sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-05-06 17:08:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

[management] fix force-push to feature/flow branch (#3500)

Browse Source
This commit is contained in:
hakansa
2025-03-14 01:36:46 +08:00
committed by GitHub
parent 18871b554f
commit 78b86e0beb
10 changed files with 152 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
management/server/policy.go
View File

@@ -256,6 +256,7 @@ func toProtocolFirewallRules(rules []*types.FirewallRule) []*proto.FirewallRule
rule := rules[i]
result[i] = &proto.FirewallRule{
PolicyID: []byte(rule.PolicyID),
PeerIP: rule.PeerIP,
Direction: getProtoDirection(rule.Direction),
Action: getProtoAction(rule.Action),

27
management/server/policy_test.go
View File

@@ -182,6 +182,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleDefault",
},
{
PeerIP: "0.0.0.0",
@@ -189,6 +190,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleDefault",
},
{
PeerIP: "100.65.14.88",
@@ -196,6 +198,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.14.88",
@@ -203,6 +206,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.62.5",
@@ -210,6 +214,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.62.5",
@@ -217,6 +222,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
@@ -225,6 +231,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.32.206",
@@ -232,6 +239,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
@@ -240,6 +248,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.250.202",
@@ -247,6 +256,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
@@ -255,6 +265,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.13.186",
@@ -262,6 +273,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
@@ -270,6 +282,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.29.55",
@@ -277,6 +290,7 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
}
assert.Len(t, firewallRules, len(epectedFirewallRules))
@@ -404,6 +418,7 @@ func TestAccount_getPeersByPolicyDirect(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.254.139",
@@ -411,6 +426,7 @@ func TestAccount_getPeersByPolicyDirect(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
}
assert.Len(t, firewallRules, len(epectedFirewallRules))
@@ -432,6 +448,7 @@ func TestAccount_getPeersByPolicyDirect(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.80.39",
@@ -439,6 +456,7 @@ func TestAccount_getPeersByPolicyDirect(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
}
assert.Len(t, firewallRules, len(epectedFirewallRules))
@@ -462,6 +480,7 @@ func TestAccount_getPeersByPolicyDirect(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
}
assert.Len(t, firewallRules, len(epectedFirewallRules))
@@ -483,6 +502,7 @@ func TestAccount_getPeersByPolicyDirect(t *testing.T) {
Action: "accept",
Protocol: "all",
Port: "",
PolicyID: "RuleSwarm",
},
}
assert.Len(t, firewallRules, len(epectedFirewallRules))
@@ -690,6 +710,7 @@ func TestAccount_getPeersByPolicyPostureChecks(t *testing.T) {
Action: "accept",
Protocol: "tcp",
Port: "80",
PolicyID: "RuleSwarm",
},
}
assert.ElementsMatch(t, firewallRules, expectedFirewallRules)
@@ -773,6 +794,7 @@ func TestAccount_getPeersByPolicyPostureChecks(t *testing.T) {
Action: "accept",
Protocol: "tcp",
Port: "80",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.32.206",
@@ -780,6 +802,7 @@ func TestAccount_getPeersByPolicyPostureChecks(t *testing.T) {
Action: "accept",
Protocol: "tcp",
Port: "80",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.13.186",
@@ -787,6 +810,7 @@ func TestAccount_getPeersByPolicyPostureChecks(t *testing.T) {
Action: "accept",
Protocol: "tcp",
Port: "80",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.29.55",
@@ -794,6 +818,7 @@ func TestAccount_getPeersByPolicyPostureChecks(t *testing.T) {
Action: "accept",
Protocol: "tcp",
Port: "80",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.254.139",
@@ -801,6 +826,7 @@ func TestAccount_getPeersByPolicyPostureChecks(t *testing.T) {
Action: "accept",
Protocol: "tcp",
Port: "80",
PolicyID: "RuleSwarm",
},
{
PeerIP: "100.65.62.5",
@@ -808,6 +834,7 @@ func TestAccount_getPeersByPolicyPostureChecks(t *testing.T) {
Action: "accept",
Protocol: "tcp",
Port: "80",
PolicyID: "RuleSwarm",
},
}
assert.Len(t, firewallRules, len(expectedFirewallRules))

1
management/server/route.go
View File

@@ -388,6 +388,7 @@ func toProtocolRoutesFirewallRules(rules []*types.RouteFirewallRule) []*proto.Ro
Protocol: getProtoProtocol(rule.Protocol),
PortInfo: getProtoPortInfo(rule),
IsDynamic: rule.IsDynamic,
PolicyID: []byte(rule.PolicyID),
}
}

1
management/server/store/sql_store.go
View File

@@ -2185,6 +2185,7 @@ func (s *SqlStore) GetPeerByIP(ctx context.Context, lockStrength LockingStrength
result := s.db.Clauses(clause.Locking{Strength: string(lockStrength)}).
First(&peer, "account_id = ? AND ip = ?", accountID, jsonValue)
if result.Error != nil {
log.WithContext(ctx).Errorf("failed to get peer from the store: %s", result.Error)
return nil, status.Errorf(status.Internal, "failed to get peer from store")
}

1
management/server/types/account.go
View File

@@ -1012,6 +1012,7 @@ func (a *Account) connResourcesGenerator(ctx context.Context) (func(*PolicyRule,
}
fr := FirewallRule{
PolicyID: rule.ID,
PeerIP: peer.IP.String(),
Direction: direction,
Action: string(rule.Action),

4
management/server/types/firewall_rule.go
View File

@@ -20,6 +20,9 @@ const (
// FirewallRule is a rule of the firewall.
type FirewallRule struct {
// PolicyID is the ID of the policy this rule is derived from
PolicyID string
// PeerIP of the peer
PeerIP string
@@ -58,6 +61,7 @@ func generateRouteFirewallRules(ctx context.Context, route *nbroute.Route, rule
}
baseRule := RouteFirewallRule{
PolicyID: rule.PolicyID,
SourceRanges: sourceRanges,
Action: string(rule.Action),
Destination: route.Network.String(),

3
management/server/types/route_firewall_rule.go
View File

@@ -6,6 +6,9 @@ import (
// RouteFirewallRule a firewall rule applicable for a routed network.
type RouteFirewallRule struct {
// PolicyID is the ID of the policy this rule is derived from
PolicyID string
// SourceRanges IP ranges of the routing peers.
SourceRanges []string