c8y-configuration-plugin panics when required folder/s are missing

[PradeepKiruvale]

Proposed changes

The issue here is in tedge_file_system_ext in the FsWatchActor run function, the errors are not handled, and using unwrap, Because of this when there are no directories to add fs watch it panics.

The proposed solution is to handle these panics gracefully by removing unwrap.

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
• Documentation Update (if none of the other choices apply)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

#1955

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA (in all commits with git commit -s)
• I ran cargo fmt as mentioned in CODING_GUIDELINES
• I used cargo clippy as mentioned in CODING_GUIDELINES
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Further comments

[github-actions]

Robot Results

✅ Passed	❌ Failed	⏭️ Skipped	Total	Pass %
198	0	5	198	100

Passed Tests

Name	⏱️ Duration	Suite
Define Child device 1 ID	0.016 s	C8Y Child Alarms Rpi
Normal case when the child device does not exist on c8y cloud	6.18 s	C8Y Child Alarms Rpi
Normal case when the child device already exists	1.381 s	C8Y Child Alarms Rpi
Reconciliation when the new alarm message arrives, restart the mapper	2.924 s	C8Y Child Alarms Rpi
Reconciliation when the alarm that is cleared	7.42 s	C8Y Child Alarms Rpi
Prerequisite Parent	79.735 s	Child Conf Mgmt Plugin
Prerequisite Child	0.487 s	Child Conf Mgmt Plugin
Child device bootstrapping	17.441 s	Child Conf Mgmt Plugin
Snapshot from device	62.003 s	Child Conf Mgmt Plugin
Child device config update	64.03 s	Child Conf Mgmt Plugin
Configuration types should be detected on file change (without restarting service)	119.503 s	Inotify Crate
Check lock file existence in default folder	3.182 s	Lock File
Check PID number in lock file	2.883 s	Lock File
Check PID number in lock file after restarting the services	3.447 s	Lock File
Check starting same service twice	1.3519999999999999 s	Lock File
Switch off lock file creation	1.875 s	Lock File
Set configuration when file exists	54.665 s	Configuration Operation
Set configuration when file does not exist	7.591 s	Configuration Operation
Set configuration with broken url	8.046 s	Configuration Operation
Get configuration	8.08 s	Configuration Operation
Get non existent configuration file	6.802 s	Configuration Operation
Get non existent configuration type	5.7940000000000005 s	Configuration Operation
Update configuration plugin config via cloud	6.898 s	Configuration Operation
Modify configuration plugin config via local filesystem modify inplace	4.022 s	Configuration Operation
Modify configuration plugin config via local filesystem overwrite	3.56 s	Configuration Operation
Update configuration plugin config via local filesystem copy	3.445 s	Configuration Operation
Update configuration plugin config via local filesystem move (different directory)	2.856 s	Configuration Operation
Update configuration plugin config via local filesystem move (same directory)	5.7379999999999995 s	Configuration Operation
Successful firmware operation	82.82 s	Firmware Operation
Install with empty firmware name	54.424 s	Firmware Operation
Prerequisite Parent	23.104 s	Firmware Operation Child Device
Prerequisite Child	9.197 s	Firmware Operation Child Device
Child device firmware update	7.208 s	Firmware Operation Child Device
Child device firmware update with cache	6.655 s	Firmware Operation Child Device
Firmware plugin supports restart via service manager #1932	7.606 s	Firmware Operation Child Device Retry
Update Inventory data via inventory.json	1.982 s	Inventory Update
Retrieve a JWT tokens	122.615 s	Jwt Request
Check running collectd	2.01 s	Monitor Device Collectd
Is collectd publishing MQTT messages?	3.642 s	Monitor Device Collectd
Check thin-edge monitoring	5.242 s	Monitor Device Collectd
Check grouping of measurements	9.409 s	Monitor Device Collectd
Update the custom operation dynamically	49.416 s	Dynamically Reload Operation
Main device registration	3.026 s	Device Registration
Child device registration	3.633 s	Device Registration
Supports restarting the device	135.844 s	Restart Device
Update tedge version from previous using Cumulocity	95.544 s	Tedge Self Update
Test if all c8y services are up	129.219 s	Service Monitoring
Test if all c8y services are down	111.833 s	Service Monitoring
Test if all c8y services are using configured service type	230.792 s	Service Monitoring
Test if all c8y services using default service type when service type configured as empty	215.289 s	Service Monitoring
