add edgevieew into EVE and additional itemss in API

Signed-off-by: Naiming Shen <naiming@zededa.com>

api/proto/config/edgeview.proto

@@ -17,6 +17,10 @@ message EdgeViewConfig {
     DevDebugAccessPolicy dev_policy = 3;
     // policy access for apps through edge-view
     AppDebugAccessPolicy app_policy = 4;
+    // policy access for external endpoint through edge-view
+    ExternalEndPointPolicy ext_policy = 5;
+    // Generation ID for re-start edgeview without parameter changes
+    uint32 generation_id = 6;
 }
 
 // Dev debug policy applicable to edge-view
@@ -30,3 +34,12 @@ message AppDebugAccessPolicy {
     // app side of edge-view access is allowed or not
     bool allow_app = 1;
 }
+
+// External Endpoint applicable to edge-view
+// To mean the entity external to the device, e.g. a local-profile server on the LAN outside of mgmt
+// or app-shared ports. since it's not part of EVE, and not part of EVE applications. In the EdgeView code,
+// if tcp session setup is to an address we don't have, it identifies the request as 'external'
+message ExternalEndPointPolicy {
+    // external of device side of edge-view access is allowed or not
+    bool allow_ext = 1;
+}

api/proto/info/info.proto

@@ -1083,6 +1083,8 @@ message ZInfoEdgeview {
   uint32 count_dev = 3;
   // total number of app related cmds edge-view has processed
   uint32 count_app = 4;
+  // total number of external related cmds edge-view has processed
+  uint32 count_ext = 5;
 }
 
 // LocReliability - reliability of location information.

images/rootfs.yml.in

@@ -30,6 +30,10 @@ services:
      image: NEWLOGD_TAG
      cgroupsPath: /eve/services/eve-newlog
      oomScoreAdj: -999
+   - name: edgeview
+     image: EDGEVIEW_TAG
+     cgroupsPath: /eve/services/eve-edgeview
+     oomScoreAdj: -800
    - name: debug
      image: DEBUG_TAG
      cgroupsPath: /eve/services/debug

pkg/edgeview/Makefile

@@ -3,7 +3,7 @@
 # github build process may want to push the image into certain docker repository
 #
 eve-edgeview:
-	docker build -f Dockerfile -t lf-edge/eve-edgeview .
+	docker build -f Dockerfile -t lfedge/eve-edgeview .
 
 #
 # build the websocket server/dispatcher, should compile on a machine in the

pkg/pillar/cmd/zedagent/handlemetrics.go

@@ -1406,6 +1406,7 @@ func PublishEdgeviewToZedCloud(ctx *zedagentContext, evStatus *types.EdgeviewSta
 		ReportEvInfo.StartedTime = startTime
 		ReportEvInfo.CountDev = evStatus.CmdCountDev
 		ReportEvInfo.CountApp = evStatus.CmdCountApp
+		ReportEvInfo.CountExt = evStatus.CmdCountExt
 	}
 
 	ReportInfo.InfoContent = new(info.ZInfoMsg_Evinfo)

pkg/pillar/cmd/zedagent/parseedgeview.go

@@ -229,6 +229,28 @@ func addEvFiles(evConfig types.EdgeviewConfig, params []string) error {
 		return err
 	}
 
+	// write ext policy
+	extbytes, err := json.Marshal(evConfig.ExtPolicy)
+	if err != nil {
+		log.Errorf("json marshal failed: %v", err)
+		return err
+	}
+
+	_, err = f.WriteString(types.EdgeViewExtPolicyPrefix + string(extbytes) + "\n")
+	if err != nil {
+		log.Errorf("file write failed: %v", err)
+		return err
+	}
+
+	// write generation-id
+	// since this new generation-id will cause the change of hash value of the configure file,
+	// it would restart the edge-view instances as the result
+	_, err = f.WriteString(types.EdgeViewGenIDPrefix + strconv.Itoa(int(evConfig.GenID)) + "\n")
+	if err != nil {
+		log.Errorf("file write failed: %v", err)
+		return err
+	}
+
 	if err = f.Close(); err != nil {
 		log.Errorf("file close failed: %v", err)
 		return err
@@ -272,11 +294,15 @@ func handleEdgeviewToken(gcp *types.ConfigItemValueMap) {
 	app := types.EvAppPolicy{
 		Enabled: true,
 	}
-
+	ext := types.EvExtPolicy{
+		Enabled: true,
+	}
 	evConfig := types.EdgeviewConfig{
 		JWToken:   edgeviewParam,
 		DevPolicy: dev,
 		AppPolicy: app,
+		ExtPolicy: ext,
+		GenID:     1,
 	}
 
 	if edgeviewParam != "" {

pkg/pillar/types/edgeviewtypes.go

@@ -27,6 +27,10 @@ const (
 	EdgeViewDevPolicyPrefix = "EvDevPolicy:"
 	// EdgeViewAppPolicyPrefix - Edgeview application policy prefix string
 	EdgeViewAppPolicyPrefix = "EvAppPolicy:"
+	// EdgeViewExtPolicyPrefix - Edgeview external policy prefix string
+	EdgeViewExtPolicyPrefix = "EvExtPolicy:"
+	// EdgeViewGenIDPrefix - Edgeview generation-ID prefix string
+	EdgeViewGenIDPrefix = "EvGenID:"
 
 	// EdgeviewJWTAlgo - JWT algorithm string
 	EdgeviewJWTAlgo = "ES256"
@@ -43,6 +47,8 @@ type EdgeviewConfig struct {
 	DispCertPEM [][]byte    // dispatcher certificates
 	DevPolicy   EvDevPolicy // device policy
 	AppPolicy   EvAppPolicy // app policy
+	ExtPolicy   EvExtPolicy // external policy
+	GenID       uint32      // number of time started
 }
 
 // EvDevPolicy - edge-view policy for device access
@@ -59,6 +65,13 @@ type EvAppPolicy struct {
 	Enabled bool `json:"enabled"` // allow access to apps
 }
 
+// EvExtPolicy - edge-view policy for external access
+// the 'Enabled' controls all external access is allowed or not
+// With Enable Ext, can expend later for other policies
+type EvExtPolicy struct {
+	Enabled bool `json:"enabled"` // allow access to external end-points
+}
+
 // EvjwtAlgo - jwt algorithm
 // JWT token for edgeview
 // JWT has 3 portion of items separated by '.' using base64url without padding,
@@ -89,6 +102,7 @@ type EdgeviewStatus struct {
 	StartedOn   time.Time // edge-view process started on timestamp
 	CmdCountDev uint32    // total edge-view dev related commands performed
 	CmdCountApp uint32    // total edge-view app related commands performed
+	CmdCountExt uint32    // total edge-view ext related commands performed
 }
 
 // Key is global for edgeview for now