trifid-api 0.1.1, fix config generation

This commit is contained in:
core 2023-06-22 10:53:17 -04:00
parent 0637b4bad3
commit e9b54f08b1
Signed by: core
GPG Key ID: FDBF740DADDCEECF
3 changed files with 54 additions and 383 deletions

View File

@ -1,6 +1,6 @@
[package] [package]
name = "trifid-api" name = "trifid-api"
version = "0.1.0" version = "0.1.1"
edition = "2021" edition = "2021"
description = "Pure-rust Defined Networking compatible management server" description = "Pure-rust Defined Networking compatible management server"
license = "GPL-3.0-or-later" license = "GPL-3.0-or-later"

View File

@ -17,7 +17,8 @@ use crate::AppState;
use ed25519_dalek::SigningKey; use ed25519_dalek::SigningKey;
use ipnet::Ipv4Net; use ipnet::Ipv4Net;
use log::{debug, error}; use log::{debug, error};
use sea_orm::{ColumnTrait, EntityTrait, QueryFilter}; use sea_orm::{ColumnTrait, Condition, EntityTrait, QueryFilter};
use serde_yaml::{Mapping, Value};
use trifid_api_entities::entity::{ use trifid_api_entities::entity::{
firewall_rule, host, host_config_override, host_static_address, network, organization, firewall_rule, host, host_config_override, host_static_address, network, organization,
signing_ca, signing_ca,
@ -156,7 +157,7 @@ pub async fn generate_config(
punchy: Some(NebulaConfigPunchy { punchy: Some(NebulaConfigPunchy {
punch: true, punch: true,
respond: true, respond: true,
delay: "".to_string(), delay: "1s".to_string(),
}), }),
cipher: NebulaConfigCipher::Aes, cipher: NebulaConfigCipher::Aes,
preferred_ranges: vec![], preferred_ranges: vec![],
@ -191,36 +192,68 @@ pub async fn generate_config(
cidr: None, cidr: None,
}]), }]),
}), }),
routines: 0, routines: 1,
stats: None, stats: None,
local_range: None, local_range: None,
}; };
// Merge with config overrides and re-parse let mut val = Mapping::new();
let config_str = serde_yaml::to_string(&nebula_config)?;
let mut value: serde_yaml::Value = serde_yaml::from_str(&config_str)?;
for (key, kv_value) in &info.config_overrides { for (k, v) in &info.config_overrides {
// split up the key let key_split = k.split('.').collect::<Vec<&str>>();
// a.b.c.d = ['a']['b']['c']['d'] = value
let key_split = key.split('.');
let mut current_val = &mut value; let mut value = &mut val;
for key_iter in key_split { for ks_k in &key_split[..key_split.len()-1] {
current_val = current_val.get_mut(key_iter).ok_or("Invalid key-value override")?; if !value.contains_key(ks_k) {
value.insert(Value::String(ks_k.to_string()), Value::Mapping(Mapping::new()));
} }
*current_val = serde_yaml::from_str(kv_value)?; value = value.get_mut(ks_k).ok_or("Invalid key-value pair")?.as_mapping_mut().unwrap();
} }
let config_str_merged = serde_yaml::to_string(&value)?; value.insert(Value::String(key_split[key_split.len()-1].to_string()), serde_yaml::from_str(&v)?);
