extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-11-07 08:44:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
main
netbird/management/server/file_store.go

263 lines
7.7 KiB
Go
Raw Permalink Normal View History

Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config
2021-07-30 17:46:38 +02:00
package server
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
import (
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
"context"
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
"os"
"path/filepath"
"strings"
"sync"
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
"time"
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
[management] Remove redundant get account calls in GetAccountFromToken (#2615) * refactor access control middleware and user access by JWT groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor jwt groups extractor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to get account when necessary Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * revert handles change Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove GetUserByID from account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims to return account id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to use GetAccountIDFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByName from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByID from store and refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor retrieval of policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user permissions and retrieves PAT Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor route, setupkey, nameserver and dns to get record(s) from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix add missing policy source posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add store lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add get account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-09-27 16:10:50 +02:00
"github.com/rs/xid"
log "github.com/sirupsen/logrus"
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
[management] Remove file store (#2689)
2024-10-03 15:50:35 +02:00
nbgroup "github.com/netbirdio/netbird/management/server/group"
nbpeer "github.com/netbirdio/netbird/management/server/peer"
"github.com/netbirdio/netbird/management/server/telemetry"
Rename module to netbirdio/netbird (#288) rename the go module to netbirdio/netbird as part of our rebranding.
2022-03-26 12:08:54 +01:00
"github.com/netbirdio/netbird/util"
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
)
// storeFileName Store file name. Stored in the datadir
const storeFileName = "store.json"
docs: minor FilesStore corrections
2021-07-18 21:00:32 +02:00
// FileStore represents an account storage backed by a file persisted to disk
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
type FileStore struct {
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
Accounts map[string]*Account
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
SetupKeyID2AccountID map[string]string `json:"-"`
PeerKeyID2AccountID map[string]string `json:"-"`
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
PeerID2AccountID map[string]string `json:"-"`
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
UserID2AccountID map[string]string `json:"-"`
PrivateDomain2AccountID map[string]string `json:"-"`
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
HashedPAT2TokenID map[string]string `json:"-"`
TokenID2UserID map[string]string `json:"-"`
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
InstallationID string
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
// mutex to synchronise Store read/write operations
mux sync.Mutex `json:"-"`
storeFile string `json:"-"`
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
Add telemetry to measure app durations (#878)
2023-05-19 11:42:25 +02:00
metrics telemetry.AppMetrics `json:"-"`
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
}
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
// NewFileStore restores a store from the file located in the datadir
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func NewFileStore(ctx context.Context, dataDir string, metrics telemetry.AppMetrics) (*FileStore, error) {
fs, err := restore(ctx, filepath.Join(dataDir, storeFileName))
Add telemetry to measure app durations (#878)
2023-05-19 11:42:25 +02:00
if err != nil {
return nil, err
}
fs.metrics = metrics
return fs, nil
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
// restore the state of the store from the file.
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
// Creates a new empty store file if doesn't exist
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func restore(ctx context.Context, file string) (*FileStore, error) {
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
if _, err := os.Stat(file); os.IsNotExist(err) {
// create a new FileStore if previously didn't exist (e.g. first run)
s := &FileStore{
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
Accounts: make(map[string]*Account),
mux: sync.Mutex{},
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
SetupKeyID2AccountID: make(map[string]string),
PeerKeyID2AccountID: make(map[string]string),
UserID2AccountID: make(map[string]string),
PrivateDomain2AccountID: make(map[string]string),
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
PeerID2AccountID: make(map[string]string),
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
HashedPAT2TokenID: make(map[string]string),
TokenID2UserID: make(map[string]string),
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
storeFile: file,
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
err = s.persist(ctx, file)
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
if err != nil {
return nil, err
}
return s, nil
}
read, err := util.ReadJson(file, &FileStore{})
if err != nil {
return nil, err
}
store := read.(*FileStore)
store.storeFile = file
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
store.SetupKeyID2AccountID = make(map[string]string)
store.PeerKeyID2AccountID = make(map[string]string)
store.UserID2AccountID = make(map[string]string)
store.PrivateDomain2AccountID = make(map[string]string)
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
store.PeerID2AccountID = make(map[string]string)
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
store.HashedPAT2TokenID = make(map[string]string)
store.TokenID2UserID = make(map[string]string)
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
for accountID, account := range store.Accounts {
Add account settings (#686) Add account settings with a global peer expiration flag and duration
2023-02-13 15:07:15 +01:00
if account.Settings == nil {
account.Settings = &Settings{
PeerLoginExpirationEnabled: false,
PeerLoginExpiration: DefaultPeerLoginExpiration,
Add session expire functionality based on inactivity (#2326) Implemented inactivity expiration by checking the status of a peer: after a configurable period of time following netbird down, the peer shows login required.
