Skip to content

Commit

Permalink
fix(NET-799): fix acl allow/deny subcommands (#2736)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Aceix
Aceix authored Dec 20, 2023
1 parent 9fcefd7 commit 61d6b2f
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 18 deletions.
36 changes: 27 additions & 9 deletions cli/cmd/acl/allow.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package acl

import (
"fmt"
"log"

"github.com/gravitl/netmaker/cli/functions"
"github.com/gravitl/netmaker/logic/acls"
Expand All @@ -14,17 +15,34 @@ var aclAllowCmd = &cobra.Command{
Short: "Allow access from one node to another",
Long: `Allow access from one node to another`,
Run: func(cmd *cobra.Command, args []string) {
network := args[0]
fromNodeID := args[1]
toNodeID := args[2]
payload := acls.ACLContainer(map[acls.AclID]acls.ACL{
acls.AclID(fromNodeID): map[acls.AclID]byte{
acls.AclID(toNodeID): acls.Allowed,
},
acls.AclID(toNodeID): map[acls.AclID]byte{
acls.AclID(fromNodeID): acls.Allowed,
},
})
functions.UpdateACL(args[0], &payload)

if fromNodeID == toNodeID {
log.Fatal("Cannot allow access from a node to itself")
}

// get current acls
res := functions.GetACL(network)
if res == nil {
log.Fatalf("Could not load network ACLs")
}

payload := *res

if _, ok := payload[acls.AclID(fromNodeID)]; !ok {
log.Fatalf("Node %s does not exist", fromNodeID)
}
if _, ok := payload[acls.AclID(toNodeID)]; !ok {
log.Fatalf("Node %s does not exist", toNodeID)
}

// update acls
payload[acls.AclID(fromNodeID)][acls.AclID(toNodeID)] = acls.Allowed
payload[acls.AclID(toNodeID)][acls.AclID(fromNodeID)] = acls.Allowed

functions.UpdateACL(network, &payload)
fmt.Println("Success")
},
}
Expand Down
36 changes: 27 additions & 9 deletions cli/cmd/acl/deny.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package acl

import (
"fmt"
"log"

"github.com/gravitl/netmaker/cli/functions"
"github.com/gravitl/netmaker/logic/acls"
Expand All @@ -14,17 +15,34 @@ var aclDenyCmd = &cobra.Command{
Short: "Deny access from one node to another",
Long: `Deny access from one node to another`,
Run: func(cmd *cobra.Command, args []string) {
network := args[0]
fromNodeID := args[1]
toNodeID := args[2]
payload := acls.ACLContainer(map[acls.AclID]acls.ACL{
acls.AclID(fromNodeID): map[acls.AclID]byte{
acls.AclID(toNodeID): acls.NotAllowed,
},
acls.AclID(toNodeID): map[acls.AclID]byte{
acls.AclID(fromNodeID): acls.NotAllowed,
},
})
functions.UpdateACL(args[0], &payload)

if fromNodeID == toNodeID {
log.Fatal("Cannot deny access to self")
}

// get current acls
res := functions.GetACL(network)
if res == nil {
log.Fatalf("Could not load network ACLs")
}

payload := *res

if _, ok := payload[acls.AclID(fromNodeID)]; !ok {
log.Fatalf("Node [%s] does not exist", fromNodeID)
}
if _, ok := payload[acls.AclID(toNodeID)]; !ok {
log.Fatalf("Node [%s] does not exist", toNodeID)
}

// update acls
payload[acls.AclID(fromNodeID)][acls.AclID(toNodeID)] = acls.NotAllowed
payload[acls.AclID(toNodeID)][acls.AclID(fromNodeID)] = acls.NotAllowed

functions.UpdateACL(network, &payload)
fmt.Println("Success")
},
}
Expand Down

0 comments on commit 61d6b2f

Please sign in to comment.