Add wireguard key timestamp to node repo.

author: gjoranv <gjoranv@gmail.com> 2023-09-05 13:17:10 +0200
committer: gjoranv <gjoranv@gmail.com> 2023-09-11 18:25:56 +0200
commit: 1f55e759b1830bc8f2386d7bc5db71e524327620 (patch)
tree: 26bb44c172fc3812dc52b10d74c7086d418425b0 /node-admin
parent: 0a383addced96943dd7e94ed50ec7006b3e282e1 (diff)
5 files changed, 41 insertions, 5 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeAttributes.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeAttributes.java
index 5d87c5dd3fc..295b0623aa0 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeAttributes.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeAttributes.java
@@ -34,6 +34,7 @@ public class NodeAttributes {
     private Optional<Instant> currentFirmwareCheck = Optional.empty();
     private List<TrustStoreItem> trustStore = List.of();
     private Optional<WireguardKey> wireguardPubkey = Optional.empty();
+    private Optional<Instant> wireguardKeyTimestamp = Optional.empty();
     /** The list of reports to patch. A null value is used to remove the report. */
     private Map<String, JsonNode> reports = new TreeMap<>();
 
@@ -88,6 +89,11 @@ public class NodeAttributes {
         return this;
     }
 
+    public NodeAttributes withWireguardKeyTimestamp(Instant wireguardKeyTimestamp) {
+        this.wireguardKeyTimestamp = Optional.of(wireguardKeyTimestamp);
+        return this;
+    }
+
     public NodeAttributes withReports(Map<String, JsonNode> nodeReports) {
         this.reports = new TreeMap<>(nodeReports);
         return this;
@@ -137,6 +143,8 @@ public class NodeAttributes {
 
     public Optional<WireguardKey> getWireguardPubkey() { return wireguardPubkey; }
 
+    public Optional<Instant> getWireguardKeyTimestamp() { return wireguardKeyTimestamp; }
+
     public Map<String, JsonNode> getReports() {
         return reports;
     }
@@ -148,7 +156,7 @@ public class NodeAttributes {
     @Override
     public int hashCode() {
         return Objects.hash(hostId, restartGeneration, rebootGeneration, dockerImage, vespaVersion, currentOsVersion,
-                            currentFirmwareCheck, trustStore, wireguardPubkey, reports);
+                            currentFirmwareCheck, trustStore, wireguardPubkey, wireguardKeyTimestamp, reports);
     }
 
     public boolean isEmpty() {
@@ -170,6 +178,7 @@ public class NodeAttributes {
                 && Objects.equals(currentFirmwareCheck, other.currentFirmwareCheck)
                 && Objects.equals(trustStore, other.trustStore)
                 && Objects.equals(wireguardPubkey, other.wireguardPubkey)
+                && Objects.equals(wireguardKeyTimestamp, other.wireguardKeyTimestamp)
                 && Objects.equals(reports, other.reports);
     }
 
@@ -184,6 +193,7 @@ public class NodeAttributes {
                          currentFirmwareCheck.map(at -> "currentFirmwareCheck=" + at),
                          Optional.ofNullable(trustStore.isEmpty() ? null : "trustStore=" + trustStore),
                          Optional.ofNullable(wireguardPubkey.isEmpty() ? null : "wireguardPubkey=" + wireguardPubkey),
+                            Optional.ofNullable(wireguardKeyTimestamp.isEmpty() ? null : "wireguardKeyTimestamp=" + wireguardKeyTimestamp),
                          Optional.ofNullable(reports.isEmpty() ? null : "reports=" + reports))
                 .filter(Optional::isPresent)
                 .map(Optional::get)
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java
index d217d038e42..db22b8bafe2 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java
@@ -75,6 +75,8 @@ public class NodeSpec {
 
     private final Optional<WireguardKey> wireguardPubkey;
 
