2022-02-24 08:36:48 +08:00
|
|
|
package nodeacls
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/gravitl/netmaker/database"
|
2022-02-26 00:06:03 +08:00
|
|
|
"github.com/gravitl/netmaker/logic/acls"
|
2022-02-24 08:36:48 +08:00
|
|
|
)
|
|
|
|
|
|
2022-02-26 03:08:44 +08:00
|
|
|
// CreateNodeACL - inserts or updates a node ACL on given network and adds to state
|
2022-02-26 00:06:03 +08:00
|
|
|
func CreateNodeACL(networkID NetworkID, nodeID NodeID, defaultVal byte) (acls.ACL, error) {
|
|
|
|
|
if defaultVal != acls.NotAllowed && defaultVal != acls.Allowed {
|
|
|
|
|
defaultVal = acls.NotAllowed
|
2022-02-24 08:36:48 +08:00
|
|
|
}
|
2022-02-26 03:08:44 +08:00
|
|
|
var currentNetworkACL, err = FetchAllACLs(networkID)
|
2022-02-24 08:36:48 +08:00
|
|
|
if err != nil {
|
2022-02-26 03:08:44 +08:00
|
|
|
if database.IsEmptyRecord(err) {
|
|
|
|
|
currentNetworkACL, err = currentNetworkACL.New(acls.ContainerID(networkID))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-02-24 08:36:48 +08:00
|
|
|
}
|
2022-02-26 00:06:03 +08:00
|
|
|
var newNodeACL = make(acls.ACL)
|
2022-02-25 02:48:35 +08:00
|
|
|
for existingNodeID := range currentNetworkACL {
|
2022-02-26 00:06:03 +08:00
|
|
|
currentNetworkACL[existingNodeID][acls.AclID(nodeID)] = defaultVal // set the old nodes to default value for new node
|
|
|
|
|
newNodeACL[existingNodeID] = defaultVal // set the old nodes in new node ACL to default value
|
2022-02-25 02:48:35 +08:00
|
|
|
}
|
2022-02-26 00:06:03 +08:00
|
|
|
currentNetworkACL[acls.AclID(nodeID)] = newNodeACL // append the new node's ACL
|
|
|
|
|
retNetworkACL, err := currentNetworkACL.Save(acls.ContainerID(networkID)) // insert into db
|
2022-02-25 02:48:35 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-02-26 00:06:03 +08:00
|
|
|
return retNetworkACL[acls.AclID(nodeID)], nil
|
2022-02-24 08:36:48 +08:00
|
|
|
}
|
|
|
|
|
|
2022-02-26 03:08:44 +08:00
|
|
|
// ChangeNodesAccess - changes relationship between two individual nodes in given network in memory
|
|
|
|
|
func ChangeNodesAccess(networkID NetworkID, node1, node2 NodeID, value byte) (acls.ACLContainer, error) {
|
|
|
|
|
var currentNetworkACL, err = FetchAllACLs(networkID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
currentNetworkACL.ChangeAccess(acls.AclID(node1), acls.AclID(node2), value)
|
|
|
|
|
return currentNetworkACL, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// UpdateNodeACL - updates a node's ACL in state
|
|
|
|
|
func UpdateNodeACL(networkID NetworkID, nodeID NodeID, acl acls.ACL) (acls.ACL, error) {
|
|
|
|
|
var currentNetworkACL, err = FetchAllACLs(networkID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
currentNetworkACL[acls.AclID(nodeID)] = acl
|
|
|
|
|
return currentNetworkACL[acls.AclID(nodeID)].Save(acls.ContainerID(networkID), acls.AclID(nodeID))
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-24 08:36:48 +08:00
|
|
|
// RemoveNodeACL - removes a specific Node's ACL, returns the NetworkACL and error
|
2022-02-26 00:06:03 +08:00
|
|
|
func RemoveNodeACL(networkID NetworkID, nodeID NodeID) (acls.ACLContainer, error) {
|
2022-02-26 03:08:44 +08:00
|
|
|
var currentNetworkACL, err = FetchAllACLs(networkID)
|
2022-02-24 08:36:48 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-02-26 03:08:44 +08:00
|
|
|
for currentNodeID := range currentNetworkACL {
|
2022-02-26 00:06:03 +08:00
|
|
|
if NodeID(currentNodeID) != nodeID {
|
2022-02-26 03:08:44 +08:00
|
|
|
currentNetworkACL[currentNodeID].Remove(acls.AclID(nodeID))
|
2022-02-25 02:48:35 +08:00
|
|
|
}
|
2022-02-24 08:36:48 +08:00
|
|
|
}
|
2022-02-26 03:08:44 +08:00
|
|
|
delete(currentNetworkACL, acls.AclID(nodeID))
|
|
|
|
|
return currentNetworkACL.Save(acls.ContainerID(networkID))
|
2022-02-24 08:36:48 +08:00
|
|
|
}
|
