extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-11-22 08:03:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't drop Rules from file storage after migration to Policies (#741)

Browse Source 
Rego policy migration clears the rules property of the file storage, but it does not allow rollback management upgrade, so this changes pre-saves rules in the file store and updates it from the policies.
This commit is contained in:
Givi Khojanashvili 2023-03-15 09:42:40 +04:00 committed by GitHub
parent 3bfa26b13b
commit 2a1efbd0fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 71 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
management/server/file_store.go
View File

@ -124,7 +124,6 @@ func restore(file string) (*FileStore, error) {
} }
account.Policies = append(account.Policies, policy) account.Policies = append(account.Policies, policy)
} }
account.Rules = nil
} }
// for data migration. Can be removed once most base will be with labels // for data migration. Can be removed once most base will be with labels
@ -265,6 +264,15 @@ func (s *FileStore) SaveAccount(account *Account) error {
s.PrivateDomain2AccountID[accountCopy.Domain] = accountCopy.Id s.PrivateDomain2AccountID[accountCopy.Domain] = accountCopy.Id
} }
if accountCopy.Rules == nil {
accountCopy.Rules = make(map[string]*Rule)
}
for _, policy := range accountCopy.Policies {
for _, rule := range policy.Rules {
accountCopy.Rules[rule.ID] = rule.ToRule()
}
}
return s.persist(s.storeFile) return s.persist(s.storeFile)
} }

67
management/server/file_store_test.go
View File

@ -123,6 +123,38 @@ func TestStore(t *testing.T) {
Name: "peer name", Name: "peer name",
Status: &PeerStatus{Connected: true, LastSeen: time.Now()}, Status: &PeerStatus{Connected: true, LastSeen: time.Now()},
} }
account.Groups["all"] = &Group{
ID: "all",
Name: "all",
Peers: []string{"testpeer"},
}
account.Rules["all"] = &Rule{
ID: "all",
Name: "all",
Source: []string{"all"},
Destination: []string{"all"},
Flow: TrafficFlowBidirect,
}
account.Policies = append(account.Policies, &Policy{
ID: "all",
Name: "all",
Enabled: true,
Rules: []*PolicyRule{account.Rules["all"].ToPolicyRule()},
})
account.Policies = append(account.Policies, &Policy{
ID: "dmz",
Name: "dmz",
Enabled: true,
Rules: []*PolicyRule{
{
ID: "dmz",
Name: "dmz",
Enabled: true,
Sources: []string{"all"},
Destinations: []string{"all"},
},
},
})
// SaveAccount should trigger persist // SaveAccount should trigger persist
err := store.SaveAccount(account) err := store.SaveAccount(account)
@ -138,23 +170,48 @@ func TestStore(t *testing.T) {
restoredAccount := restored.Accounts[account.Id] restoredAccount := restored.Accounts[account.Id]
if restoredAccount == nil { if restoredAccount == nil {
t.Errorf("failed to restore a FileStore file - missing Account %s", account.Id) t.Errorf("failed to restore a FileStore file - missing Account %s", account.Id)
return
} }
if restoredAccount != nil && restoredAccount.Peers["testpeer"] == nil { if restoredAccount.Peers["testpeer"] == nil {
t.Errorf("failed to restore a FileStore file - missing Peer testpeer") t.Errorf("failed to restore a FileStore file - missing Peer testpeer")
} }
if restoredAccount != nil && restoredAccount.CreatedBy != "testuser" { if restoredAccount.CreatedBy != "testuser" {
t.Errorf("failed to restore a FileStore file - missing Account CreatedBy") t.Errorf("failed to restore a FileStore file - missing Account CreatedBy")
} }
if restoredAccount != nil && restoredAccount.Users["testuser"] == nil { if restoredAccount.Users["testuser"] == nil {
t.Errorf("failed to restore a FileStore file - missing User testuser") t.Errorf("failed to restore a FileStore file - missing User testuser")
} }
if restoredAccount != nil && restoredAccount.Network == nil { if restoredAccount.Network == nil {
t.Errorf("failed to restore a FileStore file - missing Network") t.Errorf("failed to restore a FileStore file - missing Network")
} }
if restoredAccount.Groups["all"] == nil {
t.Errorf("failed to restore a FileStore file - missing Group all")
}
if restoredAccount.Rules["all"] == nil {
t.Errorf("failed to restore a FileStore file - missing Rule all")
return
}
if restoredAccount.Rules["dmz"] == nil {
t.Errorf("failed to restore a FileStore file - missing Rule dmz")
return
}
assert.Equal(t, account.Rules["all"], restoredAccount.Rules["all"], "failed to restore a FileStore file - missing Rule all")
assert.Equal(t, account.Rules["dmz"], restoredAccount.Rules["dmz"], "failed to restore a FileStore file - missing Rule dmz")
if len(restoredAccount.Policies) != 2 {
t.Errorf("failed to restore a FileStore file - missing Policies")
return
}
assert.Equal(t, account.Policies[0], restoredAccount.Policies[0], "failed to restore a FileStore file - missing Policy all")
assert.Equal(t, account.Policies[1], restoredAccount.Policies[1], "failed to restore a FileStore file - missing Policy dmz")
} }
func TestRestore(t *testing.T) { func TestRestore(t *testing.T) {
@ -204,7 +261,7 @@ func TestRestorePolicies_Migration(t *testing.T) {
account := store.Accounts["bf1c8084-ba50-4ce7-9439-34653001fc3b"] account := store.Accounts["bf1c8084-ba50-4ce7-9439-34653001fc3b"]
require.Len(t, account.Groups, 1, "failed to restore a FileStore file - missing Account Groups") require.Len(t, account.Groups, 1, "failed to restore a FileStore file - missing Account Groups")
require.Len(t, account.Rules, 0, "failed to restore a FileStore file - Account Rules should be removed") require.Len(t, account.Rules, 1, "failed to restore a FileStore file - missing Account Rules")
require.Len(t, account.Policies, 1, "failed to restore a FileStore file - missing Account Policies") require.Len(t, account.Policies, 1, "failed to restore a FileStore file - missing Account Policies")
policy := account.Policies[0] policy := account.Policies[0]