gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-10 07:05:28 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix update acl policy

Browse source
This commit is contained in:
abhishek9686 2024-09-26 21:00:04 +04:00
parent 940ed8b2f0
commit 5b49872d5d
4 changed files with 52 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
controllers/acls.go
View file

@ -16,6 +16,8 @@ import (
func aclHandlers(r *mux.Router) { func aclHandlers(r *mux.Router) {
r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(getAcls))). r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(getAcls))).
Methods(http.MethodGet) Methods(http.MethodGet)
r.HandleFunc("/api/v1/acls/policy_types", logic.SecurityCheck(true, http.HandlerFunc(getAclPolicyTypes))).
Methods(http.MethodGet)
r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(createAcl))). r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(createAcl))).
Methods(http.MethodPost) Methods(http.MethodPost)
r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(updateAcl))). r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(updateAcl))).
@ -25,6 +27,16 @@ func aclHandlers(r *mux.Router) {
} }
// @Summary List Acl Policy types
// @Router /api/v1/acls/policy_types [get]
// @Tags ACL
// @Accept json
// @Success 200 {array} models.SuccessResponse
// @Failure 500 {object} models.ErrorResponse
func getAclPolicyTypes(w http.ResponseWriter, r *http.Request) {
logic.ReturnSuccessResponseWithJson(w, r, nil, "fetched all acls in the network ")
}
// @Summary List Acls in a network // @Summary List Acls in a network
// @Router /api/v1/acls [get] // @Router /api/v1/acls [get]
// @Tags ACL // @Tags ACL
@ -78,12 +90,17 @@ func createAcl(w http.ResponseWriter, r *http.Request) {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return return
} }
// check if acl exists
acl := req acl := req
acl.GetID(req.NetworkID, req.Name) acl.GetID(req.NetworkID, req.Name)
acl.CreatedBy = user.UserName acl.CreatedBy = user.UserName
acl.CreatedAt = time.Now().UTC() acl.CreatedAt = time.Now().UTC()
acl.Default = false acl.Default = false
if acl.RuleType == models.DevicePolicy {
acl.AllowedDirection = models.TrafficDirectionBi
} else {
acl.AllowedDirection = models.TrafficDirectionUni
}
// validate create acl policy // validate create acl policy
if !logic.IsAclPolicyValid(acl) { if !logic.IsAclPolicyValid(acl) {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("invalid policy"), "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("invalid policy"), "badrequest"))
@ -91,11 +108,15 @@ func createAcl(w http.ResponseWriter, r *http.Request) {
} }
err = logic.InsertAcl(acl) err = logic.InsertAcl(acl)
if err != nil { if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return return
} }
acl, err = logic.GetAcl(acl.ID)
logic.ReturnSuccessResponseWithJson(w, r, req, "created acl successfully") if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return
}
logic.ReturnSuccessResponseWithJson(w, r, acl, "created acl successfully")
} }
// @Summary Update Acl // @Summary Update Acl
@ -114,11 +135,15 @@ func updateAcl(w http.ResponseWriter, r *http.Request) {
return return
} }
acl, err := logic.GetAcl(updateAcl.Acl.ID) acl, err := logic.GetAcl(updateAcl.ID)
if err != nil { if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return return
} }
if acl.Default {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("cannot update default policy"), "badrequest"))
return
}
if !logic.IsAclPolicyValid(updateAcl.Acl) { if !logic.IsAclPolicyValid(updateAcl.Acl) {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("invalid policy"), "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("invalid policy"), "badrequest"))
return return
@ -129,14 +154,14 @@ func updateAcl(w http.ResponseWriter, r *http.Request) {
} }
if updateAcl.NewName != "" { if updateAcl.NewName != "" {
//check if policy exists with same name //check if policy exists with same name
id := models.FormatAclID(updateAcl.Acl.NetworkID, updateAcl.NewName) id := models.FormatAclID(updateAcl.NetworkID, updateAcl.NewName)
_, err := logic.GetAcl(id) _, err := logic.GetAcl(id)
if err != nil { if err == nil {
logic.ReturnErrorResponse(w, r, logic.ReturnErrorResponse(w, r,
logic.FormatError(errors.New("policy already exists with name "+updateAcl.NewName), "badrequest")) logic.FormatError(errors.New("policy already exists with name "+updateAcl.NewName), "badrequest"))
return return
} }
updateAcl.Acl.ID = id updateAcl.ID = id
updateAcl.Acl.Name = updateAcl.NewName updateAcl.Acl.Name = updateAcl.NewName
} }
err = logic.UpdateAcl(updateAcl.Acl, acl) err = logic.UpdateAcl(updateAcl.Acl, acl)
@ -164,9 +189,14 @@ func deleteAcl(w http.ResponseWriter, r *http.Request) {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return return
} }
if acl.Default {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
err = logic.DeleteAcl(acl) err = logic.DeleteAcl(acl)
if err != nil { if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) logic.ReturnErrorResponse(w, r,
logic.FormatError(errors.New("cannot delete default policy"), "internal"))
return return
} }
logic.ReturnSuccessResponse(w, r, "deleted acl "+acl.Name) logic.ReturnSuccessResponse(w, r, "deleted acl "+acl.Name)