2024-10-13 14:52:43 +02:00
PeerInactivityExpirationEnabled: false,
PeerInactivityExpiration: DefaultPeerInactivityExpiration,
Add account settings (#686) Add account settings with a global peer expiration flag and duration
2023-02-13 15:07:15 +01:00
}
Add peer login expiration (#682) This PR adds a peer login expiration logic that requires peers created by a user to re-authenticate (re-login) after a certain threshold of time (24h by default). The Account object now has a PeerLoginExpiration property that indicates the duration after which a peer's login will expire and a login will be required. Defaults to 24h. There are two new properties added to the Peer object: LastLogin that indicates the last time peer successfully used the Login gRPC endpoint and LoginExpirationEnabled that enables/disables peer login expiration. The login expiration logic applies only to peers that were created by a user and not those that were added with a setup key.
2023-02-13 12:21:02 +01:00
}
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
for setupKeyId := range account.SetupKeys {
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
store.SetupKeyID2AccountID[strings.ToUpper(setupKeyId)] = accountID
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config
2021-07-30 17:46:38 +02:00
for _, peer := range account.Peers {
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
store.PeerKeyID2AccountID[peer.Key] = accountID
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
store.PeerID2AccountID[peer.ID] = accountID
Extend Management to support peer changes distribution (#55) * feature: add peer sync and a server public key endpoints * test: add Management.Sync() gRpc endpoint test * feat: implement peer sync * docs: added some comments to the Management server * chore: use for loop over channel when monitoring peer updates * fix: exit infinite loop when sending updates to peers * test: add multiple concurrent peers test for management service * chore: remove unused test * fix: reduce the amount peers for a concurrent peer update test Co-authored-by: braginini <m.bragin@wiretrustee.com>
2021-07-22 10:28:00 +02:00
}
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
for _, user := range account.Users {
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
store.UserID2AccountID[user.Id] = accountID
Extends management user and group structure (#1268) * extends user and group structure by introducing fields for issued and integration references * Add integration checks to group management to prevent groups added by integration. * Add integration checks to user management to prevent deleting user added by integration. * Fix broken user update tests * Initialize all user fields for testing * Change a serializer option to embedded for IntegrationReference in user and group models * Add issued field to user api response * Add IntegrationReference to Group in update groups handler * Set the default issued field for users in file store
2023-11-01 11:04:17 +01:00
if user.Issued == "" {
user.Issued = UserIssuedAPI
account.Users[user.Id] = user
}
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
for _, pat := range user.PATs {
store.TokenID2UserID[pat.ID] = user.Id
store hashed token base64 encoded
2023-03-29 15:21:53 +02:00
store.HashedPAT2TokenID[pat.HashedToken] = pat.ID
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
}
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
if account.Domain != "" && account.DomainCategory == PrivateCategory &&
account.IsDomainPrimaryAccount {
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
store.PrivateDomain2AccountID[account.Domain] = accountID
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
}
Move dns label generation to store (#552)
2022-11-08 10:31:34 +01:00
Feat linux firewall support (#805) Update the client's engine to apply firewall rules received from the manager (results of ACL policy).
2023-05-29 16:00:18 +02:00
// TODO: delete this block after migration
Fix broken auto-generated Rego rule (#769) Default Rego policy generated from the rules in some cases is broken. This change fixes the Rego template for rules to generate policies. Also, file store load constantly regenerates policy objects from rules. It allows updating/fixing of the default Rego template during releases.
