extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-11-07 08:44:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix tests

Browse Source 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
This commit is contained in:
bcmmbaga 2024-11-07 00:19:32 +03:00
parent df6c9a528a
commit 2dfcf42d71
No known key found for this signature in database
GPG Key ID: 511EED5C928AD547
21 changed files with 232 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dns/nameserver.go
View File

@ -136,6 +136,7 @@ func ParseNameServerURL(nsURL string) (NameServer, error) {
func (g *NameServerGroup) Copy() *NameServerGroup { func (g *NameServerGroup) Copy() *NameServerGroup {
nsGroup := &NameServerGroup{ nsGroup := &NameServerGroup{
ID: g.ID, ID: g.ID,
AccountID: g.AccountID,
Name: g.Name, Name: g.Name,
Description: g.Description, Description: g.Description,
NameServers: make([]NameServer, len(g.NameServers)), NameServers: make([]NameServer, len(g.NameServers)),
@ -156,6 +157,7 @@ func (g *NameServerGroup) Copy() *NameServerGroup {
// IsEqual compares one nameserver group with the other // IsEqual compares one nameserver group with the other
func (g *NameServerGroup) IsEqual(other *NameServerGroup) bool { func (g *NameServerGroup) IsEqual(other *NameServerGroup) bool {
return other.ID == g.ID && return other.ID == g.ID &&
other.AccountID == g.AccountID &&
other.Name == g.Name && other.Name == g.Name &&
other.Description == g.Description && other.Description == g.Description &&
other.Primary == g.Primary && other.Primary == g.Primary &&

11
management/server/account_test.go
View File

@ -1808,10 +1808,13 @@ func TestDefaultAccountManager_MarkPeerConnected_PeerLoginExpiration(t *testing.
LoginExpirationEnabled: true, LoginExpirationEnabled: true,
}) })
require.NoError(t, err, "unable to add peer") require.NoError(t, err, "unable to add peer")
_, err = manager.UpdateAccountSettings(context.Background(), accountID, userID, &Settings{
PeerLoginExpiration: time.Hour, settings, err := manager.GetAccountSettings(context.Background(), accountID, userID)
PeerLoginExpirationEnabled: true, require.NoError(t, err, "failed to get account settings")
})
settings.PeerLoginExpirationEnabled = true
settings.PeerLoginExpiration = time.Hour
_, err = manager.UpdateAccountSettings(context.Background(), accountID, userID, settings)
require.NoError(t, err, "expecting to update account settings successfully but got error") require.NoError(t, err, "expecting to update account settings successfully but got error")
wg := &sync.WaitGroup{} wg := &sync.WaitGroup{}

4
management/server/dns.go
View File

@ -91,7 +91,7 @@ func (am *DefaultAccountManager) GetDNSSettings(ctx context.Context, accountID s
} }
if user.IsRegularUser() { if user.IsRegularUser() {
return nil, status.NewUnauthorizedToViewDNSSettingsError() return nil, status.NewAdminPermissionError()
} }
return am.Store.GetAccountDNSSettings(ctx, LockingStrengthShare, accountID) return am.Store.GetAccountDNSSettings(ctx, LockingStrengthShare, accountID)
@ -113,7 +113,7 @@ func (am *DefaultAccountManager) SaveDNSSettings(ctx context.Context, accountID
} }
if !user.HasAdminPower() { if !user.HasAdminPower() {
return status.NewUnauthorizedToViewDNSSettingsError() return status.NewAdminPermissionError()
} }
oldSettings, err := am.Store.GetAccountDNSSettings(ctx, LockingStrengthUpdate, accountID) oldSettings, err := am.Store.GetAccountDNSSettings(ctx, LockingStrengthUpdate, accountID)

26
management/server/ephemeral_test.go
View File

@ -15,20 +15,6 @@ type MockStore struct {
accountID string accountID string
} }
//func (s *MockStore) GetAllAccounts(_ context.Context) []*Account {
// return []*Account{s.account}
//}
//func (s *MockStore) GetAccountByPeerID(_ context.Context, peerId string) (*Account, error) {
//
// _, ok := s.account.Peers[peerId]
// if ok {
// return s.account, nil
// }
//
// return nil, status.NewPeerNotFoundError(peerId)
//}
type MocAccountManager struct { type MocAccountManager struct {
AccountManager AccountManager
store *MockStore store *MockStore
@ -72,7 +58,9 @@ func TestNewManagerPeerConnected(t *testing.T) {
return startTime return startTime
} }
store := &MockStore{} store := &MockStore{
Store: newStore(t),
}
am := MocAccountManager{ am := MocAccountManager{
store: store, store: store,
} }
@ -104,7 +92,9 @@ func TestNewManagerPeerDisconnected(t *testing.T) {
return startTime return startTime
} }
store := &MockStore{} store := &MockStore{
Store: newStore(t),
}
am := MocAccountManager{ am := MocAccountManager{
store: store, store: store,
} }
@ -151,7 +141,7 @@ func seedPeers(store *MockStore, numberOfPeers int, numberOfEphemeralPeers int)
AccountID: accountID, AccountID: accountID,
Ephemeral: false, Ephemeral: false,
} }
err = store.SavePeer(context.Background(), LockingStrengthUpdate, accountID, p) err = store.AddPeerToAccount(context.Background(), p)
if err != nil { if err != nil {
return err return err
} }
@ -164,7 +154,7 @@ func seedPeers(store *MockStore, numberOfPeers int, numberOfEphemeralPeers int)
AccountID: accountID, AccountID: accountID,
Ephemeral: true, Ephemeral: true,
} }
err = store.SavePeer(context.Background(), LockingStrengthUpdate, accountID, p) err = store.AddPeerToAccount(context.Background(), p)
if err != nil { if err != nil {
return err return err
} }

2
management/server/group.go
View File

@ -42,7 +42,7 @@ func (am *DefaultAccountManager) CheckGroupPermissions(ctx context.Context, acco
} }
if user.IsRegularUser() && settings.RegularUsersViewBlocked { if user.IsRegularUser() && settings.RegularUsersViewBlocked {
return status.NewUnauthorizedToViewGroupsError() return status.NewAdminPermissionError()
} }
return nil return nil

