Merge pull request #3423 from gravitl/release-v0.90.0

Release v0.90.0

controllers/network.go

@@ -436,7 +436,7 @@ func getNetworkACL(w http.ResponseWriter, r *http.Request) {
 // @Security    oauth
 // @Param       networkname path string true "Network name"
 // @Produce     json
-// @Success     200 {object} acls.SuccessResponse
+// @Success     200 {object} models.SuccessResponse
 // @Failure     500 {object} models.ErrorResponse
 func getNetworkEgressRoutes(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)
@@ -627,6 +627,10 @@ func createNetwork(w http.ResponseWriter, r *http.Request) {
 			logic.CreateFailOver(*newNode)
 			// make host remote access gateway
 			logic.CreateIngressGateway(network.NetID, newNode.ID.String(), models.IngressRequest{})
+			logic.CreateRelay(models.RelayRequest{
+				NodeID: newNode.ID.String(),
+				NetID:  network.NetID,
+			})
 		}
 		// send peer updates
 		if err = mq.PublishPeerUpdate(false); err != nil {

logic/acls.go

@@ -1334,6 +1334,51 @@ func getUserAclRulesForNode(targetnode *models.Node,
 	return rules
 }
 
+func checkIfAnyActiveEgressPolicy(targetNode models.Node) bool {
+	if !targetNode.IsEgressGateway {
+		return false
+	}
+	var targetNodeTags = make(map[models.TagID]struct{})
+	if targetNode.Mutex != nil {
+		targetNode.Mutex.Lock()
+		targetNodeTags = maps.Clone(targetNode.Tags)
+		targetNode.Mutex.Unlock()
+	} else {
+		targetNodeTags = maps.Clone(targetNode.Tags)
+	}
+	if targetNodeTags == nil {
+		targetNodeTags = make(map[models.TagID]struct{})
+	}
+	targetNodeTags[models.TagID(targetNode.ID.String())] = struct{}{}
+	targetNodeTags["*"] = struct{}{}
+	acls, _ := ListAclsByNetwork(models.NetworkID(targetNode.Network))
+	for _, acl := range acls {
+		if !acl.Enabled {
+			continue
+		}
+		srcTags := convAclTagToValueMap(acl.Src)
+		dstTags := convAclTagToValueMap(acl.Dst)
+		for nodeTag := range targetNodeTags {
+			if acl.RuleType == models.DevicePolicy {
+				if _, ok := srcTags[nodeTag.String()]; ok {
+					return true
+				}
+				if _, ok := srcTags[targetNode.ID.String()]; ok {
+					return true
+				}
+			}
+
+			if _, ok := dstTags[nodeTag.String()]; ok {
+				return true
+			}
+			if _, ok := dstTags[targetNode.ID.String()]; ok {
+				return true
+			}
+		}
+	}
+	return false
+}
+
 func checkIfAnyPolicyisUniDirectional(targetNode models.Node) bool {
 	var targetNodeTags = make(map[models.TagID]struct{})
 	if targetNode.Mutex != nil {
@@ -1617,7 +1662,7 @@ func GetEgressRulesForNode(targetnode models.Node) (rules map[string]models.AclR
 	/*
 		 if target node is egress gateway
 			if acl policy has egress route and it is present in target node egress ranges
-			fetches all the nodes in that policy and add rules
+			fetch all the nodes in that policy and add rules
 	*/
 
 	for _, rangeI := range targetnode.EgressGatewayRanges {

logic/peers.go

@@ -204,7 +204,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 		defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
 		defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
 
-		if (defaultDevicePolicy.Enabled && defaultUserPolicy.Enabled) || !checkIfAnyPolicyisUniDirectional(node) {
+		if (defaultDevicePolicy.Enabled && defaultUserPolicy.Enabled) || (!checkIfAnyPolicyisUniDirectional(node) && !checkIfAnyActiveEgressPolicy(node)) {
 			if node.NetworkRange.IP != nil {
 				hostPeerUpdate.FwUpdate.AllowedNetworks = append(hostPeerUpdate.FwUpdate.AllowedNetworks, node.NetworkRange)
 			}