2023-04-01 12:02:08 +02:00
policies := make(map[string]int, len(account.Policies))
for i, policy := range account.Policies {
policies[policy.ID] = i
Feat linux firewall support (#805) Update the client's engine to apply firewall rules received from the manager (results of ACL policy).
2023-05-29 16:00:18 +02:00
policy.UpgradeAndFix()
Fix broken auto-generated Rego rule (#769) Default Rego policy generated from the rules in some cases is broken. This change fixes the Rego template for rules to generate policies. Also, file store load constantly regenerates policy objects from rules. It allows updating/fixing of the default Rego template during releases.
2023-04-01 12:02:08 +02:00
}
if account.Policies == nil {
Feat rego default policy (#700) Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 15:14:18 +01:00
account.Policies = make([]*Policy, 0)
Fix broken auto-generated Rego rule (#769) Default Rego policy generated from the rules in some cases is broken. This change fixes the Rego template for rules to generate policies. Also, file store load constantly regenerates policy objects from rules. It allows updating/fixing of the default Rego template during releases.
2023-04-01 12:02:08 +02:00
}
Feat rego default policy (#700) Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 15:14:18 +01:00
Move dns label generation to store (#552)
2022-11-08 10:31:34 +01:00
// for data migration. Can be removed once most base will be with labels
existingLabels := account.getPeerDNSLabels()
if len(existingLabels) != len(account.Peers) {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
addPeerLabelsToAccount(ctx, account, existingLabels)
Move dns label generation to store (#552)
2022-11-08 10:31:34 +01:00
}
Add network routes distribution groups (#606) Updated tests, API, and account manager methods Sync routes to peers in the distribution groups Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
JWT Groups support (#966) Get groups from the JWT tokens if the feature enabled for the account
2023-06-27 16:51:05 +02:00
// TODO: delete this block after migration
// Set API as issuer for groups which has not this field
for _, group := range account.Groups {
if group.Issued == "" {
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
group.Issued = nbgroup.GroupIssuedAPI
JWT Groups support (#966) Get groups from the JWT tokens if the feature enabled for the account
2023-06-27 16:51:05 +02:00
}
}
Add network routes distribution groups (#606) Updated tests, API, and account manager methods Sync routes to peers in the distribution groups Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
allGroup, err := account.GetGroupAll()
if err != nil {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
log.WithContext(ctx).Errorf("unable to find the All group, this should happen only when migrate from a version that didn't support groups. Error: %v", err)
Add network routes distribution groups (#606) Updated tests, API, and account manager methods Sync routes to peers in the distribution groups Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
// if the All group didn't exist we probably don't have routes to update
continue
}
for _, route := range account.Routes {
if len(route.Groups) == 0 {
route.Groups = []string{allGroup.ID}
}
}
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
// migration to Peer.ID from Peer.Key.
// Old peers that require migration have an empty Peer.ID in the store.json.
// Generate new ID with xid for these peers.
// Set the Peer.ID to the newly generated value.
// Replace all the mentions of Peer.Key as ID (groups and routes).
// Swap Peer.Key with Peer.ID in the Account.Peers map.
extract peer into seperate package
2023-11-28 13:45:26 +01:00
migrationPeers := make(map[string]*nbpeer.Peer) // key to Peer
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
for key, peer := range account.Peers {
Use global login expiration setting when sending network map (#731) Peers were considered expired and not sent to remote peers when global expiration was disabled.
2023-03-09 11:24:42 +01:00
// set LastLogin for the peers that were onboarded before the peer login expiration feature
if peer.LastLogin.IsZero() {
use UTC everywhere in server
2023-04-03 15:09:35 +02:00
peer.LastLogin = time.Now().UTC()
Use global login expiration setting when sending network map (#731) Peers were considered expired and not sent to remote peers when global expiration was disabled.
