[management] Add firewall rule route ID and missing route domains (#3700)

2025-08-14 09:18:51 +02:00 · 2025-04-23 21:29:46 +02:00
parent 4013298e22
commit 400b9fca32
7 changed files with 95 additions and 54 deletions
--- a/management/server/route_test.go
+++ b/management/server/route_test.go
@ -1850,6 +1850,7 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 				Destination: "192.168.0.0/16",
 				Protocol:    "all",
 				Port:        80,
+				RouteID:     "route1:peerA",
 			},
 			{
 				SourceRanges: []string{
@ -1861,6 +1862,7 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 				Destination: "192.168.0.0/16",
 				Protocol:    "all",
 				Port:        320,
+				RouteID:     "route1:peerA",
 			},
 		}
 		additionalFirewallRule := []*types.RouteFirewallRule{
@ -1872,6 +1874,7 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 				Destination: "192.168.10.0/16",
 				Protocol:    "tcp",
 				Port:        80,
+				RouteID:     "route4:peerA",
 			},
 			{
 				SourceRanges: []string{
@ -1880,6 +1883,7 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 				Action:      "accept",
 				Destination: "192.168.10.0/16",
 				Protocol:    "all",
+				RouteID:     "route4:peerA",
 			},
 		}

@ -1888,6 +1892,9 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 		// peerD is also the routing peer for route1, should contain same routes firewall rules as peerA
 		routesFirewallRules = account.GetPeerRoutesFirewallRules(context.Background(), "peerD", validatedPeers)
 		assert.Len(t, routesFirewallRules, 2)
+		for _, rule := range expectedRoutesFirewallRules {
+			rule.RouteID = "route1:peerD"
+		}
 		assert.ElementsMatch(t, orderRuleSourceRanges(routesFirewallRules), orderRuleSourceRanges(expectedRoutesFirewallRules))

 		// peerE is a single routing peer for route 2 and route 3
@ -1901,6 +1908,7 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 				Destination:  existingNetwork.String(),
 				Protocol:     "tcp",
 				PortRange:    types.RulePortRange{Start: 80, End: 350},
+				RouteID:      "route2",
 			},
 			{
 				SourceRanges: []string{"0.0.0.0/0"},
@ -1909,6 +1917,7 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 				Protocol:     "all",
 				Domains:      domain.List{"example.com"},
 				IsDynamic:    true,
+				RouteID:      "route3",
 			},
 			{
 				SourceRanges: []string{"::/0"},
@ -1917,6 +1926,7 @@ func TestAccount_getPeersRoutesFirewall(t *testing.T) {
 				Protocol:     "all",
 				Domains:      domain.List{"example.com"},
 				IsDynamic:    true,
+				RouteID:      "route3",
 			},
 		}
 		assert.ElementsMatch(t, orderRuleSourceRanges(routesFirewallRules), orderRuleSourceRanges(expectedRoutesFirewallRules))
@ -2676,6 +2686,7 @@ func TestAccount_GetPeerNetworkResourceFirewallRules(t *testing.T) {
 				Destination: "192.168.0.0/16",
 				Protocol:    "all",
 				Port:        80,
+				RouteID:     "resource2:peerA",
 			},
 			{
 				SourceRanges: []string{
@ -2687,6 +2698,7 @@ func TestAccount_GetPeerNetworkResourceFirewallRules(t *testing.T) {
 				Destination: "192.168.0.0/16",
 				Protocol:    "all",
 				Port:        320,
+				RouteID:     "resource2:peerA",
 			},
 		}

@ -2701,6 +2713,7 @@ func TestAccount_GetPeerNetworkResourceFirewallRules(t *testing.T) {
 				Port:        80,
 				Domains:     domain.List{"example.com"},
 				IsDynamic:   true,
+				RouteID:     "resource4:peerA",
 			},
 			{
 				SourceRanges: []string{
@ -2711,6 +2724,7 @@ func TestAccount_GetPeerNetworkResourceFirewallRules(t *testing.T) {
 				Protocol:    "all",
 				Domains:     domain.List{"example.com"},
 				IsDynamic:   true,
+				RouteID:     "resource4:peerA",
 			},
 		}
 		assert.ElementsMatch(t, orderRuleSourceRanges(firewallRules), orderRuleSourceRanges(append(expectedFirewallRules, additionalFirewallRules...)))
@ -2719,6 +2733,9 @@ func TestAccount_GetPeerNetworkResourceFirewallRules(t *testing.T) {
 		_, routes, sourcePeers = account.GetNetworkResourcesRoutesToSync(context.Background(), "peerD", resourcePoliciesMap, resourceRoutersMap)
 		firewallRules = account.GetPeerNetworkResourceFirewallRules(context.Background(), account.Peers["peerD"], validatedPeers, routes, resourcePoliciesMap)
 		assert.Len(t, firewallRules, 2)
+		for _, rule := range expectedFirewallRules {
+			rule.RouteID = "resource2:peerD"
+		}
 		assert.ElementsMatch(t, orderRuleSourceRanges(firewallRules), orderRuleSourceRanges(expectedFirewallRules))
 		assert.Len(t, sourcePeers, 3)

@ -2736,6 +2753,7 @@ func TestAccount_GetPeerNetworkResourceFirewallRules(t *testing.T) {
 				Destination:  "10.10.10.0/24",
 				Protocol:     "tcp",
 				PortRange:    types.RulePortRange{Start: 80, End: 350},
+				RouteID:      "resource1:peerE",
 			},
 		}
 		assert.ElementsMatch(t, orderRuleSourceRanges(firewallRules), orderRuleSourceRanges(expectedFirewallRules))
@ -2758,6 +2776,7 @@ func TestAccount_GetPeerNetworkResourceFirewallRules(t *testing.T) {
 				Destination:  "10.12.12.1/32",
 				Protocol:     "tcp",
 				Port:         8080,
+				RouteID:      "resource5:peerL",
 			},
 		}
 		assert.ElementsMatch(t, orderRuleSourceRanges(firewallRules), orderRuleSourceRanges(expectedFirewallRules))