change acls to use egress id

controllers/acls.go

@@ -51,7 +51,6 @@ func aclPolicyTypes(w http.ResponseWriter, r *http.Request) {
 		DstGroupTypes: []models.AclGroupType{
 			models.NodeTagID,
 			models.NodeID,
-			//models.EgressRange,
 			models.EgressID,
 			// models.NetmakerIPAclID,
 			// models.NetmakerSubNetRangeAClID,

logic/acls.go

@@ -289,17 +289,6 @@ func checkIfAclTagisValid(t models.AclPolicyTag, netID models.NetworkID, policyT
 				return false
 			}
 		}
-	case models.EgressRange:
-		if isSrc {
-			return false
-		}
-	// _, rangesMap, err := GetEgressRanges(netID)
-	// if err != nil {
-	// 	return false
-	// }
-	// if _, ok := rangesMap[t.Value]; !ok {
-	// 	return false
-	// }
 	case models.EgressID:
 		e := models.Egress{
 			ID: t.Value,
@@ -1246,16 +1235,34 @@ func getEgressUserRulesForNode(targetnode *models.Node,
 				r.IP6List = append(r.IP6List, userNode.StaticNode.AddressIPNet6())
 			}
 			for _, dstI := range acl.Dst {
-				if dstI.ID == models.EgressRange {
-					ip, cidr, err := net.ParseCIDR(dstI.Value)
-					if err == nil {
-						if ip.To4() != nil {
-							r.Dst = append(r.Dst, *cidr)
-						} else {
-							r.Dst6 = append(r.Dst6, *cidr)
-						}
+				if dstI.ID == models.EgressID {
+					e := models.Egress{ID: dstI.Value}
+					err := e.Get()
+					if err != nil {
+						continue
+					}
+					if e.IsInetGw {
+						r.Dst = append(r.Dst, net.IPNet{
+							IP:   net.IPv4zero,
+							Mask: net.CIDRMask(0, 32),
+						})
+						r.Dst6 = append(r.Dst6, net.IPNet{
+							IP:   net.IPv6zero,
+							Mask: net.CIDRMask(0, 128),
+						})
 
+					} else {
+						ip, cidr, err := net.ParseCIDR(e.Range)
+						if err == nil {
+							if ip.To4() != nil {
+								r.Dst = append(r.Dst, *cidr)
+							} else {
+								r.Dst6 = append(r.Dst6, *cidr)
+							}
+
+						}
 					}
+
 				}
 
 			}

logic/egress.go

@@ -42,12 +42,18 @@ func ValidateEgressReq(e *models.Egress) bool {
 func GetInetClientsFromAclPolicies(node *models.Node) (inetClientIDs []string) {
 	acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
 	for _, acl := range acls {
-		dstVal := convAclTagToValueMap(acl.Dst)
 		for _, dstI := range acl.Dst {
-			if _, ok := dstVal[node.ID.String()]; !ok {
-				continue
-			}
-			if dstI.ID == models.EgressRange && dstI.Value == "*" {
+			if dstI.ID == models.EgressID {
+				e := models.Egress{
+					ID: dstI.Value,
+				}
+				err := e.Get()
+				if err != nil {
+					continue
+				}
+				if _, ok := e.Nodes[node.ID.String()]; !ok {
+					continue
+				}
 				for _, srcI := range acl.Src {
 					if srcI.ID == models.NodeID {
 						inetClientIDs = append(inetClientIDs, srcI.Value)
@@ -67,20 +73,23 @@ func IsNodeUsingInternetGw(node *models.Node) {
 	for _, acl := range acls {
 		srcVal := convAclTagToValueMap(acl.Src)
 		for _, dstI := range acl.Dst {
-			if dstI.ID == models.EgressRange && dstI.Value == "*" {
-				if _, ok := srcVal[node.ID.String()]; ok {
-					for _, dstI := range acl.Dst {
-						if dstI.ID == models.NodeID {
-							node.InternetGwID = dstI.Value
+			if dstI.ID == models.EgressID {
+				e := models.Egress{ID: dstI.Value}
+				err := e.Get()
+				if err != nil {
+					continue
+				}
+				if e.IsInetGw {
+					if _, ok := srcVal[node.ID.String()]; ok {
+						for nodeID := range e.Nodes {
+							node.InternetGwID = nodeID
 							return
 						}
 					}
-				}
-				for tagID := range node.Tags {
-					if _, ok := srcVal[tagID.String()]; ok {
-						for _, dstI := range acl.Dst {
-							if dstI.ID == models.NodeID {
-								node.InternetGwID = dstI.Value
+					for tagID := range node.Tags {
+						if _, ok := srcVal[tagID.String()]; ok {
+							for nodeID := range e.Nodes {
+								node.InternetGwID = nodeID
 								return
 							}
 						}

logic/extpeers.go

@@ -627,7 +627,15 @@ func getFwRulesForNodeAndPeerOnGw(node, peer models.Node, allowedPolicies []mode
 
 		// add egress range rules
 		for _, dstI := range policy.Dst {
-			if dstI.ID == models.EgressRange {
+			if dstI.ID == models.EgressID {
+
+				e := models.Egress{ID: dstI.Value}
+				err := e.Get()
+				if err != nil {
+					continue
+				}
+				dstI.Value = e.Range
+
 				ip, cidr, err := net.ParseCIDR(dstI.Value)
 				if err == nil {
 					if ip.To4() != nil {
@@ -708,7 +716,15 @@ func getFwRulesForUserNodesOnGw(node models.Node, nodes []models.Node) (rules []
 
 						// add egress ranges
 						for _, dstI := range policy.Dst {
-							if dstI.ID == models.EgressRange {
+							if dstI.ID == models.EgressID {
+
+								e := models.Egress{ID: dstI.Value}
+								err := e.Get()
+								if err != nil {
+									continue
+								}
+								dstI.Value = e.Range
+
 								ip, cidr, err := net.ParseCIDR(dstI.Value)
 								if err == nil {
 									if ip.To4() != nil && userNodeI.StaticNode.Address != "" {

migrate/migrate.go

@@ -574,16 +574,12 @@ func migrateToEgressV1() {
 					ServiceType: models.Any,
 					NetworkID:   models.NetworkID(node.Network),
 					Proto:       models.ALL,
-					RuleType:    models.UserPolicy,
+					RuleType:    models.DevicePolicy,
 					Src:         src,
 					Dst: []models.AclPolicyTag{
 						{
-							ID:    models.NodeID,
-							Value: node.ID.String(),
-						},
-						{
-							ID:    models.EgressRange,
-							Value: "*",
+							ID:    models.EgressID,
+							Value: e.ID,
 						},
 					},
 

models/acl.go

@@ -59,7 +59,6 @@ const (
 	UserGroupAclID           AclGroupType = "user-group"
 	NodeTagID                AclGroupType = "tag"
 	NodeID                   AclGroupType = "device"
-	EgressRange              AclGroupType = "egress-range"
 	EgressID                 AclGroupType = "egress-id"
 	NetmakerIPAclID          AclGroupType = "ip"
 	NetmakerSubNetRangeAClID AclGroupType = "ipset"