dynsec intial code

2025-09-06 13:14:24 +08:00 · 2022-09-13 23:33:39 +05:30 · 2022-09-13 23:33:39 +05:30 · 08a6ed483c
commit 08a6ed483c
parent c262df563e
3 changed files with 81 additions and 5 deletions
--- a/main.go
+++ b/main.go
@ -175,6 +175,7 @@ func runMessageQueue(wg *sync.WaitGroup) {
 	logger.Log(0, "connecting to mq broker at", brokerHost, "with TLS?", fmt.Sprintf("%v", secure))
 	mq.SetupMQTT()
 	ctx, cancel := context.WithCancel(context.Background())
+	go mq.DynamicSecManager(ctx)
 	go mq.Keepalive(ctx)
 	go logic.ManageZombies(ctx)
 	quit := make(chan os.Signal, 1)
--- a/mq/dynsec.go
+++ b/mq/dynsec.go
@ -0,0 +1,74 @@
+package mq
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/gravitl/netmaker/logger"
+)
+
+const DynamicSecTopic = "$CONTROL/dynamic-security/#"
+
+type DynSecActionType string
+
+var (
+	CreateClient            DynSecActionType = "CREATE_CLIENT"
+	CreateAdminClient       DynSecActionType = "CREATE_ADMIN_CLIENT"
+	DISABLE_EXISTING_ADMINS DynSecActionType = "DISABLE_EXISTING_ADMINS"
+)
+
+const mqDynSecAdmin = "Netmaker-Admin"
+const defaultAdminPassword = "hello-world"
+
+type MqDynSecGroup struct {
+	Groupname string `json:"groupname"`
+	Priority  int    `json:"priority"`
+}
+
+type MqDynSecRole struct {
+	Rolename string `json:"rolename"`
+	Priority int    `json:"priority"`
+}
+
+type MqDynSecCmd struct {
+	Command         string          `json:"command"`
+	Username        string          `json:"username"`
+	Password        string          `json:"password"`
+	Clientid        string          `json:"clientid"`
+	Textname        string          `json:"textname"`
+	Textdescription string          `json:"textdescription"`
+	Groups          []MqDynSecGroup `json:"groups"`
+	Roles           []MqDynSecRole  `json:"roles"`
+}
+
+type DynSecAction struct {
+	ActionType DynSecActionType
+	Payload    MqDynsecPayload
+}
+
+type MqDynsecPayload struct {
+	Commands []MqDynSecCmd `json:"commands"`
+}
+
+var DynSecChan = make(chan DynSecAction, 100)
+
+func DynamicSecManager(ctx context.Context) {
+
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case dynSecAction := <-DynSecChan:
+			d, err := json.Marshal(dynSecAction.Payload)
+			if err != nil {
+				continue
+			}
+			if token := mqclient.Publish(DynamicSecTopic, 2, false, d); token.Error() != nil {
+				logger.Log(0, fmt.Sprintf("failed to perform action [%s]: %v",
+					dynSecAction.ActionType, token.Error()))
+			}
+		}
+
+	}
+}
--- a/mq/mq.go
+++ b/mq/mq.go
@ -8,7 +8,6 @@ import (
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/netclient/ncutils"
 	"github.com/gravitl/netmaker/servercfg"
-	"github.com/gravitl/netmaker/serverctl"
 )

 // KEEPALIVE_TIMEOUT - time in seconds for timeout
@ -26,13 +25,15 @@ var mqclient mqtt.Client
 // SetupMQTT creates a connection to broker and return client
 func SetupMQTT() {
 	opts := mqtt.NewClientOptions()
-	broker, secure := servercfg.GetMessageQueueEndpoint()
+	broker, _ := servercfg.GetMessageQueueEndpoint()
 	opts.AddBroker(broker)
 	id := ncutils.MakeRandomString(23)
 	opts.ClientID = id
-	if secure {
-		opts.SetTLSConfig(&serverctl.TlsConfig)
-	}
+	// if secure {
+	// 	opts.SetTLSConfig(&serverctl.TlsConfig)
+	// }
+	opts.SetUsername(mqDynSecAdmin)
+	opts.SetPassword(defaultAdminPassword)
 	opts.SetAutoReconnect(true)
 	opts.SetConnectRetry(true)
 	opts.SetConnectRetryInterval(time.Second << 2)