4ee1635baa
[management] Propagate user groups when group propagation setting is re-enabled ( #3912 )
2025-06-11 14:32:16 +03:00
87376afd13
[management] Enable unidirectional rules for all port policy ( #3826 )
2025-06-10 18:02:45 +03:00
684501fd35
[management] Prevent deletion of peers linked to network routers ( #3881 )
...
- Prevent deletion of peers linked to network routers
- Add API endpoint to list all network routers
2025-05-29 18:50:00 +03:00
5523040acd
[management] Add correlated network traffic event schema ( #3680 )
2025-05-27 13:47:53 +03:00
24f932b2ce
[management] Update traffic events pagination filters ( #3857 )
2025-05-22 16:28:14 +03:00
c03435061c
[management] lazy connection account setting ( #3855 )
2025-05-22 14:09:00 +01:00
0cd4b601c3
[management] Add connection type filter to Network Traffic API ( #3815 )
2025-05-14 11:15:50 +03:00
7b64953eed
[management] user info with role permissions ( #3728 )
2025-05-01 11:24:55 +01:00
488e619ec7
[management] Add network traffic events pagination ( #3580 )
...
* Add network traffic events pagination schema
2025-04-30 11:51:40 +03:00
38ada44a0e
[management] allow impersonation via pats ( #3739 )
2025-04-25 16:40:54 +02:00
312bfd9bd7
[management] support custom domains per account ( #3726 )
2025-04-23 19:36:53 +02:00
c69df13515
[management] Add account meta ( #3724 )
2025-04-23 18:44:22 +02:00
986eb8c1e0
[management] fix lastLogin on dashboard ( #3725 )
2025-04-23 15:54:49 +02:00
1a6d6b3109
[management] fix github run id ( #3705 )
2025-04-18 11:21:54 +02:00
a4311f574d
[management] push benchmark results to grafana ( #3701 )
2025-04-17 21:01:23 +02:00
e0b33d325d
[management] permissions manager use crud operations ( #3690 )
2025-04-16 17:25:03 +02:00
75bdd47dfb
[management] get current user endpoint ( #3666 )
2025-04-15 11:06:07 +01:00
4134b857b4
[management] add permissions manager to geolocation handler ( #3665 )
2025-04-14 17:57:58 +01:00
fd2a21c65d
[management] remove unnecessary access control middleware ( #3650 )
2025-04-11 10:43:59 +01:00
5ea2806663
[management] use permission modules ( #3622 )
2025-04-10 11:06:52 +02:00
cbec7bda80
[management] permission manager validate account access ( #3444 )
2025-03-30 17:08:22 +02:00
b62a1b56ce
[docs] rename network traffic logging to traffic events ( #3556 )
2025-03-21 16:32:47 +01:00
8d7c92c661
[management] add receive timestamp to traffic event ( #3559 )
2025-03-21 16:31:23 +01:00
8f0aa8352a
[docs] add examples to events and tag to ingress port ( #3552 )
2025-03-20 18:26:08 +01:00
c02e236196
[client,management] add netflow support to client and update management ( #3414 )
...
adds NetFlow functionality to track and log network traffic information between peers, with features including:
- Flow logging for TCP, UDP, and ICMP traffic
- Integration with connection tracking system
- Resource ID tracking in NetFlow events
- DNS and exit node collection configuration
- Flow API and Redis cache in management
- Memory-based flow storage implementation
- Kernel conntrack counters and userspace counters
- TCP state machine improvements for more accurate tracking
- Migration from net.IP to netip.Addr in the userspace firewall
2025-03-20 17:05:48 +01:00
919fe94fd5
Fix always enabling of NetworkResource in createResource() ( #3532 )
2025-03-18 19:41:15 +01:00
67ae871ce4
[management] return empty array instead of null on networks endpoints ( #3480 )
2025-03-11 00:20:54 +01:00
fc1da94520
[client, management] Add port forwarding ( #3275 )
...
Add initial support to ingress ports on the client code.
- new types where added
- new protocol messages and controller
2025-03-09 16:06:43 +01:00
77e40f41f2
[management] refactor auth ( #3296 )
2025-02-20 20:24:40 +00:00
39986b0e97
[client, management] Support DNS Labels for Peer Addressing ( #3252 )
...
* [client] Support Extra DNS Labels for Peer Addressing
* [management] Support Extra DNS Labels for Peer Addressing
---------
Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com >
2025-02-20 13:43:20 +03:00
4cdb2e533a
[management] Refactor users to use store methods ( #2917 )
...
* Refactor setup key handling to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add lock to get account groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add check for regular user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* get only required groups for auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add account lock and return auto groups map on validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor account peers update
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor groups to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor GetGroupByID and add NewGroupNotFoundError
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add AddPeer and RemovePeer methods to Group struct
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Preserve store engine in SqlStore transactions
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run groups ops in transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix missing group removed from setup key activity
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor posture checks to remove get and save account
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix refactor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Change setup key log level to debug for missing group
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve modified peers once for group events
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor policy get and save account to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve policy groups and posture checks once for validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix typo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor anyGroupHasPeers to retrieve all groups once
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor dns settings to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add account locking and merge group deletion methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor name server groups to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add peer store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor ephemeral peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add lock for peer store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor peer handlers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor peer to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix typo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add locks and remove log
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* run peer ops in transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* remove duplicate store method
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix peer fields updated after save
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Use update strength and simplify check
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* prevent changing ruleID when not empty
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* prevent duplicate rules during updates
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor auth middleware
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor account methods and mock
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor user and PAT handling
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Remove db query context and fix get user by id
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix database transaction locking issue
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Use UTC time in test
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add account locks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix prevent users from creating PATs for other users
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add store locks and prevent fetching setup keys peers when retrieving user peers with empty userID
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add missing tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor test names and remove duplicate TestPostgresql_SavePeerStatus
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add account locks and remove redundant ephemeral check
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve all groups for peers and restrict groups for regular users
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix store tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* use account object to get validated peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Improve peer performance
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Get account direct from store without buffer
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add get peer groups tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Adjust benchmarks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Adjust benchmarks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Update benchmark workflow (#3181 )
* update local benchmark expectations
* update cloud expectations
* Add status error for generic result error
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Use integrated validator direct
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
* update expectations
* update expectations
* Refactor peer scheduler to retry every 3 seconds on errors
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
* fix validator
* fix validator
* fix validator
* update timeouts
* Refactor ToGroupsInfo to process slices of groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
* update expectations
* update expectations
* Bump integrations version
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor GetValidatedPeers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* go mod tidy
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Use peers and groups map for peers validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* remove mysql from api benchmark tests
* Fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix blocked db calls on user auto groups update
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Skip user check for system initiated peer deletion
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Remove context in db calls
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Improve group peer/resource counting (#3192 )
* Fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Adjust bench expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Rename GetAccountInfoFromPAT to GetTokenInfo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Remove global account lock for ListUsers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* build userinfo after updating users in db
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Optimize user bulk deletion (#3315 )
* refactor building user infos
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* remove unused code
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor GetUsersFromAccount to return a map of UserInfo instead of a slice
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Export BuildUserInfosForAccount to account manager
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fetch account user info once for bulk users save
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update user deletion expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Set max open conns for activity store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update bench expectations
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com >
Co-authored-by: Pascal Fischer <pascal@netbird.io >
Co-authored-by: Pedro Costa <550684+pnmcosta@users.noreply.github.com >
2025-02-17 21:43:12 +03:00
cee4aeea9e
[management] Check groups when counting peers on networks list ( #3284 )
2025-02-06 13:36:57 +01:00
f930ef2ee6
Cleanup magiconair usage from repo ( #3276 )
2025-02-03 17:54:35 +01:00
2605948e01
[management] use account request buffer on sync ( #3229 )
2025-01-24 12:04:50 +01:00
8c965434ae
[management] remove peer from group on delete ( #3223 )
2025-01-22 19:33:20 +01:00
1ad2cb5582
[management] Refactor peers to use store methods ( #2893 )
2025-01-20 18:41:46 +01:00
c6f7a299a9
[management] fix groups delete and resource create and update error response ( #3189 )
2025-01-16 13:39:15 +01:00
3fce8485bb
Enabled new network resource and router by default ( #3174 )
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2025-01-11 20:09:29 +01:00
409003b4f9
[management] Add support for disabling resources and routing peers in networks ( #3154 )
...
* sync openapi changes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add option to disable network resource(s)
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add network resource enabled state from api
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add option to disable network router(s)
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* migrate old network resources and routers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2025-01-08 19:35:57 +03:00
02a3feddb8
[management] Add MySQL Support ( #3108 )
...
* Add mysql store support
* Add support to disable activity events recording
2025-01-06 13:38:30 +01:00
d9487a5749
[misc] separate integration and benchmark test workflows ( #3147 )
2025-01-03 15:48:31 +01:00
cfa6d09c5e
[management] add peers benchmark ( #3143 )
2025-01-03 15:28:15 +01:00
a01253c3c8
[management] add users benchmark ( #3141 )
2025-01-03 15:24:30 +01:00
bc013e4888
[management] exclude self from network map if self is routing peer ( #3142 )
2025-01-02 18:46:28 +01:00
782e3f8853
[management] Add integration test for the setup-keys API endpoints ( #2936 )
2025-01-02 13:51:01 +01:00
2bdb4cb44a
[management] Preserve jwt groups when accessing API with PAT ( #3128 )
...
* Skip JWT group sync for token-based authentication
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-31 18:59:37 +03:00
fbce8bb511
[management] remove ids from policy creation api ( #2997 )
2024-12-27 14:13:36 +01:00
ddc365f7a0
[client, management] Add new network concept ( #3047 )
...
---------
Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com >
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
2024-12-20 11:30:28 +01:00
6142828a9c
[management] restructure api files ( #3013 )
2024-12-10 15:59:25 +01:00
f118d81d32
[management] Refactor policy to use store methods ( #2878 )
2024-11-26 10:46:05 +01:00
