Add wireguard key timestamp to node repo and WireguardPeer

- Set from NodePatcher clock. - Add UNINITIALIZED wireguard key constant
author: gjoranv <gjoranv@gmail.com> 2023-09-05 13:17:10 +0200
committer: gjoranv <gjoranv@gmail.com> 2023-09-14 14:46:12 +0200
commit: 5e7aea140634f222ac6c4a3192e8dbd65b2b3985 (patch)
tree: b118ca3a40ed020e0395425b45367f19d60a1de7 /node-admin
parent: b51d07196d344abad4c8188bf0b1f0ed237a51a2 (diff)
7 files changed, 43 insertions, 9 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java
index d217d038e42..0300d7e92ff 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java
@@ -75,6 +75,8 @@ public class NodeSpec {
 
     private final Optional<WireguardKey> wireguardPubkey;
 
+    private final Optional<Instant> wireguardKeyTimestamp;
+
     private final boolean wantToRebuild;
 
     public NodeSpec(
@@ -111,6 +113,7 @@ public class NodeSpec {
             Optional<ApplicationId> exclusiveTo,
             List<TrustStoreItem> trustStore,
             Optional<WireguardKey> wireguardPubkey,
+            Optional<Instant> wireguardKeyTimestamp,
             boolean wantToRebuild) {
 
         if (state == NodeState.active) {
@@ -155,6 +158,7 @@ public class NodeSpec {
         this.exclusiveTo = Objects.requireNonNull(exclusiveTo);
         this.trustStore = Objects.requireNonNull(trustStore);
         this.wireguardPubkey = Objects.requireNonNull(wireguardPubkey);
+        this.wireguardKeyTimestamp = Objects.requireNonNull(wireguardKeyTimestamp);
         this.wantToRebuild = wantToRebuild;
     }
 
@@ -311,6 +315,8 @@ public class NodeSpec {
 
     public Optional<WireguardKey> wireguardPubkey() { return wireguardPubkey; }
 
+    public Optional<Instant> wireguardKeyTimestamp() { return wireguardKeyTimestamp; }
+
     public boolean wantToRebuild() {
         return wantToRebuild;
     }
@@ -353,6 +359,7 @@ public class NodeSpec {
                 Objects.equals(exclusiveTo, that.exclusiveTo) &&
                 Objects.equals(trustStore, that.trustStore) &&
                 Objects.equals(wireguardPubkey, that.wireguardPubkey) &&
+                Objects.equals(wireguardKeyTimestamp, that.wireguardKeyTimestamp) &&
                 Objects.equals(wantToRebuild, that.wantToRebuild);
     }
 
@@ -392,6 +399,7 @@ public class NodeSpec {
                 exclusiveTo,
                 trustStore,
                 wireguardPubkey,
+                wireguardKeyTimestamp,
                 wantToRebuild);
     }
 
@@ -431,6 +439,7 @@ public class NodeSpec {
                 + " exclusiveTo=" + exclusiveTo
                 + " trustStore=" + trustStore
                 + " wireguardPubkey=" + wireguardPubkey
+                + " wireguardKeyTimestamp=" + wireguardKeyTimestamp
                 + " wantToRebuild=" + wantToRebuild
                 + " }";
     }
@@ -469,6 +478,7 @@ public class NodeSpec {
         private Optional<ApplicationId> exclusiveTo = Optional.empty();
         private List<TrustStoreItem> trustStore = List.of();
         private Optional<WireguardKey> wireguardPubkey = Optional.empty();
+        private Optional<Instant> wireguardKeyTimestamp = Optional.empty();
         private boolean wantToRebuild = false;
 
         public Builder() {}
@@ -505,6 +515,7 @@ public class NodeSpec {
             node.exclusiveTo.ifPresent(this::exclusiveTo);
             trustStore(node.trustStore);
             node.wireguardPubkey.ifPresent(this::wireguardPubkey);
+            node.wireguardKeyTimestamp.ifPresent(this::wireguardKeyTimestamp);
             wantToRebuild(node.wantToRebuild);
         }
 
@@ -693,8 +704,13 @@ public class NodeSpec {
             return this;
         }
 
-        public Builder wireguardPubkey(WireguardKey wireguardKey) {
-            wireguardPubkey = Optional.of(wireguardKey);
+        public Builder wireguardPubkey(WireguardKey wireguardPubKey) {
+            this.wireguardPubkey = Optional.of(wireguardPubKey);
+            return this;
+        }
+
+        public Builder wireguardKeyTimestamp(Instant wireguardKeyTimestamp) {
+            this.wireguardKeyTimestamp = Optional.of(wireguardKeyTimestamp);
             return this;
         }
 
@@ -830,7 +846,7 @@ public class NodeSpec {
                                 wantedFirmwareCheck, currentFirmwareCheck, modelName,
                                 resources, realResources, ipAddresses, additionalIpAddresses,
                                 reports, events, parentHostname, archiveUri, exclusiveTo, trustStore,
-                                wireguardPubkey, wantToRebuild);
+                                wireguardPubkey, wireguardKeyTimestamp, wantToRebuild);
         }
 
 
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
index 043a8ae4cd5..a48372c334f 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
@@ -147,8 +147,10 @@ public class RealNodeRepository implements NodeRepository {
                             .toList();
                     if (ipAddresses.isEmpty()) return;
 
-                    consumer.accept(new WireguardPeer(
-                            HostName.of(node.hostname), ipAddresses, WireguardKey.from(node.wireguardPubkey)));
+                    consumer.accept(new WireguardPeer(HostName.of(node.hostname),
+                                                      ipAddresses,
+                                                      WireguardKey.from(node.wireguardPubkey),
+                                                      Instant.ofEpochMilli(node.wireguardKeyTimestamp)));
                 })
                 .sorted()
                 .toList();
@@ -242,6 +244,7 @@ public class RealNodeRepository implements NodeRepository {
                 Optional.ofNullable(node.exclusiveTo).map(ApplicationId::fromSerializedForm),
                 trustStore,
                 Optional.ofNullable(node.wireguardPubkey).map(WireguardKey::from),
+                Optional.ofNullable(node.wireguardKeyTimestamp).map(Instant::ofEpochMilli),
                 node.wantToRebuild);
     }
 
@@ -368,6 +371,7 @@ public class RealNodeRepository implements NodeRepository {
     private static WireguardPeer createConfigserverPeer(GetWireguardResponse.Configserver configServer) {
         return new WireguardPeer(HostName.of(configServer.hostname),
                                  configServer.ipAddresses.stream().map(VersionedIpAddress::from).toList(),
-                                 WireguardKey.from(configServer.wireguardPubkey));
+                                 WireguardKey.from(configServer.wireguardPubkey),
+                                 Instant.ofEpochMilli(configServer.wireguardKeyTimestamp));
     }
 }
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java
index a71b2a74b31..dcbf4cc163f 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java
@@ -35,13 +35,18 @@ public class GetWireguardResponse {
         @JsonProperty("wireguardPubkey")
         public final String wireguardPubkey;
 
+        @JsonProperty("wireguardKeyTimestamp")
+        public final Long wireguardKeyTimestamp;
+
         @JsonCreator
         public Configserver(@JsonProperty("hostname") String hostname,
                             @JsonProperty("ipAddresses") List<String> ipAddresses,
-                            @JsonProperty("wireguardPubkey") String wireguardPubkey) {
+                            @JsonProperty("wireguardPubkey") String wireguardPubkey,
+                            @JsonProperty("wireguardKeyTimestamp") Long wireguardKeyTimestamp) {
             this.hostname = hostname;
             this.ipAddresses = ipAddresses;
             this.wireguardPubkey = wireguardPubkey;
+            this.wireguardKeyTimestamp = wireguardKeyTimestamp;
         }
     }
 
