e513e51e9f
Handle new account creation directly within the store
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-04 14:43:14 +03:00
fed48de83f
Refactor auth middleware
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-01 14:02:09 +03:00
901d283114
Merge branch 'main' into refactor-get-account-by-token
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-30 22:34:59 +03:00
7278a21b0d
refactor get account in peers
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-29 13:50:44 +03:00
10480eb52f
[management] Setup key improvements ( #2775 )
2024-10-28 17:52:23 +01:00
9bf0bf4843
wip: refactor get account in peers
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-28 17:47:54 +03:00
0bdcb41e20
Refactor peer expiry, inactivity, location and status update to remove get account
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-23 19:03:48 +03:00
7bda385e1b
[management] Optimize network map updates ( #2718 )
...
* Skip peer update on unchanged network map (#2236 )
* Enhance network updates by skipping unchanged messages
Optimizes the network update process
by skipping updates where no changes in the peer update message received.
* Add unit tests
* add locks
* Improve concurrency and update peer message handling
* Refactor account manager network update tests
* fix test
* Fix inverted network map update condition
* Add default group and policy to test data
* Run peer updates in a separate goroutine
* Refactor
* Refactor lock
* Fix peers update by including NetworkMap and posture Checks
* go mod tidy
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Skip account peers update if no changes affect peers (#2310 )
* Remove incrementing network serial and updating peers after group deletion
* Update account peer if posture check is linked to policy
* Remove account peers update on saving setup key
* Refactor group link checking into re-usable functions
* Add HasPeers function to group
* Refactor group management
* Optimize group change effects on account peers
* Update account peers if ns group has peers
* Refactor group changes
* Optimize account peers update in DNS settings
* Optimize update of account peers on jwt groups sync
* Refactor peer account updates for efficiency
* Optimize peer update on user deletion and changes
* Remove condition check for network serial update
* Optimize account peers updates on route changes
* Remove UpdatePeerSSHKey method
* Remove unused isPolicyRuleGroupsEmpty
* Add tests for peer update behavior on posture check changes
* Add tests for peer update behavior on policy changes
* Add tests for peer update behavior on group changes
* Add tests for peer update behavior on dns settings changes
* Refactor
* Add tests for peer update behavior on name server changes
* Add tests for peer update behavior on user changes
* Add tests for peer update behavior on route changes
* fix tests
* Add tests for peer update behavior on setup key changes
* Add tests for peer update behavior on peers changes
* fix merge
* Fix tests
* go mod tidy
* Add NameServer and Route comparators
* Update network map diff logic with custom comparators
* Add tests
* Refactor duplicate diff handling logic
* fix linter
* fix tests
* Refactor policy group handling and update logic.
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update route check by checking if group has peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor posture check policy linking logic
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Simplify peer update condition in DNS management
Refactor the condition for updating account peers to remove redundant checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add posture checks tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix user and setup key tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix account and route tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix typo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix routes tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* upgrade diff package
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* use generic differ for netip.Addr and netip.Prefix
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* go mod tidy
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add peer tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix management suite tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix postgres tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* enable diff nil structs comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip the update only last sent the serial is larger
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor peer and user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for groupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor group, ns group, policy and posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for GroupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update account policy check before verifying policy status
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* add tests missing tests for dns setting groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add tests for posture checks changes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add ns group and policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add route and group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* increase Linux test timeout to 10 minutes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run diff for client posture checks only
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add panic recovery and detailed logging in peer update comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-10-23 13:05:02 +03:00
d7c63d5c04
Remove get account from groups ops
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-16 16:04:34 +03:00
a8c8b77df8
Merge branch 'main' into refactor/get-account-usage
...
# Conflicts:
# management/server/account.go
# management/server/file_store.go
# management/server/peer.go
# management/server/policy.go
# management/server/route.go
# management/server/sql_store.go
# management/server/store.go
# management/server/user.go
2024-10-14 14:31:55 +03:00
5897a48e29
fix wrong reference ( #2695 )
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-04 18:55:25 +03:00
8bf729c7b4
[management] Add AccountExists to AccountManager ( #2694 )
...
* Add AccountExists method to account manager interface
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* remove unused code
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-04 18:09:40 +03:00
7f09b39769
[management] Refactor User JWT group sync ( #2690 )
...
