gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-08 22:24:17 +08:00
Code Issues Projects Releases Packages Wiki Activity
netmaker/logic/acls/nodeacls/retrieve.go
Yabin Ma 5f21c8bb1d
NET-1778: scale test code changes (#3203) 
* comment ACL call and add debug message

* add cache for network nodes

* fix load node to network cache issue

* add peerUpdate call 1 min limit

* add debug log for scale test

* release maps

* avoid default policy for node

* 1 min limit for peerUpdate trigger

* mq options

* Revert "mq options"

This reverts commit 10b93d0118.

* set peerUpdate run in sequence

* update for emqx 5.8.2

* remove batch peer update

* change the sleep to 10 millisec to avoid timeout

* add compress and change encrypt for peerUpdate message

* add mem profiling and automaxprocs

* add failover ctx mutex

* ignore request to failover peer

* remove code without called

* remove debug logs

* update emqx to v5.8.2

* change broker keepalive

* add OLD_ACL_SUPPORT setting

* add host version check for message encrypt

* remove debug message

* remove peerUpdate call control

---------

Co-authored-by: abhishek9686 <abhi281342@gmail.com>
2024-12-10 10:15:31 +04:00

76 lines
2.1 KiB
Go
Raw Blame History

package nodeacls
import (
"encoding/json"
"fmt"
"maps"
"sync"
"github.com/gravitl/netmaker/logic/acls"
"github.com/gravitl/netmaker/servercfg"
)
var NodesAllowedACLMutex = &sync.Mutex{}
// AreNodesAllowed - checks if nodes are allowed to communicate in their network ACL
func AreNodesAllowed(networkID NetworkID, node1, node2 NodeID) bool {
if !servercfg.IsOldAclEnabled() {
return true
}
NodesAllowedACLMutex.Lock()
defer NodesAllowedACLMutex.Unlock()
var currentNetworkACL, err = FetchAllACLs(networkID)
if err != nil {
return false
}
var allowed bool
acls.AclMutex.Lock()
currNetworkACLNode1 := currentNetworkACL[acls.AclID(node1)]
currNetworkACLNode2 := currentNetworkACL[acls.AclID(node2)]
acls.AclMutex.Unlock()
allowed = currNetworkACLNode1.IsAllowed(acls.AclID(node2)) && currNetworkACLNode2.IsAllowed(acls.AclID(node1))
return allowed
}
// FetchNodeACL - fetches a specific node's ACL in a given network
func FetchNodeACL(networkID NetworkID, nodeID NodeID) (acls.ACL, error) {
var currentNetworkACL, err = FetchAllACLs(networkID)
if err != nil {
return nil, err
}
var acl acls.ACL
acls.AclMutex.RLock()
if currentNetworkACL[acls.AclID(nodeID)] == nil {
acls.AclMutex.RUnlock()
return nil, fmt.Errorf("no node ACL present for node %s", nodeID)
}
acl = currentNetworkACL[acls.AclID(nodeID)]
acls.AclMutex.RUnlock()
return acl, nil
}
// FetchNodeACLJson - fetches a node's acl in given network except returns the json string
func FetchNodeACLJson(networkID NetworkID, nodeID NodeID) (acls.ACLJson, error) {
currentNodeACL, err := FetchNodeACL(networkID, nodeID)
if err != nil {
return "", err
}
acls.AclMutex.RLock()
defer acls.AclMutex.RUnlock()
jsonData, err := json.Marshal(&currentNodeACL)
if err != nil {
return "", err
}
return acls.ACLJson(jsonData), nil
}
// FetchAllACLs - fetchs all node
func FetchAllACLs(networkID NetworkID) (acls.ACLContainer, error) {
var err error
var currentNetworkACL acls.ACLContainer
currentNetworkACL, err = currentNetworkACL.Get(acls.ContainerID(networkID))
if err != nil {
return nil, err
}
return maps.Clone(currentNetworkACL), nil
}
Reference in a new issue View git blame Copy permalink