jpictl/pkg/zones/machine_rings.go

package zones

import (
	"bytes"
	"fmt"
	"os"

	"darvaza.org/core"

	"git.jpi.io/amery/jpictl/pkg/wireguard"
)

// GetWireguardConfig reads a wgN.conf file
func (m *Machine) GetWireguardConfig(ring int) (*wireguard.Config, error) {
	data, err := m.ReadFile("wg%v.conf", ring)
	if err != nil {
		return nil, err
	}

	r := bytes.NewReader(data)
	return wireguard.NewConfigFromReader(r)
}

func (m *Machine) tryApplyWireguardConfig(ring int) error {
	wg, err := m.GetWireguardConfig(ring)
	switch {
	case os.IsNotExist(err):
		return nil
	case err != nil:
		return err
	default:
		return m.applyWireguardConfig(ring, wg)
	}
}

func (m *Machine) applyWireguardConfig(ring int, wg *wireguard.Config) error {
	addr := wg.GetAddress()
	zoneID, nodeID, ok := Rings[ring].Decode(addr)
	if !ok {
		return fmt.Errorf("%s: invalid wg%v address: %s", m.Name, ring, addr)
	}

	if err := m.applyZoneNodeID(zoneID, nodeID); err != nil {
		err = core.Wrapf(err, "%s: wg%v:%s", m.Name, ring, addr)
		return err
	}

	if err := m.applyWireguardInterfaceConfig(ring, wg.Interface); err != nil {
		err = core.Wrapf(err, "%s: wg%v:%s", m.Name, ring, addr)
		return err
	}

	for _, peer := range wg.Peer {
		if err := m.applyWireguardPeerConfig(ring, peer); err != nil {
			err = core.Wrapf(err, "%s: wg%v:%s", m.Name, ring, addr)
			return err
		}
	}

	return nil
}

func (m *Machine) getRingInfo(ring int) (*RingInfo, bool) {
	for _, ri := range m.RingAddresses {
		if ri.Ring == ring {
			return ri, true
		}
	}

	return nil, false
}

func (m *Machine) applyRingInfo(ring int, new *RingInfo) error {
	cur, found := m.getRingInfo(ring)
	if !found {
		// first, append
		m.RingAddresses = append(m.RingAddresses, new)
		return nil
	}

	// extra, merge
	return cur.Merge(new)
}

func (m *Machine) applyWireguardInterfaceConfig(ring int, data wireguard.InterfaceConfig) error {
	ri := &RingInfo{
		Ring:    ring,
		Enabled: true,
		Address: data.Address,
		Keys: &wireguard.KeyPair{
			PrivateKey: data.PrivateKey,
		},
	}

	return m.applyRingInfo(ring, ri)
}

func (m *Machine) applyWireguardPeerConfig(ring int, pc wireguard.PeerConfig) error {
	peer, found := m.getPeerByName(pc.Endpoint.Name())
	switch {
	case !found:
		// unknown
	case ring == 1 && m.zone != peer.zone:
		// invalid zone
	default:
		// apply RingInfo
		ri := &RingInfo{
			Ring:    ring,
			Enabled: true,
			Keys: &wireguard.KeyPair{
				PublicKey: pc.PublicKey,
			},
		}

		return peer.applyRingInfo(ring, ri)
	}

	return fmt.Errorf("%q: invalid peer endpoint", pc.Endpoint.Host)
}

func (m *Machine) applyZoneNodeID(zoneID, nodeID int) error {
	switch {
	case zoneID == 0:
		return fmt.Errorf("invalid %s", "zoneID")
	case nodeID == 0:
		return fmt.Errorf("invalid %s", "nodeID")
	case m.ID() != nodeID:
		return fmt.Errorf("invalid %s: %v ≠ %v", "zoneID", m.ID(), nodeID)
	case m.zone.ID != 0 && m.zone.ID != zoneID:
		return fmt.Errorf("invalid %s: %v ≠ %v", "zoneID", m.zone.ID, zoneID)
	case m.zone.ID == 0:
		m.zone.ID = zoneID
	}

	return nil
}
zones: set zoneID based on wireguard config files Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`package zones`

			`import (`
			`"bytes"`
			`"fmt"`
			`"os"`

			`"darvaza.org/core"`

			`"git.jpi.io/amery/jpictl/pkg/wireguard"`
			`)`

			`// GetWireguardConfig reads a wgN.conf file`
			`func (m Machine) GetWireguardConfig(ring int) (wireguard.Config, error) {`
			`data, err := m.ReadFile("wg%v.conf", ring)`
			`if err != nil {`
			`return nil, err`
			`}`

