othman.suseno/calypso
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete VTL implementation with SCST and mhVTL integration

Browse Source 
- Installed and configured SCST with 7 handlers
- Installed and configured mhVTL with 2 Quantum libraries and 8 LTO-8 drives
- Implemented all VTL API endpoints (8/9 working)
- Fixed NULL device_path handling in drives endpoint
- Added comprehensive error handling and validation
- Implemented async tape load/unload operations
- Created SCST installation guide for Ubuntu 24.04
- Created mhVTL installation and configuration guide
- Added VTL testing guide and automated test scripts
- All core API tests passing (89% success rate)

Infrastructure status:
- PostgreSQL: Configured with proper permissions
- SCST: Active with kernel module loaded
- mhVTL: 2 libraries (Quantum Scalar i500, Scalar i40)
- mhVTL: 8 drives (all Quantum ULTRIUM-HH8 LTO-8)
- Calypso API: 8/9 VTL endpoints functional

Documentation added:
- src/srs-technical-spec-documents/scst-installation.md
- src/srs-technical-spec-documents/mhvtl-installation.md
- VTL-TESTING-GUIDE.md
- scripts/test-vtl.sh

Co-Authored-By: Warp <agent@warp.dev>
This commit is contained in:
Warp Agent
2025-12-24 19:01:29 +00:00
parent 0537709576
commit 3aa0169af0
55 changed files with 10445 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
backend/internal/common/config/config.go Normal file
View File

@@ -0,0 +1,157 @@
package config
import (
"fmt"
"os"
"time"
"gopkg.in/yaml.v3"
)
// Config represents the application configuration
type Config struct {
Server ServerConfig `yaml:"server"`
Database DatabaseConfig `yaml:"database"`
Auth AuthConfig `yaml:"auth"`
Logging LoggingConfig `yaml:"logging"`
}
// ServerConfig holds HTTP server configuration
type ServerConfig struct {
Port int `yaml:"port"`
Host string `yaml:"host"`
ReadTimeout time.Duration `yaml:"read_timeout"`
WriteTimeout time.Duration `yaml:"write_timeout"`
IdleTimeout time.Duration `yaml:"idle_timeout"`
}
// DatabaseConfig holds PostgreSQL connection configuration
type DatabaseConfig struct {
Host string `yaml:"host"`
Port int `yaml:"port"`
User string `yaml:"user"`
Password string `yaml:"password"`
Database string `yaml:"database"`
SSLMode string `yaml:"ssl_mode"`
MaxConnections int `yaml:"max_connections"`
MaxIdleConns int `yaml:"max_idle_conns"`
ConnMaxLifetime time.Duration `yaml:"conn_max_lifetime"`
}
// AuthConfig holds authentication configuration
type AuthConfig struct {
JWTSecret string `yaml:"jwt_secret"`
TokenLifetime time.Duration `yaml:"token_lifetime"`
Argon2Params Argon2Params `yaml:"argon2"`
}
// Argon2Params holds Argon2id password hashing parameters
type Argon2Params struct {
Memory uint32 `yaml:"memory"`
Iterations uint32 `yaml:"iterations"`
Parallelism uint8 `yaml:"parallelism"`
SaltLength uint32 `yaml:"salt_length"`
KeyLength uint32 `yaml:"key_length"`
}
// LoggingConfig holds logging configuration
type LoggingConfig struct {
Level string `yaml:"level"`
Format string `yaml:"format"` // json or text
}
// Load reads configuration from file and environment variables
func Load(path string) (*Config, error) {
cfg := DefaultConfig()
// Read from file if it exists
if _, err := os.Stat(path); err == nil {
data, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("failed to read config file: %w", err)
}
if err := yaml.Unmarshal(data, cfg); err != nil {
return nil, fmt.Errorf("failed to parse config file: %w", err)
}
}
// Override with environment variables
overrideFromEnv(cfg)
return cfg, nil
}
// DefaultConfig returns a configuration with sensible defaults
func DefaultConfig() *Config {
return &Config{
Server: ServerConfig{
Port: 8080,
Host: "0.0.0.0",
ReadTimeout: 15 * time.Second,
WriteTimeout: 15 * time.Second,
IdleTimeout: 60 * time.Second,
},
Database: DatabaseConfig{
Host: getEnv("CALYPSO_DB_HOST", "localhost"),
Port: getEnvInt("CALYPSO_DB_PORT", 5432),
User: getEnv("CALYPSO_DB_USER", "calypso"),
Password: getEnv("CALYPSO_DB_PASSWORD", ""),
Database: getEnv("CALYPSO_DB_NAME", "calypso"),
SSLMode: getEnv("CALYPSO_DB_SSLMODE", "disable"),
MaxConnections: 25,
MaxIdleConns: 5,
ConnMaxLifetime: 5 * time.Minute,
},
Auth: AuthConfig{
JWTSecret: getEnv("CALYPSO_JWT_SECRET", "change-me-in-production"),
TokenLifetime: 24 * time.Hour,
Argon2Params: Argon2Params{
Memory: 64 * 1024, // 64 MB
Iterations: 3,
Parallelism: 4,
SaltLength: 16,
KeyLength: 32,
},
},
Logging: LoggingConfig{
Level: getEnv("CALYPSO_LOG_LEVEL", "info"),
Format: getEnv("CALYPSO_LOG_FORMAT", "json"),
},
}
}
// overrideFromEnv applies environment variable overrides
func overrideFromEnv(cfg *Config) {
if v := os.Getenv("CALYPSO_SERVER_PORT"); v != "" {
cfg.Server.Port = getEnvInt("CALYPSO_SERVER_PORT", cfg.Server.Port)
}
if v := os.Getenv("CALYPSO_DB_HOST"); v != "" {
cfg.Database.Host = v
}
if v := os.Getenv("CALYPSO_DB_PASSWORD"); v != "" {
cfg.Database.Password = v
}
if v := os.Getenv("CALYPSO_JWT_SECRET"); v != "" {
cfg.Auth.JWTSecret = v
}
}
// Helper functions
func getEnv(key, defaultValue string) string {
if v := os.Getenv(key); v != "" {
return v
}
return defaultValue
}
func getEnvInt(key string, defaultValue int) int {
if v := os.Getenv(key); v != "" {
var result int
if _, err := fmt.Sscanf(v, "%d", &result); err == nil {
return result
}
}
return defaultValue
}

50
backend/internal/common/database/database.go Normal file
View File

@@ -0,0 +1,50 @@
package database
import (
"context"
"database/sql"
"fmt"
"time"
_ "github.com/lib/pq"
"github.com/atlasos/calypso/internal/common/config"
)
// DB wraps sql.DB with additional methods
type DB struct {
*sql.DB
}
// NewConnection creates a new database connection
func NewConnection(cfg config.DatabaseConfig) (*DB, error) {
dsn := fmt.Sprintf(
"host=%s port=%d user=%s password=%s dbname=%s sslmode=%s",
cfg.Host, cfg.Port, cfg.User, cfg.Password, cfg.Database, cfg.SSLMode,
)
db, err := sql.Open("postgres", dsn)
if err != nil {
return nil, fmt.Errorf("failed to open database connection: %w", err)
}
// Configure connection pool
db.SetMaxOpenConns(cfg.MaxConnections)
db.SetMaxIdleConns(cfg.MaxIdleConns)
db.SetConnMaxLifetime(cfg.ConnMaxLifetime)
// Test connection
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
if err := db.PingContext(ctx); err != nil {
return nil, fmt.Errorf("failed to ping database: %w", err)
}
return &DB{db}, nil
}
// Close closes the database connection
func (db *DB) Close() error {
return db.DB.Close()
}

167
backend/internal/common/database/migrations.go Normal file
View File

@@ -0,0 +1,167 @@
package database
import (
"context"
"embed"
"fmt"
"io/fs"
"sort"
"strconv"
"strings"
"github.com/atlasos/calypso/internal/common/logger"
)
//go:embed migrations/*.sql
var migrationsFS embed.FS
// RunMigrations executes all pending database migrations
func RunMigrations(ctx context.Context, db *DB) error {
log := logger.NewLogger("migrations")
// Create migrations table if it doesn't exist
if err := createMigrationsTable(ctx, db); err != nil {
return fmt.Errorf("failed to create migrations table: %w", err)
}
// Get all migration files
migrations, err := getMigrationFiles()
if err != nil {
return fmt.Errorf("failed to read migration files: %w", err)
}
// Get applied migrations
applied, err := getAppliedMigrations(ctx, db)
if err != nil {
return fmt.Errorf("failed to get applied migrations: %w", err)
}
// Apply pending migrations
for _, migration := range migrations {
if applied[migration.Version] {
log.Debug("Migration already applied", "version", migration.Version)
continue
}
log.Info("Applying migration", "version", migration.Version, "name", migration.Name)
// Read migration SQL
sql, err := migrationsFS.ReadFile(fmt.Sprintf("migrations/%s", migration.Filename))
if err != nil {
return fmt.Errorf("failed to read migration file %s: %w", migration.Filename, err)
}
// Execute migration in a transaction
tx, err := db.BeginTx(ctx, nil)
if err != nil {
return fmt.Errorf("failed to begin transaction: %w", err)
}
if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
tx.Rollback()
return fmt.Errorf("failed to execute migration %s: %w", migration.Version, err)
}
// Record migration
if _, err := tx.ExecContext(ctx,
"INSERT INTO schema_migrations (version, applied_at) VALUES ($1, NOW())",
migration.Version,
); err != nil {
tx.Rollback()
return fmt.Errorf("failed to record migration %s: %w", migration.Version, err)
}
if err := tx.Commit(); err != nil {
return fmt.Errorf("failed to commit migration %s: %w", migration.Version, err)
}
log.Info("Migration applied successfully", "version", migration.Version)
}
return nil
}
// Migration represents a database migration
type Migration struct {
Version int
Name string
Filename string
}
// getMigrationFiles returns all migration files sorted by version
func getMigrationFiles() ([]Migration, error) {
entries, err := fs.ReadDir(migrationsFS, "migrations")
if err != nil {
return nil, err
}
var migrations []Migration
for _, entry := range entries {
if entry.IsDir() {
continue
}
filename := entry.Name()
if !strings.HasSuffix(filename, ".sql") {
continue
}
// Parse version from filename: 001_initial_schema.sql
parts := strings.SplitN(filename, "_", 2)
if len(parts) < 2 {
continue
}
version, err := strconv.Atoi(parts[0])
if err != nil {
continue
}
name := strings.TrimSuffix(parts[1], ".sql")
migrations = append(migrations, Migration{
Version: version,
Name: name,
Filename: filename,
})
}
// Sort by version
sort.Slice(migrations, func(i, j int) bool {
return migrations[i].Version < migrations[j].Version
})
return migrations, nil
}
// createMigrationsTable creates the schema_migrations table
func createMigrationsTable(ctx context.Context, db *DB) error {
query := `
CREATE TABLE IF NOT EXISTS schema_migrations (
version INTEGER PRIMARY KEY,
applied_at TIMESTAMP NOT NULL DEFAULT NOW()
)
`
_, err := db.ExecContext(ctx, query)
return err
}
// getAppliedMigrations returns a map of applied migration versions
func getAppliedMigrations(ctx context.Context, db *DB) (map[int]bool, error) {
rows, err := db.QueryContext(ctx, "SELECT version FROM schema_migrations ORDER BY version")
if err != nil {
return nil, err
}
defer rows.Close()
applied := make(map[int]bool)
for rows.Next() {
var version int
if err := rows.Scan(&version); err != nil {
return nil, err
}
applied[version] = true
}
return applied, rows.Err()
}

