* wip: add posture checks structs
* add netbird version check
* Refactor posture checks and add version checks
* Add posture check activities (#1445)
* Integrate Endpoints for Posture Checks (#1432)
* wip: add posture checks structs
* add netbird version check
* Refactor posture checks and add version checks
* Implement posture and version checks in API models
* Refactor API models and enhance posture check functionality
* wip: add posture checks endpoints
* go mod tidy
* Reference the posture checks by id's in policy
* Add posture checks management to server
* Add posture checks management mocks
* implement posture checks handlers
* Add posture checks to account copy and fix tests
* Refactor posture checks validation
* wip: Add posture checks handler tests
* Add JSON encoding support to posture checks
* Encode posture checks to correct api response object
* Refactored posture checks implementation to align with the new API schema
* Refactor structure of `Checks` from slice to map
* Cleanup
* Add posture check activities (#1445)
* Revert map to use list of checks
* Add posture check activity events
* Refactor posture check initialization in account test
* Improve the handling of version range in posture check
* Fix tests and linter
* Remove max_version from NBVersionCheck
* Added unit tests for NBVersionCheck
* go mod tidy
* Extend policy endpoint with posture checks (#1450)
* Implement posture and version checks in API models
* go mod tidy
* Allow attaching posture checks to policy
* Update error message for linked posture check on deleting
* Refactor PostureCheck and Checks structures
* go mod tidy
* Add validation for non-existing posture checks
* fix unit tests
* use Wt version
* Remove the enabled field, as posture check will now automatically be activated by default when attaching to a policy
* wip: add posture checks structs
* add netbird version check
* Refactor posture checks and add version checks
* Add posture check activities (#1445)
* Integrate Endpoints for Posture Checks (#1432)
* wip: add posture checks structs
* add netbird version check
* Refactor posture checks and add version checks
* Implement posture and version checks in API models
* Refactor API models and enhance posture check functionality
* wip: add posture checks endpoints
* go mod tidy
* Reference the posture checks by id's in policy
* Add posture checks management to server
* Add posture checks management mocks
* implement posture checks handlers
* Add posture checks to account copy and fix tests
* Refactor posture checks validation
* wip: Add posture checks handler tests
* Add JSON encoding support to posture checks
* Encode posture checks to correct api response object
* Refactored posture checks implementation to align with the new API schema
* Refactor structure of `Checks` from slice to map
* Cleanup
* Add posture check activities (#1445)
* Revert map to use list of checks
* Add posture check activity events
* Refactor posture check initialization in account test
* Improve the handling of version range in posture check
* Fix tests and linter
* Remove max_version from NBVersionCheck
* Added unit tests for NBVersionCheck
* go mod tidy
* Extend policy endpoint with posture checks (#1450)
* Implement posture and version checks in API models
* go mod tidy
* Allow attaching posture checks to policy
* Update error message for linked posture check on deleting
* Refactor PostureCheck and Checks structures
* go mod tidy
* Add validation for non-existing posture checks
* fix unit tests
* use Wt version
* Remove the enabled field, as posture check will now automatically be activated by default when attaching to a policy
* Extend network map generation with posture checks (#1466)
* Apply posture checks to network map generation
* run policy posture checks on peers to connect
* Refactor and streamline policy posture check process for peers to connect.
* Add posture checks testing in a network map
* Remove redundant nil check in policy.go
* Refactor peer validation check in policy.go
* Update 'Check' function signature and use logger for version check
* Refactor posture checks run on sources and updated the validation func
* Update peer validation
* fix tests
* improved test coverage for policy posture check
* Refactoring
* Extend NetBird agent to collect kernel version (#1495)
* Add KernelVersion field to LoginRequest
* Add KernelVersion to system info retrieval
* Fix tests
* Remove Core field from system info
* Replace Core field with new OSVersion field in system info
* Added WMI dependency to info_windows.go
* Add OS Version posture checks (#1479)
* Initial support of Geolocation service (#1491)
* Add Geo Location posture check (#1500)
* wip: implement geolocation check
* add geo location posture checks to posture api
* Merge branch 'feature/posture-checks' into geo-posture-check
* Remove CityGeoNameID and update required fields in API
* Add geoLocation checks to posture checks handler tests
* Implement geo location-based checks for peers
* Update test values and embed location struct in peer system
* add support for country wide checks
* initialize country code regex once
* Fix peer meta core compability with older clients (#1515)
* Refactor extraction of OSVersion in grpcserver
* Ignore lint check
* Fix peer meta core compability with older management (#1532)
* Revert core field deprecation
* fix tests
* Extend peer meta with location information (#1517)
This PR uses the geolocation service to resolve IP to location.
The lookup happens once on the first connection - when a client calls the Sync func.
The location is stored as part of the peer:
* Add Locations endpoints (#1516)
* add locations endpoints
* Add sqlite3 check and database generation in geolite script
* Add SQLite storage for geolocation data
* Refactor file existence check into a separate function
* Integrate geolocation services into management application
* Refactoring
* Refactor city retrieval to include Geonames ID
* Add signature verification for GeoLite2 database download
* Change to in-memory database for geolocation store
* Merge manager to geolocation
* Update GetAllCountries to return Country name and iso code
* fix tests
* Add reload to SqliteStore
* Add geoname indexes
* move db file check to connectDB
* Add concurrency safety to SQL queries and database reloading
The commit adds mutex locks to the GetAllCountries and GetCitiesByCountry functions to ensure thread-safety during database queries. Additionally, it introduces a mechanism to safely close the old database connection before a new connection is established upon reloading, which improves the reliability of database operations. Lastly, it moves the checking of database file existence to the connectDB function.
* Add sha256 sum check to geolocation store before reload
* Use read lock
* Check SHA256 twice when reload geonames db
---------
Co-authored-by: Yury Gargay <yury.gargay@gmail.com>
* Add tests and validation for empty peer location in GeoLocationCheck (#1546)
* Disallow Geo check creation/update without configured Geo DB (#1548)
* Fix shared access to in memory copy of geonames.db (#1550)
* Trim suffix in when evaluate Min Kernel Version in OS check
* Add Valid Peer Windows Kernel version test
* Add Geolocation handler tests (#1556)
* Implement user admin checks in posture checks
* Add geolocation handler tests
* Mark initGeolocationTestData as helper func
* Add error handling to geolocation database closure
* Add cleanup function to close geolocation resources
* Simplify checks definition serialisation (#1555)
* Regenerate network map on posture check update (#1563)
* change network state and generate map on posture check update
* Refactoring
* Make city name optional (#1575)
* Do not return empty city name
* Validate action param of geo location checks (#1577)
We only support allow and deny
* Switch realip middleware to upstream (#1578)
* Be more silent in download-geolite2.sh script
* Fix geonames db reload (#1580)
* Ensure posture check name uniqueness when create (#1594)
* Enhance the management of posture checks (#1595)
* add a correct min version and kernel for os posture check example
* handle error when geo or location db is nil
* expose all peer location details in api response
* Check for nil geolocation manager only
* Validate posture check before save
* bump open api version
* add peer location fields to toPeerListItemResponse
* Feautre/extend sys meta (#1536)
* Collect network addresses
* Add Linux sys product info
* Fix peer meta comparison
* Collect sys info on mac
* Add windows sys info
* Fix test
* Fix test
* Fix grpc client
* Ignore test
* Fix test
* Collect IPv6 addresses
* Change the IP to IP + net
* fix tests
* Use netip on server side
* Serialize netip to json
* Extend Peer metadata with cloud detection (#1552)
* add cloud detection + test binary
* test windows exe
* Collect IPv6 addresses
* Change the IP to IP + net
* switch to forked cloud detect lib
* new test builds
* new GCE build
* discontinue using library but local copy instead
* fix imports
* remove openstack check
* add hierarchy to cloud check
* merge IBM and SoftLayer
* close resp bodies and use os lib for file reading
* close more resp bodies
* fix error check logic
* parallelize IBM checks
* fix response value
* go mod tidy
* include context + change kubernetes detection
* add context in info functions
* extract platform into separate field
* fix imports
* add missing wmi import
---------
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
---------
Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>
* generate proto
* remove test binaries
---------
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: Yury Gargay <yury.gargay@gmail.com>
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
This PR implements the following posture checks:
* Agent minimum version allowed
* OS minimum version allowed
* Geo-location based on connection IP
For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh.
The OpenAPI spec should extensively cover the life cycle of current version posture checks.
* starting engine by passing file descriptor on engine start
* inject logger that does not compile
* logger and first client
* first working connection
* support for routes and working connection
* small refactor for better code quality in swift
* trying to add DNS
* fix
* updated
* fix route deletion
* trying to bind the DNS resolver dialer to an interface
* use dns.Client.Exchange
* fix metadata send on startup
* switching between client to query upstream
* fix panic on no dns response
* fix after merge changes
* add engine ready listener
* replace engine listener with connection listener
* disable relay connection for iOS until proxy is refactored into bind
* Extract private upstream for iOS and fix function headers for other OS
* Update mock Server
* Fix dns server and upstream tests
* Fix engine null pointer with mobile dependencies for other OS
* Revert back to disabling upstream on no response
* Fix some of the remarks from the linter
* Fix linter
* re-arrange duration calculation
* revert exported HostDNSConfig
* remove unused engine listener
* remove development logs
* refactor dns code and interface name propagation
* clean dns server test
* disable upstream deactivation for iOS
* remove files after merge
* fix dns server darwin
* fix server mock
* fix build flags
* move service listen back to initialize
* add wgInterface to hostManager initialization on android
* fix typo and remove unused function
* extract upstream exchange for ios and rest
* remove todo
* separate upstream logic to ios file
* Fix upstream test
* use interface and embedded struct for upstream
* set properly upstream client
* remove placeholder
* remove ios specific attributes
* fix upstream test
* merge ipc parser and wg configurer for mobile
* fix build annotation
* use json for DNS settings handover through gomobile
* add logs for DNS json string
* bring back check on ios for private upstream
* remove wrong (and unused) line
* fix wrongly updated comments on DNSSetting export
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
Send Desktop UI client version as user-agent to daemon
This is sent on every login request to the management
Parse the GRPC context on the system package and
retrieves the user-agent
Management receives the new UIVersion field and
store in the Peer's system meta
* moved wiretrustee version from main to system.info
* added wiretrustee version for all supported platforms
* typo corrected
* refactor: use single WiretrusteeVersion() func to get version of the client
Co-authored-by: braginini <bangvalo@gmail.com>