}
let nebula_config = serde_yaml::from_str(&config_str_merged)?; let overrides_value = Value::Mapping(val);
debug!("{:?}", overrides_value);
let mut value = serde_yaml::to_value(nebula_config)?;
debug!("{:?}", value);
merge_yaml(&mut value, overrides_value);
debug!("{:?}", value);
let nebula_config = serde_yaml::from_value(value)?;
Ok((nebula_config, cert)) Ok((nebula_config, cert))
} }
// This cursed abomination credit https://stackoverflow.com/questions/67727239/how-to-combine-including-nested-array-values-two-serde-yamlvalue-objects
fn merge_yaml(a: &mut serde_yaml::Value, b: serde_yaml::Value) {
match (a, b) {
(a @ &mut serde_yaml::Value::Mapping(_), serde_yaml::Value::Mapping(b)) => {
let a = a.as_mapping_mut().unwrap();
for (k, v) in b {
if v.is_sequence() && a.contains_key(&k) && a[&k].is_sequence() {
let mut _b = a.get(&k).unwrap().as_sequence().unwrap().to_owned();
_b.append(&mut v.as_sequence().unwrap().to_owned());
a[&k] = serde_yaml::Value::from(_b);
continue;
}
if !a.contains_key(&k) {a.insert(k.to_owned(), v.to_owned());}
else { merge_yaml(&mut a[&k], v); }
}
}
(a, b) => *a = b,
}
}
pub async fn collect_info<'a>( pub async fn collect_info<'a>(
db: &'a Data<AppState>, db: &'a Data<AppState>,
host: &'a str, host: &'a str,
@ -237,12 +270,12 @@ pub async fn collect_info<'a>(
}; };
let host_config_overrides = trifid_api_entities::entity::host_config_override::Entity::find() let host_config_overrides = trifid_api_entities::entity::host_config_override::Entity::find()
.filter(host_config_override::Column::Id.eq(&host.id)) .filter(host_config_override::Column::Host.eq(&host.id))
.all(&db.conn) .all(&db.conn)
.await?; .await?;
let _host_static_addresses = trifid_api_entities::entity::host_static_address::Entity::find() let _host_static_addresses = trifid_api_entities::entity::host_static_address::Entity::find()
.filter(host_static_address::Column::Id.eq(&host.id)) .filter(host_static_address::Column::Host.eq(&host.id))
.all(&db.conn) .all(&db.conn)
.await?; .await?;
@ -267,8 +300,7 @@ pub async fn collect_info<'a>(
let hosts = trifid_api_entities::entity::host::Entity::find() let hosts = trifid_api_entities::entity::host::Entity::find()
.filter(host::Column::Network.eq(&network.id)) .filter(host::Column::Network.eq(&network.id))
.filter(host::Column::IsRelay.eq(true)) .filter(Condition::any().add(host::Column::IsRelay.eq(true)).add(host::Column::IsLighthouse.eq(true)))
.filter(host::Column::IsLighthouse.eq(true))
.all(&db.conn) .all(&db.conn)
.await?; .await?;
@ -356,7 +388,7 @@ pub async fn collect_info<'a>(
} else { } else {
format!("{}-{}", u.port_range_from, u.port_range_to) format!("{}-{}", u.port_range_from, u.port_range_to)
}), }),
proto: Some(u.protocol.clone()), proto: Some(u.protocol.clone().to_lowercase()),
ca_name: None, ca_name: None,