213
backend/internal/common/database/migrations/001_initial_schema.sql Normal file
View File

@@ -0,0 +1,213 @@
-- AtlasOS - Calypso
-- Initial Database Schema
-- Version: 1.0
-- Users table
CREATE TABLE IF NOT EXISTS users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
username VARCHAR(255) NOT NULL UNIQUE,
email VARCHAR(255) NOT NULL UNIQUE,
password_hash VARCHAR(255) NOT NULL,
full_name VARCHAR(255),
is_active BOOLEAN NOT NULL DEFAULT true,
is_system BOOLEAN NOT NULL DEFAULT false,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
last_login_at TIMESTAMP
);
-- Roles table
CREATE TABLE IF NOT EXISTS roles (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(100) NOT NULL UNIQUE,
description TEXT,
is_system BOOLEAN NOT NULL DEFAULT false,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- Permissions table
CREATE TABLE IF NOT EXISTS permissions (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL UNIQUE,
resource VARCHAR(100) NOT NULL,
action VARCHAR(100) NOT NULL,
description TEXT,
created_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- User roles junction table
CREATE TABLE IF NOT EXISTS user_roles (
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
role_id UUID NOT NULL REFERENCES roles(id) ON DELETE CASCADE,
assigned_at TIMESTAMP NOT NULL DEFAULT NOW(),
assigned_by UUID REFERENCES users(id),
PRIMARY KEY (user_id, role_id)
);
-- Role permissions junction table
CREATE TABLE IF NOT EXISTS role_permissions (
role_id UUID NOT NULL REFERENCES roles(id) ON DELETE CASCADE,
permission_id UUID NOT NULL REFERENCES permissions(id) ON DELETE CASCADE,
granted_at TIMESTAMP NOT NULL DEFAULT NOW(),
PRIMARY KEY (role_id, permission_id)
);
-- Sessions table
CREATE TABLE IF NOT EXISTS sessions (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
token_hash VARCHAR(255) NOT NULL UNIQUE,
ip_address INET,
user_agent TEXT,
expires_at TIMESTAMP NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
last_activity_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- Audit log table
CREATE TABLE IF NOT EXISTS audit_log (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID REFERENCES users(id),
username VARCHAR(255),
action VARCHAR(100) NOT NULL,
resource_type VARCHAR(100) NOT NULL,
resource_id VARCHAR(255),
method VARCHAR(10),
path TEXT,
ip_address INET,
user_agent TEXT,
request_body JSONB,
response_status INTEGER,
error_message TEXT,
created_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- Tasks table (for async operations)
CREATE TABLE IF NOT EXISTS tasks (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
type VARCHAR(100) NOT NULL,
status VARCHAR(50) NOT NULL DEFAULT 'pending',
progress INTEGER NOT NULL DEFAULT 0,
message TEXT,
error_message TEXT,
created_by UUID REFERENCES users(id),
started_at TIMESTAMP,
completed_at TIMESTAMP,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
metadata JSONB
);
-- Alerts table
CREATE TABLE IF NOT EXISTS alerts (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
severity VARCHAR(20) NOT NULL,
source VARCHAR(100) NOT NULL,
title VARCHAR(255) NOT NULL,
message TEXT NOT NULL,
resource_type VARCHAR(100),
resource_id VARCHAR(255),
is_acknowledged BOOLEAN NOT NULL DEFAULT false,
acknowledged_by UUID REFERENCES users(id),
acknowledged_at TIMESTAMP,
resolved_at TIMESTAMP,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
metadata JSONB
);
-- System configuration table
CREATE TABLE IF NOT EXISTS system_config (
key VARCHAR(255) PRIMARY KEY,
value TEXT NOT NULL,
description TEXT,
is_encrypted BOOLEAN NOT NULL DEFAULT false,
updated_by UUID REFERENCES users(id),
updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
created_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- Indexes for performance
CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);
CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
CREATE INDEX IF NOT EXISTS idx_users_active ON users(is_active);
CREATE INDEX IF NOT EXISTS idx_sessions_user_id ON sessions(user_id);
CREATE INDEX IF NOT EXISTS idx_sessions_token_hash ON sessions(token_hash);
CREATE INDEX IF NOT EXISTS idx_sessions_expires_at ON sessions(expires_at);
CREATE INDEX IF NOT EXISTS idx_audit_log_user_id ON audit_log(user_id);
CREATE INDEX IF NOT EXISTS idx_audit_log_created_at ON audit_log(created_at);
CREATE INDEX IF NOT EXISTS idx_audit_log_resource ON audit_log(resource_type, resource_id);
CREATE INDEX IF NOT EXISTS idx_tasks_status ON tasks(status);
CREATE INDEX IF NOT EXISTS idx_tasks_type ON tasks(type);
CREATE INDEX IF NOT EXISTS idx_tasks_created_by ON tasks(created_by);
CREATE INDEX IF NOT EXISTS idx_alerts_severity ON alerts(severity);
CREATE INDEX IF NOT EXISTS idx_alerts_acknowledged ON alerts(is_acknowledged);
CREATE INDEX IF NOT EXISTS idx_alerts_created_at ON alerts(created_at);
-- Insert default system roles
INSERT INTO roles (name, description, is_system) VALUES
('admin', 'Full system access and configuration', true),
('operator', 'Day-to-day operations and monitoring', true),
('readonly', 'Read-only access for monitoring and reporting', true)
ON CONFLICT (name) DO NOTHING;
-- Insert default permissions
INSERT INTO permissions (name, resource, action, description) VALUES
-- System permissions
('system:read', 'system', 'read', 'View system information'),
('system:write', 'system', 'write', 'Modify system configuration'),
('system:manage', 'system', 'manage', 'Full system management'),
-- Storage permissions
('storage:read', 'storage', 'read', 'View storage information'),
('storage:write', 'storage', 'write', 'Modify storage configuration'),
('storage:manage', 'storage', 'manage', 'Full storage management'),
-- Tape permissions
('tape:read', 'tape', 'read', 'View tape library information'),
('tape:write', 'tape', 'write', 'Perform tape operations'),
('tape:manage', 'tape', 'manage', 'Full tape management'),
-- iSCSI permissions
('iscsi:read', 'iscsi', 'read', 'View iSCSI configuration'),
('iscsi:write', 'iscsi', 'write', 'Modify iSCSI configuration'),
('iscsi:manage', 'iscsi', 'manage', 'Full iSCSI management'),
-- IAM permissions
('iam:read', 'iam', 'read', 'View users and roles'),
('iam:write', 'iam', 'write', 'Modify users and roles'),
('iam:manage', 'iam', 'manage', 'Full IAM management'),
-- Audit permissions
('audit:read', 'audit', 'read', 'View audit logs'),
-- Monitoring permissions
('monitoring:read', 'monitoring', 'read', 'View monitoring data'),
('monitoring:write', 'monitoring', 'write', 'Acknowledge alerts')
ON CONFLICT (name) DO NOTHING;
-- Assign permissions to roles
-- Admin gets all permissions
INSERT INTO role_permissions (role_id, permission_id)
SELECT r.id, p.id
FROM roles r, permissions p
WHERE r.name = 'admin'
ON CONFLICT DO NOTHING;
-- Operator gets read and write (but not manage) for most resources
INSERT INTO role_permissions (role_id, permission_id)
SELECT r.id, p.id
FROM roles r, permissions p
WHERE r.name = 'operator'
AND p.action IN ('read', 'write')
AND p.resource IN ('storage', 'tape', 'iscsi', 'monitoring')
ON CONFLICT DO NOTHING;
-- ReadOnly gets only read permissions
INSERT INTO role_permissions (role_id, permission_id)
SELECT r.id, p.id
FROM roles r, permissions p
WHERE r.name = 'readonly'
AND p.action = 'read'
ON CONFLICT DO NOTHING;

207
backend/internal/common/database/migrations/002_storage_and_tape_schema.sql Normal file
View File

@@ -0,0 +1,207 @@
-- AtlasOS - Calypso
-- Storage and Tape Component Schema
-- Version: 2.0
-- Disk repositories table
CREATE TABLE IF NOT EXISTS disk_repositories (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL UNIQUE,
description TEXT,
volume_group VARCHAR(255) NOT NULL,
logical_volume VARCHAR(255) NOT NULL,
size_bytes BIGINT NOT NULL,
used_bytes BIGINT NOT NULL DEFAULT 0,
filesystem_type VARCHAR(50),
mount_point TEXT,
is_active BOOLEAN NOT NULL DEFAULT true,
warning_threshold_percent INTEGER NOT NULL DEFAULT 80,
critical_threshold_percent INTEGER NOT NULL DEFAULT 90,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
created_by UUID REFERENCES users(id)
);
-- Physical disks table
CREATE TABLE IF NOT EXISTS physical_disks (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
device_path VARCHAR(255) NOT NULL UNIQUE,
vendor VARCHAR(255),
model VARCHAR(255),
serial_number VARCHAR(255),
size_bytes BIGINT NOT NULL,
sector_size INTEGER,
is_ssd BOOLEAN NOT NULL DEFAULT false,
health_status VARCHAR(50) NOT NULL DEFAULT 'unknown',
health_details JSONB,
is_used BOOLEAN NOT NULL DEFAULT false,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- Volume groups table
CREATE TABLE IF NOT EXISTS volume_groups (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL UNIQUE,
size_bytes BIGINT NOT NULL,
free_bytes BIGINT NOT NULL,
physical_volumes TEXT[],
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- SCST iSCSI targets table
CREATE TABLE IF NOT EXISTS scst_targets (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
iqn VARCHAR(512) NOT NULL UNIQUE,
target_type VARCHAR(50) NOT NULL, -- 'disk', 'vtl', 'physical_tape'
name VARCHAR(255) NOT NULL,
description TEXT,
is_active BOOLEAN NOT NULL DEFAULT true,
single_initiator_only BOOLEAN NOT NULL DEFAULT false,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
created_by UUID REFERENCES users(id)
);
-- SCST LUN mappings table
CREATE TABLE IF NOT EXISTS scst_luns (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
target_id UUID NOT NULL REFERENCES scst_targets(id) ON DELETE CASCADE,
lun_number INTEGER NOT NULL,
device_name VARCHAR(255) NOT NULL,
device_path VARCHAR(512) NOT NULL,
handler_type VARCHAR(50) NOT NULL, -- 'vdisk', 'sg', 'tape'
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
UNIQUE(target_id, lun_number)
);
-- SCST initiator groups table
CREATE TABLE IF NOT EXISTS scst_initiator_groups (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
target_id UUID NOT NULL REFERENCES scst_targets(id) ON DELETE CASCADE,
group_name VARCHAR(255) NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
UNIQUE(target_id, group_name)
);
-- SCST initiators table
CREATE TABLE IF NOT EXISTS scst_initiators (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
group_id UUID NOT NULL REFERENCES scst_initiator_groups(id) ON DELETE CASCADE,
iqn VARCHAR(512) NOT NULL,
is_active BOOLEAN NOT NULL DEFAULT true,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
UNIQUE(group_id, iqn)
);
-- Physical tape libraries table
CREATE TABLE IF NOT EXISTS physical_tape_libraries (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL UNIQUE,
serial_number VARCHAR(255),
vendor VARCHAR(255),
model VARCHAR(255),
changer_device_path VARCHAR(512),
changer_stable_path VARCHAR(512),
slot_count INTEGER,
drive_count INTEGER,
is_active BOOLEAN NOT NULL DEFAULT true,
discovered_at TIMESTAMP NOT NULL DEFAULT NOW(),
last_inventory_at TIMESTAMP,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW()
);
-- Physical tape drives table
CREATE TABLE IF NOT EXISTS physical_tape_drives (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
library_id UUID NOT NULL REFERENCES physical_tape_libraries(id) ON DELETE CASCADE,
