mizzet1
diff --git a/‎.github/workflows/astarte-end-to-end-test-workflow.yaml‎
Lines changed: 76 additions & 0 deletions b/‎.github/workflows/astarte-end-to-end-test-workflow.yaml‎
Lines changed: 76 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 8 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎apps/astarte_appengine_api/test/support/helpers/database.ex‎
Lines changed: 11 additions & 0 deletions b/‎apps/astarte_appengine_api/test/support/helpers/database.ex‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎apps/astarte_appengine_api/test/support/helpers/database_v2.ex‎
Lines changed: 10 additions & 0 deletions b/‎apps/astarte_appengine_api/test/support/helpers/database_v2.ex‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎apps/astarte_data_updater_plant/test/support/database_test_helper.ex‎
Lines changed: 10 additions & 0 deletions b/‎apps/astarte_data_updater_plant/test/support/database_test_helper.ex‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎apps/astarte_data_updater_plant/test/support/helpers/database.ex‎
Lines changed: 19 additions & 1 deletion b/‎apps/astarte_data_updater_plant/test/support/helpers/database.ex‎
Lines changed: 19 additions & 1 deletion
diff --git a/‎apps/astarte_housekeeping/lib/astarte_housekeeping/realms/queries.ex‎
Lines changed: 49 additions & 0 deletions b/‎apps/astarte_housekeeping/lib/astarte_housekeeping/realms/queries.ex‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎apps/astarte_housekeeping/priv/migrations/realm/0009_create_ownership_vouchers_table.sql‎
Lines changed: 6 additions & 0 deletions b/‎apps/astarte_housekeeping/priv/migrations/realm/0009_create_ownership_vouchers_table.sql‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎apps/astarte_housekeeping/priv/migrations/realm/0010_create_device_session_table.sql‎
Lines changed: 23 additions & 0 deletions b/‎apps/astarte_housekeeping/priv/migrations/realm/0010_create_device_session_table.sql‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎apps/astarte_housekeeping/test/support/helpers/database.ex‎
Lines changed: 11 additions & 1 deletion b/‎apps/astarte_housekeeping/test/support/helpers/database.ex‎
Lines changed: 11 additions & 1 deletion
@@ -24,10 +24,15 @@ on:
 env:
   elixir_version: "1.15"
   otp_version: "26.1"
+  CLEA_DEV_BASE: ""
+  CLEA_DEV_REALM: ""
+  CLEA_DEV_REALM_TOKEN: ""
+  BOARD_BASE_URL: ""
 
 jobs:
   e2e-build:
     uses: ./.github/workflows/astarte-e2e-build-workflow.yaml
+
   astarte-build:
     uses: ./.github/workflows/astarte-build-workflow.yaml
 
@@ -100,3 +105,74 @@ jobs:
         run: docker compose logs
       - name: Bring down Astarte docker-compose
         run: docker compose down
+
+  fdo-end-to-end:
+    needs: [astarte-build]
+    name: FDO end-to-end Test
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout fdo e2e repo
+        uses: actions/checkout@v6
+        with:
+          repository: astarte-platform/astarte-device-fdo-rust
+          ref: dev
+      - uses: ./.github/actions/install-deps
+      - name: Install astartectl
+        run: |
+          wget https://github.com/astarte-platform/astartectl/releases/download/v22.11.02/astartectl_22.11.02_linux_x86_64.tar.gz
+          tar xf astartectl_22.11.02_linux_x86_64.tar.gz
+          chmod +x astartectl
+          mkdir -p ${{ runner.temp }}/bin
+          mv ./astartectl ${{ runner.temp }}/bin
+          echo ${{ runner.temp }}/bin >> "$GITHUB_PATH"
+      - name: Install additional dependencies
+        run: |
+          sudo apt-get install -y openssl jq
+      - uses: actions/checkout@v6
+        name: checkout astarte
+        with:
+          path: .tmp/repos/astarte
+      - name: Restore astarte images
+        uses: actions/download-artifact@v4
+        with:
+          name: astarte-images
+          path: ${{ runner.temp }}
+      - name: Initialize keys
+        working-directory: .tmp/repos/astarte
+        run: |
+          docker run -v $(pwd)/compose:/compose astarte/docker-compose-initializer
+          astartectl utils gen-keypair test
+      - name: Load astarte images
+        run: ls ${{ runner.temp }}/*.tar | xargs --max-args 1 docker load --input
+      - name: Enable FDO
+        run: echo "PAIRING_ENABLE_FDO=true" >> .tmp/repos/astarte/.env
+      - name: Start all Astarte services
+        working-directory: .tmp/repos/astarte
+        run: docker compose up -d
+      - uses: actions-rust-lang/setup-rust-toolchain@v1.15.2
+      - uses: mozilla-actions/sccache-action@v0.0.9
+      - name: Cache container build
+        id: cache-container
+        uses: actions/cache@v4.3.0
+        with:
+          path: .tmp/cache/containers
+          key: ${{ runner.os }}-${{ hashFiles('justfile', 'scripts/**/*.sh', 'containers/**') }}
+      - name: Install just
+        uses: taiki-e/install-action@v2.49.43
+        with:
+          tool: just
+      - run: just go-server-setup
+      - name: Wait for Astarte to come up
+        run: |
+          wget https://github.com/astarte-platform/wait-for-astarte-docker-compose/releases/download/v1.1.0/wait-for-astarte-docker-compose_1.1.0_linux_amd64.tar.gz
+          tar xf wait-for-astarte-docker-compose_1.1.0_linux_amd64.tar.gz
+          ./wait-for-astarte-docker-compose
+      - name: Create realm
+        working-directory: .tmp/repos/astarte
+        run: |
+          astartectl housekeeping realms create -y "test" \
+            --astarte-url "http://api.astarte.localhost" \
+            --realm-public-key "test_public.pem" \
+            -k compose/astarte-keys/housekeeping_private.pem
+      - name: Run FDO
+        run: just astarte-run
@@ -26,6 +26,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 - Services now receive trigger installation and deletion notifications, which should reduce the delay between installing the trigger and starting to receive messages
 
+## [1.3.0] - Unreleased
+- [astarte_pairing] FDO authentication (EXPERIMENTAL feature, disabled by default). New environment variables are needed in order to use FDO:
+  - `PAIRING_ENABLE_FDO` - whether the FDO feature is enabled or not (default: false)
+  - `PAIRING_FDO_RENDEZVOUS_URL` - URL of the rendezvous server (default: "http://rendezvous:8041")
+  - `ASTARTE_BASE_URL_DOMAIN` - domain part of the base URL of astarte, used by devices to connect in TO2 phase (required if FDO enabled)
+  - `ASTARTE_BASE_URL_PORT` - port of the base URL of astarte (required if FDO enabled)
+  - `ASTARTE_BASE_URL_PROTOCOL` - protocol of the base URL of astarte (required if FDO enabled)
+
 ## [1.3.0-rc.0] - 2025-11-21
 
 ### Added
 
@@ -109,6 +109,15 @@ defmodule Astarte.Helpers.Database do
   );
   """
 
+  @create_ownership_vouchers_table """
+  CREATE TABLE #{Realm.keyspace_name(@test_realm)}.ownership_vouchers (
+     private_key blob,
+     voucher_data blob,
+     device_id uuid,
+     PRIMARY KEY (device_id, voucher_data)
+   );
+  """
+
   @create_devices_table """
       CREATE TABLE #{Realm.keyspace_name(@test_realm)}.devices (
         device_id uuid,
@@ -435,6 +444,8 @@ defmodule Astarte.Helpers.Database do
       {:ok, _} ->
         Repo.query!(@create_capabilities_type)
 
+        Repo.query!(@create_ownership_vouchers_table)
+
         Repo.query!(@create_devices_table)
 
         Repo.query!(@create_deletion_in_progress_table)
 
@@ -69,6 +69,15 @@ defmodule Astarte.Helpers.DatabaseV2 do
   );
   """
 
+  @create_ownership_vouchers_table """
+  CREATE TABLE :keyspace.ownership_vouchers (
+      private_key blob,
+      voucher_data blob,
+      device_id uuid,
+      PRIMARY KEY (device_id, voucher_data)
+   );
+  """
+
   @create_devices_table """
   CREATE TABLE :keyspace.devices (
     device_id uuid,
@@ -249,6 +258,7 @@ defmodule Astarte.Helpers.DatabaseV2 do
     realm_keyspace = Realm.keyspace_name(realm_name)
     execute!(realm_keyspace, @create_keyspace)
     execute!(realm_keyspace, @create_capabilities_type)
+    execute!(realm_keyspace, @create_ownership_vouchers_table)
     execute!(realm_keyspace, @create_devices_table)
     execute!(realm_keyspace, @create_groups_table)
     execute!(realm_keyspace, @create_names_table)
 
@@ -53,6 +53,15 @@ defmodule Astarte.DataUpdaterPlant.DatabaseTestHelper do
     );
   """
 
+  @create_ownership_vouchers_table """
+  CREATE TABLE :keyspace.ownership_vouchers (
+      private_key blob,
+      voucher_data blob,
+      device_id uuid,
+     PRIMARY KEY (device_id, voucher_data)
+   );
+  """
+
   @create_devices_table """
       CREATE TABLE :keyspace.devices (
         device_id uuid,
@@ -369,6 +378,7 @@ defmodule Astarte.DataUpdaterPlant.DatabaseTestHelper do
     case execute(keyspace_name, @create_autotestrealm) do
       {:ok, _} ->
         execute!(keyspace_name, @create_capabilities_type)
+        execute!(keyspace_name, @create_ownership_vouchers_table)
         execute!(keyspace_name, @create_devices_table)
         execute!(keyspace_name, @create_endpoints_table)
 
 
@@ -75,6 +75,24 @@ defmodule Astarte.Helpers.Database do
   );
   """
 
+  @create_ownership_vouchers_table """
+  CREATE TABLE :keyspace.ownership_vouchers (
+      private_key blob,
+      voucher_data blob,
+      device_id uuid,
+     PRIMARY KEY (device_id, voucher_data)
+   );
+  """
+
+  @create_ownership_vouchers_table """
+  CREATE TABLE :keyspace.ownership_vouchers (
+      private_key blob,
+      voucher_data blob,
+      device_id uuid,
+     PRIMARY KEY (device_id, voucher_data)
+   );
+  """
+
   @create_devices_table """
   CREATE TABLE :keyspace.devices (
     device_id uuid,
@@ -101,7 +119,6 @@ defmodule Astarte.Helpers.Database do
     last_seen_ip inet,
     attributes map<varchar, varchar>,
     capabilities capabilities,
-
     groups map<text, timeuuid>,
 
     PRIMARY KEY (device_id)
@@ -309,6 +326,7 @@ defmodule Astarte.Helpers.Database do
     realm_keyspace = Realm.keyspace_name(realm_name)
     execute!(realm_keyspace, @create_keyspace, [], timeout: 60_000)
     execute!(realm_keyspace, @create_capabilities_type, [], timeout: 60_000)
+    execute!(realm_keyspace, @create_ownership_vouchers_table)
     execute!(realm_keyspace, @create_devices_table, [], timeout: 60_000)
     execute!(realm_keyspace, @create_groups_table, [], timeout: 60_000)
     execute!(realm_keyspace, @create_names_table, [], timeout: 60_000)
 
@@ -260,6 +260,8 @@ defmodule Astarte.Housekeeping.Realms.Queries do
          :ok <- create_simple_triggers_table(keyspace_name),
          :ok <- create_grouped_devices_table(keyspace_name),
          :ok <- create_deletion_in_progress_table(keyspace_name),
+         :ok <- create_ownership_vouchers_table(keyspace_name),
+         :ok <- create_to2_sessions_table(keyspace_name),
          :ok <- insert_realm_public_key(keyspace_name, public_key_pem),
          :ok <- insert_realm_astarte_schema_version(keyspace_name),
          :ok <- insert_realm(realm_name, device_limit),
@@ -599,6 +601,53 @@ defmodule Astarte.Housekeeping.Realms.Queries do
     end
   end
 
+  defp create_ownership_vouchers_table(keyspace_name) do
+    query = """
+    CREATE TABLE #{keyspace_name}.ownership_vouchers (
+      private_key blob,
+      voucher_data blob,
+      guid blob,
+      PRIMARY KEY (guid)
+    );
+    """
+
+    with {:ok, %{rows: nil, num_rows: 1}} <- CSystem.execute_schema_change(query) do
+      :ok
+    end
+  end
+
+  defp create_to2_sessions_table(keyspace_name) do
+    query = """
+    CREATE TABLE #{keyspace_name}.to2_sessions (
+      guid blob,
+      device_id uuid,
+      nonce blob,
+      sig_type int,
+      epid_group blob,
+      device_public_key blob,
+      prove_dv_nonce blob,
+      setup_dv_nonce blob,
+      kex_suite_name ascii,
+      cipher_suite_name int,
+      max_owner_service_info_size int,
+      owner_random blob,
+      secret blob,
+      sevk blob,
+      svk blob,
+      sek blob,
+      device_service_info map<tuple<text, text>, blob>,
+      owner_service_info list<blob>,
+      last_chunk_sent int,
+      PRIMARY KEY (guid)
+    )
+    WITH default_time_to_live = 7200;
+    """
+
+    with {:ok, %{rows: nil, num_rows: 1}} <- CSystem.execute_schema_change(query) do
+      :ok
+    end
+  end
+
   defp create_grouped_devices_table(keyspace_name) do
     query = """
     CREATE TABLE #{keyspace_name}.grouped_devices (
 
@@ -0,0 +1,6 @@
+CREATE TABLE :keyspace.ownership_vouchers (
+  private_key blob,
+  voucher_data blob,
+  guid blob,
+  PRIMARY KEY (guid)
+);
@@ -0,0 +1,23 @@
+CREATE TABLE :keyspace.to2_sessions (
+  guid blob,
+  device_id uuid,
+  nonce blob,
+  sig_type int,
+  epid_group blob,
+  device_public_key blob,
+  prove_dv_nonce blob,
+  setup_dv_nonce blob,
+  kex_suite_name ascii,
+  cipher_suite_name int,
+  max_owner_service_info_size int,
+  owner_random blob,
+  secret blob,
+  sevk blob,
+  svk blob,
+  sek blob,
+  device_service_info map<tuple<text, text>, blob>,
+  owner_service_info list<blob>,
+  last_chunk_sent int,
+  PRIMARY KEY (guid)
+)
+WITH default_time_to_live = 7200;
@@ -68,6 +68,15 @@ defmodule Astarte.Housekeeping.Helpers.Database do
   );
   """
 
+  @create_ownership_vouchers_table """
+  CREATE TABLE :keyspace.ownership_vouchers (
+      private_key blob,
+      voucher_data blob,
+      guid blob,
+      PRIMARY KEY (guid)
+   );
+  """
+
   @create_devices_table """
   CREATE TABLE :keyspace.devices (
     device_id uuid,
@@ -304,7 +313,7 @@ defmodule Astarte.Housekeeping.Helpers.Database do
   """
 
   @drop_capabilities_from_devices """
-  ALTER TABLE :keyspace.devices DROP capabilities;  
+  ALTER TABLE :keyspace.devices DROP capabilities;
   """
 
   def setup(realm_name) do
@@ -325,6 +334,7 @@ defmodule Astarte.Housekeeping.Helpers.Database do
     realm_keyspace = Realm.keyspace_name(realm_name)
     execute(realm_keyspace, @create_keyspace)
     execute(realm_keyspace, @create_capabilities_type)
+    execute(realm_keyspace, @create_ownership_vouchers_table)
     execute(realm_keyspace, @create_devices_table)
     execute(realm_keyspace, @create_groups_table)
     execute(realm_keyspace, @create_names_table)