71
management/server/group_test.go
View File

@ -424,24 +424,28 @@ func TestGroupAccountPeersUpdate(t *testing.T) {
err := manager.SaveGroups(context.Background(), account.Id, userID, []*nbgroup.Group{ err := manager.SaveGroups(context.Background(), account.Id, userID, []*nbgroup.Group{
{ {
ID: "groupA", ID: "groupA",
Name: "GroupA", AccountID: account.Id,
Peers: []string{peer1.ID, peer2.ID}, Name: "GroupA",
Peers: []string{peer1.ID, peer2.ID},
}, },
{ {
ID: "groupB", ID: "groupB",
Name: "GroupB", AccountID: account.Id,
Peers: []string{}, Name: "GroupB",
Peers: []string{},
}, },
{ {
ID: "groupC", ID: "groupC",
Name: "GroupC", AccountID: account.Id,
Peers: []string{peer1.ID, peer3.ID}, Name: "GroupC",
Peers: []string{peer1.ID, peer3.ID},
}, },
{ {
ID: "groupD", ID: "groupD",
Name: "GroupD", AccountID: account.Id,
Peers: []string{}, Name: "GroupD",
Peers: []string{},
}, },
}) })
assert.NoError(t, err) assert.NoError(t, err)
@ -460,9 +464,10 @@ func TestGroupAccountPeersUpdate(t *testing.T) {
}() }()
err := manager.SaveGroup(context.Background(), account.Id, userID, &nbgroup.Group{ err := manager.SaveGroup(context.Background(), account.Id, userID, &nbgroup.Group{
ID: "groupB", ID: "groupB",
Name: "GroupB", AccountID: account.Id,
Peers: []string{peer1.ID, peer2.ID}, Name: "GroupB",
Peers: []string{peer1.ID, peer2.ID},
}) })
assert.NoError(t, err) assert.NoError(t, err)
@ -531,10 +536,13 @@ func TestGroupAccountPeersUpdate(t *testing.T) {
// adding a group to policy // adding a group to policy
err = manager.SavePolicy(context.Background(), account.Id, userID, &Policy{ err = manager.SavePolicy(context.Background(), account.Id, userID, &Policy{
ID: "policy", ID: "policy",
Enabled: true, AccountID: account.Id,
Enabled: true,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: "rule",
PolicyID: "policy",
Enabled: true, Enabled: true,
Sources: []string{"groupA"}, Sources: []string{"groupA"},
Destinations: []string{"groupA"}, Destinations: []string{"groupA"},
@ -554,9 +562,10 @@ func TestGroupAccountPeersUpdate(t *testing.T) {
}() }()
err := manager.SaveGroup(context.Background(), account.Id, userID, &nbgroup.Group{ err := manager.SaveGroup(context.Background(), account.Id, userID, &nbgroup.Group{
ID: "groupA", ID: "groupA",
Name: "GroupA", AccountID: account.Id,
Peers: []string{peer1.ID, peer2.ID}, Name: "GroupA",
Peers: []string{peer1.ID, peer2.ID},
}) })
assert.NoError(t, err) assert.NoError(t, err)
@ -623,9 +632,10 @@ func TestGroupAccountPeersUpdate(t *testing.T) {
}() }()
err := manager.SaveGroup(context.Background(), account.Id, userID, &nbgroup.Group{ err := manager.SaveGroup(context.Background(), account.Id, userID, &nbgroup.Group{
ID: "groupC", ID: "groupC",
Name: "GroupC", AccountID: account.Id,
Peers: []string{peer1.ID, peer3.ID}, Name: "GroupC",
Peers: []string{peer1.ID, peer3.ID},
}) })
assert.NoError(t, err) assert.NoError(t, err)
@ -640,6 +650,7 @@ func TestGroupAccountPeersUpdate(t *testing.T) {
t.Run("saving group linked to route", func(t *testing.T) { t.Run("saving group linked to route", func(t *testing.T) {
newRoute := route.Route{ newRoute := route.Route{
ID: "route", ID: "route",
AccountID: account.Id,
Network: netip.MustParsePrefix("192.168.0.0/16"), Network: netip.MustParsePrefix("192.168.0.0/16"),
NetID: "superNet", NetID: "superNet",
NetworkType: route.IPv4Network, NetworkType: route.IPv4Network,
@ -664,9 +675,10 @@ func TestGroupAccountPeersUpdate(t *testing.T) {
}() }()
err = manager.SaveGroup(context.Background(), account.Id, userID, &nbgroup.Group{ err = manager.SaveGroup(context.Background(), account.Id, userID, &nbgroup.Group{
ID: "groupA", ID: "groupA",
Name: "GroupA", AccountID: account.Id,
Peers: []string{peer1.ID, peer2.ID, peer3.ID}, Name: "GroupA",
Peers: []string{peer1.ID, peer2.ID, peer3.ID},
}) })
assert.NoError(t, err) assert.NoError(t, err)
@ -691,9 +703,10 @@ func TestGroupAccountPeersUpdate(t *testing.T) {
}() }()
err = manager.SaveGroup(context.Background(), account.Id, userID, &nbgroup.Group{ err = manager.SaveGroup(context.Background(), account.Id, userID, &nbgroup.Group{
ID: "groupD", ID: "groupD",
Name: "GroupD", AccountID: account.Id,
Peers: []string{peer1.ID}, Name: "GroupD",
Peers: []string{peer1.ID},
}) })
assert.NoError(t, err) assert.NoError(t, err)

2
management/server/management_proto_test.go
View File

@ -461,7 +461,7 @@ func createRawClient(addr string) (mgmtProto.ManagementServiceClient, *grpc.Clie
grpc.WithBlock(), grpc.WithBlock(),
grpc.WithKeepaliveParams(keepalive.ClientParameters{ grpc.WithKeepaliveParams(keepalive.ClientParameters{
Time: 10 * time.Second, Time: 10 * time.Second,
Timeout: 2 * time.Second, Timeout: 200 * time.Second,
})) }))
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err

1
management/server/nameserver.go
View File

@ -114,6 +114,7 @@ func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accoun
if err != nil { if err != nil {
return err return err
} }
nsGroupToSave.AccountID = accountID
if err = am.validateNameServerGroup(ctx, accountID, nsGroupToSave); err != nil { if err = am.validateNameServerGroup(ctx, accountID, nsGroupToSave); err != nil {
return err return err

