Accueil Explorer Aide
Connexion
golang
/
netmaker
miroir de https://github.com/gravitl/netmaker
2
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

remove node id from acls when deleted

abhishek9686 il y a 7 mois
Parent
41fa0b1bce
commit
ed1f48a4b4
3 fichiers modifiés avec 74 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 72 0
      logic/acls.go
  2. 1 0
      logic/extpeers.go
  3. 1 0
      logic/nodes.go

+ 72 - 0
logic/acls.go
Voir le fichier 

@@ -654,6 +654,78 @@ func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
 
 	}
 
 	return false
 
 }
 
+func RemoveNodeFromAclPolicy(node models.Node) {
 
+	var nodeID string
 
+	if node.IsStatic {
 
+		nodeID = node.StaticNode.ClientID
 
+	} else {
 
+		nodeID = node.ID.String()
 
+	}
 
+	acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
 
+	for _, acl := range acls {
 
+		delete := false
 
+		update := false
 
+		if acl.RuleType == models.DevicePolicy {
 
+			for i, srcI := range acl.Src {
 
+				if srcI.ID == models.NodeID && srcI.Value == nodeID {
 
+					if len(acl.Src) == 1 {
 
+						// delete policy
 
+						delete = true
 
+						break
 
+					} else {
 
+						acl.Src = append(acl.Src[:i], acl.Src[i+1:]...)
 
+						update = true
 
+					}
 
+				}
 
+			}
 
+			if delete {
 
+				DeleteAcl(acl)
 
+				continue
 
+			}
 
+			for i, dstI := range acl.Dst {
 
+				if dstI.ID == models.NodeID && dstI.Value == nodeID {
 
+					if len(acl.Dst) == 1 {
 
+						// delete policy
 
+						delete = true
 
+						break
 
+					} else {
 
+						acl.Dst = append(acl.Dst[:i], acl.Dst[i+1:]...)
 
+						update = true
 
+					}
 
+				}
 
+			}
 
+			if delete {
 
+				DeleteAcl(acl)
 
+				continue
 
+			}
 
+			if update {
 
+				UpsertAcl(acl)
 
+			}
 
+
 
+		}
 
+		if acl.RuleType == models.UserPolicy {
 
+			for i, dstI := range acl.Dst {
 
+				if dstI.ID == models.NodeID && dstI.Value == nodeID {
 
+					if len(acl.Dst) == 1 {
 
+						// delete policy
 
+						delete = true
 
+						break
 
+					} else {
 
+						acl.Dst = append(acl.Dst[:i], acl.Dst[i+1:]...)
 
+						update = true
 
+					}
 
+				}
 
+			}
 
+			if delete {
 
+				DeleteAcl(acl)
 
+				continue
 
+			}
 
+			if update {
 
+				UpsertAcl(acl)
 
+			}
 
+		}
 
+	}
 
+}
 
 
 func checkTagGroupPolicy(srcMap, dstMap map[string]struct{}, node, peer models.Node,
 
 	nodeTags, peerTags map[models.TagID]struct{}) bool {

+ 1 - 0
logic/extpeers.go
Voir le fichier 

@@ -134,6 +134,7 @@ func DeleteExtClientAndCleanup(extClient models.ExtClient) error {
 
 		slog.Error("DeleteExtClientAndCleanup-update network acls:", "Error", err.Error())
 
 		return err
 
 	}
 
+	go RemoveNodeFromAclPolicy(extClient.ConvertToStaticNode())
 
 
 	return nil
 
 }

+ 1 - 0
logic/nodes.go
Voir le fichier 

@@ -312,6 +312,7 @@ func DeleteNode(node *models.Node, purge bool) error {
 
 	if err := DissasociateNodeFromHost(node, host); err != nil {
 
 		return err
 
 	}
 
+	go RemoveNodeFromAclPolicy(*node)
 
 
 	return nil
 
 }