gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-11-18 16:08:44 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3423 from gravitl/release-v0.90.0

Browse source 
Release v0.90.0
This commit is contained in:
Abhishek K 2025-04-14 15:25:10 +04:00 committed by GitHub
commit 7e741b3624
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 258 additions and 106 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
controllers/network.go
View file

@ -436,7 +436,7 @@ func getNetworkACL(w http.ResponseWriter, r *http.Request) {
// @Security oauth
// @Param networkname path string true "Network name"
// @Produce json
// @Success 200 {object} acls.SuccessResponse
// @Success 200 {object} models.SuccessResponse
// @Failure 500 {object} models.ErrorResponse
func getNetworkEgressRoutes(w http.ResponseWriter, r *http.Request) {
var params = mux.Vars(r)
@ -627,6 +627,10 @@ func createNetwork(w http.ResponseWriter, r *http.Request) {
logic.CreateFailOver(*newNode)
// make host remote access gateway
logic.CreateIngressGateway(network.NetID, newNode.ID.String(), models.IngressRequest{})
logic.CreateRelay(models.RelayRequest{
NodeID: newNode.ID.String(),
NetID: network.NetID,
})
}
// send peer updates
if err = mq.PublishPeerUpdate(false); err != nil {

47
logic/acls.go
View file

@ -1334,6 +1334,51 @@ func getUserAclRulesForNode(targetnode *models.Node,
return rules
}
func checkIfAnyActiveEgressPolicy(targetNode models.Node) bool {
if !targetNode.IsEgressGateway {
return false
}
var targetNodeTags = make(map[models.TagID]struct{})
if targetNode.Mutex != nil {
targetNode.Mutex.Lock()
targetNodeTags = maps.Clone(targetNode.Tags)
targetNode.Mutex.Unlock()
} else {
targetNodeTags = maps.Clone(targetNode.Tags)
}
if targetNodeTags == nil {
targetNodeTags = make(map[models.TagID]struct{})
}
targetNodeTags[models.TagID(targetNode.ID.String())] = struct{}{}
targetNodeTags["*"] = struct{}{}
acls, _ := ListAclsByNetwork(models.NetworkID(targetNode.Network))
for _, acl := range acls {
if !acl.Enabled {
continue
}
srcTags := convAclTagToValueMap(acl.Src)
dstTags := convAclTagToValueMap(acl.Dst)
for nodeTag := range targetNodeTags {
if acl.RuleType == models.DevicePolicy {
if _, ok := srcTags[nodeTag.String()]; ok {
return true
}
if _, ok := srcTags[targetNode.ID.String()]; ok {
return true
}
}
if _, ok := dstTags[nodeTag.String()]; ok {
return true
}
if _, ok := dstTags[targetNode.ID.String()]; ok {
return true
}
}
}
return false
}
func checkIfAnyPolicyisUniDirectional(targetNode models.Node) bool {
var targetNodeTags = make(map[models.TagID]struct{})
if targetNode.Mutex != nil {
@ -1617,7 +1662,7 @@ func GetEgressRulesForNode(targetnode models.Node) (rules map[string]models.AclR
/*
if target node is egress gateway
if acl policy has egress route and it is present in target node egress ranges
fetches all the nodes in that policy and add rules
fetch all the nodes in that policy and add rules
*/
for _, rangeI := range targetnode.EgressGatewayRanges {

2
logic/peers.go
View file

@ -204,7 +204,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
if (defaultDevicePolicy.Enabled && defaultUserPolicy.Enabled) || !checkIfAnyPolicyisUniDirectional(node) {
if (defaultDevicePolicy.Enabled && defaultUserPolicy.Enabled) || (!checkIfAnyPolicyisUniDirectional(node) && !checkIfAnyActiveEgressPolicy(node)) {
if node.NetworkRange.IP != nil {
hostPeerUpdate.FwUpdate.AllowedNetworks = append(hostPeerUpdate.FwUpdate.AllowedNetworks, node.NetworkRange)
}

