From 2a15e83fc3e6ebe4fbd0d249bafed5a071b1e69e Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Wed, 6 Jun 2018 13:24:59 -0400 Subject: [PATCH 01/22] adds http reverse proxy notification move (%wise) and effect (%that) --- sys/vane/eyre.hoon | 4 ++++ sys/zuse.hoon | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/sys/vane/eyre.hoon b/sys/vane/eyre.hoon index a9639a8e5..24e8527e3 100644 --- a/sys/vane/eyre.hoon +++ b/sys/vane/eyre.hoon @@ -794,9 +794,13 @@ :+ %call [%core (norm-beak bek) /wrap/[ext]/ren] [[%$ deps+!>(dep)] [%vale res]] == + :: + $not +>.$(mow :_(mow [ged [%give %that q.p.kyz p.u.mez q.u.mez]])) == :: $wegh !! :: handled elsewhere + :: + $wise (ames-gram p.kyz [%not ~] q.kyz r.kyz) :: proxy notification == :: ::++ axom :: old response diff --git a/sys/zuse.hoon b/sys/zuse.hoon index e5f5fbe04..469a7ad1f 100644 --- a/sys/zuse.hoon +++ b/sys/zuse.hoon @@ -664,6 +664,7 @@ $% [%mass p=mass] :: memory usage [%mack p=(unit tang)] :: message ack [%sigh p=cage] :: marked http response + [%that p=@p q=@ud r=?] :: get proxied request [%thou p=httr] :: raw http response [%thus p=@ud q=(unit hiss)] :: http request+cancel [%veer p=@ta q=path r=@t] :: drop-through @@ -684,6 +685,7 @@ [%wegh ~] :: report memory [%went p=sack q=path r=@ud s=coop] :: response confirm [%west p=sack q=[path *]] :: network request + [%wise p=@p q=@ud r=?] :: proxy notification == :: -- ::able :: @@ -720,6 +722,8 @@ :: [[%get-inner ~] p=@uvH q=beam r=mark] ::TODO details? [[%got-inner ~] p=@uvH q=(each (cask) tang)] ::TODO details? + :: + [[%not ~] p=@ud q=?] :: proxy notification == :: ++ hart {p/? q/(unit @ud) r/host} :: http sec+port+host ++ hate {p/purl q/@p r/moth} :: semi-cooked request From 461e0e9d143c6e0a391c4c4d4dde2b80b0ad15d9 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Wed, 13 Jun 2018 15:08:10 -0400 Subject: [PATCH 02/22] adds http configuration effect (%form) and port notification move (%live) --- sys/vane/eyre.hoon | 9 ++++++++- sys/zuse.hoon | 22 +++++++++++++++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/sys/vane/eyre.hoon b/sys/vane/eyre.hoon index 24e8527e3..0f201ea17 100644 --- a/sys/vane/eyre.hoon +++ b/sys/vane/eyre.hoon @@ -636,7 +636,14 @@ =. our ?~(hov our u.hov) :: XX =. p.top our :: XX necessary? ?- -.kyz - $born +>.$(ged hen) :: register external + $born + %= +>.$ + ged hen :: register external + mow :_(mow [hen [%give %form [~ ?=(%king our) & &]]]) + == + :: + $live +>.$ :: XX save ports + :: $serv =< ~&([%serving (en-beam top)] .) ?^(p.kyz +>.$(top p.kyz) +>.$(q.top p.kyz)) diff --git a/sys/zuse.hoon b/sys/zuse.hoon index 469a7ad1f..16611999c 100644 --- a/sys/zuse.hoon +++ b/sys/zuse.hoon @@ -661,7 +661,8 @@ ++ able ^? |% += gift :: out result <-$ - $% [%mass p=mass] :: memory usage + $% [%form p=http-config] :: configuration + [%mass p=mass] :: memory usage [%mack p=(unit tang)] :: message ack [%sigh p=cage] :: marked http response [%that p=@p q=@ud r=?] :: get proxied request @@ -676,6 +677,7 @@ [%crud p=@tas q=(list tank)] :: XX rethink [%hiss p=(unit user) q=mark r=cage] :: outbound user req [%init p=@p] :: report install + [%live p=@ud q=(unit @ud)] :: http/s ports [%serv p=$@(desk beam)] :: set serving root [%them p=(unit hiss)] :: outbound request [%they p=@ud q=httr] :: inbound response @@ -734,6 +736,24 @@ ++ host (each (list @t) @if) :: http host ++ hoke %+ each {$localhost $~} :: local host ?($.0.0.0.0 $.127.0.0.1) :: + :: +http-config: full http-server configuration + :: + += http-config + $: :: secure: PEM-encoded RSA private key and certificate chain + :: + secure=(unit [key=wain certificate=wain]) + :: proxy: reverse TCP proxy HTTP(s) + :: + proxy=? + :: log: keep HTTP(s) access logs + :: + log=? + :: redirect: send 301 redirects to upgrade HTTP to HTTPS + :: + :: Note: requires certificate. + :: + redirect=? + == ++ httq :: raw http request $: p/meth :: method q/@t :: unparsed url From adc9da0b0cdf1a056df28b4ffd7c2e8ce3cde659 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Wed, 25 Apr 2018 13:24:45 -0400 Subject: [PATCH 03/22] adds lane-change subscriptions (%tend/%rove) to ames --- sys/vane/ames.hoon | 48 ++++++++++++++++++++++++++++++++++++++++++---- sys/vane/gall.hoon | 1 + sys/zuse.hoon | 6 +++++- 3 files changed, 50 insertions(+), 5 deletions(-) diff --git a/sys/vane/ames.hoon b/sys/vane/ames.hoon index c7ed55ed2..1eb424e20 100644 --- a/sys/vane/ames.hoon +++ b/sys/vane/ames.hoon @@ -445,6 +445,7 @@ +>.$(hoc.saf (~(put by hoc.saf) her [[~31337.1.1 ~ wil] ~ *clot])) :: ++ lax :: lax:as:go + =| rov=(unit lane) :: maybe lane change |_ [her=ship dur=dore] :: per client ++ cluy :: cluy:lax:as:go ^- [p=life q=gens r=acru] :: client crypto @@ -518,6 +519,25 @@ [~ ryn] lun.wod.dur [~ ryn] + :: + rov + |- ^- (unit lane) + :: XX check will + ?: ?| !=(our (sein:title her)) + ?=(?(%earl %pawn) (clan:title her)) + == + ~ + ?- ryn + [%if *] ?. ?=([~ %if *] lun.wod.dur) + `ryn + ?:(=(r.u.lun.wod.dur r.ryn) ~ `ryn) + :: + [%ix *] ?. ?=([~ %ix *] lun.wod.dur) + `ryn + ?:(=(r.u.lun.wod.dur r.ryn) ~ `ryn) + :: + [%is *] ?~(q.ryn ~ $(ryn u.q.ryn)) + == == :: ++ wist :: wist:lax:as:go @@ -1471,8 +1491,10 @@ == :: ++ zank :: zank:ho:um:am + =? bin ?=(^ rov.diz) + [[%maze her u.rov.diz] bin] %= +>.$ :: resolve - gus (nux:gus diz) + gus (nux:gus diz(rov ~)) wab.weg (~(put by wab.weg) her bah(sop abet:puz)) == -- :: --ho:um:am @@ -1553,9 +1575,14 @@ (hunt lth doz rtn.sop.bah) :: ++ load - |= old=fort - ~& %ames-reload - ..^$(fox old) + =/ old-fort + (cork fort |=(fort [%0 gad=gad hop=hop bad=bad ton=ton zac=zac])) + |= old=?(fort old-fort) + ?- old + [%0 *] $(old [%1 gad hop bad ton zac ~]:old) + [%1 *] ~& %ames-reload + ..^$(fox old) + == :: ++ scry |= [fur=(unit (set monk)) ren=@tas why=shop syd=desk lot=coin tyl=path] @@ -1604,6 +1631,11 @@ :_ fox :~ [s.bon %give %woot q.p.bon r.bon] == + :: + %maze + :_ fox + %+ turn ~(tap in ten.fox) + |=(hen=duct [hen %give %rove p.bon q.bon]) :: %mead :_(fox [[hen [%give %hear p.bon q.bon]] ~]) %milk @@ -1713,6 +1745,14 @@ :: %sith (~(czar am [now fox]) p.kyz q.kyz r.kyz) + :: + %tend + :: XX exclude comets and moons? and planets? + :: ?> &(?=(^ hen) ?=([@ @ *] i.hen)) + :: =/ who=@p (slav %p i.t.i.hen) + :: ?: ?=((%earl %pawn) (clan:title who)) + :: [~ fox] + [~ fox(ten (~(put in ten.fox) hen))] :: %nuke :- ~ diff --git a/sys/vane/gall.hoon b/sys/vane/gall.hoon index 99d587897..7df29af95 100644 --- a/sys/vane/gall.hoon +++ b/sys/vane/gall.hoon @@ -1223,6 +1223,7 @@ $ogre `%c $perm `%c $serv `%e + $tend `%a $them `%e $wait `%b $want `%a diff --git a/sys/zuse.hoon b/sys/zuse.hoon index 16611999c..58e61ab73 100644 --- a/sys/zuse.hoon +++ b/sys/zuse.hoon @@ -135,6 +135,7 @@ {$init p/@p} :: report install {$mack p/(unit tang)} :: {$mass p/mass} :: memory usage + {$rove p/ship q/lane} :: lane change {$send p/lane q/@} :: transmit packet {$woot p/ship q/coop} :: reaction message == :: @@ -161,6 +162,7 @@ {$nuke p/@p} :: toggle auto-block {$make p/(unit @t) q/@ud r/@ s/?