diff options
author | gjoranv <gjoranv@gmail.com> | 2023-09-05 13:17:10 +0200 |
---|---|---|
committer | gjoranv <gjoranv@gmail.com> | 2023-09-11 18:25:56 +0200 |
commit | 1f55e759b1830bc8f2386d7bc5db71e524327620 (patch) | |
tree | 26bb44c172fc3812dc52b10d74c7086d418425b0 /node-admin | |
parent | 0a383addced96943dd7e94ed50ec7006b3e282e1 (diff) |
Add wireguard key timestamp to node repo.
Diffstat (limited to 'node-admin')
5 files changed, 41 insertions, 5 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeAttributes.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeAttributes.java index 5d87c5dd3fc..295b0623aa0 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeAttributes.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeAttributes.java @@ -34,6 +34,7 @@ public class NodeAttributes { private Optional<Instant> currentFirmwareCheck = Optional.empty(); private List<TrustStoreItem> trustStore = List.of(); private Optional<WireguardKey> wireguardPubkey = Optional.empty(); + private Optional<Instant> wireguardKeyTimestamp = Optional.empty(); /** The list of reports to patch. A null value is used to remove the report. */ private Map<String, JsonNode> reports = new TreeMap<>(); @@ -88,6 +89,11 @@ public class NodeAttributes { return this; } + public NodeAttributes withWireguardKeyTimestamp(Instant wireguardKeyTimestamp) { + this.wireguardKeyTimestamp = Optional.of(wireguardKeyTimestamp); + return this; + } + public NodeAttributes withReports(Map<String, JsonNode> nodeReports) { this.reports = new TreeMap<>(nodeReports); return this; @@ -137,6 +143,8 @@ public class NodeAttributes { public Optional<WireguardKey> getWireguardPubkey() { return wireguardPubkey; } + public Optional<Instant> getWireguardKeyTimestamp() { return wireguardKeyTimestamp; } + public Map<String, JsonNode> getReports() { return reports; } @@ -148,7 +156,7 @@ public class NodeAttributes { @Override public int hashCode() { return Objects.hash(hostId, restartGeneration, rebootGeneration, dockerImage, vespaVersion, currentOsVersion, - currentFirmwareCheck, trustStore, wireguardPubkey, reports); + currentFirmwareCheck, trustStore, wireguardPubkey, wireguardKeyTimestamp, reports); } public boolean isEmpty() { @@ -170,6 +178,7 @@ public class NodeAttributes { && Objects.equals(currentFirmwareCheck, other.currentFirmwareCheck) && Objects.equals(trustStore, other.trustStore) && Objects.equals(wireguardPubkey, other.wireguardPubkey) + && Objects.equals(wireguardKeyTimestamp, other.wireguardKeyTimestamp) && Objects.equals(reports, other.reports); } @@ -184,6 +193,7 @@ public class NodeAttributes { currentFirmwareCheck.map(at -> "currentFirmwareCheck=" + at), Optional.ofNullable(trustStore.isEmpty() ? null : "trustStore=" + trustStore), Optional.ofNullable(wireguardPubkey.isEmpty() ? null : "wireguardPubkey=" + wireguardPubkey), + Optional.ofNullable(wireguardKeyTimestamp.isEmpty() ? null : "wireguardKeyTimestamp=" + wireguardKeyTimestamp), Optional.ofNullable(reports.isEmpty() ? null : "reports=" + reports)) .filter(Optional::isPresent) .map(Optional::get) diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java index d217d038e42..db22b8bafe2 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java @@ -75,6 +75,8 @@ public class NodeSpec { private final Optional<WireguardKey> wireguardPubkey; + private final Optional<Instant> wireguardKeyTimestamp; + private final boolean wantToRebuild; public NodeSpec( @@ -111,6 +113,7 @@ public class NodeSpec { Optional<ApplicationId> exclusiveTo, List<TrustStoreItem> trustStore, Optional<WireguardKey> wireguardPubkey, + Optional<Instant> wireguardKeyTimestamp, boolean wantToRebuild) { if (state == NodeState.active) { @@ -155,6 +158,7 @@ public class NodeSpec { this.exclusiveTo = Objects.requireNonNull(exclusiveTo); this.trustStore = Objects.requireNonNull(trustStore); this.wireguardPubkey = Objects.requireNonNull(wireguardPubkey); + this.wireguardKeyTimestamp = Objects.requireNonNull(wireguardKeyTimestamp); this.wantToRebuild = wantToRebuild; } @@ -311,6 +315,8 @@ public class NodeSpec { public Optional<WireguardKey> wireguardPubkey() { return wireguardPubkey; } + public Optional<Instant> wireguardKeyTimestamp() { return wireguardKeyTimestamp; } + public boolean wantToRebuild() { return wantToRebuild; } @@ -353,6 +359,7 @@ public class NodeSpec { Objects.equals(exclusiveTo, that.exclusiveTo) && Objects.equals(trustStore, that.trustStore) && Objects.equals(wireguardPubkey, that.wireguardPubkey) && + Objects.equals(wireguardKeyTimestamp, that.wireguardKeyTimestamp) && Objects.equals(wantToRebuild, that.wantToRebuild); } @@ -392,6 +399,7 @@ public class NodeSpec { exclusiveTo, trustStore, wireguardPubkey, + wireguardKeyTimestamp, wantToRebuild); } @@ -431,6 +439,7 @@ public class NodeSpec { + " exclusiveTo=" + exclusiveTo + " trustStore=" + trustStore + " wireguardPubkey=" + wireguardPubkey + + " wireguardKeyTimestamp=" + wireguardKeyTimestamp + " wantToRebuild=" + wantToRebuild + " }"; } @@ -469,6 +478,7 @@ public class NodeSpec { private Optional<ApplicationId> exclusiveTo = Optional.empty(); private List<TrustStoreItem> trustStore = List.of(); private Optional<WireguardKey> wireguardPubkey = Optional.empty(); + private Optional<Instant> wireguardKeyTimestamp = Optional.empty(); private boolean wantToRebuild = false; public Builder() {} @@ -505,6 +515,7 @@ public class NodeSpec { node.exclusiveTo.ifPresent(this::exclusiveTo); trustStore(node.trustStore); node.wireguardPubkey.ifPresent(this::wireguardPubkey); + node.wireguardKeyTimestamp.ifPresent(this::wireguardKeyTimestamp); wantToRebuild(node.wantToRebuild); } @@ -693,8 +704,13 @@ public class NodeSpec { return this; } - public Builder wireguardPubkey(WireguardKey wireguardKey) { - wireguardPubkey = Optional.of(wireguardKey); + public Builder wireguardPubkey(WireguardKey wireguardPubKey) { + this.wireguardPubkey = Optional.of(wireguardPubKey); + return this; + } + + public Builder wireguardKeyTimestamp(Instant wireguardKeyTimestamp) { + this.wireguardKeyTimestamp = Optional.of(wireguardKeyTimestamp); return this; } @@ -712,6 +728,7 @@ public class NodeSpec { // Always replace entire trust store trustStore(attributes.getTrustStore()); attributes.getWireguardPubkey().ifPresent(this::wireguardPubkey); + attributes.getWireguardKeyTimestamp().ifPresent(this::wireguardKeyTimestamp); this.reports.updateFromRawMap(attributes.getReports()); return this; @@ -830,7 +847,7 @@ public class NodeSpec { wantedFirmwareCheck, currentFirmwareCheck, modelName, resources, realResources, ipAddresses, additionalIpAddresses, reports, events, parentHostname, archiveUri, exclusiveTo, trustStore, - wireguardPubkey, wantToRebuild); + wireguardPubkey, wireguardKeyTimestamp, wantToRebuild); } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java index 043a8ae4cd5..ddad45366ea 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java @@ -242,6 +242,7 @@ public class RealNodeRepository implements NodeRepository { Optional.ofNullable(node.exclusiveTo).map(ApplicationId::fromSerializedForm), trustStore, Optional.ofNullable(node.wireguardPubkey).map(WireguardKey::from), + Optional.ofNullable(node.wireguardKeyTimestamp).map(Instant::ofEpochMilli), node.wantToRebuild); } @@ -359,6 +360,7 @@ public class RealNodeRepository implements NodeRepository { .map(item -> new NodeRepositoryNode.TrustStoreItem(item.fingerprint(), item.expiry().toEpochMilli())) .toList(); node.wireguardPubkey = nodeAttributes.getWireguardPubkey().map(WireguardKey::value).orElse(null); + node.wireguardKeyTimestamp = nodeAttributes.getWireguardKeyTimestamp().map(Instant::toEpochMilli).orElse(null); Map<String, JsonNode> reports = nodeAttributes.getReports(); node.reports = reports == null || reports.isEmpty() ? null : new TreeMap<>(reports); diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java index 8078b3acf6f..3d0d052a877 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java @@ -95,6 +95,9 @@ public class NodeRepositoryNode { @JsonProperty("wireguardPubkey") @JsonInclude(JsonInclude.Include.NON_EMPTY) public String wireguardPubkey; + @JsonProperty("wireguardKeyTimestamp") + @JsonInclude(JsonInclude.Include.NON_EMPTY) + public Long wireguardKeyTimestamp; @JsonProperty("reports") public Map<String, JsonNode> reports = null; @@ -139,6 +142,7 @@ public class NodeRepositoryNode { ", history=" + history + ", trustStore=" + trustStore + ", wireguardPubkey=" + wireguardPubkey + + ", wireguardKeyTimestamp=" + wireguardKeyTimestamp + ", reports=" + reports + '}'; } diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java index 6358fcecafb..35ed8a3e6ea 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java @@ -139,18 +139,21 @@ public class RealNodeRepositoryTest { var hostname = "host4.yahoo.com"; var dockerImage = "registry.example.com/repo/image-1:6.2.3"; var wireguardKey = WireguardKey.from("111122223333444455556666777788889999000042c="); + var wireguardKeyTimestamp = Instant.ofEpochMilli(321L); nodeRepositoryApi.updateNodeAttributes( hostname, new NodeAttributes() .withRestartGeneration(1) .withDockerImage(DockerImage.fromString(dockerImage)) - .withWireguardPubkey(wireguardKey)); + .withWireguardPubkey(wireguardKey) + .withWireguardKeyTimestamp(wireguardKeyTimestamp)); NodeSpec hostSpec = nodeRepositoryApi.getOptionalNode(hostname).orElseThrow(); assertEquals(1, hostSpec.currentRestartGeneration().orElseThrow()); assertEquals(dockerImage, hostSpec.currentDockerImage().orElseThrow().asString()); assertEquals(wireguardKey.value(), hostSpec.wireguardPubkey().orElseThrow().value()); + assertEquals(wireguardKeyTimestamp, hostSpec.wireguardKeyTimestamp().orElseThrow()); } @Test |