|
@@ -39,16 +39,12 @@ func ValidateEgressReq(e *schema.Egress) error {
|
|
|
func DoesNodeHaveAccessToEgress(node *models.Node, e *schema.Egress, acls []models.Acl) bool {
|
|
func DoesNodeHaveAccessToEgress(node *models.Node, e *schema.Egress, acls []models.Acl) bool {
|
|
|
nodeTags := maps.Clone(node.Tags)
|
|
nodeTags := maps.Clone(node.Tags)
|
|
|
nodeTags[models.TagID(node.ID.String())] = struct{}{}
|
|
nodeTags[models.TagID(node.ID.String())] = struct{}{}
|
|
|
|
|
+ nodeTags[models.TagID("*")] = struct{}{}
|
|
|
for _, acl := range acls {
|
|
for _, acl := range acls {
|
|
|
if !acl.Enabled {
|
|
if !acl.Enabled {
|
|
|
continue
|
|
continue
|
|
|
}
|
|
}
|
|
|
srcVal := ConvAclTagToValueMap(acl.Src)
|
|
srcVal := ConvAclTagToValueMap(acl.Src)
|
|
|
- if acl.AllowedDirection == models.TrafficDirectionBi {
|
|
|
|
|
- if _, ok := srcVal["*"]; ok {
|
|
|
|
|
- return true
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
for _, dstI := range acl.Dst {
|
|
for _, dstI := range acl.Dst {
|
|
|
|
|
|
|
|
if dstI.ID == models.NodeTagID && dstI.Value == "*" {
|
|
if dstI.ID == models.NodeTagID && dstI.Value == "*" {
|
abhishek9686