76db4f801a
Record idp manager type ( #1027 )
...
This allows to define priority on support different managers
2023-07-22 19:30:59 +02:00
2541c78dd0
Use error level for JWT parsing error logs ( #1026 )
2023-07-22 17:56:27 +02:00
97b6e79809
Fix DefaultAccountManager GetGroupsFromTheToken false positive tests ( #1019 )
...
This fixes the test logic creates copy of account with empty id and
re-pointing the indices to it.
Also, adds additional check for empty ID in SaveAccount method of FileStore.
2023-07-22 15:54:08 +04:00
a4d830ef83
Fix Okta IDP device authorization ( #1023 )
...
* hide okta netbird attributes fields
* fix: update full user profile
2023-07-21 09:34:49 +02:00
9e540cd5b4
Merge pull request #1016 from surik/filestore-index-deletion-optimisation
...
Do not persist filestore when deleting indices
2023-07-20 18:07:33 +02:00
e69ec6ab6a
Optimize ACL performance ( #994 )
...
* Optimize rules with All groups
* Use IP sets in ACLs (nftables implementation)
* Fix squash rule when we receive optimized rules list from management
2023-07-18 13:12:50 +04:00
7ddde41c92
Do not persist filestore when deleting indices
...
As both TokenID2UserID and HashedPAT2TokenID are in-memory indices and
not stored in the file.
2023-07-17 11:52:45 +02:00
9c2c0e7934
Check links of groups before delete it ( #1010 )
...
* Check links of groups before delete it
* Add delete group handler test
* Rename dns error msg
* Add delete group test
* Remove rule check
The policy cover this scenario
* Fix test
* Check disabled management grps
* Change error message
* Add new activity for group delete event
2023-07-14 20:45:40 +02:00
bb9f6f6d0a
Add API Endpoint for Resending User Invitations in Auth0 ( #989 )
...
* add request handler for sending invite
* add InviteUser method to account manager interface
* add InviteUser mock
* add invite user endpoint to user handler
* add InviteUserByID to manager interface
* implement InviteUserByID in all idp managers
* resend user invitation
* add invite user handler tests
* refactor
* user userID for sending invitation
* fix typo
* refactor
* pass userId in url params
2023-07-03 12:20:19 +02:00
a366d9e208
Prevent sending nameserver configuration when peer is set as NS ( #962 )
...
* Prevent sending nameserver configuration when peer is set as NS
* Add DNS filter tests
2023-06-28 17:29:02 +02:00
d409219b51
Don't create setup keys on new account ( #972 )
2023-06-27 17:17:24 +02:00
8b619a8224
JWT Groups support ( #966 )
...
Get groups from the JWT tokens if the feature enabled for the account
2023-06-27 18:51:05 +04:00
58cfa2bb17
Add Google Workspace IdP ( #949 )
...
Added integration with Google Workspace user directory API.
2023-06-20 19:15:36 +02:00
09ca2d222a
Update the API description with the correct API state ( #958 )
2023-06-16 18:26:50 +02:00
803bbe0fff
Fix validation for ACL policy rules ports ( #938 )
2023-06-07 08:57:43 +02:00
8817765aeb
Add comment clarifying AddPeer race check ( #927 )
2023-06-02 18:04:24 +02:00
51502af218
Support IDP manager configuration with configure.sh ( #843 )
...
support IDP management configuration using configure.sh script
Add initial Zitadel configuration script
2023-06-02 17:34:36 +02:00
612ae253fe
Reject adding peer if already exists with the pub key ( #925 )
2023-06-02 17:32:55 +02:00
5028450133
add examples
2023-06-02 01:50:15 +02:00
2dcfa1efa3
fix summary
2023-06-02 01:32:48 +02:00
75fbaf811b
update openapi
2023-06-02 01:09:18 +02:00
293499c3c0
Extend protocol and firewall manager to handle old management ( #915 )
...
