extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-11-26 18:13:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
6f0fd1d1b3
netbird/client/internal/config.go

561 lines
18 KiB
Go
Raw Normal View History

Peer management login (#83) * feature: replace RegisterPeer with Login method that does both - registration and login * test: add management login test * feature: add WiretrusteeConfig to the Login response to configure peer global config * feature: add client peer login support * fix: missing parts * chore: update go deps * feature: support Management Service gRPC endpoints [CLIENT] * feature: finalize client sync with management * fix: management store peer key lower case restore * fix: management returns peer ip without a mask * refactor: remove cmd pkg * fix: invalid tun interface name on mac * fix: timeout when calling management client * fix: tests and lint errors * fix: golang-test workflow * fix: client service tests * fix: iface build * feature: detect management scheme on startup * chore: better logs for management * fix: goreleaser * fix: lint errors * fix: signal TLS * fix: direct Wireguard connection * chore: verbose logging on direct connection
2021-08-15 16:56:26 +02:00
package internal
import (
Update cloud management URL to https://api.netbird.io:443 (#1402) With this change we are updating client configuration files to use the new domain
2023-12-27 20:56:04 +01:00
"context"
[client] Add mTLS support for SSO login (#2188) * Add mTLS support for SSO login * Refactor variable to follow Go naming conventions --------- Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-08-13 17:07:44 +02:00
"crypto/tls"
add wiretrustee LOGIN command (#90) * feature: add wiretrustee LOGIN command * chore: add management initial connection timeout * test: add login cmd test * test: validate generated config in login cmd * test: add up command test * chore: add timeout to signal client creation method * test: close wireguard interface once test finished
2021-08-18 13:35:42 +02:00
"fmt"
External NAT IP mapping support (#487) * External NAT IP mapping support * Ignore blacklisted interfaces, even if in user specified in mapping
2022-11-23 08:42:12 +01:00
"net/url"
"os"
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
"reflect"
Enable network monitoring for Windows and macOS clients (#2126) * Enable network monitoring by default for Windows and Darwin * Enable network monitoring by default on Windows and macOS * fix merge * Prevent updating config if no changes
2024-06-13 17:47:25 +02:00
"runtime"
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
"strings"
Release 0.28.0 (#2092) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package * Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
2024-06-13 13:24:24 +02:00
"time"
External NAT IP mapping support (#487) * External NAT IP mapping support * Ignore blacklisted interfaces, even if in user specified in mapping
2022-11-23 08:42:12 +01:00
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
log "github.com/sirupsen/logrus"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
Client Login via device authorization flow (#309) UI and CLI Clients are now able to use SSO login by default we will check if the management has configured or supports SSO providers daemon will handle fetching and waiting for an access token Oauth package was moved to internal to avoid one extra package at this stage Secrets were removed from OAuth CLI clients have less and better output 2 new status were introduced, NeedsLogin and FailedLogin for better messaging With NeedsLogin we no longer have endless login attempts
2022-05-12 11:17:24 +02:00
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
Release 0.28.0 (#2092) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package * Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
2024-06-13 13:24:24 +02:00
"github.com/netbirdio/netbird/client/internal/routemanager/dynamic"
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
"github.com/netbirdio/netbird/client/ssh"
"github.com/netbirdio/netbird/iface"
Update cloud management URL to https://api.netbird.io:443 (#1402) With this change we are updating client configuration files to use the new domain
2023-12-27 20:56:04 +01:00
mgm "github.com/netbirdio/netbird/management/client"
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
"github.com/netbirdio/netbird/util"
Peer management login (#83) * feature: replace RegisterPeer with Login method that does both - registration and login * test: add management login test * feature: add WiretrusteeConfig to the Login response to configure peer global config * feature: add client peer login support * fix: missing parts * chore: update go deps * feature: support Management Service gRPC endpoints [CLIENT] * feature: finalize client sync with management * fix: management store peer key lower case restore * fix: management returns peer ip without a mask * refactor: remove cmd pkg * fix: invalid tun interface name on mac * fix: timeout when calling management client * fix: tests and lint errors * fix: golang-test workflow * fix: client service tests * fix: iface build * feature: detect management scheme on startup * chore: better logs for management * fix: goreleaser * fix: lint errors * fix: signal TLS * fix: direct Wireguard connection * chore: verbose logging on direct connection
2021-08-15 16:56:26 +02:00
)
Refactor Management and Admin URL config (#674) avoid sending admin or management URLs on service start as it doesn't have an input Parse management and admin URL when needed Pass empty admin url on commands to prevent default overwrite
2023-02-07 11:40:05 +01:00
const (
Update cloud management URL to https://api.netbird.io:443 (#1402) With this change we are updating client configuration files to use the new domain
2023-12-27 20:56:04 +01:00
// managementLegacyPortString is the port that was used before by the Management gRPC server.
Refactor Management and Admin URL config (#674) avoid sending admin or management URLs on service start as it doesn't have an input Parse management and admin URL when needed Pass empty admin url on commands to prevent default overwrite
2023-02-07 11:40:05 +01:00
// It is used for backward compatibility now.
// NB: hardcoded from github.com/netbirdio/netbird/management/cmd to avoid import
Update cloud management URL to https://api.netbird.io:443 (#1402) With this change we are updating client configuration files to use the new domain
2023-12-27 20:56:04 +01:00
managementLegacyPortString = "33073"
Refactor Management and Admin URL config (#674) avoid sending admin or management URLs on service start as it doesn't have an input Parse management and admin URL when needed Pass empty admin url on commands to prevent default overwrite
2023-02-07 11:40:05 +01:00
// DefaultManagementURL points to the NetBird's cloud management endpoint
Update cloud management URL to https://api.netbird.io:443 (#1402) With this change we are updating client configuration files to use the new domain
2023-12-27 20:56:04 +01:00
DefaultManagementURL = "https://api.netbird.io:443"
// oldDefaultManagementURL points to the NetBird's old cloud management endpoint
oldDefaultManagementURL = "https://api.wiretrustee.com:443"
Refactor Management and Admin URL config (#674) avoid sending admin or management URLs on service start as it doesn't have an input Parse management and admin URL when needed Pass empty admin url on commands to prevent default overwrite
2023-02-07 11:40:05 +01:00
// DefaultAdminURL points to NetBird's cloud management console
DefaultAdminURL = "https://app.netbird.io:443"
)
Adding --external-ip-map and --dns-resolver-address and shorthand flags (#652) Adding --external-ip-map and --dns-resolver-address to up command and shorthand option to global flags. Refactor get and read config functions with new ConfigInput type. updated cobra package to latest release.