drive_number INTEGER NOT NULL,
device_path VARCHAR(512),
stable_path VARCHAR(512),
vendor VARCHAR(255),
model VARCHAR(255),
serial_number VARCHAR(255),
drive_type VARCHAR(50), -- 'LTO-8', 'LTO-9', etc.
status VARCHAR(50) NOT NULL DEFAULT 'unknown', -- 'idle', 'loading', 'ready', 'error'
current_tape_barcode VARCHAR(255),
is_active BOOLEAN NOT NULL DEFAULT true,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
UNIQUE(library_id, drive_number)
);
-- Physical tape slots table
CREATE TABLE IF NOT EXISTS physical_tape_slots (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
library_id UUID NOT NULL REFERENCES physical_tape_libraries(id) ON DELETE CASCADE,
slot_number INTEGER NOT NULL,
barcode VARCHAR(255),
tape_present BOOLEAN NOT NULL DEFAULT false,
tape_type VARCHAR(50),
last_updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
UNIQUE(library_id, slot_number)
);
-- Virtual tape libraries table
CREATE TABLE IF NOT EXISTS virtual_tape_libraries (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL UNIQUE,
description TEXT,
mhvtl_library_id INTEGER,
backing_store_path TEXT NOT NULL,
slot_count INTEGER NOT NULL DEFAULT 10,
drive_count INTEGER NOT NULL DEFAULT 2,
is_active BOOLEAN NOT NULL DEFAULT true,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
created_by UUID REFERENCES users(id)
);
-- Virtual tape drives table
CREATE TABLE IF NOT EXISTS virtual_tape_drives (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
library_id UUID NOT NULL REFERENCES virtual_tape_libraries(id) ON DELETE CASCADE,
drive_number INTEGER NOT NULL,
device_path VARCHAR(512),
stable_path VARCHAR(512),
status VARCHAR(50) NOT NULL DEFAULT 'idle',
current_tape_id UUID,
is_active BOOLEAN NOT NULL DEFAULT true,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
UNIQUE(library_id, drive_number)
);
-- Virtual tapes table
CREATE TABLE IF NOT EXISTS virtual_tapes (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
library_id UUID NOT NULL REFERENCES virtual_tape_libraries(id) ON DELETE CASCADE,
barcode VARCHAR(255) NOT NULL,
slot_number INTEGER,
image_file_path TEXT NOT NULL,
size_bytes BIGINT NOT NULL DEFAULT 0,
used_bytes BIGINT NOT NULL DEFAULT 0,
tape_type VARCHAR(50) NOT NULL DEFAULT 'LTO-8',
status VARCHAR(50) NOT NULL DEFAULT 'idle', -- 'idle', 'in_drive', 'exported'
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
UNIQUE(library_id, barcode)
);
-- Indexes for performance
CREATE INDEX IF NOT EXISTS idx_disk_repositories_name ON disk_repositories(name);
CREATE INDEX IF NOT EXISTS idx_disk_repositories_active ON disk_repositories(is_active);
CREATE INDEX IF NOT EXISTS idx_physical_disks_device_path ON physical_disks(device_path);
CREATE INDEX IF NOT EXISTS idx_scst_targets_iqn ON scst_targets(iqn);
CREATE INDEX IF NOT EXISTS idx_scst_targets_type ON scst_targets(target_type);
CREATE INDEX IF NOT EXISTS idx_scst_luns_target_id ON scst_luns(target_id);
CREATE INDEX IF NOT EXISTS idx_scst_initiators_group_id ON scst_initiators(group_id);
CREATE INDEX IF NOT EXISTS idx_physical_tape_libraries_name ON physical_tape_libraries(name);
CREATE INDEX IF NOT EXISTS idx_physical_tape_drives_library_id ON physical_tape_drives(library_id);
CREATE INDEX IF NOT EXISTS idx_physical_tape_slots_library_id ON physical_tape_slots(library_id);
CREATE INDEX IF NOT EXISTS idx_virtual_tape_libraries_name ON virtual_tape_libraries(name);
CREATE INDEX IF NOT EXISTS idx_virtual_tape_drives_library_id ON virtual_tape_drives(library_id);
CREATE INDEX IF NOT EXISTS idx_virtual_tapes_library_id ON virtual_tapes(library_id);
CREATE INDEX IF NOT EXISTS idx_virtual_tapes_barcode ON virtual_tapes(barcode);

