From 9a58c1237e185c43626c8eed90b76144d4962be4 Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Fri, 24 Nov 2023 15:17:27 +0400 Subject: [PATCH 01/10] extraAllowedIps fix for ext clients --- logic/extpeers.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/logic/extpeers.go b/logic/extpeers.go index e19b2edc..9cf0c95f 100644 --- a/logic/extpeers.go +++ b/logic/extpeers.go @@ -247,9 +247,7 @@ func UpdateExtClient(old *models.ExtClient, update *models.CustomExtClient) mode if update.Enabled != old.Enabled { new.Enabled = update.Enabled } - if update.ExtraAllowedIPs != nil && StringDifference(old.ExtraAllowedIPs, update.ExtraAllowedIPs) != nil { - new.ExtraAllowedIPs = update.ExtraAllowedIPs - } + new.ExtraAllowedIPs = update.ExtraAllowedIPs if update.DeniedACLs != nil && !reflect.DeepEqual(old.DeniedACLs, update.DeniedACLs) { new.DeniedACLs = update.DeniedACLs } From b6b71c951e09cf3d1ca3d4ef90911fa7c62fa8b6 Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Fri, 24 Nov 2023 18:32:43 +0400 Subject: [PATCH 02/10] add extclient extra allowedIPs and attach them to egress routes --- logic/peers.go | 51 ++++++++++++++++++++++++++++++++++++++++++++------ models/node.go | 24 ++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 6 deletions(-) diff --git a/logic/peers.go b/logic/peers.go index 9f86fd2d..cf8cad30 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -129,6 +129,9 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N EgressRanges: peer.EgressGatewayRanges, }) } + if peer.IsIngressGateway { + hostPeerUpdate.EgressRoutes = append(hostPeerUpdate.EgressRoutes, getExtpeersExtraRoutes(peer.Network)...) + } if (node.IsRelayed && node.RelayedBy != peer.ID.String()) || (peer.IsRelayed && peer.RelayedBy != node.ID.String()) { // if node is relayed and peer is not the relay, set remove to true if _, ok := peerIndexMap[peerHost.PublicKey.String()]; ok { @@ -207,9 +210,11 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N } var extPeers []wgtypes.PeerConfig var extPeerIDAndAddrs []models.IDandAddr + var egressRoutes []models.EgressNetworkRoutes if node.IsIngressGateway { - extPeers, extPeerIDAndAddrs, err = getExtPeers(&node, &node) + extPeers, extPeerIDAndAddrs, egressRoutes, err = getExtPeers(&node, &node) if err == nil { + hostPeerUpdate.EgressRoutes = append(hostPeerUpdate.EgressRoutes, egressRoutes...) hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...) for _, extPeerIdAndAddr := range extPeerIDAndAddrs { extPeerIdAndAddr := extPeerIdAndAddr @@ -290,16 +295,17 @@ func GetPeerListenPort(host *models.Host) int { return peerPort } -func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, error) { +func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, []models.EgressNetworkRoutes, error) { var peers []wgtypes.PeerConfig var idsAndAddr []models.IDandAddr + var egressRoutes []models.EgressNetworkRoutes extPeers, err := GetNetworkExtClients(node.Network) if err != nil { - return peers, idsAndAddr, err + return peers, idsAndAddr, egressRoutes, err } host, err := GetHost(node.HostID.String()) if err != nil { - return peers, idsAndAddr, err + return peers, idsAndAddr, egressRoutes, err } for _, extPeer := range extPeers { extPeer := extPeer @@ -338,6 +344,12 @@ func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA allowedips = append(allowedips, addr6) } } + for _, extraAllowedIP := range extPeer.ExtraAllowedIPs { + _, cidr, err := net.ParseCIDR(extraAllowedIP) + if err == nil { + allowedips = append(allowedips, *cidr) + } + } primaryAddr := extPeer.Address if primaryAddr == "" { @@ -356,10 +368,37 @@ func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA IsExtClient: true, }) } - return peers, idsAndAddr, nil + return peers, idsAndAddr, egressRoutes, nil } +func getExtPeerEgressRoute(extPeer models.ExtClient) (egressRoutes []models.EgressNetworkRoutes) { + if extPeer.Address != "" { + egressRoutes = append(egressRoutes, models.EgressNetworkRoutes{ + NodeAddr: extPeer.AddressIPNet4(), + EgressRanges: extPeer.ExtraAllowedIPs, + }) + } + if extPeer.Address6 != "" { + egressRoutes = append(egressRoutes, models.EgressNetworkRoutes{ + NodeAddr: extPeer.AddressIPNet6(), + EgressRanges: extPeer.ExtraAllowedIPs, + }) + } + return +} + +func getExtpeersExtraRoutes(network string) (egressRoutes []models.EgressNetworkRoutes) { + extPeers, err := GetNetworkExtClients(network) + if err != nil { + return + } + for _, extPeer := range extPeers { + egressRoutes = append(egressRoutes, getExtPeerEgressRoute(extPeer)...) + } + return +} + // GetAllowedIPs - calculates the wireguard allowedip field for a peer of a node based on the peer and node settings func GetAllowedIPs(node, peer *models.Node, metrics *models.Metrics) []net.IPNet { var allowedips []net.IPNet @@ -367,7 +406,7 @@ func GetAllowedIPs(node, peer *models.Node, metrics *models.Metrics) []net.IPNet // handle ingress gateway peers if peer.IsIngressGateway { - extPeers, _, err := getExtPeers(peer, node) + extPeers, _, _, err := getExtPeers(peer, node) if err != nil { logger.Log(2, "could not retrieve ext peers for ", peer.ID.String(), err.Error()) } diff --git a/models/node.go b/models/node.go index 777c6aaf..fba61f7b 100644 --- a/models/node.go +++ b/models/node.go @@ -192,6 +192,30 @@ func (node *Node) PrimaryAddress() string { return node.Address6.IP.String() } +// ExtClient.PrimaryAddress - returns ipv4 IPNet format +func (extPeer *ExtClient) AddressIPNet4() net.IPNet { + if extPeer.Address == "" { + return net.IPNet{} + } + _, cidr, err := net.ParseCIDR(extPeer.Address) + if err != nil { + return net.IPNet{} + } + return *cidr +} + +// ExtClient.AddressIPNet6 - return ipv6 IPNet format +func (extPeer *ExtClient) AddressIPNet6() net.IPNet { + if extPeer.Address6 == "" { + return net.IPNet{} + } + _, cidr6, err := net.ParseCIDR(extPeer.Address6) + if err != nil { + return net.IPNet{} + } + return *cidr6 +} + // Node.PrimaryNetworkRange - returns node's parent network, returns ipv4 address if present, else return ipv6 func (node *Node) PrimaryNetworkRange() net.IPNet { if node.NetworkRange.IP != nil { From fceae8f93a7ecae00f57c1457418263ecdb4e8e1 Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Fri, 24 Nov 2023 19:29:43 +0400 Subject: [PATCH 03/10] move code to extpeers --- logic/extpeers.go | 106 ++++++++++++++++++++++++++++++++++++++++++++++ logic/peers.go | 104 --------------------------------------------- 2 files changed, 106 insertions(+), 104 deletions(-) diff --git a/logic/extpeers.go b/logic/extpeers.go index 9cf0c95f..ecc61183 100644 --- a/logic/extpeers.go +++ b/logic/extpeers.go @@ -3,11 +3,13 @@ package logic import ( "encoding/json" "fmt" + "net" "reflect" "sync" "time" "github.com/gravitl/netmaker/database" + "github.com/gravitl/netmaker/logger" "github.com/gravitl/netmaker/models" "golang.org/x/exp/slog" "golang.zx2c4.com/wireguard/wgctrl/wgtypes" @@ -316,3 +318,107 @@ func ToggleExtClientConnectivity(client *models.ExtClient, enable bool) (models. return newClient, nil } + +func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, []models.EgressNetworkRoutes, error) { + var peers []wgtypes.PeerConfig + var idsAndAddr []models.IDandAddr + var egressRoutes []models.EgressNetworkRoutes + extPeers, err := GetNetworkExtClients(node.Network) + if err != nil { + return peers, idsAndAddr, egressRoutes, err + } + host, err := GetHost(node.HostID.String()) + if err != nil { + return peers, idsAndAddr, egressRoutes, err + } + for _, extPeer := range extPeers { + extPeer := extPeer + if !IsClientNodeAllowed(&extPeer, peer.ID.String()) { + continue + } + pubkey, err := wgtypes.ParseKey(extPeer.PublicKey) + if err != nil { + logger.Log(1, "error parsing ext pub key:", err.Error()) + continue + } + + if host.PublicKey.String() == extPeer.PublicKey || + extPeer.IngressGatewayID != node.ID.String() || !extPeer.Enabled { + continue + } + + var allowedips []net.IPNet + var peer wgtypes.PeerConfig + if extPeer.Address != "" { + var peeraddr = net.IPNet{ + IP: net.ParseIP(extPeer.Address), + Mask: net.CIDRMask(32, 32), + } + if peeraddr.IP != nil && peeraddr.Mask != nil { + allowedips = append(allowedips, peeraddr) + } + } + + if extPeer.Address6 != "" { + var addr6 = net.IPNet{ + IP: net.ParseIP(extPeer.Address6), + Mask: net.CIDRMask(128, 128), + } + if addr6.IP != nil && addr6.Mask != nil { + allowedips = append(allowedips, addr6) + } + } + for _, extraAllowedIP := range extPeer.ExtraAllowedIPs { + _, cidr, err := net.ParseCIDR(extraAllowedIP) + if err == nil { + allowedips = append(allowedips, *cidr) + } + } + + primaryAddr := extPeer.Address + if primaryAddr == "" { + primaryAddr = extPeer.Address6 + } + peer = wgtypes.PeerConfig{ + PublicKey: pubkey, + ReplaceAllowedIPs: true, + AllowedIPs: allowedips, + } + peers = append(peers, peer) + idsAndAddr = append(idsAndAddr, models.IDandAddr{ + ID: peer.PublicKey.String(), + Name: extPeer.ClientID, + Address: primaryAddr, + IsExtClient: true, + }) + } + return peers, idsAndAddr, egressRoutes, nil + +} + +func getExtPeerEgressRoute(extPeer models.ExtClient) (egressRoutes []models.EgressNetworkRoutes) { + if extPeer.Address != "" { + egressRoutes = append(egressRoutes, models.EgressNetworkRoutes{ + NodeAddr: extPeer.AddressIPNet4(), + EgressRanges: extPeer.ExtraAllowedIPs, + }) + } + if extPeer.Address6 != "" { + egressRoutes = append(egressRoutes, models.EgressNetworkRoutes{ + NodeAddr: extPeer.AddressIPNet6(), + EgressRanges: extPeer.ExtraAllowedIPs, + }) + } + return +} + +func getExtpeersExtraRoutes(network string) (egressRoutes []models.EgressNetworkRoutes) { + extPeers, err := GetNetworkExtClients(network) + if err != nil { + return + } + for _, extPeer := range extPeers { + egressRoutes = append(egressRoutes, getExtPeerEgressRoute(extPeer)...) + } + return +} diff --git a/logic/peers.go b/logic/peers.go index cf8cad30..9e7e32ca 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -295,110 +295,6 @@ func GetPeerListenPort(host *models.Host) int { return peerPort } -func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, []models.EgressNetworkRoutes, error) { - var peers []wgtypes.PeerConfig - var idsAndAddr []models.IDandAddr - var egressRoutes []models.EgressNetworkRoutes - extPeers, err := GetNetworkExtClients(node.Network) - if err != nil { - return peers, idsAndAddr, egressRoutes, err - } - host, err := GetHost(node.HostID.String()) - if err != nil { - return peers, idsAndAddr, egressRoutes, err - } - for _, extPeer := range extPeers { - extPeer := extPeer - if !IsClientNodeAllowed(&extPeer, peer.ID.String()) { - continue - } - pubkey, err := wgtypes.ParseKey(extPeer.PublicKey) - if err != nil { - logger.Log(1, "error parsing ext pub key:", err.Error()) - continue - } - - if host.PublicKey.String() == extPeer.PublicKey || - extPeer.IngressGatewayID != node.ID.String() || !extPeer.Enabled { - continue - } - - var allowedips []net.IPNet - var peer wgtypes.PeerConfig - if extPeer.Address != "" { - var peeraddr = net.IPNet{ - IP: net.ParseIP(extPeer.Address), - Mask: net.CIDRMask(32, 32), - } - if peeraddr.IP != nil && peeraddr.Mask != nil { - allowedips = append(allowedips, peeraddr) - } - } - - if extPeer.Address6 != "" { - var addr6 = net.IPNet{ - IP: net.ParseIP(extPeer.Address6), - Mask: net.CIDRMask(128, 128), - } - if addr6.IP != nil && addr6.Mask != nil { - allowedips = append(allowedips, addr6) - } - } - for _, extraAllowedIP := range extPeer.ExtraAllowedIPs { - _, cidr, err := net.ParseCIDR(extraAllowedIP) - if err == nil { - allowedips = append(allowedips, *cidr) - } - } - - primaryAddr := extPeer.Address - if primaryAddr == "" { - primaryAddr = extPeer.Address6 - } - peer = wgtypes.PeerConfig{ - PublicKey: pubkey, - ReplaceAllowedIPs: true, - AllowedIPs: allowedips, - } - peers = append(peers, peer) - idsAndAddr = append(idsAndAddr, models.IDandAddr{ - ID: peer.PublicKey.String(), - Name: extPeer.ClientID, - Address: primaryAddr, - IsExtClient: true, - }) - } - return peers, idsAndAddr, egressRoutes, nil - -} - -func getExtPeerEgressRoute(extPeer models.ExtClient) (egressRoutes []models.EgressNetworkRoutes) { - if extPeer.Address != "" { - egressRoutes = append(egressRoutes, models.EgressNetworkRoutes{ - NodeAddr: extPeer.AddressIPNet4(), - EgressRanges: extPeer.ExtraAllowedIPs, - }) - } - if extPeer.Address6 != "" { - egressRoutes = append(egressRoutes, models.EgressNetworkRoutes{ - NodeAddr: extPeer.AddressIPNet6(), - EgressRanges: extPeer.ExtraAllowedIPs, - }) - } - return -} - -func getExtpeersExtraRoutes(network string) (egressRoutes []models.EgressNetworkRoutes) { - extPeers, err := GetNetworkExtClients(network) - if err != nil { - return - } - for _, extPeer := range extPeers { - egressRoutes = append(egressRoutes, getExtPeerEgressRoute(extPeer)...) - } - return -} - // GetAllowedIPs - calculates the wireguard allowedip field for a peer of a node based on the peer and node settings func GetAllowedIPs(node, peer *models.Node, metrics *models.Metrics) []net.IPNet { var allowedips []net.IPNet From 358bd122976cf6236040f57ee2da2c01f0e64163 Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Mon, 27 Nov 2023 10:03:21 +0400 Subject: [PATCH 04/10] send peer update for extclient extraAllowedIps update --- controllers/ext_client.go | 3 +++ logic/util.go | 14 ++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/controllers/ext_client.go b/controllers/ext_client.go index 3035979e..7e7c88f7 100644 --- a/controllers/ext_client.go +++ b/controllers/ext_client.go @@ -481,6 +481,9 @@ func updateExtClient(w http.ResponseWriter, r *http.Request) { sendPeerUpdate = true logic.SetClientACLs(&oldExtClient, update.DeniedACLs) } + if !logic.IsSlicesEqual(update.ExtraAllowedIPs, oldExtClient.ExtraAllowedIPs) { + sendPeerUpdate = true + } if update.Enabled != oldExtClient.Enabled { sendPeerUpdate = true diff --git a/logic/util.go b/logic/util.go index 52ed902a..bb38a952 100644 --- a/logic/util.go +++ b/logic/util.go @@ -134,4 +134,18 @@ func RemoveStringSlice(slice []string, i int) []string { return append(slice[:i], slice[i+1:]...) } +// IsSlicesEqual tells whether a and b contain the same elements. +// A nil argument is equivalent to an empty slice. +func IsSlicesEqual(a, b []string) bool { + if len(a) != len(b) { + return false + } + for i, v := range a { + if v != b[i] { + return false + } + } + return true +} + // == private == From b3ec58a929119830aa0575dbd24e670ebeaf4c57 Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Mon, 27 Nov 2023 10:16:18 +0400 Subject: [PATCH 05/10] add extraclient egress routes --- logic/extpeers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logic/extpeers.go b/logic/extpeers.go index ecc61183..07f549bd 100644 --- a/logic/extpeers.go +++ b/logic/extpeers.go @@ -374,7 +374,7 @@ func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA allowedips = append(allowedips, *cidr) } } - + egressRoutes = append(egressRoutes, getExtPeerEgressRoute(extPeer)...) primaryAddr := extPeer.Address if primaryAddr == "" { primaryAddr = extPeer.Address6 From cf0b4cbd2b84013aeeab6d6b20f00444aa87da81 Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Mon, 27 Nov 2023 11:19:46 +0400 Subject: [PATCH 06/10] fix extclient route conv --- models/node.go | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/models/node.go b/models/node.go index fba61f7b..3e230488 100644 --- a/models/node.go +++ b/models/node.go @@ -194,26 +194,18 @@ func (node *Node) PrimaryAddress() string { // ExtClient.PrimaryAddress - returns ipv4 IPNet format func (extPeer *ExtClient) AddressIPNet4() net.IPNet { - if extPeer.Address == "" { - return net.IPNet{} + return net.IPNet{ + IP: net.ParseIP(extPeer.Address), + Mask: net.CIDRMask(32, 32), } - _, cidr, err := net.ParseCIDR(extPeer.Address) - if err != nil { - return net.IPNet{} - } - return *cidr } // ExtClient.AddressIPNet6 - return ipv6 IPNet format func (extPeer *ExtClient) AddressIPNet6() net.IPNet { - if extPeer.Address6 == "" { - return net.IPNet{} + return net.IPNet{ + IP: net.ParseIP(extPeer.Address), + Mask: net.CIDRMask(128, 128), } - _, cidr6, err := net.ParseCIDR(extPeer.Address6) - if err != nil { - return net.IPNet{} - } - return *cidr6 } // Node.PrimaryNetworkRange - returns node's parent network, returns ipv4 address if present, else return ipv6 From a41fcb5faa51d88452ebf307f191d2c433c9fabf Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Mon, 27 Nov 2023 12:24:31 +0400 Subject: [PATCH 07/10] initalize extraallowed ips field --- logic/extpeers.