swagger.yaml

@@ -1,7 +1,6 @@
 definitions:
   acls.ACL:
     additionalProperties:
-      format: int32
       type: integer
     type: object
   acls.ACLContainer:
@@ -56,15 +55,15 @@ definitions:
         type: string
       egressesLimit:
         type: integer
-      email_sender_addr:
+      emailSenderAddr:
         type: string
-      email_sender_password:
+      emailSenderPassword:
         type: string
-      email_sender_user:
+      emailSenderUser:
         type: string
       emqxRestEndpoint:
         type: string
-      endpoint_detection:
+      endpointDetection:
         type: boolean
       environment:
         type: string
@@ -91,6 +90,8 @@ definitions:
         type: string
       metricsExporter:
         type: string
+      metricsPort:
+        type: integer
       mqpassword:
         type: string
       mquserName:
@@ -115,15 +116,17 @@ definitions:
         type: string
       racAutoDisable:
         type: boolean
+      racRestrictToSingleNetwork:
+        type: boolean
       restBackend:
         type: string
       server:
         type: string
       serverBrokerEndpoint:
         type: string
-      smtp_host:
+      smtpHost:
         type: string
-      smtp_port:
+      smtpPort:
         type: integer
       sqlconn:
         type: string
@@ -200,6 +203,14 @@ definitions:
         allOf:
         - $ref: '#/definitions/models.AllowedTrafficDirection'
         description: single or two-way
+      dst:
+        items:
+          $ref: '#/definitions/net.IPNet'
+        type: array
+      dst6:
+        items:
+          $ref: '#/definitions/net.IPNet'
+        type: array
       id:
         type: string
       ip_list:
@@ -306,6 +317,10 @@ definitions:
         items:
           type: string
         type: array
+      egressgatewayranges_with_metric:
+        items:
+          $ref: '#/definitions/models.EgressRangeMetric'
+        type: array
       expdatetime:
         format: int64
         type: integer
@@ -424,9 +439,17 @@ definitions:
         items:
           type: string
         type: array
+      ranges_with_metric:
+        items:
+          $ref: '#/definitions/models.EgressRangeMetric'
+        type: array
     type: object
   models.EgressInfo:
     properties:
+      egress_fw_rules:
+        additionalProperties:
+          $ref: '#/definitions/models.AclRule'
+        type: object
       egress_gateway_cfg:
         $ref: '#/definitions/models.EgressGatewayRequest'
       egress_gw_addr:
@@ -450,10 +473,26 @@ definitions:
         items:
           type: string
         type: array
+      egress_ranges_metric:
+        items:
+          $ref: '#/definitions/models.EgressRangeMetric'
+        type: array
+      network:
+        type: string
       node_addr:
         $ref: '#/definitions/net.IPNet'
       node_addr6:
         $ref: '#/definitions/net.IPNet'
+      peer_key:
+        type: string
+    type: object
+  models.EgressRangeMetric:
+    properties:
+      network:
+        type: string
+      route_metric:
+        description: preffered range 1-999
+        type: integer
     type: object
   models.EnrollmentKey:
     properties:
@@ -687,6 +726,7 @@ definitions:
   models.HostMqAction:
     enum:
     - UPGRADE
+    - FORCE_UPGRADE
     - SIGNAL_HOST
     - UPDATE_HOST
     - DELETE_HOST
@@ -701,6 +741,7 @@ definitions:
     type: string
     x-enum-varnames:
     - Upgrade
+    - ForceUpgrade
     - SignalHost
     - UpdateHost
     - DeleteHost
@@ -724,6 +765,8 @@ definitions:
         type: boolean
       listen_port:
         type: integer
+      version:
+        type: string
     type: object
   models.HostPull:
     properties:
@@ -821,8 +864,6 @@ definitions:
     type: object
   models.IngressInfo:
     properties:
-      allow_all:
-        type: boolean
       egress_ranges:
         items:
           $ref: '#/definitions/net.IPNet'
@@ -933,6 +974,10 @@ definitions:
         type: string
       defaultudpholepunch:
         type: string
+      dns_nameservers:
+        items:
+          type: string
+        type: array
       isipv4:
         type: string
       isipv6:
@@ -1013,6 +1058,8 @@ definitions:
         type: string
       is_fail_over:
         type: boolean
+      is_gw:
+        type: boolean
       is_static:
         type: boolean
       is_user_node:
@@ -1090,6 +1137,7 @@ definitions:
     - warning
     - error
     - unknown
+    - disconnected
     type: string
     x-enum-varnames:
     - OnlineSt
@@ -1097,6 +1145,7 @@ definitions:
     - WarningSt
     - ErrorSt
     - UnKnown
+    - Disconnected
   models.PeerMap:
     additionalProperties:
       $ref: '#/definitions/models.IDandAddr'
@@ -1120,17 +1169,6 @@ definitions:
       server_config:
         $ref: '#/definitions/models.ServerConfig'
     type: object
-  models.RelayRequest:
-    properties:
-      netid:
-        type: string
-      nodeid:
-        type: string
-      relayaddrs:
-        items:
-          type: string
-        type: array
-    type: object
   models.ReturnUser:
     properties:
       auth_type:
@@ -1194,10 +1232,14 @@ definitions:
         type: string
       dnsmode:
         type: string
+      endpointDetection:
+        type: boolean
       manageDNS:
         type: boolean
       metricInterval:
         type: string
+      metricsPort:
+        type: integer
       mqpassword:
         type: string
       mqport:
@@ -1293,7 +1335,6 @@ definitions:
           type: object
         type: object
       username:
-        maxLength: 40
         minLength: 3
         type: string
     required:
@@ -1308,12 +1349,16 @@ definitions:
     type: object
   models.UserRemoteGws:
     properties:
+      addresses:
+        type: string
       allowed_endpoints:
         items:
           type: string
         type: array
       connected:
         type: boolean
+      dns_address:
+        type: string
       gw_client:
         $ref: '#/definitions/models.ExtClient'
       gw_listen_port:
@@ -1334,6 +1379,8 @@ definitions:
         type: array
       remote_access_gw_id:
         type: string
+      status:
+        $ref: '#/definitions/models.NodeStatus'
     type: object
   models.UserRoleID:
     enum:
@@ -1390,7 +1437,6 @@ definitions:
       mask:
         description: network mask
         items:
-          format: int32
           type: integer
         type: array
     type: object
@@ -1427,7 +1473,6 @@ definitions:
           for this peer, if not nil.
 
           A non-nil value of 0 will clear the persistent keepalive interval.
-        format: int64
         type: integer
       presharedKey:
         description: |-
@@ -1826,6 +1871,28 @@ paths:
       summary: Get the current public IP address.
       tags:
       - IP Service
+  /api/host/{hostid}/peer_info:
+    get:
+      parameters:
+      - description: Host ID
+        in: path
+        name: hostid
+        required: true
+        type: string
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/models.SuccessResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/models.ErrorResponse'
+      security:
+      - oauth: []
+      summary: Fetches host peerinfo
+      tags:
+      - Hosts
   /api/hosts:
     get:
       responses:
@@ -2006,6 +2073,10 @@ paths:
         name: hostid
         required: true
         type: string
+      - description: Force upgrade
+        in: query
+        name: force
+        type: boolean
       responses:
         "200":
           description: passed message to upgrade host
@@ -2067,6 +2138,35 @@ paths:
       summary: Update keys for all hosts
       tags:
       - Hosts
+  /api/hosts/sync:
+    post:
+      responses:
+        "200":
+          description: sync all hosts request received
+          schema:
+            type: string
+      security:
+      - oauth: []
+      summary: Requests all the hosts to pull
+      tags:
+      - Hosts
+  /api/hosts/upgrade:
+    post:
+      parameters:
+      - description: Force upgrade
+        in: query
+        name: force
+        type: boolean
+      responses:
+        "200":
+          description: upgrade all hosts request received
+          schema:
+            type: string
+      security:
+      - oauth: []
+      summary: Requests all the hosts to upgrade their version
+      tags:
+      - Hosts
   /api/networks:
     get:
       produces:
@@ -2117,6 +2217,10 @@ paths:
         name: networkname
         required: true
         type: string
+      - description: Force Delete
+        in: query
+        name: force
+        type: boolean
       produces:
       - application/json
       responses:
@@ -2280,6 +2384,30 @@ paths:
       summary: Update a network ACL (Access Control List)
       tags:
       - Networks
+  /api/networks/{networkname}/egress_routes:
+    get:
+      parameters:
+      - description: Network name
+        in: path
+        name: networkname
+        required: true
+        type: string
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/models.SuccessResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/models.ErrorResponse'
+      security:
+      - oauth: []
+      summary: Get a network Egress routes
+      tags:
+      - Networks
   /api/nodes:
     get:
       responses:
@@ -2358,61 +2486,6 @@ paths:
       summary: Create an egress gateway
       tags:
       - Nodes
-  /api/nodes/{network}/{nodeid}/createingress:
-    post:
-      responses:
-        "200":
-          description: OK
-          schema:
-            $ref: '#/definitions/models.ApiNode'
-        "500":
-          description: Internal Server Error
-          schema:
-            $ref: '#/definitions/models.ErrorResponse'
-      security:
-      - oauth2: []
-      summary: Create an remote access gateway
-      tags:
-      - Nodes
-  /api/nodes/{network}/{nodeid}/createrelay:
-    post:
-      consumes:
-      - application/json
-      parameters:
-      - description: Network ID
-        in: path
-        name: network
-        required: true
-        type: string
-      - description: Node ID
-        in: path
-        name: nodeid
