extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-11-24 09:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
a6c59601f9
netbird/management/server/peer.go

964 lines
30 KiB
Go
Raw Normal View History

Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
package server
import (
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
"context"
Add system activity tracking and event store (#636) This PR adds system activity tracking. The management service records events like add/remove peer, group, rule, route, etc. The activity events are stored in the SQLite event store and can be queried by the HTTP API.
2023-01-02 15:11:32 +01:00
"fmt"
Add initial support of device posture checks (#1540) This PR implements the following posture checks: * Agent minimum version allowed * OS minimum version allowed * Geo-location based on connection IP For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh. The OpenAPI spec should extensively cover the life cycle of current version posture checks.
2024-02-20 09:59:56 +01:00
"net"
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
"strings"
[management] Improve mgmt sync performance (#2363)
2024-08-07 10:52:31 +02:00
"sync"
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
"time"
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
use UTC everywhere in server
2023-04-03 15:09:35 +02:00
"github.com/rs/xid"
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
log "github.com/sirupsen/logrus"
use UTC everywhere in server
2023-04-03 15:09:35 +02:00
Add SavePeer method to prevent a possible account inconsistency (#2296) SyncPeer was storing the account with a simple read lock This change introduces the SavePeer method to the store to be used in these cases
2024-07-26 07:49:05 +02:00
"github.com/netbirdio/netbird/management/server/posture"
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
"github.com/netbirdio/netbird/management/proto"
Feat rego default policy (#700) Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 15:14:18 +01:00
"github.com/netbirdio/netbird/management/server/activity"
extract peer into seperate package
2023-11-28 13:45:26 +01:00
nbpeer "github.com/netbirdio/netbird/management/server/peer"
Feat rego default policy (#700) Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 15:14:18 +01:00
"github.com/netbirdio/netbird/management/server/status"
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
)
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
// PeerSync used as a data object between the gRPC API and AccountManager on Sync request.
type PeerSync struct {
// WireGuardPubKey is a peers WireGuard public key
WireGuardPubKey string
Release 0.28.0 (#2092) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package * Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
2024-06-13 13:24:24 +02:00
// Meta is the system information passed by peer, must be always present
Meta nbpeer.PeerSystemMeta
// UpdateAccountPeers indicate updating account peers,
// which occurs when the peer's metadata is updated
UpdateAccountPeers bool
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
// PeerLogin used as a data object between the gRPC API and AccountManager on Login request.
type PeerLogin struct {
// WireGuardPubKey is a peers WireGuard public key
WireGuardPubKey string
// SSHKey is a peer's ssh key. Can be empty (e.g., old version do not provide it, or this feature is disabled)
SSHKey string
// Meta is the system information passed by peer, must be always present.
extract peer into seperate package
2023-11-28 13:45:26 +01:00
Meta nbpeer.PeerSystemMeta
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
// UserID indicates that JWT was used to log in, and it was valid. Can be empty when SetupKey is used or auth is not required.
UserID string
// SetupKey references to a server.SetupKey to log in. Can be empty when UserID is used or auth is not required.
SetupKey string
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
// ConnectionIP is the real IP of the peer
ConnectionIP net.IP
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
Hide content based on user role (#541)
2022-11-05 10:24:50 +01:00
// GetPeers returns a list of peers under the given account filtering out peers that do not belong to a user if
// the current user is not an admin.
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) GetPeers(ctx context.Context, accountID, userID string) ([]*nbpeer.Peer, error) {
account, err := am.Store.GetAccount(ctx, accountID)
Hide content based on user role (#541)
2022-11-05 10:24:50 +01:00
if err != nil {
return nil, err
}
user, err := account.FindUser(userID)
if err != nil {
return nil, err
}
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
approvedPeersMap, err := am.GetValidatedPeers(account)
if err != nil {
return nil, err
}
extract peer into seperate package
2023-11-28 13:45:26 +01:00
peers := make([]*nbpeer.Peer, 0)
peersMap := make(map[string]*nbpeer.Peer)
Add limited dashboard view (#1738)
2024-03-27 16:11:45 +01:00
Skip network map check if not regular user (#2402) when getting all peers we don't need to calculate network map when not a regular user
2024-08-07 10:22:12 +02:00
regularUser := !user.HasAdminPower() && !user.IsServiceUser
if regularUser && account.Settings.RegularUsersViewBlocked {
Add limited dashboard view (#1738)
2024-03-27 16:11:45 +01:00
return peers, nil
}
Hide content based on user role (#541)
2022-11-05 10:24:50 +01:00
for _, peer := range account.Peers {
Skip network map check if not regular user (#2402) when getting all peers we don't need to calculate network map when not a regular user
2024-08-07 10:22:12 +02:00
if regularUser && user.Id != peer.UserID {
Hide content based on user role (#541)
2022-11-05 10:24:50 +01:00
// only display peers that belong to the current user if the current user is not an admin
continue
}
Display peers of a user that it has access to (#571) If a user has a non-admin role, display all peers that user's peers have access to when calling /peers endpoint of the HTTP API.
2022-11-21 17:45:14 +01:00
p := peer.Copy()
peers = append(peers, p)
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
peersMap[peer.ID] = p
Display peers of a user that it has access to (#571) If a user has a non-admin role, display all peers that user's peers have access to when calling /peers endpoint of the HTTP API.
2022-11-21 17:45:14 +01:00
}
Skip network map check if not regular user (#2402) when getting all peers we don't need to calculate network map when not a regular user
2024-08-07 10:22:12 +02:00
if !regularUser {
return peers, nil
}
Display peers of a user that it has access to (#571) If a user has a non-admin role, display all peers that user's peers have access to when calling /peers endpoint of the HTTP API.
2022-11-21 17:45:14 +01:00
// fetch all the peers that have access to the user's peers
for _, peer := range peers {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
aclPeers, _ := account.getPeerConnectionResources(ctx, peer.ID, approvedPeersMap)
Display peers of a user that it has access to (#571) If a user has a non-admin role, display all peers that user's peers have access to when calling /peers endpoint of the HTTP API.
2022-11-21 17:45:14 +01:00
for _, p := range aclPeers {
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
peersMap[p.ID] = p
Display peers of a user that it has access to (#571) If a user has a non-admin role, display all peers that user's peers have access to when calling /peers endpoint of the HTTP API.
2022-11-21 17:45:14 +01:00
}
}
extract peer into seperate package
2023-11-28 13:45:26 +01:00
peers = make([]*nbpeer.Peer, 0, len(peersMap))
Display peers of a user that it has access to (#571) If a user has a non-admin role, display all peers that user's peers have access to when calling /peers endpoint of the HTTP API.
2022-11-21 17:45:14 +01:00
for _, peer := range peersMap {
peers = append(peers, peer)
Hide content based on user role (#541)
2022-11-05 10:24:50 +01:00
}
return peers, nil
}
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
// MarkPeerConnected marks peer as connected (true) or disconnected (false)
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) MarkPeerConnected(ctx context.Context, peerPubKey string, connected bool, realIP net.IP, account *Account) error {
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
peer, err := account.FindPeerByPubKey(peerPubKey)
Add peer meta data (#95) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * feature: add peer system metadata * feature: add peer status * test: fix removal
2021-08-24 11:50:19 +02:00
if err != nil {
return err
}
Proactively expire peers' login per account (#698) Goals: Enable peer login expiration when adding new peer Expire peer's login when the time comes The account manager triggers peer expiration routine in future if the following conditions are true: peer expiration is enabled for the account there is at least one peer that has expiration enabled and is connected The time of the next expiration check is based on the nearest peer expiration. Account manager finds a peer with the oldest last login (auth) timestamp and calculates the time when it has to run the routine as a sum of the configured peer login expiration duration and the peer's last login time. When triggered, the expiration routine checks whether there are expired peers. The management server closes the update channel of these peers and updates network map of other peers to exclude expired peers so that the expired peers are not able to connect anywhere. The account manager can reschedule or cancel peer expiration in the following cases: when admin changes account setting (peer expiration enable/disable) when admin updates the expiration duration of the account when admin updates peer expiration (enable/disable) when peer connects (Sync) P.S. The network map calculation was updated to exclude peers that have login expired.
2023-02-27 16:44:26 +01:00
oldStatus := peer.Status.Copy()
newStatus := oldStatus
use UTC everywhere in server
2023-04-03 15:09:35 +02:00
newStatus.LastSeen = time.Now().UTC()
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
newStatus.Connected = connected
Update peer status when login expires (#688) Extend PeerStatus with an extra field LoginExpired, that can be stored in the database.
2023-02-15 11:27:22 +01:00
// whenever peer got connected that means that it logged in successfully
if newStatus.Connected {
newStatus.LoginExpired = false
}
Save Peer Status separately in the FileStore (#554) Due to peer reconnects when restarting the Management service, there are lots of SaveStore operations to update peer status. Store.SavePeerStatus stores peer status separately and the FileStore implementation stores it in memory.
2022-11-08 10:46:12 +01:00
peer.Status = newStatus
Add initial support of device posture checks (#1540) This PR implements the following posture checks: * Agent minimum version allowed * OS minimum version allowed * Geo-location based on connection IP For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh. The OpenAPI spec should extensively cover the life cycle of current version posture checks.
