mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-11 23:54:22 +08:00
Abhishek K
GitHub
commit
f028a6374d
1 changed files with 10 additions and 8 deletions
|
|
@ -570,14 +570,14 @@ func IsUserAllowedToCommunicate(userName string, peer models.Node) (bool, []mode
|
||||||
|
|
||||||
// IsPeerAllowed - checks if peer needs to be added to the interface
|
// IsPeerAllowed - checks if peer needs to be added to the interface
|
||||||
func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
|
func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
|
||||||
peerTags := maps.Clone(peer.Tags)
|
|
||||||
nodeTags := maps.Clone(node.Tags)
|
|
||||||
if node.IsStatic {
|
if node.IsStatic {
|
||||||
node = node.StaticNode.ConvertToStaticNode()
|
node = node.StaticNode.ConvertToStaticNode()
|
||||||
}
|
}
|
||||||
if peer.IsStatic {
|
if peer.IsStatic {
|
||||||
peer = peer.StaticNode.ConvertToStaticNode()
|
peer = peer.StaticNode.ConvertToStaticNode()
|
||||||
}
|
}
|
||||||
|
peerTags := maps.Clone(peer.Tags)
|
||||||
|
nodeTags := maps.Clone(node.Tags)
|
||||||
if checkDefaultPolicy {
|
if checkDefaultPolicy {
|
||||||
// check default policy if all allowed return true
|
// check default policy if all allowed return true
|
||||||
defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
|
defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
|
||||||
|
|
@ -660,6 +660,8 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
|
||||||
if peer.IsStatic {
|
if peer.IsStatic {
|
||||||
peer = peer.StaticNode.ConvertToStaticNode()
|
peer = peer.StaticNode.ConvertToStaticNode()
|
||||||
}
|
}
|
||||||
|
peerTags := maps.Clone(peer.Tags)
|
||||||
|
nodeTags := maps.Clone(node.Tags)
|
||||||
if checkDefaultPolicy {
|
if checkDefaultPolicy {
|
||||||
// check default policy if all allowed return true
|
// check default policy if all allowed return true
|
||||||
defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
|
defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
|
||||||
|
|
@ -684,7 +686,7 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
|
||||||
}
|
}
|
||||||
srcMap = convAclTagToValueMap(policy.Src)
|
srcMap = convAclTagToValueMap(policy.Src)
|
||||||
dstMap = convAclTagToValueMap(policy.Dst)
|
dstMap = convAclTagToValueMap(policy.Dst)
|
||||||
for tagID := range node.Tags {
|
for tagID := range nodeTags {
|
||||||
allowed := false
|
allowed := false
|
||||||
if _, ok := dstMap[tagID.String()]; policy.AllowedDirection == models.TrafficDirectionBi && ok {
|
if _, ok := dstMap[tagID.String()]; policy.AllowedDirection == models.TrafficDirectionBi && ok {
|
||||||
if _, ok := srcMap["*"]; ok {
|
if _, ok := srcMap["*"]; ok {
|
||||||
|
|
@ -692,7 +694,7 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
|
||||||
allowedPolicies = append(allowedPolicies, policy)
|
allowedPolicies = append(allowedPolicies, policy)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
for tagID := range peer.Tags {
|
for tagID := range peerTags {
|
||||||
if _, ok := srcMap[tagID.String()]; ok {
|
if _, ok := srcMap[tagID.String()]; ok {
|
||||||
allowed = true
|
allowed = true
|
||||||
break
|
break
|
||||||
|
|
@ -709,7 +711,7 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
|
||||||
allowedPolicies = append(allowedPolicies, policy)
|
allowedPolicies = append(allowedPolicies, policy)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
for tagID := range peer.Tags {
|
for tagID := range peerTags {
|
||||||
if _, ok := dstMap[tagID.String()]; ok {
|
if _, ok := dstMap[tagID.String()]; ok {
|
||||||
allowed = true
|
allowed = true
|
||||||
break
|
break
|
||||||
|
|
@ -721,7 +723,7 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for tagID := range peer.Tags {
|
for tagID := range peerTags {
|
||||||
allowed := false
|
allowed := false
|
||||||
if _, ok := dstMap[tagID.String()]; ok {
|
if _, ok := dstMap[tagID.String()]; ok {
|
||||||
if _, ok := srcMap["*"]; ok {
|
if _, ok := srcMap["*"]; ok {
|
||||||
|
|
@ -729,7 +731,7 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
|
||||||
allowedPolicies = append(allowedPolicies, policy)
|
allowedPolicies = append(allowedPolicies, policy)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
for tagID := range node.Tags {
|
for tagID := range nodeTags {
|
||||||
|
|
||||||
if _, ok := srcMap[tagID.String()]; ok {
|
if _, ok := srcMap[tagID.String()]; ok {
|
||||||
allowed = true
|
allowed = true
|
||||||
|
|
@ -748,7 +750,7 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
|
||||||
allowedPolicies = append(allowedPolicies, policy)
|
allowedPolicies = append(allowedPolicies, policy)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
for tagID := range node.Tags {
|
for tagID := range nodeTags {
|
||||||
if _, ok := dstMap[tagID.String()]; ok {
|
if _, ok := dstMap[tagID.String()]; ok {
|
||||||
allowed = true
|
allowed = true
|
||||||
break
|
break
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue