Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

watch dynsec messages,create client on node join

Abhishek Kondur 2 years ago
parent
08a6ed483c
commit
5270c1ede8
5 changed files with 76 additions and 10 deletions
Split View Show Diff Stats
  1. 27 0
      controllers/node.go
  2. 12 6
      docker/dynamic-security.json
  3. 2 1
      docker/mosquitto.conf
  4. 31 3
      mq/dynsec.go
  5. 4 0
      mq/mq.go

+ 27 - 0
controllers/node.go
View File 

@@ -591,6 +591,33 @@ func createNode(w http.ResponseWriter, r *http.Request) {
 
 		returnErrorResponse(w, r, formatError(err, "internal"))
 
 		return
 
 	}
 
+	// Create client for this node in Mq
 
+	// Delete Any Existing Client
 
+	mq.DynSecChan <- mq.DynSecAction{
 
+		ActionType: mq.CreateClient,
 
+		Payload: mq.MqDynsecPayload{
 
+			Commands: []mq.MqDynSecCmd{
 
+				{
 
+					Command:  mq.CreateClientCmd,
 
+					Username: node.ID,
 
+					Password: node.Password,
 
+					Clientid: node.ID,
 
+					Roles: []mq.MqDynSecRole{
 
+						{
 
+							Rolename: "node",
 
+							Priority: -1,
 
+						},
 
+					},
 
+					Groups: []mq.MqDynSecGroup{
 
+						{
 
+							Groupname: "nodes",
 
+							Priority:  -1,
 
+						},
 
+					},
 
+				},
 
+			},
 
+		},
 
+	}
 
 
 	response := models.NodeGet{
 
 		Node:         node,

+ 12 - 6
docker/dynamic-security.json
View File 

@@ -1,9 +1,9 @@
 
 {
 
 	"clients":	[{
 
-			"username":	"bob",
 
+			"username":	"Netmaker-Admin",
 
 			"textName":	"Dynsec admin user",
 
-			"password":	"JEfqgJum2mlJa51WTGdvEAs2Rnc8vno14yAsAhxbjo9nKs0GAgL0+YM2iOUaW/GFK8L/B0EkbP5qd1AeyBdRTg==",
 
-			"salt":	"MgoCdNVGYMqJh+nU",
 
+			"password":	"T42rorlC/mAP+i19g/YqMlWShPpfo8F/nBz2ZQNRcjAnfczrgu4rIQam9z7T/87NBIHxqR1wMlCIvRN5JApHcw==",
 
+			"salt":	"lHl24sEf+lJ/kFHk",
 
 			"iterations":	101,
 
 			"roles":	[{
 
 					"rolename":	"admin"
 
@@ -43,12 +43,18 @@
 
 					"acltype":	"unsubscribePattern",
 
 					"topic":	"#",
 
 					"allow":	true
 
-				}]
 
+				},
 
+				{
 
+					"acltype":	"publishClientSend",
 
+					"topic":	"#",
 
+					"allow":	true
 
+				}
 
+			]
 
 		}],
 
 	"defaultACLAccess":	{
 
-		"publishClientSend":	false,
 
+		"publishClientSend":	true,
 
 		"publishClientReceive":	true,
 
-		"subscribe":	false,
 
+		"subscribe":	true,
 
 		"unsubscribe":	true
 
 	}
 
 }

+ 2 - 1
docker/mosquitto.conf
View File 

@@ -12,7 +12,8 @@
 
 # allow_anonymous true
 
 
 per_listener_settings false
 
-
 
+listener 8883
 
+allow_anonymous false
 
 listener 1883
 
 allow_anonymous false
 
 plugin /usr/lib/mosquitto_dynamic_security.so

+ 31 - 3
mq/dynsec.go
View File 

@@ -5,21 +5,34 @@ import (
 
 	"encoding/json"
 
 	"fmt"
 
 
+	mqtt "github.com/eclipse/paho.mqtt.golang"
 
 	"github.com/gravitl/netmaker/logger"
 
 )
 
 
-const DynamicSecTopic = "$CONTROL/dynamic-security/#"
 
+const DynamicSecSubTopic = "$CONTROL/dynamic-security/#"
 
+const DynamicSecPubTopic = "$CONTROL/dynamic-security/v1"
 
 
 type DynSecActionType string
 
 
 var (
 
 	CreateClient            DynSecActionType = "CREATE_CLIENT"
 
+	DisableClient           DynSecActionType = "DISABLE_CLIENT"
 
+	EnableClient            DynSecActionType = "ENABLE_CLIENT"
 
+	DeleteClient            DynSecActionType = "DELETE_CLIENT"
 
 	CreateAdminClient       DynSecActionType = "CREATE_ADMIN_CLIENT"
 
+	ModifyClient            DynSecActionType = "MODIFY_CLIENT"
 
 	DISABLE_EXISTING_ADMINS DynSecActionType = "DISABLE_EXISTING_ADMINS"
 
 )
 
 
+var (
 
+	CreateClientCmd  = "createClient"
 
+	DisableClientCmd = "disableClient"
 
+	DeleteClientCmd  = "deleteClient"
 
+	ModifyClientCmd  = "modifyClient"
 
+)
 
+
 
 const mqDynSecAdmin = "Netmaker-Admin"
 
-const defaultAdminPassword = "hello-world"
 
+const defaultAdminPassword = "Netmaker-Admin"
 
 
 type MqDynSecGroup struct {
 
 	Groupname string `json:"groupname"`
 
@@ -31,10 +44,19 @@ type MqDynSecRole struct {
 
 	Priority int    `json:"priority"`
 
 }
 
 
+type Acl struct {
 
+	AclType  string `json:"acl_type"`
 
+	Topic    string `json:"topic"`
 
+	Priority int    `json:"priority"`
 
+	Allow    bool   `json:"allow"`
 
+}
 
+
 
 type MqDynSecCmd struct {
 
 	Command         string          `json:"command"`
 
 	Username        string          `json:"username"`
 
 	Password        string          `json:"password"`
 
+	RoleName        string          `json:"rolename,omitempty"`
 
+	Acls            []Acl           `json:"acls,omitempty"`
 
 	Clientid        string          `json:"clientid"`
 
 	Textname        string          `json:"textname"`
 
 	Textdescription string          `json:"textdescription"`
 
@@ -64,7 +86,7 @@ func DynamicSecManager(ctx context.Context) {
 
 			if err != nil {
 
 				continue
 
 			}
 
-			if token := mqclient.Publish(DynamicSecTopic, 2, false, d); token.Error() != nil {
 
+			if token := mqclient.Publish(DynamicSecPubTopic, 2, false, d); token.Error() != nil {
 
 				logger.Log(0, fmt.Sprintf("failed to perform action [%s]: %v",
 
 					dynSecAction.ActionType, token.Error()))
 
 			}
 
@@ -72,3 +94,9 @@ func DynamicSecManager(ctx context.Context) {
 
 
 	}
 
 }
 
+
 
+func watchDynSecTopic(client mqtt.Client, msg mqtt.Message) {
 
+
 
+	logger.Log(1, fmt.Sprintf("----->WatchDynSecTopic Message: %+v", string(msg.Payload())))
 
+
 
+}

+ 4 - 0
mq/mq.go
View File 

@@ -52,6 +52,10 @@ func SetupMQTT() {
 
 			client.Disconnect(240)
 
 			logger.Log(0, "node client subscription failed")
 
 		}
 
+		if token := client.Subscribe(DynamicSecSubTopic, 0, mqtt.MessageHandler(watchDynSecTopic)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
 
+			client.Disconnect(240)
 
+			logger.Log(0, "Dynamic security client subscription failed")
 
+		}
 
 
 		opts.SetOrderMatters(true)
 
 		opts.SetResumeSubs(true)