aws-greengrass
diff --git a/‎src/integrationtests/java/com/aws/greengrass/integrationtests/deployment/DeploymentConfigMergingTest.java‎
Lines changed: 225 additions & 2 deletions b/‎src/integrationtests/java/com/aws/greengrass/integrationtests/deployment/DeploymentConfigMergingTest.java‎
Lines changed: 225 additions & 2 deletions
diff --git a/‎src/integrationtests/java/com/aws/greengrass/integrationtests/lifecyclemanager/ServiceDependencyLifecycleTest.java‎
Lines changed: 5 additions & 4 deletions b/‎src/integrationtests/java/com/aws/greengrass/integrationtests/lifecyclemanager/ServiceDependencyLifecycleTest.java‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎src/integrationtests/java/com/aws/greengrass/integrationtests/status/EventFleetStatusServiceTest.java‎
Lines changed: 4 additions & 0 deletions b/‎src/integrationtests/java/com/aws/greengrass/integrationtests/status/EventFleetStatusServiceTest.java‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/integrationtests/resources/com/aws/greengrass/integrationtests/deployment/connectivityValidationConfig.yaml‎
Lines changed: 17 additions & 0 deletions b/‎src/integrationtests/resources/com/aws/greengrass/integrationtests/deployment/connectivityValidationConfig.yaml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎src/main/java/com/aws/greengrass/deployment/ConnectivityValidator.java‎
Lines changed: 238 additions & 0 deletions b/‎src/main/java/com/aws/greengrass/deployment/ConnectivityValidator.java‎
Lines changed: 238 additions & 0 deletions
diff --git a/‎src/main/java/com/aws/greengrass/deployment/DeploymentConfigMerger.java‎
Lines changed: 32 additions & 0 deletions b/‎src/main/java/com/aws/greengrass/deployment/DeploymentConfigMerger.java‎
Lines changed: 32 additions & 0 deletions
@@ -30,6 +30,7 @@
 import software.amazon.awssdk.services.greengrassv2.model.DeploymentConfigurationValidationPolicy;
 
 import java.net.URL;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
@@ -181,8 +182,8 @@ void GIVEN_hard_dependency_WHEN_dependency_goes_through_lifecycle_events_THEN_cu
         Map<String, Object> configRemoveDep = new HashMap<String, Object>() {{
             put(SERVICES_NAMESPACE_TOPIC, new HashMap<String, Object>() {{
                 put("main", new HashMap<String, Object>() {{
-                    put(SERVICE_DEPENDENCIES_NAMESPACE_TOPIC, Arrays.asList(CustomerApp,
-                            DEFAULT_NUCLEUS_COMPONENT_NAME));
+                    put(SERVICE_DEPENDENCIES_NAMESPACE_TOPIC, new ArrayList<>(Arrays.asList(CustomerApp,
+                            DEFAULT_NUCLEUS_COMPONENT_NAME)));
                 }});
                 put(CustomerApp, new HashMap<String, Object>() {{
                     putAll(kernel.findServiceTopic(CustomerApp).toPOJO());
@@ -294,8 +295,8 @@ void GIVEN_soft_dependency_WHEN_dependency_goes_through_lifecycle_events_THEN_cu
         Map<String, Object> configRemoveDep = new HashMap<String, Object>() {{
             put(SERVICES_NAMESPACE_TOPIC, new HashMap<String, Object>() {{
                 put("main", new HashMap<String, Object>() {{
-                    put(SERVICE_DEPENDENCIES_NAMESPACE_TOPIC, Arrays.asList(CustomerApp,
-                            DEFAULT_NUCLEUS_COMPONENT_NAME));
+                    put(SERVICE_DEPENDENCIES_NAMESPACE_TOPIC, new ArrayList<>(Arrays.asList(CustomerApp,
+                            DEFAULT_NUCLEUS_COMPONENT_NAME)));
                 }});
                 put(CustomerApp, new HashMap<String, Object>() {{
                     putAll(kernel.findServiceTopic(CustomerApp).toPOJO());
 
