mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-06 05:04:27 +08:00
fix update acl policy
This commit is contained in:
parent
940ed8b2f0
commit
5b49872d5d
4 changed files with 52 additions and 13 deletions
|
@ -16,6 +16,8 @@ import (
|
|||
func aclHandlers(r *mux.Router) {
|
||||
r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(getAcls))).
|
||||
Methods(http.MethodGet)
|
||||
r.HandleFunc("/api/v1/acls/policy_types", logic.SecurityCheck(true, http.HandlerFunc(getAclPolicyTypes))).
|
||||
Methods(http.MethodGet)
|
||||
r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(createAcl))).
|
||||
Methods(http.MethodPost)
|
||||
r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(updateAcl))).
|
||||
|
@ -25,6 +27,16 @@ func aclHandlers(r *mux.Router) {
|
|||
|
||||
}
|
||||
|
||||
// @Summary List Acl Policy types
|
||||
// @Router /api/v1/acls/policy_types [get]
|
||||
// @Tags ACL
|
||||
// @Accept json
|
||||
// @Success 200 {array} models.SuccessResponse
|
||||
// @Failure 500 {object} models.ErrorResponse
|
||||
func getAclPolicyTypes(w http.ResponseWriter, r *http.Request) {
|
||||
logic.ReturnSuccessResponseWithJson(w, r, nil, "fetched all acls in the network ")
|
||||
}
|
||||
|
||||
// @Summary List Acls in a network
|
||||
// @Router /api/v1/acls [get]
|
||||
// @Tags ACL
|
||||
|
@ -78,12 +90,17 @@ func createAcl(w http.ResponseWriter, r *http.Request) {
|
|||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
// check if acl exists
|
||||
|
||||
acl := req
|
||||
acl.GetID(req.NetworkID, req.Name)
|
||||
acl.CreatedBy = user.UserName
|
||||
acl.CreatedAt = time.Now().UTC()
|
||||
acl.Default = false
|
||||
if acl.RuleType == models.DevicePolicy {
|
||||
acl.AllowedDirection = models.TrafficDirectionBi
|
||||
} else {
|
||||
acl.AllowedDirection = models.TrafficDirectionUni
|
||||
}
|
||||
// validate create acl policy
|
||||
if !logic.IsAclPolicyValid(acl) {
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("invalid policy"), "badrequest"))
|
||||
|
@ -91,11 +108,15 @@ func createAcl(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
err = logic.InsertAcl(acl)
|
||||
if err != nil {
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
|
||||
logic.ReturnSuccessResponseWithJson(w, r, req, "created acl successfully")
|
||||
acl, err = logic.GetAcl(acl.ID)
|
||||
if err != nil {
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
return
|
||||
}
|
||||
logic.ReturnSuccessResponseWithJson(w, r, acl, "created acl successfully")
|
||||
}
|
||||
|
||||
// @Summary Update Acl
|
||||
|
@ -114,11 +135,15 @@ func updateAcl(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
acl, err := logic.GetAcl(updateAcl.Acl.ID)
|
||||
acl, err := logic.GetAcl(updateAcl.ID)
|
||||
if err != nil {
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
if acl.Default {
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("cannot update default policy"), "badrequest"))
|
||||
return
|
||||
}
|
||||
if !logic.IsAclPolicyValid(updateAcl.Acl) {
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("invalid policy"), "badrequest"))
|
||||
return
|
||||
|
@ -129,14 +154,14 @@ func updateAcl(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
if updateAcl.NewName != "" {
|
||||
//check if policy exists with same name
|
||||
id := models.FormatAclID(updateAcl.Acl.NetworkID, updateAcl.NewName)
|
||||
id := models.FormatAclID(updateAcl.NetworkID, updateAcl.NewName)
|
||||
_, err := logic.GetAcl(id)
|
||||
if err != nil {
|
||||
if err == nil {
|
||||
logic.ReturnErrorResponse(w, r,
|
||||
logic.FormatError(errors.New("policy already exists with name "+updateAcl.NewName), "badrequest"))
|
||||
return
|
||||
}
|
||||
updateAcl.Acl.ID = id
|
||||
updateAcl.ID = id
|
||||
updateAcl.Acl.Name = updateAcl.NewName
|
||||
}
|
||||
err = logic.UpdateAcl(updateAcl.Acl, acl)
|
||||
|
@ -164,9 +189,14 @@ func deleteAcl(w http.ResponseWriter, r *http.Request) {
|
|||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
if acl.Default {
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||
return
|
||||
}
|
||||
err = logic.DeleteAcl(acl)
|
||||
if err != nil {
|
||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
||||
logic.ReturnErrorResponse(w, r,
|
||||
logic.FormatError(errors.New("cannot delete default policy"), "internal"))
|
||||
return
|
||||
}
|
||||
logic.ReturnSuccessResponse(w, r, "deleted acl "+acl.Name)
|
||||
|
|
|
@ -157,6 +157,7 @@ func createTables() {
|
|||
CreateTable(USER_PERMISSIONS_TABLE_NAME)
|
||||
CreateTable(USER_INVITES_TABLE_NAME)
|
||||
CreateTable(TAG_TABLE_NAME)
|
||||
CreateTable(ACLS_TABLE_NAME)
|
||||
}
|
||||
|
||||
func CreateTable(tableName string) error {
|
||||
|
|
|
@ -83,6 +83,11 @@ func ValidateCreateAclReq(req models.Acl) error {
|
|||
if req.Name == "" {
|
||||
return errors.New("name is required")
|
||||
}
|
||||
req.GetID(req.NetworkID, req.Name)
|
||||
_, err = GetAcl(req.ID)
|
||||
if err == nil {
|
||||
return errors.New("acl exists already with name " + req.Name)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -193,14 +198,12 @@ func IsAclPolicyValid(acl models.Acl) bool {
|
|||
|
||||
// UpdateAcl - updates allowed fields on acls and commits to DB
|
||||
func UpdateAcl(newAcl, acl models.Acl) error {
|
||||
|
||||
acl.Name = newAcl.Name
|
||||
acl.Src = newAcl.Src
|
||||
acl.Dst = newAcl.Dst
|
||||
acl.AllowedDirection = newAcl.AllowedDirection
|
||||
acl.Enabled = newAcl.Enabled
|
||||
if acl.ID != newAcl.ID {
|
||||
database.DeleteRecord(acl.ID.String(), database.ACLS_TABLE_NAME)
|
||||
database.DeleteRecord(database.ACLS_TABLE_NAME, acl.ID.String())
|
||||
acl.ID = newAcl.ID
|
||||
}
|
||||
d, err := json.Marshal(acl)
|
||||
|
|
|
@ -56,10 +56,15 @@ func (g AclGroupType) String() string {
|
|||
}
|
||||
|
||||
type UpdateAclRequest struct {
|
||||
Acl Acl
|
||||
Acl
|
||||
NewName string `json:"new_name"`
|
||||
}
|
||||
|
||||
type AclPolicy struct {
|
||||
TypeID AclPolicyType
|
||||
PrefixTagUser AclGroupType
|
||||
}
|
||||
|
||||
type Acl struct {
|
||||
ID AclID `json:"id"`
|
||||
Default bool `json:"default"`
|
||||
|
|
Loading…
Add table
Reference in a new issue