get egress info on failover apis, add egress src validation for inet gws

controllers/egress.go

@@ -85,6 +85,14 @@ func createEgress(w http.ResponseWriter, r *http.Request) {
 		)
 		return
 	}
+	// for nodeID := range e.Nodes {
+	// 	node, err := logic.GetNodeByID(nodeID)
+	// 	if err != nil {
+	// 		logic.AddEgressInfoToNode(&node, e)
+	// 		logic.UpsertNode(&node)
+	// 	}
+
+	// }
 	go mq.PublishPeerUpdate(false)
 	logic.ReturnSuccessResponseWithJson(w, r, e, "created egress resource")
 }

logic/acls.go

@@ -271,10 +271,10 @@ func GetEgressRanges(netID models.NetworkID) (map[string][]string, map[string]st
 	return nodeEgressMap, resultMap, nil
 }
 
-func checkIfAclTagisValid(t models.AclPolicyTag, netID models.NetworkID, policyType models.AclPolicyType, isSrc bool) bool {
+func checkIfAclTagisValid(a models.Acl, t models.AclPolicyTag, isSrc bool) bool {
 	switch t.ID {
 	case models.NodeTagID:
-		if policyType == models.UserPolicy && isSrc {
+		if a.RuleType == models.UserPolicy && isSrc {
 			return false
 		}
 		// check if tag is valid
@@ -283,12 +283,12 @@ func checkIfAclTagisValid(t models.AclPolicyTag, netID models.NetworkID, policyT
 			return false
 		}
 	case models.NodeID:
-		if policyType == models.UserPolicy && isSrc {
+		if a.RuleType == models.UserPolicy && isSrc {
 			return false
 		}
 		_, nodeErr := GetNodeByID(t.Value)
 		if nodeErr != nil {
-			_, staticNodeErr := GetExtClient(t.Value, netID.String())
+			_, staticNodeErr := GetExtClient(t.Value, a.NetworkID.String())
 			if staticNodeErr != nil {
 				return false
 			}
@@ -301,9 +301,35 @@ func checkIfAclTagisValid(t models.AclPolicyTag, netID models.NetworkID, policyT
 		if err != nil {
 			return false
 		}
+		if e.IsInetGw {
+			req := models.InetNodeReq{}
+			for _, srcI := range a.Src {
+				if srcI.ID == models.NodeTagID {
+					nodesMap := GetNodesWithTag(models.TagID(srcI.Value))
+					for _, node := range nodesMap {
+						req.InetNodeClientIDs = append(req.InetNodeClientIDs, node.ID.String())
+					}
+				} else if srcI.ID == models.NodeID {
+					req.InetNodeClientIDs = append(req.InetNodeClientIDs, srcI.Value)
+				}
+			}
+			if len(e.Nodes) > 0 {
+				for k := range e.Nodes {
+					inetNode, err := GetNodeByID(k)
+					if err != nil {
+						return false
+					}
+					if ValidateInetGwReq(inetNode, req, false) != nil {
+						return false
+					}
+				}
+
+			}
+
+		}
 
 	case models.UserAclID:
-		if policyType == models.DevicePolicy {
+		if a.RuleType == models.DevicePolicy {
 			return false
 		}
 		if !isSrc {
@@ -314,7 +340,7 @@ func checkIfAclTagisValid(t models.AclPolicyTag, netID models.NetworkID, policyT
 			return false
 		}
 	case models.UserGroupAclID:
-		if policyType == models.DevicePolicy {
+		if a.RuleType == models.DevicePolicy {
 			return false
 		}
 		if !isSrc {
@@ -325,7 +351,7 @@ func checkIfAclTagisValid(t models.AclPolicyTag, netID models.NetworkID, policyT
 			return false
 		}
 		// check if group belongs to this network
-		netGrps := GetUserGroupsInNetwork(netID)
+		netGrps := GetUserGroupsInNetwork(a.NetworkID)
 		if _, ok := netGrps[models.UserGroupID(t.Value)]; !ok {
 			return false
 		}
@@ -351,7 +377,7 @@ func IsAclPolicyValid(acl models.Acl) bool {
 				continue
 			}
 			// check if user group is valid
-			if !checkIfAclTagisValid(srcI, acl.NetworkID, acl.RuleType, true) {
+			if !checkIfAclTagisValid(acl, srcI, true) {
 				return false
 			}
 		}
@@ -362,7 +388,7 @@ func IsAclPolicyValid(acl models.Acl) bool {
 			}
 
 			// check if user group is valid
-			if !checkIfAclTagisValid(dstI, acl.NetworkID, acl.RuleType, false) {
+			if !checkIfAclTagisValid(acl, dstI, false) {
 				return false
 			}
 		}
@@ -372,7 +398,7 @@ func IsAclPolicyValid(acl models.Acl) bool {
 				continue
 			}
 			// check if user group is valid
-			if !checkIfAclTagisValid(srcI, acl.NetworkID, acl.RuleType, true) {
+			if !checkIfAclTagisValid(acl, srcI, true) {
 				return false
 			}
 		}
@@ -382,7 +408,7 @@ func IsAclPolicyValid(acl models.Acl) bool {
 				continue
 			}
 			// check if user group is valid
-			if !checkIfAclTagisValid(dstI, acl.NetworkID, acl.RuleType, false) {
+			if !checkIfAclTagisValid(acl, dstI, false) {
 				return false
 			}
 		}

logic/egress.go

@@ -31,6 +31,24 @@ func ValidateEgressReq(e *schema.Egress) bool {
 		if err != nil {
 			return false
 		}
+	} else {
+		if len(e.Nodes) > 1 {
+			return false
+		}
+		req := models.InetNodeReq{}
+		if len(e.Nodes) > 0 {
+			for k := range e.Nodes {
+				inetNode, err := GetNodeByID(k)
+				if err != nil {
+					return false
+				}
+				if ValidateInetGwReq(inetNode, req, false) != nil {
+					return false
+				}
+			}
+
+		}
+
 	}
 	if len(e.Nodes) != 0 {
 		for k := range e.Nodes {
@@ -107,6 +125,52 @@ func IsNodeUsingInternetGw(node *models.Node) {
 	}
 }
 
+func AddEgressInfoToNode(targetNode *models.Node, e schema.Egress) {
+	req := models.EgressGatewayRequest{
+		NodeID: targetNode.ID.String(),
+		NetID:  targetNode.Network,
+	}
+	if metric, ok := e.Nodes[targetNode.ID.String()]; ok {
+		if e.IsInetGw {
+			targetNode.IsInternetGateway = true
+			targetNode.InetNodeReq = models.InetNodeReq{
+				InetNodeClientIDs: GetInetClientsFromAclPolicies(e.ID),
+			}
+			req.Ranges = append(req.Ranges, "0.0.0.0/0")
+			req.RangesWithMetric = append(req.RangesWithMetric, models.EgressRangeMetric{
+				Network:     "0.0.0.0/0",
+				Nat:         true,
+				RouteMetric: 256,
+			})
+			req.Ranges = append(req.Ranges, "::/0")
+			req.RangesWithMetric = append(req.RangesWithMetric, models.EgressRangeMetric{
+				Network:     "::/0",
+				Nat:         true,
+				RouteMetric: 256,
+			})
+		} else {
+			m64, err := metric.(json.Number).Int64()
+			if err != nil {
+				m64 = 256
+			}
+			m := uint32(m64)
+			req.Ranges = append(req.Ranges, e.Range)
+			req.RangesWithMetric = append(req.RangesWithMetric, models.EgressRangeMetric{
+				Network:     e.Range,
+				Nat:         e.Nat,
+				RouteMetric: m,
+			})
+		}
+
+	}
+	if e.Nat {
+		req.NatEnabled = "yes"
+	}
+	targetNode.IsEgressGateway = true
+	targetNode.EgressGatewayRanges = req.Ranges
+	targetNode.EgressGatewayRequest = req
+}
+
 func GetNodeEgressInfo(targetNode *models.Node) {
 	eli, _ := (&schema.Egress{Network: targetNode.Network}).ListByNetwork(db.WithContext(context.TODO()))
 	req := models.EgressGatewayRequest{
@@ -155,3 +219,14 @@ func GetNodeEgressInfo(targetNode *models.Node) {
 		targetNode.EgressGatewayRequest = req
 	}
 }
+
+func RemoveNodeFromEgress(node models.Node) {
+	egs, _ := (&schema.Egress{}).ListByNetwork(db.WithContext(context.TODO()))
+	for _, egI := range egs {
+		if _, ok := egI.Nodes[node.ID.String()]; ok {
+			delete(egI.Nodes, node.ID.String())
+			egI.Update(db.WithContext(context.TODO()))
+		}
+	}
+
+}

logic/nodes.go

@@ -320,8 +320,9 @@ func DeleteNode(node *models.Node, purge bool) error {
 	if err := DissasociateNodeFromHost(node, host); err != nil {
 		return err
 	}
-	go RemoveNodeFromAclPolicy(*node)
 
+	go RemoveNodeFromAclPolicy(*node)
+	go RemoveNodeFromEgress(*node)
 	return nil
 }
 

logic/peers.go

@@ -57,6 +57,9 @@ var (
 	GetAllowedIpForInetNodeClient = func(node, peer *models.Node) []net.IPNet {
 		return []net.IPNet{}
 	}
+	ValidateInetGwReq = func(inetNode models.Node, req models.InetNodeReq, update bool) error {
+		return nil
+	}
 )
 
 // GetHostPeerInfo - fetches required peer info per network

pro/controllers/failover.go

@@ -205,6 +205,8 @@ func failOverME(w http.ResponseWriter, r *http.Request) {
 		)
 		return
 	}
+	logic.GetNodeEgressInfo(&node)
+	logic.GetNodeEgressInfo(&peerNode)
 	if peerNode.IsFailOver {
 		logic.ReturnErrorResponse(
 			w,
@@ -349,6 +351,8 @@ func checkfailOverCtx(w http.ResponseWriter, r *http.Request) {
 		)
 		return
 	}
+	logic.GetNodeEgressInfo(&node)
+	logic.GetNodeEgressInfo(&peerNode)
 	if peerNode.IsFailOver {
 		logic.ReturnErrorResponse(
 			w,

pro/initialize.go

@@ -110,6 +110,7 @@ func InitPro() {
 	logic.DeleteMetrics = proLogic.DeleteMetrics
 	logic.GetTrialEndDate = getTrialEndDate
 	logic.SetDefaultGw = proLogic.SetDefaultGw
+	logic.ValidateInetGwReq = proLogic.ValidateInetGwReq
 	logic.SetDefaultGwForRelayedUpdate = proLogic.SetDefaultGwForRelayedUpdate
 	logic.UnsetInternetGw = proLogic.UnsetInternetGw
 	logic.SetInternetGw = proLogic.SetInternetGw