Accueil Explorer Aide
Connexion
golang
/
netmaker
miroir de https://github.com/gravitl/netmaker
2
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

fix: broadcast user groups update for acl changes

abhishek9686 il y a 3 jours
Parent
eee0a98435
commit
6f443d28cf
2 fichiers modifiés avec 49 ajouts et 45 suppressions
Vue séparée Afficher les stats Diff
  1. 7 3
      pro/controllers/users.go
  2. 42 42
      pro/logic/acls.go

+ 7 - 3
pro/controllers/users.go
Voir le fichier 

@@ -566,7 +566,7 @@ func updateUserGroup(w http.ResponseWriter, r *http.Request) {
 
 		},
 
 		Origin: models.Dashboard,
 
 	})
 
-
 
+	replacePeers := false
 
 	go func() {
 
 		networksAdded := make([]models.NetworkID, 0)
 
 		networksRemoved := make([]models.NetworkID, 0)
 
@@ -617,6 +617,7 @@ func updateUserGroup(w http.ResponseWriter, r *http.Request) {
 
 				CreatedAt:        time.Now().UTC(),
 
 			}
 
 			_ = logic.InsertAcl(acl)
 
+			replacePeers = true
 
 		}
 
 
 		// since this group doesn't have a role for this network,
 
@@ -648,6 +649,7 @@ func updateUserGroup(w http.ResponseWriter, r *http.Request) {
 
 						acl.Src = newAclSrc
 
 						_ = logic.UpsertAcl(acl)
 
 					}
 
+					replacePeers = true
 
 				}
 
 			}
 
 		}
 
@@ -655,6 +657,7 @@ func updateUserGroup(w http.ResponseWriter, r *http.Request) {
 
 
 	// reset configs for service user
 
 	go proLogic.UpdatesUserGwAccessOnGrpUpdates(userGroup.ID, currUserG.NetworkRoles, userGroup.NetworkRoles)
 
+	go mq.PublishPeerUpdate(replacePeers)
 
 	logic.ReturnSuccessResponseWithJson(w, r, userGroup, "updated user group")
 
 }
 
 
@@ -826,7 +829,7 @@ func deleteUserGroup(w http.ResponseWriter, r *http.Request) {
 
 		},
 
 		Origin: models.Dashboard,
 
 	})
 
-
 
+	replacePeers := false
 
 	go func() {
 
 		for networkID := range userG.NetworkRoles {
 
 			acls, err := logic.ListAclsByNetwork(networkID)
 
@@ -854,13 +857,14 @@ func deleteUserGroup(w http.ResponseWriter, r *http.Request) {
 
 						acl.Src = newAclSrc
 
 						_ = logic.UpsertAcl(acl)
 
 					}
 
+					replacePeers = true
 
 				}
 
 			}
 
 		}
 
 	}()
 
 
 	go proLogic.UpdatesUserGwAccessOnGrpUpdates(userG.ID, userG.NetworkRoles, make(map[models.NetworkID]map[models.UserRoleID]struct{}))
 
-	go mq.PublishPeerUpdate(false)
 
+	go mq.PublishPeerUpdate(replacePeers)
 
 	logic.ReturnSuccessResponseWithJson(w, r, nil, "deleted user group")
 
 }

+ 42 - 42
pro/logic/acls.go
Voir le fichier 

@@ -89,48 +89,48 @@ func GetFwRulesForUserNodesOnGw(node models.Node, nodes []models.Node) (rules []
 
 					}
 
 
 					// add egress ranges
 
-					// for _, dstI := range policy.Dst {
 
-					// 	if dstI.Value == "*" {
 
-					// 		rules = append(rules, models.FwRule{
 
-					// 			SrcIP:           userNodeI.StaticNode.AddressIPNet4(),
 
-					// 			DstIP:           net.IPNet{},
 
-					// 			AllowedProtocol: policy.Proto,
 
-					// 			AllowedPorts:    policy.Port,
 
-					// 			Allow:           true,
 
-					// 		})
 
-					// 		break
 
-					// 	}
 
-					// 	if dstI.ID == models.EgressID {
 
-
 
-					// 		e := schema.Egress{ID: dstI.Value}
 
-					// 		err := e.Get(db.WithContext(context.TODO()))
 
-					// 		if err != nil {
 
-					// 			continue
 
-					// 		}
 
-					// 		dstI.Value = e.Range
 
-
 
-					// 		ip, cidr, err := net.ParseCIDR(dstI.Value)
 
-					// 		if err == nil {
 
-					// 			if ip.To4() != nil && userNodeI.StaticNode.Address != "" {
 
-					// 				rules = append(rules, models.FwRule{
 
-					// 					SrcIP:           userNodeI.StaticNode.AddressIPNet4(),
 
-					// 					DstIP:           *cidr,
 
-					// 					AllowedProtocol: policy.Proto,
 
-					// 					AllowedPorts:    policy.Port,
 
-					// 					Allow:           true,
 
-					// 				})
 
-					// 			} else if ip.To16() != nil && userNodeI.StaticNode.Address6 != "" {
 
-					// 				rules = append(rules, models.FwRule{
 
-					// 					SrcIP:           userNodeI.StaticNode.AddressIPNet6(),
 
-					// 					DstIP:           *cidr,
 
-					// 					AllowedProtocol: policy.Proto,
 
-					// 					AllowedPorts:    policy.Port,
 
-					// 					Allow:           true,
 
-					// 				})
 
-					// 			}
 
-					// 		}
 
-					// 	}
 
-					// }
 
+					for _, dstI := range policy.Dst {
 
+						if dstI.Value == "*" {
 
+							rules = append(rules, models.FwRule{
 
+								SrcIP:           userNodeI.StaticNode.AddressIPNet4(),
 
+								DstIP:           net.IPNet{},
 
+								AllowedProtocol: policy.Proto,
 
+								AllowedPorts:    policy.Port,
 
+								Allow:           true,
 
+							})
 
+							break
 
+						}
 
+						if dstI.ID == models.EgressID {
 
+
 
+							e := schema.Egress{ID: dstI.Value}
 
+							err := e.Get(db.WithContext(context.TODO()))
 
+							if err != nil {
 
+								continue
 
+							}
 
+							dstI.Value = e.Range
 
+
 
+							ip, cidr, err := net.ParseCIDR(dstI.Value)
 
+							if err == nil {
 
+								if ip.To4() != nil && userNodeI.StaticNode.Address != "" {
 
+									rules = append(rules, models.FwRule{
 
+										SrcIP:           userNodeI.StaticNode.AddressIPNet4(),
 
+										DstIP:           *cidr,
 
+										AllowedProtocol: policy.Proto,
 
+										AllowedPorts:    policy.Port,
 
+										Allow:           true,
 
+									})
 
+								} else if ip.To16() != nil && userNodeI.StaticNode.Address6 != "" {
 
+									rules = append(rules, models.FwRule{
 
+										SrcIP:           userNodeI.StaticNode.AddressIPNet6(),
 
+										DstIP:           *cidr,
 
+										AllowedProtocol: policy.Proto,
 
+										AllowedPorts:    policy.Port,
 
+										Allow:           true,
 
+									})
 
+								}
 
+							}
 
+						}
 
+					}
 
 
 				}