feat(controller,app): use new edge new mountpoints api

fix(server,api): return 'not found' errors
feat: update arcad/edge dependency
2023-04-20 12:23:17 +02:00 · 2023-04-20 12:22:30 +02:00 · 2023-04-20 11:01:04 +02:00 · 2023-04-20 10:59:27 +02:00 · 2023-04-14 16:29:09 +02:00 · 2023-04-13 13:48:33 +02:00
17 changed files with 500 additions and 131 deletions
--- a/11
+++ b/11
@ -154,4 +154,13 @@ load-sample-specs:
 	cat misc/spec-samples/mdns.emissary.cadoles.com.json | ./bin/server api agent spec update -a $(AGENT_ID) --no-patch --spec-data - --spec-name mdns.emissary.cadoles.com

 full-version:
-	@echo $(FULL_VERSION)
+	@echo $(FULL_VERSION)
+
+update-edge-lib:
+	git pull --rebase
+	GOPRIVATE=forge.cadoles.com/arcad/edge go get -u forge.cadoles.com/arcad/edge
+	go mod tidy
+	$(MAKE) test
+	git add go.mod go.sum
+	git commit -m "feat: update arcad/edge dependency"
+	git push
--- a/go.mod
+++ b/go.mod
@ -3,7 +3,7 @@ module forge.cadoles.com/Cadoles/emissary
 go 1.19

 require (
-	forge.cadoles.com/arcad/edge v0.0.0-20230406171836-da73b842e112
+	forge.cadoles.com/arcad/edge v0.0.0-20230420084103-20c4189599c5
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/alecthomas/participle/v2 v2.0.0-beta.5
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
@ -25,7 +25,7 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/qri-io/jsonschema v0.2.1
 	github.com/urfave/cli/v2 v2.24.4
-	gitlab.com/wpetit/goweb v0.0.0-20230227162855-a1f09bafccb3
+	gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b
 	gopkg.in/yaml.v3 v3.0.1
 	modernc.org/sqlite v1.21.0
 )
--- a/go.sum
+++ b/go.sum
@ -54,8 +54,8 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-forge.cadoles.com/arcad/edge v0.0.0-20230406171836-da73b842e112 h1:XlDIFCdUf3Pq26uecJ+KYPCCx5le8GJvFGfryT9HFSA=
-forge.cadoles.com/arcad/edge v0.0.0-20230406171836-da73b842e112/go.mod h1:Vx4iq/oewXUOkGyi8QKc14clTLNO1sWpb0SjBYELlAs=
+forge.cadoles.com/arcad/edge v0.0.0-20230420084103-20c4189599c5 h1:YDMFsNnEQC5ixv4swcwInMda2se4oo6Iok8B+13nsCU=
+forge.cadoles.com/arcad/edge v0.0.0-20230420084103-20c4189599c5/go.mod h1:VShMOiyzb5sE6f8KwfZNhcK8UiAhU36cfEvRFiowoNY=
 gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
 github.com/Azure/azure-pipeline-go v0.2.3/go.mod h1:x841ezTBIMG6O3lAcl8ATHnsOPVl2bqk7S3ta6S6u4k=
@ -1310,8 +1310,8 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPS
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b/go.mod h1:T3BPAOm2cqquPa0MKWeNkmOM5RQsRhkrwMWonFMN7fE=
-gitlab.com/wpetit/goweb v0.0.0-20230227162855-a1f09bafccb3 h1:ddXRTeqEr7LcHQEtkd6gogZOh9tI1Y6Gappr0a1oa2I=
-gitlab.com/wpetit/goweb v0.0.0-20230227162855-a1f09bafccb3/go.mod h1:3sus4zjoUv1GB7eDLL60QaPkUnXJCWBpjvbe0jWifeY=
+gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b h1:nkvOl8TCj/mErADnwFFynjxBtC+hHsrESw6rw56JGmg=
+gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b/go.mod h1:3sus4zjoUv1GB7eDLL60QaPkUnXJCWBpjvbe0jWifeY=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
--- a/internal/agent/controller/app/app_handler.go
+++ b/internal/agent/controller/app/app_handler.go
@ -17,14 +17,13 @@ import (
 	edgeHTTP "forge.cadoles.com/arcad/edge/pkg/http"
 	"forge.cadoles.com/arcad/edge/pkg/module"
 	appModule "forge.cadoles.com/arcad/edge/pkg/module/app"
-	"forge.cadoles.com/arcad/edge/pkg/module/auth"
 	"forge.cadoles.com/arcad/edge/pkg/module/blob"
 	"forge.cadoles.com/arcad/edge/pkg/module/cast"
 	fetchModule "forge.cadoles.com/arcad/edge/pkg/module/fetch"
 	netModule "forge.cadoles.com/arcad/edge/pkg/module/net"
 	"forge.cadoles.com/arcad/edge/pkg/storage/sqlite"
 	"github.com/Masterminds/sprig/v3"
-	"github.com/dop251/goja"
+	"github.com/go-chi/chi/v5"
 	"github.com/lestrrat-go/jwx/v2/jwa"
 	"github.com/pkg/errors"
 	"gitlab.com/wpetit/goweb/logger"
@ -49,18 +48,26 @@ func (c *Controller) getHandlerOptions(ctx context.Context, appKey string, specs
 		return nil, errors.Wrap(err, "could not retrieve auth key set")
 	}

