zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2026-04-22 16:07:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

NM-195: fix posture check for untagged resources (#3779)

Browse Source 
* NM-195: fix posture check for untagged resources

* NM-195: reduce default cleanup interval

* NM-195: reduce default cleanup interval
This commit is contained in:
Abhishek Kondur
2025-12-15 14:35:29 +04:00
committed by GitHub
parent 36a88544af
commit 4853c9c1a1
2 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
migrate/migrate.go
+1 -1
View File
@@ -922,7 +922,7 @@ func migrateSettings() {
settings.PostureCheckInterval = "30"
}
if settings.CleanUpInterval == 0 {
settings.CleanUpInterval = 60
settings.CleanUpInterval = 10
}
if settings.AuditLogsRetentionPeriodInDays == 0 {
settings.AuditLogsRetentionPeriodInDays = 7
pro/logic/posture_check.go
+26 -7
View File
@@ -104,8 +104,16 @@ func GetPostureCheckViolations(checks []schema.PostureCheck, d models.PostureChe
continue
}
// Check if tags match
if !d.IsUser && len(d.Tags) > 0 {
if _, ok := c.Tags["*"]; !ok {
if !d.IsUser {
// Check if posture check has wildcard tag - applies to all devices
if _, hasWildcard := c.Tags["*"]; hasWildcard {
// Wildcard tag matches all devices, continue to evaluate the check
} else if len(c.Tags) > 0 {
// Check has specific tags - device must have at least one matching tag
if len(d.Tags) == 0 {
// Device has no tags and check doesn't have wildcard, skip
continue
}
exists := false
for tagID := range c.Tags {
if _, ok := d.Tags[models.TagID(tagID)]; ok {
@@ -116,10 +124,20 @@ func GetPostureCheckViolations(checks []schema.PostureCheck, d models.PostureChe
if !exists {
continue
}
} else {
// Check has no tags configured, skip
continue
}
} else if d.IsUser && len(d.UserGroups) > 0 {
if _, ok := c.UserGroups["*"]; !ok {
} else if d.IsUser {
// Check if posture check has wildcard user group - applies to all users
if _, hasWildcard := c.UserGroups["*"]; hasWildcard {
// Wildcard user group matches all users, continue to evaluate the check
} else if len(c.UserGroups) > 0 {
// Check has specific user groups - user must have at least one matching group
if len(d.UserGroups) == 0 {
// User has no groups and check doesn't have wildcard, skip
continue
}
exists := false
for userG := range c.UserGroups {
if _, ok := d.UserGroups[models.UserGroupID(userG)]; ok {
@@ -130,9 +148,10 @@ func GetPostureCheckViolations(checks []schema.PostureCheck, d models.PostureChe
if !exists {
continue
}
} else {
// Check has no user groups configured, skip
continue
}
} else {
continue
}
checksByAttribute[c.Attribute] = append(checksByAttribute[c.Attribute], c)