309
swagger.yaml
View file

@ -1,7 +1,6 @@
definitions:
acls.ACL:
additionalProperties:
format: int32
type: integer
type: object
acls.ACLContainer:
@ -56,15 +55,15 @@ definitions:
type: string
egressesLimit:
type: integer
email_sender_addr:
emailSenderAddr:
type: string
email_sender_password:
emailSenderPassword:
type: string
email_sender_user:
emailSenderUser:
type: string
emqxRestEndpoint:
type: string
endpoint_detection:
endpointDetection:
type: boolean
environment:
type: string
@ -91,6 +90,8 @@ definitions:
type: string
metricsExporter:
type: string
metricsPort:
type: integer
mqpassword:
type: string
mquserName:
@ -115,15 +116,17 @@ definitions:
type: string
racAutoDisable:
type: boolean
racRestrictToSingleNetwork:
type: boolean
restBackend:
type: string
server:
type: string
serverBrokerEndpoint:
type: string
smtp_host:
smtpHost:
type: string
smtp_port:
smtpPort:
type: integer
sqlconn:
type: string
@ -200,6 +203,14 @@ definitions:
allOf:
- $ref: '#/definitions/models.AllowedTrafficDirection'
description: single or two-way
dst:
items:
$ref: '#/definitions/net.IPNet'
type: array
dst6:
items:
$ref: '#/definitions/net.IPNet'
type: array
id:
type: string
ip_list:
@ -306,6 +317,10 @@ definitions:
items:
type: string
type: array
egressgatewayranges_with_metric:
items:
$ref: '#/definitions/models.EgressRangeMetric'
type: array
expdatetime:
format: int64
type: integer
@ -424,9 +439,17 @@ definitions:
items:
type: string
type: array
ranges_with_metric:
items:
$ref: '#/definitions/models.EgressRangeMetric'
type: array
type: object
models.EgressInfo:
properties:
egress_fw_rules:
additionalProperties:
$ref: '#/definitions/models.AclRule'
type: object
egress_gateway_cfg:
$ref: '#/definitions/models.EgressGatewayRequest'
egress_gw_addr:
@ -450,10 +473,26 @@ definitions:
items:
type: string
type: array
egress_ranges_metric:
items:
$ref: '#/definitions/models.EgressRangeMetric'
type: array
network:
type: string
node_addr:
$ref: '#/definitions/net.IPNet'
node_addr6:
$ref: '#/definitions/net.IPNet'
peer_key:
type: string
type: object
models.EgressRangeMetric:
properties:
network:
type: string
route_metric:
description: preffered range 1-999
type: integer
type: object
models.EnrollmentKey:
properties:
@ -687,6 +726,7 @@ definitions:
models.HostMqAction:
enum:
- UPGRADE
- FORCE_UPGRADE
- SIGNAL_HOST
- UPDATE_HOST
- DELETE_HOST
@ -701,6 +741,7 @@ definitions:
type: string
x-enum-varnames:
- Upgrade
- ForceUpgrade
- SignalHost
- UpdateHost
- DeleteHost
@ -724,6 +765,8 @@ definitions:
type: boolean
listen_port:
type: integer
version:
type: string
type: object
models.HostPull:
properties:
@ -821,8 +864,6 @@ definitions:
type: object
models.IngressInfo:
properties:
allow_all:
type: boolean
egress_ranges:
items:
$ref: '#/definitions/net.IPNet'
@ -933,6 +974,10 @@ definitions:
type: string
defaultudpholepunch:
type: string
dns_nameservers:
items:
type: string
type: array
isipv4:
type: string
isipv6:
@ -1013,6 +1058,8 @@ definitions:
type: string
is_fail_over:
type: boolean
is_gw:
type: boolean
is_static:
type: boolean
is_user_node:
@ -1090,6 +1137,7 @@ definitions:
- warning
- error
- unknown
- disconnected
type: string
x-enum-varnames:
- OnlineSt
@ -1097,6 +1145,7 @@ definitions:
- WarningSt
- ErrorSt
- UnKnown
- Disconnected
models.PeerMap:
additionalProperties:
$ref: '#/definitions/models.IDandAddr'
@ -1120,17 +1169,6 @@ definitions:
server_config:
$ref: '#/definitions/models.ServerConfig'
type: object
models.RelayRequest:
properties:
netid:
type: string
nodeid:
type: string
relayaddrs:
items:
type: string
type: array
type: object
models.ReturnUser:
properties:
auth_type:
@ -1194,10 +1232,14 @@ definitions:
type: string
dnsmode:
type: string
endpointDetection:
type: boolean
manageDNS:
type: boolean
metricInterval:
type: string
metricsPort:
type: integer
mqpassword:
type: string
mqport:
@ -1293,7 +1335,6 @@ definitions:
type: object
type: object
username:
maxLength: 40
minLength: 3
type: string
required:
@ -1308,12 +1349,16 @@ definitions:
type: object
models.UserRemoteGws:
properties:
addresses:
type: string
allowed_endpoints:
items:
type: string
type: array
connected:
type: boolean
dns_address:
type: string
gw_client:
$ref: '#/definitions/models.ExtClient'
gw_listen_port:
@ -1334,6 +1379,8 @@ definitions:
type: array
remote_access_gw_id:
type: string
status:
$ref: '#/definitions/models.NodeStatus'
type: object
models.UserRoleID:
enum:
@ -1390,7 +1437,6 @@ definitions:
mask:
description: network mask
items:
format: int32
type: integer
type: array
type: object
@ -1427,7 +1473,6 @@ definitions:
for this peer, if not nil.
A non-nil value of 0 will clear the persistent keepalive interval.
format: int64
type: integer
presharedKey:
description: |-
@ -1826,6 +1871,28 @@ paths:
summary: Get the current public IP address.
tags:
- IP Service
/api/host/{hostid}/peer_info:
get:
parameters:
- description: Host ID
in: path
name: hostid
required: true
type: string
responses:
"200":
description: OK
schema:
$ref: '#/definitions/models.SuccessResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/models.ErrorResponse'
security:
- oauth: []
summary: Fetches host peerinfo
tags:
- Hosts
/api/hosts:
get:
responses:
@ -2006,6 +2073,10 @@ paths:
name: hostid
required: true
type: string
- description: Force upgrade
in: query
name: force
type: boolean
responses:
"200":
description: passed message to upgrade host
@ -2067,6 +2138,35 @@ paths:
summary: Update keys for all hosts
tags:
- Hosts
/api/hosts/sync:
post:
responses:
"200":
description: sync all hosts request received
schema:
type: string
security:
- oauth: []
summary: Requests all the hosts to pull
tags:
- Hosts
/api/hosts/upgrade:
post:
parameters:
- description: Force upgrade
in: query
name: force
type: boolean
responses:
"200":
description: upgrade all hosts request received
schema:
type: string
security:
- oauth: []
summary: Requests all the hosts to upgrade their version
tags:
- Hosts
/api/networks:
get:
produces:
@ -2117,6 +2217,10 @@ paths:
name: networkname
required: true
type: string
- description: Force Delete
in: query
name: force
type: boolean
produces:
- application/json
responses:
@ -2280,6 +2384,30 @@ paths:
summary: Update a network ACL (Access Control List)
tags:
- Networks
/api/networks/{networkname}/egress_routes:
get:
parameters:
- description: Network name
in: path
name: networkname
required: true
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/models.SuccessResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/models.ErrorResponse'
security:
- oauth: []
summary: Get a network Egress routes
tags:
- Networks
/api/nodes:
get:
responses:
@ -2358,61 +2486,6 @@ paths:
summary: Create an egress gateway
tags:
- Nodes
/api/nodes/{network}/{nodeid}/createingress:
post:
responses:
"200":
description: OK
schema:
$ref: '#/definitions/models.ApiNode'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/models.ErrorResponse'
security:
- oauth2: []
summary: Create an remote access gateway
tags:
- Nodes
/api/nodes/{network}/{nodeid}/createrelay:
post:
consumes:
- application/json
parameters:
- description: Network ID
in: path
name: network
required: true
type: string
- description: Node ID
in: path
name: nodeid
required: true
type: string
- description: Relay request parameters
in: body
name: body
required: true
schema:
$ref: '#/definitions/models.RelayRequest'
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/models.ApiNode'
"400":
description: Bad Request
schema:
$ref: '#/definitions/models.ErrorResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/models.ErrorResponse'
summary: Create a relay
tags:
- PRO
/api/nodes/{network}/{nodeid}/deletegateway:
delete:
responses:
@ -2429,7 +2502,7 @@ paths:
summary: Delete an egress gateway
tags:
- Nodes
/api/nodes/{network}/{nodeid}/deleteingress:
/api/nodes/{network}/{nodeid}/gateway:
delete:
responses:
"200":
@ -2442,42 +2515,24 @@ paths:
$ref: '#/definitions/models.ErrorResponse'
security:
- oauth2: []
summary: Delete an remote access gateway
summary: Delete a gateway
tags:
- Nodes
/api/nodes/{network}/{nodeid}/deleterelay:
delete:
consumes:
- application/json
parameters:
- description: Network ID
in: path
name: network
required: true
type: string
- description: Node ID
in: path
name: nodeid
required: true
type: string
produces:
- application/json
post:
responses:
"200":
description: OK
schema:
$ref: '#/definitions/models.ApiNode'
"400":
description: Bad Request
schema:
$ref: '#/definitions/models.ErrorResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/models.ErrorResponse'
summary: Remove a relay
security:
- oauth2: []
summary: Create a gateway
tags:
- PRO
- Nodes
/api/nodes/{network}/{nodeid}/inet_gw:
delete:
parameters:
@ -3425,6 +3480,38 @@ paths:
summary: Create failover node
tags:
- PRO
/api/v1/node/{nodeid}/failover_check:
get:
consumes:
- application/json
parameters:
- description: Node ID
in: path
name: nodeid
required: true
type: string
- description: Failover request
in: body
name: body
required: true
schema:
$ref: '#/definitions/models.FailOverMeReq'
responses:
"200":
description: OK
schema:
$ref: '#/definitions/models.SuccessResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/models.ErrorResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/models.ErrorResponse'
summary: checkfailOverCtx
tags:
- PRO
/api/v1/node/{nodeid}/failover_me:
post:
consumes:
@ -3457,6 +3544,22 @@ paths:
summary: Failover me
tags:
- PRO
/api/v1/nodes/{network}/status:
get:
responses:
"200":
description: OK
schema:
items:
$ref: '#/definitions/models.ApiNode'
type: array
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/models.ErrorResponse'
summary: Get all nodes status on the network
tags:
- Nodes
/api/v1/tags:
delete:
consumes: