extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-11-07 16:54:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
6ad3847615
netbird/management/server/file_store.go

578 lines
16 KiB
Go
Raw Normal View History

Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config
2021-07-30 17:46:38 +02:00
package server
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
import (
"os"
"path/filepath"
"strings"
"sync"
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
"time"
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
Feat rego default policy (#700) Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 15:14:18 +01:00
"github.com/rs/xid"
log "github.com/sirupsen/logrus"
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
"github.com/netbirdio/netbird/management/server/status"
Add telemetry to measure app durations (#878)
2023-05-19 11:42:25 +02:00
"github.com/netbirdio/netbird/management/server/telemetry"
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
Rename module to netbirdio/netbird (#288) rename the go module to netbirdio/netbird as part of our rebranding.
2022-03-26 12:08:54 +01:00
"github.com/netbirdio/netbird/util"
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
)
// storeFileName Store file name. Stored in the datadir
const storeFileName = "store.json"
docs: minor FilesStore corrections
2021-07-18 21:00:32 +02:00
// FileStore represents an account storage backed by a file persisted to disk
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
type FileStore struct {
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
Accounts map[string]*Account
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
SetupKeyID2AccountID map[string]string `json:"-"`
PeerKeyID2AccountID map[string]string `json:"-"`
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
PeerID2AccountID map[string]string `json:"-"`
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
UserID2AccountID map[string]string `json:"-"`
PrivateDomain2AccountID map[string]string `json:"-"`
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
HashedPAT2TokenID map[string]string `json:"-"`
TokenID2UserID map[string]string `json:"-"`
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
InstallationID string
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
// mutex to synchronise Store read/write operations
mux sync.Mutex `json:"-"`
storeFile string `json:"-"`
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
// sync.Mutex indexed by accountID
accountLocks sync.Map `json:"-"`
globalAccountLock sync.Mutex `json:"-"`
Add telemetry to measure app durations (#878)
2023-05-19 11:42:25 +02:00
metrics telemetry.AppMetrics `json:"-"`
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
}
Feat peer groups (#304) * feat(management): add groups * squash * feat(management): add handlers for groups * feat(management): add handlers for groups * chore(management): add tests for the get group of the management * chore(management): add tests for save group
2022-05-03 16:02:51 +02:00
type StoredAccount struct{}
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config
2021-07-30 17:46:38 +02:00
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
// NewFileStore restores a store from the file located in the datadir
Add telemetry to measure app durations (#878)
2023-05-19 11:42:25 +02:00
func NewFileStore(dataDir string, metrics telemetry.AppMetrics) (*FileStore, error) {
fs, err := restore(filepath.Join(dataDir, storeFileName))
if err != nil {
return nil, err
}
fs.metrics = metrics
return fs, nil
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
// restore the state of the store from the file.
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
// Creates a new empty store file if doesn't exist
func restore(file string) (*FileStore, error) {
if _, err := os.Stat(file); os.IsNotExist(err) {
// create a new FileStore if previously didn't exist (e.g. first run)
s := &FileStore{
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
Accounts: make(map[string]*Account),
mux: sync.Mutex{},
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
globalAccountLock: sync.Mutex{},
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
SetupKeyID2AccountID: make(map[string]string),
PeerKeyID2AccountID: make(map[string]string),
UserID2AccountID: make(map[string]string),
PrivateDomain2AccountID: make(map[string]string),
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
PeerID2AccountID: make(map[string]string),
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
HashedPAT2TokenID: make(map[string]string),
TokenID2UserID: make(map[string]string),
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
storeFile: file,
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
}
err = s.persist(file)
if err != nil {
return nil, err
}
return s, nil
}
read, err := util.ReadJson(file, &FileStore{})
if err != nil {
return nil, err
}
store := read.(*FileStore)
store.storeFile = file
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
store.SetupKeyID2AccountID = make(map[string]string)
store.PeerKeyID2AccountID = make(map[string]string)
store.UserID2AccountID = make(map[string]string)
store.PrivateDomain2AccountID = make(map[string]string)
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
store.PeerID2AccountID = make(map[string]string)
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
store.HashedPAT2TokenID = make(map[string]string)
store.TokenID2UserID = make(map[string]string)
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
for accountID, account := range store.Accounts {
Add account settings (#686) Add account settings with a global peer expiration flag and duration
2023-02-13 15:07:15 +01:00
if account.Settings == nil {
account.Settings = &Settings{
PeerLoginExpirationEnabled: false,
PeerLoginExpiration: DefaultPeerLoginExpiration,
}
Add peer login expiration (#682) This PR adds a peer login expiration logic that requires peers created by a user to re-authenticate (re-login) after a certain threshold of time (24h by default). The Account object now has a PeerLoginExpiration property that indicates the duration after which a peer's login will expire and a login will be required. Defaults to 24h. There are two new properties added to the Peer object: LastLogin that indicates the last time peer successfully used the Login gRPC endpoint and LoginExpirationEnabled that enables/disables peer login expiration. The login expiration logic applies only to peers that were created by a user and not those that were added with a setup key.
2023-02-13 12:21:02 +01:00
}
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
for setupKeyId := range account.SetupKeys {
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
store.SetupKeyID2AccountID[strings.ToUpper(setupKeyId)] = accountID
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config
2021-07-30 17:46:38 +02:00
for _, peer := range account.Peers {
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
store.PeerKeyID2AccountID[peer.Key] = accountID
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
store.PeerID2AccountID[peer.ID] = accountID
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
// reset all peers to status = Disconnected
if peer.Status != nil && peer.Status.Connected {
peer.Status.Connected = false
}
Extend Management to support peer changes distribution (#55) * feature: add peer sync and a server public key endpoints * test: add Management.Sync() gRpc endpoint test * feat: implement peer sync * docs: added some comments to the Management server * chore: use for loop over channel when monitoring peer updates * fix: exit infinite loop when sending updates to peers * test: add multiple concurrent peers test for management service * chore: remove unused test * fix: reduce the amount peers for a concurrent peer update test Co-authored-by: braginini <m.bragin@wiretrustee.com>
2021-07-22 10:28:00 +02:00
}
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
for _, user := range account.Users {
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
store.UserID2AccountID[user.Id] = accountID
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
for _, pat := range user.PATs {
store.TokenID2UserID[pat.ID] = user.Id
store hashed token base64 encoded
2023-03-29 15:21:53 +02:00
store.HashedPAT2TokenID[pat.HashedToken] = pat.ID
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
}
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
if account.Domain != "" && account.DomainCategory == PrivateCategory &&
account.IsDomainPrimaryAccount {
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
store.PrivateDomain2AccountID[account.Domain] = accountID
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
}
Move dns label generation to store (#552)
2022-11-08 10:31:34 +01:00
Feat linux firewall support (#805) Update the client's engine to apply firewall rules received from the manager (results of ACL policy).
2023-05-29 16:00:18 +02:00
// TODO: delete this block after migration
Fix broken auto-generated Rego rule (#769) Default Rego policy generated from the rules in some cases is broken. This change fixes the Rego template for rules to generate policies. Also, file store load constantly regenerates policy objects from rules. It allows updating/fixing of the default Rego template during releases.
2023-04-01 12:02:08 +02:00
policies := make(map[string]int, len(account.Policies))
for i, policy := range account.Policies {
policies[policy.ID] = i
Feat linux firewall support (#805) Update the client's engine to apply firewall rules received from the manager (results of ACL policy).
2023-05-29 16:00:18 +02:00
policy.UpgradeAndFix()
Fix broken auto-generated Rego rule (#769) Default Rego policy generated from the rules in some cases is broken. This change fixes the Rego template for rules to generate policies. Also, file store load constantly regenerates policy objects from rules. It allows updating/fixing of the default Rego template during releases.
2023-04-01 12:02:08 +02:00
}
if account.Policies == nil {
Feat rego default policy (#700) Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 15:14:18 +01:00
account.Policies = make([]*Policy, 0)
Fix broken auto-generated Rego rule (#769) Default Rego policy generated from the rules in some cases is broken. This change fixes the Rego template for rules to generate policies. Also, file store load constantly regenerates policy objects from rules. It allows updating/fixing of the default Rego template during releases.
2023-04-01 12:02:08 +02:00
}
for _, rule := range account.Rules {
policy, err := RuleToPolicy(rule)
if err != nil {
log.Errorf("unable to migrate rule to policy: %v", err)
continue
}
Feat linux firewall support (#805) Update the client's engine to apply firewall rules received from the manager (results of ACL policy).
2023-05-29 16:00:18 +02:00
// don't update policies from rules, rules deprecated,
// only append not existed rules as part of the migration process
if _, ok := policies[policy.ID]; !ok {
Feat rego default policy (#700) Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 15:14:18 +01:00
account.Policies = append(account.Policies, policy)
}
}
Move dns label generation to store (#552)
2022-11-08 10:31:34 +01:00
// for data migration. Can be removed once most base will be with labels
existingLabels := account.getPeerDNSLabels()
if len(existingLabels) != len(account.Peers) {
addPeerLabelsToAccount(account, existingLabels)
}
Add network routes distribution groups (#606) Updated tests, API, and account manager methods Sync routes to peers in the distribution groups Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
JWT Groups support (#966) Get groups from the JWT tokens if the feature enabled for the account
2023-06-27 16:51:05 +02:00
// TODO: delete this block after migration
// Set API as issuer for groups which has not this field
for _, group := range account.Groups {
if group.Issued == "" {
group.Issued = GroupIssuedAPI
}
}
Add network routes distribution groups (#606) Updated tests, API, and account manager methods Sync routes to peers in the distribution groups Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
allGroup, err := account.GetGroupAll()
if err != nil {
log.Errorf("unable to find the All group, this should happen only when migrate from a version that didn't support groups. Error: %v", err)
// if the All group didn't exist we probably don't have routes to update
continue
}
for _, route := range account.Routes {
if len(route.Groups) == 0 {
route.Groups = []string{allGroup.ID}
}
}
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
// migration to Peer.ID from Peer.Key.
// Old peers that require migration have an empty Peer.ID in the store.json.
// Generate new ID with xid for these peers.
// Set the Peer.ID to the newly generated value.
// Replace all the mentions of Peer.Key as ID (groups and routes).
// Swap Peer.Key with Peer.ID in the Account.Peers map.
migrationPeers := make(map[string]*Peer) // key to Peer
for key, peer := range account.Peers {
Use global login expiration setting when sending network map (#731) Peers were considered expired and not sent to remote peers when global expiration was disabled.
2023-03-09 11:24:42 +01:00
// set LastLogin for the peers that were onboarded before the peer login expiration feature
if peer.LastLogin.IsZero() {
use UTC everywhere in server
2023-04-03 15:09:35 +02:00
peer.LastLogin = time.Now().UTC()
Use global login expiration setting when sending network map (#731) Peers were considered expired and not sent to remote peers when global expiration was disabled.
2023-03-09 11:24:42 +01:00
}
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
if peer.ID != "" {
continue
}
id := xid.New().String()
peer.ID = id
migrationPeers[key] = peer
}
if len(migrationPeers) > 0 {
// swap Peer.Key with Peer.ID in the Account.Peers map.
for key, peer := range migrationPeers {
delete(account.Peers, key)
account.Peers[peer.ID] = peer
store.PeerID2AccountID[peer.ID] = accountID
}
// detect groups that have Peer.Key as a reference and replace it with ID.
for _, group := range account.Groups {
for i, peer := range group.Peers {
if p, ok := migrationPeers[peer]; ok {
group.Peers[i] = p.ID
}
}
}
Feat rego default policy (#700) Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 15:14:18 +01:00
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
// detect routes that have Peer.Key as a reference and replace it with ID.
