netmaker/mq/dynsec_helper.go

package mq

import (
	"encoding/json"
	"errors"
	"fmt"
	"time"

	mqtt "github.com/eclipse/paho.mqtt.golang"
	"github.com/gravitl/netmaker/servercfg"
)

const (
	// constant for admin role
	adminRole = "admin"
	// constant for server role
	serverRole = "server"
	// constant for exporter role
	exporterRole = "exporter"
	// constant for node role
	NodeRole = "node"
	// HostGenericRole constant for host role
	HostGenericRole = "host"

	// const for dynamic security file
	dynamicSecurityFile = "dynamic-security.json"
)

var (
	// default configuration of dynamic security
	dynConfigInI = dynJSON{
		Clients: []client{
			{
				Username:   mqAdminUserName,
				TextName:   "netmaker admin user",
				Password:   "",
				Salt:       "",
				Iterations: 0,
				Roles: []clientRole{
					{
						Rolename: adminRole,
					},
				},
			},
			{
				Username:   mqNetmakerServerUserName,
				TextName:   "netmaker server user",
				Password:   "",
				Salt:       "",
				Iterations: 0,
				Roles: []clientRole{
					{
						Rolename: serverRole,
					},
				},
			},
			exporterMQClient,
		},
		Roles: []role{
			{
				Rolename: adminRole,
				Acls:     fetchAdminAcls(),
			},
			{
				Rolename: serverRole,
				Acls:     fetchServerAcls(),
			},
			{
				Rolename: HostGenericRole,
				Acls:     fetchNodeAcls(),
			},
			exporterMQRole,
		},
		DefaultAcl: defaultAccessAcl{
			PublishClientSend:    false,
			PublishClientReceive: true,
			Subscribe:            false,
			Unsubscribe:          true,
		},
	}

	exporterMQClient = client{
		Username:   mqExporterUserName,
		TextName:   "netmaker metrics exporter",
		Password:   "",
		Salt:       "",
		Iterations: 101,
		Roles: []clientRole{
			{
				Rolename: exporterRole,
			},
		},
	}
	exporterMQRole = role{
		Rolename: exporterRole,
		Acls:     fetchExporterAcls(),
	}
)

// DynListCLientsCmdResp - struct for list clients response from MQ
type DynListCLientsCmdResp struct {
	Responses []struct {
		Command string          `json:"command"`
		Error   string          `json:"error"`
		Data    ListClientsData `json:"data"`
	} `json:"responses"`
}

// ListClientsData - struct for list clients data
type ListClientsData struct {
	Clients    []string `json:"clients"`
	TotalCount int      `json:"totalCount"`
}

// GetAdminClient - fetches admin client of the MQ
func GetAdminClient() (mqtt.Client, error) {
	opts := mqtt.NewClientOptions()
	setMqOptions(mqAdminUserName, servercfg.GetMqAdminPassword(), opts)
	mqclient := mqtt.NewClient(opts)
	var connecterr error
	if token := mqclient.Connect(); !token.WaitTimeout(MQ_TIMEOUT*time.Second) || token.Error() != nil {
		if token.Error() == nil {
			connecterr = errors.New("connect timeout")
		} else {
			connecterr = token.Error()
		}
	}
	return mqclient, connecterr
}

// ListClients -  to list all clients in the MQ
func ListClients(client mqtt.Client) (ListClientsData, error) {
	respChan := make(chan mqtt.Message, 10)
	defer close(respChan)
	command := "listClients"
	resp := ListClientsData{}
	msg := MqDynsecPayload{
		Commands: []MqDynSecCmd{
			{
				Command: command,
			},
		},
	}
	client.Subscribe("$CONTROL/dynamic-security/v1/response", 2, mqtt.MessageHandler(func(c mqtt.Client, m mqtt.Message) {
		respChan <- m
	}))
	defer client.Unsubscribe()
	d, _ := json.Marshal(msg)
	token := client.Publish("$CONTROL/dynamic-security/v1", 2, true, d)
	if !token.WaitTimeout(30) || token.Error() != nil {
		var err error
		if token.Error() == nil {
			err = errors.New("connection timeout")
		} else {
			err = token.Error()
		}
		return resp, err
	}

	for m := range respChan {
		msg := DynListCLientsCmdResp{}
		json.Unmarshal(m.Payload(), &msg)
		for _, mI := range msg.Responses {
			if mI.Command == command {
				return mI.Data, nil
			}
		}
	}
	return resp, errors.New("resp not found")
}

