Merge pull request #912 from gravitl/feature_v0.12.1_default_acl

Feature v0.12.1 default acl
2024-09-20 23:36:18 +08:00 · 2022-03-18 10:00:35 -04:00 · 2022-03-18 10:00:35 -04:00 · ef0d34c119
parent 7e92c52946 772e5e6e80
commit ef0d34c119
4 changed files with 27 additions and 4 deletions
--- a/controllers/ext_client.go
+++ b/controllers/ext_client.go
@ -235,8 +235,13 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	extclient.IngressGatewayEndpoint = node.Endpoint + ":" + strconv.FormatInt(int64(node.ListenPort), 10)
-	// TODO, could rely on network template as well in future
+
 	extclient.Enabled = true
+	parentNetwork, err := logic.GetNetwork(networkName)
+	if err == nil { // check if parent network default ACL is enabled (yes) or not (no)
+		extclient.Enabled = parentNetwork.DefaultACL == "yes"
+	}
+
 	err = json.NewDecoder(r.Body).Decode(&extclient)
 	if err != nil && !errors.Is(err, io.EOF) {
 		returnErrorResponse(w, r, formatError(err, "internal"))
--- a/logic/nodes.go
+++ b/logic/nodes.go
@ -311,8 +311,16 @@ func CreateNode(node *models.Node) error {
 	if err != nil {
 		return err
 	}
-	// TODO get template logic to decide initial ACL value
-	_, err = nodeacls.CreateNodeACL(nodeacls.NetworkID(node.Network), nodeacls.NodeID(node.ID), acls.Allowed)
+
+	defaultACLVal := acls.Allowed
+	parentNetwork, err := GetNetwork(node.Network)
+	if err == nil {
+		if parentNetwork.DefaultACL != "yes" {
+			defaultACLVal = acls.NotAllowed
+		}
+	}
+
+	_, err = nodeacls.CreateNodeACL(nodeacls.NetworkID(node.Network), nodeacls.NodeID(node.ID), defaultACLVal)
 	if err != nil {
 		logger.Log(1, "failed to create node ACL for node,", node.ID, "err:", err.Error())
 		return err
--- a/models/network.go
+++ b/models/network.go
@ -32,6 +32,7 @@ type Network struct {
 	DefaultMTU          int32       `json:"defaultmtu" bson:"defaultmtu"`
 	// consider removing - may be depreciated
 	DefaultServerAddrs []ServerAddr `json:"defaultserveraddrs" bson:"defaultserveraddrs" yaml:"defaultserveraddrs"`
+	DefaultACL         string       `json:"defaultacl" bson:"defaultacl" yaml:"defaultacl" validate:"checkyesorno"`
 }

 // SaveData - sensitive fields of a network that should be kept the same
@ -96,4 +97,8 @@ func (network *Network) SetDefaults() {
 	if network.DefaultMTU == 0 {
 		network.DefaultMTU = 1280
 	}
+
+	if network.DefaultACL == "" {
+		network.DefaultACL = "yes"
+	}
 }
--- a/serverctl/serverctl.go
+++ b/serverctl/serverctl.go
@ -30,7 +30,7 @@ func InitializeCommsNetwork() error {

 	setCommsID()

-	_, err := logic.GetNetwork(COMMS_NETID)
+	commsNetwork, err := logic.GetNetwork(COMMS_NETID)
 	if err != nil {
 		var network models.Network
 		network.NetID = COMMS_NETID
@ -41,6 +41,11 @@ func InitializeCommsNetwork() error {
 		logger.Log(1, "comms net does not exist, creating with ID,", network.NetID, "and CIDR,", network.AddressRange)
 		_, err = logic.CreateNetwork(network)
 		return err
+	} else if commsNetwork.DefaultACL == "" {
+		commsNetwork.DefaultACL = "yes"
+		if err = logic.SaveNetwork(&commsNetwork); err != nil {
+			logger.Log(1, "comms net default acl is set incorrectly, please manually adjust to \"yes\",", COMMS_NETID)
+		}
 	}
 	time.Sleep(time.Second << 1)
 	SyncServerNetwork(COMMS_NETID)