for _, route := range account.Routes {
if peer, ok := migrationPeers[route.Peer]; ok {
route.Peer = peer.ID
}
}
}
Extend Management to support peer changes distribution (#55) * feature: add peer sync and a server public key endpoints * test: add Management.Sync() gRpc endpoint test * feat: implement peer sync * docs: added some comments to the Management server * chore: use for loop over channel when monitoring peer updates * fix: exit infinite loop when sending updates to peers * test: add multiple concurrent peers test for management service * chore: remove unused test * fix: reduce the amount peers for a concurrent peer update test Co-authored-by: braginini <m.bragin@wiretrustee.com>
2021-07-22 10:28:00 +02:00
}
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
// we need this persist to apply changes we made to account.Peers (we set them to Disconnected)
err = store.persist(store.storeFile)
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
if err != nil {
return nil, err
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
return store, nil
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
// persist account data to a file
// It is recommended to call it with locking FileStore.mux
func (s *FileStore) persist(file string) error {
Add telemetry to measure app durations (#878)
2023-05-19 11:42:25 +02:00
start := time.Now()
err := util.WriteJson(file, s)
if err != nil {
return err
}
took := time.Since(start)
if s.metrics != nil {
s.metrics.StoreMetrics().CountPersistenceDuration(took)
}
log.Debugf("took %d ms to persist the FileStore", took.Milliseconds())
return nil
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
}
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
// AcquireGlobalLock acquires global lock across all the accounts and returns a function that releases the lock
func (s *FileStore) AcquireGlobalLock() (unlock func()) {
log.Debugf("acquiring global lock")
remove UTC from some not store related operations
2023-04-10 10:54:23 +02:00
start := time.Now()
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
s.globalAccountLock.Lock()
unlock = func() {
s.globalAccountLock.Unlock()
log.Debugf("released global lock in %v", time.Since(start))
}
Add telemetry to measure app durations (#878)
2023-05-19 11:42:25 +02:00
took := time.Since(start)
log.Debugf("took %v to acquire global lock", took)
if s.metrics != nil {
s.metrics.StoreMetrics().CountGlobalLockAcquisitionDuration(took)
}
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
return unlock
}
// AcquireAccountLock acquires account lock and returns a function that releases the lock
func (s *FileStore) AcquireAccountLock(accountID string) (unlock func()) {
log.Debugf("acquiring lock for account %s", accountID)
remove UTC from some not store related operations
2023-04-10 10:54:23 +02:00
start := time.Now()
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
value, _ := s.accountLocks.LoadOrStore(accountID, &sync.Mutex{})
mtx := value.(*sync.Mutex)
mtx.Lock()
unlock = func() {
mtx.Unlock()
log.Debugf("released lock for account %s in %v", accountID, time.Since(start))
}
return unlock
}
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config
2021-07-30 17:46:38 +02:00
func (s *FileStore) SaveAccount(account *Account) error {
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
s.mux.Lock()
defer s.mux.Unlock()
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
accountCopy := account.Copy()
s.Accounts[accountCopy.Id] = accountCopy
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
// todo check that account.Id and keyId are not exist already
// because if keyId exists for other accounts this can be bad
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
for keyID := range accountCopy.SetupKeys {
s.SetupKeyID2AccountID[strings.ToUpper(keyID)] = accountCopy.Id
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
}
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
// enforce peer to account index and delete peer to route indexes for rebuild
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
for _, peer := range accountCopy.Peers {
s.PeerKeyID2AccountID[peer.Key] = accountCopy.Id
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
s.PeerID2AccountID[peer.ID] = accountCopy.Id
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
for _, user := range accountCopy.Users {
s.UserID2AccountID[user.Id] = accountCopy.Id
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
for _, pat := range user.PATs {
s.TokenID2UserID[pat.ID] = user.Id
store hashed token base64 encoded
2023-03-29 15:21:53 +02:00
s.HashedPAT2TokenID[pat.HashedToken] = pat.ID
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
}
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
if accountCopy.DomainCategory == PrivateCategory && accountCopy.IsDomainPrimaryAccount {
s.PrivateDomain2AccountID[accountCopy.Domain] = accountCopy.Id
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
}
Rollback simple ACL rules processing. (#803)
2023-04-12 09:39:17 +02:00
accountCopy.Rules = make(map[string]*Rule)
Don't drop Rules from file storage after migration to Policies (#741) Rego policy migration clears the rules property of the file storage, but it does not allow rollback management upgrade, so this changes pre-saves rules in the file store and updates it from the policies.
2023-03-15 06:42:40 +01:00
for _, policy := range accountCopy.Policies {
for _, rule := range policy.Rules {
accountCopy.Rules[rule.ID] = rule.ToRule()
}
}
Feat peer groups (#304) * feat(management): add groups * squash * feat(management): add handlers for groups * feat(management): add handlers for groups * chore(management): add tests for the get group of the management * chore(management): add tests for save group
2022-05-03 16:02:51 +02:00
return s.persist(s.storeFile)
Improve addition of new peers in Management service. (#56) * Store refactoring * Improve addition of new peers in Management service.