-        required: true
-        type: string
-      - description: Relay request parameters
-        in: body
-        name: body
-        required: true
-        schema:
-          $ref: '#/definitions/models.RelayRequest'
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: OK
-          schema:
-            $ref: '#/definitions/models.ApiNode'
-        "400":
-          description: Bad Request
-          schema:
-            $ref: '#/definitions/models.ErrorResponse'
-        "500":
-          description: Internal Server Error
-          schema:
-            $ref: '#/definitions/models.ErrorResponse'
-      summary: Create a relay
-      tags:
-      - PRO
   /api/nodes/{network}/{nodeid}/deletegateway:
     delete:
       responses:
@@ -2429,7 +2502,7 @@ paths:
       summary: Delete an egress gateway
       tags:
       - Nodes
-  /api/nodes/{network}/{nodeid}/deleteingress:
+  /api/nodes/{network}/{nodeid}/gateway:
     delete:
       responses:
         "200":
@@ -2442,42 +2515,24 @@ paths:
             $ref: '#/definitions/models.ErrorResponse'
       security:
       - oauth2: []
-      summary: Delete an remote access gateway
+      summary: Delete a gateway
       tags:
       - Nodes
-  /api/nodes/{network}/{nodeid}/deleterelay:
-    delete:
-      consumes:
-      - application/json
-      parameters:
-      - description: Network ID
-        in: path
-        name: network
-        required: true
-        type: string
-      - description: Node ID
-        in: path
-        name: nodeid
-        required: true
-        type: string
-      produces:
-      - application/json
+    post:
       responses:
         "200":
           description: OK
           schema:
             $ref: '#/definitions/models.ApiNode'
-        "400":
-          description: Bad Request
-          schema:
-            $ref: '#/definitions/models.ErrorResponse'
         "500":
           description: Internal Server Error
           schema:
             $ref: '#/definitions/models.ErrorResponse'
-      summary: Remove a relay
+      security:
+      - oauth2: []
+      summary: Create a gateway
       tags:
-      - PRO
+      - Nodes
   /api/nodes/{network}/{nodeid}/inet_gw:
     delete:
       parameters:
@@ -3425,6 +3480,38 @@ paths:
       summary: Create failover node
       tags:
       - PRO
+  /api/v1/node/{nodeid}/failover_check:
+    get:
+      consumes:
+      - application/json
+      parameters:
+      - description: Node ID
+        in: path
+        name: nodeid
+        required: true
+        type: string
+      - description: Failover request
+        in: body
+        name: body
+        required: true
+        schema:
+          $ref: '#/definitions/models.FailOverMeReq'
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/models.SuccessResponse'
+        "400":
+          description: Bad Request
+          schema:
+            $ref: '#/definitions/models.ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/models.ErrorResponse'
+      summary: checkfailOverCtx
+      tags:
+      - PRO
   /api/v1/node/{nodeid}/failover_me:
     post:
       consumes:
@@ -3457,6 +3544,22 @@ paths:
       summary: Failover me
       tags:
       - PRO
+  /api/v1/nodes/{network}/status:
+    get:
+      responses:
+        "200":
+          description: OK
+          schema:
+            items:
+              $ref: '#/definitions/models.ApiNode'
+            type: array
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/models.ErrorResponse'
+      summary: Get all nodes status on the network
+      tags:
+      - Nodes
   /api/v1/tags:
     delete:
       consumes: