Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix(NET-799): fix acl allow/deny subcommands (#2736)

Aceix 1 year ago
parent
9fcefd7911
commit
61d6b2fa3f
2 changed files with 54 additions and 18 deletions
Unified View Show Diff Stats
  1. 27 9
      cli/cmd/acl/allow.go
  2. 27 9
      cli/cmd/acl/deny.go

+ 27 - 9
cli/cmd/acl/allow.go
View File 

@@ -2,6 +2,7 @@ package acl
 
 
 
 import (
 
 import (
 
 	"fmt"
 
 	"fmt"
 
+	"log"
 
 
 
 	"github.com/gravitl/netmaker/cli/functions"
 
 	"github.com/gravitl/netmaker/cli/functions"
 
 	"github.com/gravitl/netmaker/logic/acls"
 
 	"github.com/gravitl/netmaker/logic/acls"
 
@@ -14,17 +15,34 @@ var aclAllowCmd = &cobra.Command{
 
 	Short: "Allow access from one node to another",
 
 	Short: "Allow access from one node to another",
 
 	Long:  `Allow access from one node to another`,
 
 	Long:  `Allow access from one node to another`,
 
 	Run: func(cmd *cobra.Command, args []string) {
 
 	Run: func(cmd *cobra.Command, args []string) {
 
+		network := args[0]
 
 		fromNodeID := args[1]
 
 		fromNodeID := args[1]
 
 		toNodeID := args[2]
 
 		toNodeID := args[2]
 
-		payload := acls.ACLContainer(map[acls.AclID]acls.ACL{
 
-			acls.AclID(fromNodeID): map[acls.AclID]byte{
 
-				acls.AclID(toNodeID): acls.Allowed,
 
-			},
 
-			acls.AclID(toNodeID): map[acls.AclID]byte{
 
-				acls.AclID(fromNodeID): acls.Allowed,
 
-			},
 
-		})
 
-		functions.UpdateACL(args[0], &payload)
 
+
 
+		if fromNodeID == toNodeID {
 
+			log.Fatal("Cannot allow access from a node to itself")
 
+		}
 
+
 
+		// get current acls
 
+		res := functions.GetACL(network)
 
+		if res == nil {
 
+			log.Fatalf("Could not load network ACLs")
 
+		}
 
+
 
+		payload := *res
 
+
 
+		if _, ok := payload[acls.AclID(fromNodeID)]; !ok {
 
+			log.Fatalf("Node %s does not exist", fromNodeID)
 
+		}
 
+		if _, ok := payload[acls.AclID(toNodeID)]; !ok {
 
+			log.Fatalf("Node %s does not exist", toNodeID)
 
+		}
 
+
 
+		// update acls
 
+		payload[acls.AclID(fromNodeID)][acls.AclID(toNodeID)] = acls.Allowed
 
+		payload[acls.AclID(toNodeID)][acls.AclID(fromNodeID)] = acls.Allowed
 
+
 
+		functions.UpdateACL(network, &payload)
 
 		fmt.Println("Success")
 
 		fmt.Println("Success")
 
 	},
 
 	},
 
 }
 
 }

+ 27 - 9
cli/cmd/acl/deny.go
View File 

@@ -2,6 +2,7 @@ package acl
 
 
 
 import (
 
 import (
 
 	"fmt"
 
 	"fmt"
 
+	"log"
 
 
 
 	"github.com/gravitl/netmaker/cli/functions"
 
 	"github.com/gravitl/netmaker/cli/functions"
 
 	"github.com/gravitl/netmaker/logic/acls"
 
 	"github.com/gravitl/netmaker/logic/acls"
 
@@ -14,17 +15,34 @@ var aclDenyCmd = &cobra.Command{
 
 	Short: "Deny access from one node to another",
 
 	Short: "Deny access from one node to another",
 
 	Long:  `Deny access from one node to another`,
 
 	Long:  `Deny access from one node to another`,
 
 	Run: func(cmd *cobra.Command, args []string) {
 
 	Run: func(cmd *cobra.Command, args []string) {
 
+		network := args[0]
 
 		fromNodeID := args[1]
 
 		fromNodeID := args[1]
 
 		toNodeID := args[2]
 
 		toNodeID := args[2]
 
-		payload := acls.ACLContainer(map[acls.AclID]acls.ACL{
 
-			acls.AclID(fromNodeID): map[acls.AclID]byte{
 
-				acls.AclID(toNodeID): acls.NotAllowed,
 
-			},
 
-			acls.AclID(toNodeID): map[acls.AclID]byte{
 
-				acls.AclID(fromNodeID): acls.NotAllowed,
 
-			},
 
-		})
 
-		functions.UpdateACL(args[0], &payload)
 
+
 
+		if fromNodeID == toNodeID {
 
+			log.Fatal("Cannot deny access to self")
 
+		}
 
+
 
+		// get current acls
 
+		res := functions.GetACL(network)
 
+		if res == nil {
 
+			log.Fatalf("Could not load network ACLs")
 
+		}
 
+
 
+		payload := *res
 
+
 
+		if _, ok := payload[acls.AclID(fromNodeID)]; !ok {
 
+			log.Fatalf("Node [%s] does not exist", fromNodeID)
 
+		}
 
+		if _, ok := payload[acls.AclID(toNodeID)]; !ok {
 
+			log.Fatalf("Node [%s] does not exist", toNodeID)
 
+		}
 
+
 
+		// update acls
 
+		payload[acls.AclID(fromNodeID)][acls.AclID(toNodeID)] = acls.NotAllowed
 
+		payload[acls.AclID(toNodeID)][acls.AclID(fromNodeID)] = acls.NotAllowed
 
+
 
+		functions.UpdateACL(network, &payload)
 
 		fmt.Println("Success")
 
 		fmt.Println("Success")
 
 	},
 
 	},
 
 }
 
 }