2024-02-20 09:59:56 +01:00
if am.geo != nil && realIP != nil {
location, err := am.geo.Lookup(realIP)
if err != nil {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
log.WithContext(ctx).Warnf("failed to get location for peer %s realip: [%s]: %v", peer.ID, realIP.String(), err)
Add initial support of device posture checks (#1540) This PR implements the following posture checks: * Agent minimum version allowed * OS minimum version allowed * Geo-location based on connection IP For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh. The OpenAPI spec should extensively cover the life cycle of current version posture checks.
2024-02-20 09:59:56 +01:00
} else {
peer.Location.ConnectionIP = realIP
peer.Location.CountryCode = location.Country.ISOCode
peer.Location.CityName = location.City.Names.En
peer.Location.GeoNameID = location.City.GeonameID
err = am.Store.SavePeerLocation(account.Id, peer)
if err != nil {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
log.WithContext(ctx).Warnf("could not store location for peer %s: %s", peer.ID, err)
Add initial support of device posture checks (#1540) This PR implements the following posture checks: * Agent minimum version allowed * OS minimum version allowed * Geo-location based on connection IP For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh. The OpenAPI spec should extensively cover the life cycle of current version posture checks.
2024-02-20 09:59:56 +01:00
}
}
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
account.UpdatePeer(peer)
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
err = am.Store.SavePeerStatus(account.Id, peer.ID, *newStatus)
Add peer meta data (#95) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * feature: add peer system metadata * feature: add peer status * test: fix removal
2021-08-24 11:50:19 +02:00
if err != nil {
return err
}
Proactively expire peers' login per account (#698) Goals: Enable peer login expiration when adding new peer Expire peer's login when the time comes The account manager triggers peer expiration routine in future if the following conditions are true: peer expiration is enabled for the account there is at least one peer that has expiration enabled and is connected The time of the next expiration check is based on the nearest peer expiration. Account manager finds a peer with the oldest last login (auth) timestamp and calculates the time when it has to run the routine as a sum of the configured peer login expiration duration and the peer's last login time. When triggered, the expiration routine checks whether there are expired peers. The management server closes the update channel of these peers and updates network map of other peers to exclude expired peers so that the expired peers are not able to connect anywhere. The account manager can reschedule or cancel peer expiration in the following cases: when admin changes account setting (peer expiration enable/disable) when admin updates the expiration duration of the account when admin updates peer expiration (enable/disable) when peer connects (Sync) P.S. The network map calculation was updated to exclude peers that have login expired.
2023-02-27 16:44:26 +01:00
if peer.AddedWithSSOLogin() && peer.LoginExpirationEnabled && account.Settings.PeerLoginExpirationEnabled {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.checkAndSchedulePeerLoginExpiration(ctx, account)
Proactively expire peers' login per account (#698) Goals: Enable peer login expiration when adding new peer Expire peer's login when the time comes The account manager triggers peer expiration routine in future if the following conditions are true: peer expiration is enabled for the account there is at least one peer that has expiration enabled and is connected The time of the next expiration check is based on the nearest peer expiration. Account manager finds a peer with the oldest last login (auth) timestamp and calculates the time when it has to run the routine as a sum of the configured peer login expiration duration and the peer's last login time. When triggered, the expiration routine checks whether there are expired peers. The management server closes the update channel of these peers and updates network map of other peers to exclude expired peers so that the expired peers are not able to connect anywhere. The account manager can reschedule or cancel peer expiration in the following cases: when admin changes account setting (peer expiration enable/disable) when admin updates the expiration duration of the account when admin updates peer expiration (enable/disable) when peer connects (Sync) P.S. The network map calculation was updated to exclude peers that have login expired.
2023-02-27 16:44:26 +01:00
}
if oldStatus.LoginExpired {
// we need to update other peers because when peer login expires all other peers are notified to disconnect from
Feat rego default policy (#700) Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 15:14:18 +01:00
// the expired one. Here we notify them that connection is now allowed again.
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.updateAccountPeers(ctx, account)
Proactively expire peers' login per account (#698) Goals: Enable peer login expiration when adding new peer Expire peer's login when the time comes The account manager triggers peer expiration routine in future if the following conditions are true: peer expiration is enabled for the account there is at least one peer that has expiration enabled and is connected The time of the next expiration check is based on the nearest peer expiration. Account manager finds a peer with the oldest last login (auth) timestamp and calculates the time when it has to run the routine as a sum of the configured peer login expiration duration and the peer's last login time. When triggered, the expiration routine checks whether there are expired peers. The management server closes the update channel of these peers and updates network map of other peers to exclude expired peers so that the expired peers are not able to connect anywhere. The account manager can reschedule or cancel peer expiration in the following cases: when admin changes account setting (peer expiration enable/disable) when admin updates the expiration duration of the account when admin updates peer expiration (enable/disable) when peer connects (Sync) P.S. The network map calculation was updated to exclude peers that have login expired.
2023-02-27 16:44:26 +01:00
}
Add peer meta data (#95) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * feature: add peer system metadata * feature: add peer status * test: fix removal
2021-08-24 11:50:19 +02:00
return nil
}
Add login expiration fields to peer HTTP API (#687) Return login expiration related fields in the Peer HTTP GET endpoint. Support enable/disable peer's login expiration via HTTP PUT.
2023-02-14 10:14:00 +01:00
// UpdatePeer updates peer. Only Peer.Name, Peer.SSHEnabled, and Peer.LoginExpirationEnabled can be updated.
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) UpdatePeer(ctx context.Context, accountID, userID string, update *nbpeer.Peer) (*nbpeer.Peer, error) {
Add write lock for peer when saving its connection status (#2359)
2024-07-31 14:53:32 +02:00
unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
defer unlock()
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
account, err := am.Store.GetAccount(ctx, accountID)
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
if err != nil {
Replace gRPC errors in business logic with internal ones (#558)
2022-11-11 20:36:45 +01:00
return nil, err
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
}
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
peer := account.GetPeer(update.ID)
if peer == nil {
return nil, status.Errorf(status.NotFound, "peer %s not found", update.ID)
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
update, err = am.integratedPeerValidator.ValidatePeer(ctx, update, peer, userID, accountID, am.GetDNSDomain(), account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
add signatures and frame for peer approval
2023-11-28 11:44:08 +01:00
if err != nil {
return nil, err
}
Add more activity events (#663)
2023-01-25 16:29:59 +01:00
if peer.SSHEnabled != update.SSHEnabled {
peer.SSHEnabled = update.SSHEnabled
event := activity.PeerSSHEnabled
if !update.SSHEnabled {
event = activity.PeerSSHDisabled
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.StoreEvent(ctx, userID, peer.IP.String(), accountID, event, peer.EventMeta(am.GetDNSDomain()))
Add more activity events (#663)
2023-01-25 16:29:59 +01:00
}
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
Check if peer name change before update labels (#658)
2023-01-20 10:07:37 +01:00
if peer.Name != update.Name {
peer.Name = update.Name
Feature/dns protocol (#543) Added DNS update protocol message Added sync to clients Update nameserver API with new fields Added default NS groups Added new dns-name flag for the management service append to peer DNS label
2022-11-07 15:38:21 +01:00
Check if peer name change before update labels (#658)
2023-01-20 10:07:37 +01:00
existingLabels := account.getPeerDNSLabels()
newLabel, err := getPeerHostLabel(peer.Name, existingLabels)
if err != nil {
return nil, err
}
Feature/dns protocol (#543) Added DNS update protocol message Added sync to clients Update nameserver API with new fields Added default NS groups Added new dns-name flag for the management service append to peer DNS label
2022-11-07 15:38:21 +01:00
Check if peer name change before update labels (#658)
2023-01-20 10:07:37 +01:00
peer.DNSLabel = newLabel
Add more activity events (#663)
2023-01-25 16:29:59 +01:00
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.StoreEvent(ctx, userID, peer.ID, accountID, activity.PeerRenamed, peer.EventMeta(am.GetDNSDomain()))
Check if peer name change before update labels (#658)
2023-01-20 10:07:37 +01:00
}
Feature/dns protocol (#543) Added DNS update protocol message Added sync to clients Update nameserver API with new fields Added default NS groups Added new dns-name flag for the management service append to peer DNS label
2022-11-07 15:38:21 +01:00
Add login expiration fields to peer HTTP API (#687) Return login expiration related fields in the Peer HTTP GET endpoint. Support enable/disable peer's login expiration via HTTP PUT.
2023-02-14 10:14:00 +01:00
if peer.LoginExpirationEnabled != update.LoginExpirationEnabled {
Reject peer login expiration update when no SSO login (#693)
2023-02-16 13:03:53 +01:00
if !peer.AddedWithSSOLogin() {
return nil, status.Errorf(status.PreconditionFailed, "this peer hasn't been added with the SSO login, therefore the login expiration can't be updated")
}
Add login expiration fields to peer HTTP API (#687) Return login expiration related fields in the Peer HTTP GET endpoint. Support enable/disable peer's login expiration via HTTP PUT.
2023-02-14 10:14:00 +01:00
peer.LoginExpirationEnabled = update.LoginExpirationEnabled
event := activity.PeerLoginExpirationEnabled
if !update.LoginExpirationEnabled {
event = activity.PeerLoginExpirationDisabled
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.StoreEvent(ctx, userID, peer.IP.String(), accountID, event, peer.EventMeta(am.GetDNSDomain()))
Proactively expire peers' login per account (#698) Goals: Enable peer login expiration when adding new peer Expire peer's login when the time comes The account manager triggers peer expiration routine in future if the following conditions are true: peer expiration is enabled for the account there is at least one peer that has expiration enabled and is connected The time of the next expiration check is based on the nearest peer expiration. Account manager finds a peer with the oldest last login (auth) timestamp and calculates the time when it has to run the routine as a sum of the configured peer login expiration duration and the peer's last login time. When triggered, the expiration routine checks whether there are expired peers. The management server closes the update channel of these peers and updates network map of other peers to exclude expired peers so that the expired peers are not able to connect anywhere. The account manager can reschedule or cancel peer expiration in the following cases: when admin changes account setting (peer expiration enable/disable) when admin updates the expiration duration of the account when admin updates peer expiration (enable/disable) when peer connects (Sync) P.S. The network map calculation was updated to exclude peers that have login expired.
2023-02-27 16:44:26 +01:00
if peer.AddedWithSSOLogin() && peer.LoginExpirationEnabled && account.Settings.PeerLoginExpirationEnabled {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.checkAndSchedulePeerLoginExpiration(ctx, account)
Proactively expire peers' login per account (#698) Goals: Enable peer login expiration when adding new peer Expire peer's login when the time comes The account manager triggers peer expiration routine in future if the following conditions are true: peer expiration is enabled for the account there is at least one peer that has expiration enabled and is connected The time of the next expiration check is based on the nearest peer expiration. Account manager finds a peer with the oldest last login (auth) timestamp and calculates the time when it has to run the routine as a sum of the configured peer login expiration duration and the peer's last login time. When triggered, the expiration routine checks whether there are expired peers. The management server closes the update channel of these peers and updates network map of other peers to exclude expired peers so that the expired peers are not able to connect anywhere. The account manager can reschedule or cancel peer expiration in the following cases: when admin changes account setting (peer expiration enable/disable) when admin updates the expiration duration of the account when admin updates peer expiration (enable/disable) when peer connects (Sync) P.S. The network map calculation was updated to exclude peers that have login expired.
2023-02-27 16:44:26 +01:00
}
Add login expiration fields to peer HTTP API (#687) Return login expiration related fields in the Peer HTTP GET endpoint. Support enable/disable peer's login expiration via HTTP PUT.
2023-02-14 10:14:00 +01:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
account.UpdatePeer(peer)
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
err = am.Store.SaveAccount(ctx, account)
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
if err != nil {
return nil, err
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.updateAccountPeers(ctx, account)
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
return peer, nil
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
}
Delete user peers when deleting a user (#1186)
2023-10-01 19:51:39 +02:00
// deletePeers will delete all specified peers and send updates to the remote peers. Don't call without acquiring account lock
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) deletePeers(ctx context.Context, account *Account, peerIDs []string, userID string) error {
Delete peer (#114) * feature: add peer deletion * feature: add peer deletion [CLIENT] * fix: lint error * test: fix sync block * test: fix management test * feature: add client stop after was deleted * chore: remove permission denied cancellation * chore: add larger signal backoff * feature: notify deleted peer of removal * fix: lint issue * chore: add 2nd default key - one off * test: fix account key check
2021-09-07 18:36:46 +02:00
Reorder peer deletion when deleteing a user (#1191)
2023-10-03 16:46:58 +02:00
// the first loop is needed to ensure all peers present under the account before modifying, otherwise
// we might have some inconsistencies
extract peer into seperate package
2023-11-28 13:45:26 +01:00
peers := make([]*nbpeer.Peer, 0, len(peerIDs))
Delete user peers when deleting a user (#1186)
2023-10-01 19:51:39 +02:00
for _, peerID := range peerIDs {
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
Delete user peers when deleting a user (#1186)
2023-10-01 19:51:39 +02:00
peer := account.GetPeer(peerID)
if peer == nil {
Reorder peer deletion when deleteing a user (#1191)
2023-10-03 16:46:58 +02:00
return status.Errorf(status.NotFound, "peer %s not found", peerID)
Delete user peers when deleting a user (#1186)
2023-10-01 19:51:39 +02:00
}
Reorder peer deletion when deleteing a user (#1191)
2023-10-03 16:46:58 +02:00
peers = append(peers, peer)
}
Delete peer (#114) * feature: add peer deletion * feature: add peer deletion [CLIENT] * fix: lint error * test: fix sync block * test: fix management test * feature: add client stop after was deleted * chore: remove permission denied cancellation * chore: add larger signal backoff * feature: notify deleted peer of removal * fix: lint issue * chore: add 2nd default key - one off * test: fix account key check
2021-09-07 18:36:46 +02:00
Reorder peer deletion when deleteing a user (#1191)
2023-10-03 16:46:58 +02:00
// the 2nd loop performs the actual modification
for _, peer := range peers {
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
err := am.integratedPeerValidator.PeerDeleted(ctx, account.Id, peer.ID)
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
if err != nil {
return err
}
Reorder peer deletion when deleteing a user (#1191)
2023-10-03 16:46:58 +02:00
account.DeletePeer(peer.ID)
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.peersUpdateManager.SendUpdate(ctx, peer.ID,
Delete user peers when deleting a user (#1186)
2023-10-01 19:51:39 +02:00
&UpdateMessage{
Update: &proto.SyncResponse{
// fill those field for backward compatibility
RemotePeers: []*proto.RemotePeerConfig{},
RemotePeersIsEmpty: true,
// new field
NetworkMap: &proto.NetworkMap{
Serial: account.Network.CurrentSerial(),
RemotePeers: []*proto.RemotePeerConfig{},
RemotePeersIsEmpty: true,
FirewallRules: []*proto.FirewallRule{},
FirewallRulesIsEmpty: true,
},
},
})
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.peersUpdateManager.CloseChannel(ctx, peer.ID)
am.StoreEvent(ctx, userID, peer.ID, account.Id, activity.PeerRemovedByUser, peer.EventMeta(am.GetDNSDomain()))
Delete user peers when deleting a user (#1186)
2023-10-01 19:51:39 +02:00
}
Reorder peer deletion when deleteing a user (#1191)
2023-10-03 16:46:58 +02:00
return nil
Delete user peers when deleting a user (#1186)
2023-10-01 19:51:39 +02:00
}
// DeletePeer removes peer from the account by its IP
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) DeletePeer(ctx context.Context, accountID, peerID, userID string) error {
Add write lock for peer when saving its connection status (#2359)
2024-07-31 14:53:32 +02:00
unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
Delete user peers when deleting a user (#1186)
2023-10-01 19:51:39 +02:00
defer unlock()
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
account, err := am.Store.GetAccount(ctx, accountID)
Delete user peers when deleting a user (#1186)
2023-10-01 19:51:39 +02:00
if err != nil {
return err
Delete peer (#114) * feature: add peer deletion * feature: add peer deletion [CLIENT] * fix: lint error * test: fix sync block * test: fix management test * feature: add client stop after was deleted * chore: remove permission denied cancellation * chore: add larger signal backoff * feature: notify deleted peer of removal * fix: lint issue * chore: add 2nd default key - one off * test: fix account key check
2021-09-07 18:36:46 +02:00
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
err = am.deletePeers(ctx, account, []string{peerID}, userID)
Reorder peer deletion when deleteing a user (#1191)
2023-10-03 16:46:58 +02:00
if err != nil {
return err
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
err = am.Store.SaveAccount(ctx, account)
Reorder peer deletion when deleteing a user (#1191)
2023-10-03 16:46:58 +02:00
if err != nil {
return err
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.updateAccountPeers(ctx, account)
Improve updateAccountPeers by bypassing AM and using account directly (#1193) Improve updateAccountPeers performance by bypassing AM and using the account directly
2023-10-04 15:08:50 +02:00
return nil
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
}
Change Management Sync protocol to support incremental (serial) network changes (#191) * feature: introduce NetworkMap to the management protocol with a Serial ID * test: add Management Sync method protocol test * test: add Management Sync method NetworkMap field check [FAILING] * test: add Management Sync method NetworkMap field check [FAILING] * feature: fill NetworkMap property to when Deleting peer * feature: fill NetworkMap in the Sync protocol * test: code review mentions - GeneratePrivateKey() in the test * fix: wiretrustee client use wireguard GeneratePrivateKey() instead of GenerateKey() * test: add NetworkMap test * fix: management_proto test remove store.json on test finish
2022-01-16 17:10:36 +01:00
// GetNetworkMap returns Network map for a given peer (omits original peer from the Peers result)
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) GetNetworkMap(ctx context.Context, peerID string) (*NetworkMap, error) {
account, err := am.Store.GetAccountByPeerID(ctx, peerID)
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
if err != nil {
Replace gRPC errors in business logic with internal ones (#558)
2022-11-11 20:36:45 +01:00
return nil, err
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
}
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
peer := account.GetPeer(peerID)
if peer == nil {
return nil, status.Errorf(status.NotFound, "peer with ID %s not found", peerID)
}
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
groups := make(map[string][]string)
for groupID, group := range account.Groups {
groups[groupID] = group.Peers
}
validatedPeers, err := am.integratedPeerValidator.GetValidatedPeers(account.Id, account.Groups, account.Peers, account.Settings.Extra)
if err != nil {
return nil, err
}
[management] Improve mgmt sync performance (#2363)
2024-08-07 10:52:31 +02:00
customZone := account.GetPeersCustomZone(ctx, am.dnsDomain)
return account.GetPeerNetworkMap(ctx, peer.ID, customZone, validatedPeers, nil), nil
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
}
Send netmask from account network (#369) * Send netmask from account network Added the GetPeerNetwork method to account manager Pass a copy of the network to the toPeerConfig function to retrieve the netmask from the network instead of constant updated methods and added test * check if the network is the same for 2 peers * Use expect with BeEquivalentTo
2022-06-24 21:30:51 +02:00
// GetPeerNetwork returns the Network for a given peer
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) GetPeerNetwork(ctx context.Context, peerID string) (*Network, error) {
account, err := am.Store.GetAccountByPeerID(ctx, peerID)
Send netmask from account network (#369) * Send netmask from account network Added the GetPeerNetwork method to account manager Pass a copy of the network to the toPeerConfig function to retrieve the netmask from the network instead of constant updated methods and added test * check if the network is the same for 2 peers * Use expect with BeEquivalentTo
2022-06-24 21:30:51 +02:00
if err != nil {
Replace gRPC errors in business logic with internal ones (#558)
2022-11-11 20:36:45 +01:00
return nil, err
Send netmask from account network (#369) * Send netmask from account network Added the GetPeerNetwork method to account manager Pass a copy of the network to the toPeerConfig function to retrieve the netmask from the network instead of constant updated methods and added test * check if the network is the same for 2 peers * Use expect with BeEquivalentTo
2022-06-24 21:30:51 +02:00
}
return account.Network.Copy(), err
}
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
// AddPeer adds a new peer to the Store.
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
// Each Account has a list of pre-authorized SetupKey and if no Account has a given key err with a code status.PermissionDenied
// will be returned, meaning the setup key is invalid or not found.
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field
2022-05-05 20:02:15 +02:00
// If a User ID is provided, it means that we passed the authentication using JWT, then we look for account by User ID and register the peer
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
// to it. We also add the User ID to the peer metadata to identify registrant. If no userID provided, then fail with status.PermissionDenied
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
// Each new Peer will be assigned a new next net.IP from the Account.Network and Account.Network.LastIP will be updated (IP's are not reused).
Add peer meta data (#95) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * feature: add peer system metadata * feature: add peer status * test: fix removal
2021-08-24 11:50:19 +02:00
// The peer property is just a placeholder for the Peer properties to pass further
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) AddPeer(ctx context.Context, setupKey, userID string, peer *nbpeer.Peer) (*nbpeer.Peer, *NetworkMap, []*posture.Checks, error) {
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
if setupKey == "" && userID == "" {
// no auth method provided => reject access
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, status.Errorf(status.Unauthenticated, "no peer auth method provided, please use a setup key or interactive SSO login")
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
upperKey := strings.ToUpper(setupKey)
Improve login performance (#2061)
2024-05-31 16:41:12 +02:00
var accountID string
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
var err error
Refactor AddPeer to ensure consistency (#557)
2022-11-08 16:14:36 +01:00
addedByUser := false
if len(userID) > 0 {
addedByUser = true
Improve login performance (#2061)
2024-05-31 16:41:12 +02:00
accountID, err = am.Store.GetAccountIDByUserID(userID)
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field
2022-05-05 20:02:15 +02:00
} else {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
accountID, err = am.Store.GetAccountIDBySetupKey(ctx, setupKey)
Refactor AddPeer to ensure consistency (#557)
2022-11-08 16:14:36 +01:00
}
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, status.Errorf(status.NotFound, "failed adding new peer: account not found")
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
}
Add write lock for peer when saving its connection status (#2359)
2024-07-31 14:53:32 +02:00
unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
Improve login performance (#2061)
2024-05-31 16:41:12 +02:00
defer func() {
if unlock != nil {
unlock()
}
}()
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
Improve login performance (#2061)
2024-05-31 16:41:12 +02:00
var account *Account
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
// ensure that we consider modification happened meanwhile (because we were outside the account lock when we fetched the account)
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
account, err = am.Store.GetAccount(ctx, accountID)
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
}
add support for ipad as well
2023-11-16 17:01:01 +01:00
if strings.ToLower(peer.Meta.Hostname) == "iphone" || strings.ToLower(peer.Meta.Hostname) == "ipad" && userID != "" {
use idp cache instead of idp manager
2023-11-16 17:13:04 +01:00
if am.idpManager != nil {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
userdata, err := am.lookupUserInCache(ctx, userID, account)
Add retry to IdP cache lookup (#1882)
2024-04-23 19:23:43 +02:00
if err == nil && userdata != nil {
use idp cache instead of idp manager
2023-11-16 17:13:04 +01:00
peer.Meta.Hostname = fmt.Sprintf("%s-%s", peer.Meta.Hostname, strings.Split(userdata.Email, "@")[0])
}
use the email address to set the iphone name for iOS 16+
2023-11-16 16:46:08 +01:00
}
}
Add comment clarifying AddPeer race check (#927)
2023-06-02 18:04:24 +02:00
// This is a handling for the case when the same machine (with the same WireGuard pub key) tries to register twice.
Add write lock for peer when saving its connection status (#2359)
2024-07-31 14:53:32 +02:00
// Such case is possible when AddPeer function takes long time to finish after AcquireWriteLockByUID (e.g., database is slow)
Add comment clarifying AddPeer race check (#927)
2023-06-02 18:04:24 +02:00
// and the peer disconnects with a timeout and tries to register again.
// We just check if this machine has been registered before and reject the second registration.
// The connecting peer should be able to recover with a retry.
Reject adding peer if already exists with the pub key (#925)
2023-06-02 17:32:55 +02:00
_, err = account.FindPeerByPubKey(peer.Key)
if err == nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, status.Errorf(status.PreconditionFailed, "peer has been already registered")
Reject adding peer if already exists with the pub key (#925)
2023-06-02 17:32:55 +02:00
}
Add system activity tracking and event store (#636) This PR adds system activity tracking. The management service records events like add/remove peer, group, rule, route, etc. The activity events are stored in the SQLite event store and can be queried by the HTTP API.
2023-01-02 15:11:32 +01:00
opEvent := &activity.Event{
use UTC everywhere in server
2023-04-03 15:09:35 +02:00
Timestamp: time.Now().UTC(),
Add system activity tracking and event store (#636) This PR adds system activity tracking. The management service records events like add/remove peer, group, rule, route, etc. The activity events are stored in the SQLite event store and can be queried by the HTTP API.
2023-01-02 15:11:32 +01:00
AccountID: account.Id,
}
Feature/ephemeral peers (#1100) The ephemeral manager keep the inactive ephemeral peers in a linked list. The manager schedule a cleanup procedure to the head of the linked list (to the most deprecated peer). At the end of cleanup schedule the next cleanup to the new head. If a device connect back to the server the manager will remote it from the peers list.
2023-09-04 11:37:39 +02:00
var ephemeral bool
fix map assignment
2023-12-04 13:49:46 +01:00
setupKeyName := ""
Refactor AddPeer to ensure consistency (#557)
2022-11-08 16:14:36 +01:00
if !addedByUser {
// validate the setup key if adding with a key
sk, err := account.FindSetupKey(upperKey)
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Refactor AddPeer to ensure consistency (#557)
2022-11-08 16:14:36 +01:00
}
if !sk.IsValid() {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, status.Errorf(status.PreconditionFailed, "couldn't add peer: setup key is invalid")
Feature/dns protocol (#543) Added DNS update protocol message Added sync to clients Update nameserver API with new fields Added default NS groups Added new dns-name flag for the management service append to peer DNS label
2022-11-07 15:38:21 +01:00
}
Refactor AddPeer to ensure consistency (#557)
2022-11-08 16:14:36 +01:00
account.SetupKeys[sk.Key] = sk.IncrementUsage()
Add system activity tracking and event store (#636) This PR adds system activity tracking. The management service records events like add/remove peer, group, rule, route, etc. The activity events are stored in the SQLite event store and can be queried by the HTTP API.
2023-01-02 15:11:32 +01:00
opEvent.InitiatorID = sk.Id
opEvent.Activity = activity.PeerAddedWithSetupKey
Feature/ephemeral peers (#1100) The ephemeral manager keep the inactive ephemeral peers in a linked list. The manager schedule a cleanup procedure to the head of the linked list (to the most deprecated peer). At the end of cleanup schedule the next cleanup to the new head. If a device connect back to the server the manager will remote it from the peers list.
2023-09-04 11:37:39 +02:00
ephemeral = sk.Ephemeral
fix map assignment
2023-12-04 13:49:46 +01:00
setupKeyName = sk.Name
Add system activity tracking and event store (#636) This PR adds system activity tracking. The management service records events like add/remove peer, group, rule, route, etc. The activity events are stored in the SQLite event store and can be queried by the HTTP API.
