mirror of
https://github.com/gravitl/netmaker.git
synced 2024-11-11 18:32:08 +08:00
386 lines
7.4 KiB
Go
386 lines
7.4 KiB
Go
package mq
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"time"
|
|
|
|
mqtt "github.com/eclipse/paho.mqtt.golang"
|
|
"github.com/gravitl/netmaker/servercfg"
|
|
)
|
|
|
|
const (
|
|
// constant for admin role
|
|
adminRole = "admin"
|
|
// constant for server role
|
|
serverRole = "server"
|
|
// constant for exporter role
|
|
exporterRole = "exporter"
|
|
// constant for node role
|
|
NodeRole = "node"
|
|
|
|
// const for dynamic security file
|
|
dynamicSecurityFile = "dynamic-security.json"
|
|
)
|
|
|
|
var (
|
|
// default configuration of dynamic security
|
|
dynConfigInI = dynJSON{
|
|
Clients: []client{
|
|
{
|
|
Username: mqAdminUserName,
|
|
TextName: "netmaker admin user",
|
|
Password: "",
|
|
Salt: "",
|
|
Iterations: 0,
|
|
Roles: []clientRole{
|
|
{
|
|
Rolename: adminRole,
|
|
},
|
|
},
|
|
},
|
|
{
|
|
Username: mqNetmakerServerUserName,
|
|
TextName: "netmaker server user",
|
|
Password: "",
|
|
Salt: "",
|
|
Iterations: 0,
|
|
Roles: []clientRole{
|
|
{
|
|
Rolename: serverRole,
|
|
},
|
|
},
|
|
},
|
|
exporterMQClient,
|
|
},
|
|
Roles: []role{
|
|
{
|
|
Rolename: adminRole,
|
|
Acls: fetchAdminAcls(),
|
|
},
|
|
{
|
|
Rolename: serverRole,
|
|
Acls: fetchServerAcls(),
|
|
},
|
|
{
|
|
Rolename: NodeRole,
|
|
Acls: fetchNodeAcls(),
|
|
},
|
|
exporterMQRole,
|
|
},
|
|
DefaultAcl: defaultAccessAcl{
|
|
PublishClientSend: false,
|
|
PublishClientReceive: true,
|
|
Subscribe: false,
|
|
Unsubscribe: true,
|
|
},
|
|
}
|
|
|
|
exporterMQClient = client{
|
|
Username: mqExporterUserName,
|
|
TextName: "netmaker metrics exporter",
|
|
Password: "",
|
|
Salt: "",
|
|
Iterations: 101,
|
|
Roles: []clientRole{
|
|
{
|
|
Rolename: exporterRole,
|
|
},
|
|
},
|
|
}
|
|
exporterMQRole = role{
|
|
Rolename: exporterRole,
|
|
Acls: fetchExporterAcls(),
|
|
}
|
|
)
|
|
|
|
// DynListCLientsCmdResp - struct for list clients response from MQ
|
|
type DynListCLientsCmdResp struct {
|
|
Responses []struct {
|
|
Command string `json:"command"`
|
|
Error string `json:"error"`
|
|
Data ListClientsData `json:"data"`
|
|
} `json:"responses"`
|
|
}
|
|
|
|
// ListClientsData - struct for list clients data
|
|
type ListClientsData struct {
|
|
Clients []string `json:"clients"`
|
|
TotalCount int `json:"totalCount"`
|
|
}
|
|
|
|
// GetAdminClient - fetches admin client of the MQ
|
|
func GetAdminClient() (mqtt.Client, error) {
|
|
opts := mqtt.NewClientOptions()
|
|
setMqOptions(mqAdminUserName, servercfg.GetMqAdminPassword(), opts)
|
|
mqclient := mqtt.NewClient(opts)
|
|
var connecterr error
|
|
if token := mqclient.Connect(); !token.WaitTimeout(MQ_TIMEOUT*time.Second) || token.Error() != nil {
|
|
if token.Error() == nil {
|
|
connecterr = errors.New("connect timeout")
|
|
} else {
|
|
connecterr = token.Error()
|
|
}
|
|
}
|
|
return mqclient, connecterr
|
|
}
|
|
|
|
// ListClients - to list all clients in the MQ
|
|
func ListClients(client mqtt.Client) (ListClientsData, error) {
|
|
respChan := make(chan mqtt.Message, 10)
|
|
defer close(respChan)
|
|
command := "listClients"
|
|
resp := ListClientsData{}
|
|
msg := MqDynsecPayload{
|
|
Commands: []MqDynSecCmd{
|
|
{
|
|
Command: command,
|
|
},
|
|
},
|
|
}
|
|
client.Subscribe("$CONTROL/dynamic-security/v1/response", 2, mqtt.MessageHandler(func(c mqtt.Client, m mqtt.Message) {
|
|
respChan <- m
|
|
}))
|
|
defer client.Unsubscribe()
|
|
d, _ := json.Marshal(msg)
|
|
token := client.Publish("$CONTROL/dynamic-security/v1", 2, true, d)
|
|
if !token.WaitTimeout(30) || token.Error() != nil {
|
|
var err error
|
|
if token.Error() == nil {
|
|
err = errors.New("connection timeout")
|
|
} else {
|
|
err = token.Error()
