added logic and starting of REQAclRequestUpdate

central_auth_acl_handling.go

@@ -94,7 +94,7 @@ func newSchemaGenerated() *schemaGenerated {
 // HostACLsSerializedWithHash holds the serialized representation node specific ACL's in the authSchema.
 // There is also a sha256 hash of the data.
 type HostACLsSerializedWithHash struct {
-	// data is all the ACL's for a specific node serialized.
+	// data is all the ACL's for a specific node serialized serialized into cbor.
 	Data []byte
 	// hash is the sha256 hash of the ACL's.
 	// With maps the order are not guaranteed, so A sorted appearance

processes.go

@@ -180,6 +180,9 @@ func (p *processes) Start(proc process) {
 	if proc.configuration.IsCentralAuth {
 		proc.startup.subREQKeysRequestUpdate(proc)
 		proc.startup.subREQKeysAllow(proc)
+
+		proc.startup.subREQAclRequestUpdate(proc)
+
 		proc.startup.subREQAclAddCommand(proc)
 		proc.startup.subREQAclDeleteCommand(proc)
 		proc.startup.subREQAclDeleteSource(proc)
@@ -379,6 +382,13 @@ func (s startup) subREQKeysRequestUpdate(p process) {
 	go proc.spawnWorker()
 }
 
+func (s startup) subREQKeysDeliverUpdate(p process) {
+	log.Printf("Starting Public keys to Node subscriber: %#v\n", p.node)
+	sub := newSubject(REQKeysDeliverUpdate, string(p.node))
+	proc := newProcess(p.ctx, s.server, sub, processKindSubscriber, nil)
+	go proc.spawnWorker()
+}
+
 func (s startup) subREQKeysAllow(p process) {
 	log.Printf("Starting Public keys allow subscriber: %#v\n", p.node)
 	sub := newSubject(REQKeysAllow, string(p.node))
@@ -386,13 +396,15 @@ func (s startup) subREQKeysAllow(p process) {
 	go proc.spawnWorker()
 }
 
-func (s startup) subREQKeysDeliverUpdate(p process) {
-	log.Printf("Starting Public keys to Node subscriber: %#v\n", p.node)
-	sub := newSubject(REQKeysDeliverUpdate, string(p.node))
+func (s startup) subREQAclRequestUpdate(p process) {
+	log.Printf("Starting Acl Request update subscriber: %#v\n", p.node)
+	sub := newSubject(REQAclRequestUpdate, string(p.node))
 	proc := newProcess(p.ctx, s.server, sub, processKindSubscriber, nil)
 	go proc.spawnWorker()
 }
 
+// HERE!
+
 func (s startup) subREQAclAddCommand(p process) {
 	log.Printf("Starting Acl Add Command subscriber: %#v\n", p.node)
 	sub := newSubject(REQAclAddCommand, string(p.node))

requests.go

@@ -124,13 +124,16 @@ const (
 
 	// REQPublicKey will get the public ed25519 key from a node.
 	REQPublicKey Method = "REQPublicKey"
-	// REQKeysRequestUpdate will get all the public keys from central.
+	// REQKeysRequestUpdate will get all the public keys from central if an update is available.
 	REQKeysRequestUpdate Method = "REQKeysRequestUpdate"
 	// REQKeysDeliverUpdate will deliver the public from central to a node.
 	REQKeysDeliverUpdate Method = "REQKeysDeliverUpdate"
 	// REQKeysAllow
 	REQKeysAllow Method = "REQKeysAllow"
 
+	// REQAclRequestUpdate will get all node acl's from central if an update is available.
+	REQAclRequestUpdate Method = "REQAclRequestUpdate"
+
 	// REQAclAddCommand
 	REQAclAddCommand = "REQAclAddCommand"
 	// REQAclDeleteCommand
@@ -248,6 +251,11 @@ func (m Method) GetMethodsAvailable() MethodsAvailable {
 			REQKeysAllow: methodREQKeysAllow{
 				event: EventACK,
 			},
+
+			REQAclRequestUpdate: methodREQAclRequestUpdate{
+				event: EventNACK,
+			},
+
 			REQAclAddCommand: methodREQAclAddCommand{
 				event: EventACK,
 			},

requests_acl.go

@@ -2,7 +2,6 @@ package steward
 
 import (
 	"bytes"
-	"encoding/json"
 	"fmt"
 )
 
@@ -42,30 +41,25 @@ func (m methodREQAclRequestUpdate) handler(proc process, message Message, node s
 			// Using a func here to set the scope of the lock, and then be able to
 			// defer the unlock when leaving that scope.
 			func() {
-				proc.centralAuth.pki.nodesAcked.mu.Lock()
-				defer proc.centralAuth.pki.nodesAcked.mu.Unlock()
+				proc.centralAuth.accessLists.schemaGenerated.mu.Lock()
+				defer proc.centralAuth.accessLists.schemaGenerated.mu.Unlock()
 
 				fmt.Printf(" <---- methodREQKeysRequestUpdate: received acl hash from NODE=%v, HASH=%v\n", message.FromNode, message.Data)
 
 				// Check if the received hash is the same as the one currently active,
-				// TODO: Replace this with checking the ACL hash for the node.
-				if bytes.Equal(proc.centralAuth.pki.nodesAcked.keysAndHash.Hash[:], message.Data) {
-					fmt.Printf("\n ------------ NODE AND CENTRAL ARE EQUAL, NOTHING TO DO, EXITING HANDLER\n\n")
+				// If it is the same we exit the handler immediately.
+				hash32 := proc.centralAuth.accessLists.schemaGenerated.GeneratedACLsMap[message.FromNode].Hash
+				hash := hash32[:]
+				if bytes.Equal(hash, message.Data) {
+					fmt.Printf("\n ------------ NODE AND CENTRAL HAVE EQUAL ACL HASH, NOTHING TO DO, EXITING HANDLER\n\n")
 					return
 				}
 
-				fmt.Printf("\n ------------ NODE AND CENTRAL WERE NOT EQUAL, PREPARING TO SEND NEW VERSION OF KEYS\n\n")
+				fmt.Printf("\n ------------ NODE AND CENTRAL WERE NOT EQUAL ACL, PREPARING TO SEND NEW VERSION OF KEYS\n\n")
 
-				fmt.Printf(" *     methodREQKeysRequestUpdate: marshalling new keys and hash to send: map=%v, hash=%v\n\n", proc.centralAuth.pki.nodesAcked.keysAndHash.Keys, proc.centralAuth.pki.nodesAcked.keysAndHash.Hash)
-
-				b, err := json.Marshal(proc.centralAuth.pki.nodesAcked.keysAndHash)
-
-				if err != nil {
-					er := fmt.Errorf("error: methodREQKeysRequestUpdate, failed to marshal keys map: %v", err)
-					proc.errorKernel.errSend(proc, message, er)
-				}
-				fmt.Printf("\n ----> methodREQKeysRequestUpdate: SENDING KEYS TO NODE=%v\n", message.FromNode)
-				newReplyMessage(proc, message, b)
+				fmt.Printf("\n ----> methodREQKeysRequestUpdate: SENDING ACL'S TO NODE=%v\n", message.FromNode)
+				// TODO: PUT THE BELOW LINE BACK AGAIN WHEN DONE TESTING!
+				// newReplyMessage(proc, message, proc.centralAuth.accessLists.schemaGenerated.GeneratedACLsMap[message.FromNode].Data)
 			}()
 		}
 	}()