mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-21 07:46:04 +08:00
watch dynsec messages,create client on node join
This commit is contained in:
parent
08a6ed483c
commit
5270c1ede8
|
@ -591,6 +591,33 @@ func createNode(w http.ResponseWriter, r *http.Request) {
|
|||
returnErrorResponse(w, r, formatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
// Create client for this node in Mq
|
||||
// Delete Any Existing Client
|
||||
mq.DynSecChan <- mq.DynSecAction{
|
||||
ActionType: mq.CreateClient,
|
||||
Payload: mq.MqDynsecPayload{
|
||||
Commands: []mq.MqDynSecCmd{
|
||||
{
|
||||
Command: mq.CreateClientCmd,
|
||||
Username: node.ID,
|
||||
Password: node.Password,
|
||||
Clientid: node.ID,
|
||||
Roles: []mq.MqDynSecRole{
|
||||
{
|
||||
Rolename: "node",
|
||||
Priority: -1,
|
||||
},
|
||||
},
|
||||
Groups: []mq.MqDynSecGroup{
|
||||
{
|
||||
Groupname: "nodes",
|
||||
Priority: -1,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
response := models.NodeGet{
|
||||
Node: node,
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"clients": [{
|
||||
"username": "bob",
|
||||
"username": "Netmaker-Admin",
|
||||
"textName": "Dynsec admin user",
|
||||
"password": "JEfqgJum2mlJa51WTGdvEAs2Rnc8vno14yAsAhxbjo9nKs0GAgL0+YM2iOUaW/GFK8L/B0EkbP5qd1AeyBdRTg==",
|
||||
"salt": "MgoCdNVGYMqJh+nU",
|
||||
"password": "T42rorlC/mAP+i19g/YqMlWShPpfo8F/nBz2ZQNRcjAnfczrgu4rIQam9z7T/87NBIHxqR1wMlCIvRN5JApHcw==",
|
||||
"salt": "lHl24sEf+lJ/kFHk",
|
||||
"iterations": 101,
|
||||
"roles": [{
|
||||
"rolename": "admin"
|
||||
|
@ -43,12 +43,18 @@
|
|||
"acltype": "unsubscribePattern",
|
||||
"topic": "#",
|
||||
"allow": true
|
||||
}]
|
||||
},
|
||||
{
|
||||
"acltype": "publishClientSend",
|
||||
"topic": "#",
|
||||
"allow": true
|
||||
}
|
||||
]
|
||||
}],
|
||||
"defaultACLAccess": {
|
||||
"publishClientSend": false,
|
||||
"publishClientSend": true,
|
||||
"publishClientReceive": true,
|
||||
"subscribe": false,
|
||||
"subscribe": true,
|
||||
"unsubscribe": true
|
||||
}
|
||||
}
|
|
@ -12,7 +12,8 @@
|
|||
# allow_anonymous true
|
||||
|
||||
per_listener_settings false
|
||||
|
||||
listener 8883
|
||||
allow_anonymous false
|
||||
listener 1883
|
||||
allow_anonymous false
|
||||
plugin /usr/lib/mosquitto_dynamic_security.so
|
||||
|
|
34
mq/dynsec.go
34
mq/dynsec.go
|
@ -5,21 +5,34 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
|
||||
mqtt "github.com/eclipse/paho.mqtt.golang"
|
||||
"github.com/gravitl/netmaker/logger"
|
||||
)
|
||||
|
||||
const DynamicSecTopic = "$CONTROL/dynamic-security/#"
|
||||
const DynamicSecSubTopic = "$CONTROL/dynamic-security/#"
|
||||
const DynamicSecPubTopic = "$CONTROL/dynamic-security/v1"
|
||||
|
||||
type DynSecActionType string
|
||||
|
||||
var (
|
||||
CreateClient DynSecActionType = "CREATE_CLIENT"
|
||||
DisableClient DynSecActionType = "DISABLE_CLIENT"
|
||||
EnableClient DynSecActionType = "ENABLE_CLIENT"
|
||||
DeleteClient DynSecActionType = "DELETE_CLIENT"
|
||||
CreateAdminClient DynSecActionType = "CREATE_ADMIN_CLIENT"
|
||||
ModifyClient DynSecActionType = "MODIFY_CLIENT"
|
||||
DISABLE_EXISTING_ADMINS DynSecActionType = "DISABLE_EXISTING_ADMINS"
|
||||
)
|
||||
|
||||
var (
|
||||
CreateClientCmd = "createClient"
|
||||
DisableClientCmd = "disableClient"
|
||||
DeleteClientCmd = "deleteClient"
|
||||
ModifyClientCmd = "modifyClient"
|
||||
)
|
||||
|
||||
const mqDynSecAdmin = "Netmaker-Admin"
|
||||
const defaultAdminPassword = "hello-world"
|
||||
const defaultAdminPassword = "Netmaker-Admin"
|
||||
|
||||
type MqDynSecGroup struct {
|
||||
Groupname string `json:"groupname"`
|
||||
|
@ -31,10 +44,19 @@ type MqDynSecRole struct {
|
|||
Priority int `json:"priority"`
|
||||
}
|
||||
|
||||
type Acl struct {
|
||||
AclType string `json:"acl_type"`
|
||||
Topic string `json:"topic"`
|
||||
Priority int `json:"priority"`
|
||||
Allow bool `json:"allow"`
|
||||
}
|
||||
|
||||
type MqDynSecCmd struct {
|
||||
Command string `json:"command"`
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
RoleName string `json:"rolename,omitempty"`
|
||||
Acls []Acl `json:"acls,omitempty"`
|
||||
Clientid string `json:"clientid"`
|
||||
Textname string `json:"textname"`
|
||||
Textdescription string `json:"textdescription"`
|
||||
|
@ -64,7 +86,7 @@ func DynamicSecManager(ctx context.Context) {
|
|||
if err != nil {
|
||||
continue
|
||||
}
|
||||
if token := mqclient.Publish(DynamicSecTopic, 2, false, d); token.Error() != nil {
|
||||
if token := mqclient.Publish(DynamicSecPubTopic, 2, false, d); token.Error() != nil {
|
||||
logger.Log(0, fmt.Sprintf("failed to perform action [%s]: %v",
|
||||
dynSecAction.ActionType, token.Error()))
|
||||
}
|
||||
|
@ -72,3 +94,9 @@ func DynamicSecManager(ctx context.Context) {
|
|||
|
||||
}
|
||||
}
|
||||
|
||||
func watchDynSecTopic(client mqtt.Client, msg mqtt.Message) {
|
||||
|
||||
logger.Log(1, fmt.Sprintf("----->WatchDynSecTopic Message: %+v", string(msg.Payload())))
|
||||
|
||||
}
|
||||
|
|
4
mq/mq.go
4
mq/mq.go
|
@ -52,6 +52,10 @@ func SetupMQTT() {
|
|||
client.Disconnect(240)
|
||||
logger.Log(0, "node client subscription failed")
|
||||
}
|
||||
if token := client.Subscribe(DynamicSecSubTopic, 0, mqtt.MessageHandler(watchDynSecTopic)); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
|
||||
client.Disconnect(240)
|
||||
logger.Log(0, "Dynamic security client subscription failed")
|
||||
}
|
||||
|
||||
opts.SetOrderMatters(true)
|
||||
opts.SetResumeSubs(true)
|
||||
|
|
Loading…
Reference in a new issue