4
management/server/nameserver_test.go
View File

@ -409,7 +409,7 @@ func TestCreateNameServerGroup(t *testing.T) {
// assign generated ID // assign generated ID
testCase.expectedNSGroup.ID = outNSGroup.ID testCase.expectedNSGroup.ID = outNSGroup.ID
testCase.expectedNSGroup.AccountID = accountID
if !testCase.expectedNSGroup.IsEqual(outNSGroup) { if !testCase.expectedNSGroup.IsEqual(outNSGroup) {
t.Errorf("new nameserver group didn't match expected ns group:\nGot %#v\nExpected:%#v\n", outNSGroup, testCase.expectedNSGroup) t.Errorf("new nameserver group didn't match expected ns group:\nGot %#v\nExpected:%#v\n", outNSGroup, testCase.expectedNSGroup)
} }
@ -649,7 +649,6 @@ func TestSaveNameServerGroup(t *testing.T) {
} }
err = am.SaveNameServerGroup(context.Background(), accountID, userID, nsGroupToSave) err = am.SaveNameServerGroup(context.Background(), accountID, userID, nsGroupToSave)
testCase.errFunc(t, err) testCase.errFunc(t, err)
if !testCase.shouldCreate { if !testCase.shouldCreate {
@ -659,6 +658,7 @@ func TestSaveNameServerGroup(t *testing.T) {
savedNSGroup, err := am.Store.GetNameServerGroupByID(context.Background(), LockingStrengthShare, accountID, testCase.expectedNSGroup.ID) savedNSGroup, err := am.Store.GetNameServerGroupByID(context.Background(), LockingStrengthShare, accountID, testCase.expectedNSGroup.ID)
require.NoError(t, err, "failed to get saved nameserver group") require.NoError(t, err, "failed to get saved nameserver group")
testCase.expectedNSGroup.AccountID = accountID
if !testCase.expectedNSGroup.IsEqual(savedNSGroup) { if !testCase.expectedNSGroup.IsEqual(savedNSGroup) {
t.Errorf("new nameserver group didn't match expected group:\nGot %#v\nExpected:%#v\n", savedNSGroup, testCase.expectedNSGroup) t.Errorf("new nameserver group didn't match expected group:\nGot %#v\nExpected:%#v\n", savedNSGroup, testCase.expectedNSGroup)
} }

7
management/server/peer_test.go
View File

@ -1438,10 +1438,13 @@ func TestPeerAccountPeersUpdate(t *testing.T) {
// Adding peer to group linked with policy should update account peers and send peer update // Adding peer to group linked with policy should update account peers and send peer update
t.Run("adding peer to group linked with policy", func(t *testing.T) { t.Run("adding peer to group linked with policy", func(t *testing.T) {
err = manager.SavePolicy(context.Background(), account.Id, userID, &Policy{ err = manager.SavePolicy(context.Background(), account.Id, userID, &Policy{
ID: "policy", ID: "policy",
Enabled: true, AccountID: account.Id,
Enabled: true,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: "rule",
PolicyID: "policy",
Enabled: true, Enabled: true,
Sources: []string{"groupA"}, Sources: []string{"groupA"},
Destinations: []string{"groupA"}, Destinations: []string{"groupA"},

7
management/server/policy.go
View File

@ -171,6 +171,7 @@ type Policy struct {
func (p *Policy) Copy() *Policy { func (p *Policy) Copy() *Policy {
c := &Policy{ c := &Policy{
ID: p.ID, ID: p.ID,
AccountID: p.AccountID,
Name: p.Name, Name: p.Name,
Description: p.Description, Description: p.Description,
Enabled: p.Enabled, Enabled: p.Enabled,
@ -347,7 +348,7 @@ func (am *DefaultAccountManager) GetPolicy(ctx context.Context, accountID, polic
} }
if user.IsRegularUser() { if user.IsRegularUser() {
return nil, status.NewUnauthorizedToViewPoliciesError() return nil, status.NewAdminPermissionError()
} }
return am.Store.GetPolicyByID(ctx, LockingStrengthShare, accountID, policyID) return am.Store.GetPolicyByID(ctx, LockingStrengthShare, accountID, policyID)
@ -365,7 +366,7 @@ func (am *DefaultAccountManager) SavePolicy(ctx context.Context, accountID, user
} }
if user.IsRegularUser() { if user.IsRegularUser() {
return status.NewUnauthorizedToViewPoliciesError() return status.NewAdminPermissionError()
} }
groups, err := am.Store.GetAccountGroups(ctx, LockingStrengthShare, accountID) groups, err := am.Store.GetAccountGroups(ctx, LockingStrengthShare, accountID)
@ -476,7 +477,7 @@ func (am *DefaultAccountManager) ListPolicies(ctx context.Context, accountID, us
} }
if user.IsRegularUser() { if user.IsRegularUser() {
return nil, status.NewUnauthorizedToViewPoliciesError() return nil, status.NewAdminPermissionError()
} }
return am.Store.GetAccountPolicies(ctx, LockingStrengthShare, accountID) return am.Store.GetAccountPolicies(ctx, LockingStrengthShare, accountID)

