mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-26 21:01:32 +08:00
add egress ips by access to user configs (#3659)
This commit is contained in:
Abhishek K
@@ -1465,6 +1465,18 @@ func GetDefaultPolicy(netID models.NetworkID, ruleType models.AclPolicyType) (mo
|
|||||||
return acl, nil
|
return acl, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ListUserPolicies - lists all user policies in a network
|
||||||
|
func ListUserPolicies(netID models.NetworkID) []models.Acl {
|
||||||
|
allAcls := ListAcls()
|
||||||
|
userAcls := []models.Acl{}
|
||||||
|
for _, acl := range allAcls {
|
||||||
|
if acl.NetworkID == netID && acl.RuleType == models.UserPolicy {
|
||||||
|
userAcls = append(userAcls, acl)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return userAcls
|
||||||
|
}
|
||||||
|
|
||||||
// ListAcls - lists all acl policies
|
// ListAcls - lists all acl policies
|
||||||
func ListAclsByNetwork(netID models.NetworkID) ([]models.Acl, error) {
|
func ListAclsByNetwork(netID models.NetworkID) ([]models.Acl, error) {
|
||||||
|
|
||||||
|
|||||||
@@ -226,9 +226,7 @@ func GetGwDNS(node *models.Node) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func SetDNSOnWgConfig(gwNode *models.Node, extclient *models.ExtClient) {
|
func SetDNSOnWgConfig(gwNode *models.Node, extclient *models.ExtClient) {
|
||||||
if extclient.DNS == "" {
|
extclient.DNS = GetGwDNS(gwNode)
|
||||||
extclient.DNS = GetGwDNS(gwNode)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetCustomDNS - gets the custom DNS of a network
|
// GetCustomDNS - gets the custom DNS of a network
|
||||||
|
|||||||
@@ -71,11 +71,35 @@ func GetEgressRangesOnNetwork(client *models.ExtClient) ([]string, error) {
|
|||||||
|
|
||||||
var result []string
|
var result []string
|
||||||
eli, _ := (&schema.Egress{Network: client.Network}).ListByNetwork(db.WithContext(context.TODO()))
|
eli, _ := (&schema.Egress{Network: client.Network}).ListByNetwork(db.WithContext(context.TODO()))
|
||||||
|
staticNode := client.ConvertToStaticNode()
|
||||||
|
userPolicies := ListUserPolicies(models.NetworkID(client.Network))
|
||||||
for _, eI := range eli {
|
for _, eI := range eli {
|
||||||
if !eI.Status || eI.Range == "" {
|
if !eI.Status {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
result = append(result, eI.Range)
|
if eI.Domain == "" && eI.Range == "" {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if eI.Domain != "" && len(eI.DomainAns) == 0 {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
rangesToBeAdded := []string{}
|
||||||
|
if eI.Domain != "" {
|
||||||
|
rangesToBeAdded = append(rangesToBeAdded, eI.DomainAns...)
|
||||||
|
} else {
|
||||||
|
rangesToBeAdded = append(rangesToBeAdded, eI.Range)
|
||||||
|
}
|
||||||
|
if staticNode.IsUserNode && staticNode.StaticNode.OwnerID != "" {
|
||||||
|
user, err := GetUser(staticNode.StaticNode.OwnerID)
|
||||||
|
if err != nil {
|
||||||
|
return []string{}, errors.New("user not found")
|
||||||
|
}
|
||||||
|
if DoesUserHaveAccessToEgress(user, &eI, userPolicies) {
|
||||||
|
result = append(result, rangesToBeAdded...)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
result = append(result, rangesToBeAdded...)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
extclients, _ := GetNetworkExtClients(client.Network)
|
extclients, _ := GetNetworkExtClients(client.Network)
|
||||||
for _, extclient := range extclients {
|
for _, extclient := range extclients {
|
||||||
|
|||||||
@@ -66,7 +66,7 @@ func (ext *ExtClient) ConvertToStaticNode() Node {
|
|||||||
Tags: ext.Tags,
|
Tags: ext.Tags,
|
||||||
IsStatic: true,
|
IsStatic: true,
|
||||||
StaticNode: *ext,
|
StaticNode: *ext,
|
||||||
IsUserNode: ext.RemoteAccessClientID != "",
|
IsUserNode: ext.RemoteAccessClientID != "" || ext.DeviceID != "",
|
||||||
Mutex: ext.Mutex,
|
Mutex: ext.Mutex,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user