Merge branch 'main' into has2be-sign-certificate

.github/workflows/gateway.yml

@@ -32,7 +32,7 @@ jobs:
     - name: Run Gosec Security Scanner
       run: |
         go install github.com/securego/gosec/v2/cmd/gosec@latest
-        gosec ./...
+        gosec -exclude-generated ./...
     - name: Test & Coverage
       run: | 
         go test ./... -coverprofile=coverage.out

.github/workflows/manager.yml

@@ -32,7 +32,7 @@ jobs:
     - name: Run Gosec Security Scanner
       run: |
         go install github.com/securego/gosec/v2/cmd/gosec@latest
-        gosec ./...
+        gosec -exclude-generated ./...
     - name: Test & Coverage
       run: |
         go test ./... -coverprofile=coverage.out

.pre-commit-config.yaml

@@ -30,6 +30,6 @@ repos:
       - id: go-fmt
       - id: go-staticcheck-mod
       - id: go-sec-mod
+        args: ["-exclude-generated", "--"]
       - id: go-build-mod
       - id: go-test-mod
-      - id: go-sec-mod

.talismanrc

@@ -6,7 +6,7 @@ fileignoreconfig:
   - filename: README.md
     checksum: 31e36953a79714f038a16dc3c36365434aea5237bbb5b7b3fdc4276e92edc82e
   - filename: config/envoy/envoy.yaml
-    checksum: 90b8cf1a728636d65356a9d0041cc853024f5847e903ad093a0e032279b29429
+    checksum: ecc0939110080350677a0b99d71d47f4cfb341cbcc2dedd212a52b8e350311d4
   - filename: config/manager/config.toml
     checksum: 103e08cb1d9507cbeb377f4212606e52375d2f77c079aaad7465873ebb5fdd98
   - filename: docker-compose.yml
@@ -26,11 +26,13 @@ fileignoreconfig:
   - filename: manager/api/API.md
     checksum: c111751da44c7310d6b77b76e1a5826c44cce62e47a32eaec564e86064bb1de2
   - filename: manager/api/api.gen.go
-    checksum: d32fa0bfcbaaf4e6db10c012d3de521922e83418a2121d1fa84cb81cd2277edc
+    checksum: fb9c6cf09f7864a32c38e40fb8a8598d3c6bd5c406245c6b31666c2ccb1f9e24
   - filename: manager/api/server.go
-    checksum: 22cd986022106ada9fbc8c88d41a96dbedce68e4442fe32f1ae3ac081a2bde0d
+    checksum: 98cbd1df522ea428f7e669c01721f3070133062378a4f2e4b167d55eaa8d079b
   - filename: manager/api/server_test.go
     checksum: 297c27a0f612af86cfdce543d5e4a21e60e70f4eb48b57d3c833257bb1b05647
+  - filename: manager/cmd/auth_generate_credential.go
+    checksum: 7503d0819ff60f03c7b6d82f7acc3be1b95579763f1e3d52775a539fca75d785
   - filename: manager/cmd/serve.go
     checksum: 7b5688335f7ad1b5339fc7cc8deaf08e10f42e03cbe086810d2bd70567f923c5
   - filename: manager/config/base_config_test.go
@@ -63,6 +65,12 @@ fileignoreconfig:
     checksum: 9660c626538042009cebcba874730e4222c115fdf24c9dba12c5d4601c69b613
   - filename: manager/mqtt/router.go
     checksum: 880513a5d3f0070619c4890b5aab9fcf10650afc79550a83c1ad9a986c7e7367
+  - filename: manager/ocpi/ocpi.gen.go
+    checksum: 6ca663b1e4f6ecaef87f6fadaacdebcc905ac236adf704ac9278d25e605d940d
+  - filename: manager/ocpi/register.go
+    checksum: 50b33545ae6af5356024ac1e454d20f4550a61c23ffd380c7e8b10dbe403812d
+  - filename: manager/ocpi/server.go
+    checksum: 67cefb85bb20fd6ebbc1587c2726472ead79d4277404f65b4ef7c218d3f9eb13
   - filename: manager/ocpp/emaid_test.go
     checksum: 9a7e7aa8c3e8c2ea5ea2ad070d4fc734c086fc796bc06148d6db891a413ed4af
   - filename: manager/ocpp/has2be/authorize_request.go
@@ -101,6 +109,8 @@ fileignoreconfig:
     checksum: bc9281581eab4a81329e8c5426a4768361f0aa8022c865b5cfca4b4b85bbaee6
   - filename: manager/schemas/ocpp201/TransactionEventResponse.json
     checksum: 30e812e60ae4c19b31bc91b1214057cb2dca6e346967250d912cd108a44322d2
+  - filename: manager/server/ocpi.go
+    checksum: 3678a916dbab5a3bc0384c088cafbf9720081df0d8bd7478d17ae3098c6b9af8
   - filename: manager/services/certificate_validation.go
     checksum: c56dba57d1502acbecb680f97f6efbbd42fda3fde3ca5f54e63da883684db610
   - filename: manager/services/certificate_validation_hubject_test.go

