NET-1784: Adv Acl Rules (#3239)

* define direction on acl req * define protocol types and rule model * get rules for node * fetch acl rule for a node * redine acl firewall model * add json tags * update port,protocol, and direction * add json tags to acl options * convert protocol to string * simplify acl map * add json tags to acl rules * add networks to fw update * add acls rules * NET-1784: add allow all field * add allow all field on fw udpate * remove debug logs * fix port and protocol types * migrate default acl policies * define constants for service types * add adv options for user rules on ingress gw * debug log * allow whole network * add static nodes to acl rules * replace peers on acl updates * initiliase rule map * add user acl rules on target node * revert acl check on extclient * handle static node rules on ingress gw * update multiple policies for users * check allowed direction * remove debug logs
2025-10-05 16:57:51 +08:00 · 2024-12-10 11:21:14 +04:00
parent 31c2311bef
commit f124b10c35
12 changed files with 707 additions and 118 deletions
--- a/logic/nodes.go
+++ b/logic/nodes.go
@@ -818,7 +818,7 @@ func GetTagMapWithNodes() (tagNodesMap map[models.TagID][]models.Node) {
 	return
 }

-func GetTagMapWithNodesByNetwork(netID models.NetworkID) (tagNodesMap map[models.TagID][]models.Node) {
+func GetTagMapWithNodesByNetwork(netID models.NetworkID, withStaticNodes bool) (tagNodesMap map[models.TagID][]models.Node) {
 	tagNodesMap = make(map[models.TagID][]models.Node)
 	nodes, _ := GetNetworkNodes(netID.String())
 	for _, nodeI := range nodes {
@@ -829,6 +829,9 @@ func GetTagMapWithNodesByNetwork(netID models.NetworkID) (tagNodesMap map[models
 			tagNodesMap[nodeTagID] = append(tagNodesMap[nodeTagID], nodeI)
 		}
 	}
+	if !withStaticNodes {
+		return
+	}
 	return AddTagMapWithStaticNodes(netID, tagNodesMap)
 }

@@ -853,6 +856,27 @@ func AddTagMapWithStaticNodes(netID models.NetworkID,
 	return tagNodesMap
 }

+func AddTagMapWithStaticNodesWithUsers(netID models.NetworkID,
+	tagNodesMap map[models.TagID][]models.Node) map[models.TagID][]models.Node {
+	extclients, err := GetNetworkExtClients(netID.String())
+	if err != nil {
+		return tagNodesMap
+	}
+	for _, extclient := range extclients {
+		if extclient.Tags == nil {
+			continue
+		}
+		for tagID := range extclient.Tags {
+			tagNodesMap[tagID] = append(tagNodesMap[tagID], models.Node{
+				IsStatic:   true,
+				StaticNode: extclient,
+			})
+		}
+
+	}
+	return tagNodesMap
+}
+
 func GetNodesWithTag(tagID models.TagID) map[string]models.Node {
 	nMap := make(map[string]models.Node)
 	tag, err := GetTag(tagID)