2023-03-09 11:24:42 +01:00
}
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
if peer.ID != "" {
continue
}
id := xid.New().String()
peer.ID = id
migrationPeers[key] = peer
}
if len(migrationPeers) > 0 {
// swap Peer.Key with Peer.ID in the Account.Peers map.
for key, peer := range migrationPeers {
delete(account.Peers, key)
account.Peers[peer.ID] = peer
store.PeerID2AccountID[peer.ID] = accountID
}
// detect groups that have Peer.Key as a reference and replace it with ID.
for _, group := range account.Groups {
for i, peer := range group.Peers {
if p, ok := migrationPeers[peer]; ok {
group.Peers[i] = p.ID
}
}
}
Feat rego default policy (#700) Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 15:14:18 +01:00
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
// detect routes that have Peer.Key as a reference and replace it with ID.
for _, route := range account.Routes {
if peer, ok := migrationPeers[route.Peer]; ok {
route.Peer = peer.ID
}
}
}
Extend Management to support peer changes distribution (#55) * feature: add peer sync and a server public key endpoints * test: add Management.Sync() gRpc endpoint test * feat: implement peer sync * docs: added some comments to the Management server * chore: use for loop over channel when monitoring peer updates * fix: exit infinite loop when sending updates to peers * test: add multiple concurrent peers test for management service * chore: remove unused test * fix: reduce the amount peers for a concurrent peer update test Co-authored-by: braginini <m.bragin@wiretrustee.com>
2021-07-22 10:28:00 +02:00
}
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
// we need this persist to apply changes we made to account.Peers (we set them to Disconnected)
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
err = store.persist(ctx, store.storeFile)
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
if err != nil {
return nil, err
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
return store, nil
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
// persist account data to a file
// It is recommended to call it with locking FileStore.mux
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (s *FileStore) persist(ctx context.Context, file string) error {
Add telemetry to measure app durations (#878)
2023-05-19 11:42:25 +02:00
start := time.Now()
err := util.WriteJson(file, s)
if err != nil {
return err
}
took := time.Since(start)
if s.metrics != nil {
s.metrics.StoreMetrics().CountPersistenceDuration(took)
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
log.WithContext(ctx).Debugf("took %d ms to persist the FileStore", took.Milliseconds())
Add telemetry to measure app durations (#878)
2023-05-19 11:42:25 +02:00
return nil
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
}
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
// GetAllAccounts returns all accounts
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (s *FileStore) GetAllAccounts(_ context.Context) (all []*Account) {
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
s.mux.Lock()
defer s.mux.Unlock()
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
for _, a := range s.Accounts {
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
all = append(all, a.Copy())
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
}
return all
}
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
// Close the FileStore persisting data to disk
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (s *FileStore) Close(ctx context.Context) error {
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
s.mux.Lock()
defer s.mux.Unlock()
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
log.WithContext(ctx).Infof("closing FileStore")
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
return s.persist(ctx, s.storeFile)
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
}
Implement SQLite Store using gorm and relational approach (#1065) Restructure data handling for improved performance and flexibility. Introduce 'G'-prefixed fields to represent Gorm relations, simplifying resource management. Eliminate complexity in lookup tables for enhanced query and write speed. Enable independent operations on data structures, requiring adjustments in the Store interface and Account Manager.
2023-10-12 15:42:36 +02:00
Move StoreKind under own StoreConfig configuration and rename to Engine (#1219) * Move StoreKind under own StoreConfig configuration parameter * Rename StoreKind option to Engine * Rename StoreKind internal methods and types to Engine * Add template engine value test --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2023-10-16 11:19:39 +02:00
// GetStoreEngine returns FileStoreEngine
func (s *FileStore) GetStoreEngine() StoreEngine {
return FileStoreEngine
Implement SQLite Store using gorm and relational approach (#1065) Restructure data handling for improved performance and flexibility. Introduce 'G'-prefixed fields to represent Gorm relations, simplifying resource management. Eliminate complexity in lookup tables for enhanced query and write speed. Enable independent operations on data structures, requiring adjustments in the Store interface and Account Manager.
2023-10-12 15:42:36 +02:00
}
Reference in New Issue Copy Permalink