// fetches host related acls
func fetchHostAcls(hostID string) []Acl {
	return []Acl{
		{
			AclType:  "publishClientReceive",
			Topic:    fmt.Sprintf("peers/host/%s/#", hostID),
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientReceive",
			Topic:    fmt.Sprintf("host/update/%s", hostID),
			Priority: -1,
			Allow:    true,
		},
	}
}

// FetchNetworkAcls - fetches network acls
func FetchNetworkAcls(network string) []Acl {
	return []Acl{
		{
			AclType:  "publishClientReceive",
			Topic:    fmt.Sprintf("update/%s/#", network),
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientReceive",
			Topic:    fmt.Sprintf("peers/%s/#", network),
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientReceive",
			Topic:    fmt.Sprintf("proxy/%s/#", network),
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "subscribePattern",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "unsubscribePattern",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
	}
}

// DeleteNetworkRole - deletes a network role from DynSec system
func DeleteNetworkRole(network string) error {
	// Deletes the network role from MQ
	event := MqDynsecPayload{
		Commands: []MqDynSecCmd{
			{
				Command:  DeleteRoleCmd,
				RoleName: network,
			},
		},
	}

	return publishEventToDynSecTopic(event)
}

func deleteHostRole(hostID string) error {
	// Deletes the hostID role from MQ
	event := MqDynsecPayload{
		Commands: []MqDynSecCmd{
			{
				Command:  DeleteRoleCmd,
				RoleName: getHostRoleName(hostID),
			},
		},
	}

	return publishEventToDynSecTopic(event)
}

// CreateNetworkRole - createss a network role from DynSec system
func CreateNetworkRole(network string) error {
	// Create Role with acls for the network
	event := MqDynsecPayload{
		Commands: []MqDynSecCmd{
			{
				Command:  CreateRoleCmd,
				RoleName: network,
				Textname: "Network wide role with Acls for nodes",
				Acls:     FetchNetworkAcls(network),
			},
		},
	}

	return publishEventToDynSecTopic(event)
}

// creates role for the host with ID.
func createHostRole(hostID string) error {
	// Create Role with acls for the host
	event := MqDynsecPayload{
		Commands: []MqDynSecCmd{
			{
				Command:  CreateRoleCmd,
				RoleName: getHostRoleName(hostID),
				Textname: "host role with Acls for hosts",
				Acls:     fetchHostAcls(hostID),
			},
		},
	}

	return publishEventToDynSecTopic(event)
}

func getHostRoleName(hostID string) string {
	return fmt.Sprintf("host-%s", hostID)
}

// serverAcls - fetches server role related acls
func fetchServerAcls() []Acl {
	return []Acl{
		{
			AclType:  "publishClientSend",
			Topic:    "peers/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientSend",
			Topic:    "proxy/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientSend",
			Topic:    "peers/host/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientSend",
			Topic:    "update/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientSend",
			Topic:    "metrics_exporter",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientReceive",
			Topic:    "ping/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientReceive",
			Topic:    "update/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientReceive",
			Topic:    "signal/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientReceive",
			Topic:    "metrics/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "subscribePattern",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "unsubscribePattern",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientReceive",
			Topic:    "host/update/#",
			Priority: -1,
			Allow:    true,
		},
	}
}

// fetchNodeAcls - fetches node related acls
func fetchNodeAcls() []Acl {
	// keeping node acls generic as of now.
	return []Acl{

		{
			AclType:  "publishClientSend",
			Topic:    "signal/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientSend",
			Topic:    "update/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientSend",
			Topic:    "ping/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientSend",
			Topic:    "metrics/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "subscribePattern",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "unsubscribePattern",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
	}
}

// fetchExporterAcls - fetch exporter role related acls
func fetchExporterAcls() []Acl {
	return []Acl{
		{
			AclType:  "publishClientReceive",
			Topic:    "metrics_exporter",
			Allow:    true,
			Priority: -1,
		},
		{
			AclType:  "subscribePattern",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "unsubscribePattern",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
	}
}

// fetchAdminAcls - fetches admin role related acls
func fetchAdminAcls() []Acl {
	return []Acl{
		{
			AclType:  "publishClientSend",
			Topic:    "$CONTROL/dynamic-security/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientReceive",
			Topic:    "$CONTROL/dynamic-security/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "subscribePattern",
			Topic:    "$CONTROL/dynamic-security/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientReceive",
			Topic:    "$SYS/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "subscribePattern",
			Topic:    "$SYS/#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientReceive",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "subscribePattern",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "unsubscribePattern",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
		{
			AclType:  "publishClientSend",
			Topic:    "#",
			Priority: -1,
			Allow:    true,
		},
	}
}
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`package mq`

			`import (`
			`"encoding/json"`
			`"errors"`
			`"fmt"`
			`"time"`

			`mqtt "github.com/eclipse/paho.mqtt.golang"`
			`"github.com/gravitl/netmaker/servercfg"`
			`)`

added comments 2022-09-30 02:29:18 +08:00			`const (`
			`// constant for admin role`
			`adminRole = "admin"`
			`// constant for server role`
			`serverRole = "server"`
			`// constant for exporter role`
			`exporterRole = "exporter"`
make node acls generic 2022-09-30 23:29:03 +08:00			`// constant for node role`
			`NodeRole = "node"`
add new host role with acls 2023-01-04 12:35:05 +08:00			`// HostGenericRole constant for host role`
			`HostGenericRole = "host"`
added comments 2022-09-30 02:29:18 +08:00
			`// const for dynamic security file`
			`dynamicSecurityFile = "dynamic-security.json"`
check if EE to configure exporter for MQ 2022-09-30 01:59:24 +08:00			`)`

			`var (`
added comments 2022-09-30 02:29:18 +08:00			`// default configuration of dynamic security`
use local variable for mq configuration 2022-10-21 16:01:42 +08:00			`dynConfigInI = dynJSON{`
check if EE to configure exporter for MQ 2022-09-30 01:59:24 +08:00			`Clients: []client{`
			`{`
			`Username: mqAdminUserName,`
			`TextName: "netmaker admin user",`
			`Password: "",`
			`Salt: "",`
			`Iterations: 0,`
			`Roles: []clientRole{`
			`{`
added comments 2022-09-30 02:29:18 +08:00			`Rolename: adminRole,`
check if EE to configure exporter for MQ 2022-09-30 01:59:24 +08:00			`},`
			`},`
			`},`
			`{`
			`Username: mqNetmakerServerUserName,`
			`TextName: "netmaker server user",`
			`Password: "",`
			`Salt: "",`
			`Iterations: 0,`
			`Roles: []clientRole{`
			`{`
added comments 2022-09-30 02:29:18 +08:00			`Rolename: serverRole,`
check if EE to configure exporter for MQ 2022-09-30 01:59:24 +08:00			`},`
			`},`
			`},`
keep the passwords in sync 2022-10-21 14:40:12 +08:00			`exporterMQClient,`
check if EE to configure exporter for MQ 2022-09-30 01:59:24 +08:00			`},`
			`Roles: []role{`
			`{`
added comments 2022-09-30 02:29:18 +08:00			`Rolename: adminRole,`
make node acls generic 2022-09-30 23:29:03 +08:00			`Acls: fetchAdminAcls(),`
check if EE to configure exporter for MQ 2022-09-30 01:59:24 +08:00			`},`
			`{`
added comments 2022-09-30 02:29:18 +08:00			`Rolename: serverRole,`
make node acls generic 2022-09-30 23:29:03 +08:00			`Acls: fetchServerAcls(),`
			`},`
			`{`
add new host role with acls 2023-01-04 12:35:05 +08:00			`Rolename: HostGenericRole,`
make node acls generic 2022-09-30 23:29:03 +08:00			`Acls: fetchNodeAcls(),`
check if EE to configure exporter for MQ 2022-09-30 01:59:24 +08:00			`},`
keep the passwords in sync 2022-10-21 14:40:12 +08:00			`exporterMQRole,`
check if EE to configure exporter for MQ 2022-09-30 01:59:24 +08:00			`},`
			`DefaultAcl: defaultAccessAcl{`
			`PublishClientSend: false,`
			`PublishClientReceive: true,`
			`Subscribe: false,`
			`Unsubscribe: true,`
			`},`
			`}`