@@ -10,6 +10,7 @@
 import com.aws.greengrass.componentmanager.exceptions.PackageLoadingException;
 import com.aws.greengrass.dependency.ComponentStatusCode;
 import com.aws.greengrass.dependency.State;
+import com.aws.greengrass.deployment.ConnectivityValidator;
 import com.aws.greengrass.deployment.DeploymentQueue;
 import com.aws.greengrass.deployment.DeploymentService;
 import com.aws.greengrass.deployment.DeviceConfiguration;
@@ -126,6 +127,8 @@ class EventFleetStatusServiceTest extends BaseITCase {
     private IotJobsClientWrapper mockIotJobsClientWrapper;
     @Mock
     private ThingGroupHelper thingGroupHelper;
+    @Mock
+    private ConnectivityValidator connectivityValidator;
 
     private AtomicReference<List<FleetStatusDetails>> fleetStatusDetailsList;
     private final CountDownLatch mainFinished = new CountDownLatch(1);
@@ -177,6 +180,7 @@ void setupKernel(ExtensionContext context) throws Exception {
                 EventFleetStatusServiceTest.class.getResource("onlyMain.yaml"));
         kernel.getContext().put(MqttClient.class, mqttClient);
         kernel.getContext().put(ThingGroupHelper.class, thingGroupHelper);
+        kernel.getContext().put(ConnectivityValidator.class, connectivityValidator);
 
         // Mock out cloud communication
         GreengrassServiceClientFactory mgscf = mock(GreengrassServiceClientFactory.class);
 
@@ -0,0 +1,17 @@
+services:
+  main:
+    dependencies:
+      - aws.greengrass.Nucleus
+  aws.greengrass.Nucleus:
+    componentType: NUCLEUS
+    configuration:
+      awsRegion: us-east-1
+      greengrassDataPlanePort: 443
+      iotCredEndpoint: xxxxxx.credentials.iot.us-east-1.amazonaws.com
+      iotDataEndpoint: xxxxxx-ats.iot.us-east-1.amazonaws.com
+      iotRoleAlias: roleAliasName
+      mqtt:
+        port: 8080
+      runWithDefault:
+        posixUser: nobody
+        windowsUser: integ-tester
@@ -0,0 +1,238 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.aws.greengrass.deployment;
+
+import com.aws.greengrass.config.Configuration;
+import com.aws.greengrass.config.Topic;
+import com.aws.greengrass.config.Topics;
+import com.aws.greengrass.dependency.Context;
+import com.aws.greengrass.deployment.errorcode.DeploymentErrorCode;
+import com.aws.greengrass.deployment.exceptions.ComponentConfigurationValidationException;
+import com.aws.greengrass.deployment.model.DeploymentResult;
+import com.aws.greengrass.lifecyclemanager.Kernel;
+import com.aws.greengrass.logging.api.Logger;
+import com.aws.greengrass.logging.impl.LogManager;
+import com.aws.greengrass.mqttclient.MqttClient;
+import com.aws.greengrass.security.SecurityService;
+import com.aws.greengrass.util.Coerce;
+import com.aws.greengrass.util.GreengrassServiceClientFactory;
+import com.aws.greengrass.util.Pair;
+import com.aws.greengrass.util.Utils;
+import lombok.AccessLevel;
+import lombok.Setter;
+import software.amazon.awssdk.crt.mqtt.MqttClientConnection;
+import software.amazon.awssdk.crt.mqtt.MqttException;
+import software.amazon.awssdk.http.SdkHttpClient;
+import software.amazon.awssdk.iot.AwsIotMqttConnectionBuilder;
+import software.amazon.awssdk.services.greengrassv2data.GreengrassV2DataClient;
+import software.amazon.awssdk.services.greengrassv2data.model.ListThingGroupsForCoreDeviceRequest;
+
+import java.util.Map;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+public class ConnectivityValidator {
+    private static final Logger logger = LogManager.getLogger(ConnectivityValidator.class);
+    public static final String CLIENT_ID_SUFFIX = "#validation";
+    private static final String WITH_NEW_CONFIG_MESSAGE_SUFFIX = " with the new configuration";
+    private final MqttClient mqttClient;
+    private final GreengrassServiceClientFactory factory;
+    private final SecurityService securityService;
+    @Setter(AccessLevel.PACKAGE)  // for unit tests
+    private DeviceConfiguration deploymentConfiguration;
+
+    /**
+     * Constructor.
+     *
+     * @param kernel           kernel to get current config and context from
+     * @param context          temporary context used for deployment configuration
+     * @param mqttClient       Used to create AWS Mqtt Connection Client
+     * @param factory          Used to create Greengrass data client
+     * @param securityService  Used for Mqtt connection builder
+     * @param deploymentConfig Map of the configs to be merged in and validated against
+     * @param timestamp        time stamp of the deployment
+     */
+    public ConnectivityValidator(Kernel kernel, Context context, MqttClient mqttClient,
+                                 GreengrassServiceClientFactory factory, SecurityService securityService,
+                                 Map<String, Object> deploymentConfig, long timestamp) {
+        this.mqttClient = mqttClient;
+        this.factory = factory;
+        this.securityService = securityService;
+
+        Configuration config = new Configuration(context);
+        // Copy the current device configuration Map to preserve time stamps
+        config.copyFrom(kernel.getConfig());
+        // Attempt to merge the deployment configs using the deployment time stamp
+        config.mergeMap(timestamp, deploymentConfig);
+        try {
+            config.waitConfigUpdateComplete();
+        } catch (InterruptedException e) {
+            logger.atInfo().log("Interrupted while waiting for deployment config update to complete");
+            Thread.currentThread().interrupt();
+        }
+        deploymentConfiguration = new DeviceConfiguration(config, kernel.getKernelCommandLine());
+        /*
+         * Need to set security service due to plugin dependency workaround
+         * after removing Kernel from DeviceConfiguration
+         */
+        deploymentConfiguration.setSecurityService(securityService);
+    }
+
+    private boolean mqttClientNeedsValidation(DeviceConfiguration currentDeviceConfiguration) {
+        return networkPoxyHasChanged(currentDeviceConfiguration) || awsRegionHasChanged(currentDeviceConfiguration)
+                || mqttHasChanged(currentDeviceConfiguration) || iotDataEndpointHasChanged(currentDeviceConfiguration);
+    }
+
+    private boolean httpClientNeedsValidation(DeviceConfiguration currentDeviceConfiguration) {
+        return networkPoxyHasChanged(currentDeviceConfiguration) || awsRegionHasChanged(currentDeviceConfiguration)
+                || greengrassDataPlaneEndpointHasChanged(currentDeviceConfiguration)
+                || greengrassDataPlanePortHasChanged(currentDeviceConfiguration);
+    }
+
+    private boolean networkPoxyHasChanged(DeviceConfiguration currentdeviceConfiguration) {
+        Topics currentNetworkProxy = currentdeviceConfiguration.getNetworkProxyNamespace();
+        Topics newNetworkProxy = deploymentConfiguration.getNetworkProxyNamespace();
+        return !Topics.compareChildren(currentNetworkProxy, newNetworkProxy);
+    }
+
+    private boolean awsRegionHasChanged(DeviceConfiguration currentdeviceConfiguration) {
+        // Defaults to empty string topic
+        Topic currentAwsRegion = currentdeviceConfiguration.getAWSRegion();
+        Topic newAwsRegion = deploymentConfiguration.getAWSRegion();
+        return !Topic.compareValue(currentAwsRegion, newAwsRegion);
+    }
+
+    private boolean mqttHasChanged(DeviceConfiguration currentdeviceConfiguration) {
+        Topics currentMqtt = currentdeviceConfiguration.getMQTTNamespace();
+        Topics newMqtt = deploymentConfiguration.getMQTTNamespace();
+        return !Topics.compareChildren(currentMqtt, newMqtt);
+    }
+
+    private boolean iotDataEndpointHasChanged(DeviceConfiguration currentdeviceConfiguration) {
+        // Defaults to empty string topic
+        Topic currentIotDataEndpoint = currentdeviceConfiguration.getIotDataEndpoint();
+        Topic newIotDataEndpoint = deploymentConfiguration.getIotDataEndpoint();
