Skip to content

Namespace reeflogic::server_survey C++ API Reference

Headers at a Glance

Header Classes Functions Macros
server_survey/cmd/runtime_survey_command_handler.h 1 0 0
server_survey/command_handler.h 1 0 0
server_survey/db_operation_utility.h 1 0 0
server_survey/exceptions.h 3 0 0
server_survey/reef_status_service_impl.h 1 0 1
server_survey/reef_survey_authn_filter.h 0 2 0
server_survey/reef_survey_service_impl.h 1 0 0

Header server_survey/cmd/runtime_survey_command_handler.h

Concrete handler for the RUNTIME_COMMAND_SURVEY_VIEW runtime command.

Declares RuntimeSurveyCommandHandler::HandleView, the framework stub invoked from CommandHandler::DispatchCommand when RuntimeExecuteRequest.kind == RUNTIME_COMMAND_SURVEY_VIEW. Currently returns UNIMPLEMENTED; the eventual implementation will scope its read by Subject::tenant_id (populated by the AuthN interceptor via OidcSubjectResolver in Scope::kTenant) so survey rows from other tenants are never returned. The reply payload will be added to RuntimeExecuteReply.result in common/cmd.proto at that point.

See also: server_survey/command_handler.h, common/cmd.proto

Classes

RuntimeSurveyCommandHandler
Public Member Signature Description Referenced Types
[[nodiscard]] static grpc::Status HandleView( const google::protobuf::Empty &request, reeflogic::cmd::v1::RuntimeExecuteReply *response, const std::shared_ptr<const reeflogic::commons::Subject> &subject ); - reeflogic::cmd::v1::RuntimeExecuteReply

Header server_survey/command_handler.h

Survey-server entry point for the RuntimeExecuteRequest dispatch pipeline.

Declares reeflogic::server_survey::CommandHandler, the centralized resolver and dispatcher invoked from ReefSurveyServiceImpl::execute. ResolveSurveyCommandAuthorizationPolicy pulls permission_label and permission_mask from the cmd::v1::RuntimeCommandKind enum-value options for service-level AuthZ checks; Handle validates kind/oneof alignment, routes the request to a concrete handler under server_survey/cmd/ (currently only RuntimeSurveyCommandHandler::HandleView), and builds the RuntimeExecuteReply envelope (request_id + google.rpc.Status) via the shared reef_server_common::command_envelope helpers.

never throws across the gRPC boundary.

Note: Dispatch errors are encoded in reply.status; the function

See also: reef_server_common/command_envelope.h, server_survey/cmd/runtime_survey_command_handler.h, common/cmd.proto

Classes

CommandHandler
Public Member Signature Description Referenced Types
[[nodiscard]] static std::optional<grpc::Status> ResolveSurveyCommandAuthorizationPolicy( cmd::v1::RuntimeCommandKind kind, AuthorizationPolicy *policy ); Resolves authorization policy metadata from command kind. kind: Command kind from request. policy: Output policy structure. Returns: Empty optional on success; gRPC status when resolution fails. -
[[nodiscard]] static cmd::v1::RuntimeExecuteReply *Handle( const cmd::v1::RuntimeExecuteRequest &request, cmd::v1::RuntimeExecuteReply *response, const std::shared_ptr<const commons::Subject>& subject ); Handles a validated runtime command and writes reply payload/status. The returned reply always echoes request.request_id(). Dispatch errors are encoded in reply.status instead of throwing. Returns: Same response pointer for fluent call sites, or nullptr when response input is null. -

Header server_survey/db_operation_utility.h

PostgreSQL read operations used by the survey server's AuthN path.

Declares DbOperationUtility::MakeLoadAllTenantOidcValidatorConfigsOperation, which returns a PgUtility::ExecuteRead-compatible callback that joins t_identity_provider_oidcs against t_identity_providers and t_tenants (filtered to scope = 'TENANT') and produces one TenantOidcValidatorConfig per binding. Each entry carries the tenant uuid (e.g. tnt-...) and a fully populated commons::OidcTokenValidator::Config with introspection_client_secret AES-GCM-decrypted via the shared reef_server_common::oidc_validator_config::MapRowToOidcValidatorConfig helper and tenant_claim_name pinned to "tenant" so ValidateBearerToken extracts the tenant claim into Claims::tenant_uuid. The survey server has no admin command surface, so this utility only exposes the read paths needed by the AuthN interceptor.

is unrecognized or the introspection secret ciphertext cannot be decoded.