			`exporterMQClient = client{`
			`Username: mqExporterUserName,`
			`TextName: "netmaker metrics exporter",`
			`Password: "",`
			`Salt: "",`
			`Iterations: 101,`
			`Roles: []clientRole{`
			`{`
added comments 2022-09-30 02:29:18 +08:00			`Rolename: exporterRole,`
check if EE to configure exporter for MQ 2022-09-30 01:59:24 +08:00			`},`
			`},`
			`}`
			`exporterMQRole = role{`
added comments 2022-09-30 02:29:18 +08:00			`Rolename: exporterRole,`
make node acls generic 2022-09-30 23:29:03 +08:00			`Acls: fetchExporterAcls(),`
check if EE to configure exporter for MQ 2022-09-30 01:59:24 +08:00			`}`
			`)`

added comments 2022-09-30 02:29:18 +08:00			`// DynListCLientsCmdResp - struct for list clients response from MQ`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`type DynListCLientsCmdResp struct {`
			`Responses []struct {`
			Command string `json:"command"`
			Error string `json:"error"`
			Data ListClientsData `json:"data"`
			} `json:"responses"`
			`}`

added comments 2022-09-30 02:29:18 +08:00			`// ListClientsData - struct for list clients data`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`type ListClientsData struct {`
			Clients []string `json:"clients"`
			TotalCount int `json:"totalCount"`
			`}`

added comments 2022-09-30 02:29:18 +08:00			`// GetAdminClient - fetches admin client of the MQ`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`func GetAdminClient() (mqtt.Client, error) {`
			`opts := mqtt.NewClientOptions()`
			`setMqOptions(mqAdminUserName, servercfg.GetMqAdminPassword(), opts)`
			`mqclient := mqtt.NewClient(opts)`
			`var connecterr error`
			`if token := mqclient.Connect(); !token.WaitTimeout(MQ_TIMEOUT*time.Second) \|\| token.Error() != nil {`
			`if token.Error() == nil {`
			`connecterr = errors.New("connect timeout")`
			`} else {`
			`connecterr = token.Error()`
			`}`
			`}`
			`return mqclient, connecterr`
			`}`

added comments 2022-09-30 02:29:18 +08:00			`// ListClients - to list all clients in the MQ`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`func ListClients(client mqtt.Client) (ListClientsData, error) {`
			`respChan := make(chan mqtt.Message, 10)`
			`defer close(respChan)`
			`command := "listClients"`
			`resp := ListClientsData{}`
			`msg := MqDynsecPayload{`
			`Commands: []MqDynSecCmd{`
			`{`
			`Command: command,`
			`},`
			`},`
			`}`
			`client.Subscribe("$CONTROL/dynamic-security/v1/response", 2, mqtt.MessageHandler(func(c mqtt.Client, m mqtt.Message) {`
			`respChan <- m`
			`}))`
			`defer client.Unsubscribe()`
			`d, _ := json.Marshal(msg)`
			`token := client.Publish("$CONTROL/dynamic-security/v1", 2, true, d)`
			`if !token.WaitTimeout(30) \|\| token.Error() != nil {`
			`var err error`
			`if token.Error() == nil {`
			`err = errors.New("connection timeout")`
			`} else {`
			`err = token.Error()`
			`}`
			`return resp, err`
			`}`

			`for m := range respChan {`
			`msg := DynListCLientsCmdResp{}`
			`json.Unmarshal(m.Payload(), &msg)`
			`for _, mI := range msg.Responses {`
			`if mI.Command == command {`
			`return mI.Data, nil`
			`}`
			`}`
			`}`
			`return resp, errors.New("resp not found")`
			`}`

add new host role with acls 2023-01-04 12:35:05 +08:00			`// fetches host related acls`
			`func fetchHostAcls(hostID string) []Acl {`
			`return []Acl{`
			`{`
			`AclType: "publishClientReceive",`
fix host peer update model,add server name to peer update topic 2023-01-04 13:33:13 +08:00			`Topic: fmt.Sprintf("peers/host/%s/#", hostID),`
add new host role with acls 2023-01-04 12:35:05 +08:00			`Priority: -1,`
			`Allow: true,`
			`},`
added ability for server to receive and publish host model updates via MQ 2023-01-11 23:33:43 +08:00			`{`
			`AclType: "publishClientReceive",`
addressed comment 2023-01-12 00:51:32 +08:00			`Topic: fmt.Sprintf("host/update/%s", hostID),`
added ability for server to receive and publish host model updates via MQ 2023-01-11 23:33:43 +08:00			`Priority: -1,`
			`Allow: true,`
			`},`
add new host role with acls 2023-01-04 12:35:05 +08:00			`}`
			`}`