+        return !Topic.compareValue(currentIotDataEndpoint, newIotDataEndpoint);
+    }
+
+    private boolean greengrassDataPlaneEndpointHasChanged(DeviceConfiguration currentdeviceConfiguration) {
+        // Defaults to empty string topic
+        Topic currentGreengrassDataPlaneEndpoint = currentdeviceConfiguration.getGGDataEndpoint();
+        Topic newGreengrassDataPlaneEndpoint = deploymentConfiguration.getGGDataEndpoint();
+        return !Topic.compareValue(currentGreengrassDataPlaneEndpoint, newGreengrassDataPlaneEndpoint);
+    }
+
+    private boolean greengrassDataPlanePortHasChanged(DeviceConfiguration currentdeviceConfiguration) {
+        Topic currentGreengrassDataPlanePort = currentdeviceConfiguration.getGreengrassDataPlanePort();
+        Topic newGreengrassDataPlanePort = deploymentConfiguration.getGreengrassDataPlanePort();
+        return !Topic.compareValue(currentGreengrassDataPlanePort, newGreengrassDataPlanePort);
+    }
+
+    /**
+     * Creates an MQTT client and checks if the device can connect to AWS.
+     *
+     * @param totallyCompleteFuture Future will be updated if validation fails
+     */
+    public boolean mqttClientCanConnect(CompletableFuture<DeploymentResult> totallyCompleteFuture) {
+        logger.atDebug().log("Checking MQTT client can connect");
+
+        MqttClientConnection connection = null;
+        String message;
+        try (AwsIotMqttConnectionBuilder builder = mqttClient.createMqttConnectionBuilder(deploymentConfiguration,
+                securityService, null)) {
+            String clientId = Coerce.toString(deploymentConfiguration.getThingName()) + CLIENT_ID_SUFFIX;
+            connection = builder.withClientId(clientId).build();
+            int operationTimeoutMillis = MqttClient.getMqttOperationTimeoutMillis(deploymentConfiguration);
+            connection.connect().get(operationTimeoutMillis, TimeUnit.MILLISECONDS);
+            return true;
+        } catch (MqttException e) {
+            message = "Mqtt client failed to connect: " + Utils.generateFailureMessage(e);
+            logger.atError().cause(e).log(message + WITH_NEW_CONFIG_MESSAGE_SUFFIX);
+        } catch (TimeoutException e) {
+            message = "Mqtt client validation timed out"; // exception has no message
+            logger.atError().cause(e).log(message + WITH_NEW_CONFIG_MESSAGE_SUFFIX);
+        } catch (ExecutionException e) {
+            message = "Mqtt client validation completed exceptionally: " + Utils.generateFailureMessage(e);
+            logger.atError().cause(e).log(message + WITH_NEW_CONFIG_MESSAGE_SUFFIX);
+        } catch (InterruptedException e) {
+            message = "Mqtt client connection was interrupted: " + Utils.generateFailureMessage(e);
+            logger.atInfo().cause(e).log(message);
+            Thread.currentThread().interrupt();
+        } finally {
+            if (connection != null) {
+                connection.disconnect();
+                connection.close();
+            }
+        }
+
+        totallyCompleteFuture
+                .complete(new DeploymentResult(DeploymentResult.DeploymentStatus.FAILED_NO_STATE_CHANGE,
+                        new ComponentConfigurationValidationException(message,
+                                DeploymentErrorCode.NUCLEUS_CONNECTIVITY_CONFIG_NOT_VALID)));
+        return false;
+    }
+
+    /**
+     * Creates an HTTP client and checks if the device can connect to AWS.
+     *
+     * @param totallyCompleteFuture Future will be updated if validation fails
+     */
+    @SuppressWarnings("PMD.AvoidCatchingGenericException")
+    public boolean httpClientCanConnect(CompletableFuture<DeploymentResult> totallyCompleteFuture) {
+        logger.atDebug().log("Checking HTTP client can connect");
+
+        String message;
+        Pair<SdkHttpClient, GreengrassV2DataClient> pair = factory.createClientFromConfig(deploymentConfiguration);
+        try (SdkHttpClient httpClient = pair.getLeft();
+             GreengrassV2DataClient greengrassV2DataClient = pair.getRight()) {
+            ListThingGroupsForCoreDeviceRequest request = ListThingGroupsForCoreDeviceRequest.builder()
+                    .coreDeviceThingName(Coerce.toString(deploymentConfiguration.getThingName())).build();
+            greengrassV2DataClient.listThingGroupsForCoreDevice(request);
+            return true;
+        } catch (Exception e) {
+            message = "HTTP client validation failed due to: " + Utils.generateFailureMessage(e);
+            logger.atError().cause(e).log(message + WITH_NEW_CONFIG_MESSAGE_SUFFIX);
+        }
+
+        totallyCompleteFuture
+                .complete(new DeploymentResult(DeploymentResult.DeploymentStatus.FAILED_NO_STATE_CHANGE,
+                        new ComponentConfigurationValidationException(message,
+                                DeploymentErrorCode.NUCLEUS_CONNECTIVITY_CONFIG_NOT_VALID)));
+        return false;
+    }
+
+    /**
+     * Perform connectivity validation if configs have changed meaningfully.
+     * Checks if validation is enabled
+     * If MQTT related configurations have been changed validate MQTT connectivity
+     * Then if HTTP related configurations have been changed validate HTTP connectivity
+     *
+     * @param totallyCompleteFuture      Future will be updated if validation fails
+     * @param currentDeviceConfiguration current configs the device is using
+     */
+    @SuppressWarnings("PMD.SimplifyBooleanReturns")
+    public boolean validate(CompletableFuture<DeploymentResult> totallyCompleteFuture,
+                            DeviceConfiguration currentDeviceConfiguration) {
+        boolean validationEnabled = deploymentConfiguration.isConnectivityValidationEnabled();
+        boolean configuredToTalkToCloud = deploymentConfiguration.isDeviceConfiguredToTalkToCloud();
+        if (!validationEnabled || !configuredToTalkToCloud) {
+            logger.atDebug().log("Skipping connectivity validation");
+            return true;
+        }
+        boolean needsValidation;
+        needsValidation = mqttClientNeedsValidation(currentDeviceConfiguration);
+        if (needsValidation && !mqttClientCanConnect(totallyCompleteFuture)) {
+            return false;
+        }
+        needsValidation = httpClientNeedsValidation(currentDeviceConfiguration);
+        if (needsValidation && !httpClientCanConnect(totallyCompleteFuture)) {
+            return false;
+        }
+        return true;
+    }
+}
@@ -7,6 +7,7 @@
 