2023-01-02 15:11:32 +01:00
} else {
opEvent.InitiatorID = userID
opEvent.Activity = activity.PeerAddedByUser
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
}
Refactor AddPeer to ensure consistency (#557)
2022-11-08 16:14:36 +01:00
takenIps := account.getTakenIPs()
existingLabels := account.getPeerDNSLabels()
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
newLabel, err := getPeerHostLabel(peer.Meta.Hostname, existingLabels)
Feature/dns protocol (#543) Added DNS update protocol message Added sync to clients Update nameserver API with new fields Added default NS groups Added new dns-name flag for the management service append to peer DNS label
2022-11-07 15:38:21 +01:00
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Feature/dns protocol (#543) Added DNS update protocol message Added sync to clients Update nameserver API with new fields Added default NS groups Added new dns-name flag for the management service append to peer DNS label
2022-11-07 15:38:21 +01:00
}
peer.DNSLabel = newLabel
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
network := account.Network
Handle Network out of range (#347)
2022-06-02 12:56:02 +02:00
nextIp, err := AllocatePeerIP(network.Net, takenIps)
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Handle Network out of range (#347)
2022-06-02 12:56:02 +02:00
}
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
Register creation time for peer, user and account (#1654) This change register creation time for new peers, users and accounts
2024-03-02 13:49:40 +01:00
registrationTime := time.Now().UTC()
extract peer into seperate package
2023-11-28 13:45:26 +01:00
newPeer := &nbpeer.Peer{
Add peer login expiration (#682) This PR adds a peer login expiration logic that requires peers created by a user to re-authenticate (re-login) after a certain threshold of time (24h by default). The Account object now has a PeerLoginExpiration property that indicates the duration after which a peer's login will expire and a login will be required. Defaults to 24h. There are two new properties added to the Peer object: LastLogin that indicates the last time peer successfully used the Login gRPC endpoint and LoginExpirationEnabled that enables/disables peer login expiration. The login expiration logic applies only to peers that were created by a user and not those that were added with a setup key.
2023-02-13 12:21:02 +01:00
ID: xid.New().String(),
Key: peer.Key,
SetupKey: upperKey,
IP: nextIp,
Meta: peer.Meta,
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
Name: peer.Meta.Hostname,
Add peer login expiration (#682) This PR adds a peer login expiration logic that requires peers created by a user to re-authenticate (re-login) after a certain threshold of time (24h by default). The Account object now has a PeerLoginExpiration property that indicates the duration after which a peer's login will expire and a login will be required. Defaults to 24h. There are two new properties added to the Peer object: LastLogin that indicates the last time peer successfully used the Login gRPC endpoint and LoginExpirationEnabled that enables/disables peer login expiration. The login expiration logic applies only to peers that were created by a user and not those that were added with a setup key.
2023-02-13 12:21:02 +01:00
DNSLabel: newLabel,
UserID: userID,
Register creation time for peer, user and account (#1654) This change register creation time for new peers, users and accounts
2024-03-02 13:49:40 +01:00
Status: &nbpeer.PeerStatus{Connected: false, LastSeen: registrationTime},
Add peer login expiration (#682) This PR adds a peer login expiration logic that requires peers created by a user to re-authenticate (re-login) after a certain threshold of time (24h by default). The Account object now has a PeerLoginExpiration property that indicates the duration after which a peer's login will expire and a login will be required. Defaults to 24h. There are two new properties added to the Peer object: LastLogin that indicates the last time peer successfully used the Login gRPC endpoint and LoginExpirationEnabled that enables/disables peer login expiration. The login expiration logic applies only to peers that were created by a user and not those that were added with a setup key.
2023-02-13 12:21:02 +01:00
SSHEnabled: false,
SSHKey: peer.SSHKey,
Register creation time for peer, user and account (#1654) This change register creation time for new peers, users and accounts
2024-03-02 13:49:40 +01:00
LastLogin: registrationTime,
CreatedAt: registrationTime,
Disable peer expiration of peers added with setup keys (#758)
2023-03-23 17:47:53 +01:00
LoginExpirationEnabled: addedByUser,
Feature/ephemeral peers (#1100) The ephemeral manager keep the inactive ephemeral peers in a linked list. The manager schedule a cleanup procedure to the head of the linked list (to the most deprecated peer). At the end of cleanup schedule the next cleanup to the new head. If a device connect back to the server the manager will remote it from the peers list.
2023-09-04 11:37:39 +02:00
Ephemeral: ephemeral,
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
Location: peer.Location,
remove dependency cycle from prepare peer
2023-12-04 16:26:34 +01:00
}
add signatures and frame for peer approval
2023-11-28 11:44:08 +01:00
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
if am.geo != nil && newPeer.Location.ConnectionIP != nil {
location, err := am.geo.Lookup(newPeer.Location.ConnectionIP)
if err != nil {
log.WithContext(ctx).Warnf("failed to get location for new peer realip: [%s]: %v", newPeer.Location.ConnectionIP.String(), err)
} else {
newPeer.Location.CountryCode = location.Country.ISOCode
newPeer.Location.CityName = location.City.Names.En
newPeer.Location.GeoNameID = location.City.GeonameID
}
}
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
// add peer to 'All' group
group, err := account.GetGroupAll()
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
}
remove dependency cycle from prepare peer
2023-12-04 16:26:34 +01:00
group.Peers = append(group.Peers, newPeer.ID)
Add rules for ACL (#306) Add rules HTTP endpoint for frontend - CRUD operations. Add Default rule - allow all. Send network map to peers based on rules.
2022-05-21 15:21:39 +02:00
Refactor AddPeer to ensure consistency (#557)
2022-11-08 16:14:36 +01:00
var groupsToAdd []string
if addedByUser {
groupsToAdd, err = account.getUserGroups(userID)
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Refactor AddPeer to ensure consistency (#557)
2022-11-08 16:14:36 +01:00
}
} else {
groupsToAdd, err = account.getSetupKeyGroups(upperKey)
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Refactor AddPeer to ensure consistency (#557)
2022-11-08 16:14:36 +01:00
}
}
Assign groups to peers when registering with the setup key (#466)
2022-09-13 13:39:46 +02:00
if len(groupsToAdd) > 0 {
for _, s := range groupsToAdd {
if g, ok := account.Groups[s]; ok && g.Name != "All" {
remove dependency cycle from prepare peer
2023-12-04 16:26:34 +01:00
g.Peers = append(g.Peers, newPeer.ID)
Assign groups to peers when registering with the setup key (#466)
2022-09-13 13:39:46 +02:00
}
}
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
newPeer = am.integratedPeerValidator.PreparePeer(ctx, account.Id, newPeer, account.GetPeerGroupsList(newPeer.ID), account.Settings.Extra)
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
Update user's last login when authenticating a peer (#1437) * Update user's last login when authenticating a peer Prior to this update the user's last login only updated on dashboard authentication * use account and user methods
2024-01-06 12:57:05 +01:00
if addedByUser {
user, err := account.FindUser(userID)
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, status.Errorf(status.Internal, "couldn't find user")
Update user's last login when authenticating a peer (#1437) * Update user's last login when authenticating a peer Prior to this update the user's last login only updated on dashboard authentication * use account and user methods
2024-01-06 12:57:05 +01:00
}
user.updateLastLogin(newPeer.LastLogin)
}
remove dependency cycle from prepare peer
2023-12-04 16:26:34 +01:00
account.Peers[newPeer.ID] = newPeer
Management - add serial to Network reflecting network updates (#179) * chore: [management] - add account serial ID * Fix concurrency on the client (#183) * reworked peer connection establishment logic eliminating race conditions and deadlocks while running many peers * chore: move serial to Network from Account * feature: increment Network serial ID when adding/removing peers * chore: extract network struct init to network.go * chore: add serial test when adding peer to the account * test: add ModificationID test on AddPeer and DeletePeer
2022-01-14 14:34:27 +01:00
account.Network.IncSerial()
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
err = am.Store.SaveAccount(ctx, account)
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
}
Improve login performance (#2061)
2024-05-31 16:41:12 +02:00
// Account is saved, we can release the lock
unlock()
unlock = nil
remove dependency cycle from prepare peer
2023-12-04 16:26:34 +01:00
opEvent.TargetID = newPeer.ID
opEvent.Meta = newPeer.EventMeta(am.GetDNSDomain())
fix map assignment
2023-12-04 13:49:46 +01:00
if !addedByUser {
opEvent.Meta["setup_key_name"] = setupKeyName
adding setup key name to the event meta for adding peers by setup key
2023-12-04 13:00:13 +01:00
}
extract peer preparation
2023-12-04 12:49:36 +01:00
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.StoreEvent(ctx, opEvent.InitiatorID, opEvent.TargetID, opEvent.AccountID, opEvent.Activity, opEvent.Meta)
Add system activity tracking and event store (#636) This PR adds system activity tracking. The management service records events like add/remove peer, group, rule, route, etc. The activity events are stored in the SQLite event store and can be queried by the HTTP API.
