mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 23:36:18 +08:00
Merge pull request #912 from gravitl/feature_v0.12.1_default_acl
Feature v0.12.1 default acl
This commit is contained in:
commit
ef0d34c119
|
@ -235,8 +235,13 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
extclient.IngressGatewayEndpoint = node.Endpoint + ":" + strconv.FormatInt(int64(node.ListenPort), 10)
|
||||
// TODO, could rely on network template as well in future
|
||||
|
||||
extclient.Enabled = true
|
||||
parentNetwork, err := logic.GetNetwork(networkName)
|
||||
if err == nil { // check if parent network default ACL is enabled (yes) or not (no)
|
||||
extclient.Enabled = parentNetwork.DefaultACL == "yes"
|
||||
}
|
||||
|
||||
err = json.NewDecoder(r.Body).Decode(&extclient)
|
||||
if err != nil && !errors.Is(err, io.EOF) {
|
||||
returnErrorResponse(w, r, formatError(err, "internal"))
|
||||
|
|
|
@ -311,8 +311,16 @@ func CreateNode(node *models.Node) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// TODO get template logic to decide initial ACL value
|
||||
_, err = nodeacls.CreateNodeACL(nodeacls.NetworkID(node.Network), nodeacls.NodeID(node.ID), acls.Allowed)
|
||||
|
||||
defaultACLVal := acls.Allowed
|
||||
parentNetwork, err := GetNetwork(node.Network)
|
||||
if err == nil {
|
||||
if parentNetwork.DefaultACL != "yes" {
|
||||
defaultACLVal = acls.NotAllowed
|
||||
}
|
||||
}
|
||||
|
||||
_, err = nodeacls.CreateNodeACL(nodeacls.NetworkID(node.Network), nodeacls.NodeID(node.ID), defaultACLVal)
|
||||
if err != nil {
|
||||
logger.Log(1, "failed to create node ACL for node,", node.ID, "err:", err.Error())
|
||||
return err
|
||||
|
|
|
@ -32,6 +32,7 @@ type Network struct {
|
|||
DefaultMTU int32 `json:"defaultmtu" bson:"defaultmtu"`
|
||||
// consider removing - may be depreciated
|
||||
DefaultServerAddrs []ServerAddr `json:"defaultserveraddrs" bson:"defaultserveraddrs" yaml:"defaultserveraddrs"`
|
||||
DefaultACL string `json:"defaultacl" bson:"defaultacl" yaml:"defaultacl" validate:"checkyesorno"`
|
||||
}
|
||||
|
||||
// SaveData - sensitive fields of a network that should be kept the same
|
||||
|
@ -96,4 +97,8 @@ func (network *Network) SetDefaults() {
|
|||
if network.DefaultMTU == 0 {
|
||||
network.DefaultMTU = 1280
|
||||
}
|
||||
|
||||
if network.DefaultACL == "" {
|
||||
network.DefaultACL = "yes"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -30,7 +30,7 @@ func InitializeCommsNetwork() error {
|
|||
|
||||
setCommsID()
|
||||
|
||||
_, err := logic.GetNetwork(COMMS_NETID)
|
||||
commsNetwork, err := logic.GetNetwork(COMMS_NETID)
|
||||
if err != nil {
|
||||
var network models.Network
|
||||
network.NetID = COMMS_NETID
|
||||
|
@ -41,6 +41,11 @@ func InitializeCommsNetwork() error {
|
|||
logger.Log(1, "comms net does not exist, creating with ID,", network.NetID, "and CIDR,", network.AddressRange)
|
||||
_, err = logic.CreateNetwork(network)
|
||||
return err
|
||||
} else if commsNetwork.DefaultACL == "" {
|
||||
commsNetwork.DefaultACL = "yes"
|
||||
if err = logic.SaveNetwork(&commsNetwork); err != nil {
|
||||
logger.Log(1, "comms net default acl is set incorrectly, please manually adjust to \"yes\",", COMMS_NETID)
|
||||
}
|
||||
}
|
||||
time.Sleep(time.Second << 1)
|
||||
SyncServerNetwork(COMMS_NETID)
|
||||
|
|
Loading…
Reference in a new issue