2021-07-18 20:51:09 +02:00
}
Extend Management to support peer changes distribution (#55) * feature: add peer sync and a server public key endpoints * test: add Management.Sync() gRpc endpoint test * feat: implement peer sync * docs: added some comments to the Management server * chore: use for loop over channel when monitoring peer updates * fix: exit infinite loop when sending updates to peers * test: add multiple concurrent peers test for management service * chore: remove unused test * fix: reduce the amount peers for a concurrent peer update test Co-authored-by: braginini <m.bragin@wiretrustee.com>
2021-07-22 10:28:00 +02:00
add function comments, implement account mock functions and added error handling in tests
2023-03-20 16:38:17 +01:00
// DeleteHashedPAT2TokenIDIndex removes an entry from the indexing map HashedPAT2TokenID
switch PATs to map and add deletion
2023-03-20 16:14:55 +01:00
func (s *FileStore) DeleteHashedPAT2TokenIDIndex(hashedToken string) error {
s.mux.Lock()
defer s.mux.Unlock()
delete(s.HashedPAT2TokenID, hashedToken)
Do not persist filestore when deleting indices As both TokenID2UserID and HashedPAT2TokenID are in-memory indices and not stored in the file.
2023-07-17 11:46:10 +02:00
return nil
switch PATs to map and add deletion
2023-03-20 16:14:55 +01:00
}
add function comments, implement account mock functions and added error handling in tests
2023-03-20 16:38:17 +01:00
// DeleteTokenID2UserIDIndex removes an entry from the indexing map TokenID2UserID
switch PATs to map and add deletion
2023-03-20 16:14:55 +01:00
func (s *FileStore) DeleteTokenID2UserIDIndex(tokenID string) error {
s.mux.Lock()
defer s.mux.Unlock()
delete(s.TokenID2UserID, tokenID)
Do not persist filestore when deleting indices As both TokenID2UserID and HashedPAT2TokenID are in-memory indices and not stored in the file.
2023-07-17 11:46:10 +02:00
return nil
switch PATs to map and add deletion
2023-03-20 16:14:55 +01:00
}
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
// GetAccountByPrivateDomain returns account by private domain
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
func (s *FileStore) GetAccountByPrivateDomain(domain string) (*Account, error) {
Always lock the store when getting an account (#551)
2022-11-07 19:09:22 +01:00
s.mux.Lock()
defer s.mux.Unlock()
use "ok" convention for check variables throughout files_store
2023-03-21 14:00:59 +01:00
accountID, ok := s.PrivateDomain2AccountID[strings.ToLower(domain)]
if !ok {
Replace gRPC errors in business logic with internal ones (#558)
2022-11-11 20:36:45 +01:00
return nil, status.Errorf(status.NotFound, "account not found: provided domain is not registered or is not private")
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
}
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
account, err := s.getAccount(accountID)
if err != nil {
return nil, err
}
return account.Copy(), nil
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com>
2022-03-01 15:22:18 +01:00
}
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
// GetAccountBySetupKey returns account by setup key id
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config
2021-07-30 17:46:38 +02:00
func (s *FileStore) GetAccountBySetupKey(setupKey string) (*Account, error) {
Always lock the store when getting an account (#551)
2022-11-07 19:09:22 +01:00
s.mux.Lock()
defer s.mux.Unlock()
use "ok" convention for check variables throughout files_store
2023-03-21 14:00:59 +01:00
accountID, ok := s.SetupKeyID2AccountID[strings.ToUpper(setupKey)]
if !ok {
Replace gRPC errors in business logic with internal ones (#558)
2022-11-11 20:36:45 +01:00
return nil, status.Errorf(status.NotFound, "account not found: provided setup key doesn't exists")
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config
2021-07-30 17:46:38 +02:00
}
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
account, err := s.getAccount(accountID)
if err != nil {
return nil, err
}
return account.Copy(), nil
Delete peer (#114) * feature: add peer deletion * feature: add peer deletion [CLIENT] * fix: lint error * test: fix sync block * test: fix management test * feature: add client stop after was deleted * chore: remove permission denied cancellation * chore: add larger signal backoff * feature: notify deleted peer of removal * fix: lint issue * chore: add 2nd default key - one off * test: fix account key check
2021-09-07 18:36:46 +02:00
}
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config
2021-07-30 17:46:38 +02:00
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
// GetTokenIDByHashedToken returns the id of a personal access token by its hashed secret
func (s *FileStore) GetTokenIDByHashedToken(token string) (string, error) {
s.mux.Lock()
defer s.mux.Unlock()
use "ok" convention for check variables throughout files_store
2023-03-21 14:00:59 +01:00
tokenID, ok := s.HashedPAT2TokenID[token]
if !ok {
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
return "", status.Errorf(status.NotFound, "tokenID not found: provided token doesn't exists")
}
remove debug logs
2023-03-29 18:23:10 +02:00
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
return tokenID, nil
}
// GetUserByTokenID returns a User object a tokenID belongs to
func (s *FileStore) GetUserByTokenID(tokenID string) (*User, error) {
s.mux.Lock()
defer s.mux.Unlock()
use "ok" convention for check variables throughout files_store
2023-03-21 14:00:59 +01:00
userID, ok := s.TokenID2UserID[tokenID]
if !ok {
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
return nil, status.Errorf(status.NotFound, "user not found: provided tokenID doesn't exists")
}
remove debug logs
2023-03-29 18:23:10 +02:00
use "ok" convention for check variables throughout files_store
2023-03-21 14:00:59 +01:00
accountID, ok := s.UserID2AccountID[userID]
if !ok {
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
return nil, status.Errorf(status.NotFound, "accountID not found: provided userID doesn't exists")
}
remove debug logs
2023-03-29 18:23:10 +02:00
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
account, err := s.getAccount(accountID)
if err != nil {
return nil, err
}
return account.Users[userID].Copy(), nil
}
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
// GetAllAccounts returns all accounts
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
func (s *FileStore) GetAllAccounts() (all []*Account) {
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
s.mux.Lock()
defer s.mux.Unlock()
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
for _, a := range s.Accounts {
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
all = append(all, a.Copy())
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
}
return all
}
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
// getAccount returns a reference to the Account. Should not return a copy.