2023-01-02 15:11:32 +01:00
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.updateAccountPeers(ctx, account)
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
approvedPeersMap, err := am.GetValidatedPeers(account)
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
}
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
postureChecks := am.getPeerPostureChecks(account, peer)
[management] Improve mgmt sync performance (#2363)
2024-08-07 10:52:31 +02:00
customZone := account.GetPeersCustomZone(ctx, am.dnsDomain)
networkMap := account.GetPeerNetworkMap(ctx, newPeer.ID, customZone, approvedPeersMap, am.metrics.AccountManagerMetrics())
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return newPeer, networkMap, postureChecks, nil
Extend peer http endpoint (#94) * feature: add peer GET and DELETE API methods * refactor: extract peer business logic to a separate file * refactor: extract peer business logic to a separate file * feature: add peer update HTTP endpoint * chore: fill peer new fields * merge with main * refactor: HTTP methods according to standards * chore: setup keys POST endpoint without ID
2021-08-23 21:43:05 +02:00
}
Store updated system info on Login to Management (#323)
2022-05-23 13:03:57 +02:00
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
// SyncPeer checks whether peer is eligible for receiving NetworkMap (authenticated) and returns its NetworkMap if eligible
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) SyncPeer(ctx context.Context, sync PeerSync, account *Account) (*nbpeer.Peer, *NetworkMap, []*posture.Checks, error) {
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
peer, err := account.FindPeerByPubKey(sync.WireGuardPubKey)
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, status.NewPeerNotRegisteredError()
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
Block user through HTTP API (#846) The new functionality allows blocking a user in the Management service. Blocked users lose access to the Dashboard, aren't able to modify the network map, and all of their connected devices disconnect and are set to the "login expired" state. Technically all above was achieved with the updated PUT /api/users endpoint, that was extended with the is_blocked field.
2023-05-11 18:09:36 +02:00
err = checkIfPeerOwnerIsBlocked(peer, account)
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Block user through HTTP API (#846) The new functionality allows blocking a user in the Management service. Blocked users lose access to the Dashboard, aren't able to modify the network map, and all of their connected devices disconnect and are set to the "login expired" state. Technically all above was achieved with the updated PUT /api/users endpoint, that was extended with the is_blocked field.
2023-05-11 18:09:36 +02:00
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
if peerLoginExpired(ctx, peer, account.Settings) {
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
return nil, nil, nil, status.NewPeerLoginExpiredError()
Add peer login expiration (#682) This PR adds a peer login expiration logic that requires peers created by a user to re-authenticate (re-login) after a certain threshold of time (24h by default). The Account object now has a PeerLoginExpiration property that indicates the duration after which a peer's login will expire and a login will be required. Defaults to 24h. There are two new properties added to the Peer object: LastLogin that indicates the last time peer successfully used the Login gRPC endpoint and LoginExpirationEnabled that enables/disables peer login expiration. The login expiration logic applies only to peers that were created by a user and not those that were added with a setup key.
2023-02-13 12:21:02 +01:00
}
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
Release 0.28.0 (#2092) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package * Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
2024-06-13 13:24:24 +02:00
peer, updated := updatePeerMeta(peer, sync.Meta, account)
if updated {
Add SavePeer method to prevent a possible account inconsistency (#2296) SyncPeer was storing the account with a simple read lock This change introduces the SavePeer method to the store to be used in these cases
2024-07-26 07:49:05 +02:00
err = am.Store.SavePeer(ctx, account.Id, peer)
Release 0.28.0 (#2092) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package * Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
2024-06-13 13:24:24 +02:00
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Release 0.28.0 (#2092) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package * Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
2024-06-13 13:24:24 +02:00
}
if sync.UpdateAccountPeers {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.updateAccountPeers(ctx, account)
Release 0.28.0 (#2092) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package * Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
2024-06-13 13:24:24 +02:00
}
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
peerNotValid, isStatusChanged, err := am.integratedPeerValidator.IsNotValidPeer(ctx, account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
Extend integrated validator with error handling (#2044)
2024-05-24 13:29:25 +02:00
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Extend integrated validator with error handling (#2044)
2024-05-24 13:29:25 +02:00
}
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
var postureChecks []*posture.Checks
Rename variable (#1829)
2024-04-11 14:08:03 +02:00
if peerNotValid {
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
emptyMap := &NetworkMap{
Network: account.Network.Copy(),
}
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return peer, emptyMap, postureChecks, nil
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
}
if isStatusChanged {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.updateAccountPeers(ctx, account)
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
}
Rename variable (#1829)
2024-04-11 14:08:03 +02:00
validPeersMap, err := am.GetValidatedPeers(account)
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
}
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
postureChecks = am.getPeerPostureChecks(account, peer)
[management] Improve mgmt sync performance (#2363)
2024-08-07 10:52:31 +02:00
customZone := account.GetPeersCustomZone(ctx, am.dnsDomain)
return peer, account.GetPeerNetworkMap(ctx, peer.ID, customZone, validPeersMap, am.metrics.AccountManagerMetrics()), postureChecks, nil
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
// LoginPeer logs in or registers a peer.
// If peer doesn't exist the function checks whether a setup key or a user is present and registers a new peer if so.
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) LoginPeer(ctx context.Context, login PeerLogin) (*nbpeer.Peer, *NetworkMap, []*posture.Checks, error) {
accountID, err := am.Store.GetAccountIDByPeerPubKey(ctx, login.WireGuardPubKey)
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
if err != nil {
if errStatus, ok := status.FromError(err); ok && errStatus.Type() == status.NotFound {
// we couldn't find this peer by its public key which can mean that peer hasn't been registered yet.
// Try registering it.
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
newPeer := &nbpeer.Peer{
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
Key: login.WireGuardPubKey,
Meta: login.Meta,
SSHKey: login.SSHKey,
Location: nbpeer.Location{ConnectionIP: login.ConnectionIP},
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
return am.AddPeer(ctx, login.SetupKey, login.UserID, newPeer)
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
log.WithContext(ctx).Errorf("failed while logging in peer %s: %v", login.WireGuardPubKey, err)
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, status.Errorf(status.Internal, "failed while logging in peer")
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
// when the client sends a login request with a JWT which is used to get the user ID,
// it means that the client has already checked if it needs login and had been through the SSO flow
// so, we can skip this check and directly proceed with the login
if login.UserID == "" {
err = am.checkIFPeerNeedsLoginWithoutLock(ctx, accountID, login)
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Improve login performance (#2061)
2024-05-31 16:41:12 +02:00
}
}
Add write lock for peer when saving its connection status (#2359)
2024-07-31 14:53:32 +02:00
unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
Improve login performance (#2061)
2024-05-31 16:41:12 +02:00
defer func() {
if unlock != nil {
unlock()
}
}()
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
// fetch the account from the store once more after acquiring lock to avoid concurrent updates inconsistencies
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
account, err := am.Store.GetAccount(ctx, accountID)
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
peer, err := account.FindPeerByPubKey(login.WireGuardPubKey)
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, status.NewPeerNotRegisteredError()
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
Block user through HTTP API (#846) The new functionality allows blocking a user in the Management service. Blocked users lose access to the Dashboard, aren't able to modify the network map, and all of their connected devices disconnect and are set to the "login expired" state. Technically all above was achieved with the updated PUT /api/users endpoint, that was extended with the is_blocked field.
2023-05-11 18:09:36 +02:00
err = checkIfPeerOwnerIsBlocked(peer, account)
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Block user through HTTP API (#846) The new functionality allows blocking a user in the Management service. Blocked users lose access to the Dashboard, aren't able to modify the network map, and all of their connected devices disconnect and are set to the "login expired" state. Technically all above was achieved with the updated PUT /api/users endpoint, that was extended with the is_blocked field.
2023-05-11 18:09:36 +02:00
}
Avoid storing account if no peer meta or expiration change (#875) * Avoid storing account if no peer meta or expiration change * remove extra log * Update management/server/peer.go Co-authored-by: Misha Bragin <bangvalo@gmail.com> * Clarify why we need to skip account update --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com>
2023-05-18 19:31:35 +02:00
// this flag prevents unnecessary calls to the persistent store.