66
management/server/policy_test.go
View File

@ -832,24 +832,28 @@ func TestPolicyAccountPeersUpdate(t *testing.T) {
err := manager.SaveGroups(context.Background(), account.Id, userID, []*nbgroup.Group{ err := manager.SaveGroups(context.Background(), account.Id, userID, []*nbgroup.Group{
{ {
ID: "groupA", ID: "groupA",
Name: "GroupA", AccountID: account.Id,
Peers: []string{peer1.ID, peer3.ID}, Name: "GroupA",
Peers: []string{peer1.ID, peer3.ID},
}, },
{ {
ID: "groupB", ID: "groupB",
Name: "GroupB", AccountID: account.Id,
Peers: []string{}, Name: "GroupB",
Peers: []string{},
}, },
{ {
ID: "groupC", ID: "groupC",
Name: "GroupC", AccountID: account.Id,
Peers: []string{}, Name: "GroupC",
Peers: []string{},
}, },
{ {
ID: "groupD", ID: "groupD",
Name: "GroupD", AccountID: account.Id,
Peers: []string{peer1.ID, peer2.ID}, Name: "GroupD",
Peers: []string{peer1.ID, peer2.ID},
}, },
}) })
assert.NoError(t, err) assert.NoError(t, err)
@ -862,11 +866,13 @@ func TestPolicyAccountPeersUpdate(t *testing.T) {
// Saving policy with rule groups with no peers should not update account's peers and not send peer update // Saving policy with rule groups with no peers should not update account's peers and not send peer update
t.Run("saving policy with rule groups with no peers", func(t *testing.T) { t.Run("saving policy with rule groups with no peers", func(t *testing.T) {
policy := Policy{ policy := Policy{
ID: "policy-rule-groups-no-peers", ID: "policy-rule-groups-no-peers",
Enabled: true, AccountID: account.Id,
Enabled: true,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: xid.New().String(), ID: xid.New().String(),
PolicyID: "policy-rule-groups-no-peers",
Enabled: true, Enabled: true,
Sources: []string{"groupB"}, Sources: []string{"groupB"},
Destinations: []string{"groupC"}, Destinations: []string{"groupC"},
@ -896,11 +902,13 @@ func TestPolicyAccountPeersUpdate(t *testing.T) {
// update account's peers and send peer update // update account's peers and send peer update
t.Run("saving policy where source has peers but destination does not", func(t *testing.T) { t.Run("saving policy where source has peers but destination does not", func(t *testing.T) {
policy := Policy{ policy := Policy{
ID: "policy-source-has-peers-destination-none", ID: "policy-source-has-peers-destination-none",
Enabled: true, AccountID: account.Id,
Enabled: true,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: xid.New().String(), ID: xid.New().String(),
PolicyID: "policy-source-has-peers-destination-none",
Enabled: true, Enabled: true,
Sources: []string{"groupA"}, Sources: []string{"groupA"},
Destinations: []string{"groupB"}, Destinations: []string{"groupB"},
@ -931,11 +939,13 @@ func TestPolicyAccountPeersUpdate(t *testing.T) {
// update account's peers and send peer update // update account's peers and send peer update
t.Run("saving policy where destination has peers but source does not", func(t *testing.T) { t.Run("saving policy where destination has peers but source does not", func(t *testing.T) {
policy := Policy{ policy := Policy{
ID: "policy-destination-has-peers-source-none", ID: "policy-destination-has-peers-source-none",
Enabled: true, AccountID: account.Id,
Enabled: true,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: xid.New().String(), ID: xid.New().String(),
PolicyID: "policy-destination-has-peers-source-none",
Enabled: false, Enabled: false,
Sources: []string{"groupC"}, Sources: []string{"groupC"},
Destinations: []string{"groupD"}, Destinations: []string{"groupD"},
@ -966,11 +976,13 @@ func TestPolicyAccountPeersUpdate(t *testing.T) {
// and send peer update // and send peer update
t.Run("saving policy with source and destination groups with peers", func(t *testing.T) { t.Run("saving policy with source and destination groups with peers", func(t *testing.T) {
policy := Policy{ policy := Policy{
ID: "policy-source-destination-peers", ID: "policy-source-destination-peers",
Enabled: true, AccountID: account.Id,
Enabled: true,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: xid.New().String(), ID: xid.New().String(),
PolicyID: "policy-source-destination-peers",
Enabled: true, Enabled: true,
Sources: []string{"groupA"}, Sources: []string{"groupA"},
Destinations: []string{"groupD"}, Destinations: []string{"groupD"},
@ -1000,11 +1012,13 @@ func TestPolicyAccountPeersUpdate(t *testing.T) {
// and send peer update // and send peer update
t.Run("disabling policy with source and destination groups with peers", func(t *testing.T) { t.Run("disabling policy with source and destination groups with peers", func(t *testing.T) {
policy := Policy{ policy := Policy{
ID: "policy-source-destination-peers", ID: "policy-source-destination-peers",
Enabled: false, AccountID: account.Id,
Enabled: false,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: xid.New().String(), ID: xid.New().String(),
PolicyID: "policy-source-destination-peers",
Enabled: true, Enabled: true,
Sources: []string{"groupA"}, Sources: []string{"groupA"},
Destinations: []string{"groupD"}, Destinations: []string{"groupD"},
@ -1035,11 +1049,13 @@ func TestPolicyAccountPeersUpdate(t *testing.T) {
t.Run("updating disabled policy with source and destination groups with peers", func(t *testing.T) { t.Run("updating disabled policy with source and destination groups with peers", func(t *testing.T) {
policy := Policy{ policy := Policy{
ID: "policy-source-destination-peers", ID: "policy-source-destination-peers",
AccountID: account.Id,
Description: "updated description", Description: "updated description",
Enabled: false, Enabled: false,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: xid.New().String(), ID: xid.New().String(),
PolicyID: "policy-source-destination-peers",
Enabled: true, Enabled: true,
Sources: []string{"groupA"}, Sources: []string{"groupA"},
Destinations: []string{"groupA"}, Destinations: []string{"groupA"},
@ -1069,11 +1085,13 @@ func TestPolicyAccountPeersUpdate(t *testing.T) {
// and send peer update // and send peer update
t.Run("enabling policy with source and destination groups with peers", func(t *testing.T) { t.Run("enabling policy with source and destination groups with peers", func(t *testing.T) {
policy := Policy{ policy := Policy{
ID: "policy-source-destination-peers", ID: "policy-source-destination-peers",
Enabled: true, AccountID: account.Id,
Enabled: true,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: xid.New().String(), ID: xid.New().String(),
PolicyID: "policy-source-destination-peers",
Enabled: true, Enabled: true,
Sources: []string{"groupA"}, Sources: []string{"groupA"},
Destinations: []string{"groupD"}, Destinations: []string{"groupD"},

2
management/server/posture/checks.go
View File

@ -41,7 +41,7 @@ type Checks struct {
ID string `gorm:"primaryKey"` ID string `gorm:"primaryKey"`
// Name of the posture checks // Name of the posture checks
Name string `gorm:"unique"` Name string
// Description of the posture checks visible in the UI // Description of the posture checks visible in the UI
Description string Description string

8
management/server/posture_checks.go
View File

@ -23,7 +23,7 @@ func (am *DefaultAccountManager) GetPostureChecks(ctx context.Context, accountID
} }
if !user.HasAdminPower() { if !user.HasAdminPower() {
return nil, status.NewUnauthorizedToViewPostureChecksError() return nil, status.NewAdminPermissionError()
} }
return am.Store.GetPostureChecksByID(ctx, LockingStrengthShare, accountID, postureChecksID) return am.Store.GetPostureChecksByID(ctx, LockingStrengthShare, accountID, postureChecksID)
@ -41,7 +41,7 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI
} }
if !user.HasAdminPower() { if !user.HasAdminPower() {
return status.NewUnauthorizedToViewPostureChecksError() return status.NewAdminPermissionError()
} }
if err = am.validatePostureChecks(ctx, accountID, postureChecks); err != nil { if err = am.validatePostureChecks(ctx, accountID, postureChecks); err != nil {
@ -116,7 +116,7 @@ func (am *DefaultAccountManager) DeletePostureChecks(ctx context.Context, accoun
} }
if !user.HasAdminPower() { if !user.HasAdminPower() {
return status.NewUnauthorizedToViewPostureChecksError() return status.NewAdminPermissionError()
} }
postureChecks, err := am.Store.GetPostureChecksByID(ctx, LockingStrengthShare, accountID, postureChecksID) postureChecks, err := am.Store.GetPostureChecksByID(ctx, LockingStrengthShare, accountID, postureChecksID)
@ -159,7 +159,7 @@ func (am *DefaultAccountManager) ListPostureChecks(ctx context.Context, accountI
} }
if !user.HasAdminPower() { if !user.HasAdminPower() {
return nil, status.NewUnauthorizedToViewPostureChecksError() return nil, status.NewAdminPermissionError()
} }
return am.Store.GetAccountPostureChecks(ctx, LockingStrengthShare, accountID) return am.Store.GetAccountPostureChecks(ctx, LockingStrengthShare, accountID)