Always lock the store when getting an account (#551)
2022-11-07 19:09:22 +01:00
func (s *FileStore) getAccount(accountID string) (*Account, error) {
use "ok" convention for check variables throughout files_store
2023-03-21 14:00:59 +01:00
account, ok := s.Accounts[accountID]
if !ok {
Replace gRPC errors in business logic with internal ones (#558)
2022-11-11 20:36:45 +01:00
return nil, status.Errorf(status.NotFound, "account not found")
Extend Management to support peer changes distribution (#55) * feature: add peer sync and a server public key endpoints * test: add Management.Sync() gRpc endpoint test * feat: implement peer sync * docs: added some comments to the Management server * chore: use for loop over channel when monitoring peer updates * fix: exit infinite loop when sending updates to peers * test: add multiple concurrent peers test for management service * chore: remove unused test * fix: reduce the amount peers for a concurrent peer update test Co-authored-by: braginini <m.bragin@wiretrustee.com>
2021-07-22 10:28:00 +02:00
}
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config
2021-07-30 17:46:38 +02:00
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
return account, nil
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config
2021-07-30 17:46:38 +02:00
}
Always lock the store when getting an account (#551)
2022-11-07 19:09:22 +01:00
// GetAccount returns an account for ID
func (s *FileStore) GetAccount(accountID string) (*Account, error) {
s.mux.Lock()
defer s.mux.Unlock()
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
account, err := s.getAccount(accountID)
if err != nil {
return nil, err
}
return account.Copy(), nil
Always lock the store when getting an account (#551)
2022-11-07 19:09:22 +01:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
// GetAccountByUser returns a user account
func (s *FileStore) GetAccountByUser(userID string) (*Account, error) {
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
s.mux.Lock()
defer s.mux.Unlock()
use "ok" convention for check variables throughout files_store
2023-03-21 14:00:59 +01:00
accountID, ok := s.UserID2AccountID[userID]
if !ok {
Replace gRPC errors in business logic with internal ones (#558)
2022-11-11 20:36:45 +01:00
return nil, status.Errorf(status.NotFound, "account not found")
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
}
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
account, err := s.getAccount(accountID)
if err != nil {
return nil, err
}
return account.Copy(), nil
Refactor: support multiple users under the same account (#170) * feature: add User entity to Account * test: new file store creation test * test: add FileStore persist-restore tests * test: add GetOrCreateAccountByUser Accountmanager test * refactor: rename account manager users file * refactor: use userId instead of accountId when handling Management HTTP API * fix: new account creation for every request * fix: golint * chore: add account creator to Account Entity to identify who created the account. * chore: use xid ID generator for account IDs * fix: test failures * test: check that CreatedBy is stored when account is stored * chore: add account copy method * test: remove test for non existent GetOrCreateAccount func * chore: add accounts conversion function * fix: golint * refactor: simplify admin user creation * refactor: move migration script to a separate package
2021-12-27 13:17:15 +01:00
}
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
// GetAccountByPeerID returns an account for a given peer ID
func (s *FileStore) GetAccountByPeerID(peerID string) (*Account, error) {
s.mux.Lock()
defer s.mux.Unlock()
use "ok" convention for check variables throughout files_store
2023-03-21 14:00:59 +01:00
accountID, ok := s.PeerID2AccountID[peerID]
if !ok {
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
return nil, status.Errorf(status.NotFound, "provided peer ID doesn't exists %s", peerID)
}
account, err := s.getAccount(accountID)
if err != nil {
return nil, err
}
Remove stale peer indices when getting peer by key after removing (#711) When we delete a peer from an account, we save the account in the file store. The file store maintains peerID -> accountID and peerKey -> accountID indices. Those can't be updated when we delete a peer because the store saves the whole account without a peer already and has no access to the removed peer. In this PR, we dynamically check if there are stale indices when GetAccountByPeerPubKey and GetAccountByPeerID.
