|
|
@@ -1,7 +1,6 @@
|
|
|
package mq
|
|
|
|
|
|
import (
|
|
|
- "encoding/json"
|
|
|
"errors"
|
|
|
"fmt"
|
|
|
"time"
|
|
|
@@ -13,14 +12,8 @@ import (
|
|
|
const (
|
|
|
// constant for admin role
|
|
|
adminRole = "admin"
|
|
|
- // constant for server role
|
|
|
- serverRole = "server"
|
|
|
- // constant for exporter role
|
|
|
- exporterRole = "exporter"
|
|
|
- // constant for node role
|
|
|
- NodeRole = "node"
|
|
|
- // HostGenericRole constant for host role
|
|
|
- HostGenericRole = "host"
|
|
|
+ // constant for generic role
|
|
|
+ genericRole = "generic"
|
|
|
|
|
|
// const for dynamic security file
|
|
|
dynamicSecurityFile = "dynamic-security.json"
|
|
|
@@ -50,7 +43,7 @@ var (
|
|
|
Iterations: 0,
|
|
|
Roles: []clientRole{
|
|
|
{
|
|
|
- Rolename: serverRole,
|
|
|
+ Rolename: genericRole,
|
|
|
},
|
|
|
},
|
|
|
},
|
|
|
@@ -62,14 +55,9 @@ var (
|
|
|
Acls: fetchAdminAcls(),
|
|
|
},
|
|
|
{
|
|
|
- Rolename: serverRole,
|
|
|
- Acls: fetchServerAcls(),
|
|
|
+ Rolename: genericRole,
|
|
|
+ Acls: fetchServerAcls(), //TODO fetch generic acls
|
|
|
},
|
|
|
- {
|
|
|
- Rolename: HostGenericRole,
|
|
|
- Acls: fetchNodeAcls(),
|
|
|
- },
|
|
|
- exporterMQRole,
|
|
|
},
|
|
|
DefaultAcl: defaultAccessAcl{
|
|
|
PublishClientSend: false,
|
|
|
@@ -87,31 +75,12 @@ var (
|
|
|
Iterations: 101,
|
|
|
Roles: []clientRole{
|
|
|
{
|
|
|
- Rolename: exporterRole,
|
|
|
+ Rolename: genericRole,
|
|
|
},
|
|
|
},
|
|
|
}
|
|
|
- exporterMQRole = role{
|
|
|
- Rolename: exporterRole,
|
|
|
- Acls: fetchExporterAcls(),
|
|
|
- }
|
|
|
)
|
|
|
|
|
|
-// DynListCLientsCmdResp - struct for list clients response from MQ
|
|
|
-type DynListCLientsCmdResp struct {
|
|
|
- Responses []struct {
|
|
|
- Command string `json:"command"`
|
|
|
- Error string `json:"error"`
|
|
|
- Data ListClientsData `json:"data"`
|
|
|
- } `json:"responses"`
|
|
|
-}
|
|
|
-
|
|
|
-// ListClientsData - struct for list clients data
|
|
|
-type ListClientsData struct {
|
|
|
- Clients []string `json:"clients"`
|
|
|
- TotalCount int `json:"totalCount"`
|
|
|
-}
|
|
|
-
|
|
|
// GetAdminClient - fetches admin client of the MQ
|
|
|
func GetAdminClient() (mqtt.Client, error) {
|
|
|
opts := mqtt.NewClientOptions()
|
|
|
@@ -128,47 +97,6 @@ func GetAdminClient() (mqtt.Client, error) {
|
|
|
return mqclient, connecterr
|
|
|
}
|
|
|
|
|
|
-// ListClients - to list all clients in the MQ
|
|
|
-func ListClients(client mqtt.Client) (ListClientsData, error) {
|
|
|
- respChan := make(chan mqtt.Message, 10)
|
|
|
- defer close(respChan)
|
|
|
- command := "listClients"
|
|
|
- resp := ListClientsData{}
|
|
|
- msg := MqDynsecPayload{
|
|
|
- Commands: []MqDynSecCmd{
|
|
|
- {
|
|
|
- Command: command,
|
|
|
- },
|
|
|
- },
|
|
|
- }
|
|
|
- client.Subscribe("$CONTROL/dynamic-security/v1/response", 2, mqtt.MessageHandler(func(c mqtt.Client, m mqtt.Message) {
|
|
|
- respChan <- m
|
|
|
- }))
|
|
|
- defer client.Unsubscribe()
|
|
|
- d, _ := json.Marshal(msg)
|
|
|
- token := client.Publish("$CONTROL/dynamic-security/v1", 2, true, d)
|
|
|
- if !token.WaitTimeout(30) || token.Error() != nil {
|
|
|
- var err error
|
|
|
- if token.Error() == nil {
|
|
|
- err = errors.New("connection timeout")
|
|
|
- } else {
|
|
|
- err = token.Error()
|
|
|
- }
|
|
|
- return resp, err
|
|
|
- }
|
|
|
-
|
|
|
- for m := range respChan {
|
|
|
- msg := DynListCLientsCmdResp{}
|
|
|
- json.Unmarshal(m.Payload(), &msg)
|
|
|
- for _, mI := range msg.Responses {
|
|
|
- if mI.Command == command {
|
|
|
- return mI.Data, nil
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- return resp, errors.New("resp not found")
|
|
|
-}
|
|
|
-
|
|
|
// fetches host related acls
|
|
|
func fetchHostAcls(hostID string) []Acl {
|
|
|
return []Acl{
|
|
|
@@ -229,73 +157,6 @@ func FetchNetworkAcls(network string) []Acl {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-// DeleteNetworkRole - deletes a network role from DynSec system
|
|
|
-func DeleteNetworkRole(network string) error {
|
|
|
- // Deletes the network role from MQ
|
|
|
- event := MqDynsecPayload{
|
|
|
- Commands: []MqDynSecCmd{
|
|
|
- {
|
|
|
- Command: DeleteRoleCmd,
|
|
|
- RoleName: network,
|
|
|
- },
|
|
|
- },
|
|
|
- }
|
|
|
-
|
|
|
- return publishEventToDynSecTopic(event)
|
|
|
-}
|
|
|
-
|
|
|
-func deleteHostRole(hostID string) error {
|
|
|
- // Deletes the hostID role from MQ
|
|
|
- event := MqDynsecPayload{
|
|
|
- Commands: []MqDynSecCmd{
|
|
|
- {
|
|
|
- Command: DeleteRoleCmd,
|
|
|
- RoleName: getHostRoleName(hostID),
|
|
|
- },
|
|
|
- },
|
|
|
- }
|
|
|
-
|
|
|
- return publishEventToDynSecTopic(event)
|
|
|
-}
|
|
|
-
|
|
|
-// CreateNetworkRole - createss a network role from DynSec system
|
|
|
-func CreateNetworkRole(network string) error {
|
|
|
- // Create Role with acls for the network
|
|
|
- event := MqDynsecPayload{
|
|
|
- Commands: []MqDynSecCmd{
|
|
|
- {
|
|
|
- Command: CreateRoleCmd,
|
|
|
- RoleName: network,
|
|
|
- Textname: "Network wide role with Acls for nodes",
|
|
|
- Acls: FetchNetworkAcls(network),
|
|
|
- },
|
|
|
- },
|
|
|
- }
|
|
|
-
|
|
|
- return publishEventToDynSecTopic(event)
|
|
|
-}
|
|
|
-
|
|
|
-// creates role for the host with ID.
|
|
|
-func createHostRole(hostID string) error {
|
|
|
- // Create Role with acls for the host
|
|
|
- event := MqDynsecPayload{
|
|
|
- Commands: []MqDynSecCmd{
|
|
|
- {
|
|
|
- Command: CreateRoleCmd,
|
|
|
- RoleName: getHostRoleName(hostID),
|
|
|
- Textname: "host role with Acls for hosts",
|
|
|
- Acls: fetchHostAcls(hostID),
|
|
|
- },
|
|
|
- },
|
|
|
- }
|
|
|
-
|
|
|
- return publishEventToDynSecTopic(event)
|
|
|
-}
|
|
|
-
|
|
|
-func getHostRoleName(hostID string) string {
|
|
|
- return fmt.Sprintf("host-%s", hostID)
|
|
|
-}
|
|
|
-
|
|
|
// serverAcls - fetches server role related acls
|
|
|
func fetchServerAcls() []Acl {
|
|
|
return []Acl{
|
Abhishek Kondur