extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-02-07 14:00:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Extends policy rule API with source and destination resource

Browse Source 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
This commit is contained in:
bcmmbaga 2024-12-11 14:22:33 +01:00
parent ac06f178fe
commit 9fae103370
No known key found for this signature in database
GPG Key ID: 511EED5C928AD547
2 changed files with 90 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
management/server/http/api/openapi.yml
View File

@ -782,15 +782,18 @@ components:
items: items:
type: string type: string
example: "ch8i4ug6lnn4g9hqv797" example: "ch8i4ug6lnn4g9hqv797"
sourceResource:
description: Policy rule source resource that the rule is applied to
$ref: '#/components/schemas/Resource'
destinations: destinations:
description: Policy rule destination group IDs description: Policy rule destination group IDs
type: array type: array
items: items:
type: string type: string
example: "ch8i4ug6lnn4g9h7v7m0" example: "ch8i4ug6lnn4g9h7v7m0"
required: destinationResource:
- sources description: Policy rule destination resource that the rule is applied to
- destinations $ref: '#/components/schemas/Resource'
PolicyRule: PolicyRule:
allOf: allOf:
- $ref: '#/components/schemas/PolicyRuleMinimum' - $ref: '#/components/schemas/PolicyRuleMinimum'
@ -801,14 +804,17 @@ components:
type: array type: array
items: items:
$ref: '#/components/schemas/GroupMinimum' $ref: '#/components/schemas/GroupMinimum'
sourceResource:
description: Policy rule source resource that the rule is applied to
$ref: '#/components/schemas/Resource'
destinations: destinations:
description: Policy rule destination group IDs description: Policy rule destination group IDs
type: array type: array
items: items:
$ref: '#/components/schemas/GroupMinimum' $ref: '#/components/schemas/GroupMinimum'
required: destinationResource:
- sources description: Policy rule destination resource that the rule is applied to
- destinations $ref: '#/components/schemas/Resource'
PolicyMinimum: PolicyMinimum:
type: object type: object
properties: properties:
@ -1176,6 +1182,24 @@ components:
- id - id
- network_type - network_type
- $ref: '#/components/schemas/RouteRequest' - $ref: '#/components/schemas/RouteRequest'
Resource:
type: object
properties:
id:
description: Resource ID
type: string
example: chacdk86lnnboviihd7g
type:
description: Resource type
$ref: '#/components/schemas/ResourceType'
required:
- id
- type
ResourceType:
allOf:
- $ref: '#/components/schemas/NetworkResourceType'
- type: string
example: host
NetworkRequest: NetworkRequest:
type: object type: object
properties: properties:
@ -1228,13 +1252,16 @@ components:
example: chacdk86lnnboviihd7g example: chacdk86lnnboviihd7g
type: type:
description: Network resource type based of the address description: Network resource type based of the address
type: string $ref: '#/components/schemas/NetworkResourceType'
enum: [ "host", "subnet", "domain"]
example: host example: host
required: required:
- id - id
- type - type
- $ref: '#/components/schemas/NetworkResourceRequest' - $ref: '#/components/schemas/NetworkResourceRequest'
NetworkResourceType:
description: Network resource type based of the address
type: string
enum: [ "host", "subnet", "domain" ]
NetworkRouterRequest: NetworkRouterRequest:
type: object type: object
properties: properties:

60
management/server/http/handlers/policies/policies_handler.go
View File

@ -14,6 +14,7 @@ import (
"github.com/netbirdio/netbird/management/server/http/configs" "github.com/netbirdio/netbird/management/server/http/configs"
"github.com/netbirdio/netbird/management/server/http/util" "github.com/netbirdio/netbird/management/server/http/util"
"github.com/netbirdio/netbird/management/server/jwtclaims" "github.com/netbirdio/netbird/management/server/jwtclaims"
networkTypes "github.com/netbirdio/netbird/management/server/networks/resources/types"
"github.com/netbirdio/netbird/management/server/status" "github.com/netbirdio/netbird/management/server/status"
"github.com/netbirdio/netbird/management/server/types" "github.com/netbirdio/netbird/management/server/types"
) )
@ -147,15 +148,58 @@ func (h *handler) savePolicy(w http.ResponseWriter, r *http.Request, accountID s
ruleID = *rule.Id ruleID = *rule.Id
} }
hasSources := rule.Sources != nil
hasSourceResource := rule.SourceResource != nil
hasDestinations := rule.Destinations != nil
hasDestinationResource := rule.DestinationResource != nil
if hasSources && hasSourceResource {
util.WriteError(r.Context(), status.Errorf(status.InvalidArgument, "specify either sources or source resources, not both"), w)
return
}
if hasDestinations && hasDestinationResource {
util.WriteError(r.Context(), status.Errorf(status.InvalidArgument, "specify either destinations or destination resources, not both"), w)
return
}
if !(hasSources || hasSourceResource) || !(hasDestinations || hasDestinationResource) {
util.WriteError(r.Context(), status.Errorf(status.InvalidArgument, "specify either sources or source resources and destinations or destination resources"), w)
return
}
pr := types.PolicyRule{ pr := types.PolicyRule{
ID: ruleID, ID: ruleID,
PolicyID: policyID, PolicyID: policyID,
Name: rule.Name, Name: rule.Name,
Destinations: rule.Destinations,
Sources: rule.Sources,
Bidirectional: rule.Bidirectional, Bidirectional: rule.Bidirectional,
} }
if hasSources {
pr.Sources = *rule.Sources
}
if hasSourceResource {
// TODO: validate the resource id and type
pr.SourceResource = networkTypes.Resource{
ID: rule.SourceResource.Id,
Type: string(rule.SourceResource.Type),
}
}
if hasDestinations {
pr.Destinations = *rule.Destinations
}
if hasDestinationResource {
// TODO: validate the resource id and type
pr.DestinationResource = networkTypes.Resource{
ID: rule.DestinationResource.Id,
Type: string(rule.DestinationResource.Type),
}
}
pr.Enabled = rule.Enabled pr.Enabled = rule.Enabled
if rule.Description != nil { if rule.Description != nil {
pr.Description = *rule.Description pr.Description = *rule.Description
@ -363,26 +407,30 @@ func toPolicyResponse(groups []*nbgroup.Group, policy *types.Policy) *api.Policy
rule.PortRanges = &portRanges rule.PortRanges = &portRanges
} }
var sources []api.GroupMinimum
for _, gid := range r.Sources { for _, gid := range r.Sources {
_, ok := cache[gid] _, ok := cache[gid]
if ok { if ok {
continue continue
} }
if group, ok := groupsMap[gid]; ok { if group, ok := groupsMap[gid]; ok {
minimum := api.GroupMinimum{ minimum := api.GroupMinimum{
Id: group.ID, Id: group.ID,
Name: group.Name, Name: group.Name,
PeersCount: len(group.Peers), PeersCount: len(group.Peers),
} }
rule.Sources = append(rule.Sources, minimum) sources = append(sources, minimum)
cache[gid] = minimum cache[gid] = minimum
} }
} }
rule.Sources = &sources
var destinations []api.GroupMinimum
for _, gid := range r.Destinations { for _, gid := range r.Destinations {
cachedMinimum, ok := cache[gid] cachedMinimum, ok := cache[gid]
if ok { if ok {
rule.Destinations = append(rule.Destinations, cachedMinimum) destinations = append(destinations, cachedMinimum)
continue continue
} }
if group, ok := groupsMap[gid]; ok { if group, ok := groupsMap[gid]; ok {
@ -391,10 +439,12 @@ func toPolicyResponse(groups []*nbgroup.Group, policy *types.Policy) *api.Policy
Name: group.Name, Name: group.Name,
PeersCount: len(group.Peers), PeersCount: len(group.Peers),
} }
rule.Destinations = append(rule.Destinations, minimum) destinations = append(destinations, minimum)
cache[gid] = minimum cache[gid] = minimum
} }
} }
rule.Destinations = &destinations
ap.Rules = append(ap.Rules, rule) ap.Rules = append(ap.Rules, rule)
} }
return ap return ap