added comments 2022-09-30 02:29:18 +08:00			`// FetchNetworkAcls - fetches network acls`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`func FetchNetworkAcls(network string) []Acl {`
			`return []Acl{`
			`{`
add subscription pattern to acls,fix NaN value in metrics for uptime,get real iface name for mac 2022-09-30 21:01:57 +08:00			`AclType: "publishClientReceive",`
			`Topic: fmt.Sprintf("update/%s/#", network),`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "publishClientReceive",`
			`Topic: fmt.Sprintf("peers/%s/#", network),`
			`Priority: -1,`
			`Allow: true,`
			`},`
fix relay updates for proxy 2022-11-18 13:18:28 +08:00			`{`
			`AclType: "publishClientReceive",`
			`Topic: fmt.Sprintf("proxy/%s/#", network),`
			`Priority: -1,`
			`Allow: true,`
			`},`
add subscription pattern to acls,fix NaN value in metrics for uptime,get real iface name for mac 2022-09-30 21:01:57 +08:00			`{`
			`AclType: "subscribePattern",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`},`
			`{`
add subscription pattern to acls,fix NaN value in metrics for uptime,get real iface name for mac 2022-09-30 21:01:57 +08:00			`AclType: "unsubscribePattern",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`},`
			`}`
			`}`

made mq functions a little easier to read and re-use 2022-12-29 01:10:03 +08:00			`// DeleteNetworkRole - deletes a network role from DynSec system`
			`func DeleteNetworkRole(network string) error {`
			`// Deletes the network role from MQ`
			`event := MqDynsecPayload{`
			`Commands: []MqDynSecCmd{`
			`{`
			`Command: DeleteRoleCmd,`
			`RoleName: network,`
			`},`
			`},`
			`}`

			`return publishEventToDynSecTopic(event)`
			`}`

delete host role when client is delete 2023-01-04 12:37:29 +08:00			`func deleteHostRole(hostID string) error {`
			`// Deletes the hostID role from MQ`
			`event := MqDynsecPayload{`
			`Commands: []MqDynSecCmd{`
			`{`
			`Command: DeleteRoleCmd,`
			`RoleName: getHostRoleName(hostID),`
			`},`
			`},`
			`}`

			`return publishEventToDynSecTopic(event)`
			`}`

made mq functions a little easier to read and re-use 2022-12-29 01:10:03 +08:00			`// CreateNetworkRole - createss a network role from DynSec system`
			`func CreateNetworkRole(network string) error {`
			`// Create Role with acls for the network`
			`event := MqDynsecPayload{`
			`Commands: []MqDynSecCmd{`
			`{`
			`Command: CreateRoleCmd,`
			`RoleName: network,`
			`Textname: "Network wide role with Acls for nodes",`
			`Acls: FetchNetworkAcls(network),`
			`},`
			`},`
			`}`

			`return publishEventToDynSecTopic(event)`
			`}`

add new host role with acls 2023-01-04 12:35:05 +08:00			`// creates role for the host with ID.`
			`func createHostRole(hostID string) error {`
			`// Create Role with acls for the host`
			`event := MqDynsecPayload{`
			`Commands: []MqDynSecCmd{`
			`{`
			`Command: CreateRoleCmd,`
			`RoleName: getHostRoleName(hostID),`
host based updates 2023-01-04 22:32:02 +08:00			`Textname: "host role with Acls for hosts",`
add new host role with acls 2023-01-04 12:35:05 +08:00			`Acls: fetchHostAcls(hostID),`
			`},`
			`},`
			`}`

			`return publishEventToDynSecTopic(event)`
			`}`

			`func getHostRoleName(hostID string) string {`
			`return fmt.Sprintf("host-%s", hostID)`
			`}`

