blob: 3ffcb2f90c0edf10ae3dd5af83c2ceabaa44bd47 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.provision.restapi;
import com.yahoo.config.provision.NodeType;
import com.yahoo.config.provision.WireguardKeyWithTimestamp;
import com.yahoo.restapi.SlimeJsonResponse;
import com.yahoo.slime.Cursor;
import com.yahoo.vespa.hosted.provision.Node;
import com.yahoo.vespa.hosted.provision.NodeList;
import com.yahoo.vespa.hosted.provision.NodeRepository;
import com.yahoo.vespa.hosted.provision.node.IP;
import java.net.InetAddress;
import java.util.List;
import static com.yahoo.vespa.hosted.provision.restapi.NodesResponse.toSlime;
/**
* A response containing the wireguard peer config for each configserver that has a public key.
*
* @author gjoranv
*/
public class WireguardResponse extends SlimeJsonResponse {
public WireguardResponse(NodeRepository nodeRepository) {
Cursor root = slime.setObject();
Cursor cfgArray = root.setArray("configservers");
NodeList configservers = nodeRepository.nodes()
.list(Node.State.active)
.nodeType(NodeType.config);
for (Node cfg : configservers) {
if (cfg.wireguardPubKey().isEmpty()) continue;
List<String> ipAddresses = cfg.ipConfig().primary().stream()
.filter(WireguardResponse::isPublicIp)
.toList();
if (ipAddresses.isEmpty()) continue;
addConfigserver(cfgArray.addObject(), cfg.hostname(), cfg.wireguardPubKey().get(), ipAddresses);
}
}
private void addConfigserver(Cursor cfgEntry, String hostname, WireguardKeyWithTimestamp keyWithTimestamp,
List<String> ipAddresses) {
cfgEntry.setString("hostname", hostname);
// TODO wg: remove when all nodes are using new key+timestamp format
cfgEntry.setString("wireguardPubkey", keyWithTimestamp.key().value());
cfgEntry.setLong("wireguardKeyTimestamp", keyWithTimestamp.timestamp().toEpochMilli());
NodesResponse.ipAddressesToSlime(ipAddresses, cfgEntry.setArray("ipAddresses"));
toSlime(keyWithTimestamp, cfgEntry.setObject("wireguard"));
}
private static boolean isPublicIp(String ipAddress) {
InetAddress address = IP.parse(ipAddress);
return !address.isLoopbackAddress() && !address.isLinkLocalAddress() && !address.isSiteLocalAddress();
}
}
|