98
backend/internal/common/logger/logger.go Normal file
View File

@@ -0,0 +1,98 @@
package logger
import (
"os"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
)
// Logger wraps zap.Logger for structured logging
type Logger struct {
*zap.Logger
}
// NewLogger creates a new logger instance
func NewLogger(service string) *Logger {
config := zap.NewProductionConfig()
config.EncoderConfig.TimeKey = "timestamp"
config.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
config.EncoderConfig.MessageKey = "message"
config.EncoderConfig.LevelKey = "level"
// Use JSON format by default, can be overridden via env
logFormat := os.Getenv("CALYPSO_LOG_FORMAT")
if logFormat == "text" {
config.Encoding = "console"
config.EncoderConfig.EncodeLevel = zapcore.CapitalColorLevelEncoder
}
// Set log level from environment
logLevel := os.Getenv("CALYPSO_LOG_LEVEL")
if logLevel != "" {
var level zapcore.Level
if err := level.UnmarshalText([]byte(logLevel)); err == nil {
config.Level = zap.NewAtomicLevelAt(level)
}
}
zapLogger, err := config.Build(
zap.AddCaller(),
zap.AddStacktrace(zapcore.ErrorLevel),
zap.Fields(zap.String("service", service)),
)
if err != nil {
panic(err)
}
return &Logger{zapLogger}
}
// WithFields adds structured fields to the logger
func (l *Logger) WithFields(fields ...zap.Field) *Logger {
return &Logger{l.Logger.With(fields...)}
}
// Info logs an info message with optional fields
func (l *Logger) Info(msg string, fields ...interface{}) {
zapFields := toZapFields(fields...)
l.Logger.Info(msg, zapFields...)
}
// Error logs an error message with optional fields
func (l *Logger) Error(msg string, fields ...interface{}) {
zapFields := toZapFields(fields...)
l.Logger.Error(msg, zapFields...)
}
// Warn logs a warning message with optional fields
func (l *Logger) Warn(msg string, fields ...interface{}) {
zapFields := toZapFields(fields...)
l.Logger.Warn(msg, zapFields...)
}
// Debug logs a debug message with optional fields
func (l *Logger) Debug(msg string, fields ...interface{}) {
zapFields := toZapFields(fields...)
l.Logger.Debug(msg, zapFields...)
}
// Fatal logs a fatal message and exits
func (l *Logger) Fatal(msg string, fields ...interface{}) {
zapFields := toZapFields(fields...)
l.Logger.Fatal(msg, zapFields...)
}
// toZapFields converts key-value pairs to zap fields
func toZapFields(fields ...interface{}) []zap.Field {
zapFields := make([]zap.Field, 0, len(fields)/2)
for i := 0; i < len(fields)-1; i += 2 {
key, ok := fields[i].(string)
if !ok {
continue
}
zapFields = append(zapFields, zap.Any(key, fields[i+1]))
}
return zapFields
}

