77e40f41f2
[management] refactor auth ( #3296 )
2025-02-20 20:24:40 +00:00
39986b0e97
[client, management] Support DNS Labels for Peer Addressing ( #3252 )
...
* [client] Support Extra DNS Labels for Peer Addressing
* [management] Support Extra DNS Labels for Peer Addressing
---------
Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com >
2025-02-20 13:43:20 +03:00
2a864832c6
[management] remove gorm preparestmt from all DB connections ( #3292 )
2025-02-18 15:24:17 +01:00
4cdb2e533a
[management] Refactor users to use store methods ( #2917 )
...
* Refactor setup key handling to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add lock to get account groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add check for regular user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* get only required groups for auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add account lock and return auto groups map on validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor account peers update
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor groups to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor GetGroupByID and add NewGroupNotFoundError
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add AddPeer and RemovePeer methods to Group struct
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Preserve store engine in SqlStore transactions
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run groups ops in transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix missing group removed from setup key activity
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor posture checks to remove get and save account
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix refactor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Change setup key log level to debug for missing group
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve modified peers once for group events
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor policy get and save account to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve policy groups and posture checks once for validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix typo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor anyGroupHasPeers to retrieve all groups once
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor dns settings to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add account locking and merge group deletion methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor name server groups to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add peer store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor ephemeral peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add lock for peer store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor peer handlers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor peer to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix typo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add locks and remove log
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* run peer ops in transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* remove duplicate store method
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix peer fields updated after save
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Use update strength and simplify check
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* prevent changing ruleID when not empty
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* prevent duplicate rules during updates
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor auth middleware
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor account methods and mock
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor user and PAT handling
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Remove db query context and fix get user by id
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix database transaction locking issue
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Use UTC time in test
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add account locks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix prevent users from creating PATs for other users
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add store locks and prevent fetching setup keys peers when retrieving user peers with empty userID
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add missing tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor test names and remove duplicate TestPostgresql_SavePeerStatus
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add account locks and remove redundant ephemeral check
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve all groups for peers and restrict groups for regular users
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix store tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* use account object to get validated peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Improve peer performance
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Get account direct from store without buffer
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add get peer groups tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Adjust benchmarks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Adjust benchmarks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Update benchmark workflow (#3181 )
* update local benchmark expectations
* update cloud expectations
* Add status error for generic result error
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Use integrated validator direct
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
* update expectations
* update expectations
* Refactor peer scheduler to retry every 3 seconds on errors
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
* fix validator
* fix validator
* fix validator
* update timeouts
* Refactor ToGroupsInfo to process slices of groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
* update expectations
* update expectations
* Bump integrations version
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor GetValidatedPeers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* go mod tidy
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Use peers and groups map for peers validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* remove mysql from api benchmark tests
* Fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix blocked db calls on user auto groups update
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Skip user check for system initiated peer deletion
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Remove context in db calls
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Improve group peer/resource counting (#3192 )
* Fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Adjust bench expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Rename GetAccountInfoFromPAT to GetTokenInfo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Remove global account lock for ListUsers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* build userinfo after updating users in db
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Optimize user bulk deletion (#3315 )
* refactor building user infos
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* remove unused code
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor GetUsersFromAccount to return a map of UserInfo instead of a slice
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Export BuildUserInfosForAccount to account manager
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fetch account user info once for bulk users save
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update user deletion expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Set max open conns for activity store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update bench expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com >
Co-authored-by: Pascal Fischer <pascal@netbird.io >
Co-authored-by: Pedro Costa <550684+pnmcosta@users.noreply.github.com >
2025-02-17 21:43:12 +03:00
2605948e01
[management] use account request buffer on sync ( #3229 )
2025-01-24 12:04:50 +01:00
1ad2cb5582
[management] Refactor peers to use store methods ( #2893 )
2025-01-20 18:41:46 +01:00
1cc88a2190
[management] adjust benchmark ( #3168 )
2025-01-11 14:08:13 +01:00
02a3feddb8
[management] Add MySQL Support ( #3108 )
...
