Implements all of the Alloy components (#4)

* docs: Add README, development notes
* examples: add sample config, image assets
* Update Makefile, CI linter, pull request template
* internal/model: define Asset, AssetDevice, Config structs
* app: App holds attributes to initialize Alloy
* internal/asset: Asset getter interface and csv implemention
* internal/fixtures: add emapi getter mock implementation
* internal/asset/emapi: emapi asset getter implementation
* internal/collect: define interface, errors
* internal/fixtures: add device mock data, returned by a collector
* internal/fixtures: add out of band fixture data for tests
* internal/fixtures: add inband fixture data for tests
* internal/collect/inband: implement inband inventory collector
* internal/collect/inband: implement out of band inventory collector
* internal/fixtures: add asset getter mock implementation
* internal/publish: define interface and implement stdout publisher
* internal/publisher: implement hollow publisher
* internal/fixtures: add hollow service mock data
* cmd: cli commands and inband cli command
* cmd/outofband: implement outofband cli command
* purge bin file
* docs: a directory for docs and related files
* .gitignore: ignore alloy binary
* cmd/outofband: follow camelcase convention for struct name
* replace all references and variable names from hollow to serverService
* clear unused global vars and add proper method comments
* go: update to upstream bmclib v2 release; switch to Go 1.18
* CI: update dockerfile for alloy inband build
* ci: disable CODEQL scanning until repository is public
* ci: build alloy docker image as alloy-inband
* README: stick with short flag options in the examples

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,11 +1,11 @@
-# What does this PR do
+#### What does this PR do
 
-# The HW vendor this change applies to (if applicable)
+#### The HW vendor this change applies to (if applicable)
 
-# The HW model number, product name this change applies to (if applicable)
+#### The HW model number, product name this change applies to (if applicable)
 
-# The BMC firmware and/or BIOS versions that this change applies to (if applicable)
+#### The BMC firmware and/or BIOS versions that this change applies to (if applicable)
 
-# What version of tooling - vendor specific or opensource does this change depend on (if applicable)
+#### What version of tooling - vendor specific or opensource does this change depend on (if applicable)
 
-# How can this change be tested by a PR reviewer?
+#### How can this change be tested by a PR reviewer?

.github/workflows/codeql-analysis.yml

@@ -1,72 +1,72 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
+## For most projects, this workflow file will not need changing; you simply need
+## to commit it to your repository.
+##
+## You may wish to alter this file to override the set of languages analyzed,
+## or to provide custom queries or build logic.
+##
+## ******** NOTE ********
+## We have attempted to detect the languages in your repository. Please check
+## the `language` matrix defined below to confirm you have the correct set of
+## supported CodeQL languages.
+##
+#name: "CodeQL"
 #
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
+#on:
+#  push:
+#    branches: [ main ]
+#  pull_request:
+#    # The branches below must be a subset of the branches above
+#    branches: [ main ]
+#  schedule:
+#    - cron: '34 3 * * 0'
 #
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
+#jobs:
+#  analyze:
+#    name: Analyze
+#    runs-on: ubuntu-latest
+#    permissions:
+#      actions: read
+#      contents: read
+#      security-events: write
 #
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
-  schedule:
-    - cron: '34 3 * * 0'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'go' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #   echo "Run, Build Application using script"
-    #   ./location_of_script_within_repo/buildscript.sh
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+#    strategy:
+#      fail-fast: false
+#      matrix:
+#        language: [ 'go' ]
+#        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+#        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+#
+#    steps:
+#    - name: Checkout repository
+#      uses: actions/checkout@v3
+#
+#    # Initializes the CodeQL tools for scanning.
+#    - name: Initialize CodeQL
+#      uses: github/codeql-action/init@v2
+#      with:
+#        languages: ${{ matrix.language }}
+#        # If you wish to specify custom queries, you can do so here or in a config file.
+#        # By default, queries listed here will override any specified in a config file.
+#        # Prefix the list here with "+" to use these queries and those in the config file.
+#
+#        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+#        # queries: security-extended,security-and-quality
+#
+#
+#    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+#    # If this step fails, then you should remove it and run the build manually (see below)
+#    - name: Autobuild
+#      uses: github/codeql-action/autobuild@v2
+#
+#    # ℹ️ Command-line programs to run using the OS shell.
+#    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+#
+#    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+#    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+#
+#    # - run: |
+#    #   echo "Run, Build Application using script"
+#    #   ./location_of_script_within_repo/buildscript.sh
+#
+#    - name: Perform CodeQL Analysis
+#      uses: github/codeql-action/analyze@v2

.github/workflows/push-pr-lint.yaml

@@ -8,14 +8,14 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v3
       with:
-        go-version: '^1.17.0'
+        go-version: '1.18'
     - name: Checkout code
       uses: actions/checkout@v3
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v3
       with:
         args: --config .golangci.yml
-        version: v1.45.2
+        version: v1.46.2
     - name: Test
       run: go test ./...
   build:
@@ -28,13 +28,14 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
-      - name: Build image - no push
-        id: dockerbuild
+      - name: Build Alloy inband Docker image - no push
+        id: dockerbuild-alloy-inband
         uses: docker/build-push-action@v3
         with:
            context: .
            push: false
-           tags: ghcr.io/metal-toolbox/alloy:latest
+           tags: ghcr.io/metal-toolbox/alloy-inband:latest
+           file: Dockerfile.inband
 
       - name: Scan image
         id: scan

.github/workflows/release.yml

@@ -10,6 +10,6 @@ jobs:
   container-push-latest:
     uses: metal-toolbox/container-push/.github/workflows/container-push.yml@main
     with:
-      name: alloy
+      name: alloy-inband
       tag: latest
-      dockerfile_path: Dockerfile
+      dockerfile_path: Dockerfile.inband

.gitignore

@@ -4,7 +4,7 @@
 *.test
 
 # Application binary itself
-/fup
+/alloy
 
 *~
 .*.swp

.golangci.yml

@@ -7,6 +7,7 @@ linters-settings:
   govet:
     enable:
       - fieldalignment
+    auto-fix: true
     check-shadowing: true
     settings:
       printf:
@@ -19,8 +20,6 @@ linters-settings:
     min-confidence: 0
   gocyclo:
     min-complexity: 10
-  maligned:
-    suggest-new: true
   dupl:
     threshold: 100
   goconst:
@@ -80,17 +79,14 @@ linters:
     - stylecheck
     - whitespace
     - wsl
+    - gosec
   enable-all: false
   disable-all: true
 
 run:
-  build-tags:
-    - gingonic
+#  build-tags:
   skip-dirs:
-    - scripts
-    - docker
-    - samples
-  #modules-download-mode: vendor
+    - internal/fixtures
 
 issues:
   exclude-rules:

Dockerfile.inband

@@ -0,0 +1,7 @@
+# https://github.com/metal-toolbox/ironlib/blob/main/Dockerfile
+FROM ghcr.io/metal-toolbox/ironlib:latest
+
+COPY alloy /usr/sbin/alloy
+RUN chmod +x /usr/sbin/alloy
+
+ENTRYPOINT ["/bin/bash", "-l", "-c"]

Makefile

@@ -1,7 +1,7 @@
 export DOCKER_BUILDKIT=1
 GIT_COMMIT_FULL  := $(shell git rev-parse HEAD)
 GO_VERSION := $(shell expr `go version |cut -d ' ' -f3 |cut -d. -f2` \>= 16)
-DOCKER_REGISTRY  := "ghcr.io/metal-toolbox/alloy:latest"
+DOCKER_REGISTRY  := "ghcr.io/metal-toolbox/alloy-inband"
 REPO := "https://github.com/metal-toolbox/alloy.git"
 
 .DEFAULT_GOAL := help
@@ -12,7 +12,7 @@ lint:
 
 ## Go test
 test:
-	CGO_ENABLED=0 go test -v -covermode=atomic ./...
+	CGO_ENABLED=0 go test -timeout 30s -v -covermode=atomic ./...
 
 ## build osx bin
 build-osx:
@@ -29,17 +29,17 @@ ifeq ($(GO_VERSION), 0)
 endif
 	GOOS=linux GOARCH=amd64 go build -o alloy
 
-## build docker image and tag as ghcr.io/metal-toolbox/alloy:latest
-build-image:
+## build docker image and tag as ghcr.io/metal-toolbox/alloy-inband:latest
+build-image-inband:
 	@echo ">>>> NOTE: You may want to execute 'make build-image-nocache' depending on the Docker stages changed"
-	docker build --rm=true -f Dockerfile -t ${DOCKER_REGISTRY}:latest  . \
+	docker build --rm=true -f Dockerfile.inband -t ${DOCKER_REGISTRY}:latest  . \
 							 --label org.label-schema.schema-version=1.0 \
 							 --label org.label-schema.vcs-ref=$(GIT_COMMIT_FULL) \
 							 --label org.label-schema.vcs-url=$(REPO)
 
 ## build docker image, ignoring the cache
-build-image-nocache:
-	docker build --no-cache --rm=true -f Dockerfile -t ${DOCKER_REGISTRY}:latest  . \
+build-image-inband-nocache:
+	docker build --no-cache --rm=true -f Dockerfile.inband -t ${DOCKER_REGISTRY}:latest  . \
 							 --label org.label-schema.schema-version=1.0 \
 							 --label org.label-schema.vcs-ref=$(GIT_COMMIT_FULL) \
 							 --label org.label-schema.vcs-url=$(REPO)

README.md

@@ -1,20 +1,67 @@
-Alloy collects and reports hardware inventory inband.
+### Alloy - hardware inventory collector.
 
+Alloy collects and publishes server hardware inventory.
+
+Hardware inventory includes information on the hardware components present on a server,
+the firmware versions installed and the component health status.
+
+Inventory collection with Alloy can be executed in two modes,
+ - `In band` - the alloy command is executed on the target host OS.
+ - `Out of band` - the alloy command is executed on a remote system that can reach the target BMC.
+
+The `outofband` command will cause Alloy to collect inventory from the server BMC.
+
+The command requires BMC credential information provided by the `-asset-source` flag,
+see [examples](examples/assets.csv).
+
+The command also requires the `-publish-target`, which must be either `stdout` or `serverService`.
+
+For Alloy internals see [README-development.md](docs/README-development.md)
+
+##### sample commands
+
+CSV file asset source with inventory published to stdout
+```
+./alloy outofband  -asset-source csv \
+                   -csv-file examples/assets.csv \
+                   -publish-target stdout
 ```
-❯ ./alloy inventory 
-NAME:
-   alloy inventory - collect inventory
 
-USAGE:
-   alloy inventory [command options] [arguments...]
+CSV file asset source with inventory published to serverService
+```
+export SERVERSERVICE_AUTH_TOKEN="hunter2"
+export SERVERSERVICE_ENDPOINT="http://127.0.0.1:8000"
 
-OPTIONS:
-   --component-type value, -t value  Component slug to collect inventory for.
-   --server-url value, -u value      server URL to submit inventory. [$SERVER_URL]
-   --local-file value, -l value      write inventory results to local file.
-   --dry-run, -d                     collect inventory, skip posting data to server URL.
-   --verbose, -v                     Turn on verbose messages for debugging.
-   
-2022/05/13 16:37:29 Required flag "server-url" not set
+./alloy outofband  -asset-source csv \
+                   -csv-file examples/assets.csv \
+                   -publish-target serverService
+```
 
-```
+
+EMAPI as an asset source with inventory published to stdout.
+
+In this case the asset id is passed to the `-list` flag, and the `-config-file` parameter is required.
+```
+alloy outofband  -asset-source emapi \
+                 -publish-target stdout \
+                 -config-file examples/alloy.yaml \
+                 -list fc167440-18d3-4455-b5ee-1c8e347b3f36
+```
+
+### Alloy commands
+
+```
+❯ ./alloy --help
+USAGE
+  alloy [inband|outofband] [flags]
+
+SUBCOMMANDS
+  outofband  outofband command collects asset inventory out of band
+  inband     inband command runs on target hardware to collect inventory inband
+
+FLAGS
+  -config-file ...     Alloy config file
+  -debug=false         Set logging to debug level.
+  -publish-target ...  Publish collected inventory to [serverService|stdout]
+  -trace=false         Set logging to trace level.
+```