} :: wild license {$sith p/@p q/@uw r/?} :: imperial generator + {$tend $~} :: watch lane changes {$wake $~} :: timer activate {$wegh $~} :: report memory {$west p/sack q/path r/*} :: network request @@ -203,6 +205,7 @@ ++ boon :: fort output $% {$beer p/ship q/@uvG} :: gained ownership {$cake p/sock q/soap r/coop s/duct} :: e2e message result + {$maze p/ship q/lane} :: lane change {$mead p/lane q/rock} :: accept packet {$milk p/sock q/soap r/*} :: e2e pass message {$ouzo p/lane q/rock} :: transmit packet @@ -240,12 +243,13 @@ wid/@ud :: logical wdow msgs == :: ++ fort :: formal state - $: $0 :: version + $: $1 :: version gad/duct :: client interface hop/@da :: network boot date bad/(set @p) :: bad ships ton/town :: security zac/(map ship corn) :: flows by server + ten/(set duct) :: watch lanes == :: ++ gcos :: id description $% {$czar $~} :: 8-bit ship From 468595de7074249b7cb2010dfe783a431df1cd58 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Mon, 7 May 2018 12:52:59 -0400 Subject: [PATCH 04/22] adds Google Cloud DNS privileges to googleapis sec driver --- sec/com/googleapis.hoon | 1 + 1 file changed, 1 insertion(+) diff --git a/sec/com/googleapis.hoon b/sec/com/googleapis.hoon index c1b1bcee9..4d0210e22 100644 --- a/sec/com/googleapis.hoon +++ b/sec/com/googleapis.hoon @@ -29,6 +29,7 @@ :~ 'https://mail.google.com' 'https://www.googleapis.com/auth/plus.me' 'https://www.googleapis.com/auth/userinfo.email' + 'https://www.googleapis.com/auth/ndev.clouddns.readwrite' == :: ++ exchange-url 'https://www.googleapis.com/oauth2/v4/token' From ba614f3f728c1c0e62b54aefcbacbe68cfd7cbef Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Mon, 7 May 2018 12:53:31 -0400 Subject: [PATCH 05/22] adds initial dns app --- app/dns.hoon | 244 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 244 insertions(+) create mode 100644 app/dns.hoon diff --git a/app/dns.hoon b/app/dns.hoon new file mode 100644 index 000000000..de0fda45d --- /dev/null +++ b/app/dns.hoon @@ -0,0 +1,244 @@ +:: +:: moves and state +:: +|% ++= move (pair bone card) ++= poke $% [%dns-bind ship target] + [%dns-bound ship ship turf] + == ++= card $% [%tend wire ~] + [%poke wire dock poke] + == +:: +turf: a domain, TLD first +:: ++= turf (list @t) +:: +authority: responsibility for a DNS zone +:: ++= authority + $: :: dom: authority over a domain + :: + dom=turf + :: zon: DNS zone name + :: + zon=@t + :: pro: DNS provider (gcloud only for now) + :: + pro=%gcloud + == +:: +target: a ship is bound to a ... +:: ++= target + $% :: %direct: an A record + [%direct %if p=@if] + :: %indirect: a CNAME + [%indirect p=ship] + == +:: +bound: an established binding, plus history +:: ++= bound + $: :: wen: established + :: + wen=@da + :: cur: current target + :: + cur=target + :: hit: historical targets + :: + hit=(list (pair @da target)) + == +:: +nameserver: a b s o l u t e p o w e r +:: ++= nameserver + $: aut=authority + pen=(map ship target) + bon=(map ship bound) + == +:: +relay: a good parent keeps track +:: ++= relay + $: wen=@da + wer=(unit @if) + bon=? + == +:: +state: complete app state +:: ++= state + $: :: dom: the set of our bindings + :: + dom=(set turf) + :: per: per-dependent ips &c + :: + per=(map ship relay) + :: nem: authoritative state + :: + nem=(unit nameserver) + == +-- +:: +|_ [bow=bowl:gall state] +++ this . +:: +++ poke-noun + |= a=* + ::^- (quip move _this) + ~& +<+:this + [~ this] +:: +++ poke-dns-authority :: configure + |= aut=authority + ^- (quip move _this) + ~| %authority-reset-wat-do + ?< ?=(^ nem) + abet:(init:bind aut) +:: +++ poke-dns-bind :: bind or forward + |= [him=ship tar=target] + ^- (quip move _this) + ~& [%bind src=src.bow him=him tar=tar] + ?: ?=(^ nem) + :: XX bind & forward? + abet:(~(create bind u.nem) him tar) + abet:(~(forward tell him ~) tar) +:: +:: ++ coup-dns-bind :: retry? +:: |= [wir=wire saw=(unit tang)] +:: ~& [%coup-bind +<] +:: ?~ saw +:: [~ this] +:: ?> ?=(^ wir) +:: ?- i.wir +:: %forward !! :: re-forward? +:: %bind !! :: rebind? +:: * ~&(coup-dns-bind+wir [~ this]) +:: == +:: +++ poke-dns-bound :: confirm or forward + |= [him=ship for=ship dom=turf] + ^- (quip move _this) + ~& [%bound +<] + ?. =(our.bow for) + abet:(backward:tell him for dom) + =< abet + (~(bake tell [him (~(get by per) him)]) dom) +:: +++ rove :: hear lane change + |= [wir=wire p=ship q=lane:ames] + ^- (quip move _this) + ?. =(our.bow (sein:title p)) :: XX check will + ~& [%rove-false p] + [~ this] + ~& [%rove wir p q] + :: XX assert that we intend to be listening? + =< abet + (~(rove tell [p (~(get by per) p)]) q) +:: +++ prep + |= old=(unit state) + ^- (quip move _this) + ?^ old + [~ this(+<+ u.old)] + ?: ?=(?(%czar %king) (clan:title our.bow)) + abet:tend:tell + [~ this] +:: +:: acting as zone authority +:: +++ bind :: nameserver + =| moz=(list move) + |_ nam=nameserver + ++ this . + :: + ++ abet + ^- (quip move _^this) + [(flop moz) ^this(nem `nam)] + :: + ++ init + |= aut=authority + :: XX confirm credentials + :: XX confirm zone + this(nam [aut ~ ~]) + :: + ++ create + |= [him=ship tar=target] + this :: XX + :: + ++ confirm + |= him=ship + this :: XX + -- +:: +:: acting as planet parent or relay +:: +++ tell :: relay + =| moz=(list move) + |_ [him=ship rel=(unit relay)] + ++ this . + :: + ++ abet + ^- (quip move _^this) + :- (flop moz) + ?~ rel + ^this + ^this(per (~(put by per) him u.rel)) + :: + ++ emit + |= a=card + ^+ this + this(moz [[ost.bow a] moz]) + :: + ++ tend :: listen + ^+ this + (emit [%tend /tend ~]) + :: + ++ rove :: hear + |= lan=lane:ames + ^+ this + =/ ip=(unit @if) + ?.(?=([%if *] lan) ~ `r.lan) + =. rel `[now.bow ip |] + %- emit + :* %poke + /bind/(scot %p him)/for/(scot %p our.bow) + [(sein:title our.bow) %dns] + %dns-bind + [him ?~(ip [%indirect our.bow] [%direct %if u.ip])] + == + :: + ++ bake :: bound + |= dom=turf + ^+ this + ?> ?=(^ rel) + =. bon.u.rel & + :: XX save domain? + :: XX notify ship? + this + :: + ++ forward :: on to parent + |= tar=target + ^+ this + ?: ?=(%~zod our.bow) :: ~zod don't forward + ~& [%zod-no-forward him tar] + this + =/ to=ship + ?