a2a49bdd47
fix peer fields updated after save
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-18 16:43:09 +03:00
a2fb274b86
remove duplicate store method
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-18 15:09:30 +03:00
a61e9da3e9
run peer ops in transaction
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-18 15:06:25 +03:00
c557c98390
Refactor peer to use store methods
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-14 19:33:57 +03:00
147971fdfe
Merge branch 'groups-get-account-refactoring' into policy-get-account-refactoring
2024-11-12 17:15:16 +03:00
ed259a6a03
Merge branch 'main' into groups-get-account-refactoring
...
# Conflicts:
# management/server/account.go
# management/server/status/error.go
2024-11-12 17:14:45 +03:00
20a5afc359
[management] Add more logs to the peer update processes ( #2881 )
2024-11-12 14:19:22 +01:00
6cb697eed6
[management] Refactor setup key to use store methods ( #2861 )
...
* Refactor setup key handling to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add lock to get account groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add check for regular user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* get only required groups for auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add account lock and return auto groups map on validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix missing group removed from setup key activity
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Remove context from DB queries
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add user permission check and add setup events into events to store slice
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve all groups once during setup key auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-11 19:46:10 +03:00
d54b6967ce
fix refactor
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-11 12:38:34 +03:00
bdeb95c58c
Run groups ops in transaction
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-09 01:17:01 +03:00
106fc75936
refactor account peers update
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-08 18:38:32 +03:00
78044c226d
add lock to get account groups
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-08 00:32:14 +03:00
3e88b7c56e
[management] Fix network map update on peer validation ( #2849 )
2024-11-07 09:50:13 +01:00
a9d06b883f
add all group to add peer affected peers network map check ( #2830 )
2024-11-01 22:09:08 +01:00
10480eb52f
[management] Setup key improvements ( #2775 )
2024-10-28 17:52:23 +01:00
7bda385e1b
[management] Optimize network map updates ( #2718 )
...
* Skip peer update on unchanged network map (#2236 )
* Enhance network updates by skipping unchanged messages
Optimizes the network update process
by skipping updates where no changes in the peer update message received.
* Add unit tests
* add locks
* Improve concurrency and update peer message handling
* Refactor account manager network update tests
* fix test
* Fix inverted network map update condition
* Add default group and policy to test data
* Run peer updates in a separate goroutine
* Refactor
* Refactor lock
* Fix peers update by including NetworkMap and posture Checks
* go mod tidy
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Skip account peers update if no changes affect peers (#2310 )
* Remove incrementing network serial and updating peers after group deletion
* Update account peer if posture check is linked to policy
* Remove account peers update on saving setup key
* Refactor group link checking into re-usable functions
* Add HasPeers function to group
* Refactor group management
* Optimize group change effects on account peers
* Update account peers if ns group has peers
* Refactor group changes
* Optimize account peers update in DNS settings
* Optimize update of account peers on jwt groups sync
* Refactor peer account updates for efficiency
* Optimize peer update on user deletion and changes
* Remove condition check for network serial update
* Optimize account peers updates on route changes
* Remove UpdatePeerSSHKey method
* Remove unused isPolicyRuleGroupsEmpty
* Add tests for peer update behavior on posture check changes
* Add tests for peer update behavior on policy changes
* Add tests for peer update behavior on group changes
* Add tests for peer update behavior on dns settings changes
* Refactor
* Add tests for peer update behavior on name server changes
* Add tests for peer update behavior on user changes
* Add tests for peer update behavior on route changes
* fix tests
* Add tests for peer update behavior on setup key changes
* Add tests for peer update behavior on peers changes
* fix merge
* Fix tests
* go mod tidy
* Add NameServer and Route comparators
* Update network map diff logic with custom comparators
* Add tests
* Refactor duplicate diff handling logic
* fix linter
* fix tests
* Refactor policy group handling and update logic.
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update route check by checking if group has peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor posture check policy linking logic
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Simplify peer update condition in DNS management
Refactor the condition for updating account peers to remove redundant checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add posture checks tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix user and setup key tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix account and route tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix typo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix routes tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* upgrade diff package
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* use generic differ for netip.Addr and netip.Prefix
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* go mod tidy
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add peer tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix management suite tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix postgres tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* enable diff nil structs comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip the update only last sent the serial is larger
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor peer and user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for groupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor group, ns group, policy and posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for GroupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update account policy check before verifying policy status
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* add tests missing tests for dns setting groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add tests for posture checks changes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add ns group and policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add route and group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* increase Linux test timeout to 10 minutes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run diff for client posture checks only
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add panic recovery and detailed logging in peer update comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-10-23 13:05:02 +03:00
49e65109d2
Add session expire functionality based on inactivity ( #2326 )
...
Implemented inactivity expiration by checking the status of a peer: after a configurable period of time following netbird down, the peer shows login required.
2024-10-13 14:52:43 +02:00
2c1f5e46d5
[management] Validate peer ownership during login ( #2704 )
...
* check peer ownership in login
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update error message
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-07 19:06:26 +03:00
6c50b0c84b
[management] Add transaction to addPeer ( #2469 )
...
This PR removes the GetAccount and SaveAccount operations from the AddPeer and instead makes use of gorm.Transaction to add the new peer.
2024-09-16 15:47:03 +02:00
f43a0a0177
[client] Retry on tun creation for darwin ( #2564 )
...
The interface creation on macOS seems to be asynchronus why the tun.create methode somethimes failes becasue the interface is not ready yet. To work around this issue we introduce a retry on tun.create
2024-09-09 19:02:10 +02:00
0c039274a4
[relay] Feature/relay integration ( #2244 )
...
This update adds new relay integration for NetBird clients. The new relay is based on web sockets and listens on a single port.
- Adds new relay implementation with websocket with single port relaying mechanism
- refactor peer connection logic, allowing upgrade and downgrade from/to P2P connection
- peer connections are faster since it connects first to relay and then upgrades to P2P
- maintains compatibility with old clients by not using the new relay
- updates infrastructure scripts with new relay service
2024-09-08 12:06:14 +02:00
0f0415b92a
rename request buffer and update default interval ( #2459 )
2024-08-21 11:44:52 +02:00
3ed90728e6
[management] Add buffering for getAccount requests during login ( #2449 )
2024-08-20 20:06:01 +02:00
049b5fb7ed
Split DB calls in peer login ( #2439 )
2024-08-19 12:50:11 +02:00
ac0d5ff9f3
[management] Improve mgmt sync performance ( #2363 )
2024-08-07 10:52:31 +02:00
54d896846b
Skip network map check if not regular user ( #2402 )
...
when getting all peers we don't need to calculate network map when not a regular user
2024-08-07 10:22:12 +02:00
165988429c
Add write lock for peer when saving its connection status ( #2359 )
2024-07-31 14:53:32 +02:00
da39c8bbca
Refactor login with store.SavePeer ( #2334 )
...
This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling.
Changes:
- Refactored login logic to use store.SavePeer.
- Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow.
- Updated error handling with status.NewPeerLoginExpiredError().
- Moved geoIP check logic to a more appropriate place.
- Removed redundant calls and improved documentation.
- Moved the code to smaller methods to improve readability.
2024-07-29 13:30:27 +02:00
1f48fdf6ca
Add SavePeer method to prevent a possible account inconsistency ( #2296 )
...
SyncPeer was storing the account with a simple read lock
This change introduces the SavePeer method to the store to be used in these cases
2024-07-26 07:49:05 +02:00
765aba2c1c
Add context to throughout the project and update logging ( #2209 )
...
propagate context from all the API calls and log request ID, account ID and peer ID
---------
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
2024-07-03 11:33:02 +02:00
eaa31c2dc6
Optimize process checks database read ( #2182 )
...
* Add posture checks to peer management
This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map.
* Update peer methods to return posture checks
* Refactor
* return early if there is no posture checks
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-06-22 17:41:16 +03:00
4fec709bb1
Release 0.28.0 ( #2092 )
...
* compile client under freebsd (#1620 )
Compile netbird client under freebsd and now support netstack and userspace modes.
Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files.
Not implemented yet:
Kernel mode not supported
DNS probably does not work yet
Routing also probably does not work yet
SSH support did not tested yet
Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required)
Lack of tests for freebsd specific code
info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface)
Lack of proper client setup under FreeBSD
Lack of FreeBSD port/package
* Add DNS routes (#1943 )
Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added.
This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records.
* Add process posture check (#1693 )
Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems.
Co-authored-by: Evgenii <mail@skillcoder.com >
Co-authored-by: Pascal Fischer <pascal@netbird.io >
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com >
Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com >
2024-06-13 13:24:24 +02:00
521f7dd39f
Improve login performance ( #2061 )
2024-05-31 16:41:12 +02:00
41fe9f84ec
Extend integrated validator with error handling ( #2044 )
2024-05-24 13:29:25 +02:00
2e0047daea
Improve Sync performance ( #1901 )
2024-05-07 14:30:03 +02:00
fd26e989e3
Check if channel exist before sending network map ( #1894 )
...
Check for connection channel before calculating and sending the network map
2024-04-29 18:31:52 +02:00
8f3a0f2c38
Add retry to IdP cache lookup ( #1882 )
2024-04-23 19:23:43 +02:00
9505805313
Rename variable ( #1829 )
2024-04-11 14:08:03 +02:00
2d76b058fc
Feature/peer validator ( #1553 )
...
Follow up management-integrations changes
move groups to separated packages to avoid circle dependencies
save location information in Login action
2024-03-27 18:48:48 +01:00
ea2d060f93
Add limited dashboard view ( #1738 )
2024-03-27 16:11:45 +01:00
aa935bdae3
Register creation time for peer, user and account ( #1654 )
...
This change register creation time for new peers, users and accounts
2024-03-02 13:49:40 +01:00
9bc7b9e897
Add initial support of device posture checks ( #1540 )
...
This PR implements the following posture checks:
* Agent minimum version allowed
* OS minimum version allowed
* Geo-location based on connection IP
For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh.
The OpenAPI spec should extensively cover the life cycle of current version posture checks.
2024-02-20 09:59:56 +01:00
399493a954
Allow service users with user role read-only access to all resources ( #1484 )
...
We allow service users with user role read-only access
to all resources so users can create service user and propagate
PATs without having to give full admin permissions.
2024-01-25 09:50:27 +01:00
8b4ec96516
Update user's last login when authenticating a peer ( #1437 )
...
* Update user's last login when authenticating a peer
Prior to this update the user's last login only updated on dashboard authentication
* use account and user methods
2024-01-06 12:57:05 +01:00
ae5f69562d
Merge branch 'main' into feature/peer-approval
2023-12-04 17:34:53 +01:00
dc8f55f23e
remove dependency cycle from prepare peer
2023-12-04 16:26:34 +01:00
92adf57fea
fix map assignment
2023-12-04 13:49:46 +01:00
1cd5a66575
adding setup key name to the event meta for adding peers by setup key
2023-12-04 13:00:13 +01:00
b9fc008542
extract peer preparation
2023-12-04 12:49:50 +01:00
d5bf79bc51
Merge branch 'main' into feature/peer-approval
2023-12-01 18:12:59 +01:00
