Merge pull request #3675 from gravitl/release-v1.1.0

Release v1.1.0

controllers/egress.go

@@ -204,20 +204,23 @@ func updateEgress(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	var egressRange string
-	var cidrErr error
 	if !req.IsInetGw {
-		egressRange, cidrErr = logic.NormalizeCIDR(req.Range)
-		isDomain := logic.IsFQDN(req.Range)
-		if cidrErr != nil && !isDomain {
-			if cidrErr != nil {
-				logic.ReturnErrorResponse(w, r, logic.FormatError(cidrErr, "badrequest"))
-			} else {
-				logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("bad domain name"), "badrequest"))
+		if req.Range != "" {
+			var err error
+			egressRange, err = logic.NormalizeCIDR(req.Range)
+			if err != nil {
+				logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
+				return
 			}
-			return
 		}
-		if isDomain {
-			req.Domain = req.Range
+
+		if req.Domain != "" {
+			isDomain := logic.IsFQDN(req.Domain)
+			if !isDomain {
+				logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("bad domain name"), "badrequest"))
+				return
+			}
+
 			egressRange = ""
 		}
 	} else {
@@ -233,12 +236,20 @@ func updateEgress(w http.ResponseWriter, r *http.Request) {
 	}
 	var updateNat bool
 	var updateStatus bool
+	var resetDomain bool
+	var resetRange bool
 	if req.Nat != e.Nat {
 		updateNat = true
 	}
 	if req.Status != e.Status {
 		updateStatus = true
 	}
+	if req.Domain == "" {
+		resetDomain = true
+	}
+	if req.Range == "" || egressRange == "" {
+		resetRange = true
+	}
 	event := &models.Event{
 		Action: models.Update,
 		Source: models.Subject{
@@ -294,6 +305,12 @@ func updateEgress(w http.ResponseWriter, r *http.Request) {
 		e.Status = req.Status
 		e.UpdateEgressStatus(db.WithContext(context.TODO()))
 	}
+	if resetDomain {
+		_ = e.ResetDomain(db.WithContext(context.TODO()))
+	}
+	if resetRange {
+		_ = e.ResetRange(db.WithContext(context.TODO()))
+	}
 	event.Diff.New = e
 	logic.LogEvent(event)
 	if req.Domain != "" {
@@ -321,8 +338,6 @@ func updateEgress(w http.ResponseWriter, r *http.Request) {
 			}
 		}
 
-	} else {
-		go mq.PublishPeerUpdate(false)
 	}
 	go mq.PublishPeerUpdate(false)
 	logic.ReturnSuccessResponseWithJson(w, r, e, "updated egress resource")

logic/egress.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"maps"
+	"strings"
 
 	"github.com/gravitl/netmaker/db"
 	"github.com/gravitl/netmaker/models"
@@ -37,7 +38,6 @@ func ValidateEgressReq(e *schema.Egress) error {
 }
 
 func DoesUserHaveAccessToEgress(user *models.User, e *schema.Egress, acls []models.Acl) bool {
-
 	if !e.Status {
 		return false
 	}
@@ -183,7 +183,7 @@ func AddEgressInfoToPeerByAccess(node, targetNode *models.Node, eli []schema.Egr
 func GetEgressDomainsByAccess(user *models.User, network models.NetworkID) (domains []string) {
 	acls, _ := ListAclsByNetwork(network)
 	eli, _ := (&schema.Egress{Network: network.String()}).ListByNetwork(db.WithContext(context.TODO()))
-	defaultDevicePolicy, _ := GetDefaultPolicy(network, models.DevicePolicy)
+	defaultDevicePolicy, _ := GetDefaultPolicy(network, models.UserPolicy)
 	isDefaultPolicyActive := defaultDevicePolicy.Enabled
 	for _, e := range eli {
 		if !e.Status || e.Network != network.String() {
@@ -195,7 +195,8 @@ func GetEgressDomainsByAccess(user *models.User, network models.NetworkID) (doma
 			}
 		}
 		if e.Domain != "" && len(e.DomainAns) > 0 {
-			domains = append(domains, e.Domain)
+			domains = append(domains, BaseDomain(e.Domain))
+
 		}
 	}
 	return
@@ -302,26 +303,36 @@ func GetEgressRanges(netID models.NetworkID) (map[string][]string, map[string]st
 }
 
