Merge pull request #1023 from NordSecurity/teliod_uid

LLT-5866: Remove app_user_uid from the teliod config.
NordSecurity · Jan 6, 2025 · 554b1b4 · 554b1b4
2 parents f659394 + bf602d5
commit 554b1b4
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 32 deletions.
diff --git a/.unreleased/LLT-5866_teliod_remove_app_user_uid_config b/.unreleased/LLT-5866_teliod_remove_app_user_uid_config
diff --git a/clis/teliod/example_teliod_config.json b/clis/teliod/example_teliod_config.json
@@ -2,7 +2,6 @@
     "log_level": "trace",
     "log_file_path": "example_log_file.log",
     "authentication_token": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
-    "app_user_uid": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
     "interface": {
       "name": "utun10",
       "config_provider": "manual"

diff --git a/clis/teliod/src/config.rs b/clis/teliod/src/config.rs
@@ -3,7 +3,7 @@ use std::{num::NonZeroU64, path::PathBuf, str::FromStr};
 use serde::{de, Deserialize, Deserializer, Serialize, Serializer};
 use smart_default::SmartDefault;
 use std::fs;
-use tracing::{debug, info, level_filters::LevelFilter};
+use tracing::{debug, info, level_filters::LevelFilter, warn};
 use uuid::Uuid;
 
 use telio::crypto::SecretKey;
@@ -60,26 +60,30 @@ fn reconnect_after_expiry_default() -> Percentage {
 
 #[derive(Serialize, Deserialize, Debug, Default)]
 pub struct DeviceIdentity {
-    pub hw_identifier: String,
+    pub hw_identifier: Uuid,
     pub private_key: SecretKey,
     pub machine_identifier: String,
 }
 
-pub fn generate_hw_identifier(private_key: SecretKey) -> String {
+pub fn generate_hw_identifier() -> Uuid {
     // Generate hw_identifier
-    let public_key = private_key.public();
-    debug!("Generating hw identifier");
-    format!("{}.{}", public_key, "teliod")
+    debug!("Generating a new hw identifier");
+    Uuid::new_v4()
 }
 
 impl DeviceIdentity {
     pub fn from_file(identity_path: &PathBuf) -> Option<DeviceIdentity> {
-        info!("Fetching config");
+        info!("Fetching identity config");
 
         if let Ok(file) = fs::File::open(identity_path) {
-            debug!("found existing config.");
+            debug!(
+                "Found existing identity config {}",
+                identity_path.to_string_lossy()
+            );
             if let Ok(c) = serde_json::from_reader(file) {
                 return Some(c);
+            } else {
+                warn!("Reading identity config failed");
             }
         }
         None
@@ -96,8 +100,6 @@ pub struct TeliodDaemonConfig {
     pub log_file_path: String,
     pub interface: InterfaceConfig,
 
-    pub app_user_uid: Uuid,
-
     #[serde(
         deserialize_with = "deserialize_authentication_token",
         serialize_with = "serialize_authentication_token"
@@ -123,9 +125,6 @@ impl TeliodDaemonConfig {
         if let Some(authentication_token) = update.authentication_token {
             self.authentication_token = authentication_token;
         }
-        if let Some(app_user_uid) = update.app_user_uid {
-            self.app_user_uid = app_user_uid;
-        }
         if let Some(interface) = update.interface {
             self.interface = interface;
         }
@@ -274,7 +273,6 @@ mod tests {
         let expected = TeliodDaemonConfig {
             log_level: LevelFilter::INFO,
             log_file_path: "test.log".to_owned(),
-            app_user_uid: Uuid::from_str("2ba97921-38d7-4736-9d47-261cf3e5c223").unwrap(),
             interface: InterfaceConfig {
                 name: "utun10".to_owned(),
                 config_provider: InterfaceConfigurationProvider::Manual,
@@ -294,7 +292,6 @@ mod tests {
             let json = r#"{
             "log_level": "Info",
             "log_file_path": "test.log",
-            "app_user_uid": "2ba97921-38d7-4736-9d47-261cf3e5c223",
             "interface": {
                 "name": "utun10",
                 "config_provider": "manual"
@@ -309,7 +306,6 @@ mod tests {
             let json = r#"{
                 "log_level": "Info",
                 "log_file_path": "test.log",
-                "app_user_uid": "2ba97921-38d7-4736-9d47-261cf3e5c223",
                 "interface": {
                     "name": "utun10",
                     "config_provider": "manual"

diff --git a/clis/teliod/src/core_api.rs b/clis/teliod/src/core_api.rs
@@ -71,22 +71,19 @@ fn build_backoff() -> Result<ExponentialBackoff, Error> {
     Ok(ExponentialBackoff::new(backoff_bounds)?)
 }
 
-pub async fn init_with_api(
-    auth_token: &str,
-    interface_name: &str,
-) -> Result<DeviceIdentity, Error> {
+pub async fn init_with_api(auth_token: &str) -> Result<DeviceIdentity, Error> {
     let mut identity_path = dirs::data_local_dir().ok_or(Error::NoDataLocalDir)?;
     identity_path.push("teliod");
     if !identity_path.exists() {
         let _ = create_dir_all(&identity_path);
     }
-    identity_path.push(&format!("{interface_name}.json"));
+    identity_path.push("data.json");
 
     let mut device_identity = match DeviceIdentity::from_file(&identity_path) {
         Some(identity) => identity,
         None => {
             let private_key = SecretKey::gen();
-            let hw_identifier = generate_hw_identifier(private_key.clone());
+            let hw_identifier = generate_hw_identifier();
 
             let machine_identifier =
                 match fetch_identifier_with_exp_backoff(auth_token, private_key.public()).await {
@@ -95,7 +92,7 @@ pub async fn init_with_api(
                         Error::DeviceNotFound => {
                             info!("Unable to load identifier due to {e}. Registering ...");
                             register_machine_with_exp_backoff(
-                                &hw_identifier,
+                                &hw_identifier.to_string(),
                                 private_key.public(),
                                 auth_token,
                             )
@@ -118,7 +115,7 @@ pub async fn init_with_api(
             if status == StatusCode::NOT_FOUND {
                 debug!("Unable to update. Registering machine ...");
                 device_identity.machine_identifier = register_machine_with_exp_backoff(
-                    &device_identity.hw_identifier,
+                    &device_identity.hw_identifier.to_string(),
                     device_identity.private_key.public(),
                     auth_token,
                 )
@@ -285,7 +282,7 @@ async fn update_machine(device_identity: &DeviceIdentity, auth_token: &str) -> R
         .header(header::ACCEPT, "application/json")
         .json(&MeshConfig {
             public_key: device_identity.private_key.public(),
-            hardware_identifier: device_identity.hw_identifier.clone(),
+            hardware_identifier: device_identity.hw_identifier.to_string(),
             os: OS_NAME.to_owned(),
             os_version: "teliod".to_owned(),
             device_type: "other".to_owned(),

diff --git a/clis/teliod/src/daemon.rs b/clis/teliod/src/daemon.rs
@@ -194,8 +194,6 @@ pub async fn daemon_event_loop(config: TeliodDaemonConfig) -> Result<(), TeliodE
 
     let socket = DaemonSocket::new(&DaemonSocket::get_ipc_socket_path()?)?;
 
-    let nc = NotificationCenter::new(&config).await?;
-
     // Tx is unused here, but this channel can be used to communicate with the
     // telio task
     let (tx, rx) = mpsc::channel(10);
@@ -207,8 +205,11 @@ pub async fn daemon_event_loop(config: TeliodDaemonConfig) -> Result<(), TeliodE
     // are dummy and program will not run as it expects real tokens.
     let mut identity = DeviceIdentity::default();
     if !config.authentication_token.eq(EMPTY_TOKEN) {
-        identity = init_with_api(&config.authentication_token, &config.interface.name).await?;
+        identity = init_with_api(&config.authentication_token).await?;
     }
+
+    let nc = NotificationCenter::new(&config, &identity.hw_identifier).await?;
+
     let tx_clone = tx.clone();
 
     let token_ptr = Arc::new(config.authentication_token);

diff --git a/clis/teliod/src/nc.rs b/clis/teliod/src/nc.rs
@@ -86,12 +86,15 @@ struct NCConfig {
 }
 
 impl NotificationCenter {
-    pub async fn new(config: &super::TeliodDaemonConfig) -> Result<Self, Error> {
+    pub async fn new(
+        config: &super::TeliodDaemonConfig,
+        app_user_uid: &Uuid,
+    ) -> Result<Self, Error> {
         let callbacks = Arc::new(Mutex::new(vec![]));
 
         let nc_config = NCConfig {
             authentication_token: config.authentication_token.clone(),
-            app_user_uid: config.app_user_uid,
+            app_user_uid: *app_user_uid,
             callbacks: callbacks.clone(),
 
             http_certificate_file_path: config.http_certificate_file_path.clone(),

diff --git a/nat-lab/data/teliod/config.json b/nat-lab/data/teliod/config.json
@@ -2,7 +2,6 @@
     "log_level": "trace",
     "log_file_path": "teliod_natlab.log",
     "authentication_token": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
-    "app_user_uid": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
     "interface": {
       "name": "teliod",
       "config_provider": "manual"