ca_sha: None, ca_sha: None,
host: if u.allowed_role_id.is_some() { host: if u.allowed_role_id.is_some() {

View File

@ -1,361 +0,0 @@
[[hosts]]
id = "host-IPNHZ2XBXJDY2WYOYG7709CBJ8"
current_signing_key = 1
current_client_key = 2
current_config = 2
current_cert = 2
[[hosts.certs]]
id = 1
[hosts.certs.cert]
signature = [112, 198, 103, 65, 58, 33, 254, 185, 255, 1, 204, 111, 236, 234, 55, 143, 24, 27, 104, 53, 89, 106, 209, 53, 201, 35, 248, 55, 109, 120, 219, 26, 171, 234, 181, 70, 174, 177, 12, 121, 190, 67, 73, 104, 218, 2, 139, 120, 116, 174, 106, 120, 56, 162, 143, 162, 143, 199, 237, 151, 215, 129, 245, 8]
[hosts.certs.cert.details]
name = "asd"
ips = ["10.17.2.3/15"]
subnets = []
groups = ["role:role-A4YTNBOMCFJNK5OAKHQCUUVIL8"]
public_key = [10, 175, 118, 186, 191, 43, 172, 0, 152, 238, 83, 31, 38, 79, 189, 76, 149, 38, 157, 84, 200, 210, 0, 95, 37, 169, 196, 77, 214, 209, 91, 10]
is_ca = false
issuer = "9a4dd7cb5c3a086b0173f126bbf20b85ac7886a2129d2f8573acc2e20f09ec1f"
[hosts.certs.cert.details.not_before]
secs_since_epoch = 1684171628
nanos_since_epoch = 68795993
[hosts.certs.cert.details.not_after]
secs_since_epoch = 1716312428
nanos_since_epoch = 68796023
[[hosts.certs]]
id = 2
[hosts.certs.cert]
signature = [134, 249, 92, 208, 133, 181, 164, 230, 242, 79, 132, 140, 164, 28, 159, 165, 55, 176, 140, 73, 208, 50, 53, 184, 178, 242, 62, 90, 55, 187, 245, 231, 22, 89, 161, 9, 181, 56, 135, 163, 93, 102, 69, 34, 51, 139, 158, 181, 5, 207, 2, 87, 100, 236, 215, 116, 109, 43, 186, 148, 200, 235, 99, 7]
[hosts.certs.cert.details]
name = "addsd"
ips = ["10.17.2.3/15"]
subnets = []
groups = ["role:role-A4YTNBOMCFJNK5OAKHQCUUVIL8"]
public_key = [78, 139, 195, 146, 198, 211, 251, 196, 238, 154, 134, 158, 111, 25, 198, 228, 195, 108, 242, 146, 16, 45, 98, 155, 152, 116, 114, 218, 226, 137, 182, 11]
is_ca = false
issuer = "9a4dd7cb5c3a086b0173f126bbf20b85ac7886a2129d2f8573acc2e20f09ec1f"
[hosts.certs.cert.details.not_before]
secs_since_epoch = 1684171718
nanos_since_epoch = 140841799
[hosts.certs.cert.details.not_after]
secs_since_epoch = 1716312518
nanos_since_epoch = 140841859
[[hosts.config]]
id = 1
[hosts.config.config]
routines = 0
[hosts.config.config.pki]
ca = """
-----BEGIN NEBULA CERTIFICATE-----\r
Cl0KK2NvcmVAY29yZWRvZXMuZGV2J3MgT3JnYW5pemF0aW9uIFNpZ25pbmcgQ0Eo\r
y7iEowYwy+2S0AY6II2RV3kVBopKoTe3j+aT1LbZuWTR/5oQGra185GB5W63QAES\r
QGRgfmRuJOzhtWwwU4BGMo47uoncMGV41sz1NYcvwmruwhJDaYYJ51DLz3v5bYZV\r
LCxfFB661cvoq1OZ7G5ZcgY=\r
-----END NEBULA CERTIFICATE-----\r
"""
cert = """
-----BEGIN NEBULA CERTIFICATE-----\r
CoYBCgNhc2QSCYOExFCAgPj/DyIkcm9sZTpyb2xlLUE0WVROQk9NQ0ZKTks1T0FL\r
SFFDVVVWSUw4KOzWiaMGMOyys7IGOiAKr3a6vyusAJjuUx8mT71MlSadVMjSAF8l\r
qcRN1tFbCkogmk3Xy1w6CGsBc/Emu/ILhax4hqISnS+Fc6zC4g8J7B8SQHDGZ0E6\r
If65/wHMb+zqN48YG2g1WWrRNckj+DdteNsaq+q1Rq6xDHm+Q0lo2gKLeHSuang4\r