- (clan:title our.bow) + %czar ~zod + * (sein:title our.bow) + == + %- emit + :* %poke + /foward/bind/(scot %p him)/for/(scot %p src.bow) + [to %dns] + [%dns-bind him tar] + == + :: + ++ backward :: relay binding ack + |= [him=ship for=ship dom=turf] + ^+ this + %- emit + :* %poke + /foward/bound/(scot %p him)/for/(scot %p for) + [for %dns] + [%dns-bound him for dom] + == + -- +-- From f801776bacb6a90bb8d67d620670a9adac0275dc Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Fri, 15 Jun 2018 22:44:37 -0400 Subject: [PATCH 06/22] refactors binding and acknowledgment pokes --- app/dns.hoon | 98 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 60 insertions(+), 38 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index de0fda45d..0d545119e 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -3,8 +3,8 @@ :: |% += move (pair bone card) -+= poke $% [%dns-bind ship target] - [%dns-bound ship ship turf] ++= poke $% [%dns-bind for=ship him=ship target] + [%dns-bond for=ship him=ship turf] == += card $% [%tend wire ~] [%poke wire dock poke] @@ -59,6 +59,7 @@ $: wen=@da wer=(unit @if) bon=? + tar=target == :: +state: complete app state :: @@ -92,13 +93,18 @@ abet:(init:bind aut) :: ++ poke-dns-bind :: bind or forward - |= [him=ship tar=target] + |= [for=ship him=ship tar=target] ^- (quip move _this) ~& [%bind src=src.bow him=him tar=tar] - ?: ?=(^ nem) - :: XX bind & forward? + =^ zom=(list move) ..this + ^- (quip move _this) + abet:(~(forward tell him ~) tar) + ?~ nem + [zom this] + :: XX =^ nest-fail + =/ zam=(quip move _this) abet:(~(create bind u.nem) him tar) - abet:(~(forward tell him ~) tar) + [(weld zom -.zam) +.zam] :: :: ++ coup-dns-bind :: retry? :: |= [wir=wire saw=(unit tang)] @@ -112,14 +118,22 @@ :: * ~&(coup-dns-bind+wir [~ this]) :: == :: -++ poke-dns-bound :: confirm or forward - |= [him=ship for=ship dom=turf] +++ poke-dns-bond :: confirm or forward + |= [for=ship him=ship dom=turf] ^- (quip move _this) + ?< =(for him) ~& [%bound +<] - ?. =(our.bow for) - abet:(backward:tell him for dom) - =< abet - (~(bake tell [him (~(get by per) him)]) dom) + ?: =(our.bow him) + :: XX notify eyre/hood/acme etc + ~& [%bound-us dom] + :- ~ + this(dom (~(put in ^dom) dom)) + ?: =(our.bow for) + ~& [%bound-him him dom] + =< abet + (~(bake tell [him (~(get by per) him)]) dom) + ~& [%strange-bond +<] + [~ this] :: ++ rove :: hear lane change |= [wir=wire p=ship q=lane:ames] @@ -152,6 +166,11 @@ ^- (quip move _^this) [(flop moz) ^this(nem `nam)] :: + ++ emit + |= a=card + ^+ this + this(moz [[ost.bow a] moz]) + :: ++ init |= aut=authority :: XX confirm credentials @@ -160,7 +179,13 @@ :: ++ create |= [him=ship tar=target] - this :: XX + =| for=@p :: XX + %- emit + :* %poke + /foward/bound/(scot %p him)/for/(scot %p for) + [for %dns] + [%dns-bond him for *turf] + == :: ++ confirm |= him=ship @@ -193,16 +218,25 @@ ++ rove :: hear |= lan=lane:ames ^+ this - =/ ip=(unit @if) + =/ adr=(unit @if) ?.(?=([%if *] lan) ~ `r.lan) - =. rel `[now.bow ip |] - %- emit - :* %poke - /bind/(scot %p him)/for/(scot %p our.bow) - [(sein:title our.bow) %dns] - %dns-bind - [him ?~(ip [%indirect our.bow] [%direct %if u.ip])] - == + =/ tar=target + ?: ?| ?=(~ adr) + ?=(%duke (clan:title him)) + == + [%indirect our.bow] + [%direct %if u.adr] + =/ ler=relay + [now.bow adr | tar] + ?. ?| ?=(~ rel) + !=(tar tar.u.rel) + == + this + :: we may be an authority, so we poke ourselves + =/ wir=wire + /bind/(scot %p him)/for/(scot %p our.bow) + %- emit(rel `ler) + [%poke wir [our.bow %dns] %dns-bind our.bow him tar] :: ++ bake :: bound |= dom=turf @@ -224,21 +258,9 @@ %czar ~zod * (sein:title our.bow) == - %- emit - :* %poke - /foward/bind/(scot %p him)/for/(scot %p src.bow) - [to %dns] - [%dns-bind him tar] - == - :: - ++ backward :: relay binding ack - |= [him=ship for=ship dom=turf] - ^+ this - %- emit - :* %poke - /foward/bound/(scot %p him)/for/(scot %p for) - [for %dns] - [%dns-bound him for dom] - == + =/ wir=wire + /forward/bind/(scot %p him)/for/(scot %p src.bow) + %- emit :: XX for + [%poke wir [to %dns] %dns-bind src.bow him tar] -- -- From f4679f257130cff0582ee29c57e0aeed3cfd7ea6 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Fri, 15 Jun 2018 22:45:21 -0400 Subject: [PATCH 07/22] refactors +authority, implements initial authority confirmation --- app/dns.hoon | 56 +++++++++++++++++++++++++++++++++++------ sec/com/googleapis.hoon | 1 + 2 files changed, 49 insertions(+), 8 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index 0d545119e..bff0da5bd 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -8,22 +8,24 @@ == += card $% [%tend wire ~] [%poke wire dock poke] + [%hiss wire [~ ~] %httr %hiss hiss:eyre] == :: +turf: a domain, TLD first :: += turf (list @t) :: +authority: responsibility for a DNS zone :: +:: +provider: DNS service provider ++= provider + $% [%gcloud project=@ta zone=@ta] + == += authority $: :: dom: authority over a domain :: dom=turf - :: zon: DNS zone name - :: - zon=@t :: pro: DNS provider (gcloud only for now) :: - pro=%gcloud + pro=provider == :: +target: a ship is bound to a ... :: @@ -73,7 +75,10 @@ :: nem: authoritative state :: nem=(unit nameserver) - == + == +:: +++ gcloud + (need (de-purl:html 'https://www.googleapis.com/dns/v1/projects')) -- :: |_ [bow=bowl:gall state] @@ -82,9 +87,38 @@ ++ poke-noun |= a=* ::^- (quip move _this) + ?: ?=(%aut a) + :_ this :_ ~ + :* ost.bow + %poke + /foo + [our.bow dap.bow] + %dns-authority + [/org/urbit/dyndns %gcloud %tonal-griffin-853 %dyndns] + == ~& +<+:this [~ this] :: +++ sigh-httr + |= [wir=wire rep=httr:eyre] + ?- wir + [%authority %confirm ~] + ?~ nem + ~& [%strange-authority wire=wir response=rep] + [~ this] + ?. =(200 p.rep) + ~& [%authority-confirm-fail rep] + [~ this(nem ~)] + :: XX anything to do here? parse body? + :: abet:(~(confirm bind u.nem) httr + ~& %authority-confirmed + [~ this] + :: + * + ~& +< + [~ this] + == +:: ++ poke-dns-authority :: configure |= aut=authority ^- (quip move _this) @@ -146,6 +180,7 @@ =< abet (~(rove tell [p (~(get by per) p)]) q) :: +:: ++ prep _[~ this] ++ prep |= old=(unit state) ^- (quip move _this) @@ -173,9 +208,14 @@ :: ++ init |= aut=authority - :: XX confirm credentials - :: XX confirm zone - this(nam [aut ~ ~]) + :: ?> ?=(%gcloud pro.aut) + =/ wir=wire /authority/confirm + =/ url=purl:eyre gcloud + =. q.q.url + (weld q.q.url /[project.pro.aut]/['managedZones']/[zone.pro.aut]) + ~& url + %- emit(nam [aut ~ ~]) + [%hiss wir [~ ~] %httr %hiss url %get ~ ~] :: ++ create |= [him=ship tar=target] diff --git a/sec/com/googleapis.hoon b/sec/com/googleapis.hoon index 4d0210e22..b244fdf61 100644 --- a/sec/com/googleapis.hoon +++ b/sec/com/googleapis.hoon @@ -30,6 +30,7 @@ 'https://www.googleapis.com/auth/plus.me' 'https://www.googleapis.com/auth/userinfo.email' 'https://www.googleapis.com/auth/ndev.clouddns.readwrite' + 'https://www.googleapis.com/auth/cloud-platform.read-only' == :: ++ exchange-url 'https://www.googleapis.com/oauth2/v4/token' From a7ac502c60c69175c39f75968dac2d4b5d203c2d Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Mon, 18 Jun 2018 14:42:57 -0400 Subject: [PATCH 08/22] cleanup, logging, etc. --- app/dns.hoon | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index bff0da5bd..19f4ea269 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -5,6 +5,7 @@ += move (pair bone card) += poke $% [%dns-bind for=ship him=ship target] [%dns-bond for=ship him=ship turf] + [%dns-authority authority] == += card $% [%tend wire ~] [%poke wire dock poke] @@ -101,6 +102,7 @@ :: ++ sigh-httr |= [wir=wire rep=httr:eyre] + ^- (quip move _this) ?