make node acls generic

controllers/node.go

@@ -100,7 +100,7 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
 		logic.ReturnErrorResponse(response, request, errorResponse)
 		return
 	}
-	// creates network role, node role,node client (added here to resolve any missing configuration in MQ)
+	// creates network role,node client (added here to resolve any missing configuration in MQ)
 	event := mq.MqDynsecPayload{
 		Commands: []mq.MqDynSecCmd{
 
@@ -110,13 +110,6 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
 				Textname: "Network wide role with Acls for nodes",
 				Acls:     mq.FetchNetworkAcls(result.Network),
 			},
-
-			{
-				Command:  mq.CreateRoleCmd,
-				RoleName: fmt.Sprintf("%s-%s", "Node", result.ID),
-				Acls:     mq.FetchNodeAcls(result.ID),
-				Textname: "Role for node " + result.Name,
-			},
 			{
 				Command:  mq.CreateClientCmd,
 				Username: result.ID,
@@ -124,7 +117,7 @@ func authenticate(response http.ResponseWriter, request *http.Request) {
 				Textname: result.Name,
 				Roles: []mq.MqDynSecRole{
 					{
-						Rolename: fmt.Sprintf("%s-%s", "Node", result.ID),
+						Rolename: mq.NodeRole,
 						Priority: -1,
 					},
 					{
@@ -677,7 +670,7 @@ func createNode(w http.ResponseWriter, r *http.Request) {
 	// Create client for this node in Mq
 	event := mq.MqDynsecPayload{
 		Commands: []mq.MqDynSecCmd{
-			{
+			{ // delete if any client exists already
 				Command:  mq.DeleteClientCmd,
 				Username: node.ID,
 			},
@@ -687,12 +680,6 @@ func createNode(w http.ResponseWriter, r *http.Request) {
 				Textname: "Network wide role with Acls for nodes",
 				Acls:     mq.FetchNetworkAcls(node.Network),
 			},
-			{
-				Command:  mq.CreateRoleCmd,
-				RoleName: fmt.Sprintf("%s-%s", "Node", node.ID),
-				Acls:     mq.FetchNodeAcls(node.ID),
-				Textname: "Role for node " + node.Name,
-			},
 			{
 				Command:  mq.CreateClientCmd,
 				Username: node.ID,
@@ -700,7 +687,7 @@ func createNode(w http.ResponseWriter, r *http.Request) {
 				Textname: node.Name,
 				Roles: []mq.MqDynSecRole{
 					{
-						Rolename: fmt.Sprintf("%s-%s", "Node", node.ID),
+						Rolename: mq.NodeRole,
 						Priority: -1,
 					},
 					{

mq/dynsec_helper.go

@@ -17,6 +17,8 @@ const (
 	serverRole = "server"
 	// constant for exporter role
 	exporterRole = "exporter"
+	// constant for node role
+	NodeRole = "node"
 
 	// const for dynamic security file
 	dynamicSecurityFile = "dynamic-security.json"
@@ -54,121 +56,15 @@ var (
 		Roles: []role{
 			{
 				Rolename: adminRole,
-				Acls: []Acl{
-					{
-						AclType:  "publishClientSend",
-						Topic:    "$CONTROL/dynamic-security/#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "publishClientReceive",
-						Topic:    "$CONTROL/dynamic-security/#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "subscribePattern",
-						Topic:    "$CONTROL/dynamic-security/#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "publishClientReceive",
-						Topic:    "$SYS/#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "subscribePattern",
-						Topic:    "$SYS/#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "publishClientReceive",
-						Topic:    "#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "subscribePattern",
-						Topic:    "#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "unsubscribePattern",
-						Topic:    "#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "publishClientSend",
-						Topic:    "#",
-						Priority: -1,
-						Allow:    true,
-					},
-				},
+				Acls:     fetchAdminAcls(),
 			},
 			{
 				Rolename: serverRole,
-				Acls: []Acl{
-					{
-						AclType:  "publishClientSend",
-						Topic:    "peers/#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "publishClientSend",
-						Topic:    "update/#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "publishClientSend",
-						Topic:    "metrics_exporter",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "publishClientReceive",
-						Topic:    "ping/#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "publishClientReceive",
-						Topic:    "update/#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "publishClientReceive",
-						Topic:    "signal/#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "publishClientReceive",
-						Topic:    "metrics/#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "subscribePattern",
-						Topic:    "#",
-						Priority: -1,
-						Allow:    true,
-					},
-					{
-						AclType:  "unsubscribePattern",
-						Topic:    "#",
-						Priority: -1,
-						Allow:    true,
-					},
-				},
+				Acls:     fetchServerAcls(),
+			},
+			{
+				Rolename: NodeRole,
+				Acls:     fetchNodeAcls(),
 			},
 		},
 		DefaultAcl: defaultAccessAcl{
@@ -193,26 +89,7 @@ var (
 	}
 	exporterMQRole = role{
 		Rolename: exporterRole,
-		Acls: []Acl{
-			{
-				AclType:  "publishClientReceive",
-				Topic:    "metrics_exporter",
-				Allow:    true,
-				Priority: -1,
-			},
-			{
-				AclType:  "subscribePattern",
-				Topic:    "#",
-				Priority: -1,
-				Allow:    true,
-			},
-			{
-				AclType:  "unsubscribePattern",
-				Topic:    "#",
-				Priority: -1,
-				Allow:    true,
-			},
-		},
+		Acls:     fetchExporterAcls(),
 	}
 )
 
@@ -318,35 +195,91 @@ func FetchNetworkAcls(network string) []Acl {
 	}
 }
 
-// FetchNodeAcls - fetches node acls
-func FetchNodeAcls(nodeID string) []Acl {
+// serverAcls - fetches server role related acls
+func fetchServerAcls() []Acl {
+	return []Acl{
+		{
+			AclType:  "publishClientSend",
+			Topic:    "peers/#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "publishClientSend",
+			Topic:    "update/#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "publishClientSend",
+			Topic:    "metrics_exporter",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "publishClientReceive",
+			Topic:    "ping/#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "publishClientReceive",
+			Topic:    "update/#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "publishClientReceive",
+			Topic:    "signal/#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "publishClientReceive",
+			Topic:    "metrics/#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "subscribePattern",
+			Topic:    "#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "unsubscribePattern",
+			Topic:    "#",
+			Priority: -1,
+			Allow:    true,
+		},
+	}
+}
+
+// fetchNodeAcls - fetches node related acls
+func fetchNodeAcls() []Acl {
 	// keeping node acls generic as of now.
 	return []Acl{
 
 		{
-			AclType: "publishClientSend",
-			//Topic:    fmt.Sprintf("signal/%s", nodeID),
+			AclType:  "publishClientSend",
 			Topic:    "signal/#",
 			Priority: -1,
 			Allow:    true,
 		},
 		{
-			AclType: "publishClientSend",
-			// Topic:    fmt.Sprintf("update/%s", nodeID),
+			AclType:  "publishClientSend",
 			Topic:    "update/#",
 			Priority: -1,
 			Allow:    true,
 		},
 		{
-			AclType: "publishClientSend",
-			//Topic:    fmt.Sprintf("ping/%s", nodeID),
+			AclType:  "publishClientSend",
 			Topic:    "ping/#",
 			Priority: -1,
 			Allow:    true,
 		},
 		{
-			AclType: "publishClientSend",
-			//Topic:    fmt.Sprintf("metrics/%s", nodeID),
+			AclType:  "publishClientSend",
 			Topic:    "metrics/#",
 			Priority: -1,
 			Allow:    true,
@@ -365,3 +298,87 @@ func FetchNodeAcls(nodeID string) []Acl {
 		},
 	}
 }
+
+// fetchExporterAcls - fetch exporter role related acls
+func fetchExporterAcls() []Acl {
+	return []Acl{
+		{
+			AclType:  "publishClientReceive",
+			Topic:    "metrics_exporter",
+			Allow:    true,
+			Priority: -1,
+		},
+		{
+			AclType:  "subscribePattern",
+			Topic:    "#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "unsubscribePattern",
+			Topic:    "#",
+			Priority: -1,
+			Allow:    true,
+		},
+	}
+}
+
+// fetchAdminAcls - fetches admin role related acls
+func fetchAdminAcls() []Acl {
+	return []Acl{
+		{
+			AclType:  "publishClientSend",
+			Topic:    "$CONTROL/dynamic-security/#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "publishClientReceive",
+			Topic:    "$CONTROL/dynamic-security/#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "subscribePattern",
+			Topic:    "$CONTROL/dynamic-security/#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "publishClientReceive",
+			Topic:    "$SYS/#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "subscribePattern",
+			Topic:    "$SYS/#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "publishClientReceive",
+			Topic:    "#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "subscribePattern",
+			Topic:    "#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "unsubscribePattern",
+			Topic:    "#",
+			Priority: -1,
+			Allow:    true,
+		},
+		{
+			AclType:  "publishClientSend",
+			Topic:    "#",
+			Priority: -1,
+			Allow:    true,
+		},
+	}
+}

mq/handlers.go

@@ -71,6 +71,7 @@ func UpdateNode(client mqtt.Client, msg mqtt.Message) {
 			logger.Log(1, "error getting node.ID sent on ", msg.Topic(), err.Error())
 			return
 		}
+		logger.Log(0, "----------->###### Recieved Node Update for: ", id)
 		currentNode, err := logic.GetNodeByID(id)
 		if err != nil {
 			logger.Log(1, "error getting node ", id, err.Error())