node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/WireguardResponse.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.provision.restapi;

import com.yahoo.config.provision.NodeType;
import com.yahoo.config.provision.WireguardKeyWithTimestamp;
import com.yahoo.restapi.SlimeJsonResponse;
import com.yahoo.slime.Cursor;
import com.yahoo.vespa.hosted.provision.Node;
import com.yahoo.vespa.hosted.provision.NodeList;
import com.yahoo.vespa.hosted.provision.NodeRepository;
import com.yahoo.vespa.hosted.provision.node.IP;

import java.net.InetAddress;
import java.util.List;

import static com.yahoo.vespa.hosted.provision.restapi.NodesResponse.toSlime;

/**
 * A response containing the wireguard peer config for each configserver that has a public key.
 *
 * @author gjoranv
 */
public class WireguardResponse extends SlimeJsonResponse {

    public WireguardResponse(NodeRepository nodeRepository) {
        Cursor root = slime.setObject();
        Cursor cfgArray = root.setArray("configservers");

        NodeList configservers = nodeRepository.nodes()
                .list(Node.State.active)
                .nodeType(NodeType.config);

        for (Node cfg : configservers) {
            if (cfg.wireguardPubKey().isEmpty()) continue;
            List<String> ipAddresses = cfg.ipConfig().primary().stream()
                    .filter(WireguardResponse::isPublicIp)
                    .toList();
            if (ipAddresses.isEmpty()) continue;

            addConfigserver(cfgArray.addObject(), cfg.hostname(), cfg.wireguardPubKey().get(), ipAddresses);
        }
    }

    private void addConfigserver(Cursor cfgEntry, String hostname, WireguardKeyWithTimestamp keyWithTimestamp,
                                 List<String> ipAddresses) {
        cfgEntry.setString("hostname", hostname);

        // TODO wg: remove when all nodes are using new key+timestamp format
        cfgEntry.setString("wireguardPubkey", keyWithTimestamp.key().value());
        cfgEntry.setLong("wireguardKeyTimestamp", keyWithTimestamp.timestamp().toEpochMilli());

        NodesResponse.ipAddressesToSlime(ipAddresses, cfgEntry.setArray("ipAddresses"));
        toSlime(keyWithTimestamp, cfgEntry.setObject("wireguard"));
    }

    private static boolean isPublicIp(String ipAddress) {
        InetAddress address = IP.parse(ipAddress);
        return !address.isLoopbackAddress() && !address.isLinkLocalAddress() && !address.isSiteLocalAddress();
    }
}