-	bundles := make([]string, 0, len(specs.Apps))
-	for appKey, app := range specs.Apps {
-		path := c.getAppBundlePath(appKey, app.Format)
-		bundles = append(bundles, path)
+	mounts := make([]func(r chi.Router), 0)
+
+	authMount, err := getAuthMount(specs.Config.Auth, keySet)
+	if err != nil {
+		return nil, errors.WithStack(err)
 	}

+	if authMount != nil {
+		mounts = append(mounts, authMount)
+	}
+
+	mounts = append(mounts, appModule.Mount(c.appRepository))
+
 	bus := memory.NewBus()
 	modules := c.getAppModules(bus, db, specs, keySet)

 	options := []edgeHTTP.HandlerOptionFunc{
 		edgeHTTP.WithBus(bus),
 		edgeHTTP.WithServerModules(modules...),
+		edgeHTTP.WithHTTPMounts(mounts...),
 	}

 	return options, nil
@ -252,30 +259,7 @@ func (c *Controller) getAppModules(bus bus.Bus, db *sql.DB, spec *appSpec.Spec,
 		module.RPCModuleFactory(bus),
 		module.StoreModuleFactory(ds),
 		blob.ModuleFactory(bus, bs),
-		module.Extends(
-			auth.ModuleFactory(
-				auth.WithJWT(func() (jwk.Set, error) {
-					return keySet, nil
-				}),
-			),
-			func(o *goja.Object) {
-				if err := o.Set("CLAIM_TENANT", "arcad_tenant"); err != nil {
-					panic(errors.New("could not set 'CLAIM_TENANT' property"))
-				}
-
-				if err := o.Set("CLAIM_ENTRYPOINT", "arcad_entrypoint"); err != nil {
-					panic(errors.New("could not set 'CLAIM_ENTRYPOINT' property"))
-				}
-
-				if err := o.Set("CLAIM_ROLE", "arcad_role"); err != nil {
-					panic(errors.New("could not set 'CLAIM_ROLE' property"))
-				}
-
-				if err := o.Set("CLAIM_PREFERRED_USERNAME", "preferred_username"); err != nil {
-					panic(errors.New("could not set 'CLAIM_PREFERRED_USERNAME' property"))
-				}
-			},
-		),
+		authModuleFactory(keySet),
 		appModule.ModuleFactory(c.appRepository),
 		fetchModule.ModuleFactory(bus),
 	}
--- a/internal/agent/controller/app/app_repository.go
+++ b/internal/agent/controller/app/app_repository.go
@ -2,6 +2,7 @@ package app

 import (
 	"context"
+	"sort"
 	"sync"

 	"forge.cadoles.com/arcad/edge/pkg/app"
@ -77,6 +78,8 @@ func (r *AppRepository) List(ctx context.Context) ([]*app.Manifest, error) {
 		manifests = append(manifests, manifest)
 	}

+	sort.Sort(ByID(manifests))
+
 	return manifests, nil
 }

@ -126,3 +129,9 @@ func NewAppRepository() *AppRepository {
 }

 var _ appModule.Repository = &AppRepository{}
+
+type ByID []*app.Manifest
+
+func (a ByID) Len() int           { return len(a) }
+func (a ByID) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a ByID) Less(i, j int) bool { return a[i].ID > a[j].ID }
--- a/internal/agent/controller/app/auth_module.go
+++ b/internal/agent/controller/app/auth_module.go
@ -0,0 +1,93 @@
+package app
+
+import (
+	"time"
+
+	"forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
+	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"forge.cadoles.com/arcad/edge/pkg/module"
+	"forge.cadoles.com/arcad/edge/pkg/module/auth"
+	authModule "forge.cadoles.com/arcad/edge/pkg/module/auth"
+	authHTTP "forge.cadoles.com/arcad/edge/pkg/module/auth/http"
+	"github.com/dop251/goja"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/pkg/errors"
+)
+
+const (
+	RoleVisitor    string = "visitor"
+	RoleUser       string = "user"
+	RoleSuperuser  string = "superuser"
+	RoleAdmin      string = "admin"
+	RoleSuperadmin string = "superadmin"
+)
+
+func authModuleFactory(keySet jwk.Set) app.ServerModuleFactory {
+	return module.Extends(
+		authModule.ModuleFactory(
+			authModule.WithJWT(func() (jwk.Set, error) {
+				return keySet, nil
+			}),
+		),
+		func(o *goja.Object) {
+			if err := o.Set("ROLE_VISITOR", RoleVisitor); err != nil {
+				panic(errors.New("could not set 'ROLE_VISITOR' property"))
+			}
+
+			if err := o.Set("ROLE_USER", RoleUser); err != nil {
+				panic(errors.New("could not set 'ROLE_USER' property"))
+			}
+
+			if err := o.Set("ROLE_SUPERUSER", RoleSuperuser); err != nil {
+				panic(errors.New("could not set 'ROLE_SUPERUSER' property"))
+			}
+
+			if err := o.Set("ROLE_ADMIN", RoleAdmin); err != nil {
+				panic(errors.New("could not set 'ROLE_ADMIN' property"))
+			}
+
+			if err := o.Set("ROLE_SUPERADMIN", RoleSuperadmin); err != nil {
+				panic(errors.New("could not set 'ROLE_SUPERADMIN' property"))
+			}
+		},
+	)
+}
+
+func getAuthMount(auth *spec.Auth, keySet jwk.Set) (auth.MountFunc, error) {
+	switch {
+	case auth.Local != nil:
+		var rawKey any = auth.Local.Key
+		if strKey, ok := rawKey.(string); ok {
+			rawKey = []byte(strKey)
+		}
+
+		key, err := jwk.FromRaw(rawKey)
+		if err != nil {
+			return nil, errors.WithStack(err)
+		}
+
+		cookieDuration := defaultCookieDuration
+		if auth.Local.CookieDuration != "" {
+			cookieDuration, err = time.ParseDuration(auth.Local.CookieDuration)
+			if err != nil {
+				return nil, errors.WithStack(err)
+			}
+		}
+
+		return authModule.Mount(
+			authHTTP.NewLocalHandler(
+				jwa.HS256, key,
+				authHTTP.WithRoutePrefix("/auth"),
+				authHTTP.WithAccounts(auth.Local.Accounts...),
+				authHTTP.WithCookieOptions(getCookieDomain, cookieDuration),
+			),
+			authModule.WithJWT(func() (jwk.Set, error) {
+				return keySet, nil
+			}),
+		), nil
+
+	default:
+		return nil, nil
+	}
+}
--- a/internal/agent/controller/app/controller.go
+++ b/internal/agent/controller/app/controller.go
@ -9,6 +9,7 @@ import (

 	"forge.cadoles.com/Cadoles/emissary/internal/agent"
 	"forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
+	"forge.cadoles.com/arcad/edge/pkg/app"
 	"forge.cadoles.com/arcad/edge/pkg/bundle"
 	"github.com/mitchellh/hashstructure/v2"
 	"github.com/pkg/errors"
@ -276,7 +277,21 @@ func (c *Controller) ensureAppBundle(ctx context.Context, appID string, spec spe
 		return nil, "", errors.WithStack(err)
 	}

-	return bdle, "", nil
+	manifest, err := app.LoadManifest(bdle)
+	if err != nil {
+		return nil, "", errors.WithStack(err)
+	}
+
+	valid, err := validateManifest(manifest)
+	if err != nil {
+		return nil, "", errors.WithStack(err)
+	}
+
+	if !valid {
+		return nil, "", errors.New("bundle's manifest is invalid")
+	}
+
+	return bdle, spec.SHA256Sum, nil
 }

 func (c *Controller) downloadFile(url string, sha256sum string, dest string) error {
--- a/internal/agent/controller/app/manifest.go
+++ b/internal/agent/controller/app/manifest.go
@ -0,0 +1,19 @@
+package app
+
+import (
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"forge.cadoles.com/arcad/edge/pkg/app/metadata"
+	"github.com/pkg/errors"
+)
+
+func validateManifest(manifest *app.Manifest) (bool, error) {
+	valid, err := manifest.Validate(
+		metadata.WithMinimumRoleValidator(RoleVisitor, RoleUser, RoleSuperuser, RoleAdmin, RoleSuperadmin),
+		metadata.WithNamedPathsValidator(metadata.NamedPathAdmin, metadata.NamedPathIcon),
+	)
+	if err != nil {
+		return false, errors.WithStack(err)
+	}
+
+	return valid, nil
+}
--- a/internal/agent/controller/app/server.go
+++ b/internal/agent/controller/app/server.go
@ -12,14 +12,11 @@ import (
 	appSpec "forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
 	"forge.cadoles.com/Cadoles/emissary/internal/proxy/wildcard"
 	edgeHTTP "forge.cadoles.com/arcad/edge/pkg/http"
-	authHTTP "forge.cadoles.com/arcad/edge/pkg/module/auth/http"
 	"gitlab.com/wpetit/goweb/logger"

 	"forge.cadoles.com/arcad/edge/pkg/bundle"
 	"github.com/go-chi/chi/middleware"
 	"github.com/go-chi/chi/v5"
-	"github.com/lestrrat-go/jwx/v2/jwa"
-	"github.com/lestrrat-go/jwx/v2/jwk"
 	"github.com/pkg/errors"

 	_ "forge.cadoles.com/Cadoles/emissary/internal/imports/passwd"
@ -48,6 +45,7 @@ func (s *Server) Start(ctx context.Context, addr string) (err error) {
 	router := chi.NewRouter()

 	router.Use(middleware.Logger)
+	router.Use(middleware.Compress(5))

 	handler := edgeHTTP.NewHandler(s.handlerOptions...)
 	if err := handler.Load(s.bundle); err != nil {
@ -61,12 +59,6 @@ func (s *Server) Start(ctx context.Context, addr string) (err error) {
 				s.config.UnexpectedHostRedirect.AcceptedHostPatterns...,
 			))
 		}
-
-		if s.config.Auth != nil {
-			if err := s.configureAuth(router, s.config.Auth); err != nil {
-				return errors.WithStack(err)
-			}
-		}
 	}

 	router.Handle("/*", handler)
@ -135,38 +127,6 @@ func (s *Server) Stop() error {
 	return nil
 }

-func (s *Server) configureAuth(router chi.Router, auth *spec.Auth) error {
-	switch {
-	case auth.Local != nil:
-		var rawKey any = auth.Local.Key
-		if strKey, ok := rawKey.(string); ok {
-			rawKey = []byte(strKey)
-		}
-
-		key, err := jwk.FromRaw(rawKey)
-		if err != nil {
-			return errors.WithStack(err)
-		}
-
-		cookieDuration := defaultCookieDuration
-		if auth.Local.CookieDuration != "" {
-			cookieDuration, err = time.ParseDuration(auth.Local.CookieDuration)
-			if err != nil {
-				return errors.WithStack(err)
-			}
-		}
-
-		router.Handle("/auth/*", authHTTP.NewLocalHandler(
-			jwa.HS256, key,
-			authHTTP.WithRoutePrefix("/auth"),
-			authHTTP.WithAccounts(auth.Local.Accounts...),
-			authHTTP.WithCookieOptions(getCookieDomain, cookieDuration),
-		))
-	}
-
-	return nil
-}
-
 func NewServer(bundle bundle.Bundle, config *spec.Config, handlerOptions ...edgeHTTP.HandlerOptionFunc) *Server {
 	return &Server{
 		bundle:         bundle,
--- a/internal/datastore/sqlite/agent_repository.go
+++ b/internal/datastore/sqlite/agent_repository.go
@ -20,9 +20,24 @@ type AgentRepository struct {

 // DeleteSpec implements datastore.AgentRepository.
 func (r *AgentRepository) DeleteSpec(ctx context.Context, agentID datastore.AgentID, name string) error {
-	query := `DELETE FROM specs WHERE agent_id = $1 AND name = $2`
+	err := r.withTx(ctx, func(tx *sql.Tx) error {
+		exists, err := r.agentExists(ctx, tx, agentID)
+		if err != nil {
+			return errors.WithStack(err)
+		}

-	_, err := r.db.ExecContext(ctx, query, agentID, name)
+		if !exists {
+			return errors.WithStack(datastore.ErrNotFound)
+		}
+
+		query := `DELETE FROM specs WHERE agent_id = $1 AND name = $2`
+
+		if _, err = tx.ExecContext(ctx, query, agentID, name); err != nil {
+			return errors.WithStack(err)
+		}
+
+		return nil
+	})
 	if err != nil {
 		return errors.WithStack(err)
 	}
@ -34,41 +49,57 @@ func (r *AgentRepository) DeleteSpec(ctx context.Context, agentID datastore.Agen
 func (r *AgentRepository) GetSpecs(ctx context.Context, agentID datastore.AgentID) ([]*datastore.Spec, error) {
 	specs := make([]*datastore.Spec, 0)

-	query := `
+	err := r.withTx(ctx, func(tx *sql.Tx) error {
+		exists, err := r.agentExists(ctx, tx, agentID)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		if !exists {
+			return errors.WithStack(datastore.ErrNotFound)
+		}
+
+		query := `
 		SELECT id, name, revision, data, created_at, updated_at
 		FROM specs
 		WHERE agent_id = $1
-	`
+		`

-	rows, err := r.db.QueryContext(ctx, query, agentID)
+		rows, err := tx.QueryContext(ctx, query, agentID)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		defer func() {
+			if err := rows.Close(); err != nil {
+				logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
+			}
+		}()
+
+		for rows.Next() {
+			spec := &datastore.Spec{}
+
+			data := JSONMap{}
+
+			if err := rows.Scan(&spec.ID, &spec.Name, &spec.Revision, &data, &spec.CreatedAt, &spec.UpdatedAt); err != nil {
+				return errors.WithStack(err)
+			}
+
+			spec.Data = data
+
+			specs = append(specs, spec)
+		}
+
+		if err := rows.Err(); err != nil {
+			return errors.WithStack(err)
+		}
+
+		return nil
+	})
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}

-	defer func() {
-		if err := rows.Close(); err != nil {
-			logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
-		}
-	}()
-
-	for rows.Next() {
-		spec := &datastore.Spec{}
-
-		data := JSONMap{}
-
-		if err := rows.Scan(&spec.ID, &spec.Name, &spec.Revision, &data, &spec.CreatedAt, &spec.UpdatedAt); err != nil {
-			return nil, errors.WithStack(err)
-		}
-
-		spec.Data = data
-
-		specs = append(specs, spec)
-	}
-
-	if err := rows.Err(); err != nil {
-		return nil, errors.WithStack(err)
-	}
-
 	return specs, nil
 }

@ -77,6 +108,15 @@ func (r *AgentRepository) UpdateSpec(ctx context.Context, agentID datastore.Agen
 	spec := &datastore.Spec{}

 	err := r.withTx(ctx, func(tx *sql.Tx) error {
+		exists, err := r.agentExists(ctx, tx, agentID)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		if !exists {
+			return errors.WithStack(datastore.ErrNotFound)
+		}
+
 		now := time.Now().UTC()

 		query := `
@ -96,7 +136,7 @@ func (r *AgentRepository) UpdateSpec(ctx context.Context, agentID datastore.Agen

 		data := JSONMap{}

-		err := row.Scan(&spec.ID, &spec.Name, &spec.Revision, &data, &spec.CreatedAt, &spec.UpdatedAt)
+		err = row.Scan(&spec.ID, &spec.Name, &spec.Revision, &data, &spec.CreatedAt, &spec.UpdatedAt)
 		if err != nil {
 			if errors.Is(err, sql.ErrNoRows) {
 				return errors.WithStack(datastore.ErrUnexpectedRevision)
@ -472,8 +512,28 @@ func (r *AgentRepository) Update(ctx context.Context, id datastore.AgentID, opts
 	return agent, nil
 }