2023-03-01 12:11:32 +01:00
// this protection is needed because when we delete a peer, we don't really remove index peerID -> accountID.
// check Account.Peers for a match
if _, ok := account.Peers[peerID]; !ok {
delete(s.PeerID2AccountID, peerID)
log.Warnf("removed stale peerID %s to accountID %s index", peerID, accountID)
return nil, status.Errorf(status.NotFound, "provided peer doesn't exists %s", peerID)
}
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
return account.Copy(), nil
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
// GetAccountByPeerPubKey returns an account for a given peer WireGuard public key
func (s *FileStore) GetAccountByPeerPubKey(peerKey string) (*Account, error) {
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
s.mux.Lock()
defer s.mux.Unlock()
use "ok" convention for check variables throughout files_store
2023-03-21 14:00:59 +01:00
accountID, ok := s.PeerKeyID2AccountID[peerKey]
if !ok {
Replace gRPC errors in business logic with internal ones (#558)
2022-11-11 20:36:45 +01:00
return nil, status.Errorf(status.NotFound, "provided peer key doesn't exists %s", peerKey)
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
}
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
account, err := s.getAccount(accountID)
if err != nil {
return nil, err
}
Remove stale peer indices when getting peer by key after removing (#711) When we delete a peer from an account, we save the account in the file store. The file store maintains peerID -> accountID and peerKey -> accountID indices. Those can't be updated when we delete a peer because the store saves the whole account without a peer already and has no access to the removed peer. In this PR, we dynamically check if there are stale indices when GetAccountByPeerPubKey and GetAccountByPeerID.
2023-03-01 12:11:32 +01:00
// this protection is needed because when we delete a peer, we don't really remove index peerKey -> accountID.
// check Account.Peers for a match
stale := true
for _, peer := range account.Peers {
if peer.Key == peerKey {
stale = false
break
}
}
if stale {
delete(s.PeerKeyID2AccountID, peerKey)
log.Warnf("removed stale peerKey %s to accountID %s index", peerKey, accountID)
return nil, status.Errorf(status.NotFound, "provided peer doesn't exists %s", peerKey)
}
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
return account.Copy(), nil
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
}
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
// GetInstallationID returns the installation ID from the store
func (s *FileStore) GetInstallationID() string {
return s.InstallationID
}
// SaveInstallationID saves the installation ID
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
func (s *FileStore) SaveInstallationID(ID string) error {
s.mux.Lock()
defer s.mux.Unlock()
s.InstallationID = ID
return s.persist(s.storeFile)
}
// SavePeerStatus stores the PeerStatus in memory. It doesn't attempt to persist data to speed up things.
// PeerStatus will be saved eventually when some other changes occur.
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
func (s *FileStore) SavePeerStatus(accountID, peerID string, peerStatus PeerStatus) error {
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
s.mux.Lock()
defer s.mux.Unlock()
account, err := s.getAccount(accountID)
if err != nil {
return err
}
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
peer := account.Peers[peerID]
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
if peer == nil {
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
return status.Errorf(status.NotFound, "peer %s not found", peerID)
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
}
peer.Status = &peerStatus
return nil
}
// Close the FileStore persisting data to disk
func (s *FileStore) Close() error {
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
s.mux.Lock()
defer s.mux.Unlock()
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
log.Infof("closing FileStore")
Add anonymous usage metrics collection (#508) This will help us understand usage on self-hosted deployments The collection may be disabled by using the flag --disable-anonymous-metrics or NETBIRD_DISABLE_ANONYMOUS_METRICS in setup.env
2022-10-16 13:33:46 +02:00
return s.persist(s.storeFile)
}
Reference in New Issue Copy Permalink