diff --git a/README.md b/README.md index 43c0bed..3f980e0 100644 --- a/README.md +++ b/README.md @@ -641,7 +641,7 @@ An example could be that you send a `REQCliCommand` message to some node, and yo This is a method that can be used to get the data of the message printed to console where Steward is running. -Default is to print to **stdout**, but printing to **stderr** can be done by setting the value of **methodArgs** to `"methodArgs": ["stderr"]`. +Default is to print to **stdout**, but printing to **stderr** can be done by setting the value of **methodArgs** to `"methodArgs": ["stderr"]`. If used as a **replyMethod** set the **replyMethodArgs** `"replyMethodArgs": ["stderr"],`. @@ -1415,6 +1415,12 @@ StartSubREQCliCommandCont bool ToNode Node `json:"toNode" yaml:"toNode"` // ToNodes to specify several hosts to send message to in the // form of an slice/array. +// The ToNodes field is only a concept that exists when messages +// are injected f.ex. on a socket, and there they are directly +//converted into separate node messages for each node, and from +// there the ToNodes field is not used any more within the system. +// With other words, a message that exists within Steward is always +// for just for a single node. ToNodes []Node `json:"toNodes,omitempty" yaml:"toNodes,omitempty"` // The actual data in the message. This is typically where we // specify the cli commands to execute on a node, and this is diff --git a/doc/concept/auth/auth.md b/doc/concept/auth/auth.md index 8e153dc..bd604ca 100644 --- a/doc/concept/auth/auth.md +++ b/doc/concept/auth/auth.md @@ -73,10 +73,6 @@ On the CentralAuth we need a service to verify that updating the currently store Public Keys should only be pushed to nodes that will receive message from source node of the public key. -#### Service for key rotation - -TODO - ### Auth handling and storage #### Request for operators to add authorizations for nodes @@ -118,5 +114,3 @@ Public Keys vs nodes should be implemented as a map, map `node -> publicKey`, an Flag to turn on/off signature verification for all request types. ### Verification of MethodArgs Signature against ACL - -TODO diff --git a/errorkernel.go b/errorkernel.go index 74ee808..47709e6 100644 --- a/errorkernel.go +++ b/errorkernel.go @@ -190,35 +190,6 @@ func (e *errorKernel) logConsoleOnlyIfDebug(err error, c *Configuration) { } } -// // TODO: Needs more work. -// // -// // errWithAction -// // -// // Will prepare an errorEvent to send to the errorKernel that -// // contains a channel of type errorAction. -// // The errorActionCh are returned from the function and are used -// // to create a channel between where this function is called and -// // the go routine started in the errorKernel. From where the -// // function was called we can read the channel for a response -// // given from the errorKernel, and then decide what to do based -// // on the errorAction value. -// func (e *errorKernel) errWithAction(proc process, msg Message, err error) chan errorAction { -// // Create the channel where to receive what action to do. -// errActionCh := make(chan errorAction) -// -// ev := errorEvent{ -// err: err, -// errorType: errTypeWithAction, -// process: proc, -// message: msg, -// errorActionCh: errActionCh, -// } -// -// e.errorCh <- ev -// -// return errActionCh -// } - // errorAction is used to tell the process who sent the error // what it shall do. The process who sends the error will // have to block and wait for the response on the errorActionCh. diff --git a/message_and_subject.go b/message_and_subject.go index d71e60a..144103f 100644 --- a/message_and_subject.go +++ b/message_and_subject.go @@ -14,6 +14,12 @@ type Message struct { ToNode Node `json:"toNode" yaml:"toNode"` // ToNodes to specify several hosts to send message to in the // form of an slice/array. + // The ToNodes field is only a concept that exists when messages + // are injected f.ex. on a socket, and there they are directly + //converted into separate node messages for each node, and from + // there the ToNodes field is not used any more within the system. + // With other words, a message that exists within Steward is always + // for just for a single node. ToNodes []Node `json:"toNodes,omitempty" yaml:"toNodes,omitempty"` // The Unique ID of the message ID int `json:"id" yaml:"id"` diff --git a/node_auth.go b/node_auth.go index a8332bb..bde2c34 100644 --- a/node_auth.go +++ b/node_auth.go @@ -136,7 +136,6 @@ func (n *nodeAcl) loadFromFile() error { // saveToFile will save the acl to file for persistent storage. // An error is returned if it fails. -// TODO: HERE: not saving deleted wildcard map entry for some reason! func (n *nodeAcl) saveToFile() error { fh, err := os.OpenFile(n.filePath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { diff --git a/processes.go b/processes.go index 42adcb3..b6a073c 100644 --- a/processes.go +++ b/processes.go @@ -338,7 +338,7 @@ func (s startup) pubREQKeysRequestUpdate(p process) { ticker := time.NewTicker(time.Second * time.Duration(p.configuration.REQKeysRequestUpdateInterval)) for { - // TODO: We could send with the hash of the currently stored keys, + // Send a message with the hash of the currently stored keys, // so we would know on the subscriber at central if it should send // and update with new keys back. @@ -394,8 +394,8 @@ func (s startup) pubREQAclRequestUpdate(p process) { ticker := time.NewTicker(time.Second * time.Duration(p.configuration.REQAclRequestUpdateInterval)) for { - // TODO: We could send with the hash of the currently stored hash, - // so we would know on the subscriber at central if it should send + // Send a message with the hash of the currently stored acl's, + // so we would know for the subscriber at central if it should send // and update with new keys back. proc.nodeAuth.nodeAcl.mu.Lock() diff --git a/requests.go b/requests.go index dbebe1c..7d14dc6 100644 --- a/requests.go +++ b/requests.go @@ -454,7 +454,11 @@ func newReplyMessage(proc process, message Message, outData []byte) { // ringbuffer to be published. // TODO: Check that we still got all the fields present that are needed here. newMsg := Message{ - ToNode: message.FromNode, + ToNode: message.FromNode, + // The ToNodes field is not needed since it only a concept that exists when messages + // are injected f.ex. on a socket, and there they are directly converted into separate + // node messages. With other words a message in the system are only for single nodes, + // so we don't have to worry about the ToNodes field when creating reply messages. FromNode: message.ToNode, Data: outData, Method: message.ReplyMethod, diff --git a/requests_acl.go b/requests_acl.go index 545670a..019b74e 100644 --- a/requests_acl.go +++ b/requests_acl.go @@ -53,16 +53,6 @@ func (m methodREQAclRequestUpdate) handler(proc process, message Message, node s proc.centralAuth.accessLists.schemaGenerated.mu.Lock() defer proc.centralAuth.accessLists.schemaGenerated.mu.Unlock() - // DEBUGGING: - //{ - // proc.centralAuth.accessLists.schemaMain.mu.Lock() - // fmt.Printf("\n --- DEBUGGING: subscriber methodREQAclRequestUpdate: schemaGenerated contains: %v\n\n", proc.centralAuth.accessLists.schemaGenerated) - // fmt.Printf("\n --- DEBUGGING: subscriber methodREQAclRequestUpdate: schemaMain contains: %v\n\n", proc.centralAuth.accessLists.schemaMain) - // proc.centralAuth.accessLists.schemaMain.mu.Unlock() - // - // // TODO: PROBLEM: The existing generated acl's are not loaded when starting, or not stored at all. - //} - log.Printf(" ---- subscriber methodREQAclRequestUpdate: got acl hash from NODE=%v, HASH data =%v\n", message.FromNode, message.Data) // Check if the received hash is the same as the one currently active, @@ -879,9 +869,6 @@ func (m methodREQAclExport) handler(proc process, message Message, node string) // --- -// TODO: IMPORTANT: We also need to add importing and exporting of the groups to the -// import and export methods. - type methodREQAclImport struct { event Event } diff --git a/requests_keys.go b/requests_keys.go index db09c90..ce67cc4 100644 --- a/requests_keys.go +++ b/requests_keys.go @@ -88,8 +88,6 @@ func (m methodREQKeysRequestUpdate) handler(proc process, message Message, node // structure is the same as the other handlers. select { case <-ctx.Done(): - // TODO: Should we receive a hash of he current keys from the node here - // to verify if we need to update or not ? case outCh <- []byte{}: } }() @@ -164,7 +162,6 @@ func (m methodREQKeysDeliverUpdate) handler(proc process, message Message, node // structure is the same as the other handlers. select { case <-ctx.Done(): - // TODO: Should we receive a hash of he current keys from the node here ? case outCh <- []byte{}: } }() @@ -223,8 +220,6 @@ func (m methodREQKeysDeliverUpdate) handler(proc process, message Message, node // ---- -// TODO: We should also add a request method methodREQPublicKeysRevoke - type methodREQKeysAllow struct { event Event } @@ -293,10 +288,6 @@ func (m methodREQKeysAllow) handler(proc process, message Message, node string) // representing the current keys in the allowed map. proc.centralAuth.updateHash(proc, message) - // TODO: FAILS: The push keys updates when change fails with that the - // subscriber gets stuck. Need to look more into this later. - // Disabling for now since the node will update at the timed interval. - // // If new keys were allowed into the main map, we should send out one // single update to all the registered nodes to inform of an update. // NB: If a node is not reachable at the time the update is sent it is diff --git a/server.go b/server.go index 907225e..3a7dbbf 100644 --- a/server.go +++ b/server.go @@ -448,8 +448,6 @@ func (s *server) routeMessagesToProcess(dbFileName string) { // Signal back to the ringbuffer that message have been picked up. samDBVal.delivered() - // TODO HERE!: The message will be dropped here since the method for copy uid does not exist - sam := samDBVal.samDBValue.Data // Check if the format of the message is correct. if _, ok := methodsAvailable.CheckIfExists(sam.Message.Method); !ok {