+func (r *AgentRepository) agentExists(ctx context.Context, tx *sql.Tx, agentID datastore.AgentID) (bool, error) {
+	row := tx.QueryRowContext(ctx, `SELECT count(id) FROM agents WHERE id = $1`, agentID)
+
+	var count int
+
+	if err := row.Scan(&count); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return false, errors.WithStack(datastore.ErrNotFound)
+		}
+
+		return false, errors.WithStack(err)
+	}
+
+	if count == 0 {
+		return false, errors.WithStack(datastore.ErrNotFound)
+	}
+
+	return true, nil
+}
+
 func (r *AgentRepository) withTx(ctx context.Context, fn func(*sql.Tx) error) error {
-	tx, err := r.db.Begin()
+	tx, err := r.db.BeginTx(ctx, nil)
 	if err != nil {
 		return errors.WithStack(err)
 	}
--- a/internal/datastore/sqlite/agent_repository_test.go
+++ b/internal/datastore/sqlite/agent_repository_test.go
@ -0,0 +1,46 @@
+package sqlite
+
+import (
+	"database/sql"
+	"fmt"
+	"os"
+	"testing"
+	"time"
+
+	"forge.cadoles.com/Cadoles/emissary/internal/datastore/testsuite"
+	"forge.cadoles.com/Cadoles/emissary/internal/migrate"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+
+	_ "modernc.org/sqlite"
+)
+
+func TestSQLiteAgentRepository(t *testing.T) {
+	logger.SetLevel(logger.LevelDebug)
+
+	file := "testdata/agent_repository_test.sqlite"
+
+	if err := os.Remove(file); err != nil && !errors.Is(err, os.ErrNotExist) {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	dsn := fmt.Sprintf("%s?_pragma=foreign_keys(1)&_pragma=busy_timeout=%d", file, (60 * time.Second).Milliseconds())
+
+	migr, err := migrate.New("../../../migrations", "sqlite", "sqlite://"+dsn)
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	if err := migr.Up(); err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	db, err := sql.Open("sqlite", dsn)
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	repo := NewAgentRepository(db)
+
+	testsuite.TestAgentRepository(t, repo)
+}
--- a/internal/datastore/sqlite/testdata/.gitignore
+++ b/internal/datastore/sqlite/testdata/.gitignore
@ -0,0 +1 @@
+*.sqlite*
--- a/internal/datastore/testsuite/agent_repository.go
+++ b/internal/datastore/testsuite/agent_repository.go
@ -0,0 +1,14 @@
+package testsuite
+
+import (
+	"testing"
+
+	"forge.cadoles.com/Cadoles/emissary/internal/datastore"
+)
+
+func TestAgentRepository(t *testing.T, repo datastore.AgentRepository) {
+	t.Run("Cases", func(t *testing.T) {
+		t.Parallel()
+		runAgentRepositoryTests(t, repo)
+	})
+}
--- a/internal/datastore/testsuite/agent_repository_cases.go
+++ b/internal/datastore/testsuite/agent_repository_cases.go
@ -0,0 +1,129 @@
+package testsuite
+
+import (
+	"context"
+	"testing"
+
+	"forge.cadoles.com/Cadoles/emissary/internal/agent/controller/mdns/spec"
+	"forge.cadoles.com/Cadoles/emissary/internal/datastore"
+	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
+	"github.com/pkg/errors"
+)
+
+type agentRepositoryTestCase struct {
+	Name string
+	Skip bool
+	Run  func(ctx context.Context, repo datastore.AgentRepository) error
+}
+
+var agentRepositoryTestCases = []agentRepositoryTestCase{
+	{
+		Name: "Create a new agent",
+		Run: func(ctx context.Context, repo datastore.AgentRepository) error {
+			thumbprint := "foo"
+			keySet := jwk.NewSet()
+			var metadata map[string]any
+
+			agent, err := repo.Create(ctx, thumbprint, keySet, metadata)
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			if agent.CreatedAt.IsZero() {
+				return errors.Errorf("agent.CreatedAt should not be zero time")
+			}
+
+			if agent.UpdatedAt.IsZero() {
+				return errors.Errorf("agent.UpdatedAt should not be zero time")
+			}
+
+			if e, g := datastore.AgentStatusPending, agent.Status; e != g {
+				return errors.Errorf("agent.Status: expected '%v', got '%v'", e, g)
+			}
+
+			return nil
+		},
+	},
+	{
+		Name: "Try to update spec for an unexistant agent",
+		Run: func(ctx context.Context, repo datastore.AgentRepository) error {
+			var unexistantAgentID datastore.AgentID = 9999
+			var specData map[string]any
+
+			agent, err := repo.UpdateSpec(ctx, unexistantAgentID, string(spec.Name), 0, specData)
+			if err == nil {
+				return errors.New("error should not be nil")
+			}
+
+			if !errors.Is(err, datastore.ErrNotFound) {
+				return errors.Errorf("error should be datastore.ErrNotFound, got '%+v'", err)
+			}
+
+			if agent != nil {
+				return errors.New("agent should be nil")
+			}
+
+			return nil
+		},
+	},
+	{
+		Name: "Try to delete spec of an unexistant agent",
+		Run: func(ctx context.Context, repo datastore.AgentRepository) error {
+			var unexistantAgentID datastore.AgentID = 9999
+
+			err := repo.DeleteSpec(ctx, unexistantAgentID, string(spec.Name))
+			if err == nil {
+				return errors.New("error should not be nil")
+			}
+
+			if !errors.Is(err, datastore.ErrNotFound) {
+				return errors.Errorf("error should be datastore.ErrNotFound, got '%+v'", err)
+			}
+
+			return nil
+		},
+	},
+	{
+		Name: "Try to get specs of an unexistant agent",
+		Run: func(ctx context.Context, repo datastore.AgentRepository) error {
+			var unexistantAgentID datastore.AgentID = 9999
+
+			specs, err := repo.GetSpecs(ctx, unexistantAgentID)
+			if err == nil {
+				return errors.New("error should not be nil")
+			}
+
+			if !errors.Is(err, datastore.ErrNotFound) {
+				return errors.Errorf("error should be datastore.ErrNotFound, got '%+v'", err)
+			}
+
+			if specs != nil {
+				return errors.Errorf("specs should be nil, got '%+v'", err)
+			}
+
+			return nil
+		},
+	},
+}
+
+func runAgentRepositoryTests(t *testing.T, repo datastore.AgentRepository) {
+	for _, tc := range agentRepositoryTestCases {
+		func(tc agentRepositoryTestCase) {
+			t.Run(tc.Name, func(t *testing.T) {
+				t.Parallel()
+
+				if tc.Skip {
+					t.SkipNow()
+
+					return
+				}
+
+				ctx := context.Background()
+
+				if err := tc.Run(ctx, repo); err != nil {
+					t.Errorf("%+v", errors.WithStack(err))
+				}
+			})
+		}(tc)
+	}
+}
--- a/internal/migrate/migrate.go
+++ b/internal/migrate/migrate.go
@ -2,7 +2,6 @@ package migrate

