mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-04 04:04:17 +08:00
NET-1932: handle non-inet egress ranges on inet gw (#3479)
* move relevant acl and tag code to CE and Pro pkgs * intialise pro acl funcs * list gateways by user access * check user gw access by policies * filter out user policies on CE * filter out tagged policies on CE * fix ce acl comms * allow gateways tag * allow gateway tag on CE, remove failover and gw check on acl policy * add gw rules func to pro * add inet gw support on CE * add egress acl API * add egress acl API * fix(go): set is_gw when converting api node to server node; * fix(go): set is_gw when converting api node to server node; * fix policy validity checker for inet gws * move dns option to host model * fix node removal from egress policy on delete * add migration logic for ManageDNS * fix dns json field * fix nil error on node tags * add egress info to relayed nodes * fix default network user policy * fix egress migration * fix egress migration * add failover inet gw check * optiomise egress calls * auto create gw on inet egress node * optimise egress calls * add global user role check * fix egress on inet gw --------- Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
This commit is contained in:
parent
3bae08797f
commit
599a9c6f4a
5 changed files with 18 additions and 11 deletions
|
@ -50,8 +50,11 @@ func userMiddleWare(handler http.Handler) http.Handler {
|
|||
if strings.Contains(route, "createrelay") || strings.Contains(route, "deleterelay") {
|
||||
r.Header.Set("TARGET_RSRC", models.RelayRsrc.String())
|
||||
}
|
||||
|
||||
if strings.Contains(route, "gateway") {
|
||||
r.Header.Set("TARGET_RSRC", models.GatewayRsrc.String())
|
||||
}
|
||||
|
||||
if strings.Contains(route, "egress") {
|
||||
r.Header.Set("TARGET_RSRC", models.EgressGwRsrc.String())
|
||||
}
|
||||
if strings.Contains(route, "networks") {
|
||||
|
|
|
@ -81,12 +81,19 @@ func GetEgressRangesOnNetwork(client *models.ExtClient) ([]string, error) {
|
|||
continue
|
||||
}
|
||||
GetNodeEgressInfo(¤tNode, eli)
|
||||
if currentNode.EgressDetails.IsInternetGateway && client.IngressGatewayID != currentNode.ID.String() {
|
||||
continue
|
||||
}
|
||||
if currentNode.EgressDetails.IsEgressGateway { // add the egress gateway range(s) to the result
|
||||
if len(currentNode.EgressDetails.EgressGatewayRanges) > 0 {
|
||||
result = append(result, currentNode.EgressDetails.EgressGatewayRanges...)
|
||||
if currentNode.EgressDetails.IsInternetGateway && client.IngressGatewayID != currentNode.ID.String() {
|
||||
for _, rangeI := range currentNode.EgressDetails.EgressGatewayRanges {
|
||||
if rangeI == "0.0.0.0/0" || rangeI == "::/0" {
|
||||
continue
|
||||
} else {
|
||||
result = append(result, rangeI)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
result = append(result, currentNode.EgressDetails.EgressGatewayRanges...)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -186,12 +186,9 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
|
|||
}
|
||||
defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
|
||||
defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
|
||||
anyActiveEgressPolicy := CheckIfAnyActiveEgressPolicy(node)
|
||||
nodeHasAccessToAllRsrcs := CheckIfNodeHasAccessToAllResources(&node)
|
||||
anyUniDirectionPolicy := CheckIfAnyPolicyisUniDirectional(node)
|
||||
if (defaultDevicePolicy.Enabled && defaultUserPolicy.Enabled) ||
|
||||
(!anyUniDirectionPolicy && !anyActiveEgressPolicy) ||
|
||||
nodeHasAccessToAllRsrcs {
|
||||
(!CheckIfAnyPolicyisUniDirectional(node) && !CheckIfAnyActiveEgressPolicy(node)) ||
|
||||
CheckIfNodeHasAccessToAllResources(&node) {
|
||||
aclRule := models.AclRule{
|
||||
ID: fmt.Sprintf("%s-allowed-network-rules", node.ID.String()),
|
||||
AllowedProtocol: models.ALL,
|
||||
|
|
|
@ -65,6 +65,7 @@ const (
|
|||
HostRsrc RsrcType = "hosts"
|
||||
RelayRsrc RsrcType = "relays"
|
||||
RemoteAccessGwRsrc RsrcType = "remote_access_gw"
|
||||
GatewayRsrc RsrcType = "gateways"
|
||||
ExtClientsRsrc RsrcType = "extclients"
|
||||
InetGwRsrc RsrcType = "inet_gw"
|
||||
EgressGwRsrc RsrcType = "egress"
|
||||
|
|
|
@ -761,7 +761,6 @@ func GetUserRAGNodes(user models.User) (gws map[string]models.Node) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
return
|
||||
|
|
Loading…
Add table
Reference in a new issue