netbird

mirror of https://github.com/netbirdio/netbird.git synced 2024-11-30 12:05:29 +01:00

Author	SHA1	Message	Date
bcmmbaga	147971fdfe	Merge branch 'groups-get-account-refactoring' into policy-get-account-refactoring	2024-11-12 17:15:16 +03:00
bcmmbaga	ed259a6a03	Merge branch 'main' into groups-get-account-refactoring # Conflicts: # management/server/account.go # management/server/status/error.go	2024-11-12 17:14:45 +03:00
Pascal Fischer	20a5afc359	[management] Add more logs to the peer update processes (#2881 )	2024-11-12 14:19:22 +01:00
bcmmbaga	0c0fd380bd	Refactor policy get and save account to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-11-12 11:17:16 +03:00
Bethuel Mmbaga	6cb697eed6	[management] Refactor setup key to use store methods (#2861 ) * Refactor setup key handling to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add lock to get account groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add check for regular user Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * get only required groups for auto-group validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add account lock and return auto groups map on validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix missing group removed from setup key activity Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Remove context from DB queries Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add user permission check and add setup events into events to store slice Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve all groups once during setup key auto-group validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix sonar Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-11-11 19:46:10 +03:00
bcmmbaga	174e07fefd	Refactor posture checks to remove get and save account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-11-11 12:37:19 +03:00
bcmmbaga	bdeb95c58c	Run groups ops in transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-11-09 01:17:01 +03:00
bcmmbaga	8126d95316	refactor GetGroupByID and add NewGroupNotFoundError Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-11-08 18:58:04 +03:00
bcmmbaga	106fc75936	refactor account peers update Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-11-08 18:38:32 +03:00
bcmmbaga	78044c226d	add lock to get account groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-11-08 00:32:14 +03:00
Pascal Fischer	baf0678ceb	[management] Fix potential panic on inactivity expiration log message (#2854 )	2024-11-07 16:33:57 +01:00
pascal-fischer	10480eb52f	[management] Setup key improvements (#2775 )	2024-10-28 17:52:23 +01:00
Bethuel Mmbaga	7bda385e1b	[management] Optimize network map updates (#2718 ) * Skip peer update on unchanged network map (#2236) * Enhance network updates by skipping unchanged messages Optimizes the network update process by skipping updates where no changes in the peer update message received. * Add unit tests * add locks * Improve concurrency and update peer message handling * Refactor account manager network update tests * fix test * Fix inverted network map update condition * Add default group and policy to test data * Run peer updates in a separate goroutine * Refactor * Refactor lock * Fix peers update by including NetworkMap and posture Checks * go mod tidy * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Skip account peers update if no changes affect peers (#2310) * Remove incrementing network serial and updating peers after group deletion * Update account peer if posture check is linked to policy * Remove account peers update on saving setup key * Refactor group link checking into re-usable functions * Add HasPeers function to group * Refactor group management * Optimize group change effects on account peers * Update account peers if ns group has peers * Refactor group changes * Optimize account peers update in DNS settings * Optimize update of account peers on jwt groups sync * Refactor peer account updates for efficiency * Optimize peer update on user deletion and changes * Remove condition check for network serial update * Optimize account peers updates on route changes * Remove UpdatePeerSSHKey method * Remove unused isPolicyRuleGroupsEmpty * Add tests for peer update behavior on posture check changes * Add tests for peer update behavior on policy changes * Add tests for peer update behavior on group changes * Add tests for peer update behavior on dns settings changes * Refactor * Add tests for peer update behavior on name server changes * Add tests for peer update behavior on user changes * Add tests for peer update behavior on route changes * fix tests * Add tests for peer update behavior on setup key changes * Add tests for peer update behavior on peers changes * fix merge * Fix tests * go mod tidy * Add NameServer and Route comparators * Update network map diff logic with custom comparators * Add tests * Refactor duplicate diff handling logic * fix linter * fix tests * Refactor policy group handling and update logic. Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update route check by checking if group has peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor posture check policy linking logic Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Simplify peer update condition in DNS management Refactor the condition for updating account peers to remove redundant checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add policy tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add posture checks tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix user and setup key tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix account and route tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix typo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix nameserver tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix routes tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix group tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * upgrade diff package Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix nameserver tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * use generic differ for netip.Addr and netip.Prefix Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * go mod tidy Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add peer tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix management suite tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix postgres tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * enable diff nil structs comparison Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip the update only last sent the serial is larger Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor peer and user Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip spell check for groupD Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor group, ns group, policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip spell check for GroupD Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update account policy check before verifying policy status Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * add tests missing tests for dns setting groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add tests for posture checks changes Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add ns group and policy tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add route and group tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * increase Linux test timeout to 10 minutes Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Run diff for client posture checks only Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add panic recovery and detailed logging in peer update comparison Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>	2024-10-23 13:05:02 +03:00
Bethuel Mmbaga	0106a95f7a	lock account and use transaction (#2767 ) Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-10-22 13:29:17 +03:00
Maycon Santos	88e4fc2245	Release global lock on early error (#2760 )	2024-10-19 18:32:17 +02:00
Maycon Santos	ccd4ae6315	Fix domain information is up to date check (#2754 )	2024-10-17 19:21:35 +02:00
ctrl-zzz	49e65109d2	Add session expire functionality based on inactivity (#2326 ) Implemented inactivity expiration by checking the status of a peer: after a configurable period of time following netbird down, the peer shows login required.	2024-10-13 14:52:43 +02:00
Maycon Santos	da3a053e2b	[management] Refactor getAccountIDWithAuthorizationClaims (#2715 ) This change restructures the getAccountIDWithAuthorizationClaims method to improve readability, maintainability, and performance. - have dedicated methods to handle possible cases - introduced Store.UpdateAccountDomainAttributes and Store.GetAccountUsers methods - Remove GetAccount and SaveAccount dependency - added tests	2024-10-12 08:35:51 +02:00
pascal-fischer	dbec24b520	[management] Remove admin check on getAccountByID (#2699 )	2024-10-06 17:01:13 +02:00
Bethuel Mmbaga	8bf729c7b4	[management] Add AccountExists to AccountManager (#2694 ) * Add AccountExists method to account manager interface Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove unused code Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-10-04 18:09:40 +03:00
Bethuel Mmbaga	7f09b39769	[management] Refactor User JWT group sync (#2690 ) * Refactor GetAccountIDByUserOrAccountID Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * sync user jwt group changes Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * propagate jwt group changes to peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix no jwt groups synced Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests and lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Move the account peer update outside the transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * move updateUserPeersInGroups to account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * move event store outside of transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * get user with update lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Run jwt sync in transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-10-04 17:17:01 +03:00
Bethuel Mmbaga	ff7863785f	[management, client] Add access control support to network routes (#2100 )	2024-10-02 13:41:00 +02:00
Bethuel Mmbaga	acb73bd64a	[management] Remove redundant get account calls in GetAccountFromToken (#2615 ) * refactor access control middleware and user access by JWT groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor jwt groups extractor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to get account when necessary Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * revert handles change Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove GetUserByID from account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims to return account id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to use GetAccountIDFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByName from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByID from store and refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor retrieval of policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user permissions and retrieves PAT Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor route, setupkey, nameserver and dns to get record(s) from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix add missing policy source posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add store lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add get account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-27 17:10:50 +03:00