 import (
 	"fmt"
-	"log"

 	"github.com/golang-migrate/migrate/v4"
 	_ "github.com/golang-migrate/migrate/v4/database/postgres"
@ -23,8 +22,6 @@ func New(migrationDir, driver, dsn string) (*migrate.Migrate, error) {
 		fmt.Sprintf("file://%s/%s", migrationDir, driver),
 		dsn,
 	)
-
-	log.Println(migrationDir, driver, dsn)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
--- a/internal/server/spec_api.go
+++ b/internal/server/spec_api.go
@ -58,6 +58,12 @@ func (s *Server) updateSpec(w http.ResponseWriter, r *http.Request) {
 		updateSpecReq.SpecData(),
 	)
 	if err != nil {
+		if errors.Is(err, datastore.ErrNotFound) {
+			api.ErrorResponse(w, http.StatusNotFound, ErrCodeNotFound, nil)
+
+			return
+		}
+
 		if errors.Is(err, datastore.ErrUnexpectedRevision) {
 			api.ErrorResponse(w, http.StatusConflict, ErrCodeUnexpectedRevision, nil)

@ -87,6 +93,12 @@ func (s *Server) getAgentSpecs(w http.ResponseWriter, r *http.Request) {

 	specs, err := s.agentRepo.GetSpecs(ctx, agentID)
 	if err != nil {
+		if errors.Is(err, datastore.ErrNotFound) {
+			api.ErrorResponse(w, http.StatusNotFound, ErrCodeNotFound, nil)
+
+			return
+		}
+
 		logger.Error(ctx, "could not list specs", logger.E(errors.WithStack(err)))
 		api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)