2023-01-17 19:16:50 +01:00
support to configure extra blacklist of iface in "up" command (#1734) Support to configure extra blacklist of iface in "up" command
2024-03-28 09:56:41 +01:00
var defaultInterfaceBlacklist = []string{
iface.WgInterfaceDefault, "wt", "utun", "tun0", "zt", "ZeroTier", "wg", "ts",
"Tailscale", "tailscale", "docker", "veth", "br-", "lo",
}
Adding --external-ip-map and --dns-resolver-address and shorthand flags (#652) Adding --external-ip-map and --dns-resolver-address to up command and shorthand option to global flags. Refactor get and read config functions with new ConfigInput type. updated cobra package to latest release.
2023-01-17 19:16:50 +01:00
Use configuration input struct (#645) As we will be passing more flags to configure local agents, we need a more flexible type
2023-01-08 12:57:28 +01:00
// ConfigInput carries configuration changes to the client
type ConfigInput struct {
Add permissive mode to rosenpass (#1599) * add rosenpass-permissive flag * Clarify rosenpass-permissive flag message Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-02-21 17:23:17 +01:00
ManagementURL string
AdminURL string
ConfigPath string
PreSharedKey *string
ServerSSHAllowed *bool
NATExternalIPs []string
CustomDNSAddress []byte
RosenpassEnabled *bool
RosenpassPermissive *bool
InterfaceName *string
WireguardPort *int
Monitor network changes and restart engine on detection (#1904)
2024-05-07 18:50:34 +02:00
NetworkMonitor *bool
Add permissive mode to rosenpass (#1599) * add rosenpass-permissive flag * Clarify rosenpass-permissive flag message Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-02-21 17:23:17 +01:00
DisableAutoConnect *bool
support to configure extra blacklist of iface in "up" command (#1734) Support to configure extra blacklist of iface in "up" command
2024-03-28 09:56:41 +01:00
ExtraIFaceBlackList []string
Release 0.28.0 (#2092) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package * Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
2024-06-13 13:24:24 +02:00
DNSRouteInterval *time.Duration
[client] Add mTLS support for SSO login (#2188) * Add mTLS support for SSO login * Refactor variable to follow Go naming conventions --------- Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-08-13 17:07:44 +02:00
ClientCertPath string
ClientCertKeyPath string
Use configuration input struct (#645) As we will be passing more flags to configure local agents, we need a more flexible type
2023-01-08 12:57:28 +01:00
}
Peer management login (#83) * feature: replace RegisterPeer with Login method that does both - registration and login * test: add management login test * feature: add WiretrusteeConfig to the Login response to configure peer global config * feature: add client peer login support * fix: missing parts * chore: update go deps * feature: support Management Service gRPC endpoints [CLIENT] * feature: finalize client sync with management * fix: management store peer key lower case restore * fix: management returns peer ip without a mask * refactor: remove cmd pkg * fix: invalid tun interface name on mac * fix: timeout when calling management client * fix: tests and lint errors * fix: golang-test workflow * fix: client service tests * fix: iface build * feature: detect management scheme on startup * chore: better logs for management * fix: goreleaser * fix: lint errors * fix: signal TLS * fix: direct Wireguard connection * chore: verbose logging on direct connection
2021-08-15 16:56:26 +02:00
// Config Configuration type
type Config struct {
// Wireguard private key of local peer
Enable IPv6 address discovery (#578) Agents will use IPv6 when available for ICE negotiation
2022-11-23 11:03:29 +01:00
PrivateKey string
PreSharedKey string
ManagementURL *url.URL
AdminURL *url.URL
WgIface string
WgPort int
Enable network monitoring for Windows and macOS clients (#2126) * Enable network monitoring by default for Windows and Darwin * Enable network monitoring by default on Windows and macOS * fix merge * Prevent updating config if no changes
2024-06-13 17:47:25 +02:00
NetworkMonitor *bool
Enable IPv6 address discovery (#578) Agents will use IPv6 when available for ICE negotiation
2022-11-23 11:03:29 +01:00
IFaceBlackList []string
DisableIPv6Discovery bool
Integrate Rosenpass (#1153) This PR aims to integrate Rosenpass with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the cunicu/go-rosenpass implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection. The Feature can be enabled by setting a flag during the netbird up --enable-rosenpass command. If two peers are both support and have the Rosenpass feature enabled they will create a post-quantum secure connection. If one of the peers or both don't have this feature enabled or are running an older version that does not have this feature yet, the NetBird client will fall back to a plain Wireguard connection without pre-shared keys for those connections (keeping Rosenpass negotiation for the rest). Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration. --------- Co-authored-by: braginini <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-01-08 12:25:35 +01:00
RosenpassEnabled bool
Add permissive mode to rosenpass (#1599) * add rosenpass-permissive flag * Clarify rosenpass-permissive flag message Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-02-21 17:23:17 +01:00
RosenpassPermissive bool
Disable SSH server by default on client side and add the flag --allow-server-ssh to enable it (#1508) This changes the default behavior for new peers, by requiring the agent to be executed with allow-server-ssh set to true in order for the management configuration to take effect.
2024-02-20 11:13:27 +01:00
ServerSSHAllowed *bool
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
// SSHKey is a private SSH key in a PEM format
Add permissive mode to rosenpass (#1599) * add rosenpass-permissive flag * Clarify rosenpass-permissive flag message Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-02-21 17:23:17 +01:00
SSHKey string
External NAT IP mapping support (#487) * External NAT IP mapping support * Ignore blacklisted interfaces, even if in user specified in mapping
2022-11-23 08:42:12 +01:00
Add support for setting interface name and wireguard port (#1467) This PR adds support for setting the wireguard interface name and port with the netbird up command
2024-01-15 15:53:23 +01:00
// ExternalIP mappings, if different from the host interface IP
External NAT IP mapping support (#487) * External NAT IP mapping support * Ignore blacklisted interfaces, even if in user specified in mapping
2022-11-23 08:42:12 +01:00
//
// External IP must not be behind a CGNAT and port-forwarding for incoming UDP packets from WgPort on ExternalIP
// to WgPort on host interface IP must be present. This can take form of single port-forwarding rule, 1:1 DNAT
// mapping ExternalIP to host interface IP, or a NAT DMZ to host interface IP.
//
// A single mapping will take the form of: external[/internal]
// external (required): either the external IP address or "stun" to use STUN to determine the external IP address
// internal (optional): either the internal/interface IP address or an interface name
//
// examples:
// "12.34.56.78" => all interfaces IPs will be mapped to external IP of 12.34.56.78
// "12.34.56.78/eth0" => IPv4 assigned to interface eth0 will be mapped to external IP of 12.34.56.78
// "12.34.56.78/10.1.2.3" => interface IP 10.1.2.3 will be mapped to external IP of 12.34.56.78
Add permissive mode to rosenpass (#1599) * add rosenpass-permissive flag * Clarify rosenpass-permissive flag message Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-02-21 17:23:17 +01:00
NATExternalIPs []string
Adding --external-ip-map and --dns-resolver-address and shorthand flags (#652) Adding --external-ip-map and --dns-resolver-address to up command and shorthand option to global flags. Refactor get and read config functions with new ConfigInput type. updated cobra package to latest release.
2023-01-17 19:16:50 +01:00
// CustomDNSAddress sets the DNS resolver listening address in format ip:port
Add permissive mode to rosenpass (#1599) * add rosenpass-permissive flag * Clarify rosenpass-permissive flag message Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-02-21 17:23:17 +01:00
CustomDNSAddress string
feat: add --disable-auto-connectflag to prevent auto connection after daemon service start (fixes #444, fixes #1382) (#1161) With these changes, the command up supports the flag --disable-auto-connect that allows users to disable auto connection on the client after a computer restart or when the daemon restarts.
2024-02-20 10:10:05 +01:00
// DisableAutoConnect determines whether the client should not start with the service
// it's set to false by default due to backwards compatibility
DisableAutoConnect bool
Release 0.28.0 (#2092) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package * Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
2024-06-13 13:24:24 +02:00
// DNSRouteInterval is the interval in which the DNS routes are updated
DNSRouteInterval time.Duration
[client] Add mTLS support for SSO login (#2188) * Add mTLS support for SSO login * Refactor variable to follow Go naming conventions --------- Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-08-13 17:07:44 +02:00
//Path to a certificate used for mTLS authentication
ClientCertPath string
//Path to corresponding private key of ClientCertPath
ClientCertKeyPath string
ClientCertKeyPair *tls.Certificate `json:"-"`
Peer management login (#83) * feature: replace RegisterPeer with Login method that does both - registration and login * test: add management login test * feature: add WiretrusteeConfig to the Login response to configure peer global config * feature: add client peer login support * fix: missing parts * chore: update go deps * feature: support Management Service gRPC endpoints [CLIENT] * feature: finalize client sync with management * fix: management store peer key lower case restore * fix: management returns peer ip without a mask * refactor: remove cmd pkg * fix: invalid tun interface name on mac * fix: timeout when calling management client * fix: tests and lint errors * fix: golang-test workflow * fix: client service tests * fix: iface build * feature: detect management scheme on startup * chore: better logs for management * fix: goreleaser * fix: lint errors * fix: signal TLS * fix: direct Wireguard connection * chore: verbose logging on direct connection
2021-08-15 16:56:26 +02:00
}
Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework
2023-03-17 10:37:27 +01:00
// ReadConfig read config file and return with Config. If it is not exists create a new with default values
func ReadConfig(configPath string) (*Config, error) {
if configFileIsExists(configPath) {
[client] Enforce permissions on Win (#2568) Enforce folder permission on Windows, giving only administrators and system access to the NetBird folder.
2024-09-16 22:42:37 +02:00
err := util.EnforcePermission(configPath)
if err != nil {
log.Errorf("failed to enforce permission on config dir: %v", err)
}
Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework
2023-03-17 10:37:27 +01:00
config := &Config{}
if _, err := util.ReadJson(configPath, config); err != nil {
return nil, err
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
// initialize through apply() without changes
if changed, err := config.apply(ConfigInput{}); err != nil {
return nil, err
} else if changed {
if err = WriteOutConfig(configPath, config); err != nil {
return nil, err
}
}
Disable SSH server by default on client side and add the flag --allow-server-ssh to enable it (#1508) This changes the default behavior for new peers, by requiring the agent to be executed with allow-server-ssh set to true in order for the management configuration to take effect.
2024-02-20 11:13:27 +01:00
Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework
2023-03-17 10:37:27 +01:00
return config, nil
}
cfg, err := createNewConfig(ConfigInput{ConfigPath: configPath})
if err != nil {
return nil, err
}
err = WriteOutConfig(configPath, cfg)
return cfg, err
}
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
// UpdateConfig update existing configuration according to input configuration and return with the configuration
func UpdateConfig(input ConfigInput) (*Config, error) {
if !configFileIsExists(input.ConfigPath) {
return nil, status.Errorf(codes.NotFound, "config file doesn't exist")
}
return update(input)
}
// UpdateOrCreateConfig reads existing config or generates a new one
func UpdateOrCreateConfig(input ConfigInput) (*Config, error) {
if !configFileIsExists(input.ConfigPath) {
log.Infof("generating new config %s", input.ConfigPath)
Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework
2023-03-17 10:37:27 +01:00
cfg, err := createNewConfig(input)
if err != nil {
return nil, err
}
[client] Enforce permissions on Win (#2568) Enforce folder permission on Windows, giving only administrators and system access to the NetBird folder.
2024-09-16 22:42:37 +02:00
err = util.WriteJsonWithRestrictedPermission(input.ConfigPath, cfg)
Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework
2023-03-17 10:37:27 +01:00
return cfg, err
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
}
if isPreSharedKeyHidden(input.PreSharedKey) {
input.PreSharedKey = nil
}
[client] Enforce permissions on Win (#2568) Enforce folder permission on Windows, giving only administrators and system access to the NetBird folder.
2024-09-16 22:42:37 +02:00
err := util.EnforcePermission(input.ConfigPath)
if err != nil {
log.Errorf("failed to enforce permission on config dir: %v", err)
}
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
return update(input)
}
Mobile (#735) Initial modification to support mobile client Export necessary interfaces for Android framework
2023-03-17 10:37:27 +01:00
// CreateInMemoryConfig generate a new config but do not write out it to the store
func CreateInMemoryConfig(input ConfigInput) (*Config, error) {
return createNewConfig(input)
}
// WriteOutConfig write put the prepared config to the given path
func WriteOutConfig(path string, config *Config) error {
return util.WriteJson(path, config)
}
Add Settings window to Agent UI Agent systray UI has been extended with a setting window that allows configuring management URL, admin URL and supports pre-shared key. While for the Netbird managed version the Settings are not necessary, it helps to properly configure the self-hosted version.
