Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

remove userips usage, add allow all to fwupdate

abhishek9686 10 months ago
parent
ffb75fa6c1
commit
c0f107b302
5 changed files with 24 additions and 16 deletions
Unified View Show Diff Stats
  1. 3 0
      logic/acls.go
  2. 5 4
      logic/extpeers.go
  3. 14 10
      logic/peers.go
  4. 1 1
      models/mqtt.go
  5. 1 1
      pro/logic/failover.go

+ 3 - 0
logic/acls.go
View File 

@@ -457,6 +457,9 @@ func IsUserAllowedToCommunicate(userName string, peer models.Node) bool {
 
 			continue
 
 			continue
 
 		}
 
 		}
 
 		dstMap := convAclTagToValueMap(policy.Dst)
 
 		dstMap := convAclTagToValueMap(policy.Dst)
 
+		if _, ok := dstMap["*"]; ok {
 
+			return true
 
+		}
 
 		for tagID := range peer.Tags {
 
 		for tagID := range peer.Tags {
 
 			if _, ok := dstMap[tagID.String()]; ok {
 
 			if _, ok := dstMap[tagID.String()]; ok {
 
 				return true
 
 				return true

+ 5 - 4
logic/extpeers.go
View File 

@@ -417,6 +417,7 @@ func GetStaticNodeIps(node models.Node) (ips []net.IP) {
 
 
 
 func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 
 func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 
 	// fetch user access to static clients via policies
 
 	// fetch user access to static clients via policies
 
+
 
 	nodes, _ := GetNetworkNodes(node.Network)
 
 	nodes, _ := GetNetworkNodes(node.Network)
 
 	nodes = append(nodes, GetStaticNodesByNetwork(models.NetworkID(node.Network), true)...)
 
 	nodes = append(nodes, GetStaticNodesByNetwork(models.NetworkID(node.Network), true)...)
 
 	userNodes := GetStaticUserNodesByNetwork(models.NetworkID(node.Network))
 
 	userNodes := GetStaticUserNodesByNetwork(models.NetworkID(node.Network))
 
@@ -521,18 +522,18 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 
 	return
 
 	return
 
 }
 
 }
 
 
 
-func GetExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, []models.EgressNetworkRoutes, []net.IP, error) {
 
+func GetExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, []models.EgressNetworkRoutes, error) {
 
 	var peers []wgtypes.PeerConfig
 
 	var peers []wgtypes.PeerConfig
 
 	var idsAndAddr []models.IDandAddr
 
 	var idsAndAddr []models.IDandAddr
 
 	var egressRoutes []models.EgressNetworkRoutes
 
 	var egressRoutes []models.EgressNetworkRoutes
 
 	var extUserIps []net.IP
 
 	var extUserIps []net.IP
 
 	extPeers, err := GetNetworkExtClients(node.Network)
 
 	extPeers, err := GetNetworkExtClients(node.Network)
 
 	if err != nil {
 
 	if err != nil {
 
-		return peers, idsAndAddr, egressRoutes, extUserIps, err
 
+		return peers, idsAndAddr, egressRoutes, err
 
 	}
 
 	}
 
 	host, err := GetHost(node.HostID.String())
 
 	host, err := GetHost(node.HostID.String())
 
 	if err != nil {
 
 	if err != nil {
 
-		return peers, idsAndAddr, egressRoutes, extUserIps, err
 
+		return peers, idsAndAddr, egressRoutes, err
 
 	}
 
 	}
 
 	for _, extPeer := range extPeers {
 
 	for _, extPeer := range extPeers {
 
 		extPeer := extPeer
 
 		extPeer := extPeer
 
@@ -613,7 +614,7 @@ func GetExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA
 
 			IsExtClient: true,
 
 			IsExtClient: true,
 
 		})
 
 		})
 
 	}
 
 	}
 
-	return peers, idsAndAddr, egressRoutes, extUserIps, nil
 
+	return peers, idsAndAddr, egressRoutes, nil
 
 
 
 }
 
 }

+ 14 - 10
logic/peers.go
View File 

@@ -288,19 +288,23 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 
 		var extPeers []wgtypes.PeerConfig
 
 		var extPeers []wgtypes.PeerConfig
 
 		var extPeerIDAndAddrs []models.IDandAddr
 
 		var extPeerIDAndAddrs []models.IDandAddr
 
 		var egressRoutes []models.EgressNetworkRoutes
 
 		var egressRoutes []models.EgressNetworkRoutes
 
-		var extUserIps []net.IP
 
 		if node.IsIngressGateway {
 
 		if node.IsIngressGateway {
 
 			hostPeerUpdate.FwUpdate.IsIngressGw = true
 
 			hostPeerUpdate.FwUpdate.IsIngressGw = true
 
-			extPeers, extPeerIDAndAddrs, egressRoutes, extUserIps, err = GetExtPeers(&node, &node)
 
+			extPeers, extPeerIDAndAddrs, egressRoutes, err = GetExtPeers(&node, &node)
 
 			if err == nil {
 
 			if err == nil {
 
-				hostPeerUpdate.FwUpdate.IngressInfo[node.ID.String()] = models.IngressInfo{
 
-					IngressID:     node.ID.String(),
 
-					UserIps:       extUserIps,
 
-					Network:       node.NetworkRange,
 
-					Network6:      node.NetworkRange6,
 
-					Rules:         GetFwRulesOnIngressGateway(node),
 
-					StaticNodeIps: GetStaticNodeIps(node),
 
+				defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
 
+				defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
 
+				ingFwUpdate := models.IngressInfo{
 
+					IngressID: node.ID.String(),
 
+					Network:   node.NetworkRange,
 
+					Network6:  node.NetworkRange6,
 
+					AllowAll:  defaultDevicePolicy.Enabled && defaultUserPolicy.Default,
 
 				}
 
 				}
 
+				if !ingFwUpdate.AllowAll {
 
+					ingFwUpdate.StaticNodeIps = GetStaticNodeIps(node)
 
+					ingFwUpdate.Rules = GetFwRulesOnIngressGateway(node)
 
+				}
 
+				hostPeerUpdate.FwUpdate.IngressInfo[node.ID.String()] = ingFwUpdate
 
 				hostPeerUpdate.EgressRoutes = append(hostPeerUpdate.EgressRoutes, egressRoutes...)
 
 				hostPeerUpdate.EgressRoutes = append(hostPeerUpdate.EgressRoutes, egressRoutes...)
 
 				hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...)
 
 				hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...)
 
 				for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
 
 				for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
 
@@ -432,7 +436,7 @@ func GetAllowedIPs(node, peer *models.Node, metrics *models.Metrics) []net.IPNet
 
 
 
 	// handle ingress gateway peers
 
 	// handle ingress gateway peers
 
 	if peer.IsIngressGateway {
 
 	if peer.IsIngressGateway {
 
-		extPeers, _, _, _, err := GetExtPeers(peer, node)
 
+		extPeers, _, _, err := GetExtPeers(peer, node)
 
 		if err != nil {
 
 		if err != nil {
 
 			logger.Log(2, "could not retrieve ext peers for ", peer.ID.String(), err.Error())
 
 			logger.Log(2, "could not retrieve ext peers for ", peer.ID.String(), err.Error())
 
 		}
 
 		}

+ 1 - 1
models/mqtt.go
View File 

@@ -37,9 +37,9 @@ type IngressInfo struct {
 
 	IngressID     string    `json:"ingress_id"`
 
 	IngressID     string    `json:"ingress_id"`
 
 	Network       net.IPNet `json:"network"`
 
 	Network       net.IPNet `json:"network"`
 
 	Network6      net.IPNet `json:"network6"`
 
 	Network6      net.IPNet `json:"network6"`
 
-	UserIps       []net.IP  `json:"user_ips"`
 
 	StaticNodeIps []net.IP  `json:"static_node_ips"`
 
 	StaticNodeIps []net.IP  `json:"static_node_ips"`
 
 	Rules         []FwRule  `json:"rules"`
 
 	Rules         []FwRule  `json:"rules"`
 
+	AllowAll      bool      `json:"allow_all"`
 
 }
 
 }
 
 
 
 // EgressInfo - struct for egress info
 
 // EgressInfo - struct for egress info

+ 1 - 1
pro/logic/failover.go
View File 

@@ -148,7 +148,7 @@ func GetFailOverPeerIps(peer, node *models.Node) []net.IPNet {
 
 			}
 
 			}
 
 			// handle ingress gateway peers
 
 			// handle ingress gateway peers
 
 			if failOverpeer.IsIngressGateway {
 
 			if failOverpeer.IsIngressGateway {
 
-				extPeers, _, _, _, err := logic.GetExtPeers(&failOverpeer, node)
 
+				extPeers, _, _, err := logic.GetExtPeers(&failOverpeer, node)
 
 				if err != nil {
 
 				if err != nil {
 
 					logger.Log(2, "could not retrieve ext peers for ", peer.ID.String(), err.Error())
 
 					logger.Log(2, "could not retrieve ext peers for ", peer.ID.String(), err.Error())
 
 				}
 
 				}