Pascal Fischer
52ea2e84e9
[management] Add transaction metrics and exclude getAccount time from peers update ( #2904 )
2024-11-19 00:04:50 +01:00
İsmail
a1c5287b7c
Fix the Inactivity Expiration problem. ( #2865 )
2024-11-15 18:21:27 +01:00
Bethuel Mmbaga
12f442439a
[management] Refactor group to use store methods ( #2867 )
...
* Refactor setup key handling to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add lock to get account groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add check for regular user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* get only required groups for auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add account lock and return auto groups map on validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor account peers update
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Refactor groups to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor GetGroupByID and add NewGroupNotFoundError
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Add AddPeer and RemovePeer methods to Group struct
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Preserve store engine in SqlStore transactions
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Run groups ops in transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix missing group removed from setup key activity
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Change setup key log level to debug for missing group
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Retrieve modified peers once for group events
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Add account locking and merge group deletion methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-11-15 20:09:32 +03:00
Pascal Fischer
d9b691b8a5
[management] Limit the setup-key update operation ( #2841 )
2024-11-15 17:00:06 +01:00
Pascal Fischer
4aee3c9e33
[client/management] add peer lock to peer meta update and fix isEqual func ( #2840 )
2024-11-15 16:59:03 +01:00
Pascal Fischer
44e799c687
[management] Fix limited peer view groups ( #2894 )
2024-11-15 11:16:16 +01:00
Viktor Liu
39329e12a1
[client] Improve state write timeout and abort work early on timeout ( #2882 )
...
* Improve state write timeout and abort work early on timeout
* Don't block on initial persist state
2024-11-13 13:46:00 +01:00
Pascal Fischer
20a5afc359
[management] Add more logs to the peer update processes ( #2881 )
2024-11-12 14:19:22 +01:00
Bethuel Mmbaga
6cb697eed6
[management] Refactor setup key to use store methods ( #2861 )
...
* Refactor setup key handling to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add lock to get account groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add check for regular user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* get only required groups for auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add account lock and return auto groups map on validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix missing group removed from setup key activity
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Remove context from DB queries
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Add user permission check and add setup events into events to store slice
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Retrieve all groups once during setup key auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-11-11 19:46:10 +03:00
Viktor Liu
08b6e9d647
[management] Fix api error message typo peers_group ( #2862 )
2024-11-08 23:28:02 +01:00
Pascal Fischer
67ce14eaea
[management] Add peer lock to grpc server ( #2859 )
...
* add peer lock to grpc server
* remove sleep and put db update first
* don't export lock method
2024-11-08 18:47:22 +01:00
Pascal Fischer
669904cd06
[management] Remove context from database calls ( #2863 )
2024-11-08 15:49:00 +01:00
Maycon Santos
738387f2de
Add benchmark tests to get account with claims ( #2761 )
...
* Add benchmark tests to get account with claims
* add users to account objects
* remove hardcoded env
2024-11-07 17:23:35 +01:00
Pascal Fischer
baf0678ceb
[management] Fix potential panic on inactivity expiration log message ( #2854 )
2024-11-07 16:33:57 +01:00
Pascal Fischer
7fef8f6758
[management] Enforce max conn of 1 for sqlite setups ( #2855 )
2024-11-07 16:32:35 +01:00
Pascal Fischer
3e88b7c56e
[management] Fix network map update on peer validation ( #2849 )
2024-11-07 09:50:13 +01:00
Pascal Fischer
a9d06b883f
add all group to add peer affected peers network map check ( #2830 )
2024-11-01 22:09:08 +01:00
Pascal Fischer
bac95ace18
[management] Add DB access duration to logs for context cancel ( #2781 )
2024-11-01 10:58:39 +01:00
Pascal Fischer
4c758c6e52
[management] remove network map diff calculations ( #2820 )
2024-10-31 19:24:15 +01:00
Pascal Fischer
729bcf2b01
[management] add metrics to network map diff ( #2811 )
2024-10-30 16:53:23 +01:00
pascal-fischer
39c99781cb
fix meta is equal slices ( #2807 )
2024-10-29 19:54:38 +01:00
pascal-fischer
10480eb52f
[management] Setup key improvements ( #2775 )
2024-10-28 17:52:23 +01:00
pascal-fischer
563dca705c
[management] Fix session inactivity response ( #2770 )
2024-10-23 16:40:15 +02:00
Bethuel Mmbaga
7bda385e1b
[management] Optimize network map updates ( #2718 )
...
