zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2026-04-22 16:07:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
b1f348e71dc601306d0da77cc3a4d4a489969665
netmaker/pro/controllers/posture_check.go
T
Abhishek Kondur b1f348e71d NM-288: populate relevant name for acl types for UI (#3941) 
* fix(go): set persistent keep alive when registering host using sso;

* fix(go): run posture check violations on delete;

* fix(go): upsert node on approving pending host;

* fix(go): resolve concurrency issues during group delete cleanup;

* fix(go): update doc links;

* fix(go): add created and updated fields to host;

* fix(go): skip delete and update superadmin on sync users;

* fix(go): use conn directly for now;

* fix(go): remove acl for idp groups;

* fix(go): quote fields;

* fix(go): use filters with count;

* feat(go): add a search query;

* fix(go): cleanup acls;

* fix(go): review fixes;

* fix(go): remove additional loop;

* fix(go): fix

* v1.5.1: separate out idp sync and reset signals for HA

* v1.5.1: add grps with name for logging

* v1.5.1: clear posture check violations when all checks are deleted

* v1.5.1: set static when default host

* v1.5.1: fix db status check

* rm set max conns

* v1.5.1: reset auto assigned gw when disconnected

* fix(go): skip global network admin and user groups when splitting;

* v1.5.1: fix update node call from client

* fix(go): separate out migration from normal usage;

* fix(go): skip default groups;

* fix(go): create policies for existing groups on network create;

* fix(go): skip fatal log on clickhouse conn;

* fix(go): add posture check cleanup;

* NM-288: populate relevant name for acl types for UI

* NM-288: populate grp names for posture check apis

* NM-228: add network grps api

* NM-288: add network users api

* now check each group's NetworkRoles for either the specific network ID or schema.AllNetworks (all_networks)

* NM-288: check and unassign auto gw when node is disconnected from cli

* NM-288: optimise network users api call

* NM-288: block auto assign when set to use inet gw

---------

Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
2026-03-30 19:01:26 +05:30

360 lines
11 KiB
Go
Raw Blame History

package controllers
import (
"context"
"encoding/json"
"errors"
"net/http"
"time"
"github.com/google/uuid"
"github.com/gorilla/mux"
"github.com/gravitl/netmaker/db"
"github.com/gravitl/netmaker/logger"
"github.com/gravitl/netmaker/logic"
"github.com/gravitl/netmaker/models"
"github.com/gravitl/netmaker/mq"
proLogic "github.com/gravitl/netmaker/pro/logic"
"github.com/gravitl/netmaker/schema"
)
func PostureCheckHandlers(r *mux.Router) {
r.HandleFunc("/api/v1/posture_check", logic.SecurityCheck(true, http.HandlerFunc(createPostureCheck))).Methods(http.MethodPost)
r.HandleFunc("/api/v1/posture_check", logic.SecurityCheck(true, http.HandlerFunc(listPostureChecks))).Methods(http.MethodGet)
r.HandleFunc("/api/v1/posture_check", logic.SecurityCheck(true, http.HandlerFunc(updatePostureCheck))).Methods(http.MethodPut)
r.HandleFunc("/api/v1/posture_check", logic.SecurityCheck(true, http.HandlerFunc(deletePostureCheck))).Methods(http.MethodDelete)
r.HandleFunc("/api/v1/posture_check/attrs", logic.SecurityCheck(true, http.HandlerFunc(listPostureChecksAttrs))).Methods(http.MethodGet)
r.HandleFunc("/api/v1/posture_check/violations", logic.SecurityCheck(true, http.HandlerFunc(listPostureCheckViolatedNodes))).Methods(http.MethodGet)
}
// @Summary List Posture Checks Available Attributes
// @Router /api/v1/posture_check/attrs [get]
// @Tags Posture Check
// @Security oauth
// @Produce json
// @Success 200 {object} models.SuccessResponse
// @Failure 400 {object} models.ErrorResponse
// @Failure 401 {object} models.ErrorResponse
// @Failure 500 {object} models.ErrorResponse
func listPostureChecksAttrs(w http.ResponseWriter, r *http.Request) {
logic.ReturnSuccessResponseWithJson(w, r, schema.PostureCheckAttrValues, "fetched posture checks")
}
// @Summary Create Posture Check
// @Router /api/v1/posture_check [post]
// @Tags Posture Check
// @Security oauth
// @Accept json
// @Produce json
// @Param body body schema.PostureCheck true "Posture Check payload"
// @Success 200 {object} schema.PostureCheck
// @Failure 400 {object} models.ErrorResponse
// @Failure 401 {object} models.ErrorResponse
// @Failure 500 {object} models.ErrorResponse
func createPostureCheck(w http.ResponseWriter, r *http.Request) {
var req schema.PostureCheck
err := json.NewDecoder(r.Body).Decode(&req)
if err != nil {
logger.Log(0, "error decoding request body: ",
err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
if err := proLogic.ValidatePostureCheck(&req); err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
pc := schema.PostureCheck{
ID: uuid.New().String(),
Name: req.Name,
NetworkID: req.NetworkID,
Description: req.Description,
Tags: req.Tags,
UserGroups: req.UserGroups,
Attribute: req.Attribute,
Values: req.Values,
Severity: req.Severity,
Status: true,
CreatedBy: r.Header.Get("user"),
CreatedAt: time.Now().UTC(),
}
err = pc.Create(db.WithContext(r.Context()))
if err != nil {
logic.ReturnErrorResponse(
w,
r,
logic.FormatError(errors.New("error creating posture check "+err.Error()), logic.Internal),
)
return
}
logic.LogEvent(&models.Event{
Action: schema.Create,
Source: models.Subject{
ID: r.Header.Get("user"),
Name: r.Header.Get("user"),
Type: schema.UserSub,
},
TriggeredBy: r.Header.Get("user"),
Target: models.Subject{
ID: pc.ID,
Name: pc.Name,
Type: schema.PostureCheckSub,
},
NetworkID: schema.NetworkID(pc.NetworkID),
Origin: schema.Dashboard,
})
go mq.PublishPeerUpdate(false)
go proLogic.RunPostureChecks()
proLogic.PopulatePostureCheckGroupNames([]schema.PostureCheck{pc})
logic.ReturnSuccessResponseWithJson(w, r, pc, "created posture check")
}
// @Summary List Posture Checks
// @Router /api/v1/posture_check [get]
// @Tags Posture Check
// @Security oauth
// @Produce json
// @Param network query string true "Network ID"
// @Param id query string false "Posture Check ID to fetch a specific check"
// @Success 200 {array} schema.PostureCheck
// @Failure 400 {object} models.ErrorResponse
// @Failure 401 {object} models.ErrorResponse
// @Failure 500 {object} models.ErrorResponse
func listPostureChecks(w http.ResponseWriter, r *http.Request) {
network := r.URL.Query().Get("network")
if network == "" {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("network is required"), logic.BadReq))
return
}
err := (&schema.Network{Name: network}).Get(r.Context())
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("network not found"), logic.BadReq))
return
}
id := r.URL.Query().Get("id")
if id != "" {
pc := schema.PostureCheck{ID: id}
err := pc.Get(db.WithContext(r.Context()))
if err != nil {
logic.ReturnErrorResponse(
w,
r,
logic.FormatError(errors.New("error listing posture checks "+err.Error()), "internal"),
)
return
}
proLogic.PopulatePostureCheckGroupNames([]schema.PostureCheck{pc})
logic.ReturnSuccessResponseWithJson(w, r, pc, "fetched posture check")
return
}
pc := schema.PostureCheck{NetworkID: schema.NetworkID(network)}
list, err := pc.ListByNetwork(db.WithContext(r.Context()))
if err != nil {
logic.ReturnErrorResponse(
w,
r,
logic.FormatError(errors.New("error listing posture checks "+err.Error()), "internal"),
)
return
}
proLogic.PopulatePostureCheckGroupNames(list)
logic.ReturnSuccessResponseWithJson(w, r, list, "fetched posture checks")
}
// @Summary Update Posture Check
// @Router /api/v1/posture_check [put]
// @Tags Posture Check
// @Security oauth
// @Accept json
// @Produce json
// @Param body body schema.PostureCheck true "Posture Check payload"
// @Success 200 {object} schema.PostureCheck
// @Failure 400 {object} models.ErrorResponse
// @Failure 401 {object} models.ErrorResponse
// @Failure 500 {object} models.ErrorResponse
func updatePostureCheck(w http.ResponseWriter, r *http.Request) {
var updatePc schema.PostureCheck
err := json.NewDecoder(r.Body).Decode(&updatePc)
if err != nil {
logger.Log(0, "error decoding request body: ",
err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
if err := proLogic.ValidatePostureCheck(&updatePc); err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
pc := schema.PostureCheck{ID: updatePc.ID}
err = pc.Get(db.WithContext(r.Context()))
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
var updateStatus bool
if updatePc.Status != pc.Status {
updateStatus = true
}
event := &models.Event{
Action: schema.Update,
Source: models.Subject{
ID: r.Header.Get("user"),
Name: r.Header.Get("user"),
Type: schema.UserSub,
},
TriggeredBy: r.Header.Get("user"),
Target: models.Subject{
ID: pc.ID,
Name: updatePc.Name,
Type: schema.PostureCheckSub,
},
Diff: models.Diff{
Old: pc,
New: updatePc,
},
NetworkID: schema.NetworkID(pc.NetworkID),
Origin: schema.Dashboard,
}
pc.Tags = updatePc.Tags
pc.UserGroups = updatePc.UserGroups
pc.Attribute = updatePc.Attribute
pc.Values = updatePc.Values
pc.Description = updatePc.Description
pc.Name = updatePc.Name
pc.Severity = updatePc.Severity
pc.Status = updatePc.Status
pc.UpdatedAt = time.Now().UTC()
err = pc.Update(db.WithContext(context.TODO()))
if err != nil {
logic.ReturnErrorResponse(
w,
r,
logic.FormatError(errors.New("error updating posture check "+err.Error()), "internal"),
)
return
}
if updateStatus {
pc.UpdateStatus(db.WithContext(context.TODO()))
}
logic.LogEvent(event)
go mq.PublishPeerUpdate(false)
go proLogic.RunPostureChecks()
proLogic.PopulatePostureCheckGroupNames([]schema.PostureCheck{pc})
logic.ReturnSuccessResponseWithJson(w, r, pc, "updated posture check")
}
// @Summary Delete Posture Check
// @Router /api/v1/posture_check [delete]
// @Tags Posture Check
// @Security oauth
// @Produce json
// @Param id query string true "Posture Check ID"
// @Success 200 {object} schema.PostureCheck
// @Failure 400 {object} models.ErrorResponse
// @Failure 401 {object} models.ErrorResponse
// @Failure 500 {object} models.ErrorResponse
func deletePostureCheck(w http.ResponseWriter, r *http.Request) {
id := r.URL.Query().Get("id")
if id == "" {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("id is required"), "badrequest"))
return
}
pc := schema.PostureCheck{ID: id}
err := pc.Get(db.WithContext(r.Context()))
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, logic.BadReq))
return
}
err = pc.Delete(db.WithContext(r.Context()))
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, logic.Internal))
return
}
logic.LogEvent(&models.Event{
Action: schema.Delete,
Source: models.Subject{
ID: r.Header.Get("user"),
Name: r.Header.Get("user"),
Type: schema.UserSub,
},
TriggeredBy: r.Header.Get("user"),
Target: models.Subject{
ID: pc.ID,
Name: pc.Name,
Type: schema.PostureCheckSub,
},
NetworkID: schema.NetworkID(pc.NetworkID),
Origin: schema.Dashboard,
Diff: models.Diff{
Old: pc,
New: nil,
},
})
go mq.PublishPeerUpdate(false)
go proLogic.RunPostureChecks()
logic.ReturnSuccessResponseWithJson(w, r, pc, "deleted posture check")
}
// @Summary List Posture Check violated Nodes
// @Router /api/v1/posture_check/violations [get]
// @Tags Posture Check
// @Security oauth
// @Produce json
// @Param network query string true "Network ID"
// @Param users query string false "If 'true', list violated users instead of nodes"
// @Success 200 {array} models.ApiNode
// @Failure 400 {object} models.ErrorResponse
// @Failure 401 {object} models.ErrorResponse
// @Failure 500 {object} models.ErrorResponse
func listPostureCheckViolatedNodes(w http.ResponseWriter, r *http.Request) {
network := r.URL.Query().Get("network")
if network == "" {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("network is required"), logic.BadReq))
return
}
listViolatedusers := r.URL.Query().Get("users") == "true"
violatedNodes := []models.Node{}
if listViolatedusers {
extclients, err := logic.GetNetworkExtClients(network)
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, logic.BadReq))
return
}
for _, extclient := range extclients {
if extclient.DeviceID != "" {
if len(extclient.PostureChecksViolations) > 0 {
violatedNodes = append(violatedNodes, extclient.ConvertToStaticNode())
}
}
}
} else {
nodes, err := logic.GetNetworkNodes(network)
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, logic.BadReq))
return
}
for _, node := range nodes {
if len(node.PostureChecksViolations) > 0 {
violatedNodes = append(violatedNodes, node)
}
}
}
apiNodes := logic.GetAllNodesAPI(violatedNodes)
logic.SortApiNodes(apiNodes[:])
logic.ReturnSuccessResponseWithJson(w, r, apiNodes, "fetched posture checks violated nodes")
}
Reference in New Issue View Git Blame Copy Permalink