|
|
@@ -54,10 +54,6 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
|
|
|
ID: models.UserAclID,
|
|
|
Value: "*",
|
|
|
},
|
|
|
- {
|
|
|
- ID: models.UserGroupAclID,
|
|
|
- Value: "*",
|
|
|
- },
|
|
|
},
|
|
|
Dst: []models.AclPolicyTag{{
|
|
|
ID: models.DeviceAclID,
|
|
|
@@ -285,6 +281,27 @@ func GetDefaultPolicy(netID models.NetworkID, ruleType models.AclPolicyType) (mo
|
|
|
if err != nil {
|
|
|
return models.Acl{}, errors.New("default rule not found")
|
|
|
}
|
|
|
+ if acl.Enabled {
|
|
|
+ return acl, nil
|
|
|
+ }
|
|
|
+ // check if there are any custom all policies
|
|
|
+ policies, _ := ListAcls(netID)
|
|
|
+ for _, policy := range policies {
|
|
|
+ if !policy.Enabled {
|
|
|
+ continue
|
|
|
+ }
|
|
|
+ if policy.RuleType == ruleType {
|
|
|
+ dstMap := convAclTagToValueMap(policy.Dst)
|
|
|
+ srcMap := convAclTagToValueMap(policy.Dst)
|
|
|
+ if _, ok := srcMap["*"]; ok {
|
|
|
+ if _, ok := dstMap["*"]; ok {
|
|
|
+ return policy, nil
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ }
|
|
|
+
|
|
|
return acl, nil
|
|
|
}
|
|
|
|
|
|
@@ -467,11 +484,6 @@ func IsNodeAllowedToCommunicate(node, peer models.Node) bool {
|
|
|
// fmt.Printf("\n======> DSTMAP: %+v\n", dstMap)
|
|
|
// fmt.Printf("\n======> node Tags: %+v\n", node.Tags)
|
|
|
// fmt.Printf("\n======> peer Tags: %+v\n", peer.Tags)
|
|
|
- if _, ok := srcMap["*"]; ok {
|
|
|
- if _, ok := dstMap["*"]; ok {
|
|
|
- return true
|
|
|
- }
|
|
|
- }
|
|
|
for tagID := range node.Tags {
|
|
|
if _, ok := dstMap[tagID.String()]; ok {
|
|
|
if _, ok := srcMap["*"]; ok {
|
abhishek9686