110
management/server/posture_checks_test.go
View File

@ -5,7 +5,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/rs/xid" "github.com/netbirdio/netbird/management/server/status"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -43,8 +43,9 @@ func TestDefaultAccountManager_PostureCheck(t *testing.T) {
// should be possible to create posture check with uniq name // should be possible to create posture check with uniq name
err = am.SavePostureChecks(context.Background(), accountID, adminUserID, &posture.Checks{ err = am.SavePostureChecks(context.Background(), accountID, adminUserID, &posture.Checks{
ID: postureCheckID, ID: postureCheckID,
Name: postureCheckName, AccountID: accountID,
Name: postureCheckName,
Checks: posture.ChecksDefinition{ Checks: posture.ChecksDefinition{
NBVersionCheck: &posture.NBVersionCheck{ NBVersionCheck: &posture.NBVersionCheck{
MinVersion: "0.26.0", MinVersion: "0.26.0",
@ -60,8 +61,9 @@ func TestDefaultAccountManager_PostureCheck(t *testing.T) {
// should not be possible to create posture check with non uniq name // should not be possible to create posture check with non uniq name
err = am.SavePostureChecks(context.Background(), accountID, adminUserID, &posture.Checks{ err = am.SavePostureChecks(context.Background(), accountID, adminUserID, &posture.Checks{
ID: "new-id", ID: "new-id",
Name: postureCheckName, AccountID: accountID,
Name: postureCheckName,
Checks: posture.ChecksDefinition{ Checks: posture.ChecksDefinition{
GeoLocationCheck: &posture.GeoLocationCheck{ GeoLocationCheck: &posture.GeoLocationCheck{
Locations: []posture.Location{ Locations: []posture.Location{
@ -76,8 +78,9 @@ func TestDefaultAccountManager_PostureCheck(t *testing.T) {
// admins can update posture checks // admins can update posture checks
err = am.SavePostureChecks(context.Background(), accountID, adminUserID, &posture.Checks{ err = am.SavePostureChecks(context.Background(), accountID, adminUserID, &posture.Checks{
ID: postureCheckID, ID: postureCheckID,
Name: postureCheckName, AccountID: accountID,
Name: postureCheckName,
Checks: posture.ChecksDefinition{ Checks: posture.ChecksDefinition{
NBVersionCheck: &posture.NBVersionCheck{ NBVersionCheck: &posture.NBVersionCheck{
MinVersion: "0.27.0", MinVersion: "0.27.0",
@ -132,19 +135,22 @@ func TestPostureCheckAccountPeersUpdate(t *testing.T) {
err := manager.SaveGroups(context.Background(), account.Id, userID, []*group.Group{ err := manager.SaveGroups(context.Background(), account.Id, userID, []*group.Group{
{ {
ID: "groupA", ID: "groupA",
Name: "GroupA", AccountID: account.Id,
Peers: []string{peer1.ID, peer2.ID, peer3.ID}, Name: "GroupA",
Peers: []string{peer1.ID, peer2.ID, peer3.ID},
}, },
{ {
ID: "groupB", ID: "groupB",
Name: "GroupB", AccountID: account.Id,
Peers: []string{}, Name: "GroupB",
Peers: []string{},
}, },
{ {
ID: "groupC", ID: "groupC",
Name: "GroupC", AccountID: account.Id,
Peers: []string{}, Name: "GroupC",
Peers: []string{},
}, },
}) })
assert.NoError(t, err) assert.NoError(t, err)
@ -207,11 +213,13 @@ func TestPostureCheckAccountPeersUpdate(t *testing.T) {
}) })
policy := Policy{ policy := Policy{
ID: "policyA", ID: "policyA",
Enabled: true, AccountID: account.Id,
Enabled: true,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: xid.New().String(), ID: "ruleA",
PolicyID: "policyA",
Enabled: true, Enabled: true,
Sources: []string{"groupA"}, Sources: []string{"groupA"},
Destinations: []string{"groupA"}, Destinations: []string{"groupA"},
@ -313,11 +321,13 @@ func TestPostureCheckAccountPeersUpdate(t *testing.T) {
// Updating linked posture check to policy with no peers should not trigger account peers update and not send peer update // Updating linked posture check to policy with no peers should not trigger account peers update and not send peer update
t.Run("updating linked posture check to policy with no peers", func(t *testing.T) { t.Run("updating linked posture check to policy with no peers", func(t *testing.T) {
policy = Policy{ policy = Policy{
ID: "policyB", ID: "policyB",
Enabled: true, AccountID: account.Id,
Enabled: true,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: xid.New().String(), ID: "ruleB",
PolicyID: "policyB",
Enabled: true, Enabled: true,
Sources: []string{"groupB"}, Sources: []string{"groupB"},
Destinations: []string{"groupC"}, Destinations: []string{"groupC"},
@ -359,11 +369,13 @@ func TestPostureCheckAccountPeersUpdate(t *testing.T) {
manager.peersUpdateManager.CloseChannel(context.Background(), peer2.ID) manager.peersUpdateManager.CloseChannel(context.Background(), peer2.ID)
}) })
policy = Policy{ policy = Policy{
ID: "policyB", ID: "policyB",
Enabled: true, AccountID: account.Id,
Enabled: true,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: xid.New().String(), ID: "ruleB",
PolicyID: "policyB",
Enabled: true, Enabled: true,
Sources: []string{"groupB"}, Sources: []string{"groupB"},
Destinations: []string{"groupA"}, Destinations: []string{"groupA"},
@ -402,10 +414,13 @@ func TestPostureCheckAccountPeersUpdate(t *testing.T) {
// should trigger account peers update and send peer update // should trigger account peers update and send peer update
t.Run("updating linked posture check to policy where source has peers but destination does not", func(t *testing.T) { t.Run("updating linked posture check to policy where source has peers but destination does not", func(t *testing.T) {
policy = Policy{ policy = Policy{
ID: "policyB", ID: "policyB",
Enabled: true, AccountID: account.Id,
Enabled: true,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: "ruleB",
PolicyID: "policyB",
Enabled: true, Enabled: true,
Sources: []string{"groupA"}, Sources: []string{"groupA"},
Destinations: []string{"groupB"}, Destinations: []string{"groupB"},
@ -458,7 +473,7 @@ func TestArePostureCheckChangesAffectingPeers(t *testing.T) {
} }
groupB := &group.Group{ groupB := &group.Group{
ID: "groupA", ID: "groupB",
AccountID: accountID, AccountID: accountID,
Peers: []string{}, Peers: []string{},
} }
@ -470,6 +485,8 @@ func TestArePostureCheckChangesAffectingPeers(t *testing.T) {
AccountID: accountID, AccountID: accountID,
Rules: []*PolicyRule{ Rules: []*PolicyRule{
{ {
ID: "ruleA",
PolicyID: "policyA",
Enabled: true, Enabled: true,
Sources: []string{"groupA"}, Sources: []string{"groupA"},
Destinations: []string{"groupA"}, Destinations: []string{"groupA"},
@ -482,16 +499,24 @@ func TestArePostureCheckChangesAffectingPeers(t *testing.T) {
postureCheckA := &posture.Checks{ postureCheckA := &posture.Checks{
ID: "checkA", ID: "checkA",
Name: "checkA",
AccountID: accountID, AccountID: accountID,
Checks: posture.ChecksDefinition{
NBVersionCheck: &posture.NBVersionCheck{MinVersion: "0.33.1"},
},
} }
err = manager.Store.SavePostureChecks(context.Background(), LockingStrengthUpdate, postureCheckA) err = manager.SavePostureChecks(context.Background(), accountID, adminUserID, postureCheckA, false)
require.NoError(t, err, "failed to save postureCheckA") require.NoError(t, err, "failed to save postureCheckA")
postureCheckB := &posture.Checks{ postureCheckB := &posture.Checks{
ID: "checkB", ID: "checkB",
Name: "checkB",
AccountID: accountID, AccountID: accountID,
Checks: posture.ChecksDefinition{
NBVersionCheck: &posture.NBVersionCheck{MinVersion: "0.33.1"},
},
} }
err = manager.Store.SavePostureChecks(context.Background(), LockingStrengthUpdate, postureCheckB) err = manager.SavePostureChecks(context.Background(), accountID, adminUserID, postureCheckB, false)
require.NoError(t, err, "failed to save postureCheckB") require.NoError(t, err, "failed to save postureCheckB")
t.Run("posture check exists and is linked to policy with peers", func(t *testing.T) { t.Run("posture check exists and is linked to policy with peers", func(t *testing.T) {
@ -534,17 +559,6 @@ func TestArePostureCheckChangesAffectingPeers(t *testing.T) {
assert.True(t, result) assert.True(t, result)
}) })
t.Run("posture check is linked to policy with non-existent group", func(t *testing.T) {
policy.Rules[0].Sources = []string{"nonExistentGroup"}
policy.Rules[0].Destinations = []string{"nonExistentGroup"}
err = manager.Store.SavePolicy(context.Background(), LockingStrengthUpdate, policy)
require.NoError(t, err, "failed to update policy")
result, err := manager.arePostureCheckChangesAffectPeers(context.Background(), accountID, "checkA", true)
require.NoError(t, err)
assert.False(t, result)
})
t.Run("posture check is linked to policy but no peers in groups", func(t *testing.T) { t.Run("posture check is linked to policy but no peers in groups", func(t *testing.T) {
groupA.Peers = []string{} groupA.Peers = []string{}
err = manager.Store.SaveGroup(context.Background(), LockingStrengthUpdate, groupA) err = manager.Store.SaveGroup(context.Background(), LockingStrengthUpdate, groupA)
@ -554,4 +568,18 @@ func TestArePostureCheckChangesAffectingPeers(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
assert.False(t, result) assert.False(t, result)
}) })
t.Run("posture check is linked to policy with non-existent group", func(t *testing.T) {
policy.Rules[0].Sources = []string{"nonExistentGroup"}
policy.Rules[0].Destinations = []string{"nonExistentGroup"}
err = manager.Store.SavePolicy(context.Background(), LockingStrengthUpdate, policy)
require.NoError(t, err, "failed to update policy")
result, err := manager.arePostureCheckChangesAffectPeers(context.Background(), accountID, "checkA", true)
require.Error(t, err)
sErr, ok := status.FromError(err)
require.True(t, ok)
require.Equal(t, status.NotFound, sErr.Type())
assert.False(t, result)
})
} }

