add service type to default acl polices

gravitl · Dec 18, 2024 · 73eed6e · 73eed6e
1 parent 6f5398e
commit 73eed6e
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 35 deletions.
diff --git a/logic/acls.go b/logic/acls.go
@@ -39,14 +39,15 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
 	_, _ = ListAclsByNetwork(netID)
 	if !IsAclExists(fmt.Sprintf("%s.%s", netID, "all-nodes")) {
 		defaultDeviceAcl := models.Acl{
-			ID:        fmt.Sprintf("%s.%s", netID, "all-nodes"),
-			Name:      "All Nodes",
-			MetaData:  "This Policy allows all nodes in the network to communicate with each other",
-			Default:   true,
-			NetworkID: netID,
-			Proto:     models.ALL,
-			Port:      []string{},
-			RuleType:  models.DevicePolicy,
+			ID:          fmt.Sprintf("%s.%s", netID, "all-nodes"),
+			Name:        "All Nodes",
+			MetaData:    "This Policy allows all nodes in the network to communicate with each other",
+			Default:     true,
+			NetworkID:   netID,
+			Proto:       models.ALL,
+			ServiceType: models.Any,
+			Port:        []string{},
+			RuleType:    models.DevicePolicy,
 			Src: []models.AclPolicyTag{
 				{
 					ID:    models.DeviceAclID,
@@ -66,14 +67,15 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
 	}
 	if !IsAclExists(fmt.Sprintf("%s.%s", netID, "all-users")) {
 		defaultUserAcl := models.Acl{
-			ID:        fmt.Sprintf("%s.%s", netID, "all-users"),
-			Default:   true,
-			Name:      "All Users",
-			MetaData:  "This policy gives access to everything in the network for an user",
-			NetworkID: netID,
-			Proto:     models.ALL,
-			Port:      []string{},
-			RuleType:  models.UserPolicy,
+			ID:          fmt.Sprintf("%s.%s", netID, "all-users"),
+			Default:     true,
+			Name:        "All Users",
+			MetaData:    "This policy gives access to everything in the network for an user",
+			NetworkID:   netID,
+			Proto:       models.ALL,
+			ServiceType: models.Any,
+			Port:        []string{},
+			RuleType:    models.UserPolicy,
 			Src: []models.AclPolicyTag{
 				{
 					ID:    models.UserAclID,
@@ -94,13 +96,14 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
 
 	if !IsAclExists(fmt.Sprintf("%s.%s", netID, "all-remote-access-gws")) {
 		defaultUserAcl := models.Acl{
-			ID:        fmt.Sprintf("%s.%s", netID, "all-remote-access-gws"),
-			Default:   true,
-			Name:      "All Remote Access Gateways",
-			NetworkID: netID,
-			Proto:     models.ALL,
-			Port:      []string{},
-			RuleType:  models.DevicePolicy,
+			ID:          fmt.Sprintf("%s.%s", netID, "all-remote-access-gws"),
+			Default:     true,
+			Name:        "All Remote Access Gateways",
+			NetworkID:   netID,
+			Proto:       models.ALL,
+			ServiceType: models.Any,
+			Port:        []string{},
+			RuleType:    models.DevicePolicy,
 			Src: []models.AclPolicyTag{
 				{
 					ID:    models.DeviceAclID,

diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go
@@ -1207,12 +1207,13 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
 
 	if !logic.IsAclExists(fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin)) {
 		defaultUserAcl := models.Acl{
-			ID:        fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin),
-			Name:      "Network Admin",
-			MetaData:  "This Policy allows all network admins to communicate with all remote access gateways",
-			Default:   true,
-			NetworkID: netID,
-			RuleType:  models.UserPolicy,
+			ID:          fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin),
+			Name:        "Network Admin",
+			MetaData:    "This Policy allows all network admins to communicate with all remote access gateways",
+			Default:     true,
+			ServiceType: models.Any,
+			NetworkID:   netID,
+			RuleType:    models.UserPolicy,
 			Src: []models.AclPolicyTag{
 				{
 					ID:    models.UserGroupAclID,
@@ -1238,12 +1239,13 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
 
 	if !logic.IsAclExists(fmt.Sprintf("%s.%s-grp", netID, models.NetworkUser)) {
 		defaultUserAcl := models.Acl{
-			ID:        fmt.Sprintf("%s.%s-grp", netID, models.NetworkUser),
-			Name:      "Network User",
-			MetaData:  "This Policy allows all network users to communicate with all remote access gateways",
-			Default:   true,
-			NetworkID: netID,
-			RuleType:  models.UserPolicy,
+			ID:          fmt.Sprintf("%s.%s-grp", netID, models.NetworkUser),
+			Name:        "Network User",
+			MetaData:    "This Policy allows all network users to communicate with all remote access gateways",
+			Default:     true,
+			ServiceType: models.Any,
+			NetworkID:   netID,
+			RuleType:    models.UserPolicy,
 			Src: []models.AclPolicyTag{
 				{
 					ID:    models.UserGroupAclID,