Apr 27th Update

2025-09-29 11:16:30 +03:00 · 2023-04-27 19:05:49 +00:00
parent cd4fb6e3e8
commit fd2d9fa081
89 changed files with 2175 additions and 544 deletions
--- a/components/security_apps/orchestration/service_controller/service_controller.cc
+++ b/components/security_apps/orchestration/service_controller/service_controller.cc
@@ -296,6 +296,10 @@ public:
        const string &service_id
    ) override;

+    bool doesFailedServicesExist() override;
+
+    void clearFailedServices() override;
+
 private:
    void cleanUpVirtualFiles();

@@ -323,6 +327,7 @@ private:
    string update_policy_version;
    string settings_path;
    map<int, ReconfStatus> services_reconf_status;
+    map<int, ReconfStatus> failed_services;
    map<int, string> services_reconf_names;
    map<int, string> services_reconf_ids;
    string filesystem_prefix;
@@ -387,9 +392,24 @@ ServiceController::Impl::getUpdatedReconfStatus()

        if (res < service_and_reconf_status.second)  res = service_and_reconf_status.second;
    }
+
    return res;
 }

+// LCOV_EXCL_START Reason: future fix will be done
+void
+ServiceController::Impl::clearFailedServices()
+{
+    failed_services.clear();
+}
+
+bool
+ServiceController::Impl::doesFailedServicesExist()
+{
+    return (failed_services.size() > 0);
+}
+// LCOV_EXCL_STOP
+
 void
 ServiceController::Impl::init()
 {
@@ -775,18 +795,11 @@ ServiceController::Impl::updateServiceConfiguration(
        if (new_policy_path.compare(config_file_path) == 0) {
            dbgDebug(D_ORCHESTRATOR) << "Enforcing the default policy file";
            policy_version = version_value;
-
            return true;
        }

        string backup_ext = getConfigurationWithDefault<string>(".bk", "orchestration", "Backup file extension");

-        // Save the new configuration file.
-        if (!orchestration_tools->copyFile(new_policy_path, config_file_path)) {
-            dbgWarning(D_ORCHESTRATOR) << "Failed to save the policy file.";
-            return false;
-        }
-
        // Backup the current configuration file.
        uint max_backup_attempts = 3;
        bool is_backup_succeed = false;
@@ -794,7 +807,7 @@ ServiceController::Impl::updateServiceConfiguration(
        I_MainLoop *mainloop = Singleton::Consume<I_MainLoop>::by<ServiceController>();

        for (size_t i = 0; i < max_backup_attempts; i++) {
-            if (orchestration_tools->copyFile(new_policy_path, backup_file)) {
+            if (orchestration_tools->copyFile(config_file_path, backup_file)) {
                is_backup_succeed = true;
                break;
            }
@@ -807,6 +820,12 @@ ServiceController::Impl::updateServiceConfiguration(
        }

        policy_version = version_value;
+
+        // Save the new configuration file.
+        if (!orchestration_tools->copyFile(new_policy_path, config_file_path)) {
+            dbgWarning(D_ORCHESTRATOR) << "Failed to save the policy file.";
+            return false;
+        }
    }

    return was_policy_updated;
@@ -835,7 +854,7 @@ ServiceController::Impl::sendSignalForServices(
        }

        if (reconf_status == ReconfStatus::FAILED) {
-            dbgDebug(D_ORCHESTRATOR) << "The reconfiguration failed for serivce " << service_id;
+            dbgDebug(D_ORCHESTRATOR) << "The reconfiguration failed for serivce: " << service_id;
            services_reconf_status.clear();
            services_reconf_names.clear();
            return false;
@@ -972,6 +991,10 @@ ServiceController::Impl::getUpdatePolicyVersion() const
 void
 ServiceController::Impl::updateReconfStatus(int id, ReconfStatus status)
 {
+    if (status == ReconfStatus::FAILED) {
+        failed_services.emplace(id, status);
+    }
+
    if (services_reconf_status.find(id) == services_reconf_status.end()) {
        dbgError(D_ORCHESTRATOR) << "Service reconfiguration monitor received illegal id :" << id;
        return;
--- a/components/security_apps/orchestration/service_controller/service_controller_ut/service_controller_ut.cc
+++ b/components/security_apps/orchestration/service_controller/service_controller_ut/service_controller_ut.cc
@@ -254,7 +254,7 @@ TEST_F(ServiceControllerTest, UpdateConfiguration)