10
management/server/route.go
View File

@ -57,7 +57,7 @@ func (am *DefaultAccountManager) GetRoute(ctx context.Context, accountID string,
} }
if user.IsRegularUser() { if user.IsRegularUser() {
return nil, status.NewUnauthorizedToViewRoutesError() return nil, status.NewAdminPermissionError()
} }
return am.Store.GetRouteByID(ctx, LockingStrengthShare, accountID, string(routeID)) return am.Store.GetRouteByID(ctx, LockingStrengthShare, accountID, string(routeID))
@ -137,7 +137,7 @@ func (am *DefaultAccountManager) checkRoutePrefixOrDomainsExistForPeers(ctx cont
// check that peerGroupIDs are not in any route peerGroups list // check that peerGroupIDs are not in any route peerGroups list
for _, groupID := range peerGroupIDs { for _, groupID := range peerGroupIDs {
// we validated the group existence before entering this function, no need to check again. // we validated the group existence before entering this function, no need to check again.
group, err := am.Store.GetGroupByID(context.Background(), LockingStrengthShare, groupID, accountID) group, err := am.Store.GetGroupByID(context.Background(), LockingStrengthShare, accountID, groupID)
if err != nil || group == nil { if err != nil || group == nil {
return status.Errorf(status.InvalidArgument, "group with ID %s not found", peerID) return status.Errorf(status.InvalidArgument, "group with ID %s not found", peerID)
} }
@ -151,7 +151,7 @@ func (am *DefaultAccountManager) checkRoutePrefixOrDomainsExistForPeers(ctx cont
// check that the peers from peerGroupIDs groups are not the same peers we saw in routesWithPrefix // check that the peers from peerGroupIDs groups are not the same peers we saw in routesWithPrefix
for _, id := range group.Peers { for _, id := range group.Peers {
if _, ok := seenPeers[id]; ok { if _, ok := seenPeers[id]; ok {
peer, err := am.Store.GetPeerByID(context.Background(), LockingStrengthShare, peerID, accountID) peer, err := am.Store.GetPeerByID(context.Background(), LockingStrengthShare, accountID, peerID)
if err != nil { if err != nil {
return status.Errorf(status.InvalidArgument, "peer with ID %s not found", peerID) return status.Errorf(status.InvalidArgument, "peer with ID %s not found", peerID)
} }
@ -217,6 +217,7 @@ func (am *DefaultAccountManager) CreateRoute(ctx context.Context, accountID stri
var newRoute route.Route var newRoute route.Route
newRoute.ID = route.ID(xid.New().String()) newRoute.ID = route.ID(xid.New().String())
newRoute.AccountID = accountID
accountGroups, err := am.Store.GetAccountGroups(ctx, LockingStrengthShare, accountID) accountGroups, err := am.Store.GetAccountGroups(ctx, LockingStrengthShare, accountID)
if err != nil { if err != nil {
@ -393,6 +394,7 @@ func (am *DefaultAccountManager) SaveRoute(ctx context.Context, accountID, userI
if err != nil { if err != nil {
return err return err
} }
routeToSave.AccountID = accountID
err = am.Store.ExecuteInTransaction(ctx, func(transaction Store) error { err = am.Store.ExecuteInTransaction(ctx, func(transaction Store) error {
if err = transaction.IncrementNetworkSerial(ctx, LockingStrengthUpdate, accountID); err != nil { if err = transaction.IncrementNetworkSerial(ctx, LockingStrengthUpdate, accountID); err != nil {
@ -472,7 +474,7 @@ func (am *DefaultAccountManager) ListRoutes(ctx context.Context, accountID, user
} }
if user.IsRegularUser() { if user.IsRegularUser() {
return nil, status.NewUnauthorizedToViewRoutesError() return nil, status.NewAdminPermissionError()
} }
return am.Store.GetAccountRoutes(ctx, LockingStrengthShare, accountID) return am.Store.GetAccountRoutes(ctx, LockingStrengthShare, accountID)

