Bethuel Mmbaga
acb73bd64a
[management] Remove redundant get account calls in GetAccountFromToken ( #2615 )
...
* refactor access control middleware and user access by JWT groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor jwt groups extractor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor handlers to get account when necessary
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor getAccountFromToken
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor getAccountWithAuthorizationClaims
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* revert handles change
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* remove GetUserByID from account manager
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor getAccountWithAuthorizationClaims to return account id
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor handlers to use GetAccountIDFromToken
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* remove locks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add GetGroupByName from store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add GetGroupByID from store and refactor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Refactor retrieval of policy and posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Refactor user permissions and retrieves PAT
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Refactor route, setupkey, nameserver and dns to get record(s) from store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Refactor store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix add missing policy source posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add store lock
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add get account
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-09-27 17:10:50 +03:00
Bethuel Mmbaga
35c892aea3
[management] Restrict accessible peers to user-owned peers for non-admins ( #2618 )
...
* Restrict accessible peers to user-owned peers for non-admin users
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add service user test
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* reuse account from token
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* return error when peer not found
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-09-20 12:36:58 +03:00
Bethuel Mmbaga
170e842422
[management] Add accessible peers endpoint ( #2579 )
...
* move accessible peer to separate endpoint in api doc
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* add endpoint to get accessible peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* Update management/server/http/api/openapi.yml
Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>
* Update management/server/http/api/openapi.yml
Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>
* Update management/server/http/peers_handler.go
Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>
2024-09-12 16:19:27 +03:00
Viktor Liu
ac0d5ff9f3
[management] Improve mgmt sync performance ( #2363 )
2024-08-07 10:52:31 +02:00
pascal-fischer
765aba2c1c
Add context to throughout the project and update logging ( #2209 )
...
propagate context from all the API calls and log request ID, account ID and peer ID
---------
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-07-03 11:33:02 +02:00
Misha Bragin
df4ca01848
Return system serial on a peer HTTP API call ( #1929 )
2024-05-06 14:49:03 +02:00
Zoltan Papp
2d76b058fc
Feature/peer validator ( #1553 )
...
Follow up management-integrations changes
move groups to separated packages to avoid circle dependencies
save location information in Login action
2024-03-27 18:48:48 +01:00
Bethuel Mmbaga
a47c69c472
Add private network posture check ( #1606 )
...
* wip: Add PrivateNetworkCheck checks interface implementation
* use generic CheckAction constant
* Add private network check to posture checks
* Fix copy function target in posture checks
* Add network check functionality to posture package
* regenerate the openapi specs
* Update Posture Check actions in test file
* Remove unused function
* Refactor network address handling in PrivateNetworkCheck
* Refactor Prefixes to Ranges in private network checks
* Implement private network checks in posture checks handler tests
* Add test for check copy
* Add gorm serializer for network range
2024-02-22 19:22:43 +03:00
Yury Gargay
9bc7b9e897
Add initial support of device posture checks ( #1540 )
...
This PR implements the following posture checks:
* Agent minimum version allowed
* OS minimum version allowed
* Geo-location based on connection IP
For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh.
The OpenAPI spec should extensively cover the life cycle of current version posture checks.
2024-02-20 09:59:56 +01:00
Yury Gargay
27ed88f918
Implement lightweight method to check is peer has update channel ( #1351 )
...
Instead of GetAllConnectedPeers that need to traverse the whole
connections map in order to find one channel there.
2023-12-05 14:17:56 +01:00
pascal-fischer
141065f14e
Merge branch 'main' into feature/peer-approval
2023-11-29 16:27:01 +01:00
Maycon Santos
b6211ad020
Fix group membership for peers API response ( #1337 )
2023-11-29 09:33:05 +01:00
Pascal Fischer
efd05ca023
fix api references
2023-11-28 15:15:51 +01:00
Pascal Fischer
a7e55cc5e3
add signatures and frame for peer approval
2023-11-28 11:44:08 +01:00
Zoltan Papp
8be6e92563
Extend API with accessible peers ( #1284 )
...
Extend the peer and peers API endpoints with accessible peers.
2023-11-07 14:38:36 +01:00
Yury Gargay
659110f0d5
Rework peer connection status based on the update channel existence ( #1213 )
...
With this change, we don't need to update all peers on startup. We will
check the existence of an update channel when returning a list or single peer on API.
Then after restarting of server consumers of API will see peer not
connected status till the creation of an updated channel which indicates
peer successful connection.
2023-10-11 18:11:45 +02:00
Misha Bragin
b23011fbe8
Delete user peers when deleting a user ( #1186 )
2023-10-01 19:51:39 +02:00
Pascal Fischer
7bdb0dd358
merge openapi with version from docs repo
2023-05-26 15:32:52 +02:00
pascal-fischer
59372ee159
API cleanup ( #824 )
...
removed all PATCH endpoints
updated path parameters for all endpoints
removed not implemented endpoints for api doc
minor description updates
2023-05-03 00:15:25 +02:00
Pascal Fischer
03abdfa112
return empty object on all handlers instead of empty string
2023-03-29 18:46:40 +02:00
Pascal Fischer
8a130ec3f1
add comments to fix codacy
2023-02-28 16:51:30 +01:00
Pascal Fischer
c26cd3b9fe
add comments for constructors and fix typo
2023-02-28 15:46:08 +01:00
Pascal Fischer
f1f90807e4
changed the naming convention for all handling objects and methods to have unified way
2023-02-28 15:01:24 +01:00