- wir [%authority %confirm ~] ?~ nem @@ -129,16 +131,15 @@ ++ poke-dns-bind :: bind or forward |= [for=ship him=ship tar=target] ^- (quip move _this) - ~& [%bind src=src.bow him=him tar=tar] + ~& [%bind src=src.bow for=for him=him tar=tar] + ~| %bind-yoself + ?< =(for him) =^ zom=(list move) ..this - ^- (quip move _this) + ?~ nem [~ this] + abet:(~(create bind u.nem) for him tar) + =^ zam=(list move) ..this abet:(~(forward tell him ~) tar) - ?~ nem - [zom this] - :: XX =^ nest-fail - =/ zam=(quip move _this) - abet:(~(create bind u.nem) him tar) - [(weld zom -.zam) +.zam] + [(weld zom zam) this] :: :: ++ coup-dns-bind :: retry? :: |= [wir=wire saw=(unit tang)] @@ -155,8 +156,9 @@ ++ poke-dns-bond :: confirm or forward |= [for=ship him=ship dom=turf] ^- (quip move _this) + ~& [%bond +<] + ~| %bond-yoself ?< =(for him) - ~& [%bound +<] ?: =(our.bow him) :: XX notify eyre/hood/acme etc ~& [%bound-us dom] @@ -276,10 +278,11 @@ =/ wir=wire /bind/(scot %p him)/for/(scot %p our.bow) %- emit(rel `ler) - [%poke wir [our.bow %dns] %dns-bind our.bow him tar] + [%poke wir [our.bow dap.bow] %dns-bind our.bow him tar] :: ++ bake :: bound |= dom=turf + ~& [%bake dom] ^+ this ?> ?=(^ rel) =. bon.u.rel & @@ -289,6 +292,7 @@ :: ++ forward :: on to parent |= tar=target + ~& [%forward tar] ^+ this ?: ?=(%~zod our.bow) :: ~zod don't forward ~& [%zod-no-forward him tar] @@ -301,6 +305,6 @@ =/ wir=wire /forward/bind/(scot %p him)/for/(scot %p src.bow) %- emit :: XX for - [%poke wir [to %dns] %dns-bind src.bow him tar] + [%poke wir [to dap.bow] %dns-bind src.bow him tar] -- -- From e4339a770b3a728dd6153fc21890af4a85b3db79 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Mon, 18 Jun 2018 14:43:26 -0400 Subject: [PATCH 09/22] initial gcloud record creation and confirmation --- app/dns.hoon | 132 ++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 110 insertions(+), 22 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index 19f4ea269..d06a0c392 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -1,3 +1,4 @@ +!: :: :: moves and state :: @@ -77,9 +78,53 @@ :: nem=(unit nameserver) == +:: +join: dedup with :acme +:: +++ join + |= [sep=@t hot=(list @t)] + ^- @t + ?> ?=(^ hot) + %+ rap 3 + |- ^- (list @t) + ?~ t.hot hot + [i.hot sep $(hot t.hot)] :: ++ gcloud - (need (de-purl:html 'https://www.googleapis.com/dns/v1/projects')) + |% + ++ base + (need (de-purl:html 'https://www.googleapis.com/dns/v1/projects')) + ++ name + |= [dom=turf him=ship] + (cat 3 (join '.' [(crip +:(scow %p him)) (flop dom)]) '.') + ++ record + |= [dom=turf him=ship tar=target] + ^- json + =+ ^- [typ=cord dat=cord] + ?: ?=(%direct -.tar) + ['A' (crip +:(scow %if p.tar))] + ['CNAME' (name dom p.tar)] + :- %o %- my :~ + name+s+(name dom him) + type+s+typ + ttl+n+~.300 + rrdatas+a+[s+dat ~] + == + ++ request + =, eyre + |= [dom=turf him=ship tar=target pro=provider] + ^- hiss + ?> ?=([%gcloud *] pro) + =/ url=purl + =+ base + -(q.q (weld q.q.- /[project.pro]/['managedZones']/[zone.pro]/changes)) + =/ hed=math + (my content-type+['application/json' ~] ~) + =/ bod=octs + %- as-octt:mimes:html + %- en-json:html + o+(my additions+a+[(record dom him tar) ~] ~) + [url %post hed `bod] + -- -- :: |_ [bow=bowl:gall state] @@ -87,8 +132,11 @@ :: ++ poke-noun |= a=* - ::^- (quip move _this) - ?: ?=(%aut a) + ^- (quip move _this) + ?+ a ~& +<+:this + [~ this] + :: + %aut :_ this :_ ~ :* ost.bow %poke @@ -97,8 +145,18 @@ %dns-authority [/org/urbit/dyndns %gcloud %tonal-griffin-853 %dyndns] == - ~& +<+:this - [~ this] + :: + %bin + :_ this :_ ~ + :* ost.bow + %poke + /bar + [our.bow dap.bow] + %dns-bind + :: [for=~binzod him=~ridbyl-dovwyd tar=[%indirect p=~binzod]] + [for=~binzod him=~ridbyl-dovwyd tar=[%direct %if .8.8.8.8]] + == + == :: ++ sigh-httr |= [wir=wire rep=httr:eyre] @@ -112,9 +170,19 @@ ~& [%authority-confirm-fail rep] [~ this(nem ~)] :: XX anything to do here? parse body? - :: abet:(~(confirm bind u.nem) httr ~& %authority-confirmed [~ this] + :: + [%authority %create @ %for @ ~] + ?~ nem + ~& [%strange-authority wire=wir response=rep] + [~ this] + ?. =(200 p.rep) + ~& [%authority-create-fail wire=wir response=rep] + [~ this] + =/ him=ship (slav %p i.t.t.wir) + =/ for=ship (slav %p i.t.t.t.t.wir) + abet:(~(confirm bind u.nem) for him) :: * ~& +< @@ -204,34 +272,53 @@ [(flop moz) ^this(nem `nam)] :: ++ emit - |= a=card + |= car=card + ~& [%emit-bind car] ^+ this - this(moz [[ost.bow a] moz]) + this(moz [[ost.bow car] moz]) + :: + ++ emil + |= rac=(list card) + q:(spin rac this |=([a=card b=_this] [~ (emit:b a)])) :: ++ init |= aut=authority :: ?> ?=(%gcloud pro.aut) =/ wir=wire /authority/confirm - =/ url=purl:eyre gcloud + =/ url=purl:eyre base:gcloud =. q.q.url - (weld q.q.url /[project.pro.aut]/['managedZones']/[zone.pro.aut]) + %+ weld q.q.url + /[project.pro.aut]/['managedZones']/[zone.pro.aut] ~& url %- emit(nam [aut ~ ~]) [%hiss wir [~ ~] %httr %hiss url %get ~ ~] :: ++ create - |= [him=ship tar=target] - =| for=@p :: XX - %- emit - :* %poke - /foward/bound/(scot %p him)/for/(scot %p for) - [for %dns] - [%dns-bond him for *turf] - == + |= [for=ship him=ship tar=target] + =/ wir=wire + /authority/create/(scot %p him)/for/(scot %p for) + =/ req=hiss:eyre + (request:gcloud dom.aut.nam him tar pro.aut.nam) + %- emit(pen.nam (~(put by pen.nam) him tar)) :: XX save for + [%hiss wir [~ ~] %httr %hiss req] :: ++ confirm - |= him=ship - this :: XX + |= [for=ship him=ship] + =/ tar=target (~(got by pen.nam) him) + =/ bon=(unit bound) + (~(get by bon.nam) him) + =/ nob=bound + [now.bow tar ?~(bon ~ [[wen.u.bon cur.u.bon] hit.u.bon])] + =. pen.nam (~(del by pen.nam) him) + =. bon.nam (~(put by bon.nam) him nob) + =/ wir=wire + /forward/bound/(scot %p him)/for/(scot %p for) + =/ pok=poke + [%dns-bond him for *turf] + %- emil :~ + [%poke wir [him dap.bow] pok] + [%poke wir [for dap.bow] pok] + == -- :: :: acting as planet parent or relay @@ -249,9 +336,10 @@ ^this(per (~(put by per) him u.rel)) :: ++ emit - |= a=card + |= car=card + ~& [%emit-tell car] ^+ this - this(moz [[ost.bow a] moz]) + this(moz [[ost.bow car] moz]) :: ++ tend :: listen ^+ this From d53becf1917635e6f51dae05aef61c1fffbed735 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Mon, 18 Jun 2018 15:59:36 -0400 Subject: [PATCH 10/22] adds latest-style arm comments --- app/dns.hoon | 85 +++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 61 insertions(+), 24 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index d06a0c392..27412096a 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -15,17 +15,18 @@ :: +turf: a domain, TLD first :: += turf (list @t) -:: +authority: responsibility for a DNS zone +:: +provider: DNS service provider (gcloud only for now) :: -:: +provider: DNS service provider += provider $% [%gcloud project=@ta zone=@ta] == +:: +authority: responsibility for a DNS zone +:: += authority - $: :: dom: authority over a domain + $: :: dom: authority over a fully-qualified domain :: dom=turf - :: pro: DNS provider (gcloud only for now) + :: pro: DNS service provider :: pro=provider == @@ -33,8 +34,10 @@ :: += target $% :: %direct: an A record + :: [%direct %if p=@if] - :: %indirect: a CNAME + :: %indirect: a CNAME record + :: [%indirect p=ship] == :: +bound: an established binding, plus history @@ -88,14 +91,21 @@ |- ^- (list @t) ?