Refactor RDP proxy handling and update related tests

backend/internal/modules/cluster/models.go

@@ -53,6 +53,10 @@ const (
 	FabricServiceClassRemoteWorkspace = "remote_workspace"
 	FabricServiceClassFileTransfer    = "file_transfer"
 	FabricServiceClassVideo           = "video"
+	FabricServiceClassPlatformAdmin   = "platform_admin"
+	FabricServiceClassClusterAdmin    = "cluster_admin"
+	FabricServiceClassOrganization    = "organization_portal"
+	FabricServiceClassUserPortal      = "user_portal"
 
 	FabricChannelControl     = "control"
 	FabricChannelInteractive = "interactive"
@@ -62,16 +66,27 @@ const (
 )
 
 var allowedNodeRoles = map[string]struct{}{
-	"entry-node":         {},
-	"relay-node":         {},
-	"core-mesh":          {},
-	"rdp-worker":         {},
-	"vnc-worker":         {},
-	"vpn-exit":           {},
-	"vpn-connector":      {},
-	"file-storage-cache": {},
-	"update-cache":       {},
-	"video-relay":        {},
+	"public-ingress":              {},
+	"admin-ingress":               {},
+	"global-admin-runtime":        {},
+	"cluster-admin-runtime":       {},
+	"organization-portal-runtime": {},
+	"user-portal-runtime":         {},
+	"identity-runtime":            {},
+	"policy-authority":            {},
+	"audit-sink":                  {},
+	"entry-node":                  {},
+	"relay-node":                  {},
+	"core-mesh":                   {},
+	"rdp-worker":                  {},
+	"vnc-worker":                  {},
+	"vpn-exit":                    {},
+	"vpn-connector":               {},
+	"vpn-client":                  {},
+	"ipv4-egress":                 {},
+	"file-storage-cache":          {},
+	"update-cache":                {},
+	"video-relay":                 {},
 }
 
 type Cluster struct {
@@ -353,6 +368,7 @@ type NodeUpdatePlan struct {
 	Artifact             *ReleaseArtifact  `json:"artifact,omitempty"`
 	AuthorityPayload     json.RawMessage   `json:"authority_payload,omitempty"`
 	AuthoritySignature   *ClusterSignature `json:"authority_signature,omitempty"`
+	AuthorityQuorum      *QuorumEnvelope   `json:"authority_quorum,omitempty"`
 	ProductionForwarding bool              `json:"production_forwarding"`
 }
 
@@ -373,14 +389,15 @@ type NodeUpdateStatus struct {
 }
 
 type NodeBootstrap struct {
-	NodeID             string                      `json:"node_id"`
-	ClusterID          string                      `json:"cluster_id"`
-	IdentityStatus     string                      `json:"identity_status"`
-	Certificate        map[string]any              `json:"certificate"`
-	HeartbeatEndpoint  string                      `json:"heartbeat_endpoint"`
-	ClusterAuthority   *ClusterAuthorityDescriptor `json:"cluster_authority,omitempty"`
-	AuthorityPayload   json.RawMessage             `json:"authority_payload,omitempty"`
-	AuthoritySignature *ClusterSignature           `json:"authority_signature,omitempty"`
+	NodeID                 string                      `json:"node_id"`
+	ClusterID              string                      `json:"cluster_id"`
+	IdentityStatus         string                      `json:"identity_status"`
+	Certificate            map[string]any              `json:"certificate"`
+	HeartbeatEndpoint      string                      `json:"heartbeat_endpoint"`
+	ClusterAuthority       *ClusterAuthorityDescriptor `json:"cluster_authority,omitempty"`
+	ClusterAuthorityQuorum *QuorumDescriptor           `json:"cluster_authority_quorum,omitempty"`
+	AuthorityPayload       json.RawMessage             `json:"authority_payload,omitempty"`
+	AuthoritySignature     *ClusterSignature           `json:"authority_signature,omitempty"`
 }
 
 type NodeJoinRequest struct {
@@ -1531,6 +1548,8 @@ type ClusterAuthorityState struct {
 }
 
 type ClusterSignature = clusterauth.Signature
+type QuorumEnvelope = clusterauth.QuorumEnvelope
+type QuorumDescriptor = clusterauth.QuorumDescriptor
 
 type ClusterAuthorityDescriptor struct {
 	SchemaVersion        string    `json:"schema_version"`
@@ -1545,7 +1564,9 @@ type ClusterAuthorityDescriptor struct {
 
 type ClusterAuthorityKey struct {
 	ClusterAuthorityDescriptor
-	PrivateKey string `json:"-"`
+	PrivateKey       string            `json:"-"`
+	Metadata         json.RawMessage   `json:"metadata,omitempty"`
+	QuorumDescriptor *QuorumDescriptor `json:"quorum_descriptor,omitempty"`
 }
 
 type ClusterAdminSummary struct {
@@ -1808,6 +1829,8 @@ type VPNClientConnection struct {
 	AllowedNodeIDs  []string                `json:"allowed_node_ids"`
 	EntryNodeIDs    []string                `json:"entry_node_ids"`
 	ExitNodeID      string                  `json:"exit_node_id,omitempty"`
+	ExitPoolID      string                  `json:"exit_pool_id,omitempty"`
+	ExitPoolName    string                  `json:"exit_pool_name,omitempty"`
 	ActiveLease     *NodeVPNAssignmentLease `json:"active_lease,omitempty"`
 	RoutePolicies   json.RawMessage         `json:"route_policies"`
 	ClientConfig    json.RawMessage         `json:"client_config"`