6
management/server/setupkey.go
View File

@ -366,7 +366,7 @@ func (am *DefaultAccountManager) ListSetupKeys(ctx context.Context, accountID, u
} }
if user.IsRegularUser() { if user.IsRegularUser() {
return nil, status.NewUnauthorizedToViewSetupKeysError() return nil, status.NewAdminPermissionError()
} }
setupKeys, err := am.Store.GetAccountSetupKeys(ctx, LockingStrengthShare, accountID) setupKeys, err := am.Store.GetAccountSetupKeys(ctx, LockingStrengthShare, accountID)
@ -389,7 +389,7 @@ func (am *DefaultAccountManager) GetSetupKey(ctx context.Context, accountID, use
} }
if user.IsRegularUser() { if user.IsRegularUser() {
return nil, status.NewUnauthorizedToViewSetupKeysError() return nil, status.NewAdminPermissionError()
} }
setupKey, err := am.Store.GetSetupKeyByID(ctx, LockingStrengthShare, keyID, accountID) setupKey, err := am.Store.GetSetupKeyByID(ctx, LockingStrengthShare, keyID, accountID)
@ -417,7 +417,7 @@ func (am *DefaultAccountManager) DeleteSetupKey(ctx context.Context, accountID,
} }
if user.IsRegularUser() { if user.IsRegularUser() {
return status.NewUnauthorizedToViewSetupKeysError() return status.NewAdminPermissionError()
} }
deletedSetupKey, err := am.Store.GetSetupKeyByID(ctx, LockingStrengthShare, keyID, accountID) deletedSetupKey, err := am.Store.GetSetupKeyByID(ctx, LockingStrengthShare, keyID, accountID)

33
management/server/status/error.go
View File

@ -131,10 +131,6 @@ func NewOwnerDeletePermissionError() error {
return Errorf(PermissionDenied, "can't delete a user with the owner role") return Errorf(PermissionDenied, "can't delete a user with the owner role")
} }
func NewUnauthorizedToViewServiceUsersError() error {
return Errorf(PermissionDenied, "only users with admin power can view service users")
}
// NewServiceUserRoleInvalidError creates a new Error with InvalidArgument type for creating a service user with owner role // NewServiceUserRoleInvalidError creates a new Error with InvalidArgument type for creating a service user with owner role
func NewServiceUserRoleInvalidError() error { func NewServiceUserRoleInvalidError() error {
return Errorf(InvalidArgument, "can't create a service user with owner role") return Errorf(InvalidArgument, "can't create a service user with owner role")
@ -150,19 +146,6 @@ func NewSetupKeyNotFoundError(err error) error {
return Errorf(NotFound, "setup key not found: %s", err) return Errorf(NotFound, "setup key not found: %s", err)
} }
// NewUnauthorizedToViewSetupKeysError creates a new Error with Unauthorized type for an issue getting a setup key
func NewUnauthorizedToViewSetupKeysError() error {
return Errorf(PermissionDenied, "only users with admin power can view setup keys")
}
func NewGroupNotFoundError() error {
return Errorf(NotFound, "group not found")
}
func NewUnauthorizedToViewGroupsError() error {
return Errorf(PermissionDenied, "only users with admin power can view groups")
}
func NewPATNotFoundError() error { func NewPATNotFoundError() error {
return Errorf(NotFound, "PAT not found") return Errorf(NotFound, "PAT not found")
} }
@ -171,26 +154,10 @@ func NewGetPATFromStoreError() error {
return Errorf(Internal, "issue getting pat from store") return Errorf(Internal, "issue getting pat from store")
} }
func NewUnauthorizedToViewPoliciesError() error {
return Errorf(PermissionDenied, "only users with admin power can view policies")
}
func NewUnauthorizedToViewPostureChecksError() error {
return Errorf(PermissionDenied, "only users with admin power can view posture checks")
}
func NewUnauthorizedToViewDNSSettingsError() error {
return Errorf(PermissionDenied, "only users with admin power can view dns settings")
}
func NewUnauthorizedToViewNSGroupsError() error { func NewUnauthorizedToViewNSGroupsError() error {
return Errorf(PermissionDenied, "only users with admin power can view name server groups") return Errorf(PermissionDenied, "only users with admin power can view name server groups")
} }
func NewUnauthorizedToViewRoutesError() error {
return Errorf(PermissionDenied, "only users with admin power can view network routes")
}
// NewStoreContextCanceledError creates a new Error with Internal type for a canceled store context // NewStoreContextCanceledError creates a new Error with Internal type for a canceled store context
func NewStoreContextCanceledError(duration time.Duration) error { func NewStoreContextCanceledError(duration time.Duration) error {
return Errorf(Internal, "store access: context canceled after %v", duration) return Errorf(Internal, "store access: context canceled after %v", duration)

