CARL -> Remove access control rules if they already exist

opendut-edgar/src/setup/tasks/create_service.rs

@@ -1,4 +1,4 @@
-use std::fs;
+use std::{env, fs};
 use std::path::PathBuf;
 use std::process::Command;
 
@@ -14,7 +14,7 @@ pub fn systemd_file_path() -> PathBuf {
     PathBuf::from(format!("/etc/systemd/system/{SYSTEMD_SERVICE_FILE_NAME}"))
 }
 
-fn systemd_file_content() -> String {
+fn systemd_file_content(service_user: &str) -> String {
     let executable = executable_install_path().unwrap();
     let executable = executable.display();
 
@@ -30,8 +30,8 @@ StartLimitBurst=0
 ExecStart={executable} service
 Restart=always
 RestartSec=30s
-User={USER_NAME}
-Group={USER_NAME}
+User={service_user}
+Group={service_user}
 
 [Install]
 WantedBy=multi-user.target
@@ -59,7 +59,9 @@ impl Task for CreateServiceFile {
         let out_path = systemd_file_path();
         fs::create_dir_all(out_path.parent().unwrap())?;
 
-        fs::write(&out_path, systemd_file_content())
+        let service_user_name = env::var("OPENDUT_EDGAR_SERVICE_USER").unwrap_or(USER_NAME.to_string());
+        log::info!("Using service user '{}'", service_user_name);
+        fs::write(&out_path, systemd_file_content(&service_user_name))
             .context(format!("Error while writing service file to '{}'", out_path.display()))?;
 
         let _ = Command::new("systemctl")

opendut-edgar/src/setup/tasks/linux_network_capability/request_capability_for_user.rs

@@ -1,4 +1,4 @@
-use std::fs;
+use std::{env, fs};
 use std::path::PathBuf;
 use std::process::Command;
 
@@ -21,6 +21,13 @@ impl Task for RequestCapabilityForUser {
     }
     fn check_fulfilled(&self) -> Result<TaskFulfilled> {
         let capability_file = capability_file();
+        let is_root = env::var("OPENDUT_EDGAR_SERVICE_USER")
+            .map(|user| "root" == user)
+            .unwrap_or(false);
+
+        if is_root {
+            return Ok(TaskFulfilled::Unchecked)
+        }
 
         if capability_file.exists() {
             let file_content = fs::read_to_string(&capability_file)

opendut-lea/src/peers/configurator/tabs/devices/mod.rs

@@ -1,6 +1,6 @@
-use leptos::{component, create_memo, create_rw_signal, create_slice, IntoView, RwSignal, SignalGetUntracked, SignalUpdate, SignalWith, SignalWithUntracked, view};
+use leptos::{component, create_memo, create_rw_signal, create_slice, IntoView, RwSignal, SignalUpdate, SignalWith, SignalWithUntracked, view};
 
-use opendut_types::topology::{Device, DeviceId};
+use opendut_types::topology::DeviceId;
 
 use crate::components::UserInputValue;
 use crate::peers::configurator::tabs::devices::device_panel::DevicePanel;

opendut-vpn/opendut-vpn-netbird/src/netbird/error.rs

@@ -1,20 +1,37 @@
 use reqwest::header::InvalidHeaderValue;
 use std::fmt::Debug;
+use http::StatusCode;
 use opendut_types::peer::PeerId;
 use crate::netbird::group::GroupName;
+use crate::netbird::rules::RuleName;
 
 
 #[derive(thiserror::Error, Debug)]
 pub enum GetGroupError {
     #[error("A group with name '{group_name}' does not exist!")]
     GroupNotFound { group_name: GroupName },
+    #[error("Multiple groups with name '{group_name}' exist!")]
+    MultipleGroupsFound { group_name: GroupName },
     #[error("Could not request group '{group_name}':\n  {cause}")]
     RequestFailure {
         group_name: GroupName,
         cause: RequestError
     }
 }
 
+#[derive(thiserror::Error, Debug)]
+pub enum GetRulesError {
+    #[error("A rule with name '{rule_name}' does not exist!")]
+    RuleNotFound { rule_name: RuleName },
+    #[error("Multiple rules with name '{rule_name}' exist!")]
+    MultipleRulesFound { rule_name: RuleName },
+    #[error("Could not request rule '{rule_name}:\n  {cause}")]
+    RequestFailure {
+        rule_name: RuleName,
+        cause: RequestError
+    }
+}
+
 #[derive(thiserror::Error, Debug)]
 pub enum CreateSetupKeyError {
     #[error("Auto-assign group for peer <{peer_id}> not found for setup-key creation:\n  {cause}!")]
@@ -32,6 +49,8 @@ pub enum RequestError {
     Request(reqwest::Error), //TODO can rename to Transport?
     #[error("Received status code indicating an error: {0}")]
     IllegalStatus(reqwest::Error),
+    #[error("Received status code '{0}' indicating an error: {1}")]
+    IllegalRequest(StatusCode, String),
     #[error("JSON deserialization error: {0}")]
     JsonDeserialization(reqwest::Error),
     #[error("JSON serialization error: {0}")]

opendut-vpn/opendut-vpn-netbird/src/netbird/group/mod.rs

@@ -1,4 +1,4 @@
-use serde::Deserialize;
+use serde::{Deserialize, Serialize};
 
 pub use group_name::GroupName;
 use crate::netbird;
@@ -7,7 +7,7 @@ mod group_name;
 
 #[derive(Debug, Deserialize)]
 pub struct Group {
-    pub id: netbird::GroupId,
+    pub id: GroupId,
     pub name: GroupName,
     pub peers_count: usize,
     #[serde(deserialize_with = "opendut_util::serde::deserialize_null_default")]
@@ -20,3 +20,19 @@ pub struct GroupPeerInfo {
     pub id: netbird::PeerId,
     pub name: String,
 }
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(transparent)]
+pub struct GroupId(pub String);
+
+impl From<&str> for GroupId {
+    fn from(value: &str) -> Self {
+        GroupId(value.to_owned())
+    }
+}
+
+impl From<String> for GroupId {
+    fn from(value: String) -> Self {
+        GroupId(value)
+    }
+}

opendut-vpn/opendut-vpn-netbird/src/netbird/mod.rs

@@ -1,30 +1,14 @@
 use serde::{Deserialize, Serialize};
 
-pub(crate) mod access_control;
 pub(crate) mod token;
 pub(crate) mod group;
 pub(crate) use group::{Group, GroupName};
 
 pub(crate) mod setup_key;
 pub(crate) use setup_key::SetupKey;
 pub mod error;
+pub(crate) mod rules;
 
 #[derive(Debug, PartialEq, Eq, Serialize, Deserialize)]
 #[serde(transparent)]
 pub struct PeerId(pub String);
-
-#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
-#[serde(transparent)]
-pub struct GroupId(pub String);
-
-impl From<&str> for GroupId {
-    fn from(value: &str) -> Self {
-        GroupId(value.to_owned())
-    }
-}
-
-impl From<String> for GroupId {
-    fn from(value: String) -> Self {
-        GroupId(value)
-    }
-}

opendut-vpn/opendut-vpn-netbird/src/netbird/rules/mod.rs

@@ -0,0 +1,125 @@
+use std::error::Error;
+use std::fmt::{Display, Formatter};
+use serde::{Deserialize, Serialize};
+use opendut_types::cluster::ClusterId;
+
+use crate::netbird::group::GroupId;
+
+#[derive(thiserror::Error, Debug)]
+#[error("Cannot create RuleName from '{value}':\n  {cause}")]
+pub struct InvalidRuleNameError {
+    value: String,
+    cause: Box<dyn Error>,
+}
+
+#[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
+#[serde(try_from = "String", into = "String")]
+pub enum RuleName {
+    Cluster(ClusterId),
+    Other(String),
+}
+
+impl RuleName {
+    const CLUSTER_RULE_PREFIX: &'static str = "opendut-cluster-rule-";
+
+    pub fn description(&self) -> String {
+        match self {
+            RuleName::Cluster(cluster_id) => format!("Rule for the openDuT cluster <{cluster_id}>."),
+            RuleName::Other(name) => name.to_owned(),
+        }
+    }
+}
+
+impl From<ClusterId> for RuleName {
+    fn from(cluster_id: ClusterId) -> Self {
+        RuleName::Cluster(cluster_id)
+    }
+}
+
+impl TryFrom<&str> for RuleName {
+    type Error = InvalidRuleNameError;
+
+    fn try_from(value: &str) -> Result<Self, Self::Error> {
+        if let Some(uuid) = value.strip_prefix(RuleName::CLUSTER_RULE_PREFIX) {
+            ClusterId::try_from(uuid)
+                .map(|id| Self::Cluster(id))
+                .map_err(|cause| InvalidRuleNameError { value: value.to_owned(), cause: cause.into() })
+        }
+        else {
+            Ok(Self::Other(value.to_owned()))
+        }
+    }
+}
+
+impl TryFrom<String> for RuleName {
+
+    type Error = InvalidRuleNameError;
+
+    fn try_from(value: String) -> Result<Self, Self::Error> {
+        RuleName::try_from(value.as_str())
+    }
+}
+
+impl From<&RuleName> for String {
+    fn from(value: &RuleName) -> Self {
+        match value {
+            RuleName::Cluster(id) => format!("{}{}", RuleName::CLUSTER_RULE_PREFIX, id),
+            RuleName::Other(name) => name.to_owned(),
+        }
+    }
+}
+
+impl From<RuleName> for String {
+    fn from(value: RuleName) -> Self {
+        String::from(&value)
+    }
+}
+
+impl Display for RuleName {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", String::from(self))
+    }
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(transparent)]
+pub struct RuleId(pub String);
+
+impl From<&str> for RuleId {
+    fn from(value: &str) -> Self {
+        RuleId(value.to_owned())
+    }
+}
+
+impl From<String> for RuleId {
+    fn from(value: String) -> Self {
+        RuleId(value)
+    }
+}
+
+
+#[derive(Debug, Deserialize)]
+pub struct Rule {
+    pub id: RuleId,
+    pub name: RuleName,
+    pub description: String,
+    pub disabled: bool,
+    pub flow: RuleFlow,
+
+    pub sources: Vec<GroupInfo>,
+    pub destinations: Vec<GroupInfo>,
+}
+
+
+#[derive(Debug, Deserialize)]
+pub struct GroupInfo {
+    pub id: GroupId,
+    pub name: String,
+    pub peers_count: usize,
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all="kebab-case")]
+pub(crate) enum RuleFlow {
+    Bidirect,
+}

opendut-vpn/opendut-vpn-netbird/src/routes.rs

@@ -1,5 +1,6 @@
 use reqwest::Url;
 use crate::netbird;
+use crate::netbird::group;
 
 pub fn setup_keys(base_url: Url) -> Url {
     join(base_url, "setup-keys")
@@ -9,7 +10,7 @@ pub fn groups(base_url: Url) -> Url {
     join(base_url, "groups")
 }
 
-pub fn group(base_url: Url, group_id: &netbird::GroupId) -> Url {
+pub fn group(base_url: Url, group_id: &group::GroupId) -> Url {
     join(groups(base_url), &group_id.0)
 }
 
@@ -25,6 +26,10 @@ pub fn rules(base_url: Url) -> Url {
     join(base_url, "rules")
 }
 
+pub fn rule(base_url: Url, rule_id: &netbird::rules::RuleId) -> Url {
+    join(rules(base_url), &rule_id.0)
+}
+
 fn join(mut base_url: Url, path: &str) -> Url {
     base_url.path_segments_mut()
         .map(|mut path_segments| {