add policy posture checks

management/server/checks/posture_checks.go

@@ -0,0 +1,42 @@
+package checks
+
+import (
+	"fmt"
+
+	nbpeer "github.com/netbirdio/netbird/management/server/peer"
+)
+
+type PostureCheck struct {
+	// ID of the policy rule
+	ID string `gorm:"primaryKey"`
+
+	// PolicyID is a reference to Policy that this object belongs
+	PolicyID string `json:"-" gorm:"index"`
+
+	NBVersionCheck NBVersionPostureCheck `gorm:"embedded;embeddedPrefix:nb_version_check_"`
+	OSVersionCheck OSVersionPostureCheck `gorm:"embedded;embeddedPrefix:os_version_check_"`
+}
+
+type NBVersionPostureCheck struct {
+	Enabled               bool
+	MinimumVersionAllowed string
+}
+
+func (n *NBVersionPostureCheck) Check(peer nbpeer.Peer) error {
+	if peer.Meta.WtVersion >= n.MinimumVersionAllowed {
+		return nil
+	}
+	return fmt.Errorf("peer nb version is not supported")
+}
+
+type OSVersionPostureCheck struct {
+	Enabled               bool
+	MinimumVersionAllowed string
+}
+
+func (o *OSVersionPostureCheck) Check(peer nbpeer.Peer) error {
+	if peer.Meta.WtVersion >= o.MinimumVersionAllowed {
+		return nil
+	}
+	return fmt.Errorf("peer OS version is not supported")
+}

management/server/policy.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/netbirdio/netbird/management/proto"
 	"github.com/netbirdio/netbird/management/server/activity"
+	"github.com/netbirdio/netbird/management/server/checks"
 	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/management/server/status"
 )
@@ -150,6 +151,9 @@ type Policy struct {
 
 	// Rules of the policy
 	Rules []*PolicyRule `gorm:"foreignKey:PolicyID;references:id"`
+
+	// PostureCheck of the policy
+	PostureCheck checks.PostureCheck `gorm:"foreignKey:PolicyID;references:id"`
 }
 
 // Copy returns a copy of the policy.