    EXPECT_EQ(i_service_controller->getPolicyVersion(), "");

-    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
        .WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));

@@ -346,7 +346,7 @@ TEST_F(ServiceControllerTest, TimeOutUpdateConfiguration)

    EXPECT_EQ(i_service_controller->getPolicyVersion(), "");

-    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
        .WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));

@@ -465,7 +465,7 @@ TEST_F(ServiceControllerTest, writeRegisteredServicesFromFile)

    EXPECT_EQ(i_service_controller->getPolicyVersion(), "");

-    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
        .WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));

@@ -606,7 +606,7 @@ TEST_F(ServiceControllerTest, noPolicyUpdate)
        .WillOnce(Return(json_parser_return));
    EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, readFile(l4_firewall_policy_path)).WillOnce(Return(l4_firewall));
-    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
        .WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_status,
@@ -697,7 +697,7 @@ TEST_F(ServiceControllerTest, SettingsAndPolicyUpdateCombinations)

    EXPECT_EQ(i_service_controller->getPolicyVersion(), "");

-    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
        .WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));

@@ -743,7 +743,7 @@ TEST_F(ServiceControllerTest, SettingsAndPolicyUpdateCombinations)
        .WillOnce(Return(json_parser_return));
    EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, readFile(l4_firewall_policy_path)).WillOnce(Return(l4_firewall));
-    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
        .WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_status,
@@ -849,7 +849,7 @@ TEST_F(ServiceControllerTest, backup)
        mock_orchestration_tools,
        writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true)
    );
-    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
        .WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));

@@ -963,7 +963,7 @@ TEST_F(ServiceControllerTest, backupAttempts)
        writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true)
    );

-    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
        .WillOnce(Return(false))
        .WillOnce(Return(false))
        .WillOnce(Return(true));
@@ -1078,7 +1078,7 @@ TEST_F(ServiceControllerTest, MultiUpdateConfiguration)

    EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, writeFile(orchestration, orchestration_policy_path)).WillOnce(Return(true));
-    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
        .WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));

@@ -1136,7 +1136,7 @@ TEST_F(ServiceControllerTest, emptyServices)
        Return(json_parser_return)
    );

-    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
        .WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));

@@ -1355,19 +1355,17 @@ TEST_F(ServiceControllerTest, ErrorUpdateConfigurationRest)
            _
        )
    ).WillRepeatedly(Return(string("not-registered")));
-    EXPECT_CALL(
-        mock_orchestration_tools,
-        copyFile(file_name, policy_file_path)
-    ).WillOnce(Return(false));
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
+        .WillOnce(Return(true));
+    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));

-    EXPECT_FALSE(i_service_controller->updateServiceConfiguration(file_name, ""));
+    EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, ""));
    EXPECT_THAT(
        capture_debug.str(),
        HasSubstr("Service mock access control is inactive")
    );
    EXPECT_FALSE(i_service_controller->isServiceInstalled("family1_id2"));
-    EXPECT_NE(i_service_controller->getPolicyVersion(), version_value);
-    EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
+    EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
    EXPECT_EQ(i_service_controller->getUpdatePolicyVersion(), version_value);
 }

@@ -1567,7 +1565,7 @@ TEST_F(ServiceControllerTest, testMultitenantConfFiles)
        );

        string new_policy_file_path = "/etc/cp/conf/tenant_" + tenant + "_profile_" + profile + "/" + "policy.json";
-        EXPECT_CALL(mock_orchestration_tools, copyFile(conf_file_name, new_policy_file_path + backup_extension))
+        EXPECT_CALL(mock_orchestration_tools, copyFile(new_policy_file_path, new_policy_file_path + backup_extension))
            .WillOnce(Return(true));
        EXPECT_CALL(mock_orchestration_tools, copyFile(conf_file_name, new_policy_file_path)).WillOnce(Return(true));

@@ -1664,7 +1662,7 @@ TEST_F(ServiceControllerTest, test_delayed_reconf)
    EXPECT_CALL(mock_orchestration_status,
        setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));

-    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
+    EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
        .WillOnce(Return(true));
    EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
    EXPECT_CALL(mock_ml, yield(false)).Times(AnyNumber());