mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 15:26:04 +08:00
fixed default ACLs and peer update deletion logic
This commit is contained in:
parent
d19f292e6c
commit
d6f9d37be9
|
@ -908,7 +908,7 @@ func updateNode(w http.ResponseWriter, r *http.Request) {
|
|||
relayedUpdate = true
|
||||
}
|
||||
ifaceDelta := logic.IfaceDelta(¤tNode, newNode)
|
||||
|
||||
aclUpdate := currentNode.DefaultACL != newNode.DefaultACL
|
||||
if ifaceDelta && servercfg.Is_EE {
|
||||
if err = logic.EnterpriseResetAllPeersFailovers(currentNode.ID, currentNode.Network); err != nil {
|
||||
logger.Log(0, "failed to reset failover lists during node update for node", currentNode.ID.String(), currentNode.Network)
|
||||
|
@ -941,13 +941,17 @@ func updateNode(w http.ResponseWriter, r *http.Request) {
|
|||
logger.Log(1, r.Header.Get("user"), "updated node", currentNode.ID.String(), "on network", currentNode.Network)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
json.NewEncoder(w).Encode(apiNode)
|
||||
|
||||
runUpdates(newNode, ifaceDelta)
|
||||
go func() {
|
||||
go func(aclUpdate bool, newNode *models.Node) {
|
||||
if aclUpdate {
|
||||
if err := mq.PublishPeerUpdate(); err != nil {
|
||||
logger.Log(0, "error during node ACL update for node", newNode.ID.String())
|
||||
}
|
||||
}
|
||||
if err := mq.PublishReplaceDNS(¤tNode, newNode, host); err != nil {
|
||||
logger.Log(1, "failed to publish dns update", err.Error())
|
||||
}
|
||||
}()
|
||||
}(aclUpdate, newNode)
|
||||
}
|
||||
|
||||
// swagger:route DELETE /api/nodes/{network}/{nodeid} nodes deleteNode
|
||||
|
|
|
@ -3,7 +3,6 @@ package logic
|
|||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"net"
|
||||
"net/netip"
|
||||
|
||||
|
@ -137,10 +136,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|||
Peers: []wgtypes.PeerConfig{},
|
||||
NodePeers: []wgtypes.PeerConfig{},
|
||||
}
|
||||
var deletedNodes = []models.Node{} // used to track deleted nodes
|
||||
if deletedNode != nil {
|
||||
deletedNodes = append(deletedNodes, *deletedNode)
|
||||
}
|
||||
|
||||
logger.Log(1, "peer update for host", host.ID.String())
|
||||
peerIndexMap := make(map[string]int)
|
||||
for _, nodeID := range host.Nodes {
|
||||
|
@ -154,7 +150,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|||
}
|
||||
currentPeers, err := GetNetworkNodes(node.Network)
|
||||
if err != nil {
|
||||
log.Println("no network nodes")
|
||||
return models.HostPeerUpdate{}, err
|
||||
}
|
||||
var nodePeerMap map[string]models.PeerRouteInfo
|
||||
|
@ -168,10 +163,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|||
//skip yourself
|
||||
continue
|
||||
}
|
||||
if peer.Action == models.NODE_DELETE || peer.PendingDelete {
|
||||
deletedNodes = append(deletedNodes, peer) // track deleted node for peer update
|
||||
continue
|
||||
}
|
||||
var peerConfig wgtypes.PeerConfig
|
||||
peerHost, err := GetHost(peer.HostID.String())
|
||||
if err != nil {
|
||||
|
@ -179,16 +170,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|||
return models.HostPeerUpdate{}, err
|
||||
}
|
||||
|
||||
if !peer.Connected {
|
||||
logger.Log(2, "peer update, skipping unconnected node", peer.ID.String())
|
||||
//skip unconnected nodes
|
||||
continue
|
||||
}
|
||||
if !nodeacls.AreNodesAllowed(nodeacls.NetworkID(node.Network), nodeacls.NodeID(node.ID.String()), nodeacls.NodeID(peer.ID.String())) {
|
||||
logger.Log(2, "peer update, skipping node for acl")
|
||||
//skip if not permitted by acl
|
||||
continue
|
||||
}
|
||||
peerConfig.PublicKey = peerHost.PublicKey
|
||||
peerConfig.PersistentKeepaliveInterval = &peer.PersistentKeepalive
|
||||
peerConfig.ReplaceAllowedIPs = true
|
||||
|
@ -225,7 +206,14 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|||
if peer.IsEgressGateway {
|
||||
allowedips = append(allowedips, getEgressIPs(&node, &peer)...)
|
||||
}
|
||||
peerConfig.AllowedIPs = allowedips
|
||||
if peer.Action != models.NODE_DELETE &&
|
||||
!peer.PendingDelete &&
|
||||
peer.Connected &&
|
||||
nodeacls.AreNodesAllowed(nodeacls.NetworkID(node.Network), nodeacls.NodeID(node.ID.String()), nodeacls.NodeID(peer.ID.String())) &&
|
||||
(deletedNode == nil || (deletedNode != nil && peer.ID.String() != deletedNode.ID.String())) {
|
||||
peerConfig.AllowedIPs = allowedips // only append allowed IPs if valid connection
|
||||
}
|
||||
|
||||
if node.IsIngressGateway || node.IsEgressGateway {
|
||||
if peer.IsIngressGateway {
|
||||
_, extPeerIDAndAddrs, err := getExtPeers(&peer)
|
||||
|
@ -354,27 +342,22 @@ func GetPeerUpdateForHost(network string, host *models.Host, deletedNode *models
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
// run through delete nodes
|
||||
if len(deletedNodes) > 0 {
|
||||
for i := range deletedNodes {
|
||||
delNode := deletedNodes[i]
|
||||
delHost, err := GetHost(delNode.HostID.String())
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
if _, ok := hostPeerUpdate.HostPeerIDs[delHost.PublicKey.String()]; !ok {
|
||||
var peerConfig = wgtypes.PeerConfig{}
|
||||
peerConfig.PublicKey = delHost.PublicKey
|
||||
peerConfig.Endpoint = &net.UDPAddr{
|
||||
IP: delHost.EndpointIP,
|
||||
Port: GetPeerListenPort(delHost),
|
||||
}
|
||||
peerConfig.Remove = true
|
||||
peerConfig.AllowedIPs = []net.IPNet{delNode.Address, delNode.Address6}
|
||||
hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, peerConfig)
|
||||
}
|
||||
// == post peer calculations ==
|
||||
// indicate removal if no allowed IPs were calculated
|
||||
for i := range hostPeerUpdate.Peers {
|
||||
peer := hostPeerUpdate.Peers[i]
|
||||
if len(peer.AllowedIPs) == 0 {
|
||||
peer.Remove = true
|
||||
}
|
||||
hostPeerUpdate.Peers[i] = peer
|
||||
}
|
||||
|
||||
for i := range hostPeerUpdate.NodePeers {
|
||||
peer := hostPeerUpdate.NodePeers[i]
|
||||
if len(peer.AllowedIPs) == 0 {
|
||||
peer.Remove = true
|
||||
}
|
||||
hostPeerUpdate.NodePeers[i] = peer
|
||||
}
|
||||
|
||||
return hostPeerUpdate, nil
|
||||
|
|
Loading…
Reference in a new issue