leviathonbeast/ionscale
1
0
Fork 0
mirror of https://github.com/jsiebens/ionscale.git synced 2026-03-31 15:07:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: set default ACL and IAM policy if not provided

Browse Source
This commit is contained in:
Johan Siebens
2023-01-28 19:28:51 +01:00
parent d32ece6304
commit 4550bdbf2a
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/domain/acl.go
+12
View File
@@ -47,6 +47,18 @@ type SSHRule struct {
Users []string `json:"users"` Users []string `json:"users"`
} }
func DefaultACLPolicy() ACLPolicy {
return ACLPolicy{
ACLs: []ACL{
{
Action: "accept",
Src: []string{"*"},
Dst: []string{"*:*"},
},
},
}
}
func (a ACLPolicy) FindAutoApprovedIPs(routableIPs []netip.Prefix, tags []string, u *User) []netip.Prefix { func (a ACLPolicy) FindAutoApprovedIPs(routableIPs []netip.Prefix, tags []string, u *User) []netip.Prefix {
if a.AutoApprovers == nil || len(routableIPs) == 0 { if a.AutoApprovers == nil || len(routableIPs) == 0 {
return nil return nil
internal/service/tailnet.go
+4
View File
@@ -59,12 +59,16 @@ func (s *Service) CreateTailnet(ctx context.Context, req *connect.Request[api.Cr
if err := mapping.CopyViaJson(req.Msg.IamPolicy, &tailnet.IAMPolicy); err != nil { if err := mapping.CopyViaJson(req.Msg.IamPolicy, &tailnet.IAMPolicy); err != nil {
return nil, errors.Wrap(err, 0) return nil, errors.Wrap(err, 0)
} }
} else {
tailnet.IAMPolicy = domain.DefaultIAMPolicy()
} }
if req.Msg.AclPolicy != nil { if req.Msg.AclPolicy != nil {
if err := mapping.CopyViaJson(req.Msg.AclPolicy, &tailnet.ACLPolicy); err != nil { if err := mapping.CopyViaJson(req.Msg.AclPolicy, &tailnet.ACLPolicy); err != nil {
return nil, errors.Wrap(err, 0) return nil, errors.Wrap(err, 0)
} }
} else {
tailnet.ACLPolicy = domain.DefaultACLPolicy()
} }
if err := s.repository.SaveTailnet(ctx, tailnet); err != nil { if err := s.repository.SaveTailnet(ctx, tailnet); err != nil {