move global lookup to SD

Author: Marc Odermatt

daemon/internal/servers/grpc.go

@@ -16,8 +16,11 @@ package servers
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
+	"io"
 	"net"
+	"net/http"
 	"time"
 
 	durationpb "github.com/golang/protobuf/ptypes/duration"
@@ -661,20 +664,78 @@ func requestToHostHostMeta(req *sdpb.DRKeyHostHostRequest) (drkey.HostHostMeta,
 func (s *DaemonServer) PolicyDescription(ctx context.Context,
 	request *sdpb.PolicyDescriptionRequest) (
 	*sdpb.PolicyDescriptionResponse, error) {
-	conn, err := s.Dialer.Dial(ctx, &snet.SVCAddr{SVC: addr.SvcCS})
+
+	var description string
+	if request.IsLocal {
+		conn, err := s.Dialer.Dial(ctx, &snet.SVCAddr{SVC: addr.SvcCS})
+		if err != nil {
+			log.FromCtx(ctx).Debug("Dialing CS failed", "err", err)
+		}
+		defer conn.Close()
+		client := experimental.NewFABRIDIntraServiceClient(conn)
+		response, err := client.RemotePolicyDescription(ctx,
+			&experimental.RemotePolicyDescriptionRequest{
+				PolicyIdentifier: request.PolicyIdentifier,
+				IsdAs:            request.IsdAs,
+			})
+		if err != nil {
+			return &sdpb.PolicyDescriptionResponse{}, err
+		}
+		description = response.Description
+	} else {
+		globalPolicyURL := "https://raw.githubusercontent.com/marcodermatt/fabrid-global-policies/main/policy-descriptions.json"
+
+		// Fetch the global policy from the URL
+		policy, err := FetchGlobalPolicy(globalPolicyURL)
+		if err != nil {
+			return nil, serrors.WrapStr("fetching global policy", err)
+		}
+
+		// Retrieve the description for the given identifier
+		description, err = GetPolicyDescription(policy, request.PolicyIdentifier)
+		if err != nil {
+			return nil, serrors.WrapStr("getting global policy description", err)
+		}
+
+	}
+	return &sdpb.PolicyDescriptionResponse{Description: description}, nil
+}
+
+// GlobalPolicy holds the mapping of uint32 identifiers to their string descriptions
+type GlobalPolicy map[uint32]string
+
+// FetchGlobalPolicy fetches and parses the global policy from the given URL
+func FetchGlobalPolicy(url string) (GlobalPolicy, error) {
+	resp, err := http.Get(url)
 	if err != nil {
-		log.FromCtx(ctx).Debug("Dialing CS failed", "err", err)
+		return nil, serrors.WrapStr("failed to fetch global policy", err)
 	}
-	defer conn.Close()
-	client := experimental.NewFABRIDIntraServiceClient(conn)
-	response, err := client.RemotePolicyDescription(ctx,
-		&experimental.RemotePolicyDescriptionRequest{
-			PolicyIdentifier: request.PolicyIdentifier,
-			IsdAs:            request.IsdAs,
-		})
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, serrors.New("failed to fetch global policy", "StatusCode", resp.StatusCode)
+	}
+
+	// Read the response body
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return &sdpb.PolicyDescriptionResponse{}, err
+		return nil, serrors.WrapStr("failed to read response body", err)
+	}
+
+	// Unmarshal the JSON data into a map
+	var policy GlobalPolicy
+	if err = json.Unmarshal(body, &policy); err != nil {
+		return nil, serrors.WrapStr("failed to unmarshal policy JSON", err)
 	}
 
-	return &sdpb.PolicyDescriptionResponse{Description: response.Description}, nil
+	return policy, nil
+}
+
+// GetPolicyDescription retrieves the description for the given identifier
+func GetPolicyDescription(policy GlobalPolicy, identifier uint32) (string, error) {
+	description, exists := policy[identifier]
+	if !exists {
+		return "", serrors.New("no policy found", "identifier", identifier)
+	}
+	return description, nil
 }

pkg/daemon/daemon.go

@@ -90,7 +90,9 @@ type Connector interface {
 	DRKeyGetHostHostKey(ctx context.Context, meta drkey.HostHostMeta) (drkey.HostHostKey, error)
 	// FabridKeys requests FABRID DRKeys for all provided ASes and the path validation key
 	FabridKeys(ctx context.Context, meta drkey.FabridKeysMeta) (drkey.FabridKeysResponse, error)
-	RemotePolicyDescription(ctx context.Context, identifier uint32, ia addr.IA) (string, error)
+	// PolicyDescription reqests the string description for a FABRID policy
+	PolicyDescription(ctx context.Context, isLocal bool, identifier uint32,
+		ia *addr.IA) (string, error)
 	// Close shuts down the connection to the daemon.
 	Close() error
 }

pkg/daemon/grpc.go

@@ -277,18 +277,22 @@ func (c grpcConn) FabridKeys(ctx context.Context, meta drkey.FabridKeysMeta,
 	}, nil
 }
 
-func (c grpcConn) RemotePolicyDescription(ctx context.Context,
-	identifier uint32, ia addr.IA) (string, error) {
+func (c grpcConn) PolicyDescription(ctx context.Context,
+	isLocal bool, identifier uint32, ia *addr.IA) (string, error) {
 
 	client := sdpb.NewDaemonServiceClient(c.conn)
-	response, err := client.PolicyDescription(ctx, &sdpb.PolicyDescriptionRequest{
+	request := &sdpb.PolicyDescriptionRequest{
+		IsLocal:          isLocal,
 		PolicyIdentifier: identifier,
-		IsdAs:            uint64(ia),
-	})
+	}
+	if isLocal {
+		request.IsdAs = uint64(*ia)
+	}
+	response, err := client.PolicyDescription(ctx, request)
 	if err != nil {
-		return "", nil
+		return "", err
 	}
-	return response.Description, err
+	return response.Description, nil
 }
 
 func (c grpcConn) Close() error {