Check health status of tedge-mapper-c8y service on broker stop start	28.152 s	Service Monitoring
Check health status of tedge-mapper-c8y service on broker restart	28.795 s	Service Monitoring
Check health status of child device service	23.621 s	Service Monitoring
Successful shell command with output	4.216 s	Shell Operation
Check Successful shell command with literal double quotes output	3.816 s	Shell Operation
Execute multiline shell command	3.781 s	Shell Operation
Failed shell command	3.69 s	Shell Operation
Software list should be populated during startup	63.442 s	Software
Install software via Cumulocity	57.929 s	Software
Software list should only show currently installed software and not candidates	51.782 s	Software
Child devices support sending simple measurements	1.833 s	Child Device Telemetry
Child devices support sending custom measurements	3.781 s	Child Device Telemetry
Child devices support sending custom events	1.246 s	Child Device Telemetry
Child devices support sending custom events overriding the type	1.191 s	Child Device Telemetry
Child devices support sending custom alarms #1699	1.958 s	Child Device Telemetry
Child devices support sending inventory data via c8y topic	1.186 s	Child Device Telemetry
Child device supports sending custom child device measurements directly to c8y	1.7570000000000001 s	Child Device Telemetry
Check retained alarms	178.052 s	Raise Alarms
Thin-edge devices support sending simple measurements	1.7730000000000001 s	Thin-Edge Device Telemetry
Thin-edge devices support sending simple measurements with custom type	1.453 s	Thin-Edge Device Telemetry
Thin-edge devices support sending custom measurements	1.389 s	Thin-Edge Device Telemetry
Thin-edge devices support sending custom events	1.72 s	Thin-Edge Device Telemetry
Thin-edge devices support sending custom events overriding the type	1.552 s	Thin-Edge Device Telemetry
Thin-edge devices support sending custom alarms #1699	3.9459999999999997 s	Thin-Edge Device Telemetry
Thin-edge device supports sending custom Thin-edge device measurements directly to c8y	2.975 s	Thin-Edge Device Telemetry
Thin-edge device support sending inventory data via c8y topic	2.271 s	Thin-Edge Device Telemetry
Validate updated data path used by tedge-agent	0.599 s	Data Path Config
Validate updated data path used by c8y-firmware-plugin	12.581 s	Data Path Config
Stop tedge-agent service	0.248 s	Log Path Config
Customize the log path	0.152 s	Log Path Config
Initialize tedge-agent	0.166 s	Log Path Config
Check created folders	0.085 s	Log Path Config
Remove created custom folders	0.13 s	Log Path Config
Install thin-edge via apt	38.89 s	Install Apt
Install latest via script (from current branch)	24.466 s	Install Tedge
Install specific version via script (from current branch)	30.318 s	Install Tedge
Install latest tedge via script (from main branch)	18.917 s	Install Tedge
Install then uninstall latest tedge via script (from main branch)	57.019 s	Install Tedge
Support starting and stopping services	47.568 s	Service-Control
Supports a reconnect	63.657 s	Test-Commands
Supports disconnect then connect	46.637 s	Test-Commands
Update unknown setting	42.782 s	Test-Commands
Update known setting	33.195 s	Test-Commands
Stop c8y-configuration-plugin	60.33 s	Health C8Y-Configuration-Plugin
Update the service file	0.144 s	Health C8Y-Configuration-Plugin
Reload systemd files	0.515 s	Health C8Y-Configuration-Plugin
Start c8y-configuration-plugin	0.36 s	Health C8Y-Configuration-Plugin
Start watchdog service	10.599 s	Health C8Y-Configuration-Plugin
Check PID of c8y-configuration-plugin	0.093 s	Health C8Y-Configuration-Plugin
Kill the PID	0.321 s	Health C8Y-Configuration-Plugin
Recheck PID of c8y-configuration-plugin	6.78 s	Health C8Y-Configuration-Plugin
Compare PID change	0.006 s	Health C8Y-Configuration-Plugin
Stop watchdog service	0.228 s	Health C8Y-Configuration-Plugin
Remove entry from service file	0.15 s	Health C8Y-Configuration-Plugin
Stop c8y-log-plugin	60.242 s	Health C8Y-Log-Plugin
Update the service file	0.417 s	Health C8Y-Log-Plugin
Reload systemd files	0.753 s	Health C8Y-Log-Plugin
Start c8y-log-plugin	0.247 s	Health C8Y-Log-Plugin
Start watchdog service	10.507 s	Health C8Y-Log-Plugin
Check PID of c8y-log-plugin	0.184 s	Health C8Y-Log-Plugin
Kill the PID	0.587 s	Health C8Y-Log-Plugin
Recheck PID of c8y-log-plugin	6.995 s	Health C8Y-Log-Plugin
Compare PID change	0.001 s	Health C8Y-Log-Plugin
Stop watchdog service	0.45 s	Health C8Y-Log-Plugin
Remove entry from service file	0.287 s	Health C8Y-Log-Plugin
Stop tedge-mapper	0.303 s	Health Tedge Mapper C8Y
Update the service file	0.295 s	Health Tedge Mapper C8Y
Reload systemd files	0.744 s	Health Tedge Mapper C8Y
Start tedge-mapper	0.158 s	Health Tedge Mapper C8Y
Start watchdog service	10.291 s	Health Tedge Mapper C8Y
Check PID of tedge-mapper	0.15 s	Health Tedge Mapper C8Y
Kill the PID	0.304 s	Health Tedge Mapper C8Y
Recheck PID of tedge-mapper	6.516 s	Health Tedge Mapper C8Y
Compare PID change	0.001 s	Health Tedge Mapper C8Y
Stop watchdog service	0.25 s	Health Tedge Mapper C8Y
Remove entry from service file	0.272 s	Health Tedge Mapper C8Y
Stop tedge-agent	0.268 s	Health Tedge-Agent
Update the service file	0.134 s	Health Tedge-Agent
Reload systemd files	0.603 s	Health Tedge-Agent
Start tedge-agent	0.131 s	Health Tedge-Agent
Start watchdog service	10.287 s	Health Tedge-Agent
Check PID of tedge-mapper	0.104 s	Health Tedge-Agent
Kill the PID	0.241 s	Health Tedge-Agent
Recheck PID of tedge-agent	6.379 s	Health Tedge-Agent
Compare PID change	0.001 s	Health Tedge-Agent
Stop watchdog service	0.096 s	Health Tedge-Agent
Remove entry from service file	0.103 s	Health Tedge-Agent
Stop tedge-mapper-az	0.259 s	Health Tedge-Mapper-Az
Update the service file	0.268 s	Health Tedge-Mapper-Az
Reload systemd files	0.811 s	Health Tedge-Mapper-Az
Start tedge-mapper-az	0.242 s	Health Tedge-Mapper-Az
Start watchdog service	10.284 s	Health Tedge-Mapper-Az
Check PID of tedge-mapper-az	0.1 s	Health Tedge-Mapper-Az
Kill the PID	0.366 s	Health Tedge-Mapper-Az
Recheck PID of tedge-agent	6.422 s	Health Tedge-Mapper-Az
Compare PID change	0.001 s	Health Tedge-Mapper-Az
Stop watchdog service	0.08 s	Health Tedge-Mapper-Az
Remove entry from service file	0.083 s	Health Tedge-Mapper-Az
Stop tedge-mapper-collectd	0.542 s	Health Tedge-Mapper-Collectd
Update the service file	0.258 s	Health Tedge-Mapper-Collectd
Reload systemd files	0.731 s	Health Tedge-Mapper-Collectd
Start tedge-mapper-collectd	0.46 s	Health Tedge-Mapper-Collectd
Start watchdog service	10.26 s	Health Tedge-Mapper-Collectd
Check PID of tedge-mapper-collectd	0.287 s	Health Tedge-Mapper-Collectd
Kill the PID	0.317 s	Health Tedge-Mapper-Collectd
Recheck PID of tedge-mapper-collectd	7.005 s	Health Tedge-Mapper-Collectd
Compare PID change	0.01 s	Health Tedge-Mapper-Collectd
Stop watchdog service	0.44 s	Health Tedge-Mapper-Collectd
Remove entry from service file	0.312 s	Health Tedge-Mapper-Collectd
tedge-collectd-mapper health status	6.007 s	Health Tedge-Mapper-Collectd
c8y-log-plugin health status	5.959 s	MQTT health endpoints
c8y-configuration-plugin health status	5.839 s	MQTT health endpoints
Publish on a local insecure broker	0.342 s	Basic Pub Sub
Publish on a local secure broker	1.6840000000000002 s	Basic Pub Sub
Publish on a local secure broker with client authentication	1.948 s	Basic Pub Sub
Check remote mqtt broker #1773	4.953 s	Remote Mqtt Broker
Wrong package name	0.146 s	Improve Tedge Apt Plugin Error Messages
Wrong version	0.132 s	Improve Tedge Apt Plugin Error Messages
Wrong type	0.358 s	Improve Tedge Apt Plugin Error Messages
tedge_connect_test_positive	0.473 s	Tedge Connect Test
tedge_connect_test_negative	1.724 s	Tedge Connect Test
tedge_connect_test_sm_services	7.542 s	Tedge Connect Test
tedge_disconnect_test_sm_services	60.455 s	Tedge Connect Test
Install thin-edge.io	20.473 s	Call Tedge
call tedge -V	0.2 s	Call Tedge
call tedge -h	0.119 s	Call Tedge
call tedge -h -V	0.142 s	Call Tedge
call tedge help	0.128 s	Call Tedge
tedge config list	0.103 s	Call Tedge Config List
tedge config list --all	0.111 s	Call Tedge Config List
set/unset device.type	0.468 s	Call Tedge Config List
set/unset device.key.path	0.431 s	Call Tedge Config List
set/unset device.cert.path	0.511 s	Call Tedge Config List
set/unset c8y.root.cert.path	0.549 s	Call Tedge Config List
set/unset c8y.smartrest.templates	0.676 s	Call Tedge Config List
set/unset az.root.cert.path	0.957 s	Call Tedge Config List
set/unset az.mapper.timestamp	1.062 s	Call Tedge Config List
set/unset mqtt.bind_address	0.672 s	Call Tedge Config List
set/unset mqtt.port	0.464 s	Call Tedge Config List
set/unset tmp.path	0.422 s	Call Tedge Config List
set/unset logs.path	0.592 s	Call Tedge Config List
set/unset run.path	0.467 s	Call Tedge Config List
Get Put Delete	2.875 s	Http File Transfer Api
Set keys should return value on stdout	0.335 s	Tedge Config Get
Unset keys should not return anything on stdout and warnings on stderr	0.39 s	Tedge Config Get
Invalid keys should not return anything on stdout and warnings on stderr	0.401 s	Tedge Config Get
Set configuration via environment variables	1.229 s	Tedge Config Get
Set unknown configuration via environment variables	0.152 s	Tedge Config Get

[didier-wenzek]

This fix the panic, but will provide no specific error message to the user.

I think it would be good to add a check on start.

[didier-wenzek]

Why not just that check?

[PradeepKiruvale]

There might be some times the directory exists but not the config file. So, wanted to be specific.

[didier-wenzek]

We are both incorrect ;-) After some checks, it appears that the directory must exist but not necessarily the configuration file.

See https://github.com/thin-edge/thin-edge.io/blob/main/crates/extensions/c8y_config_manager/src/plugin_config.rs#L93

[PradeepKiruvale]

When I moved the check inside ConfigManagerConfig::from_tedge_config() felt that it was better just to check the file.

[didier-wenzek]

Yes but it's okay to have no configuration : the defaults will apply. So one needs to check only the directory.

[didier-wenzek]

My feeling is that checking the existence of the config dir would be simpler and more natural if done inside ConfigManagerConfig::from_tedge_config() because there you will have the path to the conf directory and not to the configuration file.

[PradeepKiruvale]

moved check inside the ConfigManagerConfig::from_tedge_config()

[rina23q]

Dropped in the PR spontaneously.

[rina23q]

If /etc/tedge or similar that user configured does not exist, I think it's enough reason to quit the process. So, I don't think we need to check the parent.

[PradeepKiruvale]

moved this check into config.rs. Also, just checking the config dir is enough, if there is no config file then it will fall back to the default file.

[rina23q]

Minor correction.

Suggested change

	anyhow::bail!("The configuration directory does not exists");
	anyhow::bail!("The configuration directory does not exist");

[PradeepKiruvale]

not relevant anymore.

[didier-wenzek]

The name of the parameter is confusing, as this is the path to the config file and not the config directory.

[PradeepKiruvale]

Agree, renamed it.

[albinsuresh]

In most of the other crates, we use tracing instead of log. This inconsistency is not just limited to this crate, but let's try and avoid it at least in newer code.

[PradeepKiruvale]

What I heard from @didier-wenzek is that trace is heavy, so I am just using the log crate.

