diff options
author | gjoranv <gjoranv@gmail.com> | 2023-09-05 13:17:10 +0200 |
---|---|---|
committer | gjoranv <gjoranv@gmail.com> | 2023-09-14 14:46:12 +0200 |
commit | 5e7aea140634f222ac6c4a3192e8dbd65b2b3985 (patch) | |
tree | b118ca3a40ed020e0395425b45367f19d60a1de7 /node-admin | |
parent | b51d07196d344abad4c8188bf0b1f0ed237a51a2 (diff) |
Add wireguard key timestamp to node repo and WireguardPeer
- Set from NodePatcher clock.
- Add UNINITIALIZED wireguard key constant
Diffstat (limited to 'node-admin')
7 files changed, 43 insertions, 9 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java index d217d038e42..0300d7e92ff 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/NodeSpec.java @@ -75,6 +75,8 @@ public class NodeSpec { private final Optional<WireguardKey> wireguardPubkey; + private final Optional<Instant> wireguardKeyTimestamp; + private final boolean wantToRebuild; public NodeSpec( @@ -111,6 +113,7 @@ public class NodeSpec { Optional<ApplicationId> exclusiveTo, List<TrustStoreItem> trustStore, Optional<WireguardKey> wireguardPubkey, + Optional<Instant> wireguardKeyTimestamp, boolean wantToRebuild) { if (state == NodeState.active) { @@ -155,6 +158,7 @@ public class NodeSpec { this.exclusiveTo = Objects.requireNonNull(exclusiveTo); this.trustStore = Objects.requireNonNull(trustStore); this.wireguardPubkey = Objects.requireNonNull(wireguardPubkey); + this.wireguardKeyTimestamp = Objects.requireNonNull(wireguardKeyTimestamp); this.wantToRebuild = wantToRebuild; } @@ -311,6 +315,8 @@ public class NodeSpec { public Optional<WireguardKey> wireguardPubkey() { return wireguardPubkey; } + public Optional<Instant> wireguardKeyTimestamp() { return wireguardKeyTimestamp; } + public boolean wantToRebuild() { return wantToRebuild; } @@ -353,6 +359,7 @@ public class NodeSpec { Objects.equals(exclusiveTo, that.exclusiveTo) && Objects.equals(trustStore, that.trustStore) && Objects.equals(wireguardPubkey, that.wireguardPubkey) && + Objects.equals(wireguardKeyTimestamp, that.wireguardKeyTimestamp) && Objects.equals(wantToRebuild, that.wantToRebuild); } @@ -392,6 +399,7 @@ public class NodeSpec { exclusiveTo, trustStore, wireguardPubkey, + wireguardKeyTimestamp, wantToRebuild); } @@ -431,6 +439,7 @@ public class NodeSpec { + " exclusiveTo=" + exclusiveTo + " trustStore=" + trustStore + " wireguardPubkey=" + wireguardPubkey + + " wireguardKeyTimestamp=" + wireguardKeyTimestamp + " wantToRebuild=" + wantToRebuild + " }"; } @@ -469,6 +478,7 @@ public class NodeSpec { private Optional<ApplicationId> exclusiveTo = Optional.empty(); private List<TrustStoreItem> trustStore = List.of(); private Optional<WireguardKey> wireguardPubkey = Optional.empty(); + private Optional<Instant> wireguardKeyTimestamp = Optional.empty(); private boolean wantToRebuild = false; public Builder() {} @@ -505,6 +515,7 @@ public class NodeSpec { node.exclusiveTo.ifPresent(this::exclusiveTo); trustStore(node.trustStore); node.wireguardPubkey.ifPresent(this::wireguardPubkey); + node.wireguardKeyTimestamp.ifPresent(this::wireguardKeyTimestamp); wantToRebuild(node.wantToRebuild); } @@ -693,8 +704,13 @@ public class NodeSpec { return this; } - public Builder wireguardPubkey(WireguardKey wireguardKey) { - wireguardPubkey = Optional.of(wireguardKey); + public Builder wireguardPubkey(WireguardKey wireguardPubKey) { + this.wireguardPubkey = Optional.of(wireguardPubKey); + return this; + } + + public Builder wireguardKeyTimestamp(Instant wireguardKeyTimestamp) { + this.wireguardKeyTimestamp = Optional.of(wireguardKeyTimestamp); return this; } @@ -830,7 +846,7 @@ public class NodeSpec { wantedFirmwareCheck, currentFirmwareCheck, modelName, resources, realResources, ipAddresses, additionalIpAddresses, reports, events, parentHostname, archiveUri, exclusiveTo, trustStore, - wireguardPubkey, wantToRebuild); + wireguardPubkey, wireguardKeyTimestamp, wantToRebuild); } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java index 043a8ae4cd5..a48372c334f 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java @@ -147,8 +147,10 @@ public class RealNodeRepository implements NodeRepository { .toList(); if (ipAddresses.isEmpty()) return; - consumer.accept(new WireguardPeer( - HostName.of(node.hostname), ipAddresses, WireguardKey.from(node.wireguardPubkey))); + consumer.accept(new WireguardPeer(HostName.of(node.hostname), + ipAddresses, + WireguardKey.from(node.wireguardPubkey), + Instant.ofEpochMilli(node.wireguardKeyTimestamp))); }) .sorted() .toList(); @@ -242,6 +244,7 @@ public class RealNodeRepository implements NodeRepository { Optional.ofNullable(node.exclusiveTo).map(ApplicationId::fromSerializedForm), trustStore, Optional.ofNullable(node.wireguardPubkey).map(WireguardKey::from), + Optional.ofNullable(node.wireguardKeyTimestamp).map(Instant::ofEpochMilli), node.wantToRebuild); } @@ -368,6 +371,7 @@ public class RealNodeRepository implements NodeRepository { private static WireguardPeer createConfigserverPeer(GetWireguardResponse.Configserver configServer) { return new WireguardPeer(HostName.of(configServer.hostname), configServer.ipAddresses.stream().map(VersionedIpAddress::from).toList(), - WireguardKey.from(configServer.wireguardPubkey)); + WireguardKey.from(configServer.wireguardPubkey), + Instant.ofEpochMilli(configServer.wireguardKeyTimestamp)); } } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java index a71b2a74b31..dcbf4cc163f 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java @@ -35,13 +35,18 @@ public class GetWireguardResponse { @JsonProperty("wireguardPubkey") public final String wireguardPubkey; + @JsonProperty("wireguardKeyTimestamp") + public final Long wireguardKeyTimestamp; + @JsonCreator public Configserver(@JsonProperty("hostname") String hostname, @JsonProperty("ipAddresses") List<String> ipAddresses, - @JsonProperty("wireguardPubkey") String wireguardPubkey) { + @JsonProperty("wireguardPubkey") String wireguardPubkey, + @JsonProperty("wireguardKeyTimestamp") Long wireguardKeyTimestamp) { this.hostname = hostname; this.ipAddresses = ipAddresses; this.wireguardPubkey = wireguardPubkey; + this.wireguardKeyTimestamp = wireguardKeyTimestamp; } } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java index 8078b3acf6f..3d0d052a877 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/NodeRepositoryNode.java @@ -95,6 +95,9 @@ public class NodeRepositoryNode { @JsonProperty("wireguardPubkey") @JsonInclude(JsonInclude.Include.NON_EMPTY) public String wireguardPubkey; + @JsonProperty("wireguardKeyTimestamp") + @JsonInclude(JsonInclude.Include.NON_EMPTY) + public Long wireguardKeyTimestamp; @JsonProperty("reports") public Map<String, JsonNode> reports = null; @@ -139,6 +142,7 @@ public class NodeRepositoryNode { ", history=" + history + ", trustStore=" + trustStore + ", wireguardPubkey=" + wireguardPubkey + + ", wireguardKeyTimestamp=" + wireguardKeyTimestamp + ", reports=" + reports + '}'; } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java index 0f4d2d5d8e0..b5428f57f08 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java @@ -4,6 +4,7 @@ import com.yahoo.config.provision.HostName; import com.yahoo.config.provision.WireguardKey; import com.yahoo.vespa.hosted.node.admin.task.util.network.VersionedIpAddress; +import java.time.Instant; import java.util.List; /** @@ -14,7 +15,8 @@ import java.util.List; */ public record WireguardPeer(HostName hostname, List<VersionedIpAddress> ipAddresses, - WireguardKey publicKey) implements Comparable<WireguardPeer> { + WireguardKey publicKey, + Instant wireguardKeyTimestamp) implements Comparable<WireguardPeer> { public WireguardPeer { if (ipAddresses.isEmpty()) throw new IllegalArgumentException("No IP addresses for peer node " + hostname.value()); diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java index 6358fcecafb..d5e6ae59c62 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java @@ -139,6 +139,7 @@ public class RealNodeRepositoryTest { var hostname = "host4.yahoo.com"; var dockerImage = "registry.example.com/repo/image-1:6.2.3"; var wireguardKey = WireguardKey.from("111122223333444455556666777788889999000042c="); + var wireguardKeyTimestamp = Instant.ofEpochMilli(321L); nodeRepositoryApi.updateNodeAttributes( hostname, @@ -151,6 +152,7 @@ public class RealNodeRepositoryTest { assertEquals(1, hostSpec.currentRestartGeneration().orElseThrow()); assertEquals(dockerImage, hostSpec.currentDockerImage().orElseThrow().asString()); assertEquals(wireguardKey.value(), hostSpec.wireguardPubkey().orElseThrow().value()); + assertEquals(wireguardKeyTimestamp, hostSpec.wireguardKeyTimestamp().orElseThrow()); } @Test diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java index 00aca5c5e4d..cd76b221c9e 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java @@ -5,6 +5,7 @@ import com.yahoo.config.provision.WireguardKey; import com.yahoo.vespa.hosted.node.admin.task.util.network.VersionedIpAddress; import org.junit.jupiter.api.Test; +import java.time.Instant; import java.util.List; import java.util.stream.Stream; @@ -30,6 +31,6 @@ public class WireguardPeerTest { private static WireguardPeer peer(String hostname) { return new WireguardPeer(HostName.of(hostname), List.of(VersionedIpAddress.from("::1:1")), - WireguardKey.generateRandomForTesting()); + WireguardKey.generateRandomForTesting(), Instant.EPOCH); } } |