1
database/database.go
View file

@ -157,6 +157,7 @@ func createTables() {
CreateTable(USER_PERMISSIONS_TABLE_NAME) CreateTable(USER_PERMISSIONS_TABLE_NAME)
CreateTable(USER_INVITES_TABLE_NAME) CreateTable(USER_INVITES_TABLE_NAME)
CreateTable(TAG_TABLE_NAME) CreateTable(TAG_TABLE_NAME)
CreateTable(ACLS_TABLE_NAME)
} }
func CreateTable(tableName string) error { func CreateTable(tableName string) error {

9
logic/acls.go
View file

@ -83,6 +83,11 @@ func ValidateCreateAclReq(req models.Acl) error {
if req.Name == "" { if req.Name == "" {
return errors.New("name is required") return errors.New("name is required")
} }
req.GetID(req.NetworkID, req.Name)
_, err = GetAcl(req.ID)
if err == nil {
return errors.New("acl exists already with name " + req.Name)
}
return nil return nil
} }
@ -193,14 +198,12 @@ func IsAclPolicyValid(acl models.Acl) bool {
// UpdateAcl - updates allowed fields on acls and commits to DB // UpdateAcl - updates allowed fields on acls and commits to DB
func UpdateAcl(newAcl, acl models.Acl) error { func UpdateAcl(newAcl, acl models.Acl) error {
acl.Name = newAcl.Name acl.Name = newAcl.Name
acl.Src = newAcl.Src acl.Src = newAcl.Src
acl.Dst = newAcl.Dst acl.Dst = newAcl.Dst
acl.AllowedDirection = newAcl.AllowedDirection
acl.Enabled = newAcl.Enabled acl.Enabled = newAcl.Enabled
if acl.ID != newAcl.ID { if acl.ID != newAcl.ID {
database.DeleteRecord(acl.ID.String(), database.ACLS_TABLE_NAME) database.DeleteRecord(database.ACLS_TABLE_NAME, acl.ID.String())
acl.ID = newAcl.ID acl.ID = newAcl.ID
} }
d, err := json.Marshal(acl) d, err := json.Marshal(acl)

7
models/acl.go
View file

@ -56,10 +56,15 @@ func (g AclGroupType) String() string {
} }
type UpdateAclRequest struct { type UpdateAclRequest struct {
Acl Acl Acl
NewName string `json:"new_name"` NewName string `json:"new_name"`
} }
type AclPolicy struct {
TypeID AclPolicyType
PrefixTagUser AclGroupType
}
type Acl struct { type Acl struct {
ID AclID `json:"id"` ID AclID `json:"id"`
Default bool `json:"default"` Default bool `json:"default"`