* Add mysql store support
* Add support to disable activity events recording
2025-01-06 13:38:30 +01:00
a01253c3c8
[management] add users benchmark ( #3141 )
2025-01-03 15:24:30 +01:00
782e3f8853
[management] Add integration test for the setup-keys API endpoints ( #2936 )
2025-01-02 13:51:01 +01:00
2bdb4cb44a
[management] Preserve jwt groups when accessing API with PAT ( #3128 )
...
* Skip JWT group sync for token-based authentication
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-31 18:59:37 +03:00
1a623943c8
[management] Fix networks net map generation with posture checks ( #3124 )
2024-12-30 12:40:24 +01:00
ddc365f7a0
[client, management] Add new network concept ( #3047 )
...
---------
Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com >
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
2024-12-20 11:30:28 +01:00
b50b89ba14
[client] Cleanup status resources on engine stop ( #2981 )
...
cleanup leftovers from status recorder when stopping the engine
2024-12-04 14:09:04 +01:00
c6641be94b
[tests] Enable benchmark tests on github actions ( #2961 )
2024-11-28 19:22:01 +01:00
89cf8a55e2
[management] Add performance test for login and sync calls ( #2960 )
2024-11-28 14:59:53 +01:00
f118d81d32
[management] Refactor policy to use store methods ( #2878 )
2024-11-26 10:46:05 +01:00
12f442439a
[management] Refactor group to use store methods ( #2867 )
...
* Refactor setup key handling to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add lock to get account groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add check for regular user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* get only required groups for auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add account lock and return auto groups map on validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor account peers update
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor groups to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor GetGroupByID and add NewGroupNotFoundError
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add AddPeer and RemovePeer methods to Group struct
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Preserve store engine in SqlStore transactions
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run groups ops in transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix missing group removed from setup key activity
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Change setup key log level to debug for missing group
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve modified peers once for group events
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add account locking and merge group deletion methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-15 20:09:32 +03:00
6cb697eed6
[management] Refactor setup key to use store methods ( #2861 )
...
* Refactor setup key handling to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add lock to get account groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add check for regular user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* get only required groups for auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add account lock and return auto groups map on validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix missing group removed from setup key activity
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Remove context from DB queries
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add user permission check and add setup events into events to store slice
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve all groups once during setup key auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-11 19:46:10 +03:00
738387f2de
Add benchmark tests to get account with claims ( #2761 )
...
* Add benchmark tests to get account with claims
* add users to account objects
* remove hardcoded env
2024-11-07 17:23:35 +01:00
3e88b7c56e
[management] Fix network map update on peer validation ( #2849 )
2024-11-07 09:50:13 +01:00
10480eb52f
[management] Setup key improvements ( #2775 )
2024-10-28 17:52:23 +01:00
7bda385e1b
[management] Optimize network map updates ( #2718 )
...
* Skip peer update on unchanged network map (#2236 )
* Enhance network updates by skipping unchanged messages
Optimizes the network update process
by skipping updates where no changes in the peer update message received.
* Add unit tests
* add locks
* Improve concurrency and update peer message handling
* Refactor account manager network update tests
* fix test
* Fix inverted network map update condition
* Add default group and policy to test data
* Run peer updates in a separate goroutine
* Refactor
* Refactor lock
* Fix peers update by including NetworkMap and posture Checks
* go mod tidy
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Skip account peers update if no changes affect peers (#2310 )
* Remove incrementing network serial and updating peers after group deletion
* Update account peer if posture check is linked to policy
* Remove account peers update on saving setup key
* Refactor group link checking into re-usable functions
* Add HasPeers function to group
* Refactor group management
* Optimize group change effects on account peers
* Update account peers if ns group has peers
* Refactor group changes
* Optimize account peers update in DNS settings
* Optimize update of account peers on jwt groups sync
* Refactor peer account updates for efficiency
* Optimize peer update on user deletion and changes
* Remove condition check for network serial update
* Optimize account peers updates on route changes
* Remove UpdatePeerSSHKey method
* Remove unused isPolicyRuleGroupsEmpty
* Add tests for peer update behavior on posture check changes
* Add tests for peer update behavior on policy changes
* Add tests for peer update behavior on group changes
* Add tests for peer update behavior on dns settings changes
* Refactor
* Add tests for peer update behavior on name server changes
* Add tests for peer update behavior on user changes
* Add tests for peer update behavior on route changes
* fix tests
* Add tests for peer update behavior on setup key changes
* Add tests for peer update behavior on peers changes
* fix merge
* Fix tests
* go mod tidy
* Add NameServer and Route comparators
* Update network map diff logic with custom comparators
* Add tests
* Refactor duplicate diff handling logic
* fix linter
* fix tests
* Refactor policy group handling and update logic.