|
|
}
|
|
return resp, err
|
|
}
|
|
|
|
for m := range respChan {
|
|
msg := DynListCLientsCmdResp{}
|
|
json.Unmarshal(m.Payload(), &msg)
|
|
for _, mI := range msg.Responses {
|
|
if mI.Command == command {
|
|
return mI.Data, nil
|
|
}
|
|
}
|
|
}
|
|
return resp, errors.New("resp not found")
|
|
}
|
|
|
|
// FetchNetworkAcls - fetches network acls
|
|
func FetchNetworkAcls(network string) []Acl {
|
|
return []Acl{
|
|
{
|
|
AclType: "publishClientReceive",
|
|
Topic: fmt.Sprintf("update/%s/#", network),
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientReceive",
|
|
Topic: fmt.Sprintf("peers/%s/#", network),
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "subscribePattern",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "unsubscribePattern",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
}
|
|
}
|
|
|
|
// serverAcls - fetches server role related acls
|
|
func fetchServerAcls() []Acl {
|
|
return []Acl{
|
|
{
|
|
AclType: "publishClientSend",
|
|
Topic: "peers/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientSend",
|
|
Topic: "update/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientSend",
|
|
Topic: "metrics_exporter",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientReceive",
|
|
Topic: "ping/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientReceive",
|
|
Topic: "update/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientReceive",
|
|
Topic: "signal/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientReceive",
|
|
Topic: "metrics/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "subscribePattern",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "unsubscribePattern",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
}
|
|
}
|
|
|
|
// fetchNodeAcls - fetches node related acls
|
|
func fetchNodeAcls() []Acl {
|
|
// keeping node acls generic as of now.
|
|
return []Acl{
|
|
|
|
{
|
|
AclType: "publishClientSend",
|
|
Topic: "signal/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientSend",
|
|
Topic: "update/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientSend",
|
|
Topic: "ping/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientSend",
|
|
Topic: "metrics/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "subscribePattern",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "unsubscribePattern",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
}
|
|
}
|
|
|
|
// fetchExporterAcls - fetch exporter role related acls
|
|
func fetchExporterAcls() []Acl {
|
|
return []Acl{
|
|
{
|
|
AclType: "publishClientReceive",
|
|
Topic: "metrics_exporter",
|
|
Allow: true,
|
|
Priority: -1,
|
|
},
|
|
{
|
|
AclType: "subscribePattern",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "unsubscribePattern",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
}
|
|
}
|
|
|
|
// fetchAdminAcls - fetches admin role related acls
|
|
func fetchAdminAcls() []Acl {
|
|
return []Acl{
|
|
{
|
|
AclType: "publishClientSend",
|
|
Topic: "$CONTROL/dynamic-security/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientReceive",
|
|
Topic: "$CONTROL/dynamic-security/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "subscribePattern",
|
|
Topic: "$CONTROL/dynamic-security/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientReceive",
|
|
Topic: "$SYS/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "subscribePattern",
|
|
Topic: "$SYS/#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientReceive",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "subscribePattern",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "unsubscribePattern",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
{
|
|
AclType: "publishClientSend",
|
|
Topic: "#",
|
|
Priority: -1,
|
|
Allow: true,
|
|
},
|
|
}
|
|
}
|