mirror of
https://github.com/netbirdio/netbird.git
synced 2025-03-13 14:18:47 +01:00
4cdb2e533a
* Refactor setup key handling to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add lock to get account groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add check for regular user Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * get only required groups for auto-group validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add account lock and return auto groups map on validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor account peers update Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor groups to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor GetGroupByID and add NewGroupNotFoundError Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add AddPeer and RemovePeer methods to Group struct Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Preserve store engine in SqlStore transactions Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Run groups ops in transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix missing group removed from setup key activity Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor posture checks to remove get and save account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix sonar Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Change setup key log level to debug for missing group Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve modified peers once for group events Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor policy get and save account to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve policy groups and posture checks once for validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix typo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add policy tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor anyGroupHasPeers to retrieve all groups once Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor dns settings to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add account locking and merge group deletion methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor name server groups to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add peer store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor ephemeral peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add lock for peer store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor peer handlers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor peer to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix typo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add locks and remove log Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * run peer ops in transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove duplicate store method Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix peer fields updated after save Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use update strength and simplify check Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * prevent changing ruleID when not empty Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * prevent duplicate rules during updates Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor auth middleware Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor account methods and mock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user and PAT handling Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Remove db query context and fix get user by id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix database transaction locking issue Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use UTC time in test Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add account locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix prevent users from creating PATs for other users Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add store locks and prevent fetching setup keys peers when retrieving user peers with empty userID Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add missing tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor test names and remove duplicate TestPostgresql_SavePeerStatus Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add account locks and remove redundant ephemeral check Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve all groups for peers and restrict groups for regular users Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix store tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * use account object to get validated peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Improve peer performance Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Get account direct from store without buffer Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add get peer groups tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Adjust benchmarks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Adjust benchmarks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Update benchmark workflow (#3181) * update local benchmark expectations * update cloud expectations * Add status error for generic result error Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use integrated validator direct Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations * update expectations * update expectations * Refactor peer scheduler to retry every 3 seconds on errors Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations * fix validator * fix validator * fix validator * update timeouts * Refactor ToGroupsInfo to process slices of groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations * update expectations * update expectations * Bump integrations version Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor GetValidatedPeers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * go mod tidy Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use peers and groups map for peers validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove mysql from api benchmark tests * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix blocked db calls on user auto groups update Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Skip user check for system initiated peer deletion Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Remove context in db calls Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Improve group peer/resource counting (#3192) * Fix sonar Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Adjust bench expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Rename GetAccountInfoFromPAT to GetTokenInfo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Remove global account lock for ListUsers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * build userinfo after updating users in db Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Optimize user bulk deletion (#3315) * refactor building user infos Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove unused code Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor GetUsersFromAccount to return a map of UserInfo instead of a slice Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Export BuildUserInfosForAccount to account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fetch account user info once for bulk users save Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update user deletion expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Set max open conns for activity store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update bench expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Pedro Costa <550684+pnmcosta@users.noreply.github.com>
209 lines
7.2 KiB
Go
209 lines
7.2 KiB
Go
package status
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
)
|
|
|
|
const (
|
|
// UserAlreadyExists indicates that user already exists
|
|
UserAlreadyExists Type = 1
|
|
|
|
// PreconditionFailed indicates that some pre-condition for the operation hasn't been fulfilled
|
|
PreconditionFailed Type = 2
|
|
|
|
// PermissionDenied indicates that user has no permissions to view data
|
|
PermissionDenied Type = 3
|
|
|
|
// NotFound indicates that the object wasn't found in the system (or under a given Account)
|
|
NotFound Type = 4
|
|
|
|
// Internal indicates some generic internal error
|
|
Internal Type = 5
|
|
|
|
// InvalidArgument indicates some generic invalid argument error
|
|
InvalidArgument Type = 6
|
|
|
|
// AlreadyExists indicates a generic error when an object already exists in the system
|
|
AlreadyExists Type = 7
|
|
|
|
// Unauthorized indicates that user is not authorized
|
|
Unauthorized Type = 8
|
|
|
|
// BadRequest indicates that user is not authorized
|
|
BadRequest Type = 9
|
|
|
|
// Unauthenticated indicates that user is not authenticated due to absence of valid credentials
|
|
Unauthenticated Type = 10
|
|
)
|
|
|
|
// Type is a type of the Error
|
|
type Type int32
|
|
|
|
// Error is an internal error
|
|
type Error struct {
|
|
ErrorType Type
|
|
Message string
|
|
}
|
|
|
|
// Type returns the Type of the error
|
|
func (e *Error) Type() Type {
|
|
return e.ErrorType
|
|
}
|
|
|
|
// Error is an error string
|
|
func (e *Error) Error() string {
|
|
return e.Message
|
|
}
|
|
|
|
// Errorf returns Error(ErrorType, fmt.Sprintf(format, a...)).
