Commit Graph

1822 Commits

Author SHA1 Message Date
b740fef6af Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2025-01-03 12:45:11 +03:00
f1cea52cb8 pull image with regular user 2025-01-03 02:00:18 +01:00
aa13b73e04 docker login 2025-01-03 01:45:56 +01:00
f7b1a17072 fix linter 2025-01-03 01:31:43 +01:00
154d08c1a0 use mlsmaycon/warmed-mysql 2025-01-03 01:27:14 +01:00
1445e7a66a sync go.mod 2025-01-03 01:03:22 +01:00
69a5b243b4 sync go.mod 2025-01-03 01:01:26 +01:00
47ac30b4bc update test sql files and use warmed container 2025-01-03 00:58:41 +01:00
265b042162 Fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2025-01-02 17:46:08 +03:00
2028cbd481 Merge branch 'main' into feature/mysql-support 2025-01-02 17:41:54 +03:00
c76683a8d3 Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2025-01-02 17:37:17 +03:00
7e3ff3044c Use mysql memory instead of fs
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2025-01-02 17:32:59 +03:00
79f94dd0bb Refactor pat to support mysql
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2025-01-02 16:49:23 +03:00
782e3f8853 [management] Add integration test for the setup-keys API endpoints (#2936) 2025-01-02 13:51:01 +01:00
525019b5ed Use time pointer instead of sql.NullTime
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2025-01-02 15:48:50 +03:00
a3fe7bea38 Merge branch 'main' into feature/mysql-support 2025-01-02 14:54:14 +03:00
03fd656344 [management] Fix policy tests (#3135)
- Add firewall rule isEqual method
- Fix tests
v0.35.2
2024-12-31 18:45:40 +01:00
18b049cd24 [management] remove sorting from network map generation (#3126) 2024-12-31 18:10:40 +01:00
2bdb4cb44a [management] Preserve jwt groups when accessing API with PAT (#3128)
* Skip JWT group sync for token-based authentication

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* Add tests

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

---------

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-31 18:59:37 +03:00
abbdf20f65 [client] Allow inbound rosenpass port (#3109) 2024-12-31 14:08:48 +01:00
43ef64cf67 [client] Ignore case when matching domains in handler chain (#3133) 2024-12-31 14:07:21 +01:00
1adab0d06d Revert caching test containers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-30 18:38:51 +03:00
18316be09a [management] add selfhosted metrics for networks (#3118) 2024-12-30 12:53:51 +01:00
1a623943c8 [management] Fix networks net map generation with posture checks (#3124) 2024-12-30 12:40:24 +01:00
9ee234ac35 Handle user lastLogin null time
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-30 13:56:05 +03:00
0207a326dc Refactor and handle null time
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-27 20:05:38 +03:00
3f30eb7692 Terminate tests containers on defer instead of waiting
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-27 18:06:12 +03:00
80d1bed9ce downgrade test containers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-27 17:29:57 +03:00
0422b36acf Fix unknown mysql config file path
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-27 16:42:59 +03:00
fbce8bb511 [management] remove ids from policy creation api (#2997) 2024-12-27 14:13:36 +01:00
445b626dc8 [management] Add missing group usage checks for network resources and routes access control (#3117)
* Prevent deletion of groups linked to routes access control groups

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* Prevent deletion of groups linked to network resource

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

---------

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-27 14:39:34 +03:00
b3c87cb5d1 [client] Fix inbound tracking in userspace firewall (#3111)
* Don't create state for inbound SYN

* Allow final ack in some cases

* Relax state machine test a little
v0.35.1
2024-12-26 00:51:27 +01:00
0dbaddc7be [client] Don't fail debug if log file is console (#3103) 2024-12-24 15:05:23 +01:00
626b36f6c5 Refactor tests containers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-24 17:03:09 +03:00
0daccaeabb fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-24 14:54:27 +03:00
214b863e40 Merge branch 'main' into feature/mysql-support
# Conflicts:
#	management/server/account.go
#	management/server/store/sql_store.go
#	management/server/store/store.go
2024-12-24 14:43:54 +03:00
f75af15925 Downgrade test containers to v0.31.0
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-24 14:00:53 +03:00
ad9f044aad [client] Add stateful userspace firewall and remove egress filters (#3093)
- Add stateful firewall functionality for UDP/TCP/ICMP in userspace firewalll
- Removes all egress drop rules/filters, still needs refactoring so we don't add output rules to any chains/filters.
- on Linux, if the OUTPUT policy is DROP  then we don't do anything about it (no extra allow rules). This is up to the user, if they don't want anything leaving their machine they'll have to manage these rules explicitly.
v0.35.0
2024-12-23 18:22:17 +01:00
05930ee6b1 [client] Add firewall rules to the debug bundle (#3089)
Adds the following to the debug bundle:
- iptables: `iptables-save`, `iptables -v -n -L`
- nftables: `nft list ruleset` or if not available formatted output from netlink (WIP)
2024-12-23 15:57:15 +01:00
e670068cab [management] Run test sequential (#3101) 2024-12-23 14:37:09 +01:00
215c9047ba MySQL Support (#2837)
* Update store.go