~ t.hot hot [i.hot sep $(hot t.hot)] +:: |gcloud: provider-specific functions :: ++ gcloud |% + :: +base: provider service endpoint + :: ++ base (need (de-purl:html 'https://www.googleapis.com/dns/v1/projects')) + :: +name: fully-qualified domain name + :: ++ name |= [dom=turf him=ship] (cat 3 (join '.' [(crip +:(scow %p him)) (flop dom)]) '.') + :: +record: JSON-formatted provider-specific dns record + :: ++ record |= [dom=turf him=ship tar=target] ^- json @@ -106,9 +116,12 @@ :- %o %- my :~ name+s+(name dom him) type+s+typ + :: XX make configureable? ttl+n+~.300 rrdatas+a+[s+dat ~] == + :: +request: provider-specific record-creation request + :: ++ request =, eyre |= [dom=turf him=ship tar=target pro=provider] @@ -127,8 +140,11 @@ -- -- :: +:: the app itself +:: |_ [bow=bowl:gall state] ++ this . +:: +poke-noun: debugging :: ++ poke-noun |= a=* @@ -157,6 +173,7 @@ [for=~binzod him=~ridbyl-dovwyd tar=[%direct %if .8.8.8.8]] == == +:: +sigh-httr: accept http response :: ++ sigh-httr |= [wir=wire rep=httr:eyre] @@ -188,28 +205,34 @@ ~& +< [~ this] == +:: XX sigh-tang :: -++ poke-dns-authority :: configure +:: +poke-dns-authority: configure self as an authority +:: +++ poke-dns-authority |= aut=authority ^- (quip move _this) ~| %authority-reset-wat-do ?< ?=(^ nem) abet:(init:bind aut) +:: +poke-dns-bind: create binding (if authority), forward request :: -++ poke-dns-bind :: bind or forward +++ poke-dns-bind |= [for=ship him=ship tar=target] ^- (quip move _this) ~& [%bind src=src.bow for=for him=him tar=tar] ~| %bind-yoself ?< =(for him) + :: always forward, there may be multiple authorities + :: =^ zom=(list move) ..this + abet:(~(forward tell him ~) tar) + =^ zam=(list move) ..this ?~ nem [~ this] abet:(~(create bind u.nem) for him tar) - =^ zam=(list move) ..this - abet:(~(forward tell him ~) tar) [(weld zom zam) this] :: -:: ++ coup-dns-bind :: retry? +:: ++ coup-dns-bind :: |= [wir=wire saw=(unit tang)] :: ~& [%coup-bind +<] :: ?~ saw @@ -221,7 +244,9 @@ :: * ~&(coup-dns-bind+wir [~ this]) :: == :: -++ poke-dns-bond :: confirm or forward +:: +poke-dns-bond: process established dns binding +:: +++ poke-dns-bond |= [for=ship him=ship dom=turf] ^- (quip move _this) ~& [%bond +<] @@ -238,8 +263,9 @@ (~(bake tell [him (~(get by per) him)]) dom) ~& [%strange-bond +<] [~ this] +:: +rove: hear %ames +lane change for child ships :: -++ rove :: hear lane change +++ rove |= [wir=wire p=ship q=lane:ames] ^- (quip move _this) ?. =(our.bow (sein:title p)) :: XX check will @@ -248,7 +274,8 @@ ~& [%rove wir p q] :: XX assert that we intend to be listening? =< abet - (~(rove tell [p (~(get by per) p)]) q) + (~(hear tell [p (~(get by per) p)]) q) +:: +prep: adapt state :: :: ++ prep _[~ this] ++ prep @@ -257,29 +284,32 @@ ?^ old [~ this(+<+ u.old)] ?: ?=(?(%czar %king) (clan:title our.bow)) - abet:tend:tell + abet:listen:tell [~ this] +:: |bind: acting as zone authority :: -:: acting as zone authority -:: -++ bind :: nameserver +++ bind =| moz=(list move) |_ nam=nameserver ++ this . + :: +abet: finalize state changes, produce moves :: ++ abet ^- (quip move _^this) [(flop moz) ^this(nem `nam)] + :: +emit: emit a move :: ++ emit |= car=card ~& [%emit-bind car] ^+ this this(moz [[ost.bow car] moz]) + :: +emil: emit a list of moves :: ++ emil |= rac=(list card) q:(spin rac this |=([a=card b=_this] [~ (emit:b a)])) + :: +init: establish zone authority (request confirmation) :: ++ init |= aut=authority @@ -292,6 +322,7 @@ ~& url %- emit(nam [aut ~ ~]) [%hiss wir [~ ~] %httr %hiss url %get ~ ~] + :: +create: bind :him, on behalf of :for :: ++ create |= [for=ship him=ship tar=target] @@ -301,6 +332,7 @@ (request:gcloud dom.aut.nam him tar pro.aut.nam) %- emit(pen.nam (~(put by pen.nam) him tar)) :: XX save for [%hiss wir [~ ~] %httr %hiss req] + :: +confirm: successfully bound :: ++ confirm |= [for=ship him=ship] @@ -320,13 +352,13 @@ [%poke wir [for dap.bow] pok] == -- +:: |tell: acting as planet parent or relay :: -:: acting as planet parent or relay -:: -++ tell :: relay +++ tell =| moz=(list move) |_ [him=ship rel=(unit relay)] ++ this . + :: +abet: finalize state changes, produce moves :: ++ abet ^- (quip move _^this) @@ -334,18 +366,21 @@ ?~ rel ^this ^this(per (~(put by per) him u.rel)) + :: +emit: emit a move :: ++ emit |= car=card ~& [%emit-tell car] ^+ this this(moz [[ost.bow car] moz]) + :: +listen: subscribe to %ames +lane changes for child ships :: - ++ tend :: listen + ++ listen ^+ this (emit [%tend /tend ~]) + :: +hear: hear +lane change, maybe emit binding request :: - ++ rove :: hear + ++ hear |= lan=lane:ames ^+ this =/ adr=(unit @if) @@ -367,8 +402,9 @@ /bind/(scot %p him)/for/(scot %p our.bow) %- emit(rel `ler) [%poke wir [our.bow dap.bow] %dns-bind our.bow him tar] + :: +bake: successfully bound :: - ++ bake :: bound + ++ bake |= dom=turf ~& [%bake dom] ^+ this @@ -377,8 +413,9 @@ :: XX save domain? :: XX notify ship? this + :: +forward: sending binding request up the network :: - ++ forward :: on to parent + ++ forward |= tar=target ~& [%forward tar] ^+ this From 83e2b2ca1ed5638f7bc671b00111c247592aaa8c Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Mon, 18 Jun 2018 22:07:26 -0400 Subject: [PATCH 11/22] enforce invariants: stars direct only, indirect target already bound --- app/dns.hoon | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index 27412096a..617139d37 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -221,8 +221,14 @@ |= [for=ship him=ship tar=target] ^- (quip move _this) ~& [%bind src=src.bow for=for him=him tar=tar] - ~| %bind-yoself - ?< =(for him) + ?: =(for him) + ~|(%bind-yoself !!) + ?: ?& ?=(%king (clan:title him)) + ?=(%indirect -.tar) + == + ~& [%indirect-star +<] + :: XX crash? + [~ this] :: always forward, there may be multiple authorities :: =^ zom=(list move) ..this @@ -326,6 +332,10 @@ :: ++ create |= [for=ship him=ship tar=target] + :: XX defer %indirect where target isn't yet bound + ?> ?| ?=(%direct -.tar) + (~(has by bon.nam) p.tar) + == =/ wir=wire /authority/create/(scot %p him)/for/(scot %p for) =/ req=hiss:eyre From f5a43730bce5190c43b7c383b960d53d4760938f Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Mon, 18 Jun 2018 22:15:52 -0400 Subject: [PATCH 12/22] correctly specify forwarding-on-behalf-of ship --- app/dns.hoon | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index 617139d37..42ad890f0 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -232,7 +232,7 @@ :: always forward, there may be multiple authorities :: =^ zom=(list move) ..this - abet:(~(forward tell him ~) tar) + abet:(~(forward tell him ~) for tar) =^ zam=(list move) ..this ?