[albinsuresh]

I also agree that log is probably more that sufficient for our simple logging needs. But, the Rust ecosystem seems to be leaning more towards wider usage of tracing instead of log as you can see in rust-lang/compiler-team#331 . Anyway, we just need to stay consistent, whichever one we choose. If the mandate is to stick to log, will keep that in mind.

[didier-wenzek]

This is a point we need to discuss. I have a preference for log simply because in practice our use of tracing is reduced to logging without any trace.

[albinsuresh]

Rather than creating a "faulty" config object first and then doing an explicit validation with this extra function call, why not make the ConfigManagerConfig::new() (ConfigManagerConfig::try_new()) return the error?

[PradeepKiruvale]

Many new functions must be converted to try_new, because it's a bit deeper in the code(c8y_config_plugin->plugin-config->RawPluginConfig). So, this is the right way to validate the config path.

[didier-wenzek]

I agree with @albinsuresh.

Many new functions must be converted to try_new,

There are only 2 calls to ConfigManagerConfig::new() ;-)

[albinsuresh]

Suggested change

	fn is_config_dir_exist(config_dir: &Path) -> Result<(), TEdgeConfigError> {
	fn plugin_config_dir_exists(config_dir: &Path) -> Result<(), TEdgeConfigError> {

Just to avoid any confusion with tedge_config_dir

[PradeepKiruvale]

Used existing function from tedge-utils

[albinsuresh]

Could be moved to tedge_utils as a utility function and reused.

[PradeepKiruvale]

In fact, there is already a function pub fn validate_parent_dir_exists(path: impl AsRef<Path>) -> Result<(), PathsError> { ) that exists for verifying the dir path.

[albinsuresh]

Although this approach is less invasive I'm starting to doubt if this is the right thing to do.

The issue with it is that, we let the system continue in a broken state by silently logging the issue, which users may not notice immediately. If this actor fails to watch a directly that another actor has requested for, it is a fatal failure, in my opinion. So crashing the daemon is probably the better option I feel, so that the user immediately notices that something is wrong.

Ideally, we should have a mechanism in the actor framework where this actor can communicate this failure to the requesting actor via an error and let that actor itself decide whether to crash or not.

[albinsuresh]

Since we are doing the validation up-front during build time and hence this error path is less likely to happen (unless someone deletes the dirs during runtime), this is okay for now. But, we'd still need to explore a better build time error exchange mechanism between actors.

[PradeepKiruvale]

I agree.

[albinsuresh]

Since this error variant is generic enough, it's okay.

A better option to avoid "corrupting" TEdgeConfigError would have been to add a similar variant to ConfigManagementError and LogRetrievalError enums respectively and have the ConfigManagerConfig::from_tedge_config() and LogManagerConfig::from_tedge_config() functions return these specific errors instead of TEdgeConfigError.

[didier-wenzek]

Adding this error case is really not ideal, as it depends on tedge_utils::paths::PathsError.

Albin's suggestion would avoid that.

[albinsuresh]

Since we are doing the validation up-front during build time and hence this error path is less likely to happen (unless someone deletes the dirs during runtime), this is okay for now. But, we'd still need to explore a better build time error exchange mechanism between actors.

[albinsuresh]

The changes in this file looks like accidental left-overs.

[didier-wenzek]

Approved.

[didier-wenzek]

Adding this error case is really not ideal, as it depends on tedge_utils::paths::PathsError.

Albin's suggestion would avoid that.

[gligorisaev]

QA has thoroughly checked the feature and here are the results:

• Test for ticket exists in the test suite.
• QA has tested the feature and it meets the required specifications.

Test steps:

1. sudo systemctl stop c8y-configuration-plugin.service
2. sudo rm -Rf /etc/tedge/c8y
3. c8y-configuration-plugin

Result:
The system config file '/etc/tedge/system.toml' doesn't exist. Use '/bin/systemctl' as a service manager. 2023-06-02T09:43:03.015538048Z INFO Runtime: Started 2023-06-02T09:43:03.022397852Z INFO c8y_config_manager::plugin_config: Reading the config file from /etc/tedge/c8y/c8y-configuration-plugin.toml 2023-06-02T09:43:03.02247561Z ERROR c8y_config_manager::plugin_config: The config file /etc/tedge/c8y/c8y-configuration-plugin.toml does not exist or is not readable. No such file or directory (os error 2) Error: Directory: "/etc/tedge/c8y" not found