mirror of
https://github.com/netbirdio/netbird.git
synced 2025-08-16 01:58:16 +02:00
convert resource to route if resource has policy
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
This commit is contained in:
bcmmbaga
@ -2480,50 +2480,22 @@ func TestAccount_GetPeerNetworkResourceFirewallRules(t *testing.T) {
|
||||
}
|
||||
|
||||
t.Run("validate applied policies for different network resources", func(t *testing.T) {
|
||||
getNetworkResourceByID := func(account *types.Account, id string) *resourceTypes.NetworkResource {
|
||||
for _, resource := range account.NetworkResources {
|
||||
if resource.ID == id {
|
||||
return resource
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
getNetworkRouterByID := func(account *types.Account, id string) *routerTypes.NetworkRouter {
|
||||
for _, router := range account.NetworkRouters {
|
||||
if router.ID == id {
|
||||
return router
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Test case: Resource1 is directly applied to the policy (policyResource1)
|
||||
peerE := account.GetPeer("peerE")
|
||||
router1 := getNetworkRouterByID(account, "router1")
|
||||
route1 := getNetworkResourceByID(account, "resource1").ToRoute(peerE, router1)
|
||||
policies := account.GetPoliciesForNetworkResource(string(route1.ID))
|
||||
policies := account.GetPoliciesForNetworkResource("resource1")
|
||||
assert.Len(t, policies, 1, "resource1 should have exactly 1 policy applied directly")
|
||||
|
||||
// Test case: Resource2 is applied to an access control group (dev),
|
||||
// which is part of the destination in the policy (policyResource2)
|
||||
peerA := account.GetPeer("peerA")
|
||||
router2 := getNetworkRouterByID(account, "router2")
|
||||
route2 := getNetworkResourceByID(account, "resource2").ToRoute(peerA, router2)
|
||||
policies = account.GetPoliciesForNetworkResource(string(route2.ID))
|
||||
policies = account.GetPoliciesForNetworkResource("resource2")
|
||||
assert.Len(t, policies, 1, "resource2 should have exactly 1 policy applied via access control group")
|
||||
|
||||
// Test case: Resource3 is not applied to any access control group or policy
|
||||
router3 := getNetworkRouterByID(account, "router3")
|
||||
route3 := getNetworkResourceByID(account, "resource3").ToRoute(peerE, router3)
|
||||
policies = account.GetPoliciesForNetworkResource(string(route3.ID))
|
||||
policies = account.GetPoliciesForNetworkResource("resource3")
|
||||
assert.Len(t, policies, 0, "resource3 should have no policies applied")
|
||||
|
||||
// Test case: Resource4 is applied to the access control groups (restrictQA and unrestrictedQA),
|
||||
// which is part of the destination in the policies (policyResource3 and policyResource4)
|
||||
router4 := getNetworkRouterByID(account, "router4")
|
||||
route4 := getNetworkResourceByID(account, "resource4").ToRoute(peerA, router4)
|
||||
policies = account.GetPoliciesForNetworkResource(string(route4.ID))
|
||||
policies = account.GetPoliciesForNetworkResource("resource4")
|
||||
assert.Len(t, policies, 2, "resource4 should have exactly 2 policy applied via access control groups")
|
||||
})
|
||||
|
||||
|
||||
@ -1361,12 +1361,11 @@ func (a *Account) GetPoliciesAppliedInNetwork(networkID string) []string {
|
||||
func (a *Account) getNetworkResourcesRoutes(resources []*resourceTypes.NetworkResource, router *routerTypes.NetworkRouter, peer *nbpeer.Peer) []*route.Route {
|
||||
routes := make([]*route.Route, 0, len(resources))
|
||||
for _, resource := range resources {
|
||||
resourceRoute := resource.ToRoute(peer, router)
|
||||
resourceAppliedPolicies := a.GetPoliciesForNetworkResource(string(resourceRoute.ID))
|
||||
resourceAppliedPolicies := a.GetPoliciesForNetworkResource(resource.ID)
|
||||
|
||||
// distribute the resource routes only if there is policy applied to it
|
||||
if len(resourceAppliedPolicies) > 0 {
|
||||
routes = append(routes, resourceRoute)
|
||||
routes = append(routes, resource.ToRoute(peer, router))
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user