Added DNS update protocol message
Added sync to clients
Update nameserver API with new fields
Added default NS groups
Added new dns-name flag for the management service append to peer DNS label
Support Generic OAuth 2.0 Device Authorization Grant
as per RFC specification https://www.rfc-editor.org/rfc/rfc8628.
The previous version supported only Auth0 as an IDP backend.
This implementation enables the Interactive SSO Login feature
for any IDP compatible with the specification, e.g., Keycloak.
All the existing agents by default connect to port 33073 of the
Management service. This value is also stored in the local config.
All the agents won't switch to the new port 443
unless explicitly specified in the config.
We want the transition to be smooth for our users, therefore
this PR adds logic to check whether the old port 33073 can be
changed to 443 and updates the config automatically.
This PR fixes issues with the terminal when
running netbird ssh to a remote agent.
Every session looks up a user and loads its
profile. If no user is found, the connection is rejected.
The default user is root.
This PR adds support for SSH access through the NetBird network
without managing SSH skeys.
NetBird client app has an embedded SSH server (Linux/Mac only)
and a netbird ssh command.
* Fix UP calls when state is idle
When we want to login we can call server.Login
It already checks the login status of the peer
* Remove unused status
* Defer close daemon client conn
Co-authored-by: braginini <bangvalo@gmail.com>
Send Desktop UI client version as user-agent to daemon
This is sent on every login request to the management
Parse the GRPC context on the system package and
retrieves the user-agent
Management receives the new UIVersion field and
store in the Peer's system meta
Updated windows installer package generation with
launch UI after install
remove older version
remove wiretrustee
added install and uninstall scripts
Updated brew cask:
run installer script to start daemon
Daemon conflicts with wiretrustee on brew
Removed migrate check on non-root commands like status
CLI CMD is now going to stdout
UI and CLI Clients are now able to use SSO login by default
we will check if the management has configured or supports SSO providers
daemon will handle fetching and waiting for an access token
Oauth package was moved to internal to avoid one extra package at this stage
Secrets were removed from OAuth
CLI clients have less and better output
2 new status were introduced, NeedsLogin and FailedLogin for better messaging
With NeedsLogin we no longer have endless login attempts
The management will validate the JWT as it does in the API
and will register the Peer to the user's account.
New fields were added to grpc messages in management
and client daemon and its clients were updated
Peer has one new field, UserID,
that will hold the id of the user that registered it
JWT middleware CheckJWT got a splitter
and renamed to support validation for non HTTP requests
Added test for adding new Peer with UserID
Lots of tests update because of a new field
Agent systray UI has been extended with
a setting window that allows configuring
management URL, admin URL and
supports pre-shared key.
While for the Netbird managed version
the Settings are not necessary, it helps
to properly configure the self-hosted version.
* Call start services function for tests
when testing CMDs we were using some global
variables which got replaced by parallel test
Now we will call a single function independently
for each test
When one of the peers has a static public host IP
or both peers are in the same local network
we establish a direct Wireguard connection
bypassing proxy usage.
This helps reduce FD usage and improves
performance.
* test: WIP mocking the grpc server for testing the sending of the client information
* WIP: Test_SystemMetaDataFromClient with mocks, todo:
* fix: failing meta data test
* test: add system meta expectation in management client test
* fix: removing deprecated register function, replacing with new one
* fix: removing deprecated register function from mockclient interface impl
* fix: fixing interface declaration
* chore: remove unused commented code
Co-authored-by: braginini <bangvalo@gmail.com>
* moved wiretrustee version from main to system.info
* added wiretrustee version for all supported platforms
* typo corrected
* refactor: use single WiretrusteeVersion() func to get version of the client
Co-authored-by: braginini <bangvalo@gmail.com>
* get account id from access token claim
* use GetOrCreateAccountByUser and add test
* correct account id claim
* remove unused account
* Idp manager interface
* auth0 idp manager
* use if instead of switch case
* remove unnecessary lock
* NewAuth0Manager
* move idpmanager to its own package
* update metadata when accountId is not supplied
* update tests with idpmanager field
* format
* new idp manager and config support
* validate if we fetch the interface before converting to string
* split getJWTToken
* improve tests
* proper json fields and handle defer body close
* fix ci lint notes
* documentation and proper defer position
* UpdateUserAppMetadata tests
* update documentation
* ManagerCredentials interface
* Marshal and Unmarshal functions
* fix tests
* ManagerHelper and ManagerHTTPClient
* further tests with mocking
* rename package and custom http client
* sync local packages
* remove idp suffix
* feature: support new management service protocol
* chore: add more logging to track networkmap serial
* refactor: organize peer update code in engine
* chore: fix lint issues
* refactor: extract Signal client interface
* test: add signal client mock
* refactor: introduce Management Service client interface
* chore: place management and signal clients mocks to respective packages
* test: add Serial test to the engine
* fix: lint issues
* test: unit tests for a networkMapUpdate
* test: unit tests Sync update
* script to generate syso files
* test wireguard-windows driver package
* set int log
* add windows test
* add windows test
* verbose bash
* use cd
* move checkout
* exit 0
* removed tty flag
* artifact path
* fix tags and add cache
* fix cache
* fix cache
* test dir
* restore artifacts in the root
* try dll file
* try dll file
* copy dll
* typo in copy dll
* compile test
* checkout first
* updated cicd
* fix add address issue and gen GUID
* psexec typo
* accept eula
* mod tidy before tests
* regular test exec and verbose test with psexec
* test all
* return WGInterface Interface
* use WgIfaceName and timeout after 30 seconds
* different ports and validate connect 2 peers
* Use time.After for timeout and close interface
* Use time.After for testing connect peers
* WG Interface struct
* Update engine and parse address
* refactor Linux create and assignAddress
* NewWGIface and configuration methods
* Update proxy with interface methods
* update up command test
* resolve lint warnings
* remove psexec test
* close copied files
* add goos before build
* run tests on mac,windows and linux
* cache by testing os
* run on push
* fix indentation
* adjust test timeouts
* remove parallel flag
* mod tidy before test
* ignore syso files
* removed functions and renamed vars
* different IPs for connect peers test
* Generate syso with DLL
* Single Close method
* use port from test constant
* test: remove wireguard interfaces after finishing engine test
* use load_wgnt_from_rsrc
Co-authored-by: braginini <bangvalo@gmail.com>
