remove unwanted roles

2025-11-08 07:41:41 +08:00 · 2023-01-22 16:27:04 +04:00 · 2023-01-22 16:27:04 +04:00 · 20bad4e2ee
commit 20bad4e2ee
parent f17787751c
3 changed files with 14 additions and 209 deletions
--- a/mq/dynsec.go
+++ b/mq/dynsec.go
@ -180,7 +180,6 @@ func Configure() error {
 		exporterMQClient.Iterations = 101
 		exporterMQClient.Salt = base64.StdEncoding.EncodeToString([]byte(salt))
 		dynConfig.Clients = append(dynConfig.Clients, exporterMQClient)
-		dynConfig.Roles = append(dynConfig.Roles, exporterMQRole)
 	}
 	data, err := json.MarshalIndent(dynConfig, "", " ")
 	if err != nil {
--- a/mq/dynsec_clients.go
+++ b/mq/dynsec_clients.go
@ -8,46 +8,9 @@ type MqClient struct {
 	Networks []string
 }

-// ModifyClient - modifies an existing client's network roles
-func ModifyClient(client *MqClient) error {
-
-	roles := []MqDynSecRole{
-		{
-			Rolename: HostGenericRole,
-			Priority: -1,
-		},
-		{
-			Rolename: getHostRoleName(client.ID),
-			Priority: -1,
-		},
-	}
-
-	for i := range client.Networks {
-		roles = append(roles, MqDynSecRole{
-			Rolename: client.Networks[i],
-			Priority: -1,
-		},
-		)
-	}
-
-	event := MqDynsecPayload{
-		Commands: []MqDynSecCmd{
-			{
-				Command:  ModifyClientCmd,
-				Username: client.ID,
-				Textname: client.Text,
-				Roles:    roles,
-				Groups:   make([]MqDynSecGroup, 0),
-			},
-		},
-	}
-
-	return publishEventToDynSecTopic(event)
-}
-
 // DeleteMqClient - removes a client from the DynSec system
 func DeleteMqClient(hostID string) error {
-	deleteHostRole(hostID)
+
 	event := MqDynsecPayload{
 		Commands: []MqDynSecCmd{
 			{
@ -62,29 +25,6 @@ func DeleteMqClient(hostID string) error {
 // CreateMqClient - creates an MQ DynSec client
 func CreateMqClient(client *MqClient) error {

-	err := createHostRole(client.ID)
-	if err != nil {
-		return err
-	}
-	roles := []MqDynSecRole{
-		{
-			Rolename: HostGenericRole,
-			Priority: -1,
-		},
-		{
-			Rolename: getHostRoleName(client.ID),
-			Priority: -1,
-		},
-	}
-
-	for i := range client.Networks {
-		roles = append(roles, MqDynSecRole{
-			Rolename: client.Networks[i],
-			Priority: -1,
-		},
-		)
-	}
-
 	event := MqDynsecPayload{
 		Commands: []MqDynSecCmd{
 			{
@ -92,8 +32,13 @@ func CreateMqClient(client *MqClient) error {
 				Username: client.ID,
 				Password: client.Password,
 				Textname: client.Text,
-				Roles:    roles,
-				Groups:   make([]MqDynSecGroup, 0),
+				Roles: []MqDynSecRole{
+					{
+						Rolename: genericRole,
+						Priority: -1,
+					},
+				},
+				Groups: make([]MqDynSecGroup, 0),
 			},
 		},
 	}
--- a/mq/dynsec_helper.go
+++ b/mq/dynsec_helper.go
@ -1,7 +1,6 @@
 package mq

 import (
-	"encoding/json"
 	"errors"
 	"fmt"
 	"time"
@ -13,14 +12,8 @@ import (
 const (
 	// constant for admin role
 	adminRole = "admin"
-	// constant for server role
-	serverRole = "server"
-	// constant for exporter role
-	exporterRole = "exporter"
-	// constant for node role
-	NodeRole = "node"
-	// HostGenericRole constant for host role
-	HostGenericRole = "host"
+	// constant for generic role
+	genericRole = "generic"

 	// const for dynamic security file
 	dynamicSecurityFile = "dynamic-security.json"
@ -50,7 +43,7 @@ var (
 				Iterations: 0,
 				Roles: []clientRole{
 					{
-						Rolename: serverRole,
+						Rolename: genericRole,
 					},
 				},
 			},
@ -62,14 +55,9 @@ var (
 				Acls:     fetchAdminAcls(),
 			},
 			{
-				Rolename: serverRole,
-				Acls:     fetchServerAcls(),
+				Rolename: genericRole,
+				Acls:     fetchServerAcls(), //TODO fetch generic acls
 			},
-			{
-				Rolename: HostGenericRole,
-				Acls:     fetchNodeAcls(),
-			},
-			exporterMQRole,
 		},
 		DefaultAcl: defaultAccessAcl{
 			PublishClientSend:    false,
@ -87,31 +75,12 @@ var (
 		Iterations: 101,
 		Roles: []clientRole{
 			{
-				Rolename: exporterRole,
+				Rolename: genericRole,
 			},
 		},
 	}
-	exporterMQRole = role{
-		Rolename: exporterRole,
-		Acls:     fetchExporterAcls(),
-	}
 )