2022-04-15 17:30:12 +02:00
// createNewConfig creates a new config generating a new Wireguard key and saving to file
Use configuration input struct (#645) As we will be passing more flags to configure local agents, we need a more flexible type
2023-01-08 12:57:28 +01:00
func createNewConfig(input ConfigInput) (*Config, error) {
Load WgPort from config file and exchange via signal (#449) Added additional common blacklisted interfaces Updated the signal protocol to pass the peer port and netbird version Co-authored-by: braginini <bangvalo@gmail.com>
2022-09-02 19:33:35 +02:00
config := &Config{
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
// defaults to false only for new (post 0.26) configurations
ServerSSHAllowed: util.False(),
Load WgPort from config file and exchange via signal (#449) Added additional common blacklisted interfaces Updated the signal protocol to pass the peer port and netbird version Co-authored-by: braginini <bangvalo@gmail.com>
2022-09-02 19:33:35 +02:00
}
Refactor Management and Admin URL config (#674) avoid sending admin or management URLs on service start as it doesn't have an input Parse management and admin URL when needed Pass empty admin url on commands to prevent default overwrite
2023-02-07 11:40:05 +01:00
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if _, err := config.apply(input); err != nil {
Refactor Management and Admin URL config (#674) avoid sending admin or management URLs on service start as it doesn't have an input Parse management and admin URL when needed Pass empty admin url on commands to prevent default overwrite
2023-02-07 11:40:05 +01:00
return nil, err
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
return config, nil
}
Integrate Rosenpass (#1153) This PR aims to integrate Rosenpass with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the cunicu/go-rosenpass implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection. The Feature can be enabled by setting a flag during the netbird up --enable-rosenpass command. If two peers are both support and have the Rosenpass feature enabled they will create a post-quantum secure connection. If one of the peers or both don't have this feature enabled or are running an older version that does not have this feature yet, the NetBird client will fall back to a plain Wireguard connection without pre-shared keys for those connections (keeping Rosenpass negotiation for the rest). Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration. --------- Co-authored-by: braginini <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-01-08 12:25:35 +01:00
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
func update(input ConfigInput) (*Config, error) {
config := &Config{}
Add permissive mode to rosenpass (#1599) * add rosenpass-permissive flag * Clarify rosenpass-permissive flag message Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-02-21 17:23:17 +01:00
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if _, err := util.ReadJson(input.ConfigPath, config); err != nil {
return nil, err
Disable SSH server by default on client side and add the flag --allow-server-ssh to enable it (#1508) This changes the default behavior for new peers, by requiring the agent to be executed with allow-server-ssh set to true in order for the management configuration to take effect.
2024-02-20 11:13:27 +01:00
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
updated, err := config.apply(input)
Refactor Management and Admin URL config (#674) avoid sending admin or management URLs on service start as it doesn't have an input Parse management and admin URL when needed Pass empty admin url on commands to prevent default overwrite
2023-02-07 11:40:05 +01:00
if err != nil {
return nil, err
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if updated {
if err := util.WriteJson(input.ConfigPath, config); err != nil {
Write the Admin URL when creating new config (#388)
2022-07-12 15:02:51 +02:00
return nil, err
}
}
Peer management login (#83) * feature: replace RegisterPeer with Login method that does both - registration and login * test: add management login test * feature: add WiretrusteeConfig to the Login response to configure peer global config * feature: add client peer login support * fix: missing parts * chore: update go deps * feature: support Management Service gRPC endpoints [CLIENT] * feature: finalize client sync with management * fix: management store peer key lower case restore * fix: management returns peer ip without a mask * refactor: remove cmd pkg * fix: invalid tun interface name on mac * fix: timeout when calling management client * fix: tests and lint errors * fix: golang-test workflow * fix: client service tests * fix: iface build * feature: detect management scheme on startup * chore: better logs for management * fix: goreleaser * fix: lint errors * fix: signal TLS * fix: direct Wireguard connection * chore: verbose logging on direct connection
2021-08-15 16:56:26 +02:00
return config, nil
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
func (config *Config) apply(input ConfigInput) (updated bool, err error) {
if config.ManagementURL == nil {
log.Infof("using default Management URL %s", DefaultManagementURL)
config.ManagementURL, err = parseURL("Management URL", DefaultManagementURL)
if err != nil {
return false, err
}
add wiretrustee LOGIN command (#90) * feature: add wiretrustee LOGIN command * chore: add management initial connection timeout * test: add login cmd test * test: validate generated config in login cmd * test: add up command test * chore: add timeout to signal client creation method * test: close wireguard interface once test finished
2021-08-18 13:35:42 +02:00
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if input.ManagementURL != "" && input.ManagementURL != config.ManagementURL.String() {
log.Infof("new Management URL provided, updated to %#v (old value %#v)",
input.ManagementURL, config.ManagementURL.String())
URL, err := parseURL("Management URL", input.ManagementURL)
Peer management login (#83) * feature: replace RegisterPeer with Login method that does both - registration and login * test: add management login test * feature: add WiretrusteeConfig to the Login response to configure peer global config * feature: add client peer login support * fix: missing parts * chore: update go deps * feature: support Management Service gRPC endpoints [CLIENT] * feature: finalize client sync with management * fix: management store peer key lower case restore * fix: management returns peer ip without a mask * refactor: remove cmd pkg * fix: invalid tun interface name on mac * fix: timeout when calling management client * fix: tests and lint errors * fix: golang-test workflow * fix: client service tests * fix: iface build * feature: detect management scheme on startup * chore: better logs for management * fix: goreleaser * fix: lint errors * fix: signal TLS * fix: direct Wireguard connection * chore: verbose logging on direct connection
2021-08-15 16:56:26 +02:00
if err != nil {
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
return false, err
}
config.ManagementURL = URL
updated = true
} else if config.ManagementURL == nil {
log.Infof("using default Management URL %s", DefaultManagementURL)
config.ManagementURL, err = parseURL("Management URL", DefaultManagementURL)
if err != nil {
return false, err
Peer management login (#83) * feature: replace RegisterPeer with Login method that does both - registration and login * test: add management login test * feature: add WiretrusteeConfig to the Login response to configure peer global config * feature: add client peer login support * fix: missing parts * chore: update go deps * feature: support Management Service gRPC endpoints [CLIENT] * feature: finalize client sync with management * fix: management store peer key lower case restore * fix: management returns peer ip without a mask * refactor: remove cmd pkg * fix: invalid tun interface name on mac * fix: timeout when calling management client * fix: tests and lint errors * fix: golang-test workflow * fix: client service tests * fix: iface build * feature: detect management scheme on startup * chore: better logs for management * fix: goreleaser * fix: lint errors * fix: signal TLS * fix: direct Wireguard connection * chore: verbose logging on direct connection
2021-08-15 16:56:26 +02:00
}
Add Settings window to Agent UI Agent systray UI has been extended with a setting window that allows configuring management URL, admin URL and supports pre-shared key. While for the Netbird managed version the Settings are not necessary, it helps to properly configure the self-hosted version.
