Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

replace peers on acl updates

abhishek9686 9 months ago
parent
aa10e2e373
commit
7dcabb56f8
2 changed files with 18 additions and 13 deletions
Unified View Show Diff Stats
  1. 3 3
      controllers/acls.go
  2. 15 10
      logic/extpeers.go

+ 3 - 3
controllers/acls.go
View File 

@@ -214,7 +214,7 @@ func createAcl(w http.ResponseWriter, r *http.Request) {
 
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 
 		return
 
 		return
 
 	}
 
 	}
 
-	go mq.PublishPeerUpdate(false)
 
+	go mq.PublishPeerUpdate(true)
 
 	logic.ReturnSuccessResponseWithJson(w, r, acl, "created acl successfully")
 
 	logic.ReturnSuccessResponseWithJson(w, r, acl, "created acl successfully")
 
 }
 
 }
 
 
 
@@ -256,7 +256,7 @@ func updateAcl(w http.ResponseWriter, r *http.Request) {
 
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 
 		return
 
 		return
 
 	}
 
 	}
 
-	go mq.PublishPeerUpdate(false)
 
+	go mq.PublishPeerUpdate(true)
 
 	logic.ReturnSuccessResponse(w, r, "updated acl "+acl.Name)
 
 	logic.ReturnSuccessResponse(w, r, "updated acl "+acl.Name)
 
 }
 
 }
 
 
 
@@ -287,6 +287,6 @@ func deleteAcl(w http.ResponseWriter, r *http.Request) {
 
 			logic.FormatError(errors.New("cannot delete default policy"), "internal"))
 
 			logic.FormatError(errors.New("cannot delete default policy"), "internal"))
 
 		return
 
 		return
 
 	}
 
 	}
 
-	go mq.PublishPeerUpdate(false)
 
+	go mq.PublishPeerUpdate(true)
 
 	logic.ReturnSuccessResponse(w, r, "deleted acl "+acl.Name)
 
 	logic.ReturnSuccessResponse(w, r, "deleted acl "+acl.Name)
 
 }
 
 }

+ 15 - 10
logic/extpeers.go
View File 

@@ -483,15 +483,18 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 
 									AllowedPorts:    policy.Port,
 
 									AllowedPorts:    policy.Port,
 
 									Allow:           true,
 
 									Allow:           true,
 
 								})
 
 								})
 
+								rules = append(rules, models.FwRule{
 
+									SrcIP:           peer.StaticNode.AddressIPNet4(),
 
+									DstIP:           userNodeI.StaticNode.AddressIPNet4(),
 
+									AllowedProtocol: policy.Proto,
 
+									AllowedPorts:    policy.Port,
 
+									Allow:           true,
 
+								})
 
 
 
 							}
 
 							}
 
 
 
 						}
 
 						}
 
-						rules = append(rules, models.FwRule{
 
-							SrcIP: peer.StaticNode.AddressIPNet4(),
 
-							DstIP: userNodeI.StaticNode.AddressIPNet4(),
 
-							Allow: true,
 
-						})
 
+
 
 					}
 
 					}
 
 					if userNodeI.StaticNode.Address6 != "" {
 
 					if userNodeI.StaticNode.Address6 != "" {
 
 						if !defaultUserPolicy.Enabled {
 
 						if !defaultUserPolicy.Enabled {
 
@@ -503,15 +506,17 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 
 									AllowedProtocol: policy.Proto,
 
 									AllowedProtocol: policy.Proto,
 
 									AllowedPorts:    policy.Port,
 
 									AllowedPorts:    policy.Port,
 
 								})
 
 								})
 
+								rules = append(rules, models.FwRule{
 
+									SrcIP:           peer.StaticNode.AddressIPNet6(),
 
+									DstIP:           userNodeI.StaticNode.AddressIPNet6(),
 
+									AllowedProtocol: policy.Proto,
 
+									AllowedPorts:    policy.Port,
 
+									Allow:           true,
 
+								})
 
 
 
 							}
 
 							}
 
 						}
 
 						}
 
 
 
-						rules = append(rules, models.FwRule{
 
-							SrcIP: peer.StaticNode.AddressIPNet6(),
 
-							DstIP: userNodeI.StaticNode.AddressIPNet6(),
 
-							Allow: true,
 
-						})
 
 					}
 
 					}
 
 					if len(peer.StaticNode.ExtraAllowedIPs) > 0 {
 
 					if len(peer.StaticNode.ExtraAllowedIPs) > 0 {
 
 						for _, additionalAllowedIPNet := range peer.StaticNode.ExtraAllowedIPs {
 
 						for _, additionalAllowedIPNet := range peer.StaticNode.ExtraAllowedIPs {