-// DynListCLientsCmdResp - struct for list clients response from MQ
-type DynListCLientsCmdResp struct {
-	Responses []struct {
-		Command string          `json:"command"`
-		Error   string          `json:"error"`
-		Data    ListClientsData `json:"data"`
-	} `json:"responses"`
-}
-
-// ListClientsData - struct for list clients data
-type ListClientsData struct {
-	Clients    []string `json:"clients"`
-	TotalCount int      `json:"totalCount"`
-}
-
 // GetAdminClient - fetches admin client of the MQ
 func GetAdminClient() (mqtt.Client, error) {
 	opts := mqtt.NewClientOptions()
@ -128,47 +97,6 @@ func GetAdminClient() (mqtt.Client, error) {
 	return mqclient, connecterr
 }

-// ListClients -  to list all clients in the MQ
-func ListClients(client mqtt.Client) (ListClientsData, error) {
-	respChan := make(chan mqtt.Message, 10)
-	defer close(respChan)
-	command := "listClients"
-	resp := ListClientsData{}
-	msg := MqDynsecPayload{
-		Commands: []MqDynSecCmd{
-			{
-				Command: command,
-			},
-		},
-	}
-	client.Subscribe("$CONTROL/dynamic-security/v1/response", 2, mqtt.MessageHandler(func(c mqtt.Client, m mqtt.Message) {
-		respChan <- m
-	}))
-	defer client.Unsubscribe()
-	d, _ := json.Marshal(msg)
-	token := client.Publish("$CONTROL/dynamic-security/v1", 2, true, d)
-	if !token.WaitTimeout(30) || token.Error() != nil {
-		var err error
-		if token.Error() == nil {
-			err = errors.New("connection timeout")
-		} else {
-			err = token.Error()
-		}
-		return resp, err
-	}
-
-	for m := range respChan {
-		msg := DynListCLientsCmdResp{}
-		json.Unmarshal(m.Payload(), &msg)
-		for _, mI := range msg.Responses {
-			if mI.Command == command {
-				return mI.Data, nil
-			}
-		}
-	}
-	return resp, errors.New("resp not found")
-}
-
 // fetches host related acls
 func fetchHostAcls(hostID string) []Acl {
 	return []Acl{
@ -229,73 +157,6 @@ func FetchNetworkAcls(network string) []Acl {
 	}
 }

-// DeleteNetworkRole - deletes a network role from DynSec system
-func DeleteNetworkRole(network string) error {
-	// Deletes the network role from MQ
-	event := MqDynsecPayload{
-		Commands: []MqDynSecCmd{
-			{
-				Command:  DeleteRoleCmd,
-				RoleName: network,
-			},
-		},
-	}
-
-	return publishEventToDynSecTopic(event)
-}
-
-func deleteHostRole(hostID string) error {
-	// Deletes the hostID role from MQ
-	event := MqDynsecPayload{
-		Commands: []MqDynSecCmd{
-			{
-				Command:  DeleteRoleCmd,
-				RoleName: getHostRoleName(hostID),
-			},
-		},
-	}
-
-	return publishEventToDynSecTopic(event)
-}
-
-// CreateNetworkRole - createss a network role from DynSec system
-func CreateNetworkRole(network string) error {
-	// Create Role with acls for the network
-	event := MqDynsecPayload{
-		Commands: []MqDynSecCmd{
-			{
-				Command:  CreateRoleCmd,
-				RoleName: network,
-				Textname: "Network wide role with Acls for nodes",
-				Acls:     FetchNetworkAcls(network),
-			},
-		},
-	}
-
-	return publishEventToDynSecTopic(event)
-}
-
-// creates role for the host with ID.
-func createHostRole(hostID string) error {
-	// Create Role with acls for the host
-	event := MqDynsecPayload{
-		Commands: []MqDynSecCmd{
-			{
-				Command:  CreateRoleCmd,
-				RoleName: getHostRoleName(hostID),
-				Textname: "host role with Acls for hosts",
-				Acls:     fetchHostAcls(hostID),
-			},
-		},
-	}
-
-	return publishEventToDynSecTopic(event)
-}
-
-func getHostRoleName(hostID string) string {
-	return fmt.Sprintf("host-%s", hostID)
-}
-
 // serverAcls - fetches server role related acls
 func fetchServerAcls() []Acl {
 	return []Acl{