901d283114
Merge branch 'main' into refactor-get-account-by-token
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-30 22:34:59 +03:00
39c99781cb
fix meta is equal slices ( #2807 )
2024-10-29 19:54:38 +01:00
01f24907c5
[client] Fix multiple peer name filtering in netbird status command ( #2798 )
2024-10-29 17:49:41 +01:00
7278a21b0d
refactor get account in peers
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-29 13:50:44 +03:00
10480eb52f
[management] Setup key improvements ( #2775 )
2024-10-28 17:52:23 +01:00
1e44c5b574
[client] allow relay leader on iOS ( #2795 )
2024-10-28 16:55:00 +01:00
9bf0bf4843
wip: refactor get account in peers
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-28 17:47:54 +03:00
940f8b4547
[client] Remove legacy forwarding rules in userspace mode ( #2782 )
2024-10-28 12:29:29 +01:00
46e37fa04c
[client] Ignore route rules with no sources instead of erroring out ( #2786 )
2024-10-28 12:28:44 +01:00
b9f205b2ce
[misc] Update Zitadel from v2.54.10 to v2.64.1
2024-10-28 10:08:17 +01:00
0fd874fa45
[client] Make native firewall init fail firewall creation ( #2784 )
2024-10-28 10:02:27 +01:00
313e158e20
Refactor route
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-25 13:18:24 +03:00
8016710d24
[client] Cleanup firewall state on startup ( #2768 )
2024-10-24 14:46:24 +02:00
4e918e55ba
[client] Fix controller re-connection ( #2758 )
...
Rethink the peer reconnection implementation
2024-10-24 11:43:14 +02:00
869537c951
[client] Cleanup dns and route states on startup ( #2757 )
2024-10-24 10:53:46 +02:00
44f2ce666e
[relay-client] Log exposed address ( #2771 )
...
* Log exposed address
2024-10-23 18:32:27 +02:00
0bdcb41e20
Refactor peer expiry, inactivity, location and status update to remove get account
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-23 19:03:48 +03:00
563dca705c
[management] Fix session inactivity response ( #2770 )
2024-10-23 16:40:15 +02:00
7bda385e1b
[management] Optimize network map updates ( #2718 )
...
* Skip peer update on unchanged network map (#2236 )
* Enhance network updates by skipping unchanged messages
Optimizes the network update process
by skipping updates where no changes in the peer update message received.
* Add unit tests
* add locks
* Improve concurrency and update peer message handling
* Refactor account manager network update tests
* fix test
* Fix inverted network map update condition
* Add default group and policy to test data
* Run peer updates in a separate goroutine
* Refactor
* Refactor lock
* Fix peers update by including NetworkMap and posture Checks
* go mod tidy
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Skip account peers update if no changes affect peers (#2310 )
* Remove incrementing network serial and updating peers after group deletion
* Update account peer if posture check is linked to policy
* Remove account peers update on saving setup key
* Refactor group link checking into re-usable functions
* Add HasPeers function to group
* Refactor group management
* Optimize group change effects on account peers
* Update account peers if ns group has peers
* Refactor group changes
* Optimize account peers update in DNS settings
* Optimize update of account peers on jwt groups sync
* Refactor peer account updates for efficiency
* Optimize peer update on user deletion and changes
* Remove condition check for network serial update
* Optimize account peers updates on route changes
* Remove UpdatePeerSSHKey method
* Remove unused isPolicyRuleGroupsEmpty
* Add tests for peer update behavior on posture check changes
* Add tests for peer update behavior on policy changes
* Add tests for peer update behavior on group changes
* Add tests for peer update behavior on dns settings changes
* Refactor
* Add tests for peer update behavior on name server changes
* Add tests for peer update behavior on user changes
* Add tests for peer update behavior on route changes
* fix tests
* Add tests for peer update behavior on setup key changes
* Add tests for peer update behavior on peers changes
* fix merge
* Fix tests
* go mod tidy
* Add NameServer and Route comparators
* Update network map diff logic with custom comparators
* Add tests
* Refactor duplicate diff handling logic
* fix linter
* fix tests
* Refactor policy group handling and update logic.
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update route check by checking if group has peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor posture check policy linking logic
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Simplify peer update condition in DNS management
Refactor the condition for updating account peers to remove redundant checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add posture checks tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix user and setup key tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix account and route tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix typo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix routes tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* upgrade diff package
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* use generic differ for netip.Addr and netip.Prefix
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* go mod tidy
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add peer tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix management suite tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix postgres tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* enable diff nil structs comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip the update only last sent the serial is larger
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor peer and user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for groupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor group, ns group, policy and posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for GroupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update account policy check before verifying policy status
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* add tests missing tests for dns setting groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add tests for posture checks changes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add ns group and policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add route and group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* increase Linux test timeout to 10 minutes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run diff for client posture checks only
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add panic recovery and detailed logging in peer update comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-10-23 13:05:02 +03:00
30ebcf38c7
[client] Eliminate UDP proxy in user-space mode ( #2712 )
...
In the case of user space WireGuard mode, use in-memory proxy between the TURN/Relay connection and the WireGuard Bind. We keep the UDP proxy and eBPF proxy for kernel mode.
The key change is the new wgproxy/bind and the iface/bind/ice_bind changes. Everything else is just to fulfill the dependencies.
2024-10-22 20:53:14 +02:00
0106a95f7a
lock account and use transaction ( #2767 )
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-22 13:29:17 +03:00
9929b22afc
Replace suite tests with regular go tests ( #2762 )
...