Note: Throws ServerSurveyDbOperationError when a row's token_mode

See also: server_survey/reef_survey_authn_filter.h, reef_server_common/oidc_validator_config.h

Classes

DbOperationUtility
Public Member Signature Description Referenced Types
std::function<std::vector<TenantOidcValidatorConfig>(pqxx::read_transaction &)>; - -
[[nodiscard]] static LoadAllTenantOidcValidatorConfigsOperation MakeLoadAllTenantOidcValidatorConfigsOperation(); Builds a read operation that loads every tenant-scope OIDC validator configuration row. The returned callback: - reads t_identity_provider_oidcs joined with t_identity_providers and t_tenants, filtered to scope = 'TENANT'. - decrypts introspection_client_secret with the process SecretKey (AAD pinned to the schema-versioned label). - populates tenant_claim_name = "tenant" so consumers do not need to set it after the fact. Tenants without an OIDC binding are silently omitted; AuthN will deny requests whose iss does not match a loaded validator. Returns: Read operation compatible with PgUtility::ExecuteRead. Throws: ServerSurveyDbOperationError when a row's token_mode enum value is unrecognized or the introspection secret ciphertext cannot be decrypted. -

Header server_survey/exceptions.h

Survey-server exception hierarchy and error-code catalog.

Defines ServerSurveyRuntimeError (the commons::ReefLogicRuntimeError subclass used as the common base for survey-server failures) and its two concrete leaves ServerSurveyDbOperationError and ServerSurveyConfigurationError, plus the error_codes::server_survey catalog (kConfiguration, kDbOperation). The major number 6U keeps the survey server's error space disjoint from reeflogic_server_admin's major 5U so the two binaries can run side-by-side on the same host without colliding ErrorCode triplets.

See also: commons/exceptions.h, server_survey/db_operation_utility.h

Classes

ServerSurveyRuntimeError

No public method declarations found.

ServerSurveyDbOperationError

No public method declarations found.

ServerSurveyConfigurationError

No public method declarations found.

Header server_survey/reef_status_service_impl.h

Survey-server callback implementation of the unauthenticated ReefStatusService probe.

Declares ReefStatusServiceImpl, the survey-side mirror of the admin server's status service. Its single RPC, is_initialized, always returns initialized = true once the gRPC server is up because the survey server has no bootstrap state to gate on. The reply also surfaces build/version metadata and the process ML-KEM public key (best-effort) so the Qt operational client can reuse the same probe loop it runs against reeflogic_server_admin.

See also: reef_status_service.proto

Classes

ReefStatusServiceImpl
Public Member Signature Description Referenced Types
grpc::ServerUnaryReactor *is_initialized( grpc::CallbackServerContext *context, const google::protobuf::Empty *request, ::reeflogic::admin::v1::ServerStatus *response ) override; Always returns initialized=true with build/version metadata and the process ML-KEM public key when available. reeflogic::admin::v1::ServerStatus

Macros

Name Signature Description Referenced Types
REEFLOGIC_SERVER_SURVEY_REEF_STATUS_SERVICE_IMPL_H REEFLOGIC_SERVER_SURVEY_REEF_STATUS_SERVICE_IMPL_H - -

Header server_survey/reef_survey_authn_filter.h

gRPC interceptor factory for ReefSurveyService Bearer-token AuthN.

