Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

added default acl value option for networks

0xdcarns 3 years ago
parent
ed1dcc9844
commit
5ba79afeba
3 changed files with 21 additions and 3 deletions
Split View Show Diff Stats
  1. 6 1
      controllers/ext_client.go
  2. 10 2
      logic/nodes.go
  3. 5 0
      models/network.go

+ 6 - 1
controllers/ext_client.go
View File 

@@ -235,8 +235,13 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
 
 		return
 
 	}
 
 	extclient.IngressGatewayEndpoint = node.Endpoint + ":" + strconv.FormatInt(int64(node.ListenPort), 10)
 
-	// TODO, could rely on network template as well in future
 
+
 
 	extclient.Enabled = true
 
+	parentNetwork, err := logic.GetNetwork(networkName)
 
+	if err == nil { // check if parent network default ACL is enabled (yes) or not (no)
 
+		extclient.Enabled = parentNetwork.DefaultACL == "yes"
 
+	}
 
+
 
 	err = json.NewDecoder(r.Body).Decode(&extclient)
 
 	if err != nil && !errors.Is(err, io.EOF) {
 
 		returnErrorResponse(w, r, formatError(err, "internal"))

+ 10 - 2
logic/nodes.go
View File 

@@ -311,8 +311,16 @@ func CreateNode(node *models.Node) error {
 
 	if err != nil {
 
 		return err
 
 	}
 
-	// TODO get template logic to decide initial ACL value
 
-	_, err = nodeacls.CreateNodeACL(nodeacls.NetworkID(node.Network), nodeacls.NodeID(node.ID), acls.Allowed)
 
+
 
+	defaultACLVal := acls.Allowed
 
+	parentNetwork, err := GetNetwork(node.Network)
 
+	if err == nil {
 
+		if parentNetwork.DefaultACL != "yes" {
 
+			defaultACLVal = acls.NotAllowed
 
+		}
 
+	}
 
+
 
+	_, err = nodeacls.CreateNodeACL(nodeacls.NetworkID(node.Network), nodeacls.NodeID(node.ID), defaultACLVal)
 
 	if err != nil {
 
 		logger.Log(1, "failed to create node ACL for node,", node.ID, "err:", err.Error())
 
 		return err

+ 5 - 0
models/network.go
View File 

@@ -32,6 +32,7 @@ type Network struct {
 
 	DefaultMTU          int32       `json:"defaultmtu" bson:"defaultmtu"`
 
 	// consider removing - may be depreciated
 
 	DefaultServerAddrs []ServerAddr `json:"defaultserveraddrs" bson:"defaultserveraddrs" yaml:"defaultserveraddrs"`
 
+	DefaultACL         string       `json:"defaultacl" bson:"defaultacl" yaml:"defaultacl" validate:"checkyesorno"`
 
 }
 
 
 // SaveData - sensitive fields of a network that should be kept the same
 
@@ -96,4 +97,8 @@ func (network *Network) SetDefaults() {
 
 	if network.DefaultMTU == 0 {
 
 		network.DefaultMTU = 1280
 
 	}
 
+
 
+	if network.DefaultACL == "" {
 
+		network.DefaultACL = "yes"
 
+	}
 
 }