zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-28 03:01:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix user policy acls

Browse Source
This commit is contained in:
abhishek9686
2024-10-19 13:50:54 +04:00
parent 57378d255a
commit 6b93163bd5
4 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
controllers/ext_client.go
View File

@@ -452,7 +452,9 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
extclient.OwnerID = userName
extclient.RemoteAccessClientID = customExtClient.RemoteAccessClientID
extclient.IngressGatewayID = nodeid
extclient.Tags = make(map[models.TagID]struct{})
extclient.Tags[models.TagID(fmt.Sprintf("%s.%s", extclient.Network,
models.RemoteAccessTagName))] = struct{}{}
// set extclient dns to ingressdns if extclient dns is not explicitly set
if (extclient.DNS == "") && (node.IngressDNS != "") {
extclient.DNS = node.IngressDNS

6
logic/acls.go
View File

@@ -83,7 +83,7 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
Src: []models.AclPolicyTag{
{
ID: models.DeviceAclID,
Value: fmt.Sprintf("%s.%s", netID, "remote-access-gws"),
Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
},
},
Dst: []models.AclPolicyTag{
@@ -205,10 +205,6 @@ func IsAclPolicyValid(acl models.Acl) bool {
if dstI.ID == "" || dstI.Value == "" {
return false
}
if dstI.ID == models.UserAclID ||
dstI.ID == models.UserGroupAclID || dstI.ID == models.UserRoleAclID {
return false
}
if dstI.ID != models.DeviceAclID {
return false
}

3
pro/controllers/users.go
View File

@@ -995,6 +995,9 @@ func getRemoteAccessGatewayConf(w http.ResponseWriter, r *http.Request) {
if err == nil { // check if parent network default ACL is enabled (yes) or not (no)
userConf.Enabled = parentNetwork.DefaultACL == "yes"
}
userConf.Tags = make(map[models.TagID]struct{})
userConf.Tags[models.TagID(fmt.Sprintf("%s.%s", userConf.Network,
models.RemoteAccessTagName))] = struct{}{}
if err = logic.CreateExtClient(&userConf); err != nil {
slog.Error(
"failed to create extclient",

8
pro/logic/user_mgmt.go
View File

@@ -956,7 +956,7 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
Dst: []models.AclPolicyTag{
{
ID: models.DeviceAclID,
Value: fmt.Sprintf("%s.%s", netID, "remote-access-gws"),
Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
},
},
AllowedDirection: models.TrafficDirectionUni,
@@ -981,7 +981,7 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
Dst: []models.AclPolicyTag{
{
ID: models.DeviceAclID,
Value: fmt.Sprintf("%s.%s", netID, "remote-access-gws"),
Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
}},
AllowedDirection: models.TrafficDirectionUni,
Enabled: true,
@@ -1006,7 +1006,7 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
Dst: []models.AclPolicyTag{
{
ID: models.DeviceAclID,
Value: fmt.Sprintf("%s.%s", netID, "remote-access-gws"),
Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
}},
AllowedDirection: models.TrafficDirectionUni,
Enabled: true,
@@ -1031,7 +1031,7 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
Dst: []models.AclPolicyTag{
{
ID: models.DeviceAclID,
Value: fmt.Sprintf("%s.%s", netID, "remote-access-gws"),
Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
}},
AllowedDirection: models.TrafficDirectionUni,
Enabled: true,