feat: add HTTP Management API, migrate CLI from Akka ClusterClient to HTTP
Replace the CLI's Akka.NET ClusterClient transport with a simple HTTP client targeting a new POST /management endpoint on the Central Host. The endpoint handles Basic Auth, LDAP authentication, role resolution, and ManagementActor dispatch in a single round-trip — eliminating the CLI's Akka, LDAP, and Security dependencies. Also fixes DCL ReSubscribeAll losing subscriptions on repeated reconnect by deriving the tag list from _subscriptionsByInstance instead of _subscriptionIds.
This commit is contained in:
Joseph Doherty
@@ -1,46 +1,37 @@
|
||||
using System.CommandLine;
|
||||
using System.CommandLine.Parsing;
|
||||
using System.Text.Json;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Logging.Abstractions;
|
||||
using Microsoft.Extensions.Options;
|
||||
using ScadaLink.Commons.Messages.Management;
|
||||
using ScadaLink.Security;
|
||||
|
||||
namespace ScadaLink.CLI.Commands;
|
||||
|
||||
internal static class CommandHelpers
|
||||
{
|
||||
internal static string NewCorrelationId() => Guid.NewGuid().ToString("N");
|
||||
|
||||
internal static async Task<int> ExecuteCommandAsync(
|
||||
ParseResult result,
|
||||
Option<string> contactPointsOption,
|
||||
Option<string> urlOption,
|
||||
Option<string> formatOption,
|
||||
Option<string> usernameOption,
|
||||
Option<string> passwordOption,
|
||||
object command)
|
||||
{
|
||||
var contactPointsRaw = result.GetValue(contactPointsOption);
|
||||
var format = result.GetValue(formatOption) ?? "json";
|
||||
|
||||
var config = CliConfig.Load();
|
||||
|
||||
if (string.IsNullOrWhiteSpace(contactPointsRaw))
|
||||
{
|
||||
if (config.ContactPoints.Count > 0)
|
||||
contactPointsRaw = string.Join(",", config.ContactPoints);
|
||||
}
|
||||
// Resolve management URL
|
||||
var url = result.GetValue(urlOption);
|
||||
if (string.IsNullOrWhiteSpace(url))
|
||||
url = config.ManagementUrl;
|
||||
|
||||
if (string.IsNullOrWhiteSpace(contactPointsRaw))
|
||||
if (string.IsNullOrWhiteSpace(url))
|
||||
{
|
||||
OutputFormatter.WriteError("No contact points specified. Use --contact-points or set SCADALINK_CONTACT_POINTS.", "NO_CONTACT_POINTS");
|
||||
OutputFormatter.WriteError(
|
||||
"No management URL specified. Use --url, set SCADALINK_MANAGEMENT_URL, or add 'managementUrl' to ~/.scadalink/config.json.",
|
||||
"NO_URL");
|
||||
return 1;
|
||||
}
|
||||
|
||||
var contactPoints = contactPointsRaw.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
|
||||
|
||||
// Authenticate via LDAP
|
||||
// Validate credentials
|
||||
var username = result.GetValue(usernameOption);
|
||||
var password = result.GetValue(passwordOption);
|
||||
|
||||
@@ -52,99 +43,36 @@ internal static class CommandHelpers
|
||||
return 1;
|
||||
}
|
||||
|
||||
// Authenticate against LDAP
|
||||
var securityOptions = new SecurityOptions
|
||||
{
|
||||
LdapServer = config.LdapServer ?? string.Empty,
|
||||
LdapPort = config.LdapPort,
|
||||
LdapUseTls = config.LdapUseTls,
|
||||
AllowInsecureLdap = !config.LdapUseTls,
|
||||
LdapSearchBase = config.LdapSearchBase,
|
||||
LdapServiceAccountDn = config.LdapServiceAccountDn,
|
||||
LdapServiceAccountPassword = config.LdapServiceAccountPassword
|
||||
};
|
||||
// Derive command name from type
|
||||
var commandName = ManagementCommandRegistry.GetCommandName(command.GetType());
|
||||
|
||||
var ldapAuth = new LdapAuthService(
|
||||
Options.Create(securityOptions),
|
||||
NullLogger<LdapAuthService>.Instance);
|
||||
|
||||
var authResult = await ldapAuth.AuthenticateAsync(username, password);
|
||||
|
||||
if (!authResult.Success)
|
||||
{
|
||||
OutputFormatter.WriteError(
|
||||
authResult.ErrorMessage ?? "Authentication failed.",
|
||||
"AUTH_FAILED");
|
||||
return 1;
|
||||
}
|
||||
|
||||
await using var connection = new ClusterConnection();
|
||||
await connection.ConnectAsync(contactPoints, TimeSpan.FromSeconds(10));
|
||||
|
||||
// Resolve roles server-side
|
||||
var resolveEnvelope = new ManagementEnvelope(
|
||||
new AuthenticatedUser(authResult.Username!, authResult.DisplayName!, Array.Empty<string>(), Array.Empty<string>()),
|
||||
new ResolveRolesCommand(authResult.Groups ?? (IReadOnlyList<string>)Array.Empty<string>()),
|
||||
NewCorrelationId());
|
||||
var resolveResponse = await connection.AskManagementAsync(resolveEnvelope, TimeSpan.FromSeconds(30));
|
||||
|
||||
string[] roles;
|
||||
string[] permittedSiteIds;
|
||||
|
||||
if (resolveResponse is ManagementSuccess resolveSuccess)
|
||||
{
|
||||
var rolesDoc = JsonDocument.Parse(resolveSuccess.JsonData);
|
||||
roles = rolesDoc.RootElement.TryGetProperty("Roles", out var rolesEl)
|
||||
? rolesEl.EnumerateArray().Select(e => e.GetString()!).ToArray()
|
||||
: Array.Empty<string>();
|
||||
permittedSiteIds = rolesDoc.RootElement.TryGetProperty("PermittedSiteIds", out var sitesEl)
|
||||
? sitesEl.EnumerateArray().Select(e => e.GetString()!).ToArray()
|
||||
: Array.Empty<string>();
|
||||
}
|
||||
else
|
||||
{
|
||||
return HandleResponse(resolveResponse, format);
|
||||
}
|
||||
|
||||
var authenticatedUser = new AuthenticatedUser(
|
||||
authResult.Username!,
|
||||
authResult.DisplayName!,
|
||||
roles,
|
||||
permittedSiteIds);
|
||||
|
||||
var envelope = new ManagementEnvelope(authenticatedUser, command, NewCorrelationId());
|
||||
var response = await connection.AskManagementAsync(envelope, TimeSpan.FromSeconds(30));
|
||||
// Send via HTTP
|
||||
using var client = new ManagementHttpClient(url, username, password);
|
||||
var response = await client.SendCommandAsync(commandName, command, TimeSpan.FromSeconds(30));
|
||||
|
||||
return HandleResponse(response, format);
|
||||
}
|
||||
|
||||
internal static int HandleResponse(object response, string format)
|
||||
internal static int HandleResponse(ManagementResponse response, string format)
|
||||
{
|
||||
switch (response)
|
||||
if (response.JsonData != null)
|
||||
{
|
||||
case ManagementSuccess success:
|
||||
if (string.Equals(format, "table", StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
WriteAsTable(success.JsonData);
|
||||
}
|
||||
else
|
||||
{
|
||||
Console.WriteLine(success.JsonData);
|
||||
}
|
||||
return 0;
|
||||
|
||||
case ManagementError error:
|
||||
OutputFormatter.WriteError(error.Error, error.ErrorCode);
|
||||
return 1;
|
||||
|
||||
case ManagementUnauthorized unauth:
|
||||
OutputFormatter.WriteError(unauth.Message, "UNAUTHORIZED");
|
||||
return 2;
|
||||
|
||||
default:
|
||||
OutputFormatter.WriteError($"Unexpected response type: {response.GetType().Name}", "UNEXPECTED_RESPONSE");
|
||||
return 1;
|
||||
if (string.Equals(format, "table", StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
WriteAsTable(response.JsonData);
|
||||
}
|
||||
else
|
||||
{
|
||||
Console.WriteLine(response.JsonData);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
var errorCode = response.ErrorCode ?? "ERROR";
|
||||
var error = response.Error ?? "Unknown error";
|
||||
|
||||
OutputFormatter.WriteError(error, errorCode);
|
||||
return response.StatusCode == 403 ? 2 : 1;
|
||||
}
|
||||
|
||||
private static void WriteAsTable(string json)
|
||||
@@ -161,7 +89,6 @@ internal static class CommandHelpers
|
||||
return;
|
||||
}
|
||||
|
||||
// Extract headers from first object's property names
|
||||
var headers = items[0].ValueKind == JsonValueKind.Object
|
||||
? items[0].EnumerateObject().Select(p => p.Name).ToArray()
|
||||
: new[] { "Value" };
|
||||
@@ -182,7 +109,6 @@ internal static class CommandHelpers
|
||||
}
|
||||
else if (root.ValueKind == JsonValueKind.Object)
|
||||
{
|
||||
// Single object: render as key-value pairs
|
||||
var headers = new[] { "Property", "Value" };
|
||||
var rows = root.EnumerateObject().Select(p =>
|
||||
new[] { p.Name, p.Value.ValueKind == JsonValueKind.Null ? "" : p.Value.ToString() });
|
||||
|
||||
Reference in New Issue
Block a user