--- a/misc/spec-samples/app.emissary.cadoles.com.json
+++ b/misc/spec-samples/app.emissary.cadoles.com.json
@ -1,28 +1,16 @@
 {
    "apps": {
-        "edge.portal": {
-            "url": "https://emissary.cadol.es/files/apps/edge.portal_v2023.4.5-45546c4.zip",
-            "sha256sum": "c83e7e4b3785f5f4d3fcae7cad334819626015b11b446520aa79f42176a2744d",
-            "address": ":8082",
-            "format": "zip"
-        },
        "app.arcad.edge.hextris": {
-            "url": "https://emissary.cadol.es/files/apps/app.arcad.edge.hextris_v2023.3.22-33ece28.zip",
-            "sha256sum": "5f9f3c8d6f22796beb051d747d7ff12efa17af9d1552c0ab08baef13703a2aba",
+            "url": "https://emissary.cadol.es/files/apps/app.arcad.edge.hextris_v2023.4.20-2bbbe94.zip",
+            "sha256sum": "67942ef4b623c46308c3f640b534bd4cb6b1d6021a422e40b62ab97658ba4586",
            "address": ":8083",
            "format": "zip"
        },
        "edge.sdk.client.test": {
-            "url": "https://emissary.cadol.es/files/apps/edge.sdk.client.test_v2023.4.2-f08f645.zip",
-            "sha256sum": "8b48388c817802ebeb38907b3a42f1189dc0759f94c5f33de4546c1a7ebfc784",
+            "url": "https://emissary.cadol.es/files/apps/edge.sdk.client.test_v2023.4.20-20c4189.zip",
+            "sha256sum": "1edeb4aa75c1675db49cf27367b1537234a04526848ea6657931ca63f26e5dae",
            "address": ":8084",
            "format": "zip"
-        },
-        "arcad.diffusion": {
-            "url": "https://emissary.cadol.es/files/apps/arcad.diffusion_v2023.4.5-ffcd1c7.zip",
-            "sha256sum": "a51a961212470ce1de4527aaaec9e8e0286a978ec675ff9df29b2029daf05a55",
-            "address": ":8085",
-            "format": "zip"
        }
    },
    "config": {
@ -48,11 +36,44 @@
                        "algo": "plain",
                        "password": "admin",
                        "claims": {
-                            "arcad_role": "admin",
-                            "arcad_tenant": "x86",
+                            "edge_role": "admin",
+                            "edge_tenant": "emissary-dev",
                            "preferred_username": "Admin",
                            "sub": "admin"
                        }
+                    },
+                    {
+                        "username": "superadmin",
+                        "algo": "plain",
+                        "password": "superadmin",
+                        "claims": {
+                            "edge_role": "superadmin",
+                            "edge_tenant": "emissary-dev",
+                            "preferred_username": "SuperAdmin",
+                            "sub": "superadmin"
+                        }
+                    },
+                    {
+                        "username": "user",
+                        "algo": "plain",
+                        "password": "user",
+                        "claims": {
+                            "edge_role": "user",
+                            "edge_tenant": "emissary-dev",
+                            "preferred_username": "User",
+                            "sub": "user"
+                        }
+                    },
+                    {
+                        "username": "superuser",
+                        "algo": "plain",
+                        "password": "superuser",
+                        "claims": {
+                            "edge_role": "superuser",
+                            "edge_tenant": "emissary-dev",
+                            "preferred_username": "SuperUser",
+                            "sub": "superuser"
+                        }
                    }
                ]
            }
Author	SHA1	Message	Date
William Petit	ef3048b005	feat(controller,app): use new edge new mountpoints api All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-20 12:23:17 +02:00
William Petit	51e1dc3b2d	fix(server,api): return 'not found' errors	2023-04-20 12:22:30 +02:00
William Petit	3d01cf0f93	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-20 11:01:04 +02:00
William Petit	bb03b3a54a	feat(controller,app): compress http responses Some checks reported errors arcad/emissary/pipeline/head Something is wrong with the build of this commit Details	2023-04-20 10:59:27 +02:00
William Petit	813f837291	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-14 16:29:09 +02:00
William Petit	ed35ee5002	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-13 13:48:33 +02:00
William Petit	4b5bc0bc82	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-13 12:08:13 +02:00
William Petit	dee62184b9	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-13 11:35:51 +02:00
William Petit	76656e8dbf	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-13 11:28:22 +02:00
William Petit	41b1619fc1	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-13 11:05:12 +02:00
William Petit	35d5ee868f	chore: update sample specs All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-12 11:10:11 +02:00
William Petit	765257b4b1	feat(datastore): add basic testsuite for agent repository Some checks reported errors arcad/emissary/pipeline/head Something is wrong with the build of this commit Details	2023-04-12 11:09:53 +02:00
William Petit	2315ee7b61	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-11 15:11:15 +02:00
William Petit	86a6d81e1d	chore: execute tests before commit on edge lib update All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-11 12:06:16 +02:00
William Petit	c4427dfd2b	feat(controller,app): sort apps by id	2023-04-11 12:05:51 +02:00
William Petit	280b0fbd50	feat(controller,app): validate app manifests on app load	2023-04-11 12:05:19 +02:00
William Petit	8fb86c600f	feat: update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-11 11:13:41 +02:00
William Petit	12f8b3aa25	chore: add task to update arcad/edge dependency All checks were successful arcad/emissary/pipeline/head This commit looks good Details	2023-04-06 20:56:43 +02:00
William Petit	2d2dc29c84	feat: update arcad/edge dependency	2023-04-06 20:56:00 +02:00