zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-31 12:16:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

NET-1932: handle non-inet egress ranges on inet gw (#3479)

Browse Source 
* move relevant acl and tag code to CE and Pro pkgs

* intialise pro acl funcs

* list gateways by user access

* check user gw access by policies

* filter out user policies on CE

* filter out tagged policies on CE

* fix ce acl comms

* allow gateways tag

* allow gateway tag  on CE, remove failover and gw check on acl policy

* add gw rules func to pro

* add inet gw support on CE

* add egress acl API

* add egress acl API

* fix(go): set is_gw when converting api node to server node;

* fix(go): set is_gw when converting api node to server node;

* fix policy validity checker for inet gws

* move dns option to host model

* fix node removal from egress policy on delete

* add migration logic for ManageDNS

* fix dns json field

* fix nil error on node tags

* add egress info to relayed nodes

* fix default network user policy

* fix egress migration

* fix egress migration

* add failover inet gw check

* optiomise egress calls

* auto create gw on inet egress node

* optimise egress calls

* add global user role check

* fix egress on inet gw

---------

Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
This commit is contained in:
Abhishek K
2025-06-04 08:04:40 +05:30
committed by GitHub
parent 3bae08797f
commit 599a9c6f4a
5 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
controllers/middleware.go
View File

@@ -50,8 +50,11 @@ func userMiddleWare(handler http.Handler) http.Handler {
if strings.Contains(route, "createrelay") || strings.Contains(route, "deleterelay") { if strings.Contains(route, "createrelay") || strings.Contains(route, "deleterelay") {
r.Header.Set("TARGET_RSRC", models.RelayRsrc.String()) r.Header.Set("TARGET_RSRC", models.RelayRsrc.String())
} }
if strings.Contains(route, "gateway") { if strings.Contains(route, "gateway") {
r.Header.Set("TARGET_RSRC", models.GatewayRsrc.String())
}
if strings.Contains(route, "egress") {
r.Header.Set("TARGET_RSRC", models.EgressGwRsrc.String()) r.Header.Set("TARGET_RSRC", models.EgressGwRsrc.String())
} }
if strings.Contains(route, "networks") { if strings.Contains(route, "networks") {

13
logic/extpeers.go
View File

@@ -81,15 +81,22 @@ func GetEgressRangesOnNetwork(client *models.ExtClient) ([]string, error) {
continue continue
} }
GetNodeEgressInfo(&currentNode, eli) GetNodeEgressInfo(&currentNode, eli)
if currentNode.EgressDetails.IsInternetGateway && client.IngressGatewayID != currentNode.ID.String() {
continue
}
if currentNode.EgressDetails.IsEgressGateway { // add the egress gateway range(s) to the result if currentNode.EgressDetails.IsEgressGateway { // add the egress gateway range(s) to the result
if len(currentNode.EgressDetails.EgressGatewayRanges) > 0 { if len(currentNode.EgressDetails.EgressGatewayRanges) > 0 {
if currentNode.EgressDetails.IsInternetGateway && client.IngressGatewayID != currentNode.ID.String() {
for _, rangeI := range currentNode.EgressDetails.EgressGatewayRanges {
if rangeI == "0.0.0.0/0" || rangeI == "::/0" {
continue
} else {
result = append(result, rangeI)
}
}
} else {
result = append(result, currentNode.EgressDetails.EgressGatewayRanges...) result = append(result, currentNode.EgressDetails.EgressGatewayRanges...)
} }
} }
} }
}
extclients, _ := GetNetworkExtClients(client.Network) extclients, _ := GetNetworkExtClients(client.Network)
for _, extclient := range extclients { for _, extclient := range extclients {
if extclient.ClientID == client.ClientID { if extclient.ClientID == client.ClientID {

7
logic/peers.go
View File

@@ -186,12 +186,9 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
} }
defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy) defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy) defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
anyActiveEgressPolicy := CheckIfAnyActiveEgressPolicy(node)
nodeHasAccessToAllRsrcs := CheckIfNodeHasAccessToAllResources(&node)
anyUniDirectionPolicy := CheckIfAnyPolicyisUniDirectional(node)
if (defaultDevicePolicy.Enabled && defaultUserPolicy.Enabled) || if (defaultDevicePolicy.Enabled && defaultUserPolicy.Enabled) ||
(!anyUniDirectionPolicy && !anyActiveEgressPolicy) || (!CheckIfAnyPolicyisUniDirectional(node) && !CheckIfAnyActiveEgressPolicy(node)) ||
nodeHasAccessToAllRsrcs { CheckIfNodeHasAccessToAllResources(&node) {
aclRule := models.AclRule{ aclRule := models.AclRule{
ID: fmt.Sprintf("%s-allowed-network-rules", node.ID.String()), ID: fmt.Sprintf("%s-allowed-network-rules", node.ID.String()),
AllowedProtocol: models.ALL, AllowedProtocol: models.ALL,

1
models/user_mgmt.go
View File

@@ -65,6 +65,7 @@ const (
HostRsrc RsrcType = "hosts" HostRsrc RsrcType = "hosts"
RelayRsrc RsrcType = "relays" RelayRsrc RsrcType = "relays"
RemoteAccessGwRsrc RsrcType = "remote_access_gw" RemoteAccessGwRsrc RsrcType = "remote_access_gw"
GatewayRsrc RsrcType = "gateways"
ExtClientsRsrc RsrcType = "extclients" ExtClientsRsrc RsrcType = "extclients"
InetGwRsrc RsrcType = "inet_gw" InetGwRsrc RsrcType = "inet_gw"
EgressGwRsrc RsrcType = "egress" EgressGwRsrc RsrcType = "egress"

1
pro/logic/user_mgmt.go
View File

@@ -761,7 +761,6 @@ func GetUserRAGNodes(user models.User) (gws map[string]models.Node) {
} }
} }
} }
} }
} }
return return