 func ListAllByRoutingNodeWithDomain(egs []schema.Egress, nodeID string) (egWithDomain []models.EgressDomain) {
+	node, err := GetNodeByID(nodeID)
+	if err != nil {
+		return
+	}
+	host, err := GetHost(node.HostID.String())
+	if err != nil {
+		return
+	}
 	for _, egI := range egs {
 		if !egI.Status || egI.Domain == "" {
 			continue
 		}
 		if _, ok := egI.Nodes[nodeID]; ok {
-			node, err := GetNodeByID(nodeID)
-			if err != nil {
-				continue
-			}
-			host, err := GetHost(node.HostID.String())
-			if err != nil {
-				continue
-			}
+
 			egWithDomain = append(egWithDomain, models.EgressDomain{
 				ID:     egI.ID,
 				Domain: egI.Domain,
 				Node:   node,
 				Host:   *host,
 			})
+
 		}
 	}
 	return
 }
+
+func BaseDomain(host string) string {
+	parts := strings.Split(host, ".")
+	if len(parts) < 2 {
+		return host // not a FQDN
+	}
+	return strings.Join(parts[len(parts)-2:], ".")
+}

logic/extpeers.go

@@ -73,6 +73,8 @@ func GetEgressRangesOnNetwork(client *models.ExtClient) ([]string, error) {
 	eli, _ := (&schema.Egress{Network: client.Network}).ListByNetwork(db.WithContext(context.TODO()))
 	staticNode := client.ConvertToStaticNode()
 	userPolicies := ListUserPolicies(models.NetworkID(client.Network))
+	defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(client.Network), models.UserPolicy)
+
 	for _, eI := range eli {
 		if !eI.Status {
 			continue
@@ -89,17 +91,22 @@ func GetEgressRangesOnNetwork(client *models.ExtClient) ([]string, error) {
 		} else {
 			rangesToBeAdded = append(rangesToBeAdded, eI.Range)
 		}
-		if staticNode.IsUserNode && staticNode.StaticNode.OwnerID != "" {
-			user, err := GetUser(staticNode.StaticNode.OwnerID)
-			if err != nil {
-				return []string{}, errors.New("user not found")
-			}
-			if DoesUserHaveAccessToEgress(user, &eI, userPolicies) {
+		if defaultUserPolicy.Enabled {
+			result = append(result, rangesToBeAdded...)
+		} else {
+			if staticNode.IsUserNode && staticNode.StaticNode.OwnerID != "" {
+				user, err := GetUser(staticNode.StaticNode.OwnerID)
+				if err != nil {
+					return []string{}, errors.New("user not found")
+				}
+				if DoesUserHaveAccessToEgress(user, &eI, userPolicies) {
+					result = append(result, rangesToBeAdded...)
+				}
+			} else {
 				result = append(result, rangesToBeAdded...)
 			}
-		} else {
-			result = append(result, rangesToBeAdded...)
 		}
+
 	}
 	extclients, _ := GetNetworkExtClients(client.Network)
 	for _, extclient := range extclients {

logic/peers.go

@@ -183,8 +183,8 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 		acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
 		eli, _ := (&schema.Egress{Network: node.Network}).ListByNetwork(db.WithContext(context.TODO()))
 		GetNodeEgressInfo(&node, eli, acls)
-		if node.EgressDetails.IsEgressGateway {
-			egsWithDomain := ListAllByRoutingNodeWithDomain(eli, node.ID.String())
+		egsWithDomain := ListAllByRoutingNodeWithDomain(eli, node.ID.String())
+		if len(egsWithDomain) > 0 {
 			hostPeerUpdate.EgressWithDomains = append(hostPeerUpdate.EgressWithDomains, egsWithDomain...)
 		}
 		hostPeerUpdate = SetDefaultGw(node, hostPeerUpdate)

models/structs.go

@@ -17,6 +17,7 @@ const (
 )
 
 type FeatureFlags struct {
+	EnableEgressHA          bool `json:"enable_egress_ha"`
 	EnableNetworkActivity   bool `json:"enable_network_activity"`
 	EnableOAuth             bool `json:"enable_oauth"`
 	EnableIDPIntegration    bool `json:"enable_idp_integration"`

schema/egress.go

@@ -52,6 +52,18 @@ func (e *Egress) UpdateEgressStatus(ctx context.Context) error {
 	}).Error
 }
 
+func (e *Egress) ResetDomain(ctx context.Context) error {
+	return db.FromContext(ctx).Table(e.Table()).Where("id = ?", e.ID).Updates(map[string]any{
+		"domain": "",
+	}).Error
+}
+
+func (e *Egress) ResetRange(ctx context.Context) error {
+	return db.FromContext(ctx).Table(e.Table()).Where("id = ?", e.ID).Updates(map[string]any{
+		"range": "",
+	}).Error
+}
+
 func (e *Egress) DoesEgressRouteExists(ctx context.Context) error {
 	return db.FromContext(ctx).Table(e.Table()).Where("range = ?", e.Range).First(&e).Error
 }