mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-30 08:54:25 +08:00
check for custom all policies
This commit is contained in:
abhishek9686
parent
42b8a03660
commit
df3662f0cc
1 changed files with 21 additions and 9 deletions
|
|
@ -54,10 +54,6 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
|
|||
ID: models.UserAclID,
|
||||
Value: "*",
|
||||
},
|
||||
{
|
||||
ID: models.UserGroupAclID,
|
||||
Value: "*",
|
||||
},
|
||||
},
|
||||
Dst: []models.AclPolicyTag{{
|
||||
ID: models.DeviceAclID,
|
||||
|
|
@ -285,6 +281,27 @@ func GetDefaultPolicy(netID models.NetworkID, ruleType models.AclPolicyType) (mo
|
|||
if err != nil {
|
||||
return models.Acl{}, errors.New("default rule not found")
|
||||
}
|
||||
if acl.Enabled {
|
||||
return acl, nil
|
||||
}
|
||||
// check if there are any custom all policies
|
||||
policies, _ := ListAcls(netID)
|
||||
for _, policy := range policies {
|
||||
if !policy.Enabled {
|
||||
continue
|
||||
}
|
||||
if policy.RuleType == ruleType {
|
||||
dstMap := convAclTagToValueMap(policy.Dst)
|
||||
srcMap := convAclTagToValueMap(policy.Dst)
|
||||
if _, ok := srcMap["*"]; ok {
|
||||
if _, ok := dstMap["*"]; ok {
|
||||
return policy, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return acl, nil
|
||||
}
|
||||
|
||||
|
|
@ -467,11 +484,6 @@ func IsNodeAllowedToCommunicate(node, peer models.Node) bool {
|
|||
// fmt.Printf("\n======> DSTMAP: %+v\n", dstMap)
|
||||
// fmt.Printf("\n======> node Tags: %+v\n", node.Tags)
|
||||
// fmt.Printf("\n======> peer Tags: %+v\n", peer.Tags)
|
||||
if _, ok := srcMap["*"]; ok {
|
||||
if _, ok := dstMap["*"]; ok {
|
||||
return true
|
||||
}
|
||||
}
|
||||
for tagID := range node.Tags {
|
||||
if _, ok := dstMap[tagID.String()]; ok {
|
||||
if _, ok := srcMap["*"]; ok {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue