diff --git a/controllers/acls.go b/controllers/acls.go index 3bdfa6cf..18ad9d19 100644 --- a/controllers/acls.go +++ b/controllers/acls.go @@ -16,6 +16,8 @@ import ( func aclHandlers(r *mux.Router) { r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(getAcls))). Methods(http.MethodGet) + r.HandleFunc("/api/v1/acls/policy_types", logic.SecurityCheck(true, http.HandlerFunc(getAclPolicyTypes))). + Methods(http.MethodGet) r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(createAcl))). Methods(http.MethodPost) r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(updateAcl))). @@ -25,6 +27,16 @@ func aclHandlers(r *mux.Router) { } +// @Summary List Acl Policy types +// @Router /api/v1/acls/policy_types [get] +// @Tags ACL +// @Accept json +// @Success 200 {array} models.SuccessResponse +// @Failure 500 {object} models.ErrorResponse +func getAclPolicyTypes(w http.ResponseWriter, r *http.Request) { + logic.ReturnSuccessResponseWithJson(w, r, nil, "fetched all acls in the network ") +} + // @Summary List Acls in a network // @Router /api/v1/acls [get] // @Tags ACL @@ -78,12 +90,17 @@ func createAcl(w http.ResponseWriter, r *http.Request) { logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) return } - // check if acl exists + acl := req acl.GetID(req.NetworkID, req.Name) acl.CreatedBy = user.UserName acl.CreatedAt = time.Now().UTC() acl.Default = false + if acl.RuleType == models.DevicePolicy { + acl.AllowedDirection = models.TrafficDirectionBi + } else { + acl.AllowedDirection = models.TrafficDirectionUni + } // validate create acl policy if !logic.IsAclPolicyValid(acl) { logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("invalid policy"), "badrequest")) @@ -91,11 +108,15 @@ func createAcl(w http.ResponseWriter, r *http.Request) { } err = logic.InsertAcl(acl) if err != nil { - logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) + logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) return } - - logic.ReturnSuccessResponseWithJson(w, r, req, "created acl successfully") + acl, err = logic.GetAcl(acl.ID) + if err != nil { + logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) + return + } + logic.ReturnSuccessResponseWithJson(w, r, acl, "created acl successfully") } // @Summary Update Acl @@ -114,11 +135,15 @@ func updateAcl(w http.ResponseWriter, r *http.Request) { return } - acl, err := logic.GetAcl(updateAcl.Acl.ID) + acl, err := logic.GetAcl(updateAcl.ID) if err != nil { logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) return } + if acl.Default { + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("cannot update default policy"), "badrequest")) + return + } if !logic.IsAclPolicyValid(updateAcl.Acl) { logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("invalid policy"), "badrequest")) return @@ -129,14 +154,14 @@ func updateAcl(w http.ResponseWriter, r *http.Request) { } if updateAcl.NewName != "" { //check if policy exists with same name - id := models.FormatAclID(updateAcl.Acl.NetworkID, updateAcl.NewName) + id := models.FormatAclID(updateAcl.NetworkID, updateAcl.NewName) _, err := logic.GetAcl(id) - if err != nil { + if err == nil { logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("policy already exists with name "+updateAcl.NewName), "badrequest")) return } - updateAcl.Acl.ID = id + updateAcl.ID = id updateAcl.Acl.Name = updateAcl.NewName } err = logic.UpdateAcl(updateAcl.Acl, acl) @@ -164,9 +189,14 @@ func deleteAcl(w http.ResponseWriter, r *http.Request) { logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) return } + if acl.Default { + logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) + return + } err = logic.DeleteAcl(acl) if err != nil { - logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) + logic.ReturnErrorResponse(w, r, + logic.FormatError(errors.New("cannot delete default policy"), "internal")) return } logic.ReturnSuccessResponse(w, r, "deleted acl "+acl.Name) diff --git a/database/database.go b/database/database.go index 5bd68499..6590e006 100644 --- a/database/database.go +++ b/database/database.go @@ -157,6 +157,7 @@ func createTables() { CreateTable(USER_PERMISSIONS_TABLE_NAME) CreateTable(USER_INVITES_TABLE_NAME) CreateTable(TAG_TABLE_NAME) + CreateTable(ACLS_TABLE_NAME) } func CreateTable(tableName string) error { diff --git a/logic/acls.go b/logic/acls.go index 54ca4dae..2ad042c0 100644 --- a/logic/acls.go +++ b/logic/acls.go @@ -83,6 +83,11 @@ func ValidateCreateAclReq(req models.Acl) error { if req.Name == "" { return errors.New("name is required") } + req.GetID(req.NetworkID, req.Name) + _, err = GetAcl(req.ID) + if err == nil { + return errors.New("acl exists already with name " + req.Name) + } return nil } @@ -193,14 +198,12 @@ func IsAclPolicyValid(acl models.Acl) bool { // UpdateAcl - updates allowed fields on acls and commits to DB func UpdateAcl(newAcl, acl models.Acl) error { - acl.Name = newAcl.Name acl.Src = newAcl.Src acl.Dst = newAcl.Dst - acl.AllowedDirection = newAcl.AllowedDirection acl.Enabled = newAcl.Enabled if acl.ID != newAcl.ID { - database.DeleteRecord(acl.ID.String(), database.ACLS_TABLE_NAME) + database.DeleteRecord(database.ACLS_TABLE_NAME, acl.ID.String()) acl.ID = newAcl.ID } d, err := json.Marshal(acl) diff --git a/models/acl.go b/models/acl.go index acd1decb..a8f8c0a9 100644 --- a/models/acl.go +++ b/models/acl.go @@ -56,10 +56,15 @@ func (g AclGroupType) String() string { } type UpdateAclRequest struct { - Acl Acl + Acl NewName string `json:"new_name"` } +type AclPolicy struct { + TypeID AclPolicyType + PrefixTagUser AclGroupType +} + type Acl struct { ID AclID `json:"id"` Default bool `json:"default"`