* Skip peer update on unchanged network map (#2236 )
* Enhance network updates by skipping unchanged messages
Optimizes the network update process
by skipping updates where no changes in the peer update message received.
* Add unit tests
* add locks
* Improve concurrency and update peer message handling
* Refactor account manager network update tests
* fix test
* Fix inverted network map update condition
* Add default group and policy to test data
* Run peer updates in a separate goroutine
* Refactor
* Refactor lock
* Fix peers update by including NetworkMap and posture Checks
* go mod tidy
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* [management] Skip account peers update if no changes affect peers (#2310 )
* Remove incrementing network serial and updating peers after group deletion
* Update account peer if posture check is linked to policy
* Remove account peers update on saving setup key
* Refactor group link checking into re-usable functions
* Add HasPeers function to group
* Refactor group management
* Optimize group change effects on account peers
* Update account peers if ns group has peers
* Refactor group changes
* Optimize account peers update in DNS settings
* Optimize update of account peers on jwt groups sync
* Refactor peer account updates for efficiency
* Optimize peer update on user deletion and changes
* Remove condition check for network serial update
* Optimize account peers updates on route changes
* Remove UpdatePeerSSHKey method
* Remove unused isPolicyRuleGroupsEmpty
* Add tests for peer update behavior on posture check changes
* Add tests for peer update behavior on policy changes
* Add tests for peer update behavior on group changes
* Add tests for peer update behavior on dns settings changes
* Refactor
* Add tests for peer update behavior on name server changes
* Add tests for peer update behavior on user changes
* Add tests for peer update behavior on route changes
* fix tests
* Add tests for peer update behavior on setup key changes
* Add tests for peer update behavior on peers changes
* fix merge
* Fix tests
* go mod tidy
* Add NameServer and Route comparators
* Update network map diff logic with custom comparators
* Add tests
* Refactor duplicate diff handling logic
* fix linter
* fix tests
* Refactor policy group handling and update logic.
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Update route check by checking if group has peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Refactor posture check policy linking logic
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Simplify peer update condition in DNS management
Refactor the condition for updating account peers to remove redundant checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add posture checks tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix user and setup key tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix account and route tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix typo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix routes tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* upgrade diff package
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* use generic differ for netip.Addr and netip.Prefix
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* go mod tidy
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add peer tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix management suite tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix postgres tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* enable diff nil structs comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* skip the update only last sent the serial is larger
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor peer and user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* skip spell check for groupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Refactor group, ns group, policy and posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* skip spell check for GroupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* update account policy check before verifying policy status
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
* add tests missing tests for dns setting groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add tests for posture checks changes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add ns group and policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add route and group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* increase Linux test timeout to 10 minutes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Run diff for client posture checks only
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add panic recovery and detailed logging in peer update comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2024-10-23 13:05:02 +03:00
Bethuel Mmbaga
0106a95f7a
lock account and use transaction ( #2767 )
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-10-22 13:29:17 +03:00
Maycon Santos
88e4fc2245
Release global lock on early error ( #2760 )
2024-10-19 18:32:17 +02:00
Maycon Santos
ccd4ae6315
Fix domain information is up to date check ( #2754 )
2024-10-17 19:21:35 +02:00
Bethuel Mmbaga
96d2207684
Fix JSON function compatibility for SQLite and PostgreSQL ( #2746 )
...
resolves the issue with json_array_length compatibility between SQLite and PostgreSQL. It adjusts the query to conditionally cast types:
PostgreSQL: Casts to json with ::json.
SQLite: Uses the text representation directly.
2024-10-16 17:55:30 +02:00
ctrl-zzz
49e65109d2
Add session expire functionality based on inactivity ( #2326 )
...
Implemented inactivity expiration by checking the status of a peer: after a configurable period of time following netbird down, the peer shows login required.
2024-10-13 14:52:43 +02:00
Maycon Santos
da3a053e2b
[management] Refactor getAccountIDWithAuthorizationClaims ( #2715 )
...
This change restructures the getAccountIDWithAuthorizationClaims method to improve readability, maintainability, and performance.
- have dedicated methods to handle possible cases
- introduced Store.UpdateAccountDomainAttributes and Store.GetAccountUsers methods
- Remove GetAccount and SaveAccount dependency
- added tests
2024-10-12 08:35:51 +02:00
Misha Bragin
208a2b7169
Add billing user role ( #2714 )
2024-10-10 14:14:56 +02:00
pascal-fischer
8284ae959c
[management] Move testdata to sql files ( #2693 )
2024-10-10 12:35:03 +02:00
Maycon Santos
6ce09bca16
Add support to envsub go management configurations ( #2708 )
...
This change allows users to reference environment variables using Go template format, like {{ .EnvName }}
Moved the previous file test code to file_suite_test.go.
2024-10-09 20:46:23 +02:00
pascal-fischer
b79c1d64cc
[management] Make max open db conns configurable ( #2713 )
2024-10-09 20:17:25 +02:00
pascal-fischer
d4ef84fe6e
[management] Propagate error in store errors ( #2709 )
2024-10-09 14:33:58 +02:00
Bethuel Mmbaga
2c1f5e46d5
[management] Validate peer ownership during login ( #2704 )
...
* check peer ownership in login
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* update error message
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-10-07 19:06:26 +03:00
pascal-fischer
dbec24b520
[management] Remove admin check on getAccountByID ( #2699 )
2024-10-06 17:01:13 +02:00
Bethuel Mmbaga
5897a48e29
fix wrong reference ( #2695 )
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-10-04 18:55:25 +03:00
Bethuel Mmbaga
8bf729c7b4
[management] Add AccountExists to AccountManager ( #2694 )
...
* Add AccountExists method to account manager interface
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* remove unused code
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-10-04 18:09:40 +03:00
Bethuel Mmbaga
7f09b39769
[management] Refactor User JWT group sync ( #2690 )
...
* Refactor GetAccountIDByUserOrAccountID
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* sync user jwt group changes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* propagate jwt group changes to peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix no jwt groups synced
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix tests and lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Move the account peer update outside the transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* move updateUserPeersInGroups to account manager
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* move event store outside of transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* get user with update lock
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Run jwt sync in transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-10-04 17:17:01 +03:00
pascal-fischer
158936fb15
[management] Remove file store ( #2689 )
2024-10-03 15:50:35 +02:00
Maycon Santos
8934453b30
Update management base docker image ( #2687 )
2024-10-02 19:29:51 +03:00
Bethuel Mmbaga
ff7863785f
[management, client] Add access control support to network routes ( #2100 )
2024-10-02 13:41:00 +02:00
pascal-fischer
16179db599
[management] Propagate metrics ( #2667 )
2024-09-30 22:18:10 +02:00
adasauce
58ff7ab797
[management] improve zitadel idp error response detail by decoding errors ( #2634 )
...
* [management] improve zitadel idp error response detail by decoding errors
* [management] extend readZitadelError to be used for requestJWTToken
more generically parse the error returned by zitadel.
* fix lint
---------
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-09-27 22:21:34 +03:00
Bethuel Mmbaga
acb73bd64a
[management] Remove redundant get account calls in GetAccountFromToken ( #2615 )
...
* refactor access control middleware and user access by JWT groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor jwt groups extractor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor handlers to get account when necessary
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor getAccountFromToken
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor getAccountWithAuthorizationClaims
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* revert handles change
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* remove GetUserByID from account manager
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor getAccountWithAuthorizationClaims to return account id
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor handlers to use GetAccountIDFromToken
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* remove locks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add GetGroupByName from store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add GetGroupByID from store and refactor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Refactor retrieval of policy and posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Refactor user permissions and retrieves PAT
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Refactor route, setupkey, nameserver and dns to get record(s) from store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Refactor store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix add missing policy source posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add store lock
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add get account
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-09-27 17:10:50 +03:00
pascal-fischer
1e4a0f77e2
Add get DB method to store ( #2650 )
2024-09-25 18:22:27 +02:00
pascal-fischer
d47be154ea
[misc] Fix ip range posture check example ( #2628 )
2024-09-23 10:02:03 +02:00
Bethuel Mmbaga
35c892aea3
[management] Restrict accessible peers to user-owned peers for non-admins ( #2618 )
...
* Restrict accessible peers to user-owned peers for non-admin users
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add service user test
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* reuse account from token
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* return error when peer not found
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-09-20 12:36:58 +03:00
pascal-fischer
6c50b0c84b
[management] Add transaction to addPeer ( #2469 )
...
This PR removes the GetAccount and SaveAccount operations from the AddPeer and instead makes use of gorm.Transaction to add the new peer.
2024-09-16 15:47:03 +02:00