diff --git a/management/server/checks/posture_checks.go b/management/server/checks/posture_checks.go new file mode 100644 index 000000000..8f90ebc1d --- /dev/null +++ b/management/server/checks/posture_checks.go @@ -0,0 +1,42 @@ +package checks + +import ( + "fmt" + + nbpeer "github.com/netbirdio/netbird/management/server/peer" +) + +type PostureCheck struct { + // ID of the policy rule + ID string `gorm:"primaryKey"` + + // PolicyID is a reference to Policy that this object belongs + PolicyID string `json:"-" gorm:"index"` + + NBVersionCheck NBVersionPostureCheck `gorm:"embedded;embeddedPrefix:nb_version_check_"` + OSVersionCheck OSVersionPostureCheck `gorm:"embedded;embeddedPrefix:os_version_check_"` +} + +type NBVersionPostureCheck struct { + Enabled bool + MinimumVersionAllowed string +} + +func (n *NBVersionPostureCheck) Check(peer nbpeer.Peer) error { + if peer.Meta.WtVersion >= n.MinimumVersionAllowed { + return nil + } + return fmt.Errorf("peer nb version is not supported") +} + +type OSVersionPostureCheck struct { + Enabled bool + MinimumVersionAllowed string +} + +func (o *OSVersionPostureCheck) Check(peer nbpeer.Peer) error { + if peer.Meta.WtVersion >= o.MinimumVersionAllowed { + return nil + } + return fmt.Errorf("peer OS version is not supported") +} diff --git a/management/server/policy.go b/management/server/policy.go index d7e27a1b5..f889c60f2 100644 --- a/management/server/policy.go +++ b/management/server/policy.go @@ -10,6 +10,7 @@ import ( "github.com/netbirdio/netbird/management/proto" "github.com/netbirdio/netbird/management/server/activity" + "github.com/netbirdio/netbird/management/server/checks" nbpeer "github.com/netbirdio/netbird/management/server/peer" "github.com/netbirdio/netbird/management/server/status" ) @@ -150,6 +151,9 @@ type Policy struct { // Rules of the policy Rules []*PolicyRule `gorm:"foreignKey:PolicyID;references:id"` + + // PostureCheck of the policy + PostureCheck checks.PostureCheck `gorm:"foreignKey:PolicyID;references:id"` } // Copy returns a copy of the policy.