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
shouldStorePeer := false
Send remote agents updates when peer re-authenticates (#737) When peer login expires, all remote peers are updated to exclude the peer from connecting. Once a peer re-authenticates, the remote peers are not updated. This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
updateRemotePeers := false
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
if peerLoginExpired(ctx, peer, account.Settings) {
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
err = am.handleExpiredPeer(ctx, login, account, peer)
Send remote agents updates when peer re-authenticates (#737) When peer login expires, all remote peers are updated to exclude the peer from connecting. Once a peer re-authenticates, the remote peers are not updated. This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Send remote agents updates when peer re-authenticates (#737) When peer login expires, all remote peers are updated to exclude the peer from connecting. Once a peer re-authenticates, the remote peers are not updated. This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
}
updateRemotePeers = true
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
shouldStorePeer = true
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
isRequiresApproval, isStatusChanged, err := am.integratedPeerValidator.IsNotValidPeer(ctx, account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
Extend integrated validator with error handling (#2044)
2024-05-24 13:29:25 +02:00
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Extend integrated validator with error handling (#2044)
2024-05-24 13:29:25 +02:00
}
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
Avoid storing account if no peer meta or expiration change (#875) * Avoid storing account if no peer meta or expiration change * remove extra log * Update management/server/peer.go Co-authored-by: Misha Bragin <bangvalo@gmail.com> * Clarify why we need to skip account update --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com>
2023-05-18 19:31:35 +02:00
peer, updated := updatePeerMeta(peer, login.Meta, account)
if updated {
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
shouldStorePeer = true
Avoid storing account if no peer meta or expiration change (#875) * Avoid storing account if no peer meta or expiration change * remove extra log * Update management/server/peer.go Co-authored-by: Misha Bragin <bangvalo@gmail.com> * Clarify why we need to skip account update --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com>
2023-05-18 19:31:35 +02:00
}
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
if peer.SSHKey != login.SSHKey {
peer.SSHKey = login.SSHKey
shouldStorePeer = true
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
if shouldStorePeer {
err = am.Store.SavePeer(ctx, accountID, peer)
Avoid storing account if no peer meta or expiration change (#875) * Avoid storing account if no peer meta or expiration change * remove extra log * Update management/server/peer.go Co-authored-by: Misha Bragin <bangvalo@gmail.com> * Clarify why we need to skip account update --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com>
2023-05-18 19:31:35 +02:00
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Avoid storing account if no peer meta or expiration change (#875) * Avoid storing account if no peer meta or expiration change * remove extra log * Update management/server/peer.go Co-authored-by: Misha Bragin <bangvalo@gmail.com> * Clarify why we need to skip account update --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com>
2023-05-18 19:31:35 +02:00
}
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
Improve login performance (#2061)
2024-05-31 16:41:12 +02:00
unlock()
unlock = nil
Avoid storing account if no peer meta or expiration change (#875) * Avoid storing account if no peer meta or expiration change * remove extra log * Update management/server/peer.go Co-authored-by: Misha Bragin <bangvalo@gmail.com> * Clarify why we need to skip account update --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com>
2023-05-18 19:31:35 +02:00
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
if updateRemotePeers || isStatusChanged {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.updateAccountPeers(ctx, account)
Send remote agents updates when peer re-authenticates (#737) When peer login expires, all remote peers are updated to exclude the peer from connecting. Once a peer re-authenticates, the remote peers are not updated. This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
}
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
return am.getValidatedPeerWithMap(ctx, isRequiresApproval, account, peer)
}
// checkIFPeerNeedsLoginWithoutLock checks if the peer needs login without acquiring the account lock. The check validate if the peer was not added via SSO
// and if the peer login is expired.
// The NetBird client doesn't have a way to check if the peer needs login besides sending a login request
// with no JWT token and usually no setup-key. As the client can send up to two login request to check if it is expired
// and before starting the engine, we do the checks without an account lock to avoid piling up requests.
func (am *DefaultAccountManager) checkIFPeerNeedsLoginWithoutLock(ctx context.Context, accountID string, login PeerLogin) error {
peer, err := am.Store.GetPeerByPeerPubKey(ctx, login.WireGuardPubKey)
if err != nil {
return err
}
// if the peer was not added with SSO login we can exit early because peers activated with setup-key
// doesn't expire, and we avoid extra databases calls.
if !peer.AddedWithSSOLogin() {
return nil
}
settings, err := am.Store.GetAccountSettings(ctx, accountID)
if err != nil {
return err
}
if peerLoginExpired(ctx, peer, settings) {
return status.NewPeerLoginExpiredError()
}
return nil
}
func (am *DefaultAccountManager) getValidatedPeerWithMap(ctx context.Context, isRequiresApproval bool, account *Account, peer *nbpeer.Peer) (*nbpeer.Peer, *NetworkMap, []*posture.Checks, error) {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
var postureChecks []*posture.Checks
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
if isRequiresApproval {
emptyMap := &NetworkMap{
Network: account.Network.Copy(),
}
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
return peer, emptyMap, nil, nil
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
}
approvedPeersMap, err := am.GetValidatedPeers(account)
if err != nil {
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
return nil, nil, nil, err
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
}
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
postureChecks = am.getPeerPostureChecks(account, peer)
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
[management] Improve mgmt sync performance (#2363)
2024-08-07 10:52:31 +02:00
customZone := account.GetPeersCustomZone(ctx, am.dnsDomain)
return peer, account.GetPeerNetworkMap(ctx, peer.ID, customZone, approvedPeersMap, am.metrics.AccountManagerMetrics()), postureChecks, nil
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
}
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
func (am *DefaultAccountManager) handleExpiredPeer(ctx context.Context, login PeerLogin, account *Account, peer *nbpeer.Peer) error {
err := checkAuth(ctx, login.UserID, peer)
if err != nil {
return err
}
// If peer was expired before and if it reached this point, it is re-authenticated.
// UserID is present, meaning that JWT validation passed successfully in the API layer.
updatePeerLastLogin(peer, account)
// sync user last login with peer last login
user, err := account.FindUser(login.UserID)
if err != nil {
return status.Errorf(status.Internal, "couldn't find user")
}
err = am.Store.SaveUserLastLogin(account.Id, user.Id, peer.LastLogin)
if err != nil {
return err
}
am.StoreEvent(ctx, login.UserID, peer.ID, account.Id, activity.UserLoggedInPeer, peer.EventMeta(am.GetDNSDomain()))
return nil
}
extract peer into seperate package
2023-11-28 13:45:26 +01:00
func checkIfPeerOwnerIsBlocked(peer *nbpeer.Peer, account *Account) error {
Block user through HTTP API (#846) The new functionality allows blocking a user in the Management service. Blocked users lose access to the Dashboard, aren't able to modify the network map, and all of their connected devices disconnect and are set to the "login expired" state. Technically all above was achieved with the updated PUT /api/users endpoint, that was extended with the is_blocked field.
2023-05-11 18:09:36 +02:00
if peer.AddedWithSSOLogin() {
user, err := account.FindUser(peer.UserID)
if err != nil {
return status.Errorf(status.PermissionDenied, "user doesn't exist")
}
if user.IsBlocked() {
return status.Errorf(status.PermissionDenied, "user is blocked")
}
}
return nil
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func checkAuth(ctx context.Context, loginUserID string, peer *nbpeer.Peer) error {
Send remote agents updates when peer re-authenticates (#737) When peer login expires, all remote peers are updated to exclude the peer from connecting. Once a peer re-authenticates, the remote peers are not updated. This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
if loginUserID == "" {
// absence of a user ID indicates that JWT wasn't provided.
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
return status.NewPeerLoginExpiredError()
Send remote agents updates when peer re-authenticates (#737) When peer login expires, all remote peers are updated to exclude the peer from connecting. Once a peer re-authenticates, the remote peers are not updated. This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
}
if peer.UserID != loginUserID {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
log.WithContext(ctx).Warnf("user mismatch when logging in peer %s: peer user %s, login user %s ", peer.ID, peer.UserID, loginUserID)
Refactor login with store.SavePeer (#2334) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
return status.Errorf(status.Unauthenticated, "can't login with this credentials")
Send remote agents updates when peer re-authenticates (#737) When peer login expires, all remote peers are updated to exclude the peer from connecting. Once a peer re-authenticates, the remote peers are not updated. This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
}
return nil
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func peerLoginExpired(ctx context.Context, peer *nbpeer.Peer, settings *Settings) bool {
Improve login performance (#2061)
2024-05-31 16:41:12 +02:00
expired, expiresIn := peer.LoginExpired(settings.PeerLoginExpiration)
expired = settings.PeerLoginExpirationEnabled && expired
Send remote agents updates when peer re-authenticates (#737) When peer login expires, all remote peers are updated to exclude the peer from connecting. Once a peer re-authenticates, the remote peers are not updated. This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
if expired || peer.Status.LoginExpired {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
log.WithContext(ctx).Debugf("peer's %s login expired %v ago", peer.ID, expiresIn)
Send remote agents updates when peer re-authenticates (#737) When peer login expires, all remote peers are updated to exclude the peer from connecting. Once a peer re-authenticates, the remote peers are not updated. This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
return true
}
return false
}
extract peer into seperate package
2023-11-28 13:45:26 +01:00
func updatePeerLastLogin(peer *nbpeer.Peer, account *Account) {
Send remote agents updates when peer re-authenticates (#737) When peer login expires, all remote peers are updated to exclude the peer from connecting. Once a peer re-authenticates, the remote peers are not updated. This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
peer.UpdateLastLogin()
Move Login business logic from gRPC API to Accountmanager (#713) The Management gRPC API has too much business logic happening while it has to be in the Account manager. This also needs to make more requests to the store through the account manager.
2023-03-03 18:35:38 +01:00
account.UpdatePeer(peer)
Send remote agents updates when peer re-authenticates (#737) When peer login expires, all remote peers are updated to exclude the peer from connecting. Once a peer re-authenticates, the remote peers are not updated. This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
}
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
// UpdatePeerSSHKey updates peer's public SSH key
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) UpdatePeerSSHKey(ctx context.Context, peerID string, sshKey string) error {
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
if sshKey == "" {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
log.WithContext(ctx).Debugf("empty SSH key provided for peer %s, skipping update", peerID)
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
return nil
}
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
account, err := am.Store.GetAccountByPeerID(ctx, peerID)
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
if err != nil {
return err
}
Add write lock for peer when saving its connection status (#2359)
2024-07-31 14:53:32 +02:00
unlock := am.Store.AcquireWriteLockByUID(ctx, account.Id)
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
defer unlock()
// ensure that we consider modification happened meanwhile (because we were outside the account lock when we fetched the account)
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
account, err = am.Store.GetAccount(ctx, account.Id)
Introduce locking on the account level (#548)
2022-11-07 17:52:23 +01:00
if err != nil {
return err
}
Use Peer.ID instead of Peer.Key as peer identifier (#664) Replace Peer.Key as internal identifier with a randomly generated Peer.ID in the Management service. Every group now references peers by ID instead of a public key. Every route now references peers by ID instead of a public key. FileStore does store.json file migration on startup by generating Peer.ID and replacing all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
peer := account.GetPeer(peerID)
if peer == nil {
return status.Errorf(status.NotFound, "peer with ID %s not found", peerID)
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
}
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
if peer.SSHKey == sshKey {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
log.WithContext(ctx).Debugf("same SSH key provided for peer %s, skipping update", peerID)
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
return nil
}
peer.SSHKey = sshKey
account.UpdatePeer(peer)
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
err = am.Store.SaveAccount(ctx, account)
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
if err != nil {
return err
}
// trigger network map update
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
am.updateAccountPeers(ctx, account)
Improve updateAccountPeers by bypassing AM and using account directly (#1193) Improve updateAccountPeers performance by bypassing AM and using the account directly
2023-10-04 15:08:50 +02:00
return nil
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
}
Add GET peer HTTP API endpoint (#670)
2023-02-07 20:11:08 +01:00
// GetPeer for a given accountID, peerID and userID error if not found.
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) GetPeer(ctx context.Context, accountID, peerID, userID string) (*nbpeer.Peer, error) {
Add write lock for peer when saving its connection status (#2359)
2024-07-31 14:53:32 +02:00
unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
Add GET peer HTTP API endpoint (#670)
2023-02-07 20:11:08 +01:00
defer unlock()
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
account, err := am.Store.GetAccount(ctx, accountID)
Add GET peer HTTP API endpoint (#670)
2023-02-07 20:11:08 +01:00
if err != nil {
return nil, err
}
user, err := account.FindUser(userID)
if err != nil {
return nil, err
}
Add limited dashboard view (#1738)
2024-03-27 16:11:45 +01:00
if !user.HasAdminPower() && !user.IsServiceUser && account.Settings.RegularUsersViewBlocked {
return nil, status.Errorf(status.Internal, "user %s has no access to his own peer %s under account %s", userID, peerID, accountID)
}
Add GET peer HTTP API endpoint (#670)
2023-02-07 20:11:08 +01:00
peer := account.GetPeer(peerID)
if peer == nil {
return nil, status.Errorf(status.NotFound, "peer with %s not found under account %s", peerID, accountID)
}
// if admin or user owns this peer, return peer
Allow service users with user role read-only access to all resources (#1484) We allow service users with user role read-only access to all resources so users can create service user and propagate PATs without having to give full admin permissions.
2024-01-25 09:50:27 +01:00
if user.HasAdminPower() || user.IsServiceUser || peer.UserID == userID {
Add GET peer HTTP API endpoint (#670)
2023-02-07 20:11:08 +01:00
return peer, nil
}
// it is also possible that user doesn't own the peer but some of his peers have access to it,
// this is a valid case, show the peer as well.
userPeers, err := account.FindUserPeers(userID)
if err != nil {
return nil, err
}
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
approvedPeersMap, err := am.GetValidatedPeers(account)
if err != nil {
return nil, err
}
Add GET peer HTTP API endpoint (#670)
2023-02-07 20:11:08 +01:00
for _, p := range userPeers {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
aclPeers, _ := account.getPeerConnectionResources(ctx, p.ID, approvedPeersMap)
Add GET peer HTTP API endpoint (#670)
2023-02-07 20:11:08 +01:00
for _, aclPeer := range aclPeers {
if aclPeer.ID == peerID {
return peer, nil
}
}
}
return nil, status.Errorf(status.Internal, "user %s has no access to peer %s under account %s", userID, peerID, accountID)
}
extract peer into seperate package
2023-11-28 13:45:26 +01:00
func updatePeerMeta(peer *nbpeer.Peer, meta nbpeer.PeerSystemMeta, account *Account) (*nbpeer.Peer, bool) {
Avoid storing account if no peer meta or expiration change (#875) * Avoid storing account if no peer meta or expiration change * remove extra log * Update management/server/peer.go Co-authored-by: Misha Bragin <bangvalo@gmail.com> * Clarify why we need to skip account update --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com>
2023-05-18 19:31:35 +02:00
if peer.UpdateMetaIfNew(meta) {
account.UpdatePeer(peer)
return peer, true
}
return peer, false
Store updated system info on Login to Management (#323)
2022-05-23 13:03:57 +02:00
}
fix(acl): update each peer's network when rule,group or peer changed (#333) * fix(acl): update each peer's network when rule,group or peer changed * fix(ACL): update network test * fix(acl): cleanup indexes before update them * fix(acl): clean up rules indexes only for account
2022-06-04 22:02:22 +02:00
NetBird SSH (#361) This PR adds support for SSH access through the NetBird network without managing SSH skeys. NetBird client app has an embedded SSH server (Linux/Mac only) and a netbird ssh command.
2022-06-23 17:04:53 +02:00
// updateAccountPeers updates all peers that belong to an account.
// Should be called when changes have to be synced to peers.
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
func (am *DefaultAccountManager) updateAccountPeers(ctx context.Context, account *Account) {
[management] Improve mgmt sync performance (#2363)
2024-08-07 10:52:31 +02:00
start := time.Now()
defer func() {
if am.metrics != nil {
am.metrics.AccountManagerMetrics().CountUpdateAccountPeersDuration(time.Since(start))
}
}()
Simplified Store Interface (#545) This PR simplifies Store and FileStore by keeping just the Get and Save account methods. The AccountManager operates mostly around a single account, so it makes sense to fetch the whole account object from the store.
2022-11-07 12:10:56 +01:00
peers := account.GetPeers()
Send netmask from account network (#369) * Send netmask from account network Added the GetPeerNetwork method to account manager Pass a copy of the network to the toPeerConfig function to retrieve the netmask from the network instead of constant updated methods and added test * check if the network is the same for 2 peers * Use expect with BeEquivalentTo
2022-06-24 21:30:51 +02:00
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
approvedPeersMap, err := am.GetValidatedPeers(account)
if err != nil {
[management] Improve mgmt sync performance (#2363)
2024-08-07 10:52:31 +02:00
log.WithContext(ctx).Errorf("failed to send out updates to peers, failed to validate peer: %v", err)
Feature/peer validator (#1553) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action
2024-03-27 18:48:48 +01:00
return
}
[management] Improve mgmt sync performance (#2363)
2024-08-07 10:52:31 +02:00
var wg sync.WaitGroup
semaphore := make(chan struct{}, 10)
dnsCache := &DNSConfigCache{}
customZone := account.GetPeersCustomZone(ctx, am.dnsDomain)
Add routing support to management service (#424) Management will receive and store routes that are associated with a peer ID. The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
for _, peer := range peers {
Check if channel exist before sending network map (#1894) Check for connection channel before calculating and sending the network map
2024-04-29 18:31:52 +02:00
if !am.peersUpdateManager.HasChannel(peer.ID) {
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
log.WithContext(ctx).Tracef("peer %s doesn't have a channel, skipping network map update", peer.ID)
Check if channel exist before sending network map (#1894) Check for connection channel before calculating and sending the network map
2024-04-29 18:31:52 +02:00
continue
}
Optimize process checks database read (#2182) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-06-22 16:41:16 +02:00
[management] Improve mgmt sync performance (#2363)
2024-08-07 10:52:31 +02:00
wg.Add(1)
semaphore <- struct{}{}
go func(p *nbpeer.Peer) {
defer wg.Done()
defer func() { <-semaphore }()
postureChecks := am.getPeerPostureChecks(account, p)
remotePeerNetworkMap := account.GetPeerNetworkMap(ctx, p.ID, customZone, approvedPeersMap, am.metrics.AccountManagerMetrics())
update := toSyncResponse(ctx, nil, p, nil, remotePeerNetworkMap, am.GetDNSDomain(), postureChecks, dnsCache)
am.peersUpdateManager.SendUpdate(ctx, p.ID, &UpdateMessage{Update: update})
}(peer)
fix(acl): update each peer's network when rule,group or peer changed (#333) * fix(acl): update each peer's network when rule,group or peer changed * fix(ACL): update network test * fix(acl): cleanup indexes before update them * fix(acl): clean up rules indexes only for account
2022-06-04 22:02:22 +02:00
}
[management] Improve mgmt sync performance (#2363)
2024-08-07 10:52:31 +02:00
wg.Wait()
fix(acl): update each peer's network when rule,group or peer changed (#333) * fix(acl): update each peer's network when rule,group or peer changed * fix(ACL): update network test * fix(acl): cleanup indexes before update them * fix(acl): clean up rules indexes only for account
2022-06-04 22:02:22 +02:00
}
Reference in New Issue Copy Permalink