* Update sql_store.go

* Update store.go

* Update golang-test-linux.yml

* Update store.go

* Update go.mod

* Update go.mod

* Update go.sum

* Update store.go

* Update sql_store.go

* TestContainer

* Update go.sum

* Update store.go

* TestUtil Duplicate

* dsn fix

* go mod tidy

* NETBIRD_STORE_ENGINE_MYSQL_DSN

* Skip Test

* Update test-infrastructure-files.yml

* Update test-infrastructure-files.yml

* MYSQL_ROOT_PASSWORD added

* Update test-infrastructure-files.yml

* Update store.go

* Debug + Mysql JSON Query

* swicth/case convert

* Update store.go

* Update store.go

* Debug

* MySQL Test Version Change

* Root Test

* Ignore other sql tests.

* MySQL Connection Fix

* enable other tests

* The word "key" is a reserved word in MySQL.

* Remove Debugs

* Update sql_store.go

* Added default null value for datetime.

* Added default null value for datetime.

* MySQL Hooks

* MySQL Config File

* remove default values

* test timeout change

* MySQL max lifetime change

* WithConfigFile

* disable other tests

* Update mysql.cnf

* Update golang-test-linux.yml

* Delete sql_hooks.go

* enable other tests

* test timeout change

* update packets

* Fix the Inactivity Expiration problem

* Update sql_store.go

* Update mysql.cnf

* Update sql_store.go

* Update sql_store.go

* timeout change

* MySQL Connection LifeTime Change

* TestContainers have been optimized.

* Update store_ios.go

* Update sql_store.go

* timeout fix

* fix migration (setup keys)

* Update event.go

* Add disable option for event activities.

* Revert "Update event.go"

* Update event.go

* Fix Gorm Mysql Bug

* update go-jose module

* containerd module update

* containerd downgrade

* Revert commits

* Revert "Revert commits"

This reverts commit 62b3eac799.

* Revert "containerd downgrade"

This reverts commit 4e46108915.

* Revert "containerd module update"

This reverts commit e8cfa87d16.

* Revert "update go-jose module"

This reverts commit 1fabdc7606.
2024-12-23 13:06:13 +03:00
b48cf1bf65 [client] Reduce DNS handler chain lock contention (#3099) 2024-12-21 15:56:52 +01:00
7ee7ada273 [management] Fix duplicate resource routes when routing peer is part of the source group (#3095)
* Remove duplicate resource routes when routing peer is part of the source group

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* Add tests

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

---------

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-20 21:10:53 +03:00
82b4e58ad0 Do not start DNS forwarder on client side (#3094) 2024-12-20 16:20:50 +01:00
ddc365f7a0 [client, management] Add new network concept (#3047)
---------

Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com>
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-12-20 11:30:28 +01:00
37ad370344 [client] Avoid using iota on mixed const block (#3057)
Used the values as resolved when the first iota value was the second const in the block.
2024-12-16 18:09:31 +01:00
703647da1e fix client unsupported h2 protocol when only 443 activated (#3009)
When I remove 80 http port in Caddyfile, netbird client cannot connect server:443. Logs show error below:
{"level":"debug","ts":1733809631.4012625,"logger":"http.stdlib","msg":"http: TLS handshake error from redacted:41580: tls: client requested unsupported application protocols ([h2])"}
I wonder here h2 protocol is absent.
2024-12-16 14:17:46 +01:00
9eff58ae62 Upgrade x/crypto package (#3055)
Mitigates the CVE-2024-45337
2024-12-16 10:30:41 +01:00
3844516aa7 [client] fix: reformat IPv6 ICE addresses when punching (#3050)
Should fix #2327 and #2606 by checking for IPv6 addresses from ICE
2024-12-16 09:58:54 +01:00
f591e47404 Handle DNF5 install script (#3026) 2024-12-16 09:41:36 +01:00