From 15bfcada6524383cc58c4b5c27cf051bd3391787 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Sun, 10 Nov 2024 16:38:14 +0400 Subject: [PATCH 1/6] sort extclients --- logic/extpeers.go | 1 + 1 file changed, 1 insertion(+) diff --git a/logic/extpeers.go b/logic/extpeers.go index fcb422243..efcb045ef 100644 --- a/logic/extpeers.go +++ b/logic/extpeers.go @@ -802,6 +802,7 @@ func GetStaticNodesByNetwork(network models.NetworkID, onlyWg bool) (staticNode if err != nil { return } + SortExtClient(extClients[:]) for _, extI := range extClients { if extI.Network == network.String() { if onlyWg && extI.RemoteAccessClientID != "" { From 378bac74527b12e3f079b59ea48e6c7fc46e928c Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Sun, 10 Nov 2024 17:38:04 +0400 Subject: [PATCH 2/6] add view only permissions for network users --- models/user_mgmt.go | 3 ++- pro/logic/user_mgmt.go | 60 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) diff --git a/models/user_mgmt.go b/models/user_mgmt.go index 7debd6e22..188d7eba3 100644 --- a/models/user_mgmt.go +++ b/models/user_mgmt.go @@ -80,7 +80,8 @@ const ( AllUserRsrcID RsrcID = "all_user" AllDnsRsrcID RsrcID = "all_dns" AllFailOverRsrcID RsrcID = "all_fail_over" - AllAclsRsrcID RsrcID = "all_acls" + AllAclsRsrcID RsrcID = "all_acl" + AllTagsRsrcID RsrcID = "all_tag" ) // Pre-Defined User Roles diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go index c3a6534ff..2a21a8bdb 100644 --- a/pro/logic/user_mgmt.go +++ b/pro/logic/user_mgmt.go @@ -60,6 +60,36 @@ var NetworkUserAllPermissionTemplate = models.UserRolePermissionTemplate{ SelfOnly: true, }, }, + models.DnsRsrc: { + models.AllDnsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.AclRsrc: { + models.AllAclsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.EgressGwRsrc: { + models.AllEgressGwRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.InetGwRsrc: { + models.AllInetGwRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.RelayRsrc: { + models.AllRelayRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.TagRsrc: { + models.AllTagsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, }, } @@ -147,6 +177,36 @@ func CreateDefaultNetworkRolesAndGroups(netID models.NetworkID) { SelfOnly: true, }, }, + models.DnsRsrc: { + models.AllDnsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.AclRsrc: { + models.AllAclsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.EgressGwRsrc: { + models.AllEgressGwRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.InetGwRsrc: { + models.AllInetGwRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.RelayRsrc: { + models.AllRelayRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.TagRsrc: { + models.AllTagsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, }, } d, _ := json.Marshal(NetworkAdminPermissionTemplate) From 87b790aaa6b3d5d554d8b1ff4d0275befecf9925 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Sun, 10 Nov 2024 18:59:52 +0400 Subject: [PATCH 3/6] set peer endpoint if host endpoint is nil --- logic/peers.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/logic/peers.go b/logic/peers.go index e88f48630..b608ca053 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -227,6 +227,16 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N } else if host.EndpointIPv6 != nil && peerHost.EndpointIPv6 != nil { peerEndpoint = peerHost.EndpointIPv6 } + if host.EndpointIP == nil { + if peerHost.EndpointIP != nil { + peerEndpoint = peerHost.EndpointIP + } + } + if host.EndpointIP == nil && peerEndpoint == nil { + if peerHost.EndpointIPv6 != nil { + peerEndpoint = peerHost.EndpointIPv6 + } + } peerConfig.Endpoint = &net.UDPAddr{ IP: peerEndpoint, From dc032697713e01c6d0a5fdfb74ca17b31af53b8e Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Sun, 10 Nov 2024 19:14:45 +0400 Subject: [PATCH 4/6] set peer endpoint if host endpoint is nil --- logic/peers.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/logic/peers.go b/logic/peers.go index b608ca053..532dc5de5 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -227,12 +227,12 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N } else if host.EndpointIPv6 != nil && peerHost.EndpointIPv6 != nil { peerEndpoint = peerHost.EndpointIPv6 } - if host.EndpointIP == nil { + if host.EndpointIP == nil && peerEndpoint == nil { if peerHost.EndpointIP != nil { peerEndpoint = peerHost.EndpointIP } } - if host.EndpointIP == nil && peerEndpoint == nil { + if host.EndpointIPv6 == nil && peerEndpoint == nil { if peerHost.EndpointIPv6 != nil { peerEndpoint = peerHost.EndpointIPv6 } From 348a4d963badd81ca4d4c933880b0bf4bcae8df6 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Mon, 11 Nov 2024 09:48:18 +0400 Subject: [PATCH 5/6] comment out default pro trial --- controllers/server.go | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/controllers/server.go b/controllers/server.go index 10f548280..77b06fcc7 100644 --- a/controllers/server.go +++ b/controllers/server.go @@ -140,26 +140,26 @@ func getStatus(w http.ResponseWriter, r *http.Request) { if servercfg.ErrLicenseValidation != nil { licenseErr = servercfg.ErrLicenseValidation.Error() } - var trialEndDate time.Time - var err error - isOnTrial := false - if servercfg.IsPro && - (servercfg.GetLicenseKey() == "" || servercfg.GetNetmakerTenantID() == "") { - trialEndDate, err = logic.GetTrialEndDate() - if err != nil { - slog.Error("failed to get trial end date", "error", err) - } else { - isOnTrial = true - } - } + //var trialEndDate time.Time + //var err error + // isOnTrial := false + // if servercfg.IsPro && + // (servercfg.GetLicenseKey() == "" || servercfg.GetNetmakerTenantID() == "") { + // trialEndDate, err = logic.GetTrialEndDate() + // if err != nil { + // slog.Error("failed to get trial end date", "error", err) + // } else { + // isOnTrial = true + // } + // } currentServerStatus := status{ DB: database.IsConnected(), Broker: mq.IsConnected(), IsBrokerConnOpen: mq.IsConnectionOpen(), LicenseError: licenseErr, IsPro: servercfg.IsPro, - TrialEndDate: trialEndDate, - IsOnTrialLicense: isOnTrial, + //TrialEndDate: trialEndDate, + //IsOnTrialLicense: isOnTrial, } w.Header().Set("Content-Type", "application/json") From dcbe94eeb5162a5db3a0d5b13fa1390a3b7244a0 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Mon, 11 Nov 2024 16:59:16 +0400 Subject: [PATCH 6/6] avoid adding static nodes to tags --- controllers/ext_client.go | 4 ++-- migrate/migrate.go | 12 ------------ pro/controllers/users.go | 4 ++-- 3 files changed, 4 insertions(+), 16 deletions(-) diff --git a/controllers/ext_client.go b/controllers/ext_client.go index aabb5103e..874c62576 100644 --- a/controllers/ext_client.go +++ b/controllers/ext_client.go @@ -470,8 +470,8 @@ func createExtClient(w http.ResponseWriter, r *http.Request) { extclient.IngressGatewayID = nodeid extclient.Network = node.Network extclient.Tags = make(map[models.TagID]struct{}) - extclient.Tags[models.TagID(fmt.Sprintf("%s.%s", extclient.Network, - models.RemoteAccessTagName))] = struct{}{} + // extclient.Tags[models.TagID(fmt.Sprintf("%s.%s", extclient.Network, + // models.RemoteAccessTagName))] = struct{}{} // set extclient dns to ingressdns if extclient dns is not explicitly set if (extclient.DNS == "") && (node.IngressDNS != "") { extclient.DNS = node.IngressDNS diff --git a/migrate/migrate.go b/migrate/migrate.go index 51e74ab4c..19e9232aa 100644 --- a/migrate/migrate.go +++ b/migrate/migrate.go @@ -226,18 +226,6 @@ func updateNodes() { } } } - extclients, _ := logic.GetAllExtClients() - for _, extclient := range extclients { - tagID := models.TagID(fmt.Sprintf("%s.%s", extclient.Network, - models.RemoteAccessTagName)) - if extclient.Tags == nil { - extclient.Tags = make(map[models.TagID]struct{}) - } - if _, ok := extclient.Tags[tagID]; !ok { - extclient.Tags[tagID] = struct{}{} - logic.SaveExtClient(&extclient) - } - } } func removeInterGw(egressRanges []string) ([]string, bool) { diff --git a/pro/controllers/users.go b/pro/controllers/users.go index 31099d0ce..86787b79b 100644 --- a/pro/controllers/users.go +++ b/pro/controllers/users.go @@ -1006,8 +1006,8 @@ func getRemoteAccessGatewayConf(w http.ResponseWriter, r *http.Request) { userConf.Enabled = parentNetwork.DefaultACL == "yes" } userConf.Tags = make(map[models.TagID]struct{}) - userConf.Tags[models.TagID(fmt.Sprintf("%s.%s", userConf.Network, - models.RemoteAccessTagName))] = struct{}{} + // userConf.Tags[models.TagID(fmt.Sprintf("%s.%s", userConf.Network, + // models.RemoteAccessTagName))] = struct{}{} if err = logic.CreateExtClient(&userConf); err != nil { slog.Error( "failed to create extclient",