make node acls generic 2022-09-30 23:29:03 +08:00			`// serverAcls - fetches server role related acls`
			`func fetchServerAcls() []Acl {`
			`return []Acl{`
			`{`
			`AclType: "publishClientSend",`
			`Topic: "peers/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "publishClientSend",`
fix relay updates for proxy 2022-11-18 13:18:28 +08:00			`Topic: "proxy/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
add new host role with acls 2023-01-04 12:35:05 +08:00			`{`
			`AclType: "publishClientSend",`
			`Topic: "peers/host/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
fix relay updates for proxy 2022-11-18 13:18:28 +08:00			`{`
			`AclType: "publishClientSend",`
make node acls generic 2022-09-30 23:29:03 +08:00			`Topic: "update/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "publishClientSend",`
			`Topic: "metrics_exporter",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "publishClientReceive",`
			`Topic: "ping/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "publishClientReceive",`
			`Topic: "update/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "publishClientReceive",`
			`Topic: "signal/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "publishClientReceive",`
			`Topic: "metrics/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "subscribePattern",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "unsubscribePattern",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
added ability for server to receive and publish host model updates via MQ 2023-01-11 23:33:43 +08:00			`{`
			`AclType: "publishClientReceive",`
			`Topic: "host/update/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
make node acls generic 2022-09-30 23:29:03 +08:00			`}`
			`}`

			`// fetchNodeAcls - fetches node related acls`
			`func fetchNodeAcls() []Acl {`
change node acls to be more generic 2022-09-30 22:25:18 +08:00			`// keeping node acls generic as of now.`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`return []Acl{`

			`{`
make node acls generic 2022-09-30 23:29:03 +08:00			`AclType: "publishClientSend",`
change node acls to be more generic 2022-09-30 22:25:18 +08:00			`Topic: "signal/#",`
add subscription pattern to acls,fix NaN value in metrics for uptime,get real iface name for mac 2022-09-30 21:01:57 +08:00			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
make node acls generic 2022-09-30 23:29:03 +08:00			`AclType: "publishClientSend",`
change node acls to be more generic 2022-09-30 22:25:18 +08:00			`Topic: "update/#",`
add subscription pattern to acls,fix NaN value in metrics for uptime,get real iface name for mac 2022-09-30 21:01:57 +08:00			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
make node acls generic 2022-09-30 23:29:03 +08:00			`AclType: "publishClientSend",`
change node acls to be more generic 2022-09-30 22:25:18 +08:00			`Topic: "ping/#",`
add subscription pattern to acls,fix NaN value in metrics for uptime,get real iface name for mac 2022-09-30 21:01:57 +08:00			`Priority: -1,`
			`Allow: true,`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`},`
			`{`
make node acls generic 2022-09-30 23:29:03 +08:00			`AclType: "publishClientSend",`
change node acls to be more generic 2022-09-30 22:25:18 +08:00			`Topic: "metrics/#",`
add subscription pattern to acls,fix NaN value in metrics for uptime,get real iface name for mac 2022-09-30 21:01:57 +08:00			`Priority: -1,`
			`Allow: true,`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`},`
			`{`
add subscription pattern to acls,fix NaN value in metrics for uptime,get real iface name for mac 2022-09-30 21:01:57 +08:00			`AclType: "subscribePattern",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`},`
			`{`
add subscription pattern to acls,fix NaN value in metrics for uptime,get real iface name for mac 2022-09-30 21:01:57 +08:00			`AclType: "unsubscribePattern",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
added roles,acls for clients 2022-09-30 01:24:41 +08:00			`},`
			`}`
			`}`
make node acls generic 2022-09-30 23:29:03 +08:00
			`// fetchExporterAcls - fetch exporter role related acls`
			`func fetchExporterAcls() []Acl {`
			`return []Acl{`
			`{`
			`AclType: "publishClientReceive",`
			`Topic: "metrics_exporter",`
			`Allow: true,`
			`Priority: -1,`
			`},`
			`{`
			`AclType: "subscribePattern",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "unsubscribePattern",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`}`
			`}`

			`// fetchAdminAcls - fetches admin role related acls`
			`func fetchAdminAcls() []Acl {`
			`return []Acl{`
			`{`
			`AclType: "publishClientSend",`
			`Topic: "$CONTROL/dynamic-security/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "publishClientReceive",`
			`Topic: "$CONTROL/dynamic-security/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "subscribePattern",`
			`Topic: "$CONTROL/dynamic-security/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "publishClientReceive",`
			`Topic: "$SYS/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "subscribePattern",`
			`Topic: "$SYS/#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "publishClientReceive",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "subscribePattern",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "unsubscribePattern",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`{`
			`AclType: "publishClientSend",`
			`Topic: "#",`
			`Priority: -1,`
			`Allow: true,`
			`},`
			`}`
			`}`