Implement getting exclave nodes in node repo client.

9 files changed, 76 insertions, 22 deletions

diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeRepository.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeRepository.java
index b423eb5dbdf..c06c9328998 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeRepository.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeRepository.java
@@ -24,6 +24,8 @@ public interface NodeRepository {
 
     Map<String, Acl> getAcls(String hostname);
 
+    List<ConfigserverPeer> getExclavePeers();
+
     List<ConfigserverPeer> getConfigserverPeers();
 
     void updateNodeAttributes(String hostName, NodeAttributes nodeAttributes);
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
index e092cc15145..6199d7c30f3 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
@@ -130,10 +130,20 @@ public class RealNodeRepository implements NodeRepository {
     }
 
     @Override
+    public List<ConfigserverPeer> getExclavePeers() {
+        String path = "/nodes/v2/node/?recursive=true&enclave=true";
+        final GetNodesResponse response = configServerApi.get(path, GetNodesResponse.class);
+
+        return response.nodes.stream()
+                .map(RealNodeRepository::createTenantPeer)
+                .sorted(Comparator.comparing(ConfigserverPeer::hostname))
+                .toList();
+    }
+
+    @Override
     public List<ConfigserverPeer> getConfigserverPeers() {
-        GetWireguardResponse nodeResponse = configServerApi.get("/nodes/v2/wireguard",
-                                                                GetWireguardResponse.class);
-        return nodeResponse.configservers.stream()
+        GetWireguardResponse response = configServerApi.get("/nodes/v2/wireguard", GetWireguardResponse.class);
+        return response.configservers.stream()
                 .map(RealNodeRepository::createConfigserverPeer)
                 .sorted(Comparator.comparing(ConfigserverPeer::hostname))
                 .toList();
@@ -340,6 +350,12 @@ public class RealNodeRepository implements NodeRepository {
         return node;
     }
 
+    private static ConfigserverPeer createTenantPeer(NodeRepositoryNode node) {
+        return new ConfigserverPeer(HostName.of(node.hostname),
+                                    node.ipAddresses.stream().map(VersionedIpAddress::from).toList(),
+                                    node.wireguardKey());
+    }
+
     private static ConfigserverPeer createConfigserverPeer(GetWireguardResponse.Configserver configServer) {
         return new ConfigserverPeer(HostName.of(configServer.hostname),
                                     configServer.ipAddresses.stream().map(VersionedIpAddress::from).toList(),
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java
index eb7ceab6021..1c6cb5224de 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java
@@ -5,9 +5,11 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.JsonNode;
+import com.yahoo.config.provision.WireguardKey;
 
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.Set;
 
 /**
@@ -94,6 +96,10 @@ public class NodeRepositoryNode {
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
     public String wireguardPubkey;
 
+    public Optional<WireguardKey> wireguardKey() {
+        return (wireguardPubkey == null || wireguardPubkey.isEmpty()) ? Optional.empty() : Optional.of(new WireguardKey(wireguardPubkey));
+    }
+
     @JsonProperty("reports")
     public Map<String, JsonNode> reports = null;
 
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/ConfigserverPeer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/ConfigserverPeer.java
index 63ddc2f3dd2..b1c1e83dedd 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/ConfigserverPeer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/ConfigserverPeer.java
@@ -8,6 +8,8 @@ import java.util.List;
 import java.util.Optional;
 
 /**
+ * A wireguard peer.
+ *
  * @author gjoranv
  */
 public record ConfigserverPeer(HostName hostname,
@@ -15,8 +17,8 @@ public record ConfigserverPeer(HostName hostname,
                                Optional<WireguardKey> publicKey) {
 
     public ConfigserverPeer {
-        if (ipAddresses.isEmpty()) throw new IllegalArgumentException("No IP addresses for configserver " + hostname.value());
-        ipAddresses = List.copyOf(ipAddresses);
+        if (ipAddresses.isEmpty()) throw new IllegalArgumentException("No IP addresses for peer node " + hostname.value());
+        ipAddresses = ipAddresses.stream().sorted().toList();
     }
 
 }
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java
index 9c33db0355f..8ed7eac6a41 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java
@@ -199,24 +199,42 @@ public class RealNodeRepositoryTest {
     }
 
     @Test
-    void wireguard_peer_config_for_configservers_can_be_retrieved() {
+    void wireguard_peer_config_can_be_retrieved_for_configservers_and_exclave_nodes() {
+
+        //// Configservers ////
+
         List<ConfigserverPeer> cfgPeers =  nodeRepositoryApi.getConfigserverPeers();
         assertEquals(2, cfgPeers.size());
 
-        var cfg1 = cfgPeers.get(0);
-        assertEquals("cfg1.yahoo.com", cfg1.hostname().value());
-        assertEquals(2, cfg1.ipAddresses().size());
-        assertIp(cfg1.ipAddresses().get(0), "127.0.201.1", 4);
-        assertIp(cfg1.ipAddresses().get(1), "::201:1", 6);
-        assertEquals("lololololololololololololololololololololoo=", cfg1.publicKey().get().value());
+        assertWireguardPeer(cfgPeers.get(0), "cfg1.yahoo.com",
+                            "::201:1", "127.0.201.1",
+                            "lololololololololololololololololololololoo=");
+
+        assertWireguardPeer(cfgPeers.get(1), "cfg2.yahoo.com",
+                            "::202:1", "127.0.202.1",
+                            "olololololololololololololololololololololo=");
+
+        //// Exclave nodes ////
 