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update route check by checking if group has peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor posture check policy linking logic
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Simplify peer update condition in DNS management
Refactor the condition for updating account peers to remove redundant checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add posture checks tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix user and setup key tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix account and route tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix typo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix routes tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* upgrade diff package
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* use generic differ for netip.Addr and netip.Prefix
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* go mod tidy
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add peer tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix management suite tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix postgres tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* enable diff nil structs comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip the update only last sent the serial is larger
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor peer and user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for groupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor group, ns group, policy and posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for GroupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update account policy check before verifying policy status
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* add tests missing tests for dns setting groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add tests for posture checks changes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add ns group and policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add route and group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* increase Linux test timeout to 10 minutes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run diff for client posture checks only
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add panic recovery and detailed logging in peer update comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-10-23 13:05:02 +03:00
49e65109d2
Add session expire functionality based on inactivity ( #2326 )
...
Implemented inactivity expiration by checking the status of a peer: after a configurable period of time following netbird down, the peer shows login required.
2024-10-13 14:52:43 +02:00
da3a053e2b
[management] Refactor getAccountIDWithAuthorizationClaims ( #2715 )
...
This change restructures the getAccountIDWithAuthorizationClaims method to improve readability, maintainability, and performance.
- have dedicated methods to handle possible cases
- introduced Store.UpdateAccountDomainAttributes and Store.GetAccountUsers methods
- Remove GetAccount and SaveAccount dependency
- added tests
2024-10-12 08:35:51 +02:00
8284ae959c
[management] Move testdata to sql files ( #2693 )
2024-10-10 12:35:03 +02:00
7f09b39769
[management] Refactor User JWT group sync ( #2690 )
...
* Refactor GetAccountIDByUserOrAccountID
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* sync user jwt group changes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* propagate jwt group changes to peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix no jwt groups synced
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests and lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Move the account peer update outside the transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* move updateUserPeersInGroups to account manager
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* move event store outside of transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* get user with update lock
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run jwt sync in transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-04 17:17:01 +03:00
158936fb15
[management] Remove file store ( #2689 )
2024-10-03 15:50:35 +02:00
ff7863785f
[management, client] Add access control support to network routes ( #2100 )
2024-10-02 13:41:00 +02:00
acb73bd64a
[management] Remove redundant get account calls in GetAccountFromToken ( #2615 )
...
* refactor access control middleware and user access by JWT groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor jwt groups extractor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor handlers to get account when necessary
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor getAccountFromToken
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor getAccountWithAuthorizationClaims
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* revert handles change
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* remove GetUserByID from account manager
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor getAccountWithAuthorizationClaims to return account id
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor handlers to use GetAccountIDFromToken
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* remove locks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add GetGroupByName from store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add GetGroupByID from store and refactor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor retrieval of policy and posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor user permissions and retrieves PAT
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor route, setupkey, nameserver and dns to get record(s) from store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix add missing policy source posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add store lock
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add get account
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-09-27 17:10:50 +03:00
ac0d5ff9f3
[management] Improve mgmt sync performance ( #2363 )
2024-08-07 10:52:31 +02:00
7321046cd6
Remove redundant check for empty JWT groups ( #2323 )
...
* Remove redundant check for empty group names in SetJWTGroups
* add test
2024-07-26 16:33:54 +02:00
765aba2c1c
Add context to throughout the project and update logging ( #2209 )
...
propagate context from all the API calls and log request ID, account ID and peer ID
---------
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
2024-07-03 11:33:02 +02:00
eaa31c2dc6
Optimize process checks database read ( #2182 )
...
