Implement vpn crud apis (#294)

Author: michaeljguarino

lib/console/application.ex

@@ -12,6 +12,7 @@ defmodule Console.Application do
       Console.Clustering.Connect,
       Console.Commands.Configuration,
       Console.Plural.Config,
+      Console.Features,
       Console.Cron,
       Console.Cache,
       Console.ReplicatedCache,
@@ -20,6 +21,7 @@ defmodule Console.Application do
       {Absinthe.Subscription, [ConsoleWeb.Endpoint]},
       Console.Cached.Namespace,
       Console.Cached.Pod,
+      Console.Cached.VPN,
       {OpenIDConnect.Worker, Application.get_env(:console, :oidc_providers)},
     ] ++ consumers() ++ [
       Piazza.GracefulShutdown

lib/console/cached/kubernetes.ex

@@ -2,7 +2,6 @@ defmodule Console.Cached.Kubernetes do
   use GenServer
   alias Kazan.Watcher
   alias ETS.KeyValueSet
-  alias Kazan.Models.Apimachinery.Meta.V1, as: MetaV1
   require Logger
 
   defmodule State, do: defstruct [:table, :model, :pid]
@@ -29,9 +28,16 @@ defmodule Console.Cached.Kubernetes do
     |> Enum.map(fn {_, v} -> v end)
   end
 
+  def get(name, key) do
+    case KeyValueSet.wrap_existing(name) do
+      {:ok, set} -> set[key]
+      _ -> nil
+    end
+  end
+
   def handle_info({:start, request}, %State{table: table, model: model} = state) do
     Logger.info "starting namespace watcher"
-    {:ok, %{items: instances, metadata: %MetaV1.ListMeta{resource_version: vsn}}} = Kazan.run(request)
+    {:ok, %{items: instances, metadata: %{resource_version: vsn}}} = Kazan.run(request)
     {:ok, pid} = Watcher.start_link(%{request | response_model: model}, send_to: self(), resource_vsn: vsn)
 
     :timer.send_interval(5000, :watcher_ping)

lib/console/cached/vpn.ex

@@ -0,0 +1,28 @@
+defmodule Console.Cached.VPN do
+  @moduledoc """
+  This genserver will query and poll all pods then cache them in-memory.  This is to accelerate pod lookups since
+  it's pretty damn slow currently
+  """
+  use Console.Cached.Base
+  import Kube.Client.Base, only: [path_builder: 4]
+  alias Kube.{WireguardServer, WireguardServerList}
+
+  def start_link(), do: Console.Cached.Kubernetes.start_link(__MODULE__, vpn_request(), WireguardServer)
+
+  def start(), do: Console.Cached.Kubernetes.start(__MODULE__, vpn_request(), WireguardServer)
+
+  def fetch(), do: Console.Cached.Kubernetes.fetch(__MODULE__)
+
+  def get(key), do: Console.Cached.Kubernetes.get(__MODULE__, key)
+
+  defp vpn_request() do
+    %Kazan.Request{
+      method: "get",
+      path: path_builder("vpn.plural.sh", "v1alpha1", "wireguardservers", Console.namespace("wireguard")),
+      body: "",
+      query_params: %{},
+      content_type: "application/json",
+      response_model: WireguardServerList
+    }
+  end
+end

lib/console/configuration.ex

@@ -1,12 +1,14 @@
 defmodule Console.Configuration do
-  defstruct [:git_commit, :is_demo_project, :is_sandbox, :plural_login]
+  defstruct [:git_commit, :is_demo_project, :is_sandbox, :plural_login, :vpn_enabled, :features]
 
   def new() do
     %__MODULE__{
       git_commit: Console.conf(:git_commit),
       is_demo_project: Console.conf(:is_demo_project),
       is_sandbox: Console.sandbox?(),
-      plural_login: Console.conf(:plural_login)
+      plural_login: Console.conf(:plural_login),
+      vpn_enabled: Console.Services.VPN.enabled?(),
+      features: Console.Features.fetch()
     }
   end
 end

lib/console/features.ex

@@ -0,0 +1,39 @@
+defmodule Console.Features do
+  use GenServer
+  alias Console.Plural.{Accounts, Account, Features}
+
+  def start_link(_opts \\ :ok) do
+    GenServer.start_link(__MODULE__, :ok, name: __MODULE__)
+  end
+
+  def start() do
+    GenServer.start_link(__MODULE__, :ok)
+  end
+
+  def init(_) do
+    if Console.conf(:initialize) do
+      :timer.send_interval(:timer.seconds(60), :poll)
+      send self(), :poll
+    end
+
+    {:ok, %Features{}}
+  end
+
+  def available?(feature) do
+    case fetch() do
+      %{^feature => true} -> true
+      _ -> false
+    end
+  end
+
+  def fetch(), do: GenServer.call(__MODULE__, :fetch)
+
+  def handle_call(:fetch, _, state), do: {:reply, state, state}
+
+  def handle_info(:poll, state) do
+    case Accounts.account() do
+      {:ok, %Account{availableFeatures: %Features{} = feats}} -> {:noreply, feats}
+      _ -> {:noreply, state}
+    end
+  end
+end

lib/console/graphql.ex

@@ -2,7 +2,7 @@ defmodule Console.GraphQl do
   use Absinthe.Schema
   use Absinthe.Relay.Schema, :modern
   import Console.GraphQl.Helpers
-  alias Console.GraphQl.Resolvers.{Build, User, Kubecost, License}
+  alias Console.GraphQl.Resolvers.{Build, User, Kubecost, License, UserLoader}
 
   import_types Absinthe.Type.Custom
   import_types Absinthe.Plug.Types
@@ -23,7 +23,8 @@ defmodule Console.GraphQl do
     Build,
     User,
     Kubecost,
-    License
+    License,
+    UserLoader
   ]
 
   def context(ctx) do

lib/console/graphql/configuration.ex

@@ -29,11 +29,17 @@ defmodule Console.GraphQl.Configuration do
     field :output, :string
   end
 
