Add disable-cidr and enable-cidr commands

client/src/data_store.rs

@@ -171,6 +171,7 @@ mod tests {
                 name: "cidr".to_string(),
                 cidr: "10.0.0.0/24".parse().unwrap(),
                 parent: None,
+                is_disabled: false,
             },
         }]
     });

client/src/main.rs

@@ -9,10 +9,10 @@ use innernet_shared::{
     prompts, update_hosts_file,
     wg::{DeviceExt, PeerInfoExt},
     AddCidrOpts, AddDeleteAssociationOpts, AddPeerOpts, Association, AssociationContents, Cidr,
-    CidrTree, DeleteCidrOpts, EnableDisablePeerOpts, Endpoint, EndpointContents, HostsOpt,
-    InstallOpts, Interface, IoErrorContext, ListenPortOpts, NatOpts, NetworkOpts,
-    OverrideEndpointOpts, Peer, RedeemContents, RenameCidrOpts, RenamePeerOpts, ServerCapabilities,
-    State, WrappedIoError, REDEEM_TRANSITION_WAIT,
+    CidrTree, DeleteCidrOpts, EnableDisableCidrOpts, EnableDisablePeerOpts, Endpoint,
+    EndpointContents, HostsOpt, InstallOpts, Interface, IoErrorContext, ListenPortOpts, NatOpts,
+    NetworkOpts, OverrideEndpointOpts, Peer, RedeemContents, RenameCidrOpts, RenamePeerOpts,
+    ServerCapabilities, State, WrappedIoError, REDEEM_TRANSITION_WAIT,
 };
 use std::{
     io,
@@ -229,6 +229,22 @@ enum Command {
         sub_opts: EnableDisablePeerOpts,
     },
 
+    /// Disable an enabled CIDR
+    DisableCidr {
+        interface: Interface,
+
+        #[clap(flatten)]
+        sub_opts: EnableDisableCidrOpts,
+    },
+
+    /// Enable a disabled CIDR
+    EnableCidr {
+        interface: Interface,
+
+        #[clap(flatten)]
+        sub_opts: EnableDisableCidrOpts,
+    },
+
     /// Add an association between CIDRs
     AddAssociation {
         interface: Interface,
@@ -935,6 +951,31 @@ fn delete_association(
     Ok(())
 }
 
+fn enable_or_disable_cidr(
+    interface: &InterfaceName,
+    opts: &Opts,
+    enable: bool,
+    sub_opts: EnableDisableCidrOpts,
+) -> Result<(), Error> {
+    let InterfaceConfig { server, .. } =
+        InterfaceConfig::from_interface(&opts.config_dir, interface)?;
+    let api = Api::new(&server);
+    log::info!("Fetching CIDRs.");
+    let cidrs: Vec<Cidr> = api.http("GET", "/admin/cidrs")?;
+    if let Some(cidr) = prompts::enable_or_disable_cidr(&cidrs[..], &sub_opts, enable)? {
+        let endpoint = if enable { "enable" } else { "disable" };
+        let _: () = api.http("PUT", &format!("/admin/cidrs/{}/{}", cidr.id, endpoint))?;
+        log::info!(
+            "CIDR '{}' has been {}.",
+            cidr.name,
+            if enable { "enabled" } else { "disabled" }
+        );
+    } else {
+        log::info!("exiting without enabling or disabling CIDR.");
+    }
+    Ok(())
+}
+
 fn list_associations(interface: &InterfaceName, opts: &Opts) -> Result<(), Error> {
     let InterfaceConfig { server, .. } =
         InterfaceConfig::from_interface(&opts.config_dir, interface)?;
@@ -1345,6 +1386,14 @@ fn run(opts: &Opts) -> Result<(), Error> {
             interface,
             sub_opts,
         } => enable_or_disable_peer(&interface, opts, sub_opts, true)?,
+        Command::DisableCidr {
+            interface,
+            sub_opts,
+        } => enable_or_disable_cidr(&interface, opts, false, sub_opts)?,
+        Command::EnableCidr {
+            interface,
+            sub_opts,
+        } => enable_or_disable_cidr(&interface, opts, true, sub_opts)?,
         Command::AddAssociation {
             interface,
             sub_opts,

docker-tests/run-docker-tests.sh

@@ -179,6 +179,48 @@ test_short_lived_invitation() {
         --yes
 }
 
+test_cidr_disable_enable() {
+    info "Testing CIDR disable/enable functionality."
+
+    # First, disable all peers in the robots CIDR
+    info "Disabling peer2 in robots CIDR."
+    cmd docker exec "$PEER1_CONTAINER" innernet \
+        disable-peer evilcorp \
+        --name "peer2" \
+        --yes
+
+    # Now disable the robots CIDR
+    info "Disabling robots CIDR."
+    cmd docker exec "$PEER1_CONTAINER" innernet \
+        disable-cidr evilcorp \
+        --name "robots" \
+        --yes
+
+    # Try to enable peer2 (should fail)
+    info "Trying to enable peer2 while CIDR is disabled (should fail)."
+    if docker exec "$PEER1_CONTAINER" innernet \
+        enable-peer evilcorp \
+        --name "peer2" \
+        --yes 2>/dev/null; then
+        echo -e "\033[0;31mERROR: Enabling peer in disabled CIDR should have failed!\033[0m" 1>&2
+        exit 1
+    fi
+
+    # Re-enable the CIDR
+    info "Re-enabling robots CIDR."
+    cmd docker exec "$PEER1_CONTAINER" innernet \
+        enable-cidr evilcorp \
+        --name "robots" \
+        --yes
+
+    # Now enable peer2 (should succeed)
+    info "Enabling peer2 after CIDR is enabled."
+    cmd docker exec "$PEER1_CONTAINER" innernet \
+        enable-peer evilcorp \
+        --name "peer2" \
+        --yes
+}
+
 test_simultaneous_redemption() {
     info "Creating invitation for fourth and fifth peer from first peer."
     cmd docker exec "$PEER1_CONTAINER" innernet \