-        var cfg2 = cfgPeers.get(1);
-        assertEquals("cfg2.yahoo.com", cfg2.hostname().value());
-        assertEquals(2, cfg1.ipAddresses().size());
-        assertIp(cfg2.ipAddresses().get(0), "127.0.202.1", 4);
-        assertIp(cfg2.ipAddresses().get(1), "::202:1", 6);
-        assertEquals("olololololololololololololololololololololo=", cfg2.publicKey().get().value());
+        List<ConfigserverPeer> exclavePeers =  nodeRepositoryApi.getExclavePeers();
+        System.out.println(exclavePeers);
+        assertEquals(2, exclavePeers.size());
+
+        assertWireguardPeer(exclavePeers.get(0), "dockerhost2.yahoo.com",
+                            "::101:1", "127.0.101.1",
+                            "000011112222333344445555666677778888999900c=");
+
+        assertWireguardPeer(exclavePeers.get(0), "host3.yahoo.com",
+                            "::3:1", "127.0.3.1",
+                            "333344445555666677778888999900001111222211c=");
+    }
 
+    private void assertWireguardPeer(ConfigserverPeer peer, String hostname, String ipv6, String ipv4, String publicKey) {
+        assertEquals(hostname, peer.hostname().value());
+        assertEquals(2, peer.ipAddresses().size());
+        assertIp(peer.ipAddresses().get(0), ipv6, 6);
+        assertIp(peer.ipAddresses().get(1), ipv4, 4);
+        assertEquals(publicKey, peer.publicKey().get().value());
     }
 
     private void assertIp(VersionedIpAddress ip, String expectedIp, int expectedVersion) {
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integration/NodeRepoMock.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integration/NodeRepoMock.java
index 06729083494..11033681177 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integration/NodeRepoMock.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integration/NodeRepoMock.java
@@ -48,6 +48,11 @@ public class NodeRepoMock implements NodeRepository {
     }
 
     @Override
+    public List<ConfigserverPeer> getExclavePeers() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
     public List<ConfigserverPeer> getConfigserverPeers() {
         throw new UnsupportedOperationException();
     }
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java
index d27bd3aea4a..3caefcdc69e 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java
@@ -110,7 +110,8 @@ public class MockNodeRepository extends NodeRepository {
                           .cloudAccount(defaultCloudAccount).build());
         // Emulate node in tenant account
         nodes.add(Node.create("node3", ipConfig(3), "host3.yahoo.com", resources(0.5, 48, 500, 1, fast, local), NodeType.tenant)
-                              .cloudAccount(tenantAccount).build());
+                          .wireguardPubKey(WireguardKey.from("333344445555666677778888999900001111222211c="))
+                          .cloudAccount(tenantAccount).build());
         Node node4 = Node.create("node4", ipConfig(4), "host4.yahoo.com", resources(1, 4, 100, 1, fast, local), NodeType.tenant)
                 .parentHostname("dockerhost1.yahoo.com")
                 .status(Status.initial()
@@ -156,7 +157,9 @@ public class MockNodeRepository extends NodeRepository {
                              flavors.getFlavorOrThrow("large"), NodeType.host).cloudAccount(defaultCloudAccount).build());
         // Emulate host in tenant account
         nodes.add(Node.create("dockerhost2", ipConfig(101, 1, 3), "dockerhost2.yahoo.com",
-                             flavors.getFlavorOrThrow("large"), NodeType.host).cloudAccount(tenantAccount).build());
+                              flavors.getFlavorOrThrow("large"), NodeType.host)
+                          .wireguardPubKey(WireguardKey.from("000011112222333344445555666677778888999900c="))
+                          .cloudAccount(tenantAccount).build());
         nodes.add(Node.create("dockerhost3", ipConfig(102, 1, 3), "dockerhost3.yahoo.com",
                              flavors.getFlavorOrThrow("large"), NodeType.host).cloudAccount(defaultCloudAccount).build());
         nodes.add(Node.create("dockerhost4", ipConfig(103, 1, 3), "dockerhost4.yahoo.com",
diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/docker-node2.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/docker-node2.json
index b39aba199b7..f7e02261065 100644
--- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/docker-node2.json
+++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/docker-node2.json
@@ -98,5 +98,6 @@
     "::101:3",
     "::101:4"
   ],
-  "cloudAccount": "777888999000"
+  "cloudAccount": "777888999000",
+  "wireguardPubkey":"000011112222333344445555666677778888999900c="
 }
diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node3.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node3.json
index 1c560c2f95b..aa45de1f3dd 100644
--- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node3.json
+++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node3.json
@@ -50,5 +50,6 @@
     "::3:1"
   ],
   "additionalIpAddresses": [],
-  "cloudAccount": "777888999000"
+  "cloudAccount": "777888999000",
+  "wireguardPubkey":"333344445555666677778888999900001111222211c="
 }