a76c8eafb4
[management] sync calls to UpdateAccountPeers from BufferUpdateAccountPeers ( #4137 )
...
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
Co-authored-by: Pedro Costa <550684+pnmcosta@users.noreply.github.com >
2025-07-11 12:37:14 +03:00
2b9f331980
always suffix ephemeral peer name ( #4138 )
2025-07-11 10:29:10 +01:00
8632dd15f1
[management] added cleanupWindow for collecting several ephemeral peers to delete ( #4130 )
...
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
Co-authored-by: Pedro Costa <550684+pnmcosta@users.noreply.github.com >
2025-07-10 15:21:01 +02:00
969f1ed59a
[management] Remove deleted user peers from groups on user deletion ( #4121 )
...
Refactors peer deletion to centralize group cleanup logic, ensuring deleted peers are consistently removed from all groups in one place.
- Removed redundant group removal code from DefaultAccountManager.DeletePeer
- Added group removal logic inside deletePeers to handle both single and multiple peer deletions
2025-07-09 10:14:10 +03:00
996b8c600c
[management] replace invalid user with a clear error message about mismatched logins ( #4097 )
2025-07-03 16:36:36 +02:00
551cb4e467
[management] expect specific error types on registration with setup key ( #4094 )
2025-07-02 20:04:28 +02:00
22678bce7f
[management] add uniqueness constraint for peer ip and label and optimize generation ( #4042 )
2025-07-02 18:13:10 +02:00
1b73fae46e
[management] add breakdown of network map calculation metrics ( #4020 )
2025-06-25 11:46:35 +02:00
e9016aecea
[management] Add backward compatibility for older clients without firewall rules port range support ( #4003 )
...
Adds backward compatibility for clients with versions prior to v0.48.0 that do not support port range firewall rules.
- Skips generation of firewall rules with multi-port ranges for older clients
- Preserves support for single-port ranges by treating them as individual port rules, ensuring compatibility with older clients
2025-06-19 13:07:06 +03:00
af2b427751
[management] Avoid recalculating next peer expiration ( #3991 )
...
* Avoid recalculating next peer expiration
- Check if an account schedule is already running
- Cancel executing schedules only when changes occurs
- Add more context info to logs
* fix tests
2025-06-17 15:14:11 +02:00
684501fd35
[management] Prevent deletion of peers linked to network routers ( #3881 )
...
- Prevent deletion of peers linked to network routers
- Add API endpoint to list all network routers
2025-05-29 18:50:00 +03:00
c03435061c
[management] lazy connection account setting ( #3855 )
2025-05-22 14:09:00 +01:00
adf494e1ac
[management] fix a bug with missed extra dns labels for a new peer ( #3798 )
2025-05-14 17:50:21 +02:00
7b64953eed
[management] user info with role permissions ( #3728 )
2025-05-01 11:24:55 +01:00
b5419ef11a
[management] limit peers based on module read permission ( #3757 )
2025-04-30 15:53:18 +01:00
312bfd9bd7
[management] support custom domains per account ( #3726 )
2025-04-23 19:36:53 +02:00
e0b33d325d
[management] permissions manager use crud operations ( #3690 )
2025-04-16 17:25:03 +02:00
b9f82e2f8a
[management] Buffer updateAccountPeers calls ( #3644 )
2025-04-11 17:21:05 +02:00
5ea2806663
[management] use permission modules ( #3622 )
2025-04-10 11:06:52 +02:00
cbec7bda80
[management] permission manager validate account access ( #3444 )
2025-03-30 17:08:22 +02:00
a4f04f5570
[management] fix extend call and move config to types ( #3575 )
...
This PR fixes configuration inconsistencies and updates the store engine type usage throughout the management code. Key changes include:
- Replacing outdated server.Config references with types.Config and updating related flag variables (e.g. types.MgmtConfigPath).
- Converting engine constants (SqliteStoreEngine, PostgresStoreEngine, MysqlStoreEngine) to use types.Engine for consistent type–safety.
- Adjusting various test and migration code paths to correctly reference the new configuration and engine types.
2025-03-27 13:04:50 +01:00
c02e236196
[client,management] add netflow support to client and update management ( #3414 )
...
adds NetFlow functionality to track and log network traffic information between peers, with features including:
- Flow logging for TCP, UDP, and ICMP traffic
- Integration with connection tracking system
- Resource ID tracking in NetFlow events
- DNS and exit node collection configuration
- Flow API and Redis cache in management
- Memory-based flow storage implementation
- Kernel conntrack counters and userspace counters
- TCP state machine improvements for more accurate tracking
- Migration from net.IP to netip.Addr in the userspace firewall
2025-03-20 17:05:48 +01:00
fc1da94520
[client, management] Add port forwarding ( #3275 )
...
Add initial support to ingress ports on the client code.
- new types where added
- new protocol messages and controller
2025-03-09 16:06:43 +01:00
82c12cc8ae
[management] Handle transaction error on peer deletion ( #3387 )
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2025-02-25 19:57:04 +00:00
39986b0e97
[client, management] Support DNS Labels for Peer Addressing ( #3252 )
...
* [client] Support Extra DNS Labels for Peer Addressing
* [management] Support Extra DNS Labels for Peer Addressing
---------
Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com >
2025-02-20 13:43:20 +03:00
b6abd4b4da
[management/signal/relay] add metrics descriptions ( #3233 )
2025-01-24 14:17:30 +01:00
2605948e01
[management] use account request buffer on sync ( #3229 )
2025-01-24 12:04:50 +01:00
8c965434ae
[management] remove peer from group on delete ( #3223 )
2025-01-22 19:33:20 +01:00
1ad2cb5582
[management] Refactor peers to use store methods ( #2893 )
2025-01-20 18:41:46 +01:00
3e836db1d1
[management] add duration logs to Sync ( #3203 )
2025-01-17 12:26:44 +01:00
168ea9560e
[Management] Send peer network map when SSH status is toggled ( #3172 )
2025-01-11 13:19:30 +01:00
02a3feddb8
[management] Add MySQL Support ( #3108 )
...
* Add mysql store support
* Add support to disable activity events recording
2025-01-06 13:38:30 +01:00
ddc365f7a0
[client, management] Add new network concept ( #3047 )
...
---------
Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com >
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
2024-12-20 11:30:28 +01:00
97bb74f824
Remove peer login log ( #3005 )
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-09 18:40:06 +01:00
713e320c4c
Update account peers on login on meta change ( #2991 )
...
* Update account peers on login on meta change
* Factor out LoginPeer peer not found handling
2024-12-05 14:15:23 +01:00
d063fbb8b9
[management] merge update account peers in sync call ( #2978 )
2024-12-03 16:41:19 +01:00
7dacd9cb23
[management] Add missing parentheses on iphone hostname generation condition ( #2977 )
2024-12-03 13:49:02 +01:00
00c3b67182
[management] refactor to use account object instead of separate db calls for peer update ( #2957 )
2024-11-28 11:13:01 +01:00
ca12bc6953
[management] Refactor posture check to use store methods ( #2874 )
2024-11-25 16:26:24 +01:00
f66bbcc54c
[management] Add metric for peer meta update ( #2913 )
2024-11-19 18:13:26 +01:00
5dd6a08ea6
link peer meta update back to account object ( #2911 )
2024-11-19 17:25:49 +01:00
52ea2e84e9
[management] Add transaction metrics and exclude getAccount time from peers update ( #2904 )
2024-11-19 00:04:50 +01:00
12f442439a
[management] Refactor group to use store methods ( #2867 )
...
