Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

handle static node rules on ingress gw

abhishek9686 9 months ago
parent
07f0181ebe
commit
8f935e8c10
4 changed files with 17 additions and 6 deletions
Split View Show Diff Stats
  1. 11 2
      logic/acls.go
  2. 1 2
      logic/extpeers.go
  3. 4 1
      logic/nodes.go
  4. 1 1
      logic/tags.go

+ 11 - 2
logic/acls.go
View File 

@@ -850,10 +850,19 @@ func getUserAclRulesForNode(targetnode *models.Node,
 
 
 func GetAclRulesForNode(targetnode *models.Node) (rules map[string]models.AclRule) {
 
 	defer func() {
 
-		rules = getUserAclRulesForNode(targetnode, rules)
 
+		if !targetnode.IsIngressGateway {
 
+			rules = getUserAclRulesForNode(targetnode, rules)
 
+		}
 
+
 
 	}()
 
 	rules = make(map[string]models.AclRule)
 
-	taggedNodes := GetTagMapWithNodesByNetwork(models.NetworkID(targetnode.Network))
 
+	var taggedNodes map[models.TagID][]models.Node
 
+	if targetnode.IsIngressGateway {
 
+		taggedNodes = GetTagMapWithNodesByNetwork(models.NetworkID(targetnode.Network), false)
 
+	} else {
 
+		taggedNodes = GetTagMapWithNodesByNetwork(models.NetworkID(targetnode.Network), true)
 
+	}
 
+
 
 	acls := listDevicePolicies(models.NetworkID(targetnode.Network))
 
 	for nodeTag := range targetnode.Tags {
 
 		for _, acl := range acls {

+ 1 - 2
logic/extpeers.go
View File 

@@ -459,6 +459,7 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 
 	defer func() {
 
 		logger.Log(0, fmt.Sprintf("node.ID: %s, Rules: %+v\n", node.ID, rules))
 
 	}()
 
+
 
 	defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
 
 	defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
 
 	nodes, _ := GetNetworkNodes(node.Network)
 
@@ -490,9 +491,7 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 
 									AllowedPorts:    policy.Port,
 
 									Allow:           true,
 
 								})
 
-
 
 							}
 
-
 
 						}
 
 
 					}

+ 4 - 1
logic/nodes.go
View File 

@@ -755,7 +755,7 @@ func GetTagMapWithNodes() (tagNodesMap map[models.TagID][]models.Node) {
 
 	return
 
 }
 
 
-func GetTagMapWithNodesByNetwork(netID models.NetworkID) (tagNodesMap map[models.TagID][]models.Node) {
 
+func GetTagMapWithNodesByNetwork(netID models.NetworkID, withStaticNodes bool) (tagNodesMap map[models.TagID][]models.Node) {
 
 	tagNodesMap = make(map[models.TagID][]models.Node)
 
 	nodes, _ := GetNetworkNodes(netID.String())
 
 	for _, nodeI := range nodes {
 
@@ -766,6 +766,9 @@ func GetTagMapWithNodesByNetwork(netID models.NetworkID) (tagNodesMap map[models
 
 			tagNodesMap[nodeTagID] = append(tagNodesMap[nodeTagID], nodeI)
 
 		}
 
 	}
 
+	if !withStaticNodes {
 
+		return
 
+	}
 
 	return AddTagMapWithStaticNodes(netID, tagNodesMap)
 
 }

+ 1 - 1
logic/tags.go
View File 

@@ -85,7 +85,7 @@ func ListTagsWithNodes(netID models.NetworkID) ([]models.TagListResp, error) {
 
 	if err != nil {
 
 		return []models.TagListResp{}, err
 
 	}
 
-	tagsNodeMap := GetTagMapWithNodesByNetwork(netID)
 
+	tagsNodeMap := GetTagMapWithNodesByNetwork(netID, true)
 
 	resp := []models.TagListResp{}
 
 	for _, tagI := range tags {
 
 		tagRespI := models.TagListResp{