netbird

mirror of https://github.com/netbirdio/netbird.git synced 2024-11-30 20:13:33 +01:00

Author	SHA1	Message	Date
bcmmbaga	d54b6967ce	fix refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-11-11 12:38:34 +03:00
bcmmbaga	106fc75936	refactor account peers update Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-11-08 18:38:32 +03:00
Pascal Fischer	4c758c6e52	[management] remove network map diff calculations (#2820 )	2024-10-31 19:24:15 +01:00
Bethuel Mmbaga	7bda385e1b	[management] Optimize network map updates (#2718 ) * Skip peer update on unchanged network map (#2236) * Enhance network updates by skipping unchanged messages Optimizes the network update process by skipping updates where no changes in the peer update message received. * Add unit tests * add locks * Improve concurrency and update peer message handling * Refactor account manager network update tests * fix test * Fix inverted network map update condition * Add default group and policy to test data * Run peer updates in a separate goroutine * Refactor * Refactor lock * Fix peers update by including NetworkMap and posture Checks * go mod tidy * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Skip account peers update if no changes affect peers (#2310) * Remove incrementing network serial and updating peers after group deletion * Update account peer if posture check is linked to policy * Remove account peers update on saving setup key * Refactor group link checking into re-usable functions * Add HasPeers function to group * Refactor group management * Optimize group change effects on account peers * Update account peers if ns group has peers * Refactor group changes * Optimize account peers update in DNS settings * Optimize update of account peers on jwt groups sync * Refactor peer account updates for efficiency * Optimize peer update on user deletion and changes * Remove condition check for network serial update * Optimize account peers updates on route changes * Remove UpdatePeerSSHKey method * Remove unused isPolicyRuleGroupsEmpty * Add tests for peer update behavior on posture check changes * Add tests for peer update behavior on policy changes * Add tests for peer update behavior on group changes * Add tests for peer update behavior on dns settings changes * Refactor * Add tests for peer update behavior on name server changes * Add tests for peer update behavior on user changes * Add tests for peer update behavior on route changes * fix tests * Add tests for peer update behavior on setup key changes * Add tests for peer update behavior on peers changes * fix merge * Fix tests * go mod tidy * Add NameServer and Route comparators * Update network map diff logic with custom comparators * Add tests * Refactor duplicate diff handling logic * fix linter * fix tests * Refactor policy group handling and update logic. Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update route check by checking if group has peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor posture check policy linking logic Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Simplify peer update condition in DNS management Refactor the condition for updating account peers to remove redundant checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add policy tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add posture checks tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix user and setup key tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix account and route tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix typo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix nameserver tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix routes tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix group tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * upgrade diff package Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix nameserver tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * use generic differ for netip.Addr and netip.Prefix Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * go mod tidy Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add peer tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix management suite tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix postgres tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * enable diff nil structs comparison Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip the update only last sent the serial is larger Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor peer and user Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip spell check for groupD Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor group, ns group, policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip spell check for GroupD Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update account policy check before verifying policy status Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * add tests missing tests for dns setting groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add tests for posture checks changes Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add ns group and policy tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add route and group tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * increase Linux test timeout to 10 minutes Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Run diff for client posture checks only Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add panic recovery and detailed logging in peer update comparison Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>	2024-10-23 13:05:02 +03:00
Bethuel Mmbaga	ff7863785f	[management, client] Add access control support to network routes (#2100 )	2024-10-02 13:41:00 +02:00
Bethuel Mmbaga	acb73bd64a	[management] Remove redundant get account calls in GetAccountFromToken (#2615 ) * refactor access control middleware and user access by JWT groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor jwt groups extractor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to get account when necessary Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * revert handles change Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove GetUserByID from account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims to return account id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to use GetAccountIDFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByName from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByID from store and refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor retrieval of policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user permissions and retrieves PAT Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor route, setupkey, nameserver and dns to get record(s) from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix add missing policy source posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add store lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add get account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-27 17:10:50 +03:00
Viktor Liu	ac0d5ff9f3	[management] Improve mgmt sync performance (#2363 )	2024-08-07 10:52:31 +02:00
Maycon Santos	165988429c	Add write lock for peer when saving its connection status (#2359 )	2024-07-31 14:53:32 +02:00
pascal-fischer	765aba2c1c	Add context to throughout the project and update logging (#2209 ) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>	2024-07-03 11:33:02 +02:00
Bethuel Mmbaga	a5811a2d7d	Implement experimental PostgreSQL store (#1939 ) * migrate sqlite store to generic sql store * fix conflicts * init postgres store * Add postgres store tests * Refactor postgres store engine name * fix tests * Run postgres store tests on linux only * fix tests * Refactor * cascade policy rules on policy deletion * fix tests * run postgres cases in new db * close store connection after tests * refactor * using testcontainers * sync go sum * remove postgres service * remove store cleanup * go mod tidy * remove env * use postgres as engine and initialize test store with testcontainer --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>	2024-05-16 19:28:37 +03:00
pascal-fischer	2e0047daea	Improve Sync performance (#1901 )	2024-05-07 14:30:03 +02:00
Zoltan Papp	2d76b058fc	Feature/peer validator (#1553 ) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action	2024-03-27 18:48:48 +01:00
Yury Gargay	0b3b50c705	Remove deprecated Rules API endpoints (#1523 )	2024-03-14 21:31:21 +01:00
Yury Gargay	9bc7b9e897	Add initial support of device posture checks (#1540 ) This PR implements the following posture checks: * Agent minimum version allowed * OS minimum version allowed * Geo-location based on connection IP For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh. The OpenAPI spec should extensively cover the life cycle of current version posture checks.	2024-02-20 09:59:56 +01:00
pascal-fischer	399493a954	Allow service users with user role read-only access to all resources (#1484 ) We allow service users with user role read-only access to all resources so users can create service user and propagate PATs without having to give full admin permissions.	2024-01-25 09:50:27 +01:00
pascal-fischer	65247de48d	Fix nil pointer handling in get peers from group (#1381 ) Fix nil handling in getAllPeersFromGroups to not include nil pointer in the output.	2023-12-12 18:17:00 +01:00
Pascal Fischer	89249b414f	move peer validation into getPeerconnectionResources	2023-12-04 14:53:38 +01:00
pascal-fischer	d5bf79bc51	Merge branch 'main' into feature/peer-approval	2023-12-01 18:12:59 +01:00
Maycon Santos	d7efea74b6	add owner role support (#1340 ) This PR adds support to Owner roles. The owner role has a similar access level as the admin, but it has the power to delete the account. Besides that, the role has the following constraints: - The role can only be transferred. So, only a user with the owner role can transfer the owner role to a new user - It can't be assigned to users being invited - It can't be assigned to service users	2023-12-01 17:24:57 +01:00
pascal-fischer	141065f14e	Merge branch 'main' into feature/peer-approval	2023-11-29 16:27:01 +01:00
Pascal Fischer	a729c83b06	extract peer into seperate package	2023-11-28 13:45:26 +01:00
Yury Gargay	d1a323fa9d	Add gocritic linter (#1324 ) * Add gocritic linter `gocritic` provides diagnostics that check for bugs, performance, and style issues We disable the following checks: - commentFormatting - captLocal - deprecatedComment This PR contains many `//nolint:gocritic` to disable `appendAssign`.	2023-11-27 16:40:02 +01:00
Bethuel Mmbaga	89e8540531	Export account manager events store (#1295 ) * Expose account manager StoreEvent to integrations * Add account manager StoreEvent mock	2023-11-08 13:35:37 +03:00
Fabio Fantoni	c99ae6f009	fix some typo spotted with codespell (#1278 ) Fixed spelling typos on logs, comments and command help text	2023-11-01 17:11:16 +01:00
Yury Gargay	32880c56a4	Implement SQLite Store using gorm and relational approach (#1065 ) Restructure data handling for improved performance and flexibility. Introduce 'G'-prefixed fields to represent Gorm relations, simplifying resource management. Eliminate complexity in lookup tables for enhanced query and write speed. Enable independent operations on data structures, requiring adjustments in the Store interface and Account Manager.	2023-10-12 15:42:36 +02:00
Yury Gargay	9131069d12	Improve updateAccountPeers by bypassing AM and using account directly (#1193 ) Improve updateAccountPeers performance by bypassing AM and using the account directly	2023-10-04 15:08:50 +02:00
Yury Gargay	e586eca16c	Improve account copying (#1069 ) With this fix, all nested slices and pointers will be copied by value. Also, this fixes tests to compare the original and copy account by their values by marshaling them to JSON strings. Before that, they were copying the pointers that also passed the simple `=` compassion (as the addresses match).	2023-08-22 17:56:39 +02:00
Givi Khojanashvili	e69ec6ab6a	Optimize ACL performance (#994 ) * Optimize rules with All groups * Use IP sets in ACLs (nftables implementation) * Fix squash rule when we receive optimized rules list from management	2023-07-18 13:12:50 +04:00
Givi Khojanashvili	293499c3c0	Extend protocol and firewall manager to handle old management (#915 ) * Extend protocol and firewall manager to handle old management * Send correct empty firewall rules list when delete peer * Add extra tests for firewall manager and uspfilter * Work with inconsistent state * Review note * Update comment	2023-05-31 19:04:38 +02:00
Givi Khojanashvili	ba7a39a4fc	Feat linux firewall support (#805 ) Update the client's engine to apply firewall rules received from the manager (results of ACL policy).	2023-05-29 16:00:18 +02:00
Givi Khojanashvili	5dc0ff42a5	Fix broken auto-generated Rego rule (#769 ) Default Rego policy generated from the rules in some cases is broken. This change fixes the Rego template for rules to generate policies. Also, file store load constantly regenerates policy objects from rules. It allows updating/fixing of the default Rego template during releases.	2023-04-01 12:02:08 +02:00
Givi Khojanashvili	3bfa26b13b	Feat rego default policy (#700 ) Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.	2023-03-13 18:14:18 +04:00

32 Commits