From f3fd10326f5020b22d65cc42c5d32a6c30b45823 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Tue, 11 Mar 2025 00:50:44 +0400 Subject: [PATCH] migrate remote access gw tags --- logic/acls.go | 8 ++++---- logic/gateway.go | 4 ++-- logic/tags.go | 4 ++-- migrate/migrate.go | 42 ++++++++++++++++++++++++++++++++---------- models/tags.go | 3 ++- pro/logic/user_mgmt.go | 4 ++-- 6 files changed, 44 insertions(+), 21 deletions(-) diff --git a/logic/acls.go b/logic/acls.go index b50fe52d..c1167627 100644 --- a/logic/acls.go +++ b/logic/acls.go @@ -95,11 +95,11 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) { InsertAcl(defaultUserAcl) } - if !IsAclExists(fmt.Sprintf("%s.%s", netID, "all-remote-access-gws")) { + if !IsAclExists(fmt.Sprintf("%s.%s", netID, "all-gateways")) { defaultUserAcl := models.Acl{ - ID: fmt.Sprintf("%s.%s", netID, "all-remote-access-gws"), + ID: fmt.Sprintf("%s.%s", netID, "all-gateways"), Default: true, - Name: "All Remote Access Gateways", + Name: "All Gateways", NetworkID: netID, Proto: models.ALL, ServiceType: models.Any, @@ -108,7 +108,7 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) { Src: []models.AclPolicyTag{ { ID: models.NodeTagID, - Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName), + Value: fmt.Sprintf("%s.%s", netID, models.GwTagName), }, }, Dst: []models.AclPolicyTag{ diff --git a/logic/gateway.go b/logic/gateway.go index 46e7b588..b07f332b 100644 --- a/logic/gateway.go +++ b/logic/gateway.go @@ -220,7 +220,7 @@ func CreateIngressGateway(netid string, nodeid string, ingress models.IngressReq if node.Tags == nil { node.Tags = make(map[models.TagID]struct{}) } - node.Tags[models.TagID(fmt.Sprintf("%s.%s", netid, models.RemoteAccessTagName))] = struct{}{} + node.Tags[models.TagID(fmt.Sprintf("%s.%s", netid, models.GwTagName))] = struct{}{} err = UpsertNode(&node) if err != nil { return models.Node{}, err @@ -272,7 +272,7 @@ func DeleteIngressGateway(nodeid string) (models.Node, []models.ExtClient, error if !servercfg.IsPro { node.IsInternetGateway = false } - delete(node.Tags, models.TagID(fmt.Sprintf("%s.%s", node.Network, models.RemoteAccessTagName))) + delete(node.Tags, models.TagID(fmt.Sprintf("%s.%s", node.Network, models.GwTagName))) node.IngressGatewayRange = "" node.Metadata = "" err = UpsertNode(&node) diff --git a/logic/tags.go b/logic/tags.go index 9f1721b9..69daace2 100644 --- a/logic/tags.go +++ b/logic/tags.go @@ -280,8 +280,8 @@ func CheckIDSyntax(id string) error { func CreateDefaultTags(netID models.NetworkID) { // create tag for remote access gws in the network tag := models.Tag{ - ID: models.TagID(fmt.Sprintf("%s.%s", netID.String(), models.RemoteAccessTagName)), - TagName: models.RemoteAccessTagName, + ID: models.TagID(fmt.Sprintf("%s.%s", netID.String(), models.GwTagName)), + TagName: models.GwTagName, Network: netID, CreatedBy: "auto", CreatedAt: time.Now(), diff --git a/migrate/migrate.go b/migrate/migrate.go index 0ee70a6b..30f7a5f7 100644 --- a/migrate/migrate.go +++ b/migrate/migrate.go @@ -204,15 +204,6 @@ func updateNodes() { logic.UpsertNode(&node) } if node.IsIngressGateway { - tagID := models.TagID(fmt.Sprintf("%s.%s", node.Network, - models.RemoteAccessTagName)) - if node.Tags == nil { - node.Tags = make(map[models.TagID]struct{}) - } - if _, ok := node.Tags[tagID]; !ok { - node.Tags[tagID] = struct{}{} - logic.UpsertNode(&node) - } host, err := logic.GetHost(node.HostID.String()) if err == nil { go logic.DeleteRole(models.GetRAGRoleID(node.Network, host.ID.String()), true) @@ -448,7 +439,8 @@ func createDefaultTagsAndPolicies() { for _, network := range networks { logic.CreateDefaultTags(models.NetworkID(network.NetID)) logic.CreateDefaultAclNetworkPolicies(models.NetworkID(network.NetID)) - + // delete old remote access gws policy + logic.DeleteAcl(models.Acl{ID: fmt.Sprintf("%s.%s", network.NetID, "all-remote-access-gws")}) } logic.MigrateAclPolicies() } @@ -463,7 +455,37 @@ func migrateToGws() { node.IsGw = true node.IsIngressGateway = true node.IsRelay = true + if node.Tags == nil { + node.Tags = make(map[models.TagID]struct{}) + } + node.Tags[models.TagID(fmt.Sprintf("%s.%s", node.Network, models.GwTagName))] = struct{}{} + delete(node.Tags, models.TagID(fmt.Sprintf("%s.%s", node.Network, models.OldRemoteAccessTagName))) logic.UpsertNode(&node) } } + acls := logic.ListAcls() + for _, acl := range acls { + upsert := false + for i, srcI := range acl.Src { + if srcI.ID == models.NodeTagID && srcI.Value == fmt.Sprintf("%s.%s", acl.NetworkID.String(), models.OldRemoteAccessTagName) { + srcI.Value = models.GwTagName + acl.Src[i] = srcI + upsert = true + } + } + for i, dstI := range acl.Dst { + if dstI.ID == models.NodeTagID && dstI.Value == fmt.Sprintf("%s.%s", acl.NetworkID.String(), models.OldRemoteAccessTagName) { + dstI.Value = models.GwTagName + acl.Dst[i] = dstI + upsert = true + } + } + if upsert { + logic.UpsertAcl(acl) + } + } + nets, _ := logic.GetNetworks() + for _, netI := range nets { + logic.DeleteTag(models.TagID(fmt.Sprintf("%s.%s", netI.NetID, models.OldRemoteAccessTagName)), true) + } } diff --git a/models/tags.go b/models/tags.go index 1a4cebde..99ec2a6f 100644 --- a/models/tags.go +++ b/models/tags.go @@ -8,7 +8,8 @@ import ( type TagID string const ( - RemoteAccessTagName = "remote-access-gws" + OldRemoteAccessTagName = "remote-access-gws" + GwTagName = "gateways" ) func (id TagID) String() string { diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go index 91bf26bf..994ca6bc 100644 --- a/pro/logic/user_mgmt.go +++ b/pro/logic/user_mgmt.go @@ -1230,7 +1230,7 @@ func CreateDefaultUserPolicies(netID models.NetworkID) { Dst: []models.AclPolicyTag{ { ID: models.NodeTagID, - Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName), + Value: fmt.Sprintf("%s.%s", netID, models.GwTagName), }}, AllowedDirection: models.TrafficDirectionUni, Enabled: true, @@ -1264,7 +1264,7 @@ func CreateDefaultUserPolicies(netID models.NetworkID) { Dst: []models.AclPolicyTag{ { ID: models.NodeTagID, - Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName), + Value: fmt.Sprintf("%s.%s", netID, models.GwTagName), }}, AllowedDirection: models.TrafficDirectionUni, Enabled: true,