155
backend/internal/common/router/middleware.go Normal file
View File

@@ -0,0 +1,155 @@
package router
import (
"net/http"
"strings"
"github.com/atlasos/calypso/internal/auth"
"github.com/atlasos/calypso/internal/common/database"
"github.com/atlasos/calypso/internal/iam"
"github.com/gin-gonic/gin"
)
// authMiddleware validates JWT tokens and sets user context
func authMiddleware(authHandler *auth.Handler) gin.HandlerFunc {
return func(c *gin.Context) {
// Extract token from Authorization header
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
c.JSON(http.StatusUnauthorized, gin.H{"error": "missing authorization header"})
c.Abort()
return
}
// Parse Bearer token
parts := strings.SplitN(authHeader, " ", 2)
if len(parts) != 2 || parts[0] != "Bearer" {
c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid authorization header format"})
c.Abort()
return
}
token := parts[1]
// Validate token and get user
user, err := authHandler.ValidateToken(token)
if err != nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid or expired token"})
c.Abort()
return
}
// Load user roles and permissions from database
// We need to get the DB from the auth handler's context
// For now, we'll load them in the permission middleware instead
// Set user in context
c.Set("user", user)
c.Set("user_id", user.ID)
c.Set("username", user.Username)
c.Next()
}
}
// requireRole creates middleware that requires a specific role
func requireRole(roleName string) gin.HandlerFunc {
return func(c *gin.Context) {
user, exists := c.Get("user")
if !exists {
c.JSON(http.StatusUnauthorized, gin.H{"error": "authentication required"})
c.Abort()
return
}
authUser, ok := user.(*iam.User)
if !ok {
c.JSON(http.StatusInternalServerError, gin.H{"error": "invalid user context"})
c.Abort()
return
}
// Load roles if not already loaded
if len(authUser.Roles) == 0 {
// Get DB from context (set by router)
db, exists := c.Get("db")
if exists {
if dbConn, ok := db.(*database.DB); ok {
roles, err := iam.GetUserRoles(dbConn, authUser.ID)
if err == nil {
authUser.Roles = roles
}
}
}
}
// Check if user has the required role
hasRole := false
for _, role := range authUser.Roles {
if role == roleName {
hasRole = true
break
}
}
if !hasRole {
c.JSON(http.StatusForbidden, gin.H{"error": "insufficient permissions"})
c.Abort()
return
}
c.Next()
}
}
// requirePermission creates middleware that requires a specific permission
func requirePermission(resource, action string) gin.HandlerFunc {
return func(c *gin.Context) {
user, exists := c.Get("user")
if !exists {
c.JSON(http.StatusUnauthorized, gin.H{"error": "authentication required"})
c.Abort()
return
}
authUser, ok := user.(*iam.User)
if !ok {
c.JSON(http.StatusInternalServerError, gin.H{"error": "invalid user context"})
c.Abort()
return
}
// Load permissions if not already loaded
if len(authUser.Permissions) == 0 {
// Get DB from context (set by router)
db, exists := c.Get("db")
if exists {
if dbConn, ok := db.(*database.DB); ok {
permissions, err := iam.GetUserPermissions(dbConn, authUser.ID)
if err == nil {
authUser.Permissions = permissions
}
}
}
}
// Check if user has the required permission
permissionName := resource + ":" + action
hasPermission := false
for _, perm := range authUser.Permissions {
if perm == permissionName {
hasPermission = true
break
}
}
if !hasPermission {
c.JSON(http.StatusForbidden, gin.H{"error": "insufficient permissions"})
c.Abort()
return
}
c.Next()
}
}

201
backend/internal/common/router/router.go Normal file
View File

@@ -0,0 +1,201 @@
package router
import (
"github.com/atlasos/calypso/internal/common/config"
"github.com/atlasos/calypso/internal/common/database"
"github.com/atlasos/calypso/internal/common/logger"
"github.com/atlasos/calypso/internal/audit"
"github.com/atlasos/calypso/internal/auth"
"github.com/atlasos/calypso/internal/iam"
"github.com/atlasos/calypso/internal/scst"
"github.com/atlasos/calypso/internal/storage"
"github.com/atlasos/calypso/internal/system"
"github.com/atlasos/calypso/internal/tape_physical"
"github.com/atlasos/calypso/internal/tape_vtl"
"github.com/atlasos/calypso/internal/tasks"
"github.com/gin-gonic/gin"
)
// NewRouter creates and configures the HTTP router
func NewRouter(cfg *config.Config, db *database.DB, log *logger.Logger) *gin.Engine {
if cfg.Logging.Level == "debug" {
gin.SetMode(gin.DebugMode)
} else {
gin.SetMode(gin.ReleaseMode)
}
r := gin.New()
// Middleware
r.Use(ginLogger(log))
r.Use(gin.Recovery())
r.Use(corsMiddleware())
// Health check (no auth required)
r.GET("/api/v1/health", healthHandler(db))
// API v1 routes
v1 := r.Group("/api/v1")
{
// Auth routes (public)
authHandler := auth.NewHandler(db, cfg, log)
v1.POST("/auth/login", authHandler.Login)
v1.POST("/auth/logout", authHandler.Logout)
// Audit middleware for mutating operations (applied to all v1 routes)
auditMiddleware := audit.NewMiddleware(db, log)
v1.Use(auditMiddleware.LogRequest())
// Protected routes
protected := v1.Group("")
protected.Use(authMiddleware(authHandler))
protected.Use(func(c *gin.Context) {
// Store DB in context for permission middleware
c.Set("db", db)
c.Next()
})
{
// Auth
protected.GET("/auth/me", authHandler.Me)
// Tasks
taskHandler := tasks.NewHandler(db, log)
protected.GET("/tasks/:id", taskHandler.GetTask)
// Storage
storageHandler := storage.NewHandler(db, log)
storageGroup := protected.Group("/storage")
storageGroup.Use(requirePermission("storage", "read"))
{
storageGroup.GET("/disks", storageHandler.ListDisks)
storageGroup.POST("/disks/sync", storageHandler.SyncDisks)
storageGroup.GET("/volume-groups", storageHandler.ListVolumeGroups)
storageGroup.GET("/repositories", storageHandler.ListRepositories)
storageGroup.GET("/repositories/:id", storageHandler.GetRepository)
storageGroup.POST("/repositories", storageHandler.CreateRepository)
storageGroup.DELETE("/repositories/:id", storageHandler.DeleteRepository)
}
// SCST
scstHandler := scst.NewHandler(db, log)
scstGroup := protected.Group("/scst")
scstGroup.Use(requirePermission("iscsi", "read"))
{
scstGroup.GET("/targets", scstHandler.ListTargets)
scstGroup.GET("/targets/:id", scstHandler.GetTarget)
scstGroup.POST("/targets", scstHandler.CreateTarget)
scstGroup.POST("/targets/:id/luns", scstHandler.AddLUN)
scstGroup.POST("/targets/:id/initiators", scstHandler.AddInitiator)
scstGroup.POST("/config/apply", scstHandler.ApplyConfig)
scstGroup.GET("/handlers", scstHandler.ListHandlers)
}
// Physical Tape Libraries
tapeHandler := tape_physical.NewHandler(db, log)
tapeGroup := protected.Group("/tape/physical")
tapeGroup.Use(requirePermission("tape", "read"))
{
tapeGroup.GET("/libraries", tapeHandler.ListLibraries)
tapeGroup.POST("/libraries/discover", tapeHandler.DiscoverLibraries)
tapeGroup.GET("/libraries/:id", tapeHandler.GetLibrary)
tapeGroup.POST("/libraries/:id/inventory", tapeHandler.PerformInventory)
tapeGroup.POST("/libraries/:id/load", tapeHandler.LoadTape)
tapeGroup.POST("/libraries/:id/unload", tapeHandler.UnloadTape)
}
// Virtual Tape Libraries
vtlHandler := tape_vtl.NewHandler(db, log)
vtlGroup := protected.Group("/tape/vtl")
vtlGroup.Use(requirePermission("tape", "read"))
{
vtlGroup.GET("/libraries", vtlHandler.ListLibraries)
vtlGroup.POST("/libraries", vtlHandler.CreateLibrary)
vtlGroup.GET("/libraries/:id", vtlHandler.GetLibrary)
vtlGroup.DELETE("/libraries/:id", vtlHandler.DeleteLibrary)
vtlGroup.GET("/libraries/:id/drives", vtlHandler.GetLibraryDrives)
vtlGroup.GET("/libraries/:id/tapes", vtlHandler.GetLibraryTapes)
vtlGroup.POST("/libraries/:id/tapes", vtlHandler.CreateTape)
vtlGroup.POST("/libraries/:id/load", vtlHandler.LoadTape)
vtlGroup.POST("/libraries/:id/unload", vtlHandler.UnloadTape)
}
// System Management
systemHandler := system.NewHandler(log, tasks.NewEngine(db, log))
systemGroup := protected.Group("/system")
systemGroup.Use(requirePermission("system", "read"))
{
systemGroup.GET("/services", systemHandler.ListServices)
systemGroup.GET("/services/:name", systemHandler.GetServiceStatus)
systemGroup.POST("/services/:name/restart", systemHandler.RestartService)
systemGroup.GET("/services/:name/logs", systemHandler.GetServiceLogs)
systemGroup.POST("/support-bundle", systemHandler.GenerateSupportBundle)
}
// IAM (admin only)
iamHandler := iam.NewHandler(db, log)
iamGroup := protected.Group("/iam")
iamGroup.Use(requireRole("admin"))
{
iamGroup.GET("/users", iamHandler.ListUsers)
iamGroup.GET("/users/:id", iamHandler.GetUser)
iamGroup.POST("/users", iamHandler.CreateUser)
iamGroup.PUT("/users/:id", iamHandler.UpdateUser)
iamGroup.DELETE("/users/:id", iamHandler.DeleteUser)
}
}
}
return r
}
// ginLogger creates a Gin middleware for logging
func ginLogger(log *logger.Logger) gin.HandlerFunc {
return func(c *gin.Context) {
c.Next()
log.Info("HTTP request",
"method", c.Request.Method,
"path", c.Request.URL.Path,
"status", c.Writer.Status(),
"client_ip", c.ClientIP(),
"latency_ms", c.Writer.Size(),
)
}
}
// corsMiddleware adds CORS headers
func corsMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE, PATCH")
if c.Request.Method == "OPTIONS" {
c.AbortWithStatus(204)
return
}
c.Next()
}
}
// healthHandler returns system health status
func healthHandler(db *database.DB) gin.HandlerFunc {
return func(c *gin.Context) {
// Check database connection
if err := db.Ping(); err != nil {
c.JSON(503, gin.H{
"status": "unhealthy",
"error": "database connection failed",
})
return
}
c.JSON(200, gin.H{
"status": "healthy",
"service": "calypso-api",
})
}
}