~ nem [~ this] abet:(~(create bind u.nem) for him tar) @@ -426,7 +426,7 @@ :: +forward: sending binding request up the network :: ++ forward - |= tar=target + |= [for=ship tar=target] ~& [%forward tar] ^+ this ?: ?=(%~zod our.bow) :: ~zod don't forward @@ -438,8 +438,8 @@ * (sein:title our.bow) == =/ wir=wire - /forward/bind/(scot %p him)/for/(scot %p src.bow) + /forward/bind/(scot %p him)/for/(scot %p for) %- emit :: XX for - [%poke wir [to dap.bow] %dns-bind src.bow him tar] + [%poke wir [to dap.bow] %dns-bind for him tar] -- -- From 53cbb607d8d3903f88073285f43df3b7b6c9ced7 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Mon, 18 Jun 2018 22:59:03 -0400 Subject: [PATCH 13/22] cleanup and enforce more %dns-bind invariants --- app/dns.hoon | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index 42ad890f0..1a6f34606 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -220,15 +220,16 @@ ++ poke-dns-bind |= [for=ship him=ship tar=target] ^- (quip move _this) - ~& [%bind src=src.bow for=for him=him tar=tar] + ~& [%bind src=src.bow +<.$] + =/ lan (clan:title him) + ?: ?=(%czar lan) + ~|(%bind-galazy !!) ?: =(for him) ~|(%bind-yoself !!) - ?: ?& ?=(%king (clan:title him)) + ?: ?& ?=(%king lan) ?=(%indirect -.tar) == - ~& [%indirect-star +<] - :: XX crash? - [~ this] + ~|(%bind-indirect-star !!) :: always forward, there may be multiple authorities :: =^ zom=(list move) ..this From 9696890fb1df79061851b870f081bbcbe0906f57 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Mon, 18 Jun 2018 22:59:50 -0400 Subject: [PATCH 14/22] add http request-error handling, reset state on failed authority config --- app/dns.hoon | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/app/dns.hoon b/app/dns.hoon index 1a6f34606..d3e2d5cad 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -205,7 +205,19 @@ ~& +< [~ this] == -:: XX sigh-tang +:: +sigh-tang: failed to make http request +:: +++ sigh-tang + |= [wir=wire saw=tang] + ^- (quip move _this) + ~& [%sigh-tang wir] + ?+ wir + [((slog saw) ~) this] + :: + [%authority %confirm ~] + ~& %authority-confirm-fail + [((slog saw) ~) this(nem ~)] + == :: :: +poke-dns-authority: configure self as an authority :: From 427b5115d48fc40898fd1939ce36a3f4092b5901 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Tue, 19 Jun 2018 13:19:54 -0400 Subject: [PATCH 15/22] print failed %pokes in +coup --- app/dns.hoon | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index d3e2d5cad..194a8ef4e 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -250,19 +250,6 @@ ?~ nem [~ this] abet:(~(create bind u.nem) for him tar) [(weld zom zam) this] -:: -:: ++ coup-dns-bind -:: |= [wir=wire saw=(unit tang)] -:: ~& [%coup-bind +<] -:: ?~ saw -:: [~ this] -:: ?> ?=(^ wir) -:: ?- i.wir -:: %forward !! :: re-forward? -:: %bind !! :: rebind? -:: * ~&(coup-dns-bind+wir [~ this]) -:: == -:: :: +poke-dns-bond: process established dns binding :: ++ poke-dns-bond @@ -282,6 +269,13 @@ (~(bake tell [him (~(get by per) him)]) dom) ~& [%strange-bond +<] [~ this] +:: +coup: general poke acknowledgement or error +:: +++ coup + |= [wir=wire saw=(unit tang)] + ?~ saw [~ this] + ~& [%coup-fallthru wir] + [((slog u.saw) ~) this] :: +rove: hear %ames +lane change for child ships :: ++ rove From 5cc8aecc985a0f58cd835bae7b04425e6265e29d Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Tue, 19 Jun 2018 13:26:00 -0400 Subject: [PATCH 16/22] changes %binding notifications: authority pokes relay, relay pokes ship --- app/dns.hoon | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index 194a8ef4e..9841cdc75 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -255,9 +255,8 @@ ++ poke-dns-bond |= [for=ship him=ship dom=turf] ^- (quip move _this) - ~& [%bond +<] - ~| %bond-yoself - ?< =(for him) + ?: =(for him) + ~|(%bond-yoself !!) ?: =(our.bow him) :: XX notify eyre/hood/acme etc ~& [%bound-us dom] @@ -317,11 +316,6 @@ ~& [%emit-bind car] ^+ this this(moz [[ost.bow car] moz]) - :: +emil: emit a list of moves - :: - ++ emil - |= rac=(list card) - q:(spin rac this |=([a=card b=_this] [~ (emit:b a)])) :: +init: establish zone authority (request confirmation) :: ++ init @@ -361,13 +355,11 @@ =. pen.nam (~(del by pen.nam) him) =. bon.nam (~(put by bon.nam) him nob) =/ wir=wire - /forward/bound/(scot %p him)/for/(scot %p for) - =/ pok=poke - [%dns-bond him for *turf] - %- emil :~ - [%poke wir [him dap.bow] pok] - [%poke wir [for dap.bow] pok] - == + /bound/(scot %p him)/for/(scot %p for) + =/ dom=turf + (weld dom.aut.nam /(crip +:(scow %p him))) + %- emit + [%poke wir [for dap.bow] %dns-bond for him dom] -- :: |tell: acting as planet parent or relay :: @@ -426,10 +418,11 @@ ~& [%bake dom] ^+ this ?> ?=(^ rel) - =. bon.u.rel & - :: XX save domain? - :: XX notify ship? - this + =/ wir=wire + /forward/bound/(scot %p him)/for/(scot %p our.bow) + :: XX save domain, track bound-state per-domain + %- emit(bon.u.rel &) + [%poke wir [him dap.bow] %dns-bond our.bow him dom] :: +forward: sending binding request up the network :: ++ forward From 5f1ec21de3d278c991d07e8a8792ac4790d57327 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Tue, 19 Jun 2018 13:44:31 -0400 Subject: [PATCH 17/22] adds relay confirmation via http before requesting %directing binding --- app/dns.hoon | 73 +++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 67 insertions(+), 6 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index 9841cdc75..665634c00 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -7,6 +7,8 @@ += poke $% [%dns-bind for=ship him=ship target] [%dns-bond for=ship him=ship turf] [%dns-authority authority] + :: XX some other notification channel? + [%helm-send-hi ship (unit tape)] == += card $% [%tend wire ~] [%poke wire dock poke] @@ -200,6 +202,15 @@ =/ him=ship (slav %p i.t.t.wir) =/ for=ship (slav %p i.t.t.t.t.wir) abet:(~(confirm bind u.nem) for him) + :: + [%check @ ~] + =/ him=ship (slav %p i.t.wir) + ?: =(200 p.rep) + ~& %direct-confirm + abet:~(bind tell [him (~(get by per) him)]) + :: XX specific messages per status code + ~& %direct-confirm-fail + abet:(~(fail tell [him (~(get by per) him)]) %failed-request) :: * ~& +< @@ -217,6 +228,12 @@ [%authority %confirm ~] ~& %authority-confirm-fail [((slog saw) ~) this(nem ~)] + :: + [%check @ ~] + ~& %direct-confirm-fail + =/ him=ship (slav %p i.t.wir) + %- (slog saw) + abet:(~(fail tell [him (~(get by per) him)]) %crash) == :: :: +poke-dns-authority: configure self as an authority @@ -245,7 +262,7 @@ :: always forward, there may be multiple authorities :: =^ zom=(list move) ..this - abet:(~(forward tell him ~) for tar) + abet:(~(forward tell [him (~(get by per) him)]) for tar) =^ zam=(list move) ..this ?~ nem [~ this] abet:(~(create bind u.nem) for him tar) @@ -400,17 +417,61 @@ == [%indirect our.bow] [%direct %if u.adr] - =/ ler=relay - [now.bow adr | tar] ?. ?| ?=(~ rel) !=(tar tar.u.rel) == this - :: we may be an authority, so we poke ourselves + =. rel `[wen=now.bow adr bon=| tar] + ?:(?=(%indirect -.tar) bind check) + :: +check: confirm %direct target is accessible + :: + ++ check + ^+ this + ?> ?=(^ rel) + ?> ?=(%direct -.tar.u.rel) + :: XX check for reserved ip + ?: | + (fail %reserved-ip) + =/ wir=wire + /check/(scot %p him) + =/ url=purl:eyre + :- [sec=| por=~ host=[%| `@if`p.tar.u.rel]] + [[ext=`~.md path=~] query=~] + :: XX state mgmt + %- emit + [%hiss wir [~ ~] %httr %hiss url %get ~ ~] + :: +fail: %direct target is invalid or inaccessible + :: + ++ fail + |= err=@tas + ^+ this + ?> ?=(^ rel) + ~& [%fail err him tar.u.rel] + =/ wir=wire + /fail/(scot %p him) + =/ msg=tape + ?+ err + "dns binding failed" + :: + %reserved-ip + ?> ?=(%direct -.tar.u.rel) + "unable to create dns binding reserved address {(scow %if p.tar.u.rel)}" + == + :: XX state mgmt + %- emit + [%poke wir [our.bow %hood] %helm-send-hi him `msg] + :: +bind: request binding for target + :: + :: Since we may be an authority, we poke ourselves. + :: + ++ bind + ^+ this + ?> ?=(^ rel) + :: XX state mgmt =/ wir=wire /bind/(scot %p him)/for/(scot %p our.bow) - %- emit(rel `ler) - [%poke wir [our.bow dap.bow] %dns-bind our.bow him tar] + %- emit + [%poke wir [our.bow dap.bow] %dns-bind our.bow him tar.u.rel] :: +bake: successfully bound :: ++ bake From f2f47a07fba9ab4696064c630991cfd9391730fc Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Wed, 20 Jun 2018 12:44:34 -0400 Subject: [PATCH 18/22] creates sur/dns, refactors app, ands %dns-bind and %dns-bond marks --- app/dns.hoon | 58 ++--------------------------------------------- mar/dns/bind.hoon | 11 +++++++++ mar/dns/bond.hoon | 11 +++++++++ sur/dns.hoon | 58 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 82 insertions(+), 56 deletions(-) create mode 100644 mar/dns/bind.hoon create mode 100644 mar/dns/bond.hoon create mode 100644 sur/dns.hoon diff --git a/app/dns.hoon b/app/dns.hoon index 665634c00..75a368340 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -1,3 +1,5 @@ +/- dns +=, dns !: :: :: moves and state @@ -14,62 +16,6 @@ [%poke wire dock poke] [%hiss wire [~ ~] %httr %hiss hiss:eyre] == -:: +turf: a domain, TLD first -:: -+= turf (list @t) -:: +provider: DNS service provider (gcloud only for now) -:: -+= provider - $% [%gcloud project=@ta zone=@ta] - == -:: +authority: responsibility for a DNS zone -:: -+= authority - $: :: dom: authority over a fully-qualified domain - :: - dom=turf - :: pro: DNS service provider - :: - pro=provider - == -:: +target: a ship is bound to a ... -:: -+= target - $% :: %direct: an A record - :: - [%direct %if p=@if] - :: %indirect: a CNAME record - :: - [%indirect p=ship] - == -:: +bound: an established binding, plus history -:: -+= bound - $: :: wen: established - :: - wen=@da - :: cur: current target - :: - cur=target - :: hit: historical targets - :: - hit=(list (pair @da target)) - == -:: +nameserver: a b s o l u t e p o w e r -:: -+= nameserver - $: aut=authority - pen=(map ship target) - bon=(map ship bound) - == -:: +relay: a good parent keeps track -:: -+= relay - $: wen=@da - wer=(unit @if) - bon=? - tar=target - == :: +state: complete app state :: += state diff --git a/mar/dns/bind.hoon b/mar/dns/bind.hoon new file mode 100644 index 000000000..20eeaf202 --- /dev/null +++ b/mar/dns/bind.hoon @@ -0,0 +1,11 @@ +:: +:::: /mar/dns/bind/hoon + :: +/- dns +=, dns +|_ [for=ship him=ship target] +++ grab + |% + ++ noun ,[for=ship him=ship target] + -- +-- diff --git a/mar/dns/bond.hoon b/mar/dns/bond.hoon new file mode 100644 index 000000000..bcee09453 --- /dev/null +++ b/mar/dns/bond.hoon @@ -0,0 +1,11 @@ +:: +:::: /mar/dns/bond/hoon + :: +/- dns +=, dns +|_ [for=ship him=ship turf] +++ grab + |% + ++ noun ,[for=ship him=ship turf] + -- +-- diff --git a/sur/dns.hoon b/sur/dns.hoon new file mode 100644 index 000000000..474669174 --- /dev/null +++ b/sur/dns.hoon @@ -0,0 +1,58 @@ +|% +:: +turf: a domain, TLD first +:: ++= turf (list @t) +:: +provider: DNS service provider (gcloud only for now) +:: ++= provider + $% [%gcloud project=@ta zone=@ta] + == +:: +authority: responsibility for a DNS zone +:: ++= authority + $: :: dom: authority over a fully-qualified domain + :: + dom=turf + :: pro: DNS service provider + :: + pro=provider + == +:: +target: a ship is bound to a ... +:: ++= target + $% :: %direct: an A record + :: + [%direct %if p=@if] + :: %indirect: a CNAME record + :: + [%indirect p=ship] + == +:: +bound: an established binding, plus history +:: ++= bound + $: :: wen: established + :: + wen=@da + :: cur: current target + :: + cur=target + :: hit: historical targets + :: + hit=(list (pair @da target)) + == +:: +nameserver: a b s o l u t e p o w e r +:: ++= nameserver + $: aut=authority + pen=(map ship target) + bon=(map ship bound) + == +:: +relay: a good parent keeps track +:: ++= relay + $: wen=@da + wer=(unit @if) + bon=? + tar=target + == +-- From 2f743a504b6406c60277b2910cddf1d2502c153f Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Wed, 20 Jun 2018 13:18:23 -0400 Subject: [PATCH 19/22] removes debug binding in +poke-noun, unnecessary printfs --- app/dns.hoon | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index 75a368340..6e39d72c6 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -109,17 +109,6 @@ %dns-authority [/org/urbit/dyndns %gcloud %tonal-griffin-853 %dyndns] == - :: - %bin - :_ this :_ ~ - :* ost.bow - %poke - /bar - [our.bow dap.bow] - %dns-bind - :: [for=~binzod him=~ridbyl-dovwyd tar=[%indirect p=~binzod]] - [for=~binzod him=~ridbyl-dovwyd tar=[%direct %if .8.8.8.8]] - == == :: +sigh-httr: accept http response :: @@ -135,7 +124,6 @@ ~& [%authority-confirm-fail rep] [~ this(nem ~)] :: XX anything to do here? parse body? - ~& %authority-confirmed [~ this] :: [%authority %create @ %for @ ~] @@ -152,7 +140,6 @@ [%check @ ~] =/ him=ship (slav %p i.t.wir) ?: =(200 p.rep) - ~& %direct-confirm abet:~(bind tell [him (~(get by per) him)]) :: XX specific messages per status code ~& %direct-confirm-fail @@ -276,7 +263,6 @@ :: ++ emit |= car=card - ~& [%emit-bind car] ^+ this this(moz [[ost.bow car] moz]) :: +init: establish zone authority (request confirmation) @@ -342,7 +328,6 @@ :: ++ emit |= car=card - ~& [%emit-tell car] ^+ this this(moz [[ost.bow car] moz]) :: +listen: subscribe to %ames +lane changes for child ships From 08b39a8f6436ecfddae07ed21e9bc570cf0d22d3 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Wed, 20 Jun 2018 13:55:01 -0400 Subject: [PATCH 20/22] checks for reserved IP addresses before creating %direct binding --- app/dns.hoon | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index 6e39d72c6..fb7540f57 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -39,6 +39,58 @@ |- ^- (list @t) ?