BuildReefSurveyAuthNInterceptorCreators produces the interceptor creators handed to grpc::ServerBuilder::experimental().SetInterceptorCreators. The interceptor parses authorization: Bearer <JWT> via reef_server_common::authn::ExtractBearerToken, lazily loads every tenant-scope commons::OidcTokenValidator from t_identity_provider_oidcs (using DbOperationUtility::MakeLoadAllTenantOidcValidatorConfigsOperation), picks the validator whose issuer accepts the token, validates the JWT (signature, time, iss, aud, sub, tenant claim), and resolves the caller via commons::OidcSubjectResolver in Scope::kTenant keyed by Claims::tenant_uuid. The resolved Subject is stored in per-RPC context for downstream AuthZ. ResetSurveyAuthnCaches drops both the validator pool and the 3-minute subject TTL cache so the next request rebuilds from the current DB state.

TENANT_CREATE / TENANT_UPDATE / TENANT_DELETE write so the survey server picks up the new IdP bindings on its next request.

Note: Call ResetSurveyAuthnCaches after any admin-server

See also: reef_server_common/authn_header_utility.h, server_survey/db_operation_utility.h, commons/oidc_subject_resolver.h

Functions

Signature Description Referenced Types
[[nodiscard]] std::vector<std::unique_ptr<grpc::experimental::ServerInterceptorFactoryInterface>> BuildReefSurveyAuthNInterceptorCreators(); Builds gRPC interceptor creators for ReefSurveyService AuthN. Scope: - Applies only to reeflogic.server.v1.ReefSurveyService RPC methods. - Runs AuthN and stores per-RPC subject context for service-level AuthZ. Current AuthN flow: - Reads authorization: Bearer <JWT> metadata. - Lazily loads every tenant-scope OidcTokenValidator from t_identity_provider_oidcs (introspection client secrets are decrypted via the process SecretKey). The validators are keyed by issuer URL and cached for the process lifetime. - Picks the validator whose issuer accepts the bearer token (one validator per tenant — tokens minted by a different tenant's IdP fail validation on every cached validator and are denied). - Validates the bearer token via OidcTokenValidator::ValidateBearerToken (signature, time, iss, aud, sub, plus the configurable tenant claim extracted into Claims::tenant_uuid). - Asserts the JWT's tenant claim is a non-empty tnt-... value. - Resolves the subject via OidcSubjectResolver in kTenant scope using Claims::tenant_uuid. Subject resolution joins against t_tenants — unknown tenant uuids are rejected at this step. Resolved Subjects are cached keyed by iss\|sub\|tenant_uuid for 3 minutes. - Stores resolved Subject in per-RPC context for downstream AuthZ/service use. After a TENANT_CREATE / TENANT_UPDATE / TENANT_DELETE write on the admin server, call ResetSurveyAuthnCaches() so the next AuthN request rebuilds the validator pool from the fresh DB state. Returns: Interceptor creators for grpc::ServerBuilder::experimental().SetInterceptorCreators(...). -
void ResetSurveyAuthnCaches(); Drops the cached OidcTokenValidators and clears the resolved-subject TTL cache so the next request rebuilds both from the current DB state. Call this after any write that mutates the tenant-scope OIDC connections or affects subject role resolution. -

Header server_survey/reef_survey_service_impl.h

Async callback implementation of reeflogic.server.v1.ReefSurveyService.

Declares ReefSurveyServiceImpl::execute, the single RPC that handles RuntimeExecuteRequest. The method resolves the AuthZ selector via CommandHandler::ResolveSurveyCommandAuthorizationPolicy, reads the authenticated commons::Subject previously stashed in per-RPC context by BuildReefSurveyAuthNInterceptorCreators, applies the tenant-scoped permission check, and forwards the request to CommandHandler::Handle which writes the reply envelope. Application status is encoded in RuntimeExecuteReply.status; transport status stays OK whenever the request and response pointers are valid.

See also: server_survey/command_handler.h, server_survey/reef_survey_authn_filter.h, reef_survey_service.proto

Classes

ReefSurveyServiceImpl
Public Member Signature Description Referenced Types
grpc::ServerUnaryReactor *execute( grpc::CallbackServerContext *context, const reeflogic::cmd::v1::RuntimeExecuteRequest *request, reeflogic::cmd::v1::RuntimeExecuteReply *response ) override; Executes one runtime command encoded in RuntimeExecuteRequest. reeflogic::cmd::v1::RuntimeExecuteRequest, reeflogic::cmd::v1::RuntimeExecuteReply