pascal-fischer	6c50b0c84b	[management] Add transaction to addPeer (#2469 ) This PR removes the GetAccount and SaveAccount operations from the AddPeer and instead makes use of gorm.Transaction to add the new peer.	2024-09-16 15:47:03 +02:00
Bethuel Mmbaga	d97b03656f	[management] Refactor HTTP metrics (#2476 ) * Add logging for slow SQL queries in SaveAccount and GetAccount * Add resource count log for large accounts * Refactor metrics middleware to simplify counters and histograms * Update log levels and remove redundant resource count check	2024-08-23 19:42:55 +03:00
pascal-fischer	0f0415b92a	rename request buffer and update default interval (#2459 )	2024-08-21 11:44:52 +02:00
pascal-fischer	3ed90728e6	[management] Add buffering for getAccount requests during login (#2449 )	2024-08-20 20:06:01 +02:00
pascal-fischer	049b5fb7ed	Split DB calls in peer login (#2439 )	2024-08-19 12:50:11 +02:00
Bethuel Mmbaga	539480a713	[management] Prevent removal of All group from peers during user groups propagation (#2410 ) * Prevent removal of "All" group from peers * Prevent adding "All" group to users and setup keys * Refactor setup key group validation	2024-08-12 13:48:05 +03:00
Bethuel Mmbaga	0911163146	Add batch delete for groups and users (#2370 ) * Refactor user deletion logic and introduce batch delete * Prevent self-deletion for users * Add delete multiple groups * Refactor group deletion with validation * Fix tests * Add bulk delete functions for Users and Groups in account manager interface and mocks * Add tests for DeleteGroups method in group management * Add tests for DeleteUsers method in users management	2024-08-08 18:01:38 +03:00
Viktor Liu	ac0d5ff9f3	[management] Improve mgmt sync performance (#2363 )	2024-08-07 10:52:31 +02:00
Maycon Santos	cbf9f2058e	Use accountID retrieved from the sync call to acquire read lock sooner (#2369 ) Use accountID retrieved from the sync call to acquire read lock sooner and avoiding extra DB calls. - Use the account ID across sync calls - Moved account read lock - Renamed CancelPeerRoutines to OnPeerDisconnected - Added race tests	2024-08-01 16:21:43 +02:00
Maycon Santos	5ee9c77e90	Move write peer lock (#2364 ) Moved the write peer lock to avoid latency caused by disk access Updated the method CancelPeerRoutines to use the peer public key	2024-07-31 21:51:45 +02:00
Maycon Santos	165988429c	Add write lock for peer when saving its connection status (#2359 )	2024-07-31 14:53:32 +02:00
Bethuel Mmbaga	7321046cd6	Remove redundant check for empty JWT groups (#2323 ) * Remove redundant check for empty group names in SetJWTGroups * add test	2024-07-26 16:33:54 +02:00
Bethuel Mmbaga	1537b0f5e7	Add batch save/update for groups and users (#2245 ) * Add functionality to update multiple users * Remove SaveUsers from DefaultAccountManager * Add SaveGroups method to AccountManager interface * Refactoring * Add SaveUsers and SaveGroups methods to store interface * Refactor method SaveAccount to SaveUsers and SaveGroups The method SaveAccount in user.go and group.go files was split into two separate methods. Now, user-specific data is handled by SaveUsers and group-specific data is handled by SaveGroups method. This provides a cleaner and more efficient way to save user and group data. * Add account ID to user and group in SqlStore * Refactor SaveUsers and SaveGroups in store * Remove unnecessary ID assignment in SaveUsers and SaveGroups	2024-07-15 17:04:06 +03:00
pascal-fischer	765aba2c1c	Add context to throughout the project and update logging (#2209 ) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>	2024-07-03 11:33:02 +02:00
Zoltan Papp	7cb81f1d70	Fix nil pointer exception in case of error (#2230 )	2024-07-02 18:18:14 +02:00
Bethuel Mmbaga	eaa31c2dc6	Optimize process checks database read (#2182 ) * Add posture checks to peer management This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map. * Update peer methods to return posture checks * Refactor * return early if there is no posture checks --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>	2024-06-22 17:41:16 +03:00
Viktor Liu	f9462eea27	Fix dns route retrieval condition (#2165 ) * Fix route retrieval condition * Make error messages take domains into account	2024-06-20 13:52:32 +02:00
Maycon Santos	4fec709bb1	Release 0.28.0 (#2092 ) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to _unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>	2024-06-13 13:24:24 +02:00
Bethuel Mmbaga	f68d5e965f	Optimize JWT Group Sync (#2108 ) * Optimize JWT group sync to avoid unnecessary account sync * Ignore adding matching API and JWT groups during Sync * add tests * refactor	2024-06-13 09:55:09 +03:00
pascal-fischer	521f7dd39f	Improve login performance (#2061 )	2024-05-31 16:41:12 +02:00
pascal-fischer	012235ff12	Add FindExistingPostureCheck (#2075 )	2024-05-30 15:22:42 +02:00
Maycon Santos	f176807ebe	Add extra logs for account not found, peer login and getAccount (#2053 )	2024-05-27 12:29:28 +02:00
Maycon Santos	7a1c96ebf4	Remove extra error mapping (#2050 )	2024-05-24 14:46:11 +02:00
Maycon Santos	29a2d93873	Log global lock acquisition per user (#2039 )	2024-05-23 17:09:58 +02:00
Maycon Santos	9d3db68805	Return the proper error when a peer is deleted (#2035 ) this fixes an issue causing peers to keep retrying the connection after a peer is removed from the management system	2024-05-23 14:59:09 +02:00
pascal-fischer	0a75da6fb7	Remove GetNetworkMap stacktrace(#1941 )	2024-05-07 19:19:30 +02:00
pascal-fischer	2e0047daea	Improve Sync performance (#1901 )	2024-05-07 14:30:03 +02:00

1 2 3 4 5

236 Commits