2022-05-21 15:21:39 +02:00
|
|
|
package server
|
|
|
|
|
2023-03-13 15:14:18 +01:00
|
|
|
import "fmt"
|
2022-05-21 15:21:39 +02:00
|
|
|
|
|
|
|
// TrafficFlowType defines allowed direction of the traffic in the rule
|
|
|
|
type TrafficFlowType int
|
|
|
|
|
|
|
|
const (
|
|
|
|
// TrafficFlowBidirect allows traffic to both direction
|
|
|
|
TrafficFlowBidirect TrafficFlowType = iota
|
2022-06-14 10:32:54 +02:00
|
|
|
// TrafficFlowBidirectString allows traffic to both direction
|
|
|
|
TrafficFlowBidirectString = "bidirect"
|
|
|
|
// DefaultRuleName is a name for the Default rule that is created for every account
|
|
|
|
DefaultRuleName = "Default"
|
|
|
|
// DefaultRuleDescription is a description for the Default rule that is created for every account
|
|
|
|
DefaultRuleDescription = "This is a default rule that allows connections between all the resources"
|
2023-03-13 15:14:18 +01:00
|
|
|
// DefaultPolicyName is a name for the Default policy that is created for every account
|
|
|
|
DefaultPolicyName = "Default"
|
|
|
|
// DefaultPolicyDescription is a description for the Default policy that is created for every account
|
|
|
|
DefaultPolicyDescription = "This is a default policy that allows connections between all the resources"
|
2022-05-21 15:21:39 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// Rule of ACL for groups
|
|
|
|
type Rule struct {
|
|
|
|
// ID of the rule
|
|
|
|
ID string
|
|
|
|
|
|
|
|
// Name of the rule visible in the UI
|
|
|
|
Name string
|
|
|
|
|
2022-06-14 10:32:54 +02:00
|
|
|
// Description of the rule visible in the UI
|
|
|
|
Description string
|
|
|
|
|
|
|
|
// Disabled status of rule in the system
|
|
|
|
Disabled bool
|
|
|
|
|
2022-05-21 15:21:39 +02:00
|
|
|
// Source list of groups IDs of peers
|
|
|
|
Source []string
|
|
|
|
|
|
|
|
// Destination list of groups IDs of peers
|
|
|
|
Destination []string
|
|
|
|
|
|
|
|
// Flow of the traffic allowed by the rule
|
|
|
|
Flow TrafficFlowType
|
|
|
|
}
|
|
|
|
|
|
|
|
func (r *Rule) Copy() *Rule {
|
|
|
|
return &Rule{
|
|
|
|
ID: r.ID,
|
|
|
|
Name: r.Name,
|
2022-06-14 10:32:54 +02:00
|
|
|
Description: r.Description,
|
|
|
|
Disabled: r.Disabled,
|
2022-05-21 15:21:39 +02:00
|
|
|
Source: r.Source[:],
|
|
|
|
Destination: r.Destination[:],
|
|
|
|
Flow: r.Flow,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-02 15:11:32 +01:00
|
|
|
// EventMeta returns activity event meta related to this rule
|
|
|
|
func (r *Rule) EventMeta() map[string]any {
|
|
|
|
return map[string]any{"name": r.Name}
|
|
|
|
}
|
|
|
|
|
2023-03-13 15:14:18 +01:00
|
|
|
// ToPolicyRule converts a Rule to a PolicyRule object
|
|
|
|
func (r *Rule) ToPolicyRule() *PolicyRule {
|
|
|
|
if r == nil {
|
|
|
|
return nil
|
2022-11-05 10:24:50 +01:00
|
|
|
}
|
2023-03-13 15:14:18 +01:00
|
|
|
return &PolicyRule{
|
|
|
|
ID: r.ID,
|
|
|
|
Name: r.Name,
|
|
|
|
Enabled: !r.Disabled,
|
|
|
|
Description: r.Description,
|
|
|
|
Action: PolicyTrafficActionAccept,
|
|
|
|
Destinations: r.Destination,
|
|
|
|
Sources: r.Source,
|
2022-05-21 15:21:39 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-03-13 15:14:18 +01:00
|
|
|
// RuleToPolicy converts a Rule to a Policy query object
|
|
|
|
func RuleToPolicy(rule *Rule) (*Policy, error) {
|
2023-01-02 15:11:32 +01:00
|
|
|
if rule == nil {
|
2023-03-13 15:14:18 +01:00
|
|
|
return nil, fmt.Errorf("rule is empty")
|
2023-01-02 15:11:32 +01:00
|
|
|
}
|
2023-03-13 15:14:18 +01:00
|
|
|
policy := &Policy{
|
|
|
|
ID: rule.ID,
|
|
|
|
Name: rule.Name,
|
|
|
|
Description: rule.Description,
|
|
|
|
Enabled: !rule.Disabled,
|
|
|
|
Rules: []*PolicyRule{rule.ToPolicyRule()},
|
2022-06-04 22:02:22 +02:00
|
|
|
}
|
2023-03-13 15:14:18 +01:00
|
|
|
if err := policy.UpdateQueryFromRules(); err != nil {
|
2022-11-11 20:36:45 +01:00
|
|
|
return nil, err
|
2022-05-21 15:21:39 +02:00
|
|
|
}
|
2023-03-13 15:14:18 +01:00
|
|
|
return policy, nil
|
2022-05-21 15:21:39 +02:00
|
|
|
}
|