diff --git a/controllers/tags.go b/controllers/tags.go index 633dab968..f494d7b08 100644 --- a/controllers/tags.go +++ b/controllers/tags.go @@ -216,6 +216,11 @@ func deleteTag(w http.ResponseWriter, r *http.Request) { logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) return } + // check if active policy is using the tag + if logic.CheckIfTagAsActivePolicy(tag.ID, tag.Network) { + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("tag is currently in use by an active policy"), "badrequest")) + return + } err = logic.DeleteTag(models.TagID(tagID), true) if err != nil { logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) diff --git a/logic/acls.go b/logic/acls.go index 334e6f160..8863ce86d 100644 --- a/logic/acls.go +++ b/logic/acls.go @@ -621,6 +621,25 @@ func UpdateDeviceTag(OldID, newID models.TagID, netID models.NetworkID) { } } +func CheckIfTagAsActivePolicy(tagID models.TagID, netID models.NetworkID) bool { + acls := listDevicePolicies(netID) + for _, acl := range acls { + for _, srcTagI := range acl.Src { + if srcTagI.ID == models.DeviceAclID { + if tagID.String() == srcTagI.Value { + return true + } + } + } + for _, dstTagI := range acl.Dst { + if dstTagI.ID == models.DeviceAclID { + return true + } + } + } + return false +} + // RemoveDeviceTagFromAclPolicies - remove device tag from acl policies func RemoveDeviceTagFromAclPolicies(tagID models.TagID, netID models.NetworkID) error { acls := listDevicePolicies(netID) diff --git a/logic/acls/nodeacls/modify.go b/logic/acls/nodeacls/modify.go index 5710dd612..1c2de672d 100644 --- a/logic/acls/nodeacls/modify.go +++ b/logic/acls/nodeacls/modify.go @@ -25,6 +25,9 @@ func CreateNodeACL(networkID NetworkID, nodeID NodeID, defaultVal byte) (acls.AC acls.AclMutex.Lock() var newNodeACL = make(acls.ACL) for existingNodeID := range currentNetworkACL { + if currentNetworkACL[existingNodeID] == nil { + currentNetworkACL[existingNodeID] = make(acls.ACL) + } currentNetworkACL[existingNodeID][acls.AclID(nodeID)] = defaultVal // set the old nodes to default value for new node newNodeACL[existingNodeID] = defaultVal // set the old nodes in new node ACL to default value } diff --git a/logic/extpeers.go b/logic/extpeers.go index efcb045ef..c03a0efa7 100644 --- a/logic/extpeers.go +++ b/logic/extpeers.go @@ -2,6 +2,7 @@ package logic import ( "encoding/json" + "errors" "fmt" "net" "reflect" @@ -9,6 +10,7 @@ import ( "sync" "time" + "github.com/goombaio/namegenerator" "github.com/gravitl/netmaker/database" "github.com/gravitl/netmaker/logger" "github.com/gravitl/netmaker/logic/acls" @@ -281,13 +283,41 @@ func CreateExtClient(extclient *models.ExtClient) error { } if extclient.ClientID == "" { - extclient.ClientID = models.GenerateNodeName() + extclient.ClientID, err = GenerateNodeName(extclient.Network) + if err != nil { + return err + } } extclient.LastModified = time.Now().Unix() return SaveExtClient(extclient) } +// GenerateNodeName - generates a random node name +func GenerateNodeName(network string) (string, error) { + seed := time.Now().UTC().UnixNano() + nameGenerator := namegenerator.NewNameGenerator(seed) + var name string + cnt := 0 + for { + if cnt > 10 { + return "", errors.New("couldn't generate random name, try again") + } + cnt += 1 + name = nameGenerator.Generate() + if len(name) > 15 { + continue + } + _, err := GetExtClient(name, network) + if err == nil { + // config exists with same name + continue + } + break + } + return name, nil +} + // SaveExtClient - saves an ext client to database func SaveExtClient(extclient *models.ExtClient) error { key, err := GetRecordKey(extclient.ClientID, extclient.Network) diff --git a/logic/peers.go b/logic/peers.go index 532dc5de5..f67162636 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -237,6 +237,13 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N peerEndpoint = peerHost.EndpointIPv6 } } + if node.IsRelay && peer.RelayedBy == node.ID.String() && !peer.IsStatic { + // don't set endpoint on relayed peer + peerEndpoint = nil + } + if isFailOverPeer && peer.FailedOverBy == node.ID && !peer.IsStatic { + peerEndpoint = nil + } peerConfig.Endpoint = &net.UDPAddr{ IP: peerEndpoint,