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java
index 8078b3acf6f..3d0d052a877 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java
@@ -95,6 +95,9 @@ public class NodeRepositoryNode {
     @JsonProperty("wireguardPubkey")
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
     public String wireguardPubkey;
+    @JsonProperty("wireguardKeyTimestamp")
+    @JsonInclude(JsonInclude.Include.NON_EMPTY)
+    public Long wireguardKeyTimestamp;
 
     @JsonProperty("reports")
     public Map<String, JsonNode> reports = null;
@@ -139,6 +142,7 @@ public class NodeRepositoryNode {
                ", history=" + history +
                ", trustStore=" + trustStore +
                ", wireguardPubkey=" + wireguardPubkey +
+               ", wireguardKeyTimestamp=" + wireguardKeyTimestamp +
                ", reports=" + reports +
                '}';
     }
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java
index 0f4d2d5d8e0..b5428f57f08 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java
@@ -4,6 +4,7 @@ import com.yahoo.config.provision.HostName;
 import com.yahoo.config.provision.WireguardKey;
 import com.yahoo.vespa.hosted.node.admin.task.util.network.VersionedIpAddress;
 
+import java.time.Instant;
 import java.util.List;
 
 /**
@@ -14,7 +15,8 @@ import java.util.List;
  */
 public record WireguardPeer(HostName hostname,
                             List<VersionedIpAddress> ipAddresses,
-                            WireguardKey publicKey) implements Comparable<WireguardPeer> {
+                            WireguardKey publicKey,
+                            Instant wireguardKeyTimestamp) implements Comparable<WireguardPeer> {
 
     public WireguardPeer {
         if (ipAddresses.isEmpty()) throw new IllegalArgumentException("No IP addresses for peer node " + hostname.value());
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java
index 6358fcecafb..d5e6ae59c62 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java
@@ -139,6 +139,7 @@ public class RealNodeRepositoryTest {
         var hostname = "host4.yahoo.com";
         var dockerImage = "registry.example.com/repo/image-1:6.2.3";
         var wireguardKey = WireguardKey.from("111122223333444455556666777788889999000042c=");
+        var wireguardKeyTimestamp = Instant.ofEpochMilli(321L);
 
         nodeRepositoryApi.updateNodeAttributes(
                 hostname,
@@ -151,6 +152,7 @@ public class RealNodeRepositoryTest {
         assertEquals(1, hostSpec.currentRestartGeneration().orElseThrow());
         assertEquals(dockerImage, hostSpec.currentDockerImage().orElseThrow().asString());
         assertEquals(wireguardKey.value(), hostSpec.wireguardPubkey().orElseThrow().value());
+        assertEquals(wireguardKeyTimestamp, hostSpec.wireguardKeyTimestamp().orElseThrow());
     }
 
     @Test
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java
index 00aca5c5e4d..cd76b221c9e 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java
@@ -5,6 +5,7 @@ import com.yahoo.config.provision.WireguardKey;
 import com.yahoo.vespa.hosted.node.admin.task.util.network.VersionedIpAddress;
 import org.junit.jupiter.api.Test;
 
+import java.time.Instant;
 import java.util.List;
 import java.util.stream.Stream;
 
@@ -30,6 +31,6 @@ public class WireguardPeerTest {
 
     private static WireguardPeer peer(String hostname) {
         return new WireguardPeer(HostName.of(hostname), List.of(VersionedIpAddress.from("::1:1")),
-                                 WireguardKey.generateRandomForTesting());
+                                 WireguardKey.generateRandomForTesting(), Instant.EPOCH);
     }
 }
author	gjoranv <gjoranv@gmail.com>	2023-09-05 13:17:10 +0200
committer	gjoranv <gjoranv@gmail.com>	2023-09-14 14:46:12 +0200
commit	5e7aea140634f222ac6c4a3192e8dbd65b2b3985 (patch)
tree	b118ca3a40ed020e0395425b45367f19d60a1de7 /node-admin
parent	b51d07196d344abad4c8188bf0b1f0ed237a51a2 (diff)