config/envoy/envoy.yaml

@@ -36,6 +36,18 @@ static_resources:
                 "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
                 stat_prefix: destination
                 cluster: manager_api
+    - name: listener_ocpi_api
+      address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 9411
+      filter_chains:
+        - filters:
+            - name: envoy.filters.network.tcp_proxy
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+                stat_prefix: destination
+                cluster: ocpi_api
   clusters:
     - name: gateway_ws
       connect_timeout: 30s
@@ -75,4 +87,17 @@ static_resources:
                   address:
                     socket_address:
                       address: manager
-                      port_value: 9410
+                      port_value: 9410
+    - name: ocpi_api
+      connect_timeout: 30s
+      type: LOGICAL_DNS
+      dns_lookup_family: V4_ONLY
+      load_assignment:
+        cluster_name: manager
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: manager
+                      port_value: 9411

config/manager/config.toml

@@ -4,6 +4,12 @@ addr = ":9410"
 [mqtt]
 urls = ["mqtt://mqtt:1883"]
 
+[ocpi]
+addr = ":9411"
+external_url = "http://localhost:9411"
+country_code = "GB"
+party_id = "TWK"
+
 [storage]
 type = "firestore"
 firestore.project_id = "*detect-project-id*"

docker-compose.yml

@@ -37,6 +37,7 @@ services:
       - "80:80"
       - "443:443"
       - "9410:9410"
+      - "9411:9411"
 
   gateway:
     build:
@@ -104,6 +105,7 @@ services:
         read_only: true
     expose:
       - "9410"
+      - "9411"
     healthcheck:
       test: ["CMD", "/usr/bin/curl", "-s", "--fail", "http://localhost:9410/health"]
       interval: 10s

manager/api/API.md

@@ -440,6 +440,56 @@ of the DER bytes.
 This operation does not require authentication
 </aside>
 
+## registerParty
+
+<a id="opIdregisterParty"></a>
+
+`POST /register`
+
+*Registers an OCPI party with the CSMS*
+
+Registers an OCPI party with the CSMS. Depending on the configuration provided the CSMS will
+either initiate a registration with the party or the party will wait for the party to initiate 
+a registration with the CSMS.
+
+> Body parameter
+
+```json
+{
+  "token": "string",
+  "url": "http://example.com",
+  "status": "PENDING"
+}
+```
+
+<h3 id="registerparty-parameters">Parameters</h3>
+
+|Name|In|Type|Required|Description|
+|---|---|---|---|---|
+|body|body|[Registration](#schemaregistration)|true|none|
+
+> Example responses
+
+> default Response
+
+```json
+{
+  "status": "string",
+  "error": "string"
+}
+```
+
+<h3 id="registerparty-responses">Responses</h3>
+
+|Status|Meaning|Description|Schema|
+|---|---|---|---|
+|201|[Created](https://tools.ietf.org/html/rfc7231#section-6.3.2)|Created|None|
+|default|Default|Unexpected error|[Status](#schemastatus)|
+
+<aside class="success">
+This operation does not require authentication
+</aside>
+
 # Schemas
 
 <h2 id="tocS_ChargeStationAuth">ChargeStationAuth</h2>
@@ -569,3 +619,36 @@ A client certificate
 |---|---|---|---|---|
 |certificate|string|true|none|The PEM encoded certificate with newlines replaced by `\n`|
 
+<h2 id="tocS_Registration">Registration</h2>
+<!-- backwards compatibility -->
+<a id="schemaregistration"></a>
+<a id="schema_Registration"></a>
+<a id="tocSregistration"></a>
+<a id="tocsregistration"></a>
+
+```json
+{
+  "token": "string",
+  "url": "http://example.com",
+  "status": "PENDING"
+}
+
+```
+
+Defines the initial connection details for the OCPI registration process
+
+### Properties
+
+|Name|Type|Required|Restrictions|Description|
+|---|---|---|---|---|
+|token|string|true|none|The token to use for communicating with the eMSP (CREDENTIALS_TOKEN_A).|
+|url|string(uri)|false|none|The URL of the eMSP versions endpoint. If provided the CSMS will act as the sender of the versions request.|
+|status|string|false|none|The status of the registration request. If the request is marked as `REGISTERED` then the token will be allowed to<br>be used to access all endpoints avoiding the need for the OCPI registration process. If the request is marked as <br>`PENDING` then the token will only be allowed to access the `/ocpi/versions`, `/ocpi/2.2` and `/ocpi/2.2/credentials`<br>endpoints.|
+
+#### Enumerated Values
+
+|Property|Value|
+|---|---|
+|status|PENDING|
+|status|REGISTERED|
+

manager/api/api-spec.yaml

@@ -245,6 +245,29 @@ paths:
             "application/json":
               schema:
                 $ref: "#/components/schemas/Status"
+  /register:
+    post:
+      summary: "Registers an OCPI party with the CSMS"
+      description: |
+        Registers an OCPI party with the CSMS. Depending on the configuration provided the CSMS will
+        either initiate a registration with the party or the party will wait for the party to initiate 
+        a registration with the CSMS.
+      operationId: "registerParty"
+      requestBody:
+        required: true
+        content:
+          "application/json":
+            schema:
+              $ref: "#/components/schemas/Registration"
+      responses:
+        "201":
+          description: "Created"
+        default:
+          description: "Unexpected error"
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Status"
 components:
   schemas:
     ChargeStationAuth:
@@ -354,3 +377,32 @@ components:
         certificate:
           type: "string"
           description: "The PEM encoded certificate with newlines replaced by `\\n`"
+    Registration:
+      type: "object"
+      description: "Defines the initial connection details for the OCPI registration process"
+      properties:
+        token:
+          type: "string"
+          maxLength: 64
+          description: "The token to use for communicating with the eMSP (CREDENTIALS_TOKEN_A)."
+        url:
+          type: "string"
+          format: "uri"
+          description: "The URL of the eMSP versions endpoint. If provided the CSMS will act as the sender of the versions request."
+        status:
+          type: "string"
+          enum:
+            - "PENDING"
+            - "REGISTERED"
+          description: |
+            The status of the registration request. If the request is marked as `REGISTERED` then the token will be allowed to
+            be used to access all endpoints avoiding the need for the OCPI registration process. If the request is marked as 
+            `PENDING` then the token will only be allowed to access the `/ocpi/versions`, `/ocpi/2.2` and `/ocpi/2.2/credentials`
+            endpoints.
+      required:
+        - token
+
+
+
+
+