* Refactor setup key handling to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add lock to get account groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add check for regular user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* get only required groups for auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add account lock and return auto groups map on validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor account peers update
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor groups to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor GetGroupByID and add NewGroupNotFoundError
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add AddPeer and RemovePeer methods to Group struct
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Preserve store engine in SqlStore transactions
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run groups ops in transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix missing group removed from setup key activity
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Change setup key log level to debug for missing group
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve modified peers once for group events
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add account locking and merge group deletion methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-15 20:09:32 +03:00
4aee3c9e33
[client/management] add peer lock to peer meta update and fix isEqual func ( #2840 )
2024-11-15 16:59:03 +01:00
20a5afc359
[management] Add more logs to the peer update processes ( #2881 )
2024-11-12 14:19:22 +01:00
6cb697eed6
[management] Refactor setup key to use store methods ( #2861 )
...
* Refactor setup key handling to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add lock to get account groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add check for regular user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* get only required groups for auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add account lock and return auto groups map on validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix missing group removed from setup key activity
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Remove context from DB queries
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add user permission check and add setup events into events to store slice
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve all groups once during setup key auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-11 19:46:10 +03:00
3e88b7c56e
[management] Fix network map update on peer validation ( #2849 )
2024-11-07 09:50:13 +01:00
a9d06b883f
add all group to add peer affected peers network map check ( #2830 )
2024-11-01 22:09:08 +01:00
10480eb52f
[management] Setup key improvements ( #2775 )
2024-10-28 17:52:23 +01:00
7bda385e1b
[management] Optimize network map updates ( #2718 )
...
* Skip peer update on unchanged network map (#2236 )
* Enhance network updates by skipping unchanged messages
Optimizes the network update process
by skipping updates where no changes in the peer update message received.
* Add unit tests
* add locks
* Improve concurrency and update peer message handling
* Refactor account manager network update tests
* fix test
* Fix inverted network map update condition
* Add default group and policy to test data
* Run peer updates in a separate goroutine
* Refactor
* Refactor lock
* Fix peers update by including NetworkMap and posture Checks
* go mod tidy
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Skip account peers update if no changes affect peers (#2310 )
* Remove incrementing network serial and updating peers after group deletion
* Update account peer if posture check is linked to policy
* Remove account peers update on saving setup key
* Refactor group link checking into re-usable functions
* Add HasPeers function to group
* Refactor group management
* Optimize group change effects on account peers
* Update account peers if ns group has peers
* Refactor group changes
* Optimize account peers update in DNS settings
* Optimize update of account peers on jwt groups sync
* Refactor peer account updates for efficiency
* Optimize peer update on user deletion and changes
* Remove condition check for network serial update
* Optimize account peers updates on route changes
* Remove UpdatePeerSSHKey method
* Remove unused isPolicyRuleGroupsEmpty
* Add tests for peer update behavior on posture check changes
* Add tests for peer update behavior on policy changes
* Add tests for peer update behavior on group changes
* Add tests for peer update behavior on dns settings changes
* Refactor
* Add tests for peer update behavior on name server changes
* Add tests for peer update behavior on user changes
* Add tests for peer update behavior on route changes
* fix tests
* Add tests for peer update behavior on setup key changes
* Add tests for peer update behavior on peers changes
* fix merge
* Fix tests
* go mod tidy
* Add NameServer and Route comparators
* Update network map diff logic with custom comparators
* Add tests
* Refactor duplicate diff handling logic
* fix linter
* fix tests
* Refactor policy group handling and update logic.
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update route check by checking if group has peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor posture check policy linking logic
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Simplify peer update condition in DNS management
Refactor the condition for updating account peers to remove redundant checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add posture checks tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix user and setup key tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix account and route tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix typo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix routes tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* upgrade diff package
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* use generic differ for netip.Addr and netip.Prefix
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* go mod tidy
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add peer tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix management suite tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix postgres tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* enable diff nil structs comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip the update only last sent the serial is larger
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor peer and user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for groupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor group, ns group, policy and posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for GroupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update account policy check before verifying policy status
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* add tests missing tests for dns setting groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add tests for posture checks changes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add ns group and policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add route and group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* increase Linux test timeout to 10 minutes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run diff for client posture checks only
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add panic recovery and detailed logging in peer update comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-10-23 13:05:02 +03:00
