Merge pull request #1676 from gravitl/fix_mq_admin_passwd_sync

Sync MQ Configuration with netmaker

go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	github.com/stretchr/testify v1.8.0
 	github.com/txn2/txeh v1.3.0
-	github.com/urfave/cli/v2 v2.19.2
+	github.com/urfave/cli/v2 v2.20.2
 	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
 	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b // indirect
 	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094

go.sum

@@ -453,8 +453,8 @@ github.com/txn2/txeh v1.3.0/go.mod h1:O7M6gUTPeMF+vsa4c4Ipx3JDkOYrruB1Wry8QRsMcw
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli/v2 v2.4.0/go.mod h1:NX9W0zmTvedE5oDoOMs2RTC8RvdK98NTYZE5LbaEYPg=
-github.com/urfave/cli/v2 v2.19.2 h1:eXu5089gqqiDQKSnFW+H/FhjrxRGztwSxlTsVK7IuqQ=
-github.com/urfave/cli/v2 v2.19.2/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI=
+github.com/urfave/cli/v2 v2.20.2 h1:dKA0LUjznZpwmmbrc0pOgcLTEilnHeM8Av9Yng77gHM=
+github.com/urfave/cli/v2 v2.20.2/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=

mq/dynsec.go

@@ -132,19 +132,27 @@ func encodePasswordToPBKDF2(password string, salt string, iterations int, keyLen
 
 // Configure - configures the dynamic initial configuration for MQ
 func Configure() error {
+
+	logger.Log(0, "Configuring MQ...")
+	dynConfig := dynConfigInI
 	path := functions.GetNetmakerPath() + ncutils.GetSeparator() + dynamicSecurityFile
-	if logic.CheckIfFileExists(path) {
-		logger.Log(0, "MQ Is Already Configured, Skipping...")
-		return nil
-	}
-	if servercfg.Is_EE {
-		dynConfig.Clients = append(dynConfig.Clients, exporterMQClient)
-		dynConfig.Roles = append(dynConfig.Roles, exporterMQRole)
-	}
+
 	password := servercfg.GetMqAdminPassword()
 	if password == "" {
 		return errors.New("MQ admin password not provided")
 	}
+	if logic.CheckIfFileExists(path) {
+		data, err := os.ReadFile(path)
+		if err == nil {
+			var cfg dynJSON
+			err = json.Unmarshal(data, &cfg)
+			if err == nil {
+				logger.Log(0, "MQ config exists already, So Updating Existing Config...")
+				dynConfig = cfg
+			}
+		}
+	}
+	exporter := false
 	for i, cI := range dynConfig.Clients {
 		if cI.Username == mqAdminUserName || cI.Username == mqNetmakerServerUserName {
 			salt := logic.RandomString(12)
@@ -154,6 +162,7 @@ func Configure() error {
 			cI.Salt = base64.StdEncoding.EncodeToString([]byte(salt))
 			dynConfig.Clients[i] = cI
 		} else if servercfg.Is_EE && cI.Username == mqExporterUserName {
+			exporter = true
 			exporterPassword := servercfg.GetLicenseKey()
 			salt := logic.RandomString(12)
 			hashed := encodePasswordToPBKDF2(exporterPassword, salt, 101, 64)
@@ -163,6 +172,16 @@ func Configure() error {
 			dynConfig.Clients[i] = cI
 		}
 	}
+	if servercfg.Is_EE && !exporter {
+		exporterPassword := servercfg.GetLicenseKey()
+		salt := logic.RandomString(12)
+		hashed := encodePasswordToPBKDF2(exporterPassword, salt, 101, 64)
+		exporterMQClient.Password = hashed
+		exporterMQClient.Iterations = 101
+		exporterMQClient.Salt = base64.StdEncoding.EncodeToString([]byte(salt))
+		dynConfig.Clients = append(dynConfig.Clients, exporterMQClient)
+		dynConfig.Roles = append(dynConfig.Roles, exporterMQRole)
+	}
 	data, err := json.MarshalIndent(dynConfig, "", " ")
 	if err != nil {
 		return err

mq/dynsec_helper.go

@@ -26,7 +26,7 @@ const (
 
 var (
 	// default configuration of dynamic security
-	dynConfig = dynJSON{
+	dynConfigInI = dynJSON{
 		Clients: []client{
 			{
 				Username:   mqAdminUserName,
@@ -52,6 +52,7 @@ var (
 					},
 				},
 			},
+			exporterMQClient,
 		},
 		Roles: []role{
 			{
@@ -66,6 +67,7 @@ var (
 				Rolename: NodeRole,
 				Acls:     fetchNodeAcls(),
 			},
+			exporterMQRole,
 		},
 		DefaultAcl: defaultAccessAcl{
 			PublishClientSend:    false,