			`r := bytes.NewReader(data)`
			`return wireguard.NewConfigFromReader(r)`
			`}`

			`func (m *Machine) tryApplyWireguardConfig(ring int) error {`
			`wg, err := m.GetWireguardConfig(ring)`
			`switch {`
			`case os.IsNotExist(err):`
			`return nil`
			`case err != nil:`
			`return err`
			`default:`
			`return m.applyWireguardConfig(ring, wg)`
			`}`
			`}`

			`func (m Machine) applyWireguardConfig(ring int, wg wireguard.Config) error {`
			`addr := wg.GetAddress()`
			`zoneID, nodeID, ok := Rings[ring].Decode(addr)`
			`if !ok {`
			`return fmt.Errorf("%s: invalid wg%v address: %s", m.Name, ring, addr)`
			`}`

			`if err := m.applyZoneNodeID(zoneID, nodeID); err != nil {`
			`err = core.Wrapf(err, "%s: wg%v:%s", m.Name, ring, addr)`
			`return err`
			`}`

zones: import wireguard keys from wgN.conf files Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`if err := m.applyWireguardInterfaceConfig(ring, wg.Interface); err != nil {`
			`err = core.Wrapf(err, "%s: wg%v:%s", m.Name, ring, addr)`
			`return err`
			`}`

			`for _, peer := range wg.Peer {`
			`if err := m.applyWireguardPeerConfig(ring, peer); err != nil {`
			`err = core.Wrapf(err, "%s: wg%v:%s", m.Name, ring, addr)`
			`return err`
			`}`
			`}`

zones: set zoneID based on wireguard config files Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`return nil`
			`}`

zones: introduce Machine.getRingInfo() and refactor Machine.applyRingInfo() Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`func (m Machine) getRingInfo(ring int) (RingInfo, bool) {`
zones: import wireguard keys from wgN.conf files Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`for _, ri := range m.RingAddresses {`
			`if ri.Ring == ring {`
zones: introduce Machine.getRingInfo() and refactor Machine.applyRingInfo() Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`return ri, true`
zones: import wireguard keys from wgN.conf files Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`}`
			`}`

zones: introduce Machine.getRingInfo() and refactor Machine.applyRingInfo() Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`return nil, false`
			`}`

			`func (m Machine) applyRingInfo(ring int, new RingInfo) error {`
			`cur, found := m.getRingInfo(ring)`
			`if !found {`
zones: import wireguard keys from wgN.conf files Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`// first, append`
			`m.RingAddresses = append(m.RingAddresses, new)`
			`return nil`
			`}`

			`// extra, merge`
			`return cur.Merge(new)`
			`}`

			`func (m *Machine) applyWireguardInterfaceConfig(ring int, data wireguard.InterfaceConfig) error {`
			`ri := &RingInfo{`
			`Ring: ring,`
			`Enabled: true,`
			`Address: data.Address,`
			`Keys: &wireguard.KeyPair{`
			`PrivateKey: data.PrivateKey,`
			`},`
			`}`

			`return m.applyRingInfo(ring, ri)`
			`}`

			`func (m *Machine) applyWireguardPeerConfig(ring int, pc wireguard.PeerConfig) error {`
			`peer, found := m.getPeerByName(pc.Endpoint.Name())`
			`switch {`
			`case !found:`
			`// unknown`
			`case ring == 1 && m.zone != peer.zone:`
			`// invalid zone`
			`default:`
			`// apply RingInfo`
			`ri := &RingInfo{`
			`Ring: ring,`
			`Enabled: true,`
			`Keys: &wireguard.KeyPair{`
			`PublicKey: pc.PublicKey,`
			`},`
			`}`

			`return peer.applyRingInfo(ring, ri)`
			`}`

			`return fmt.Errorf("%q: invalid peer endpoint", pc.Endpoint.Host)`
			`}`

zones: set zoneID based on wireguard config files Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`func (m *Machine) applyZoneNodeID(zoneID, nodeID int) error {`
			`switch {`
			`case zoneID == 0:`
			`return fmt.Errorf("invalid %s", "zoneID")`
			`case nodeID == 0:`
			`return fmt.Errorf("invalid %s", "nodeID")`
			`case m.ID() != nodeID:`
			`return fmt.Errorf("invalid %s: %v ≠ %v", "zoneID", m.ID(), nodeID)`
			`case m.zone.ID != 0 && m.zone.ID != zoneID:`
			`return fmt.Errorf("invalid %s: %v ≠ %v", "zoneID", m.zone.ID, zoneID)`
			`case m.zone.ID == 0:`
			`m.zone.ID = zoneID`
			`}`

			`return nil`
			`}`