* Replace file suite tests with go tests
* Replace file suite tests with go tests
2024-10-21 14:39:28 +02:00
88e4fc2245
Release global lock on early error ( #2760 )
2024-10-19 18:32:17 +02:00
c8d8748dcf
Update sign workflow version ( #2756 )
2024-10-18 17:28:58 +02:00
97dbdd7940
fix group tests
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-18 10:48:28 +03:00
a82b5ce80e
Merge branch 'main' into refactor/get-account-usage
...
# Conflicts:
# management/server/account.go
2024-10-17 22:01:26 +03:00
83be99c849
refactor get peers posture checks
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-17 21:58:34 +03:00
507a40bd7f
Fix decompress zip path ( #2755 )
...
Since 0.30.2 the decompressed binary path from the signed package has changed
now it doesn't contain the arch suffix
this change handles that
2024-10-17 20:39:59 +02:00
ccd4ae6315
Fix domain information is up to date check ( #2754 )
2024-10-17 19:21:35 +02:00
ee96a81b83
fix handler tests
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-17 16:34:44 +03:00
b0edc5f1f7
Merge branch 'main' into refactor/get-account-usage
...
# Conflicts:
# management/server/sql_store.go
2024-10-17 16:10:16 +03:00
408d0cd504
Refactor policy save and delete
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-17 14:11:22 +03:00
b66f331711
get the first element when get record by ID
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-17 14:10:01 +03:00
d7a6996bed
check user accounts for setup keys
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-17 11:59:46 +03:00
96d2207684
Fix JSON function compatibility for SQLite and PostgreSQL ( #2746 )
...
resolves the issue with json_array_length compatibility between SQLite and PostgreSQL. It adjusts the query to conditionally cast types:
PostgreSQL: Casts to json with ::json.
SQLite: Uses the text representation directly.
2024-10-16 17:55:30 +02:00
f942491b91
Update Zitadel version on quickstart script ( #2744 )
...
Update Zitadel version at docker compose in quickstart script from 2.54.3 to 2.54.10 because 2.54.3 isn't stable and has a lot of bugs.
2024-10-16 17:51:21 +02:00
8c8900be57
[client] Exclude loopback from NAT ( #2747 )
2024-10-16 17:35:59 +02:00
d7c63d5c04
Remove get account from groups ops
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-16 16:04:34 +03:00
1123729c1c
fix merge
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-15 18:17:47 +03:00
cee95461d1
[client] Add universal bin build and update sign workflow version ( #2738 )
...
* Add universal binaries build for macOS
* update sign pipeline version
* handle info.plist in sign workflow
2024-10-15 15:03:17 +02:00
a8c8b77df8
Merge branch 'main' into refactor/get-account-usage
...
# Conflicts:
# management/server/account.go
# management/server/file_store.go
# management/server/peer.go
# management/server/policy.go
# management/server/route.go
# management/server/sql_store.go
# management/server/store.go
# management/server/user.go
2024-10-14 14:31:55 +03:00
49e65109d2
Add session expire functionality based on inactivity ( #2326 )
...
Implemented inactivity expiration by checking the status of a peer: after a configurable period of time following netbird down, the peer shows login required.
2024-10-13 14:52:43 +02:00
d93dd4fc7f
[relay-server] Move the handshake logic to separated struct ( #2648 )
...
* Move the handshake logic to separated struct
- The server will response to the client after it ready to process the peer
- Preload the response messages
* Fix deprecated lint issue
* Fix error handling
* [relay-server] Relay measure auth time (#2675 )
Measure the Relay client's authentication time
2024-10-12 18:21:34 +02:00
3a88ac78ff
[client] Add table filter rules using iptables ( #2727 )
...
This specifically concerns the established/related rule since this one is not compatible with iptables-nft even if it is generated the same way by iptables-translate.
2024-10-12 10:44:48 +02:00
da3a053e2b
[management] Refactor getAccountIDWithAuthorizationClaims ( #2715 )
...
This change restructures the getAccountIDWithAuthorizationClaims method to improve readability, maintainability, and performance.
- have dedicated methods to handle possible cases
- introduced Store.UpdateAccountDomainAttributes and Store.GetAccountUsers methods
- Remove GetAccount and SaveAccount dependency
- added tests
2024-10-12 08:35:51 +02:00
0e95f16cdd
[relay,client] Relay/fix/wg roaming ( #2691 )
...
If a peer connection switches from Relayed to ICE P2P, the Relayed proxy still consumes the data the other peer sends. Because the proxy is operating, the WireGuard switches back to the Relayed proxy automatically, thanks to the roaming feature.
Extend the Proxy implementation with pause/resume functions. Before switching to the p2p connection, pause the WireGuard proxy operation to prevent unnecessary package sources.
Consider waiting some milliseconds after the pause to be sure the WireGuard engine already processed all UDP msg in from the pipe.
2024-10-11 16:24:30 +02:00
b2379175fe
[signal] new signal dispatcher version ( #2722 )
2024-10-10 16:23:46 +02:00
09bdd271f1
[client] Improve route acl ( #2705 )
...
- Update nftables library to v0.2.0
- Mark traffic that was originally destined for local and applies the input rules in the forward chain if said traffic was redirected (e.g. by Docker)
- Add nft rules to internal map only if flush was successful
- Improve error message if handle is 0 (= not found or hasn't been refreshed)
- Add debug logging when route rules are added
- Replace nftables userdata (rule ID) with a rule hash
2024-10-10 15:54:34 +02:00
208a2b7169
Add billing user role ( #2714 )
2024-10-10 14:14:56 +02:00
8284ae959c
[management] Move testdata to sql files ( #2693 )
2024-10-10 12:35:03 +02:00