+    private final Optional<Instant> wireguardKeyTimestamp;
+
     private final boolean wantToRebuild;
 
     public NodeSpec(
@@ -111,6 +113,7 @@ public class NodeSpec {
             Optional<ApplicationId> exclusiveTo,
             List<TrustStoreItem> trustStore,
             Optional<WireguardKey> wireguardPubkey,
+            Optional<Instant> wireguardKeyTimestamp,
             boolean wantToRebuild) {
 
         if (state == NodeState.active) {
@@ -155,6 +158,7 @@ public class NodeSpec {
         this.exclusiveTo = Objects.requireNonNull(exclusiveTo);
         this.trustStore = Objects.requireNonNull(trustStore);
         this.wireguardPubkey = Objects.requireNonNull(wireguardPubkey);
+        this.wireguardKeyTimestamp = Objects.requireNonNull(wireguardKeyTimestamp);
         this.wantToRebuild = wantToRebuild;
     }
 
@@ -311,6 +315,8 @@ public class NodeSpec {
 
     public Optional<WireguardKey> wireguardPubkey() { return wireguardPubkey; }
 
+    public Optional<Instant> wireguardKeyTimestamp() { return wireguardKeyTimestamp; }
+
     public boolean wantToRebuild() {
         return wantToRebuild;
     }
@@ -353,6 +359,7 @@ public class NodeSpec {
                 Objects.equals(exclusiveTo, that.exclusiveTo) &&
                 Objects.equals(trustStore, that.trustStore) &&
                 Objects.equals(wireguardPubkey, that.wireguardPubkey) &&
+                Objects.equals(wireguardKeyTimestamp, that.wireguardKeyTimestamp) &&
                 Objects.equals(wantToRebuild, that.wantToRebuild);
     }
 
@@ -392,6 +399,7 @@ public class NodeSpec {
                 exclusiveTo,
                 trustStore,
                 wireguardPubkey,
+                wireguardKeyTimestamp,
                 wantToRebuild);
     }
 
@@ -431,6 +439,7 @@ public class NodeSpec {
                 + " exclusiveTo=" + exclusiveTo
                 + " trustStore=" + trustStore
                 + " wireguardPubkey=" + wireguardPubkey
+                + " wireguardKeyTimestamp=" + wireguardKeyTimestamp
                 + " wantToRebuild=" + wantToRebuild
                 + " }";
     }
@@ -469,6 +478,7 @@ public class NodeSpec {
         private Optional<ApplicationId> exclusiveTo = Optional.empty();
         private List<TrustStoreItem> trustStore = List.of();
         private Optional<WireguardKey> wireguardPubkey = Optional.empty();
+        private Optional<Instant> wireguardKeyTimestamp = Optional.empty();
         private boolean wantToRebuild = false;
 
         public Builder() {}
@@ -505,6 +515,7 @@ public class NodeSpec {
             node.exclusiveTo.ifPresent(this::exclusiveTo);
             trustStore(node.trustStore);
             node.wireguardPubkey.ifPresent(this::wireguardPubkey);
+            node.wireguardKeyTimestamp.ifPresent(this::wireguardKeyTimestamp);
             wantToRebuild(node.wantToRebuild);
         }
 
@@ -693,8 +704,13 @@ public class NodeSpec {
             return this;
         }
 
-        public Builder wireguardPubkey(WireguardKey wireguardKey) {
-            wireguardPubkey = Optional.of(wireguardKey);
+        public Builder wireguardPubkey(WireguardKey wireguardPubKey) {
+            this.wireguardPubkey = Optional.of(wireguardPubKey);
+            return this;
+        }
+
+        public Builder wireguardKeyTimestamp(Instant wireguardKeyTimestamp) {
+            this.wireguardKeyTimestamp = Optional.of(wireguardKeyTimestamp);
             return this;
         }
 
@@ -712,6 +728,7 @@ public class NodeSpec {
             // Always replace entire trust store
             trustStore(attributes.getTrustStore());
             attributes.getWireguardPubkey().ifPresent(this::wireguardPubkey);
+            attributes.getWireguardKeyTimestamp().ifPresent(this::wireguardKeyTimestamp);
             this.reports.updateFromRawMap(attributes.getReports());
 
             return this;
@@ -830,7 +847,7 @@ public class NodeSpec {
                                 wantedFirmwareCheck, currentFirmwareCheck, modelName,
                                 resources, realResources, ipAddresses, additionalIpAddresses,
                                 reports, events, parentHostname, archiveUri, exclusiveTo, trustStore,
-                                wireguardPubkey, wantToRebuild);
+                                wireguardPubkey, wireguardKeyTimestamp, wantToRebuild);
         }
 
 
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
index 043a8ae4cd5..ddad45366ea 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
@@ -242,6 +242,7 @@ public class RealNodeRepository implements NodeRepository {
                 Optional.ofNullable(node.exclusiveTo).map(ApplicationId::fromSerializedForm),
                 trustStore,
                 Optional.ofNullable(node.wireguardPubkey).map(WireguardKey::from),
+                Optional.ofNullable(node.wireguardKeyTimestamp).map(Instant::ofEpochMilli),
                 node.wantToRebuild);
     }
 
@@ -359,6 +360,7 @@ public class RealNodeRepository implements NodeRepository {
                 .map(item -> new NodeRepositoryNode.TrustStoreItem(item.fingerprint(), item.expiry().toEpochMilli()))
                 .toList();
         node.wireguardPubkey = nodeAttributes.getWireguardPubkey().map(WireguardKey::value).orElse(null);
+        node.wireguardKeyTimestamp = nodeAttributes.getWireguardKeyTimestamp().map(Instant::toEpochMilli).orElse(null);
         Map<String, JsonNode> reports = nodeAttributes.getReports();
         node.reports = reports == null || reports.isEmpty() ? null : new TreeMap<>(reports);
 
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java
index 8078b3acf6f..3d0d052a877 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java
@@ -95,6 +95,9 @@ public class NodeRepositoryNode {
     @JsonProperty("wireguardPubkey")
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
     public String wireguardPubkey;
+    @JsonProperty("wireguardKeyTimestamp")
+    @JsonInclude(JsonInclude.Include.NON_EMPTY)
+    public Long wireguardKeyTimestamp;
 
     @JsonProperty("reports")
     public Map<String, JsonNode> reports = null;
@@ -139,6 +142,7 @@ public class NodeRepositoryNode {
                ", history=" + history +
                ", trustStore=" + trustStore +
                ", wireguardPubkey=" + wireguardPubkey +
+               ", wireguardKeyTimestamp=" + wireguardKeyTimestamp +
                ", reports=" + reports +
                '}';
     }
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java
index 6358fcecafb..35ed8a3e6ea 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java
@@ -139,18 +139,21 @@ public class RealNodeRepositoryTest {
         var hostname = "host4.yahoo.com";
         var dockerImage = "registry.example.com/repo/image-1:6.2.3";
         var wireguardKey = WireguardKey.from("111122223333444455556666777788889999000042c=");
+        var wireguardKeyTimestamp = Instant.ofEpochMilli(321L);
 
         nodeRepositoryApi.updateNodeAttributes(
                 hostname,
                 new NodeAttributes()
                         .withRestartGeneration(1)
                         .withDockerImage(DockerImage.fromString(dockerImage))
-                        .withWireguardPubkey(wireguardKey));
+                        .withWireguardPubkey(wireguardKey)
+                        .withWireguardKeyTimestamp(wireguardKeyTimestamp));
 
         NodeSpec hostSpec = nodeRepositoryApi.getOptionalNode(hostname).orElseThrow();
         assertEquals(1, hostSpec.currentRestartGeneration().orElseThrow());
         assertEquals(dockerImage, hostSpec.currentDockerImage().orElseThrow().asString());
         assertEquals(wireguardKey.value(), hostSpec.wireguardPubkey().orElseThrow().value());
+        assertEquals(wireguardKeyTimestamp, hostSpec.wireguardKeyTimestamp().orElseThrow());
     }
 
     @Test
author	gjoranv <gjoranv@gmail.com>	2023-09-05 13:17:10 +0200
committer	gjoranv <gjoranv@gmail.com>	2023-09-11 18:25:56 +0200
commit	1f55e759b1830bc8f2386d7bc5db71e524327620 (patch)
tree	26bb44c172fc3812dc52b10d74c7086d418425b0 /node-admin
parent	0a383addced96943dd7e94ed50ec7006b3e282e1 (diff)