* Add posture checks to peer management
This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map.
* Update peer methods to return posture checks
* Refactor
* return early if there is no posture checks
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-06-22 17:41:16 +03:00
4fec709bb1
Release 0.28.0 ( #2092 )
...
* compile client under freebsd (#1620 )
Compile netbird client under freebsd and now support netstack and userspace modes.
Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files.
Not implemented yet:
Kernel mode not supported
DNS probably does not work yet
Routing also probably does not work yet
SSH support did not tested yet
Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required)
Lack of tests for freebsd specific code
info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface)
Lack of proper client setup under FreeBSD
Lack of FreeBSD port/package
* Add DNS routes (#1943 )
Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added.
This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records.
* Add process posture check (#1693 )
Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems.
Co-authored-by: Evgenii <mail@skillcoder.com >
Co-authored-by: Pascal Fischer <pascal@netbird.io >
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com >
Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com >
2024-06-13 13:24:24 +02:00
f68d5e965f
Optimize JWT Group Sync ( #2108 )
...
* Optimize JWT group sync to avoid unnecessary account sync
* Ignore adding matching API and JWT groups during Sync
* add tests
* refactor
2024-06-13 09:55:09 +03:00
41fe9f84ec
Extend integrated validator with error handling ( #2044 )
2024-05-24 13:29:25 +02:00
a5811a2d7d
Implement experimental PostgreSQL store ( #1939 )
...
* migrate sqlite store to
generic sql store
* fix conflicts
* init postgres store
* Add postgres store tests
* Refactor postgres store engine name
* fix tests
* Run postgres store tests on linux only
* fix tests
* Refactor
* cascade policy rules on policy deletion
* fix tests
* run postgres cases in new db
* close store connection after tests
* refactor
* using testcontainers
* sync go sum
* remove postgres service
* remove store cleanup
* go mod tidy
* remove env
* use postgres as engine and initialize test store with testcontainer
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-05-16 19:28:37 +03:00
2e0047daea
Improve Sync performance ( #1901 )
2024-05-07 14:30:03 +02:00
4e7c17756c
Refactor Route IDs ( #1891 )
2024-05-06 14:47:49 +02:00
2d76b058fc
Feature/peer validator ( #1553 )
...
Follow up management-integrations changes
move groups to separated packages to avoid circle dependencies
save location information in Login action
2024-03-27 18:48:48 +01:00
aa935bdae3
Register creation time for peer, user and account ( #1654 )
...
This change register creation time for new peers, users and accounts
2024-03-02 13:49:40 +01:00
9bc7b9e897
Add initial support of device posture checks ( #1540 )
...
This PR implements the following posture checks:
* Agent minimum version allowed
* OS minimum version allowed
* Geo-location based on connection IP
For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh.
The OpenAPI spec should extensively cover the life cycle of current version posture checks.
2024-02-20 09:59:56 +01:00
db3cba5e0f
Remove Account.Rules from Store engines ( #1528 )
2024-02-19 17:17:36 +01:00
399493a954
Allow service users with user role read-only access to all resources ( #1484 )
...
We allow service users with user role read-only access
to all resources so users can create service user and propagate
PATs without having to give full admin permissions.
2024-01-25 09:50:27 +01:00
d5bf79bc51
Merge branch 'main' into feature/peer-approval
2023-12-01 18:12:59 +01:00
d7efea74b6
add owner role support ( #1340 )
...
This PR adds support to Owner roles.
The owner role has a similar access level as the admin, but it has the power to delete the account.
Besides that, the role has the following constraints:
- The role can only be transferred. So, only a user with the owner role can transfer the owner role to a new user
- It can't be assigned to users being invited
- It can't be assigned to service users
2023-12-01 17:24:57 +01:00
141065f14e
Merge branch 'main' into feature/peer-approval
2023-11-29 16:27:01 +01:00
c2eaf8a1c0
Add account deletion endpoint ( #1331 )
...
Adding support to account owners to delete an account
This will remove all users from local, and if --user-delete-from-idp is set it will remove from the remote IDP
2023-11-28 14:23:38 +01:00
a729c83b06
extract peer into seperate package
2023-11-28 13:45:26 +01:00
