mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-24 23:59:25 +01:00
5dc0ff42a5
Default Rego policy generated from the rules in some cases is broken. This change fixes the Rego template for rules to generate policies. Also, file store load constantly regenerates policy objects from rules. It allows updating/fixing of the default Rego template during releases.
35 lines
948 B
Rego
35 lines
948 B
Rego
package netbird
|
|
|
|
import future.keywords.if
|
|
import future.keywords.in
|
|
import future.keywords.contains
|
|
|
|
# get_rule builds a netbird rule object from given parameters
|
|
get_rule(peer_id, direction, action, port) := rule if {
|
|
peer := input.peers[_]
|
|
peer.ID == peer_id
|
|
rule := {
|
|
"ID": peer.ID,
|
|
"IP": peer.IP,
|
|
"Direction": direction,
|
|
"Action": action,
|
|
"Port": port,
|
|
}
|
|
}
|
|
|
|
# netbird_rules_from_group returns a list of netbird rules for a given group_id
|
|
rules_from_group(group_id, direction, action, port) := rules if {
|
|
group := input.groups[_]
|
|
group.ID == group_id
|
|
rules := [get_rule(peer, direction, action, port) | peer := group.Peers[_]]
|
|
}
|
|
|
|
# is_peer_in_any_group checks that input peer present at least in one group
|
|
is_peer_in_any_group(groups) := count([group_id]) > 0 if {
|
|
group_id := groups[_]
|
|
group := input.groups[_]
|
|
group.ID == group_id
|
|
peer := group.Peers[_]
|
|
peer == input.peer_id
|
|
}
|