2022-04-15 17:30:12 +02:00
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if config.AdminURL == nil {
log.Infof("using default Admin URL %s", DefaultManagementURL)
config.AdminURL, err = parseURL("Admin URL", DefaultAdminURL)
if err != nil {
return false, err
}
}
if input.AdminURL != "" && input.AdminURL != config.AdminURL.String() {
log.Infof("new Admin Panel URL provided, updated to %#v (old value %#v)",
input.AdminURL, config.AdminURL.String())
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
newURL, err := parseURL("Admin Panel URL", input.AdminURL)
Update ManagementURL in Config (#262) If ManagementURL is present in the config file and cmd (e.g. up or login) specifies a new one, then update config file with a new ManagementURL
2022-03-13 15:17:18 +01:00
if err != nil {
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
return updated, err
Update ManagementURL in Config (#262) If ManagementURL is present in the config file and cmd (e.g. up or login) specifies a new one, then update config file with a new ManagementURL
2022-03-13 15:17:18 +01:00
}
Add Settings window to Agent UI Agent systray UI has been extended with a setting window that allows configuring management URL, admin URL and supports pre-shared key. While for the Netbird managed version the Settings are not necessary, it helps to properly configure the self-hosted version.
2022-04-15 17:30:12 +02:00
config.AdminURL = newURL
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
updated = true
Add Settings window to Agent UI Agent systray UI has been extended with a setting window that allows configuring management URL, admin URL and supports pre-shared key. While for the Netbird managed version the Settings are not necessary, it helps to properly configure the self-hosted version.
2022-04-15 17:30:12 +02:00
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if config.PrivateKey == "" {
log.Infof("generated new Wireguard key")
config.PrivateKey = generateKey()
updated = true
Peer management login (#83) * feature: replace RegisterPeer with Login method that does both - registration and login * test: add management login test * feature: add WiretrusteeConfig to the Login response to configure peer global config * feature: add client peer login support * fix: missing parts * chore: update go deps * feature: support Management Service gRPC endpoints [CLIENT] * feature: finalize client sync with management * fix: management store peer key lower case restore * fix: management returns peer ip without a mask * refactor: remove cmd pkg * fix: invalid tun interface name on mac * fix: timeout when calling management client * fix: tests and lint errors * fix: golang-test workflow * fix: client service tests * fix: iface build * feature: detect management scheme on startup * chore: better logs for management * fix: goreleaser * fix: lint errors * fix: signal TLS * fix: direct Wireguard connection * chore: verbose logging on direct connection
2021-08-15 16:56:26 +02:00
}
Adding --external-ip-map and --dns-resolver-address and shorthand flags (#652) Adding --external-ip-map and --dns-resolver-address to up command and shorthand option to global flags. Refactor get and read config functions with new ConfigInput type. updated cobra package to latest release.
2023-01-17 19:16:50 +01:00
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
if config.SSHKey == "" {
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
log.Infof("generated new SSH key")
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
pem, err := ssh.GeneratePrivateKey(ssh.ED25519)
if err != nil {
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
return false, err
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
}
config.SSHKey = string(pem)
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
updated = true
Load WgPort from config file and exchange via signal (#449) Added additional common blacklisted interfaces Updated the signal protocol to pass the peer port and netbird version Co-authored-by: braginini <bangvalo@gmail.com>
2022-09-02 19:33:35 +02:00
}
Add support for setting interface name and wireguard port (#1467) This PR adds support for setting the wireguard interface name and port with the netbird up command
2024-01-15 15:53:23 +01:00
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if input.WireguardPort != nil && *input.WireguardPort != config.WgPort {
log.Infof("updating Wireguard port %d (old value %d)",
*input.WireguardPort, config.WgPort)
Add support for setting interface name and wireguard port (#1467) This PR adds support for setting the wireguard interface name and port with the netbird up command
2024-01-15 15:53:23 +01:00
config.WgPort = *input.WireguardPort
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
updated = true
} else if config.WgPort == 0 {
config.WgPort = iface.DefaultWgPort
log.Infof("using default Wireguard port %d", config.WgPort)
updated = true
Add support for setting interface name and wireguard port (#1467) This PR adds support for setting the wireguard interface name and port with the netbird up command
2024-01-15 15:53:23 +01:00
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if input.InterfaceName != nil && *input.InterfaceName != config.WgIface {
log.Infof("updating Wireguard interface %#v (old value %#v)",
*input.InterfaceName, config.WgIface)
Add support for setting interface name and wireguard port (#1467) This PR adds support for setting the wireguard interface name and port with the netbird up command
2024-01-15 15:53:23 +01:00
config.WgIface = *input.InterfaceName
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
updated = true
} else if config.WgIface == "" {
config.WgIface = iface.WgInterfaceDefault
log.Infof("using default Wireguard interface %s", config.WgIface)
updated = true
Add support for setting interface name and wireguard port (#1467) This PR adds support for setting the wireguard interface name and port with the netbird up command
2024-01-15 15:53:23 +01:00
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if input.NATExternalIPs != nil && !reflect.DeepEqual(config.NATExternalIPs, input.NATExternalIPs) {
log.Infof("updating NAT External IP [ %s ] (old value: [ %s ])",
strings.Join(input.NATExternalIPs, " "),
strings.Join(config.NATExternalIPs, " "))
Adding --external-ip-map and --dns-resolver-address and shorthand flags (#652) Adding --external-ip-map and --dns-resolver-address to up command and shorthand option to global flags. Refactor get and read config functions with new ConfigInput type. updated cobra package to latest release.
2023-01-17 19:16:50 +01:00
config.NATExternalIPs = input.NATExternalIPs
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
updated = true
Adding --external-ip-map and --dns-resolver-address and shorthand flags (#652) Adding --external-ip-map and --dns-resolver-address to up command and shorthand option to global flags. Refactor get and read config functions with new ConfigInput type. updated cobra package to latest release.