 
 import com.aws.greengrass.config.Topics;
+import com.aws.greengrass.dependency.Context;
 import com.aws.greengrass.dependency.Context.Value;
 import com.aws.greengrass.dependency.State;
 import com.aws.greengrass.deployment.activator.DeploymentActivator;
@@ -27,11 +28,16 @@
 import com.aws.greengrass.lifecyclemanager.exceptions.ServiceLoadException;
 import com.aws.greengrass.logging.api.Logger;
 import com.aws.greengrass.logging.impl.LogManager;
+import com.aws.greengrass.mqttclient.MqttClient;
+import com.aws.greengrass.security.SecurityService;
 import com.aws.greengrass.util.Coerce;
+import com.aws.greengrass.util.GreengrassServiceClientFactory;
+import com.aws.greengrass.util.Utils;
 import lombok.AccessLevel;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import software.amazon.awssdk.services.greengrassv2.model.DeploymentComponentUpdatePolicyAction;
+import software.amazon.awssdk.services.greengrassv2.model.DeploymentConfigurationValidationPolicy;
 
 import java.util.Collection;
 import java.util.HashMap;
@@ -66,6 +72,9 @@ public class DeploymentConfigMerger {
     private Kernel kernel;
     private DeviceConfiguration deviceConfiguration;
     private DynamicComponentConfigurationValidator validator;
+    private MqttClient mqttClient;
+    private GreengrassServiceClientFactory factory;
+    private SecurityService securityService;
 
     /**
      * Merge in new configuration values and new services.
@@ -112,6 +121,7 @@ public Future<DeploymentResult> mergeInNewConfig(Deployment deployment,
         return totallyCompleteFuture;
     }
 
+    @SuppressWarnings({"PMD.AvoidCatchingGenericException", "PMD.AvoidCatchingThrowable", "PMD.PreserveStackTrace"})
     private void updateActionForDeployment(Map<String, Object> newConfig, Deployment deployment,
                                            DeploymentActivator activator,
                                            CompletableFuture<DeploymentResult> totallyCompleteFuture) {
@@ -147,6 +157,28 @@ private void updateActionForDeployment(Map<String, Object> newConfig, Deployment
             return;
         }
 
+        // As long as the timeout is not 0, we will try to run the connectivity validation
+        DeploymentConfigurationValidationPolicy policy = deployment.getDeploymentDocumentObj()
+                .getConfigurationValidationPolicy();
+        if (policy != null && Coerce.toInt(policy.timeoutInSeconds()) != 0) {
+            try (Context context = new Context()) {
+                ConnectivityValidator connectivityValidator = new ConnectivityValidator(kernel, context, mqttClient,
+                        factory, securityService, newConfig, deployment.getDeploymentDocumentObj().getTimestamp());
+                if (!connectivityValidator.validate(totallyCompleteFuture, deviceConfiguration)) {
+                    return;
+                }
+            } catch (Throwable e) {
+                String message = "Unexpected exception during connectivity validation: "
+                        + Utils.generateFailureMessage(e);
+                logger.atInfo().cause(e).log(message);
+                totallyCompleteFuture
+                        .complete(new DeploymentResult(DeploymentResult.DeploymentStatus.FAILED_NO_STATE_CHANGE,
+                                new ComponentConfigurationValidationException(message,
+                                        DeploymentErrorCode.NUCLEUS_CONNECTIVITY_CONFIG_NOT_VALID)));
+                return;
+            }
+        }
+
         logger.atInfo(MERGE_CONFIG_EVENT_KEY).kv("deployment", deploymentId)
                 .log("Applying deployment changes, deployment cannot be cancelled now");
         activator.activate(newConfig, deployment, totallyCompleteFuture);