oo+ij8ftl9eB9Qg=\r
-----END NEBULA CERTIFICATE-----\r
"""
disconnect_invalid = true
[hosts.config.config.lighthouse]
interval = 60
[hosts.config.config.listen]
host = "[::]"
read_buffer = 10485760
write_buffer = 10485760
[hosts.config.config.punchy]
punch = true
respond = true
delay = ""
[hosts.config.config.relay]
[hosts.config.config.tun]
dev = "trifid1"
drop_local_broadcast = true
drop_multicast = true
[hosts.config.config.firewall]
inbound = []
[[hosts.config.config.firewall.outbound]]
port = "any"
proto = "any"
host = "any"
[[hosts.config]]
id = 2
[hosts.config.config]
routines = 0
[hosts.config.config.pki]
ca = """
-----BEGIN NEBULA CERTIFICATE-----\r
Cl0KK2NvcmVAY29yZWRvZXMuZGV2J3MgT3JnYW5pemF0aW9uIFNpZ25pbmcgQ0Eo\r
y7iEowYwy+2S0AY6II2RV3kVBopKoTe3j+aT1LbZuWTR/5oQGra185GB5W63QAES\r
QGRgfmRuJOzhtWwwU4BGMo47uoncMGV41sz1NYcvwmruwhJDaYYJ51DLz3v5bYZV\r
LCxfFB661cvoq1OZ7G5ZcgY=\r
-----END NEBULA CERTIFICATE-----\r
"""
cert = """
-----BEGIN NEBULA CERTIFICATE-----\r
CogBCgVhZGRzZBIJg4TEUICA+P8PIiRyb2xlOnJvbGUtQTRZVE5CT01DRkpOSzVP\r
QUtIUUNVVVZJTDgoxteJowYwxrOzsgY6IE6Lw5LG0/vE7pqGnm8ZxuTDbPKSEC1i\r
m5h0ctriibYLSiCaTdfLXDoIawFz8Sa78guFrHiGohKdL4VzrMLiDwnsHxJAhvlc\r
0IW1pObyT4SMpByfpTewjEnQMjW4svI+Wje79ecWWaEJtTiHo11mRSIzi561Bc8C\r
V2Ts13RtK7qUyOtjBw==\r
-----END NEBULA CERTIFICATE-----\r
"""
disconnect_invalid = true
[hosts.config.config.lighthouse]
interval = 60
[hosts.config.config.listen]
host = "[::]"
read_buffer = 10485760
write_buffer = 10485760
[hosts.config.config.punchy]
punch = true
respond = true
delay = ""
[hosts.config.config.relay]
[hosts.config.config.tun]
dev = "trifid1"
drop_local_broadcast = true
drop_multicast = true
[hosts.config.config.firewall]
inbound = []
[[hosts.config.config.firewall.outbound]]
port = "any"
proto = "any"
host = "any"
[[hosts.signing_keys]]
id = 0
key = [108, 174, 65, 117, 166, 239, 62, 150, 81, 111, 185, 79, 158, 206, 104, 43, 163, 224, 206, 219, 147, 71, 158, 88, 103, 149, 113, 152, 123, 41, 78, 255]
[[hosts.signing_keys]]
id = 1
key = [119, 226, 183, 227, 53, 121, 14, 141, 125, 165, 249, 103, 28, 60, 102, 111, 242, 63, 26, 52, 87, 29, 29, 114, 11, 62, 138, 121, 213, 245, 193, 212]
[[hosts.client_keys]]
id = 1
dh_pub = [10, 175, 118, 186, 191, 43, 172, 0, 152, 238, 83, 31, 38, 79, 189, 76, 149, 38, 157, 84, 200, 210, 0, 95, 37, 169, 196, 77, 214, 209, 91, 10]
ed_pub = [135, 237, 110, 71, 189, 155, 246, 66, 50, 229, 80, 254, 93, 99, 35, 29, 87, 138, 132, 193, 118, 216, 218, 60, 142, 178, 42, 126, 182, 25, 31, 103]
[[hosts.client_keys]]
id = 2
dh_pub = [78, 139, 195, 146, 198, 211, 251, 196, 238, 154, 134, 158, 111, 25, 198, 228, 195, 108, 242, 146, 16, 45, 98, 155, 152, 116, 114, 218, 226, 137, 182, 11]
ed_pub = [178, 77, 253, 159, 81, 137, 20, 14, 184, 230, 73, 111, 130, 129, 15, 184, 114, 90, 133, 147, 178, 252, 197, 75, 82, 33, 21, 5, 38, 238, 57, 84]
[[hosts]]
id = "host-2PXIOHLPQA3CQL8O7XD6CXMMRM"
current_signing_key = 1
current_client_key = 2
current_config = 2
current_cert = 2
[[hosts.certs]]
id = 1
[hosts.certs.cert]
signature = [160, 205, 80, 112, 16, 205, 155, 249, 221, 26, 47, 128, 2, 59, 15, 102, 153, 174, 61, 35, 207, 233, 42, 242, 212, 28, 133, 40, 189, 1, 234, 67, 24, 109, 152, 248, 130, 96, 48, 104, 69, 0, 178, 30, 103, 76, 33, 179, 216, 92, 191, 89, 6, 236, 136, 216, 9, 208, 189, 16, 140, 132, 209, 2]
[hosts.certs.cert.details]
name = "testhost4"
ips = ["10.17.4.2/15"]
subnets = []
groups = ["role:role-A4YTNBOMCFJNK5OAKHQCUUVIL8"]
public_key = [40, 175, 28, 13, 183, 102, 108, 21, 53, 79, 113, 191, 101, 74, 77, 151, 66, 146, 250, 155, 196, 38, 178, 44, 41, 186, 71, 1, 152, 237, 245, 93]
is_ca = false
issuer = "9a4dd7cb5c3a086b0173f126bbf20b85ac7886a2129d2f8573acc2e20f09ec1f"
[hosts.certs.cert.details.not_before]
secs_since_epoch = 1684172253
nanos_since_epoch = 219759539
[hosts.certs.cert.details.not_after]
secs_since_epoch = 1716313053
nanos_since_epoch = 219759579
[[hosts.certs]]
id = 2
[hosts.certs.cert]
signature = [54, 210, 5, 3, 189, 187, 221, 142, 238, 142, 175, 248, 12, 128, 6, 58, 99, 44, 248, 198, 51, 3, 152, 118, 113, 46, 41, 191, 138, 15, 120, 103, 170, 24, 229, 27, 241, 182, 236, 220, 51, 117, 224, 118, 191, 25, 84, 111, 100, 15, 53, 234, 132, 214, 213, 66, 95, 8, 44, 162, 212, 60, 151, 13]
[hosts.certs.cert.details]
name = "testhost4"
ips = ["10.17.4.2/15"]
subnets = []
groups = ["role:role-A4YTNBOMCFJNK5OAKHQCUUVIL8"]
public_key = [4, 249, 63, 6, 25, 145, 63, 132, 106, 48, 243, 192, 249, 159, 185, 160, 196, 146, 24, 7, 241, 160, 121, 122, 212, 249, 19, 213, 158, 105, 142, 86]
is_ca = false
issuer = "9a4dd7cb5c3a086b0173f126bbf20b85ac7886a2129d2f8573acc2e20f09ec1f"
[hosts.certs.cert.details.not_before]
secs_since_epoch = 1684172313
nanos_since_epoch = 739770378
[hosts.certs.cert.details.not_after]
secs_since_epoch = 1716313113
nanos_since_epoch = 739770429
[[hosts.config]]
id = 1
[hosts.config.config]
routines = 0
[hosts.config.config.pki]
ca = """
-----BEGIN NEBULA CERTIFICATE-----\r
Cl0KK2NvcmVAY29yZWRvZXMuZGV2J3MgT3JnYW5pemF0aW9uIFNpZ25pbmcgQ0Eo\r
y7iEowYwy+2S0AY6II2RV3kVBopKoTe3j+aT1LbZuWTR/5oQGra185GB5W63QAES\r
QGRgfmRuJOzhtWwwU4BGMo47uoncMGV41sz1NYcvwmruwhJDaYYJ51DLz3v5bYZV\r
LCxfFB661cvoq1OZ7G5ZcgY=\r
-----END NEBULA CERTIFICATE-----\r
"""
cert = """
-----BEGIN NEBULA CERTIFICATE-----\r
CowBCgl0ZXN0aG9zdDQSCYKIxFCAgPj/DyIkcm9sZTpyb2xlLUE0WVROQk9NQ0ZK\r
Tks1T0FLSFFDVVVWSUw4KN3biaMGMN23s7IGOiAorxwNt2ZsFTVPcb9lSk2XQpL6\r
m8QmsiwpukcBmO31XUogmk3Xy1w6CGsBc/Emu/ILhax4hqISnS+Fc6zC4g8J7B8S\r
QKDNUHAQzZv53RovgAI7D2aZrj0jz+kq8tQchSi9AepDGG2Y+IJgMGhFALIeZ0wh\r
s9hcv1kG7IjYCdC9EIyE0QI=\r
-----END NEBULA CERTIFICATE-----\r
"""
disconnect_invalid = true
[hosts.config.config.lighthouse]
am_lighthouse = true
interval = 60
[hosts.config.config.listen]
host = "[::]"
port = 5679
read_buffer = 10485760
write_buffer = 10485760
[hosts.config.config.punchy]
punch = true
respond = true
delay = ""
[hosts.config.config.relay]
[hosts.config.config.tun]
dev = "trifid1"
drop_local_broadcast = true
drop_multicast = true
[hosts.config.config.firewall]
inbound = []
[[hosts.config.config.firewall.outbound]]
port = "any"
proto = "any"
host = "any"
[[hosts.config]]
id = 2
[hosts.config.config]
routines = 0
[hosts.config.config.pki]
ca = """
-----BEGIN NEBULA CERTIFICATE-----\r
Cl0KK2NvcmVAY29yZWRvZXMuZGV2J3MgT3JnYW5pemF0aW9uIFNpZ25pbmcgQ0Eo\r
y7iEowYwy+2S0AY6II2RV3kVBopKoTe3j+aT1LbZuWTR/5oQGra185GB5W63QAES\r
QGRgfmRuJOzhtWwwU4BGMo47uoncMGV41sz1NYcvwmruwhJDaYYJ51DLz3v5bYZV\r
LCxfFB661cvoq1OZ7G5ZcgY=\r
-----END NEBULA CERTIFICATE-----\r
"""
cert = """
-----BEGIN NEBULA CERTIFICATE-----\r
CowBCgl0ZXN0aG9zdDQSCYKIxFCAgPj/DyIkcm9sZTpyb2xlLUE0WVROQk9NQ0ZK\r
Tks1T0FLSFFDVVVWSUw4KJnciaMGMJm4s7IGOiAE+T8GGZE/hGow88D5n7mgxJIY\r
B/GgeXrU+RPVnmmOVkogmk3Xy1w6CGsBc/Emu/ILhax4hqISnS+Fc6zC4g8J7B8S\r
QDbSBQO9u92O7o6v+AyABjpjLPjGMwOYdnEuKb+KD3hnqhjlG/G27NwzdeB2vxlU\r
b2QPNeqE1tVCXwgsotQ8lw0=\r
-----END NEBULA CERTIFICATE-----\r
"""
disconnect_invalid = true
[hosts.config.config.lighthouse]
am_lighthouse = true
interval = 60
[hosts.config.config.listen]
host = "[::]"
port = 5677
read_buffer = 10485760
write_buffer = 10485760
[hosts.config.config.punchy]
punch = true
respond = true
delay = ""
[hosts.config.config.relay]
[hosts.config.config.tun]
dev = "trifid1"
drop_local_broadcast = true
drop_multicast = true
[hosts.config.config.firewall]
inbound = []
[[hosts.config.config.firewall.outbound]]
port = "any"
proto = "any"
host = "any"
[[hosts.signing_keys]]
id = 0
key = [255, 84, 221, 121, 87, 225, 7, 12, 236, 8, 209, 175, 98, 20, 119, 146, 92, 177, 79, 121, 24, 243, 247, 113, 106, 212, 183, 155, 208, 55, 219, 135]
[[hosts.signing_keys]]
id = 1
key = [98, 159, 193, 58, 183, 156, 75, 17, 70, 103, 112, 6, 71, 197, 167, 152, 99, 210, 199, 40, 49, 13, 101, 72, 57, 34, 221, 237, 142, 29, 144, 175]
[[hosts.client_keys]]
id = 1
dh_pub = [40, 175, 28, 13, 183, 102, 108, 21, 53, 79, 113, 191, 101, 74, 77, 151, 66, 146, 250, 155, 196, 38, 178, 44, 41, 186, 71, 1, 152, 237, 245, 93]
ed_pub = [247, 172, 97, 223, 43, 24, 248, 133, 118, 219, 227, 72, 95, 25, 167, 179, 115, 225, 73, 211, 161, 216, 95, 140, 151, 59, 118, 39, 122, 136, 144, 245]
[[hosts.client_keys]]
id = 2
dh_pub = [4, 249, 63, 6, 25, 145, 63, 132, 106, 48, 243, 192, 249, 159, 185, 160, 196, 146, 24, 7, 241, 160, 121, 122, 212, 249, 19, 213, 158, 105, 142, 86]
ed_pub = [55, 82, 153, 75, 220, 207, 87, 221, 50, 200, 77, 9, 242, 136, 64, 91, 60, 96, 31, 100, 58, 162, 150, 147, 109, 109, 117, 188, 164, 217, 248, 140]