zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-05 16:57:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
f124b10c35a935c448fb179e6b22b373cad023d9
netmaker/models/acl.go
Abhishek K f124b10c35 NET-1784: Adv Acl Rules (#3239) 
* define direction on acl req

* define protocol types and rule model

* get rules for node

* fetch acl rule for a node

* redine acl firewall model

* add json tags

* update port,protocol, and direction

* add json tags to acl options

* convert protocol to string

* simplify acl map

* add json tags to acl rules

* add networks to fw update

* add acls rules

* NET-1784: add allow all field

* add allow all field on fw udpate

* remove debug logs

* fix port and protocol types

* migrate default acl policies

* define constants for service types

* add adv options for user rules on ingress gw

* debug log

* allow whole network

* add static nodes to acl rules

* replace peers on acl updates

* initiliase rule map

* add user acl rules on target node

* revert acl check on extclient

* handle static node rules on ingress gw

* update multiple policies for users

* check allowed direction

* remove debug logs
2024-12-10 11:21:14 +04:00

120 lines
3.3 KiB
Go
Raw Blame History

package models
import (
"net"
"time"
)
// AllowedTrafficDirection - allowed direction of traffic
type AllowedTrafficDirection int
const (
// TrafficDirectionUni implies traffic is only allowed in one direction (src --> dst)
TrafficDirectionUni AllowedTrafficDirection = iota
// TrafficDirectionBi implies traffic is allowed both direction (src <--> dst )
TrafficDirectionBi
)
// Protocol - allowed protocol
type Protocol string
const (
ALL Protocol = "all"
UDP Protocol = "udp"
TCP Protocol = "tcp"
ICMP Protocol = "icmp"
)
type ServiceType string
const (
Http = "HTTP"
Https = "HTTPS"
AllTCP = "All TCP"
AllUDP = "All UDP"
ICMPService = "ICMP"
Custom = "Custom"
)
func (p Protocol) String() string {
return string(p)
}
type AclPolicyType string
const (
UserPolicy AclPolicyType = "user-policy"
DevicePolicy AclPolicyType = "device-policy"
)
type AclPolicyTag struct {
ID AclGroupType `json:"id"`
Value string `json:"value"`
}
type AclGroupType string
const (
UserAclID AclGroupType = "user"
UserGroupAclID AclGroupType = "user-group"
DeviceAclID AclGroupType = "tag"
NetmakerIPAclID AclGroupType = "ip"
NetmakerSubNetRangeAClID AclGroupType = "ipset"
)
func (g AclGroupType) String() string {
return string(g)
}
type UpdateAclRequest struct {
Acl
NewName string `json:"new_name"`
}
type AclPolicy struct {
TypeID AclPolicyType
PrefixTagUser AclGroupType
}
type Acl struct {
ID string `json:"id"`
Default bool `json:"default"`
MetaData string `json:"meta_data"`
Name string `json:"name"`
NetworkID NetworkID `json:"network_id"`
RuleType AclPolicyType `json:"policy_type"`
Src []AclPolicyTag `json:"src_type"`
Dst []AclPolicyTag `json:"dst_type"`
Proto Protocol `json:"protocol"` // tcp, udp, etc.
ServiceType string `json:"type"`
Port []string `json:"ports"`
AllowedDirection AllowedTrafficDirection `json:"allowed_traffic_direction"`
Enabled bool `json:"enabled"`
CreatedBy string `json:"created_by"`
CreatedAt time.Time `json:"created_at"`
}
type AclPolicyTypes struct {
ProtocolTypes []ProtocolType
RuleTypes []AclPolicyType `json:"policy_types"`
SrcGroupTypes []AclGroupType `json:"src_grp_types"`
DstGroupTypes []AclGroupType `json:"dst_grp_types"`
}
type ProtocolType struct {
Name string `json:"name"`
AllowedProtocols []Protocol `json:"allowed_protocols"`
PortRange string `json:"port_range"`
AllowPortSetting bool `json:"allow_port_setting"`
}
type AclRule struct {
ID string `json:"id"`
IPList []net.IPNet `json:"ip_list"`
IP6List []net.IPNet `json:"ip6_list"`
AllowedProtocol Protocol `json:"allowed_protocols"` // tcp, udp, etc.
AllowedPorts []string `json:"allowed_ports"`
Direction AllowedTrafficDirection `json:"direction"` // single or two-way
Allowed bool
}
Reference in New Issue View Git Blame Copy Permalink