Introduce notion of device groups
diff --git a/core/vpn/manager.go b/core/vpn/manager.go
index 7919393..fdb29cb 100644
--- a/core/vpn/manager.go
+++ b/core/vpn/manager.go
@@ -10,12 +10,20 @@
// It does enforce device to device ACLs but delegates user authorization to the client.
type Manager interface {
// Registers new device with given public key and name.
- // Returns VPN network configuration on success and error otherwise.
- // By default new devices have access to other machines owned by the same user
- // and a PCloud entrypoint.
- RegisterDevice(name string, pubKey types.PublicKey) (*types.NetworkMap, error)
+ // New device is isolated from the rest of the network until it is explicitely added to
+ // an existing group.
+ RegisterDevice(name string, pubKey types.PublicKey) error
// Completely removes device with given public key from the network.
RemoveDevice(pubKey types.PublicKey) error
+ // Creates new group with given name and returns it's id.
+ // Name does not have to be unique.
+ CreateGroup(name string) (types.GroupID, error)
+ // Deletes group with given id.
+ DeleteGroup(id types.GroupID) error
+ // Adds device with given public key to the group and returns updated network configuration.
+ AddDeviceToGroup(pubKey types.PublicKey, id types.GroupID) (*types.NetworkMap, error)
+ // Removes device from the group and returns updated network configuration.
+ RemoveDeviceFromGroup(pubKey types.PublicKey, id types.GroupID) (*types.NetworkMap, error)
// Returns network configuration for a device with give public key.
// Result of this call must be encrypted with the same public key before
// sending it back to the client, so only the owner of it's corresponding