From c9e4cc5668b7c844ce691db75b3b84808529ad3f Mon Sep 17 00:00:00 2001 From: gjoranv Date: Sat, 18 Feb 2023 15:16:27 +0100 Subject: Only include configservers with wg pubkey in wireguard response. --- .../provision/restapi/WireguardResponse.java | 24 ++++++++++++++-------- .../provision/testutils/MockNodeRepository.java | 2 +- 2 files changed, 16 insertions(+), 10 deletions(-) (limited to 'node-repository/src/main/java/com') diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/WireguardResponse.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/WireguardResponse.java index 0bac6f09029..11be80de990 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/WireguardResponse.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/WireguardResponse.java @@ -1,13 +1,18 @@ package com.yahoo.vespa.hosted.provision.restapi; import com.yahoo.config.provision.NodeType; +import com.yahoo.config.provision.WireguardKey; import com.yahoo.restapi.SlimeJsonResponse; import com.yahoo.slime.Cursor; import com.yahoo.vespa.hosted.provision.Node; import com.yahoo.vespa.hosted.provision.NodeList; import com.yahoo.vespa.hosted.provision.NodeRepository; +import java.util.Set; + /** + * A response containing the wireguard peer config for each configserver that has a public key. + * * @author gjoranv */ public class WireguardResponse extends SlimeJsonResponse { @@ -20,17 +25,18 @@ public class WireguardResponse extends SlimeJsonResponse { .list(Node.State.active) .nodeType(NodeType.config); - configservers.forEach( - configserver -> addConfigserver(cfgArray.addObject(), configserver)); + configservers.stream() + .filter(node -> node.wireguardPubKey().isPresent()) + .forEach(configserver -> addConfigserver(cfgArray.addObject(), + configserver.hostname(), + configserver.wireguardPubKey().get(), + configserver.ipConfig().primary())); } - private void addConfigserver(Cursor cfgEntry, Node configserver) { - cfgEntry.setString("hostname", configserver.hostname()); - - configserver.wireguardPubKey().ifPresent( - key -> cfgEntry.setString("wireguardPubkey", key.value())); - - NodesResponse.ipAddressesToSlime(configserver.ipConfig().primary(), cfgEntry.setArray("ipAddresses")); + private void addConfigserver(Cursor cfgEntry, String hostname, WireguardKey key, Set ipAddresses) { + cfgEntry.setString("hostname", hostname); + cfgEntry.setString("wireguardPubkey", key.value()); + NodesResponse.ipAddressesToSlime(ipAddresses, cfgEntry.setArray("ipAddresses")); } } diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java index 3caefcdc69e..382f8520c26 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java @@ -173,7 +173,7 @@ public class MockNodeRepository extends NodeRepository { nodes.add(Node.create("cfg1", ipConfig(201), "cfg1.yahoo.com", flavors.getFlavorOrThrow("default"), NodeType.config) .wireguardPubKey(WireguardKey.from("lololololololololololololololololololololoo=")).build()); nodes.add(Node.create("cfg2", ipConfig(202), "cfg2.yahoo.com", flavors.getFlavorOrThrow("default"), NodeType.config) - .wireguardPubKey(WireguardKey.from("olololololololololololololololololololololo=")).build()); + .build()); // Ready all nodes, except 7 and 55 nodes = nodes().addNodes(nodes, Agent.system); -- cgit v1.2.3 From cd78b3fa9684fd333edf07ea80c539bb82efff3f Mon Sep 17 00:00:00 2001 From: gjoranv Date: Sat, 18 Feb 2023 15:39:59 +0100 Subject: Filter exclave nodes without wg key from node repo client. --- .../admin/configserver/noderepository/RealNodeRepository.java | 1 + .../configserver/noderepository/RealNodeRepositoryTest.java | 9 ++++----- .../vespa/hosted/provision/testutils/MockNodeRepository.java | 1 - .../yahoo/vespa/hosted/provision/restapi/responses/node3.json | 3 +-- 4 files changed, 6 insertions(+), 8 deletions(-) (limited to 'node-repository/src/main/java/com') diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java index 1befb543201..a115e40a290 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java @@ -135,6 +135,7 @@ public class RealNodeRepository implements NodeRepository { final GetNodesResponse response = configServerApi.get(path, GetNodesResponse.class); return response.nodes.stream() + .filter(node -> node.wireguardPubkey != null && ! node.wireguardPubkey.isEmpty()) .map(RealNodeRepository::createTenantPeer) .sorted() .toList(); diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java index 47d37fe37fe..c7eb26cb6a7 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepositoryTest.java @@ -204,6 +204,7 @@ public class RealNodeRepositoryTest { //// Configservers //// List cfgPeers = nodeRepositoryApi.getConfigserverPeers(); + // cfg2 does not have a wg public key, so should not be included assertEquals(1, cfgPeers.size()); @@ -214,15 +215,13 @@ public class RealNodeRepositoryTest { //// Exclave nodes //// List exclavePeers = nodeRepositoryApi.getExclavePeers(); - assertEquals(2, exclavePeers.size()); + + // host3 does not have a wg public key, so should not be included + assertEquals(1, exclavePeers.size()); assertWireguardPeer(exclavePeers.get(0), "dockerhost2.yahoo.com", "::101:1", "127.0.101.1", "000011112222333344445555666677778888999900c="); - - assertWireguardPeer(exclavePeers.get(1), "host3.yahoo.com", - "::3:1", "127.0.3.1", - "333344445555666677778888999900001111222211c="); } private void assertWireguardPeer(WireguardPeer peer, String hostname, String ipv6, String ipv4, String publicKey) { diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java index 382f8520c26..66d1568262b 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java @@ -110,7 +110,6 @@ public class MockNodeRepository extends NodeRepository { .cloudAccount(defaultCloudAccount).build()); // Emulate node in tenant account nodes.add(Node.create("node3", ipConfig(3), "host3.yahoo.com", resources(0.5, 48, 500, 1, fast, local), NodeType.tenant) - .wireguardPubKey(WireguardKey.from("333344445555666677778888999900001111222211c=")) .cloudAccount(tenantAccount).build()); Node node4 = Node.create("node4", ipConfig(4), "host4.yahoo.com", resources(1, 4, 100, 1, fast, local), NodeType.tenant) .parentHostname("dockerhost1.yahoo.com") diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node3.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node3.json index aa45de1f3dd..1c560c2f95b 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node3.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node3.json @@ -50,6 +50,5 @@ "::3:1" ], "additionalIpAddresses": [], - "cloudAccount": "777888999000", - "wireguardPubkey":"333344445555666677778888999900001111222211c=" + "cloudAccount": "777888999000" } -- cgit v1.2.3