+  object :available_features do
+    field :vpn, :boolean
+  end
+
   object :console_configuration do
     field :git_commit,      :string
     field :is_demo_project, :boolean
     field :is_sandbox,      :boolean
     field :plural_login,    :boolean
+    field :vpn_enabled,     :boolean
+    field :features,        :available_features
 
     field :manifest,        :plural_manifest, resolve: fn
       _, _, _ ->

lib/console/graphql/kubernetes.ex

@@ -1,7 +1,8 @@
 defmodule Console.GraphQl.Kubernetes do
   use Console.GraphQl.Schema.Base
   alias Console.GraphQl.Resolvers.Kubernetes
-  alias Console.Middleware.{Authenticated, AdminRequired, Rbac}
+  alias Console.GraphQl.Resolvers.VPN
+  alias Console.Middleware.{Authenticated, AdminRequired, Rbac, Feature}
 
   object :metadata do
     field :labels,      list_of(:label_pair), resolve: fn %{labels: labels}, _, _ -> {:ok, make_labels(labels)} end
@@ -63,6 +64,7 @@ defmodule Console.GraphQl.Kubernetes do
   import_types Console.GraphQl.Kubernetes.ConfigurationOverlay
   import_types Console.GraphQl.Kubernetes.VerticalPodAutoscaler
   import_types Console.GraphQl.Kubernetes.Namespace
+  import_types Console.GraphQl.Kubernetes.VPN
 
   delta :application
 
@@ -164,6 +166,26 @@ defmodule Console.GraphQl.Kubernetes do
       safe_resolve &Kubernetes.list_all_pods/2
     end
 
+    field :wireguard_peers, list_of(:wireguard_peer) do
+      middleware Authenticated
+      middleware AdminRequired
+
+      safe_resolve &VPN.list_peers/2
+    end
+
+    field :my_wireguard_peers, list_of(:wireguard_peer) do
+      middleware Authenticated
+
+      safe_resolve &VPN.list_my_peers/2
+    end
+
+    field :wireguard_peer, :wireguard_peer do
+      middleware Authenticated
+      arg :name, non_null(:string)
+
+      safe_resolve &VPN.get_peer/2
+    end
+
     field :cached_pods, list_of(:pod) do
       middleware Authenticated
       arg :namespaces, list_of(:string)
@@ -241,6 +263,26 @@ defmodule Console.GraphQl.Kubernetes do
 
       safe_resolve &Kubernetes.execute_overlay/2
     end
+
+    field :create_peer, :wireguard_peer do
+      middleware Authenticated
+      middleware AdminRequired
+      middleware Feature, :vpn
+      arg :user_id, :id
+      arg :email,   :string
+      arg :name,    non_null(:string)
+
+      safe_resolve &VPN.create_peer/2
+    end
+
+    field :delete_peer, :wireguard_peer do
+      middleware Authenticated
+      middleware AdminRequired
+      middleware Feature, :vpn
+      arg :name,    non_null(:string)
+
+      safe_resolve &VPN.delete_peer/2
+    end
   end
 
   object :kubernetes_subscriptions do

lib/console/graphql/kubernetes/vpn.ex

@@ -0,0 +1,48 @@
+defmodule Console.GraphQl.Kubernetes.VPN do
+  use Console.GraphQl.Schema.Base
+  import Console.GraphQl.Kubernetes.Base
+  alias Console.GraphQl.Resolvers.UserLoader
+
+  object :wireguard_peer do
+    field :metadata, non_null(:metadata)
+    field :status,   non_null(:wireguard_peer_status)
+    field :spec,     non_null(:wireguard_peer_spec)
+
+    field :config, :string, resolve: fn
+      peer, _, _ -> Console.Services.VPN.config(peer)
+    end
+
+    field :user, :user, resolve: fn
+      %{metadata: %{labels: %{"vpn.plural.sh/email" => email}}}, _, %{context: %{loader: loader}} when is_binary(email) ->
+        loader
+        |> Dataloader.load(UserLoader, :email, email)
+        |> on_load(fn loader ->
+          {:ok, Dataloader.get(loader, UserLoader, :email, email)}
+        end)
+      _, _, _ -> {:ok, nil}
+    end
+
+    field :raw, non_null(:string), resolve: fn model, _, _ -> encode(model) end
+  end
+
+  object :wireguard_server do
+    field :metadata, non_null(:metadata)
+    field :status,   non_null(:wireguard_server_status)
+
+    field :raw, non_null(:string), resolve: fn model, _, _ -> encode(model) end
+  end
+
+  object :wireguard_peer_status do
+    field :ready,     :boolean
+    field :conditions, list_of(:status_condition)
+  end
+
+  object :wireguard_peer_spec do
+    field :wireguard_ref, :string
+  end
+
+  object :wireguard_server_status do
+    field :ready,      :boolean
+    field :conditions, list_of(:status_condition)
+  end
+end

lib/console/graphql/middleware/feature.ex

@@ -0,0 +1,11 @@
+defmodule Console.Middleware.Feature do
+  @behaviour Absinthe.Middleware
+  alias Console.Features
+
+  def call(resolution, feature) do
+    case Features.available?(feature) do
+      true -> resolution
+      _ -> Absinthe.Resolution.put_result(resolution, {:error, "you don't have the #{feature} enabled"})
+    end
+  end
+end