~ t.hot hot [i.hot sep $(hot t.hot)] +:: +reserved: check if an ipv4 address is in a reserved range +:: +++ reserved + |= a=@if + ^- ? + =/ b (rip 3 a) + ?> ?=([@ @ @ @ ~] b) + ?| :: 0.0.0.0/8 (software) + :: + =(0 i.b) + :: 10.0.0.0/8 (private) + :: + =(10 i.b) + :: 100.64.0.0/10 (carrier-grade NAT) + :: + &(=(100 i.b) (gte 64 i.t.b) (lte 127 i.t.b)) + :: 127.0.0.0/8 (localhost) + :: + =(127 i.b) + :: 169.254.0.0/16 (link-local) + :: + &(=(169 i.b) =(254 i.t.b)) + :: 172.16.0.0/12 (private) + :: + &(=(172 i.b) (gte 16 i.t.b) (lte 31 i.t.b)) + :: 192.0.0.0/24 (protocol assignment) + :: + &(=(192 i.b) =(0 i.t.b) =(0 i.t.t.b)) + :: 192.0.2.0/24 (documentation) + :: + &(=(192 i.b) =(0 i.t.b) =(2 i.t.t.b)) + :: 192.18.0.0/15 (reserved, benchmark) + :: + &(=(192 i.b) |(=(18 i.t.b) =(19 i.t.b))) + :: 192.51.100.0/24 (documentation) + :: + &(=(192 i.b) =(51 i.t.b) =(100 i.t.t.b)) + :: 192.88.99.0/24 (reserved, ex-anycast) + :: + &(=(192 i.b) =(88 i.t.b) =(99 i.t.t.b)) + :: 192.168.0.0/16 (private) + :: + &(=(192 i.b) =(168 i.t.b)) + :: 203.0.113/24 (documentation) + :: + &(=(203 i.b) =(0 i.t.b) =(113 i.t.t.b)) + :: 224.0.0.0/8 (multicast) + :: 240.0.0.0/4 (reserved, future) + :: 255.255.255.255/32 (broadcast) + :: + (gte 224 i.b) + == :: |gcloud: provider-specific functions :: ++ gcloud @@ -360,8 +412,7 @@ ^+ this ?> ?=(^ rel) ?> ?=(%direct -.tar.u.rel) - :: XX check for reserved ip - ?: | + ?: (reserved p.tar.u.rel) (fail %reserved-ip) =/ wir=wire /check/(scot %p him) From cd4330a02479b39b54768005112de9877f75adca Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Wed, 20 Jun 2018 16:06:00 -0400 Subject: [PATCH 21/22] auto-starts :dns, adds generator to configure authority --- app/dns.hoon | 15 ++------------- gen/dns/authority.hoon | 30 ++++++++++++++++++++++++++++++ lib/hood/drum.hoon | 7 ++++++- 3 files changed, 38 insertions(+), 14 deletions(-) create mode 100644 gen/dns/authority.hoon diff --git a/app/dns.hoon b/app/dns.hoon index fb7540f57..cae867d36 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -149,19 +149,8 @@ ++ poke-noun |= a=* ^- (quip move _this) - ?+ a ~& +<+:this - [~ this] - :: - %aut - :_ this :_ ~ - :* ost.bow - %poke - /foo - [our.bow dap.bow] - %dns-authority - [/org/urbit/dyndns %gcloud %tonal-griffin-853 %dyndns] - == - == + ~& +<+:this + [~ this] :: +sigh-httr: accept http response :: ++ sigh-httr diff --git a/gen/dns/authority.hoon b/gen/dns/authority.hoon new file mode 100644 index 000000000..b7daed631 --- /dev/null +++ b/gen/dns/authority.hoon @@ -0,0 +1,30 @@ +:: DNS: configure zone authority +:: +:::: /hoon/authority/dns/gen + :: +/- dns, sole +=, [dns sole] +:- %ask +|= $: [now=@da eny=@uvJ bec=beak] + [arg=$@(~ [dom=path ~])] + ~ + == +^- (sole-result [%dns-authority authority]) +=- ?~ arg - + (fun.q.q [%& dom.arg]) +%+ sole-lo + [%& %dns-domain "dns domain: "] +%+ sole-go thos:de-purl:html +|= hot=host:eyre +?: ?=($| -.hot) + ~|(%ips-unsupported !!) +%+ sole-lo + [%& %project "gcloud project: "] +%+ sole-go urs:ab +|= project=@ta +%+ sole-lo + [%& %zone "dns zone: "] +%+ sole-go urs:ab +|= zone=@ta +%+ sole-so %dns-authority +[p.hot %gcloud project zone] diff --git a/lib/hood/drum.hoon b/lib/hood/drum.hoon index 2cf9b00b9..7ac3f3c64 100644 --- a/lib/hood/drum.hoon +++ b/lib/hood/drum.hoon @@ -80,7 +80,12 @@ =+ myr=(clan:title our) ?: ?=($pawn myr) [[%base %collections] [%base %hall] [%base %talk] [%base %dojo] ~] - [[%home %collections] [%home %hall] [%home %talk] [%home %dojo] ~] + :~ [%home %collections] + [%home %dns] + [%home %dojo] + [%home %hall] + [%home %talk] + == :: ++ deft-fish :: default connects |= our/ship From 3b543b46dec4d4f5190b12f73b869307f05a135b Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Wed, 20 Jun 2018 16:58:47 -0400 Subject: [PATCH 22/22] implements safe re-binding, refactors |gcloud --- app/dns.hoon | 49 +++++++++++++++++++++++++++++++------------------ 1 file changed, 31 insertions(+), 18 deletions(-) diff --git a/app/dns.hoon b/app/dns.hoon index cae867d36..becd968eb 100644 --- a/app/dns.hoon +++ b/app/dns.hoon @@ -39,6 +39,17 @@ |- ^- (list @t) ?~ t.hot hot [i.hot sep $(hot t.hot)] +:: +name: fully-qualified domain name +:: +++ name + |= [him=ship dom=turf] + (cat 3 (join '.' [(crip +:(scow %p him)) (flop dom)]) '.') +:: +endpoint: append path to purl +:: +++ endpoint + |= [bas=purl:eyre pat=path] + ^+ bas + bas(q.q (weld q.q.bas pat)) :: +reserved: check if an ipv4 address is in a reserved range :: ++ reserved @@ -94,27 +105,23 @@ :: |gcloud: provider-specific functions :: ++ gcloud - |% + |_ aut=authority :: +base: provider service endpoint :: ++ base (need (de-purl:html 'https://www.googleapis.com/dns/v1/projects')) - :: +name: fully-qualified domain name - :: - ++ name - |= [dom=turf him=ship] - (cat 3 (join '.' [(crip +:(scow %p him)) (flop dom)]) '.') :: +record: JSON-formatted provider-specific dns record :: ++ record - |= [dom=turf him=ship tar=target] + |= [him=ship tar=target] ^- json + :: ?> ?=([%gcloud *] pro.aut) =+ ^- [typ=cord dat=cord] ?: ?=(%direct -.tar) ['A' (crip +:(scow %if p.tar))] - ['CNAME' (name dom p.tar)] + ['CNAME' (name p.tar dom.aut)] :- %o %- my :~ - name+s+(name dom him) + name+s+(name him dom.aut) type+s+typ :: XX make configureable? ttl+n+~.300 @@ -124,18 +131,21 @@ :: ++ request =, eyre - |= [dom=turf him=ship tar=target pro=provider] + |= [him=ship tar=target pre=(unit target)] ^- hiss - ?> ?=([%gcloud *] pro) + :: ?> ?=([%gcloud *] pro.aut) =/ url=purl - =+ base - -(q.q (weld q.q.- /[project.pro]/['managedZones']/[zone.pro]/changes)) + %+ endpoint base + /[project.pro.aut]/['managedZones']/[zone.pro.aut]/changes =/ hed=math (my content-type+['application/json' ~] ~) =/ bod=octs %- as-octt:mimes:html %- en-json:html - o+(my additions+a+[(record dom him tar) ~] ~) + :- %o %- my + :- additions+a+[(record him tar) ~] + ?~ pre ~ + [deletions+a+[(record him u.pre) ~] ~] [url %post hed `bod] -- -- @@ -312,9 +322,8 @@ |= aut=authority :: ?> ?=(%gcloud pro.aut) =/ wir=wire /authority/confirm - =/ url=purl:eyre base:gcloud - =. q.q.url - %+ weld q.q.url + =/ url=purl:eyre + %+ endpoint base:gcloud /[project.pro.aut]/['managedZones']/[zone.pro.aut] ~& url %- emit(nam [aut ~ ~]) @@ -329,8 +338,12 @@ == =/ wir=wire /authority/create/(scot %p him)/for/(scot %p for) + =/ pre=(unit target) + =/ bon=(unit bound) (~(get by bon.nam) him) + ?~(bon ~ `cur.u.bon) + :: ?> ?=(%gcloud pro.aut.nam) =/ req=hiss:eyre - (request:gcloud dom.aut.nam him tar pro.aut.nam) + (~(request gcloud aut.nam) him tar pre) %- emit(pen.nam (~(put by pen.nam) him tar)) :: XX save for [%hiss wir [~ ~] %httr %hiss req] :: +confirm: successfully bound