2023-01-17 19:16:50 +01:00
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if input.PreSharedKey != nil && *input.PreSharedKey != config.PreSharedKey {
log.Infof("new pre-shared key provided, replacing old key")
config.PreSharedKey = *input.PreSharedKey
updated = true
Adding --external-ip-map and --dns-resolver-address and shorthand flags (#652) Adding --external-ip-map and --dns-resolver-address to up command and shorthand option to global flags. Refactor get and read config functions with new ConfigInput type. updated cobra package to latest release.
2023-01-17 19:16:50 +01:00
}
Load WgPort from config file and exchange via signal (#449) Added additional common blacklisted interfaces Updated the signal protocol to pass the peer port and netbird version Co-authored-by: braginini <bangvalo@gmail.com>
2022-09-02 19:33:35 +02:00
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if input.RosenpassEnabled != nil && *input.RosenpassEnabled != config.RosenpassEnabled {
log.Infof("switching Rosenpass to %t", *input.RosenpassEnabled)
Integrate Rosenpass (#1153) This PR aims to integrate Rosenpass with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the cunicu/go-rosenpass implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection. The Feature can be enabled by setting a flag during the netbird up --enable-rosenpass command. If two peers are both support and have the Rosenpass feature enabled they will create a post-quantum secure connection. If one of the peers or both don't have this feature enabled or are running an older version that does not have this feature yet, the NetBird client will fall back to a plain Wireguard connection without pre-shared keys for those connections (keeping Rosenpass negotiation for the rest). Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration. --------- Co-authored-by: braginini <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-01-08 12:25:35 +01:00
config.RosenpassEnabled = *input.RosenpassEnabled
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
updated = true
feat: add --disable-auto-connectflag to prevent auto connection after daemon service start (fixes #444, fixes #1382) (#1161) With these changes, the command up supports the flag --disable-auto-connect that allows users to disable auto connection on the client after a computer restart or when the daemon restarts.
2024-02-20 10:10:05 +01:00
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if input.RosenpassPermissive != nil && *input.RosenpassPermissive != config.RosenpassPermissive {
log.Infof("switching Rosenpass permissive to %t", *input.RosenpassPermissive)
Add permissive mode to rosenpass (#1599) * add rosenpass-permissive flag * Clarify rosenpass-permissive flag message Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-02-21 17:23:17 +01:00
config.RosenpassPermissive = *input.RosenpassPermissive
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
updated = true
Add permissive mode to rosenpass (#1599) * add rosenpass-permissive flag * Clarify rosenpass-permissive flag message Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-02-21 17:23:17 +01:00
}
Enable network monitoring for Windows and macOS clients (#2126) * Enable network monitoring by default for Windows and Darwin * Enable network monitoring by default on Windows and macOS * fix merge * Prevent updating config if no changes
2024-06-13 17:47:25 +02:00
if input.NetworkMonitor != nil && input.NetworkMonitor != config.NetworkMonitor {
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
log.Infof("switching Network Monitor to %t", *input.NetworkMonitor)
Enable network monitoring for Windows and macOS clients (#2126) * Enable network monitoring by default for Windows and Darwin * Enable network monitoring by default on Windows and macOS * fix merge * Prevent updating config if no changes
2024-06-13 17:47:25 +02:00
config.NetworkMonitor = input.NetworkMonitor
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
updated = true
Integrate Rosenpass (#1153) This PR aims to integrate Rosenpass with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the cunicu/go-rosenpass implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection. The Feature can be enabled by setting a flag during the netbird up --enable-rosenpass command. If two peers are both support and have the Rosenpass feature enabled they will create a post-quantum secure connection. If one of the peers or both don't have this feature enabled or are running an older version that does not have this feature yet, the NetBird client will fall back to a plain Wireguard connection without pre-shared keys for those connections (keeping Rosenpass negotiation for the rest). Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration. --------- Co-authored-by: braginini <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-01-08 12:25:35 +01:00
}
Enable network monitoring for Windows and macOS clients (#2126) * Enable network monitoring by default for Windows and Darwin * Enable network monitoring by default on Windows and macOS * fix merge * Prevent updating config if no changes
2024-06-13 17:47:25 +02:00
if config.NetworkMonitor == nil {
// enable network monitoring by default on windows and darwin clients
if runtime.GOOS == "windows" || runtime.GOOS == "darwin" {
enabled := true
config.NetworkMonitor = &enabled
updated = true
}
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if input.CustomDNSAddress != nil && string(input.CustomDNSAddress) != config.CustomDNSAddress {
log.Infof("updating custom DNS address %#v (old value %#v)",
string(input.CustomDNSAddress), config.CustomDNSAddress)
config.CustomDNSAddress = string(input.CustomDNSAddress)
updated = true
Disable SSH server by default on client side and add the flag --allow-server-ssh to enable it (#1508) This changes the default behavior for new peers, by requiring the agent to be executed with allow-server-ssh set to true in order for the management configuration to take effect.
2024-02-20 11:13:27 +01:00
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if len(config.IFaceBlackList) == 0 {
log.Infof("filling in interface blacklist with defaults: [ %s ]",
strings.Join(defaultInterfaceBlacklist, " "))
config.IFaceBlackList = append(config.IFaceBlackList, defaultInterfaceBlacklist...)
updated = true
Disable SSH server by default on client side and add the flag --allow-server-ssh to enable it (#1508) This changes the default behavior for new peers, by requiring the agent to be executed with allow-server-ssh set to true in order for the management configuration to take effect.
2024-02-20 11:13:27 +01:00
}
support to configure extra blacklist of iface in "up" command (#1734) Support to configure extra blacklist of iface in "up" command
2024-03-28 09:56:41 +01:00
if len(input.ExtraIFaceBlackList) > 0 {
for _, iFace := range util.SliceDiff(input.ExtraIFaceBlackList, config.IFaceBlackList) {
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
log.Infof("adding new entry to interface blacklist: %s", iFace)
support to configure extra blacklist of iface in "up" command (#1734) Support to configure extra blacklist of iface in "up" command
2024-03-28 09:56:41 +01:00
config.IFaceBlackList = append(config.IFaceBlackList, iFace)
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
updated = true
support to configure extra blacklist of iface in "up" command (#1734) Support to configure extra blacklist of iface in "up" command
2024-03-28 09:56:41 +01:00
}
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if input.DisableAutoConnect != nil && *input.DisableAutoConnect != config.DisableAutoConnect {
if *input.DisableAutoConnect {
log.Infof("turning off automatic connection on startup")
} else {
log.Infof("enabling automatic connection on startup")
Add Settings window to Agent UI Agent systray UI has been extended with a setting window that allows configuring management URL, admin URL and supports pre-shared key. While for the Netbird managed version the Settings are not necessary, it helps to properly configure the self-hosted version.
2022-04-15 17:30:12 +02:00
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
config.DisableAutoConnect = *input.DisableAutoConnect
updated = true
Add Settings window to Agent UI Agent systray UI has been extended with a setting window that allows configuring management URL, admin URL and supports pre-shared key. While for the Netbird managed version the Settings are not necessary, it helps to properly configure the self-hosted version.
2022-04-15 17:30:12 +02:00
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
if input.ServerSSHAllowed != nil && *input.ServerSSHAllowed != *config.ServerSSHAllowed {
if *input.ServerSSHAllowed {
log.Infof("enabling SSH server")
} else {
log.Infof("disabling SSH server")
}
config.ServerSSHAllowed = input.ServerSSHAllowed
updated = true
} else if config.ServerSSHAllowed == nil {
// enables SSH for configs from old versions to preserve backwards compatibility
log.Infof("falling back to enabled SSH server for pre-existing configuration")
config.ServerSSHAllowed = util.True()
updated = true
}
Release 0.28.0 (#2092) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package * Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
2024-06-13 13:24:24 +02:00
if input.DNSRouteInterval != nil && *input.DNSRouteInterval != config.DNSRouteInterval {
log.Infof("updating DNS route interval to %s (old value %s)",
input.DNSRouteInterval.String(), config.DNSRouteInterval.String())
config.DNSRouteInterval = *input.DNSRouteInterval
updated = true
} else if config.DNSRouteInterval == 0 {
config.DNSRouteInterval = dynamic.DefaultInterval
log.Infof("using default DNS route interval %s", config.DNSRouteInterval)
updated = true
}
[client] Add mTLS support for SSO login (#2188) * Add mTLS support for SSO login * Refactor variable to follow Go naming conventions --------- Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-08-13 17:07:44 +02:00
if input.ClientCertKeyPath != "" {
config.ClientCertKeyPath = input.ClientCertKeyPath
updated = true
}
if input.ClientCertPath != "" {
config.ClientCertPath = input.ClientCertPath
updated = true
}
if config.ClientCertPath != "" && config.ClientCertKeyPath != "" {
cert, err := tls.LoadX509KeyPair(config.ClientCertPath, config.ClientCertKeyPath)
if err != nil {
log.Error("Failed to load mTLS cert/key pair: ", err)
} else {
config.ClientCertKeyPair = &cert
log.Info("Loaded client mTLS cert/key pair")
}
}
unify Config generation, loading and updating (#1586) * config.go: pull unified Config.apply() out of createNewConfig() and update() as a bonus it ensures returned Config object doesn't have any configuration values missing
2024-05-08 18:58:31 +02:00
return updated, nil
add wiretrustee LOGIN command (#90) * feature: add wiretrustee LOGIN command * chore: add management initial connection timeout * test: add login cmd test * test: validate generated config in login cmd * test: add up command test * chore: add timeout to signal client creation method * test: close wireguard interface once test finished
2021-08-18 13:35:42 +02:00
}
Peer management login (#83) * feature: replace RegisterPeer with Login method that does both - registration and login * test: add management login test * feature: add WiretrusteeConfig to the Login response to configure peer global config * feature: add client peer login support * fix: missing parts * chore: update go deps * feature: support Management Service gRPC endpoints [CLIENT] * feature: finalize client sync with management * fix: management store peer key lower case restore * fix: management returns peer ip without a mask * refactor: remove cmd pkg * fix: invalid tun interface name on mac * fix: timeout when calling management client * fix: tests and lint errors * fix: golang-test workflow * fix: client service tests * fix: iface build * feature: detect management scheme on startup * chore: better logs for management * fix: goreleaser * fix: lint errors * fix: signal TLS * fix: direct Wireguard connection * chore: verbose logging on direct connection
2021-08-15 16:56:26 +02:00
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
// parseURL parses and validates a service URL
func parseURL(serviceName, serviceURL string) (*url.URL, error) {
parsedMgmtURL, err := url.ParseRequestURI(serviceURL)
if err != nil {
log.Errorf("failed parsing %s URL %s: [%s]", serviceName, serviceURL, err.Error())
return nil, err
add wiretrustee LOGIN command (#90) * feature: add wiretrustee LOGIN command * chore: add management initial connection timeout * test: add login cmd test * test: validate generated config in login cmd * test: add up command test * chore: add timeout to signal client creation method * test: close wireguard interface once test finished
2021-08-18 13:35:42 +02:00
}
Fix nil pointer exception in config parser (#702) In config reader if the input.PreSharedKey is nil then the GetConfig throw nil pointer exception
2023-02-23 09:48:43 +01:00
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
if parsedMgmtURL.Scheme != "https" && parsedMgmtURL.Scheme != "http" {
return nil, fmt.Errorf(
"invalid %s URL provided %s. Supported format [http|https]://[host]:[port]",
serviceName, serviceURL)
}
if parsedMgmtURL.Port() == "" {
switch parsedMgmtURL.Scheme {
case "https":
Add gocritic linter (#1324) * Add gocritic linter `gocritic` provides diagnostics that check for bugs, performance, and style issues We disable the following checks: - commentFormatting - captLocal - deprecatedComment This PR contains many `//nolint:gocritic` to disable `appendAssign`.
2023-11-27 16:40:02 +01:00
parsedMgmtURL.Host += ":443"
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
case "http":
Add gocritic linter (#1324) * Add gocritic linter `gocritic` provides diagnostics that check for bugs, performance, and style issues We disable the following checks: - commentFormatting - captLocal - deprecatedComment This PR contains many `//nolint:gocritic` to disable `appendAssign`.
2023-11-27 16:40:02 +01:00
parsedMgmtURL.Host += ":80"
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
default:
log.Infof("unable to determine a default port for schema %s in URL %s", parsedMgmtURL.Scheme, serviceURL)
}
Fix nil pointer exception in config parser (#702) In config reader if the input.PreSharedKey is nil then the GetConfig throw nil pointer exception
2023-02-23 09:48:43 +01:00
}
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
return parsedMgmtURL, err
Peer management login (#83) * feature: replace RegisterPeer with Login method that does both - registration and login * test: add management login test * feature: add WiretrusteeConfig to the Login response to configure peer global config * feature: add client peer login support * fix: missing parts * chore: update go deps * feature: support Management Service gRPC endpoints [CLIENT] * feature: finalize client sync with management * fix: management store peer key lower case restore * fix: management returns peer ip without a mask * refactor: remove cmd pkg * fix: invalid tun interface name on mac * fix: timeout when calling management client * fix: tests and lint errors * fix: golang-test workflow * fix: client service tests * fix: iface build * feature: detect management scheme on startup * chore: better logs for management * fix: goreleaser * fix: lint errors * fix: signal TLS * fix: direct Wireguard connection * chore: verbose logging on direct connection
2021-08-15 16:56:26 +02:00
}
// generateKey generates a new Wireguard private key
func generateKey() string {
Change Management Sync protocol to support incremental (serial) network changes (#191) * feature: introduce NetworkMap to the management protocol with a Serial ID * test: add Management Sync method protocol test * test: add Management Sync method NetworkMap field check [FAILING] * test: add Management Sync method NetworkMap field check [FAILING] * feature: fill NetworkMap property to when Deleting peer * feature: fill NetworkMap in the Sync protocol * test: code review mentions - GeneratePrivateKey() in the test * fix: wiretrustee client use wireguard GeneratePrivateKey() instead of GenerateKey() * test: add NetworkMap test * fix: management_proto test remove store.json on test finish
2022-01-16 17:10:36 +01:00
key, err := wgtypes.GeneratePrivateKey()
Peer management login (#83) * feature: replace RegisterPeer with Login method that does both - registration and login * test: add management login test * feature: add WiretrusteeConfig to the Login response to configure peer global config * feature: add client peer login support * fix: missing parts * chore: update go deps * feature: support Management Service gRPC endpoints [CLIENT] * feature: finalize client sync with management * fix: management store peer key lower case restore * fix: management returns peer ip without a mask * refactor: remove cmd pkg * fix: invalid tun interface name on mac * fix: timeout when calling management client * fix: tests and lint errors * fix: golang-test workflow * fix: client service tests * fix: iface build * feature: detect management scheme on startup * chore: better logs for management * fix: goreleaser * fix: lint errors * fix: signal TLS * fix: direct Wireguard connection * chore: verbose logging on direct connection
2021-08-15 16:56:26 +02:00
if err != nil {
panic(err)
}
return key.String()
}
Client Login via device authorization flow (#309) UI and CLI Clients are now able to use SSO login by default we will check if the management has configured or supports SSO providers daemon will handle fetching and waiting for an access token Oauth package was moved to internal to avoid one extra package at this stage Secrets were removed from OAuth CLI clients have less and better output 2 new status were introduced, NeedsLogin and FailedLogin for better messaging With NeedsLogin we no longer have endless login attempts
2022-05-12 11:17:24 +02:00
Fix nil pointer exception in config parser (#702) In config reader if the input.PreSharedKey is nil then the GetConfig throw nil pointer exception
2023-02-23 09:48:43 +01:00
// don't overwrite pre-shared key if we receive asterisks from UI
func isPreSharedKeyHidden(preSharedKey *string) bool {
if preSharedKey != nil && *preSharedKey == "**********" {
return true
}
return false
}
Config cleaning (#710) Code cleaning in the config.go of the client. This change keep the logic in original state. The name of the exported function was not covered well the internal workflow. Without read the comment was not understandable what is the difference between the GetConfig and ReadConfig. By the way both of them doing write operation.
2023-03-02 13:28:14 +01:00
func configFileIsExists(path string) bool {
_, err := os.Stat(path)
return !os.IsNotExist(err)
}
Update cloud management URL to https://api.netbird.io:443 (#1402) With this change we are updating client configuration files to use the new domain
2023-12-27 20:56:04 +01:00
// UpdateOldManagementURL checks whether client can switch to the new Management URL with port 443 and the management domain.
// If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config.
// The check is performed only for the NetBird's managed version.
func UpdateOldManagementURL(ctx context.Context, config *Config, configPath string) (*Config, error) {
defaultManagementURL, err := parseURL("Management URL", DefaultManagementURL)
if err != nil {
return nil, err
}
parsedOldDefaultManagementURL, err := parseURL("Management URL", oldDefaultManagementURL)
if err != nil {
return nil, err
}
if config.ManagementURL.Hostname() != defaultManagementURL.Hostname() &&
config.ManagementURL.Hostname() != parsedOldDefaultManagementURL.Hostname() {
// only do the check for the NetBird's managed version
return config, nil
}
var mgmTlsEnabled bool
if config.ManagementURL.Scheme == "https" {
mgmTlsEnabled = true
}
if !mgmTlsEnabled {
// only do the check for HTTPs scheme (the hosted version of the Management service is always HTTPs)
return config, nil
}
if config.ManagementURL.Port() != managementLegacyPortString &&
config.ManagementURL.Hostname() == defaultManagementURL.Hostname() {
return config, nil
}
newURL, err := parseURL("Management URL", fmt.Sprintf("%s://%s:%d",
config.ManagementURL.Scheme, defaultManagementURL.Hostname(), 443))
if err != nil {
return nil, err
}
// here we check whether we could switch from the legacy 33073 port to the new 443
log.Infof("attempting to switch from the legacy Management URL %s to the new one %s",
config.ManagementURL.String(), newURL.String())
key, err := wgtypes.ParseKey(config.PrivateKey)
if err != nil {
log.Infof("couldn't switch to the new Management %s", newURL.String())
return config, err
}
client, err := mgm.NewClient(ctx, newURL.Host, key, mgmTlsEnabled)
if err != nil {
log.Infof("couldn't switch to the new Management %s", newURL.String())
return config, err
}
defer func() {
err = client.Close()
if err != nil {
log.Warnf("failed to close the Management service client %v", err)
}
}()
// gRPC check
_, err = client.GetServerPublicKey()
if err != nil {
log.Infof("couldn't switch to the new Management %s", newURL.String())
return nil, err
}
// everything is alright => update the config
newConfig, err := UpdateConfig(ConfigInput{
ManagementURL: newURL.String(),
ConfigPath: configPath,
})
if err != nil {
log.Infof("couldn't switch to the new Management %s", newURL.String())
return config, fmt.Errorf("failed updating config file: %v", err)
}
log.Infof("successfully switched to the new Management URL: %s", newURL.String())
return newConfig, nil
}
Reference in New Issue Copy Permalink