zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-06 17:29:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

remove node id from acls when deleted

Browse Source
This commit is contained in:
abhishek9686
2025-02-14 19:59:58 +04:00
parent 41fa0b1bce
commit ed1f48a4b4
3 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
logic/acls.go
View File

@@ -654,6 +654,78 @@ func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
} }
return false return false
} }
func RemoveNodeFromAclPolicy(node models.Node) {
var nodeID string
if node.IsStatic {
nodeID = node.StaticNode.ClientID
} else {
nodeID = node.ID.String()
}
acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
for _, acl := range acls {
delete := false
update := false
if acl.RuleType == models.DevicePolicy {
for i, srcI := range acl.Src {
if srcI.ID == models.NodeID && srcI.Value == nodeID {
if len(acl.Src) == 1 {
// delete policy
delete = true
break
} else {
acl.Src = append(acl.Src[:i], acl.Src[i+1:]...)
update = true
}
}
}
if delete {
DeleteAcl(acl)
continue
}
for i, dstI := range acl.Dst {
if dstI.ID == models.NodeID && dstI.Value == nodeID {
if len(acl.Dst) == 1 {
// delete policy
delete = true
break
} else {
acl.Dst = append(acl.Dst[:i], acl.Dst[i+1:]...)
update = true
}
}
}
if delete {
DeleteAcl(acl)
continue
}
if update {
UpsertAcl(acl)
}
}
if acl.RuleType == models.UserPolicy {
for i, dstI := range acl.Dst {
if dstI.ID == models.NodeID && dstI.Value == nodeID {
if len(acl.Dst) == 1 {
// delete policy
delete = true
break
} else {
acl.Dst = append(acl.Dst[:i], acl.Dst[i+1:]...)
update = true
}
}
}
if delete {
DeleteAcl(acl)
continue
}
if update {
UpsertAcl(acl)
}
}
}
}
func checkTagGroupPolicy(srcMap, dstMap map[string]struct{}, node, peer models.Node, func checkTagGroupPolicy(srcMap, dstMap map[string]struct{}, node, peer models.Node,
nodeTags, peerTags map[models.TagID]struct{}) bool { nodeTags, peerTags map[models.TagID]struct{}) bool {

1
logic/extpeers.go
View File

@@ -134,6 +134,7 @@ func DeleteExtClientAndCleanup(extClient models.ExtClient) error {
slog.Error("DeleteExtClientAndCleanup-update network acls:", "Error", err.Error()) slog.Error("DeleteExtClientAndCleanup-update network acls:", "Error", err.Error())
return err return err
} }
go RemoveNodeFromAclPolicy(extClient.ConvertToStaticNode())
return nil return nil
} }

1
logic/nodes.go
View File

@@ -312,6 +312,7 @@ func DeleteNode(node *models.Node, purge bool) error {
if err := DissasociateNodeFromHost(node, host); err != nil { if err := DissasociateNodeFromHost(node, host); err != nil {
return err return err
} }
go RemoveNodeFromAclPolicy(*node)
return nil return nil
} }