3
management/server/testdata/store_with_expired_peers.sql vendored
View File

@ -32,4 +32,7 @@ INSERT INTO peers VALUES('cg05lnblo1hkg2j514p0','bf1c8084-ba50-4ce7-9439-3465300
INSERT INTO peers VALUES('cg3161rlo1hs9cq94gdg','bf1c8084-ba50-4ce7-9439-34653001fc3b','mVABSKj28gv+JRsf7e0NEGKgSOGTfU/nPB2cpuG56HU=','','"100.64.117.96"','testhost','linux','Linux','22.04','x86_64','Ubuntu','','development','','',NULL,'','','','{"Cloud":"","Platform":""}',NULL,'testhost','testhost','2023-03-06 18:21:27.252010027+01:00',0,0,0,'edafee4e-63fb-11ec-90d6-0242ac120003','ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINWvvUkFFcrj48CWTkNUb/do/n52i1L5dH4DhGu+4ZuM',0,0,'2023-03-07 09:02:47.442857106+01:00','2024-10-02 17:00:32.527947+02:00',0,'""','','',0); INSERT INTO peers VALUES('cg3161rlo1hs9cq94gdg','bf1c8084-ba50-4ce7-9439-34653001fc3b','mVABSKj28gv+JRsf7e0NEGKgSOGTfU/nPB2cpuG56HU=','','"100.64.117.96"','testhost','linux','Linux','22.04','x86_64','Ubuntu','','development','','',NULL,'','','','{"Cloud":"","Platform":""}',NULL,'testhost','testhost','2023-03-06 18:21:27.252010027+01:00',0,0,0,'edafee4e-63fb-11ec-90d6-0242ac120003','ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINWvvUkFFcrj48CWTkNUb/do/n52i1L5dH4DhGu+4ZuM',0,0,'2023-03-07 09:02:47.442857106+01:00','2024-10-02 17:00:32.527947+02:00',0,'""','','',0);
INSERT INTO users VALUES('f4f6d672-63fb-11ec-90d6-0242ac120003','bf1c8084-ba50-4ce7-9439-34653001fc3b','user',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 17:00:32.528196+02:00','api',0,''); INSERT INTO users VALUES('f4f6d672-63fb-11ec-90d6-0242ac120003','bf1c8084-ba50-4ce7-9439-34653001fc3b','user',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 17:00:32.528196+02:00','api',0,'');
INSERT INTO users VALUES('edafee4e-63fb-11ec-90d6-0242ac120003','bf1c8084-ba50-4ce7-9439-34653001fc3b','admin',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 17:00:32.528196+02:00','api',0,''); INSERT INTO users VALUES('edafee4e-63fb-11ec-90d6-0242ac120003','bf1c8084-ba50-4ce7-9439-34653001fc3b','admin',0,0,'','[]',0,'0001-01-01 00:00:00+00:00','2024-10-02 17:00:32.528196+02:00','api',0,'');
INSERT INTO "groups" VALUES('cs1tnh0hhcjnqoiuebeg','bf1c8084-ba50-4ce7-9439-34653001fc3b','All','api','["cfvprsrlo1hqoo49ohog", "cg3161rlo1hs9cq94gdg", "cg05lnblo1hkg2j514p0"]',0,'');
INSERT INTO policies VALUES('cs1tnh0hhcjnqoiuebf0','bf1c8084-ba50-4ce7-9439-34653001fc3b','Default','This is a default rule that allows connections between all the resources',1,'[]');
INSERT INTO policy_rules VALUES('cs387mkv2d4bgq41b6n0','cs1tnh0hhcjnqoiuebf0','Default','This is a default rule that allows connections between all the resources',1,'accept','["cs1tnh0hhcjnqoiuebeg"]','["cs1tnh0hhcjnqoiuebeg"]',1,'all',NULL,NULL);
INSERT INTO installations VALUES(1,''); INSERT INTO installations VALUES(1,'');

2
management/server/user.go
View File

@ -231,7 +231,7 @@ func (am *DefaultAccountManager) createServiceUser(ctx context.Context, accountI
} }
if !initiatorUser.HasAdminPower() { if !initiatorUser.HasAdminPower() {
return nil, status.NewUnauthorizedToViewServiceUsersError() return nil, status.NewAdminPermissionError()
} }
if role == UserRoleOwner { if role == UserRoleOwner {

54
route/route.go
View File

@ -88,18 +88,18 @@ type Route struct {
// AccountID is a reference to Account that this object belongs // AccountID is a reference to Account that this object belongs
AccountID string `gorm:"index"` AccountID string `gorm:"index"`
// Network and Domains are mutually exclusive // Network and Domains are mutually exclusive
Network netip.Prefix `gorm:"serializer:json"` Network netip.Prefix `gorm:"serializer:json"`
Domains domain.List `gorm:"serializer:json"` Domains domain.List `gorm:"serializer:json"`
KeepRoute bool KeepRoute bool
NetID NetID NetID NetID
Description string Description string
Peer string Peer string
PeerGroups []string `gorm:"serializer:json"` PeerGroups []string `gorm:"serializer:json"`
NetworkType NetworkType NetworkType NetworkType
Masquerade bool Masquerade bool
Metric int Metric int
Enabled bool Enabled bool
Groups []string `gorm:"serializer:json"` Groups []string `gorm:"serializer:json"`
AccessControlGroups []string `gorm:"serializer:json"` AccessControlGroups []string `gorm:"serializer:json"`
} }
@ -111,19 +111,20 @@ func (r *Route) EventMeta() map[string]any {
// Copy copies a route object // Copy copies a route object
func (r *Route) Copy() *Route { func (r *Route) Copy() *Route {
route := &Route{ route := &Route{
ID: r.ID, ID: r.ID,
Description: r.Description, AccountID: r.AccountID,
NetID: r.NetID, Description: r.Description,
Network: r.Network, NetID: r.NetID,
Domains: slices.Clone(r.Domains), Network: r.Network,
KeepRoute: r.KeepRoute, Domains: slices.Clone(r.Domains),
NetworkType: r.NetworkType, KeepRoute: r.KeepRoute,
Peer: r.Peer, NetworkType: r.NetworkType,
PeerGroups: slices.Clone(r.PeerGroups), Peer: r.Peer,
Metric: r.Metric, PeerGroups: slices.Clone(r.PeerGroups),
Masquerade: r.Masquerade, Metric: r.Metric,
Enabled: r.Enabled, Masquerade: r.Masquerade,
Groups: slices.Clone(r.Groups), Enabled: r.Enabled,
Groups: slices.Clone(r.Groups),
AccessControlGroups: slices.Clone(r.AccessControlGroups), AccessControlGroups: slices.Clone(r.AccessControlGroups),
} }
return route return route
@ -138,6 +139,7 @@ func (r *Route) IsEqual(other *Route) bool {
} }
return other.ID == r.ID && return other.ID == r.ID &&
other.AccountID == r.AccountID &&
other.Description == r.Description && other.Description == r.Description &&
other.NetID == r.NetID && other.NetID == r.NetID &&
other.Network == r.Network && other.Network == r.Network &&
@ -149,7 +151,7 @@ func (r *Route) IsEqual(other *Route) bool {
other.Masquerade == r.Masquerade && other.Masquerade == r.Masquerade &&
other.Enabled == r.Enabled && other.Enabled == r.Enabled &&
slices.Equal(r.Groups, other.Groups) && slices.Equal(r.Groups, other.Groups) &&
slices.Equal(r.PeerGroups, other.PeerGroups)&& slices.Equal(r.PeerGroups, other.PeerGroups) &&
slices.Equal(r.AccessControlGroups, other.AccessControlGroups) slices.Equal(r.AccessControlGroups, other.AccessControlGroups)
} }