* Feat add basic support for IPv6 networks
Newly generated networks automatically generate an IPv6 prefix of size
64 within the ULA address range, devices obtain a randomly generated
address within this prefix.
Currently, this is Linux only and does not yet support all features
(routes currently cause an error).
* Fix firewall configuration for IPv6 networks
* Fix routing configuration for IPv6 networks
* Feat provide info on IPv6 support for specific client to mgmt server
* Feat allow configuration of IPv6 support through API, improve stability
* Feat add IPv6 support to new firewall implementation
* Fix peer list item response not containing IPv6 address
* Fix nftables breaking on IPv6 address change
* Fix build issues for non-linux systems
* Fix intermittent disconnections when IPv6 is enabled
* Fix test issues and make some minor revisions
* Fix some more testing issues
* Fix more CI issues due to IPv6
* Fix more testing issues
* Add inheritance of IPv6 enablement status from groups
* Fix IPv6 events not having associated messages
* Address first review comments regarding IPv6 support
* Fix IPv6 table being created even when IPv6 is disabled
Also improved stability of IPv6 route and firewall handling on client side
* Fix IPv6 routes not being removed
* Fix DNS IPv6 issues, limit IPv6 nameservers to IPv6 peers
* Improve code for IPv6 DNS server selection, add AAAA custom records
* Ensure IPv6 routes can only exist for IPv6 routing peers
* Fix IPv6 network generation randomness
* Fix a bunch of compilation issues and test failures
* Replace method calls that are unavailable in Go 1.21
* Fix nil dereference in cleanUpDefaultForwardRules6
* Fix nil pointer dereference when persisting IPv6 network in sqlite
* Clean up of client-side code changes for IPv6
* Fix nil dereference in rule mangling and compilation issues
* Add a bunch of client-side test cases for IPv6
* Fix IPv6 tests running on unsupported environments
* Fix import cycle in tests
* Add missing method SupportsIPv6() for windows
* Require IPv6 default route for IPv6 tests
* Fix panics in routemanager tests on non-linux
* Fix some more route manager tests concerning IPv6
* Add some final client-side tests
* Add IPv6 tests for management code, small fixes
* Fix linting issues
* Fix small test suite issues
* Fix linter issues and builds on macOS and Windows again
* fix builds for iOS because of IPv6 breakage
* migrate sqlite store to
generic sql store
* fix conflicts
* init postgres store
* Add postgres store tests
* Refactor postgres store engine name
* fix tests
* Run postgres store tests on linux only
* fix tests
* Refactor
* cascade policy rules on policy deletion
* fix tests
* run postgres cases in new db
* close store connection after tests
* refactor
* using testcontainers
* sync go sum
* remove postgres service
* remove store cleanup
* go mod tidy
* remove env
* use postgres as engine and initialize test store with testcontainer
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
This PR implements the following posture checks:
* Agent minimum version allowed
* OS minimum version allowed
* Geo-location based on connection IP
For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh.
The OpenAPI spec should extensively cover the life cycle of current version posture checks.
We allow service users with user role read-only access
to all resources so users can create service user and propagate
PATs without having to give full admin permissions.
With this change we should be able to collect and expose the following histograms:
* `management.updatechannel.create.duration.ms` with `closed` boolean label
* `management.updatechannel.create.duration.micro` with `closed` boolean label
* `management.updatechannel.close.one.duration.ms`
* `management.updatechannel.close.one.duration.micro`
* `management.updatechannel.close.multiple.duration.ms`
* `management.updatechannel.close.multiple.duration.micro`
* `management.updatechannel.close.multiple.channels`
* `management.updatechannel.send.duration.ms` with `found` and `dropped` boolean labels
* `management.updatechannel.send.duration.micro` with `found` and `dropped` boolean labels
* `management.updatechannel.get.all.duration.ms`
* `management.updatechannel.get.all.duration.micro`
* `management.updatechannel.get.all.peers`
- dupword checks for duplicate words in the source code
- durationcheck checks for two durations multiplied together
- forbidigo forbids identifiers
- mirror reports wrong mirror patterns of bytes/strings usage
- misspell finds commonly misspelled English words in comments
- predeclared finds code that shadows one of Go's predeclared identifiers
- thelper detects Go test helpers without t.Helper() call and checks the consistency of test helpers
Supporting search domains will allow users to define match domains to also
be added to a list of search domains in their systems
Fix Windows registry key configuration for search domains using a key within the netbird interface path
Restructure data handling for improved performance and flexibility.
Introduce 'G'-prefixed fields to represent Gorm relations, simplifying resource management.
Eliminate complexity in lookup tables for enhanced query and write speed.
Enable independent operations on data structures, requiring adjustments in the Store interface and Account Manager.
Implement user deletion across all IDP-ss. Expires all user peers
when the user is deleted. Users are permanently removed from a local
store, but in IDP, we remove Netbird attributes for the user
untilUserDeleteFromIDPEnabled setting is not enabled.
To test, an admin user should remove any additional users.
Until the UI incorporates this feature, use a curl DELETE request
targeting the /users/<USER_ID> management endpoint. Note that this
request only removes user attributes and doesn't trigger a delete
from the IDP.
To enable user removal from the IdP, set UserDeleteFromIDPEnabled
to true in account settings. Until we have a UI for this, make this
change directly in the store file.
Store the deleted email addresses in encrypted in activity store.
The Management gRPC API has too much business logic
happening while it has to be in the Account manager.
This also needs to make more requests to the store
through the account manager.
This PR adds system activity tracking.
The management service records events like
add/remove peer, group, rule, route, etc.
The activity events are stored in the SQLite event store
and can be queried by the HTTP API.
Due to peer reconnects when restarting the Management service,
there are lots of SaveStore operations to update peer status.
Store.SavePeerStatus stores peer status separately and the
FileStore implementation stores it in memory.
Added DNS update protocol message
Added sync to clients
Update nameserver API with new fields
Added default NS groups
Added new dns-name flag for the management service append to peer DNS label
This PR simplifies Store and FileStore
by keeping just the Get and Save account methods.
The AccountManager operates mostly around
a single account, so it makes sense to fetch
the whole account object from the store.
Add DNS package and Nameserver group objects
Add CRUD operations for Nameserver Groups to account manager
Add Routes and Nameservers to Account Copy method
Run docker tests with timeout and serial flags
