do config update

[brad-defined]

do config update support for api PR #1891

[johnmaguire]

nit: comment name is off

[brad-defined]

donezo

[johnmaguire]

is it possible to DRY the signature validation so we only have one copy to maintain? just since it's crypto bits... like lines 425 - 441

[brad-defined]

PR updated!

[johnmaguire]

I updated the simple example locally to see what this looks like and this matches my expectation. I won't push to this branch as the example code currently uses CheckForUpdate and I switched it to LongPollWait. I might push up a PR later with those changes.

diff --git a/examples/simple/main.go b/examples/simple/main.go
index 8862767..943b363 100644
--- a/examples/simple/main.go
+++ b/examples/simple/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"encoding/json"
 	"flag"
 	"fmt"
 	"os"
@@ -48,16 +49,24 @@ func main() {
 	// loop and check for updates example
 	for {
 		logger.Info("Waiting 60 seconds to check for update")
-		time.Sleep(60 * time.Second)
 
 		// check for an update and perform the update if available
-		updateAvailable, err := c.CheckForUpdate(context.Background(), *creds)
+		supportedActions := []string{"DoUpdate", "DoConfigUpdate", "NoOp"} // signal support for DoConfigUpdate
+		msg, err := c.LongPollWait(context.Background(), *creds, supportedActions)
 		if err != nil {
 			logger.WithError(err).Error("Failed to check for update")
 			continue
 		}
 
-		if updateAvailable {
+		var msgType struct{ Command string }
+		err = json.Unmarshal([]byte(msg.Action), &msgType)
+		if err != nil {
+			logger.WithError(err).Error("Failed to parse command")
+			continue
+		}
+
+		switch msgType.Command {
+		case "DoUpdate":
 			// be careful not to blow away creds in case err != nil
 			// another option is to pass credentials by reference and let DoUpdate modify the struct if successful but
 			// this makes it less obvious to the caller that they need to save the new credentials to disk
@@ -78,6 +87,42 @@ func main() {
 			fmt.Printf("Counter: %d, config:\n\n%s\nmeta:\n%+v\n", creds.Counter, config, meta)
 
 			// XXX Now would be a good time to save both the new config and credentials to disk and reload Nebula.
+
+		case "DoConfigUpdate":
+			pkey, cert, err := dnapi.FetchConfigPrivateKeyAndCert(config)
+			if err != nil {
+				logger.WithError(err).Error("Failed to fetch private key and cert from config for config update")
+				continue
+			}
+
+			config, newCreds, meta, err := c.DoConfigUpdate(context.Background(), *creds)
+			if err != nil {
+				logger.WithError(err).Error("Failed to perform config update")
+				continue
+			}
+
+			config, err = dnapi.InsertConfigCert(config, cert)
+			if err != nil {
+				logger.WithError(err).Error("Failed to insert cert into config")
+				continue
+			}
+
+			config, err = dnapi.InsertConfigPrivateKey(config, pkey)
+			if err != nil {
+				logger.WithError(err).Error("Failed to insert private key into config")
+				continue
+			}
+
+			creds = newCreds
+
+			fmt.Printf("Counter: %d, config:\n\n%s\nmeta:\n%+v\n", creds.Counter, config, meta)
+
+		case "NoOp":
+			time.Sleep(60 * time.Second)
+
+		default:
+			logger.WithField("command", msgType.Command).Error("Unknown command received")
+			time.Sleep(60 * time.Second)
 		}
 	}
 }