* Extend protocol and firewall manager to handle old management
* Send correct empty firewall rules list when delete peer
* Add extra tests for firewall manager and uspfilter
* Work with inconsistent state
* Review note
* Update comment
2023-05-31 19:04:38 +02:00
e87647c853
Merge pull request #913 from netbirdio/feature/add_selfhosted_metrics_for_pat_and_service_user
...
Add selfhosted metrics for PATs and service users
2023-05-31 14:41:34 +02:00
9e045479cc
fix pats counting
2023-05-30 19:44:40 +02:00
fe596c38c6
update rules count
2023-05-30 19:36:09 +02:00
6fd13f563e
use new policy-rule object
2023-05-30 19:09:16 +02:00
22e81f493b
fix metric creation from maps
2023-05-30 19:07:00 +02:00
51f780dae9
initialize maps
2023-05-30 18:53:23 +02:00
f164fad2c2
add some more metrics
2023-05-30 18:49:50 +02:00
452b045bb0
expose service users metrics
2023-05-30 16:40:48 +02:00
874c290205
Exclude second last IP from allocation to use it in the Fake DNS ( #912 )
2023-05-30 18:26:44 +04:00
7a9b05c56d
add selfhosted metric for pat and service users
2023-05-30 16:22:34 +02:00
79736197cd
Read config from generic configs ( #909 )
2023-05-29 16:01:04 +02:00
ba7a39a4fc
Feat linux firewall support ( #805 )
...
Update the client's engine to apply firewall rules received from the manager (results of ACL policy).
2023-05-29 16:00:18 +02:00
2eb9a97fee
Add Okta IdP ( #859 )
2023-05-29 14:52:04 +02:00
49c71b9b9d
Add Authentik IdP ( #897 )
2023-05-29 14:35:30 +02:00
3bebbe0409
Refactor IdP Config Structure ( #879 )
2023-05-29 13:48:19 +02:00
7bdb0dd358
merge openapi with version from docs repo
2023-05-26 15:32:52 +02:00
f66574b094
Count only successful HTTP request durations ( #886 )
2023-05-22 16:26:36 +02:00
48265b32f3
Measure write requests separately from read requests ( #880 )
2023-05-19 16:56:15 +02:00
03a42de5a0
Add telemetry to measure app durations ( #878 )
2023-05-19 11:42:25 +02:00
48a8b52740
Avoid storing account if no peer meta or expiration change ( #875 )
...
* Avoid storing account if no peer meta or expiration change
* remove extra log
* Update management/server/peer.go
Co-authored-by: Misha Bragin <bangvalo@gmail.com >
* Clarify why we need to skip account update
---------
Co-authored-by: Misha Bragin <bangvalo@gmail.com >
2023-05-18 19:31:35 +02:00
6e9f7531f5
Track user block/unblock activity event ( #865 )
2023-05-17 09:54:20 +02:00
873abc43bf
move into separate package
2023-05-16 12:57:56 +02:00
2fef52b856
remove dependency to external base62 package and create own methods in utils
2023-05-16 12:44:26 +02:00
2570363861
fix assign correct issuer url to auth0 AuthIssuer
2023-05-12 18:07:11 +03:00
e3d2b6a408
Block user through HTTP API ( #846 )
...
The new functionality allows blocking a user in the Management service.
Blocked users lose access to the Dashboard, aren't able to modify the network map,
and all of their connected devices disconnect and are set to the "login expired" state.
Technically all above was achieved with the updated PUT /api/users endpoint,
that was extended with the is_blocked field.
2023-05-11 18:09:36 +02:00
2c50d7af1e
Automatically load IdP OIDC configuration ( #847 )
2023-05-11 15:14:00 +02:00
e4c28f64fa
Fix user cache lookup filtering for service users ( #849 )
2023-05-10 19:27:17 +02:00
f4ec1699ca
Add Zitadel IdP ( #833 )
...
Added intergration with Zitadel management API.
Use the steps in zitadel.md for configuration.
2023-05-05 19:27:28 +02:00
