Merge pull request #3709 from gravitl/master

Master

controllers/node.go

@@ -270,65 +270,6 @@ func getNetworkNodes(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
-	filteredNodes := []models.Node{}
-	if r.Header.Get("ismaster") != "yes" {
-		username := r.Header.Get("user")
-		user, err := logic.GetUser(username)
-		if err != nil {
-			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-			return
-		}
-		userPlatformRole, err := logic.GetRole(user.PlatformRoleID)
-		if err != nil {
-			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-			return
-		}
-
-		if !userPlatformRole.FullAccess {
-			nodesMap := make(map[string]struct{})
-			networkRoles := user.NetworkRoles[models.NetworkID(networkName)]
-			for networkRoleID := range networkRoles {
-				userPermTemplate, err := logic.GetRole(networkRoleID)
-				if err != nil {
-					logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-					return
-				}
-				if userPermTemplate.FullAccess {
-					break
-				}
-				if rsrcPerms, ok := userPermTemplate.NetworkLevelAccess[models.RemoteAccessGwRsrc]; ok {
-					if _, ok := rsrcPerms[models.AllRemoteAccessGwRsrcID]; ok {
-						for _, node := range nodes {
-							if _, ok := nodesMap[node.ID.String()]; ok {
-								continue
-							}
-							if node.IsIngressGateway {
-								nodesMap[node.ID.String()] = struct{}{}
-								filteredNodes = append(filteredNodes, node)
-							}
-						}
-					} else {
-						for gwID, scope := range rsrcPerms {
-							if _, ok := nodesMap[gwID.String()]; ok {
-								continue
-							}
-							if scope.Read {
-								gwNode, err := logic.GetNodeByID(gwID.String())
-								if err == nil && gwNode.IsIngressGateway {
-									filteredNodes = append(filteredNodes, gwNode)
-								}
-							}
-						}
-					}
-				}
-
-			}
-		}
-	}
-	if len(filteredNodes) > 0 {
-		nodes = filteredNodes
-	}
-
 	nodes = logic.AddStaticNodestoList(nodes)
 	nodes = logic.AddStatusToNodes(nodes, false)
 	// returns all the nodes in JSON/API format
@@ -402,21 +343,6 @@ func getNetworkNodeStatus(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
-	username := r.Header.Get("user")
-	if r.Header.Get("ismaster") == "no" {
-		user, err := logic.GetUser(username)
-		if err != nil {
-			return
-		}
-		userPlatformRole, err := logic.GetRole(user.PlatformRoleID)
-		if err != nil {
-			return
-		}
-		if !userPlatformRole.FullAccess {
-			nodes = logic.GetFilteredNodesByUserAccess(*user, nodes)
-		}
-
-	}
 	nodes = logic.AddStaticNodestoList(nodes)
 	nodes = logic.AddStatusToNodes(nodes, true)
 	// return all the nodes in JSON/API format

logic/hosts.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"os"
 	"sort"
+	"strings"
 	"sync"
 
 	"github.com/google/uuid"
@@ -292,6 +293,10 @@ func UpdateHost(newHost, currentHost *models.Host) {
 	if newHost.PersistentKeepalive == 0 {
 		newHost.PersistentKeepalive = currentHost.PersistentKeepalive
 	}
+
+	if strings.TrimSpace(newHost.DNS) == "" {
+		newHost.DNS = currentHost.DNS
+	}
 }
 
 // UpdateHostFromClient - used for updating host on server with update recieved from client

migrate/migrate.go

@@ -379,6 +379,9 @@ func updateHosts() {
 			} else {
 				host.DNS = "no"
 			}
+			if host.IsDefault {
+				host.DNS = "yes"
+			}
 			logic.UpsertHost(&host)
 		}
 		if host.IsDefault && !host.AutoUpdate {

pro/controllers/users.go

@@ -50,6 +50,7 @@ func UserHandlers(r *mux.Router) {
 	r.HandleFunc("/api/v1/users/group", logic.SecurityCheck(true, http.HandlerFunc(deleteUserGroup))).Methods(http.MethodDelete)
 	r.HandleFunc("/api/v1/users/add_network_user", logic.SecurityCheck(true, http.HandlerFunc(addUsertoNetwork))).Methods(http.MethodPut)
 	r.HandleFunc("/api/v1/users/remove_network_user", logic.SecurityCheck(true, http.HandlerFunc(removeUserfromNetwork))).Methods(http.MethodPut)
+	r.HandleFunc("/api/v1/users/unassigned_network_users", logic.SecurityCheck(true, http.HandlerFunc(listUnAssignedNetUsers))).Methods(http.MethodGet)
 
 	// User Invite Handlers
 	r.HandleFunc("/api/v1/users/invite", userInviteVerify).Methods(http.MethodGet)
@@ -660,6 +661,48 @@ func updateUserGroup(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, userGroup, "updated user group")
 }
 
+// swagger:route GET /api/v1/users/unassigned_network_user user listUnAssignedNetUsers
+//
+// list unassigned network users.
+//
+//			Schemes: https
+//
+//			Security:
+//	  		oauth
+//
+//			Responses:
+//				200: userBodyResponse
+func listUnAssignedNetUsers(w http.ResponseWriter, r *http.Request) {
+	netID := r.URL.Query().Get("network_id")
+	if netID == "" {
+		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("network is required"), logic.BadReq))
+		return
+	}
+	var unassignedUsers []models.ReturnUser
+	users, _ := logic.GetUsers()
+	for _, user := range users {
+		if user.PlatformRoleID != models.ServiceUser {
+			continue
+		}
+		skipUser := false
+		for userGID := range user.UserGroups {
+			userG, err := proLogic.GetUserGroup(userGID)
+			if err != nil {
+				continue
+			}
+			if _, ok := userG.NetworkRoles[models.NetworkID(netID)]; ok {
+				skipUser = true
+				break
+			}
+		}
+		if skipUser {
+			continue
+		}
+		unassignedUsers = append(unassignedUsers, user)
+	}
+	logic.ReturnSuccessResponseWithJson(w, r, unassignedUsers, "returned unassigned network service users")
+}
+
 // swagger:route PUT /api/v1/users/add_network_user user addUsertoNetwork
 //
 // add user to network.
@@ -1529,7 +1572,7 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 
 		gws := userGws[node.Network]
 		if gwClient.DNS == "" {
-			gwClient.DNS = node.IngressDNS
+			logic.SetDNSOnWgConfig(&node, &gwClient)
 		}
 
 		gwClient.IngressGatewayEndpoint = utils.GetExtClientEndpoint(

pro/logic/user_mgmt.go

@@ -998,7 +998,7 @@ func GetUserNetworkRolesWithRemoteVPNAccess(user models.User) (gwAccess map[mode
 }
 
 func GetFilteredNodesByUserAccess(user models.User, nodes []models.Node) (filteredNodes []models.Node) {
-	return filteredNodes
+	return nodes
 }
 
 func FilterNetworksByRole(allnetworks []models.Network, user models.User) []models.Network {