diff --git a/pkg/cluster/rings.go b/pkg/cluster/rings.go index 161f4a5..69c85c9 100644 --- a/pkg/cluster/rings.go +++ b/pkg/cluster/rings.go @@ -6,6 +6,7 @@ import ( "net/netip" "strconv" + "darvaza.org/core" "git.jpi.io/amery/jpictl/pkg/rings" "git.jpi.io/amery/jpictl/pkg/wireguard" ) @@ -225,17 +226,28 @@ func (r *Ring) setRingZeroAllowedIPs(rp *RingPeer) { rp.AllowCIDR(rp.Address, 32) } +// revive:disable:cognitive-complexity func (r *Ring) setRingOneGatewayAllowedIPs(rp *RingPeer) { + // revive:enable:cognitive-complexity regionID, zoneID, _, _ := r.Decode(rp.Address) // peer rp.AllowCIDR(rp.Address, 32) // ring1 gateways connect to all other ring1 networks - r.ForEachZone(func(z *Zone) bool { - if !z.Is(regionID, zoneID) { - subnet := z.RingOnePrefix() - rp.AllowSubnet(subnet) + m, ok := r.ZoneIterator.(RegionIterator) + if !ok { + panic("Cannot iterate Region from Zone") + } + m.ForEachRegion(func(r2 *Region) bool { + if r2.IsPrimary() { + r.ForEachZone(func(z *Zone) bool { + if !z.Is(regionID, zoneID) { + subnet := z.RingOnePrefix() + rp.AllowSubnet(subnet) + } + return false + }) } return false }) @@ -316,7 +328,9 @@ func (rp *RingPeer) AllowCIDR(addr netip.Addr, bits int) { // AllowSubnet allows an IP range via this peer func (rp *RingPeer) AllowSubnet(subnet netip.Prefix) { - rp.PeerConfig.AllowedIPs = append(rp.PeerConfig.AllowedIPs, subnet) + if !core.SliceContains(rp.PeerConfig.AllowedIPs, subnet) { + rp.PeerConfig.AllowedIPs = append(rp.PeerConfig.AllowedIPs, subnet) + } } // NewRing composes a new Ring for Wireguard setup