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/logic/extpeers.go b/logic/extpeers.go index 07f549bd..aa6b715c 100644 --- a/logic/extpeers.go +++ b/logic/extpeers.go @@ -186,6 +186,9 @@ func CreateExtClient(extclient *models.ExtClient) error { } else if len(extclient.PrivateKey) == 0 && len(extclient.PublicKey) > 0 { extclient.PrivateKey = "[ENTER PRIVATE KEY]" } + if extclient.ExtraAllowedIPs == nil { + extclient.ExtraAllowedIPs = []string{} + } parentNetwork, err := GetNetwork(extclient.Network) if err != nil { From 81de838d93c6d6f1deabe68ee491af04696a7e58 Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Mon, 27 Nov 2023 14:43:12 +0400 Subject: [PATCH 08/10] return user details form db --- logic/jwts.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logic/jwts.go b/logic/jwts.go index 10554692..6e227b59 100644 --- a/logic/jwts.go +++ b/logic/jwts.go @@ -108,7 +108,7 @@ func VerifyUserToken(tokenString string) (username string, issuperadmin, isadmin } if user.UserName != "" { - return claims.UserName, claims.IsSuperAdmin, claims.IsAdmin, nil + return user.UserName, user.IsSuperAdmin, user.IsAdmin, nil } err = errors.New("user does not exist") } From 89e9a6f34e7b9e7df09a221e527402ea3f8ad438 Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Mon, 27 Nov 2023 20:13:29 +0400 Subject: [PATCH 09/10] set superadmin to user if owner conf is set --- migrate/migrate.go | 22 ++++++++++++++++++++++ servercfg/serverconf.go | 5 +++++ 2 files changed, 27 insertions(+) diff --git a/migrate/migrate.go b/migrate/migrate.go index 371ffe30..d805554d 100644 --- a/migrate/migrate.go +++ b/migrate/migrate.go @@ -2,6 +2,7 @@ package migrate import ( "encoding/json" + "log" "golang.org/x/exp/slog" @@ -9,6 +10,7 @@ import ( "github.com/gravitl/netmaker/logger" "github.com/gravitl/netmaker/logic" "github.com/gravitl/netmaker/models" + "github.com/gravitl/netmaker/servercfg" ) // Run - runs all migrations @@ -28,6 +30,26 @@ func assignSuperAdmin() { return } createdSuperAdmin := false + owner := servercfg.GetOwnerEmail() + if owner != "" { + user, err := logic.GetUser(owner) + if err != nil { + log.Fatal("error getting user", "user", owner, "error", err.Error()) + } + user.IsSuperAdmin = true + user.IsAdmin = false + err = logic.UpsertUser(*user) + if err != nil { + log.Fatal( + "error updating user to superadmin", + "user", + user.UserName, + "error", + err.Error(), + ) + } + return + } for _, u := range users { if u.IsAdmin { user, err := logic.GetUser(u.UserName) diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go index 7bac8ede..fd0b4a26 100644 --- a/servercfg/serverconf.go +++ b/servercfg/serverconf.go @@ -256,6 +256,11 @@ func GetPublicBrokerEndpoint() string { } } +// GetOwnerEmail - gets the owner email (saas) +func GetOwnerEmail() string { + return os.Getenv("OWNER_EMAIL") +} + // GetMessageQueueEndpoint - gets the message queue endpoint func GetMessageQueueEndpoint() (string, bool) { host, _ := GetPublicIP() From 2f76fa577a3f3029c7df7ba088210338f96e0118 Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Mon, 27 Nov 2023 20:27:10 +0400 Subject: [PATCH 10/10] saas owner email --- servercfg/serverconf.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go index fd0b4a26..d032e6bf 100644 --- a/servercfg/serverconf.go +++ b/servercfg/serverconf.go @@ -258,7 +258,7 @@ func GetPublicBrokerEndpoint() string { // GetOwnerEmail - gets the owner email (saas) func GetOwnerEmail() string { - return os.Getenv("OWNER_EMAIL") + return os.Getenv("SAAS_OWNER_EMAIL") } // GetMessageQueueEndpoint - gets the message queue endpoint