feat(acl): add rules for ACL#306
Conversation
gigovich
force-pushed
the
feat-access-control-rules
branch
2 times, most recently
from
6df0bf0 to
21bb71a
Compare
gigovich
force-pushed
the
feat-access-control-rules
branch
from
21bb71a to
6bbb67f
Compare
gigovich
force-pushed
the
feat-access-control-rules
branch
from
6bbb67f to
37744b7
Compare
gigovich
force-pushed
the
feat-access-control-rules
branch
2 times, most recently
from
df66557 to
f98b5de
Compare
gigovich
force-pushed
the
feat-access-control-rules
branch
from
f98b5de to
bcb5982
Compare
| return | ||
| } | ||
|
|
||
| writeJSONObject(w, account.Rules) |
There was a problem hiding this comment.
Any particular reason why we return a map not a list of rules?
All other endpoints return [peers] or [users].
This one returns a map.
{
"ca2im93lo1hs0mlug03g": {
"ID": "ca2im93lo1hs0mlug03g",
"Name": "Default",
"Source": [
"ca2im93lo1hs0mlug030"
],
"Destination": [
"ca2im93lo1hs0mlug030"
],
"Flow": 0
}
}
I propose returning rules in such a structure:
[
{
"ID":"ca2im93lo1hs0mlug03g",
"Name":"Default",
"Source":[
"ca2im93lo1hs0mlug030"
],
"Destination":[
"ca2im93lo1hs0mlug030"
],
"Flow":0
}
]
It will be much easier to handle on the UI side because all the Table components are built to handle an array.
Also this way we are more consistent with our API
P.S. The same applies to the /api/groups endpoint
There was a problem hiding this comment.
I also think that returning account.Rules is a bit dangerous because it is our internal structure.
It might be that we rename fields internally or would like to change how fields are returned.
I'd suggest creating a RuleResponse struct to return (see PeerRersponse for example). Let's be consistent here as well.
P.S. The same applies to the /api/groups endpoint
There was a problem hiding this comment.
See proposed changes below
| return | ||
| } | ||
|
|
||
| writeJSONObject(w, account.Rules) |
There was a problem hiding this comment.
| writeJSONObject(w, account.Rules) | |
| var respBody []*RuleResponse | |
| for _, rule := range account.Rules { | |
| respBody = append(respBody, toRuleResponse(rule)) | |
| } | |
| writeJSONObject(w, respBody) |
| authAudience string | ||
| jwtExtractor jwtclaims.ClaimsExtractor | ||
| } | ||
|
|
There was a problem hiding this comment.
| type RuleResponse struct { | |
| ID string | |
| Name string | |
| Sources []string | |
| Destinations []string | |
| Flow server.TrafficFlowType | |
| Enabled bool | |
| } | |
| } | ||
|
|
||
| return account, nil | ||
| } |
There was a problem hiding this comment.
| } | |
| } | |
| func toRuleResponse(rule *server.Rule) *RuleResponse { | |
| return &RuleResponse{ | |
| Name: rule.Name, | |
| ID: rule.ID, | |
| Destinations: rule.Destination, | |
| Sources: rule.Source, | |
| Flow: rule.Flow, | |
| Enabled: true, | |
| } | |
| } |
braginini
left a comment
braginini
left a comment
There was a problem hiding this comment.
proposed changes applied
See
#306 (comment)
|
Another point. We return Source and Destination groups IDs but no Name. This: Replace With this |
gigovich
force-pushed
the
feat-access-control-rules
branch
from
cc13eb9 to
b6799c4
Compare
braginini
left a comment
braginini
left a comment
There was a problem hiding this comment.
It seems like a peer is not removed from the groups when peer is deleted from the account
management Server fails with NPE when:
- add 2 peers
- remove 1 peer
- add 1 peer <-NPE on am.GetNetworkMap in
for _, pid := range g.Peers {
peer := account.Peers[pid]
// exclude original peer
if peer.Key != peerKey {
res = append(res, peer.Copy())
}
}
}
Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
3 participants
No description provided.