @@
/*
* yanpm-agent
*
* No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
*
* The version of the OpenAPI document: 0.1.0
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
use serde::{Deserialize, Serialize};
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct WriteConfigBody {
#[serde(rename = "config_name")]
pub config_name: String,
#[serde(rename = "content")]
pub content: String,
#[serde(rename = "timestamp")]
pub timestamp: i64,
}
impl WriteConfigBody {
pub fn new(config_name: String, content: String, timestamp: i64) -> WriteConfigBody {
WriteConfigBody {
config_name,
content,
timestamp,
}
}
}