* Refactor GetAccountIDByUserOrAccountID
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* sync user jwt group changes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* propagate jwt group changes to peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix no jwt groups synced
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests and lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Move the account peer update outside the transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* move updateUserPeersInGroups to account manager
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* move event store outside of transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* get user with update lock
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run jwt sync in transaction
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-04 17:17:01 +03:00
ff7863785f
[management, client] Add access control support to network routes ( #2100 )
2024-10-02 13:41:00 +02:00
43eb7261e3
refactor account and dns settings
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-01 00:54:28 +03:00
bc520412ba
Merge branch 'main' into refactor/get-account-usage
...
# Conflicts:
# management/server/file_store.go
# management/server/http/posture_checks_handler.go
# management/server/mock_server/account_mock.go
# management/server/policy.go
# management/server/sql_store.go
# management/server/store.go
2024-09-27 20:27:05 +03:00
acb73bd64a
[management] Remove redundant get account calls in GetAccountFromToken ( #2615 )
...
* refactor access control middleware and user access by JWT groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor jwt groups extractor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor handlers to get account when necessary
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor getAccountFromToken
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor getAccountWithAuthorizationClaims
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* revert handles change
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* remove GetUserByID from account manager
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor getAccountWithAuthorizationClaims to return account id
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor handlers to use GetAccountIDFromToken
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* remove locks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add GetGroupByName from store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add GetGroupByID from store and refactor
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor retrieval of policy and posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor user permissions and retrieves PAT
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor route, setupkey, nameserver and dns to get record(s) from store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor store
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix add missing policy source posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add store lock
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add get account
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-09-27 17:10:50 +03:00
3b4bcdf5a4
refactor posture checks save and deletion
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-09-26 16:28:49 +03:00
8f98adddf6
refactor handlers to use GetAccountIDFromToken
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-09-22 15:14:31 +03:00
8f9c54f6c2
remove GetUserByID from account manager
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-09-18 17:03:04 +03:00
f60a4234b1
revert handles change
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-09-18 16:40:47 +03:00
e5d55d3c10
refactor handlers to get account when necessary
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-09-17 23:15:54 +03:00
258b30cf48
refactor access control middleware and user access by JWT groups
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-09-16 13:33:36 +03:00
0911163146
Add batch delete for groups and users ( #2370 )
...
* Refactor user deletion logic and introduce batch delete
* Prevent self-deletion for users
* Add delete multiple groups
* Refactor group deletion with validation
* Fix tests
* Add bulk delete functions for Users and Groups in account manager interface and mocks
* Add tests for DeleteGroups method in group management
* Add tests for DeleteUsers method in users management
2024-08-08 18:01:38 +03:00
cbf9f2058e
Use accountID retrieved from the sync call to acquire read lock sooner ( #2369 )
...
Use accountID retrieved from the sync call to acquire read lock sooner and avoiding extra DB calls.
- Use the account ID across sync calls
- Moved account read lock
- Renamed CancelPeerRoutines to OnPeerDisconnected
- Added race tests
2024-08-01 16:21:43 +02:00
5ee9c77e90
Move write peer lock ( #2364 )
...
Moved the write peer lock to avoid latency caused by disk access
Updated the method CancelPeerRoutines to use the peer public key
2024-07-31 21:51:45 +02:00
1537b0f5e7
Add batch save/update for groups and users ( #2245 )
...
* Add functionality to update multiple users
* Remove SaveUsers from DefaultAccountManager
* Add SaveGroups method to AccountManager interface
* Refactoring
* Add SaveUsers and SaveGroups methods to store interface
* Refactor method SaveAccount to SaveUsers and SaveGroups
The method SaveAccount in user.go and group.go files was split into two separate methods. Now, user-specific data is handled by SaveUsers and group-specific data is handled by SaveGroups method. This provides a cleaner and more efficient way to save user and group data.
* Add account ID to user and group in SqlStore
* Refactor SaveUsers and SaveGroups in store
* Remove unnecessary ID assignment in SaveUsers and SaveGroups
2024-07-15 17:04:06 +03:00
765aba2c1c
Add context to throughout the project and update logging ( #2209 )
...
propagate context from all the API calls and log request ID, account ID and peer ID
---------
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
2024-07-03 11:33:02 +02:00
eaa31c2dc6
Optimize process checks database read ( #2182 )
...
* Add posture checks to peer management
This commit includes posture checks to the peer management logic. The AddPeer, SyncPeer and LoginPeer functions now return a list of posture checks along with the peer and network map.
