mirror of
https://github.com/netbirdio/netbird.git
synced 2025-01-24 23:08:55 +01:00
a47c69c472
* wip: Add PrivateNetworkCheck checks interface implementation * use generic CheckAction constant * Add private network check to posture checks * Fix copy function target in posture checks * Add network check functionality to posture package * regenerate the openapi specs * Update Posture Check actions in test file * Remove unused function * Refactor network address handling in PrivateNetworkCheck * Refactor Prefixes to Ranges in private network checks * Implement private network checks in posture checks handler tests * Add test for check copy * Add gorm serializer for network range
63 lines
1.5 KiB
Go
63 lines
1.5 KiB
Go
package posture
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
nbpeer "github.com/netbirdio/netbird/management/server/peer"
|
|
)
|
|
|
|
type Location struct {
|
|
// CountryCode 2-letter ISO 3166-1 alpha-2 code that represents the country
|
|
CountryCode string
|
|
|
|
// CityName Commonly used English name of the city
|
|
CityName string
|
|
}
|
|
|
|
var _ Check = (*GeoLocationCheck)(nil)
|
|
|
|
type GeoLocationCheck struct {
|
|
// Locations list of geolocations, to which the policy applies
|
|
Locations []Location
|
|
|
|
// Action to take upon policy match
|
|
Action string
|
|
}
|
|
|
|
func (g *GeoLocationCheck) Check(peer nbpeer.Peer) (bool, error) {
|
|
// deny if the peer location is not evaluated
|
|
if peer.Location.CountryCode == "" && peer.Location.CityName == "" {
|
|
return false, fmt.Errorf("peer's location is not set")
|
|
}
|
|
|
|
for _, loc := range g.Locations {
|
|
if loc.CountryCode == peer.Location.CountryCode {
|
|
if loc.CityName == "" || loc.CityName == peer.Location.CityName {
|
|
switch g.Action {
|
|
case CheckActionDeny:
|
|
return false, nil
|
|
case CheckActionAllow:
|
|
return true, nil
|
|
default:
|
|
return false, fmt.Errorf("invalid geo location action: %s", g.Action)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
// At this point, no location in the list matches the peer's location
|
|
// For action deny and no location match, allow the peer
|
|
if g.Action == CheckActionDeny {
|
|
return true, nil
|
|
}
|
|
// For action allow and no location match, deny the peer
|
|
if g.Action == CheckActionAllow {
|
|
return false, nil
|
|
}
|
|
|
|
return false, fmt.Errorf("invalid geo location action: %s", g.Action)
|
|
}
|
|
|
|
func (g *GeoLocationCheck) Name() string {
|
|
return GeoLocationCheckName
|
|
}
|