Fixes network filter for firewall sso and log less verbose when you have

hundred of firewalls.
inverse-inc · Apr 25, 2024 · 7a020d8 · 7a020d8
1 parent 36dcc5b
commit 7a020d8
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 6 deletions.
diff --git a/go/firewallsso/base.go b/go/firewallsso/base.go
@@ -263,7 +263,7 @@ func ExecuteStart(ctx context.Context, fw FirewallSSOInt, info map[string]string
 	if !fw.CheckStatus(ctx, info) {
 		return false, nil
 	}
-	log.LoggerWContext(ctx).Info("Processing SSO Start")
+
 	if !fw.MatchesRole(ctx, info) {
 		log.LoggerWContext(ctx).Debug(fmt.Sprintf("Not sending SSO for user device %s since it doesn't match the role", info["role"]))
 		return false, nil
@@ -273,7 +273,7 @@ func ExecuteStart(ctx context.Context, fw FirewallSSOInt, info map[string]string
 		log.LoggerWContext(ctx).Debug(fmt.Sprintf("Not sending SSO for IP %s since it doesn't match any configured network", info["ip"]))
 		return false, nil
 	}
-
+	log.LoggerWContext(ctx).Info("Processing SSO Start")
 	// We change the username with the way it is expected given the format of this firewall
 	info["username"] = fw.FormatUsername(ctx, info)
 
@@ -291,13 +291,12 @@ func ExecuteStart(ctx context.Context, fw FirewallSSOInt, info map[string]string
 // Makes sure to call FirewallSSO.Start and to validate the network if necessary
 func ExecuteStop(ctx context.Context, fw FirewallSSOInt, info map[string]string) (bool, error) {
 	ctx = log.AddToLogContext(ctx, "firewall-id", fw.GetFirewallSSO(ctx).PfconfigHashNS)
-	log.LoggerWContext(ctx).Info("Processing SSO Stop")
 
 	if !fw.MatchesNetwork(ctx, info) {
 		log.LoggerWContext(ctx).Debug(fmt.Sprintf("Not sending SSO for IP %s since it doesn't match any configured network", info["ip"]))
 		return false, nil
 	}
-
+	log.LoggerWContext(ctx).Info("Processing SSO Stop")
 	// We change the username with the way it is expected given the format of this firewall
 	info["username"] = fw.FormatUsername(ctx, info)
 

diff --git a/lib/pfconfig/namespaces/config/Firewall_SSO.pm b/lib/pfconfig/namespaces/config/Firewall_SSO.pm
@@ -18,7 +18,6 @@ use strict;
 use warnings;
 
 use pfconfig::namespaces::config;
-use pfconfig::objects::NetAddr::IP;
 use pf::file_paths qw($firewall_sso_config_file);
 
 use base 'pfconfig::namespaces::config';
@@ -34,7 +33,7 @@ sub build_child {
     my %tmp_cfg = %{ $self->{cfg} };
     while ( my ($key, $item) = each %tmp_cfg ) {
         $self->cleanup_after_read( $key, $item);
-        $item->{networks} = [map { pfconfig::objects::NetAddr::IP->new($_) // () } @{$item->{networks}}];
+        $item->{networks} = [map { { cidr => $_ } } @{$item->{networks}}];
     }
 
     $self->roleReverseLookup(\%tmp_cfg, 'firewall_sso', qw(categories));