* Update peer methods to return posture checks
* Refactor
* return early if there is no posture checks
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-06-22 17:41:16 +03:00
4fec709bb1
Release 0.28.0 ( #2092 )
...
* compile client under freebsd (#1620 )
Compile netbird client under freebsd and now support netstack and userspace modes.
Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files.
Not implemented yet:
Kernel mode not supported
DNS probably does not work yet
Routing also probably does not work yet
SSH support did not tested yet
Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required)
Lack of tests for freebsd specific code
info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface)
Lack of proper client setup under FreeBSD
Lack of FreeBSD port/package
* Add DNS routes (#1943 )
Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added.
This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records.
* Add process posture check (#1693 )
Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems.
Co-authored-by: Evgenii <mail@skillcoder.com >
Co-authored-by: Pascal Fischer <pascal@netbird.io >
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com >
Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com >
2024-06-13 13:24:24 +02:00
012235ff12
Add FindExistingPostureCheck ( #2075 )
2024-05-30 15:22:42 +02:00
2e0047daea
Improve Sync performance ( #1901 )
2024-05-07 14:30:03 +02:00
4e7c17756c
Refactor Route IDs ( #1891 )
2024-05-06 14:47:49 +02:00
c28657710a
Fix function names in comments ( #1816 )
...
Signed-off-by: verytrap <wangqiuyue@outlook.com >
2024-04-09 13:18:38 +02:00
2d76b058fc
Feature/peer validator ( #1553 )
...
Follow up management-integrations changes
move groups to separated packages to avoid circle dependencies
save location information in Login action
2024-03-27 18:48:48 +01:00
ea2d060f93
Add limited dashboard view ( #1738 )
2024-03-27 16:11:45 +01:00
0b3b50c705
Remove deprecated Rules API endpoints ( #1523 )
2024-03-14 21:31:21 +01:00
199bf73103
Remove usage stats ( #1665 )
2024-03-05 09:45:32 +01:00
5a8f1763a6
Implement Auth0 IdP get all connections method ( #1613 )
2024-02-28 16:57:35 +01:00
b7a6cbfaa5
Add account usage logic ( #1567 )
...
---------
Co-authored-by: Yury Gargay <yury.gargay@gmail.com >
2024-02-22 12:27:08 +01:00
9bc7b9e897
Add initial support of device posture checks ( #1540 )
...
This PR implements the following posture checks:
* Agent minimum version allowed
* OS minimum version allowed
* Geo-location based on connection IP
For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh.
The OpenAPI spec should extensively cover the life cycle of current version posture checks.
2024-02-20 09:59:56 +01:00
399493a954
Allow service users with user role read-only access to all resources ( #1484 )
...
We allow service users with user role read-only access
to all resources so users can create service user and propagate
PATs without having to give full admin permissions.
2024-01-25 09:50:27 +01:00
131d9f1bc7
Add getGroupByName method ( #1481 )
...
* add get group by name method to account manager
* remove contains function and add proper description for GetGroupByName method
* add to mock server
2024-01-19 15:41:27 +01:00
cba3c549e9
Add JWT group-based access control for adding new peers ( #1383 )
...
* Added function to check user access by JWT groups in the account management mock server and account manager
* Refactor auth middleware for group-based JWT access control
* Add group-based JWT access control on adding new peer with JWT
* Remove mapping error as the token validation error is already present in grpc error codes
* use GetAccountFromToken to prevent single mode issues
* handle foreground login message
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2023-12-13 13:18:35 +03:00
5961c8330e
Fix SaveOrAddUser and GetPeers methods in MockAccountManager ( #1374 )
2023-12-11 17:32:10 +01:00
5ecafef5d2
Fix ListUsers method in MockAccountManager ( #1367 )
2023-12-11 15:00:02 +01:00
27ed88f918
Implement lightweight method to check is peer has update channel ( #1351 )
...
Instead of GetAllConnectedPeers that need to traverse the whole
connections map in order to find one channel there.
2023-12-05 14:17:56 +01:00
96f866fb68
add missing imports after refactor
2023-11-29 16:46:46 +01:00
c2eaf8a1c0
Add account deletion endpoint ( #1331 )
...
Adding support to account owners to delete an account
This will remove all users from local, and if --user-delete-from-idp is set it will remove from the remote IDP
2023-11-28 14:23:38 +01:00
d1d01a0611
Extend AccountManager with external cache and group/user management methods ( #1289 )
2023-11-13 14:04:18 +01:00