|
|
func Errorf(errorType Type, format string, a ...interface{}) error {
|
|
return &Error{
|
|
ErrorType: errorType,
|
|
Message: fmt.Sprintf(format, a...),
|
|
}
|
|
}
|
|
|
|
// FromError returns Error, true if the provided error is of type of Error. nil, false otherwise
|
|
func FromError(err error) (s *Error, ok bool) {
|
|
if err == nil {
|
|
return nil, true
|
|
}
|
|
var e *Error
|
|
if errors.As(err, &e) {
|
|
return e, true
|
|
}
|
|
return nil, false
|
|
}
|
|
|
|
// NewPeerNotFoundError creates a new Error with NotFound type for a missing peer
|
|
func NewPeerNotFoundError(peerKey string) error {
|
|
return Errorf(NotFound, "peer not found: %s", peerKey)
|
|
}
|
|
|
|
// NewAccountNotFoundError creates a new Error with NotFound type for a missing account
|
|
func NewAccountNotFoundError(accountKey string) error {
|
|
return Errorf(NotFound, "account not found: %s", accountKey)
|
|
}
|
|
|
|
// NewPeerNotPartOfAccountError creates a new Error with PermissionDenied type for a peer not being part of an account
|
|
func NewPeerNotPartOfAccountError() error {
|
|
return Errorf(PermissionDenied, "peer is not part of this account")
|
|
}
|
|
|
|
// NewUserNotFoundError creates a new Error with NotFound type for a missing user
|
|
func NewUserNotFoundError(userKey string) error {
|
|
return Errorf(NotFound, "user: %s not found", userKey)
|
|
}
|
|
|
|
// NewPeerNotRegisteredError creates a new Error with NotFound type for a missing peer
|
|
func NewPeerNotRegisteredError() error {
|
|
return Errorf(Unauthenticated, "peer is not registered")
|
|
}
|
|
|
|
// NewPeerLoginExpiredError creates a new Error with PermissionDenied type for an expired peer
|
|
func NewPeerLoginExpiredError() error {
|
|
return Errorf(PermissionDenied, "peer login has expired, please log in once more")
|
|
}
|
|
|
|
// NewSetupKeyNotFoundError creates a new Error with NotFound type for a missing setup key
|
|
func NewSetupKeyNotFoundError(setupKeyID string) error {
|
|
return Errorf(NotFound, "setup key: %s not found", setupKeyID)
|
|
}
|
|
|
|
func NewGetAccountFromStoreError(err error) error {
|
|
return Errorf(Internal, "issue getting account from store: %s", err)
|
|
}
|
|
|
|
// NewUserNotPartOfAccountError creates a new Error with PermissionDenied type for a user not being part of an account
|
|
func NewUserNotPartOfAccountError() error {
|
|
return Errorf(PermissionDenied, "user is not part of this account")
|
|
}
|
|
|
|
// NewGetUserFromStoreError creates a new Error with Internal type for an issue getting user from store
|
|
func NewGetUserFromStoreError() error {
|
|
return Errorf(Internal, "issue getting user from store")
|
|
}
|
|
|
|
// NewAdminPermissionError creates a new Error with PermissionDenied type for actions requiring admin role.
|
|
func NewAdminPermissionError() error {
|
|
return Errorf(PermissionDenied, "admin role required to perform this action")
|
|
}
|
|
|
|
// NewInvalidKeyIDError creates a new Error with InvalidArgument type for an issue getting a setup key
|
|
func NewInvalidKeyIDError() error {
|
|
return Errorf(InvalidArgument, "invalid key ID")
|
|
}
|
|
|
|
// NewGetAccountError creates a new Error with Internal type for an issue getting account
|
|
func NewGetAccountError(err error) error {
|
|
return Errorf(Internal, "error getting account: %s", err)
|
|
}
|
|
|
|
// NewGroupNotFoundError creates a new Error with NotFound type for a missing group
|
|
func NewGroupNotFoundError(groupID string) error {
|
|
return Errorf(NotFound, "group: %s not found", groupID)
|
|
}
|
|
|
|
// NewPostureChecksNotFoundError creates a new Error with NotFound type for a missing posture checks
|
|
func NewPostureChecksNotFoundError(postureChecksID string) error {
|
|
return Errorf(NotFound, "posture checks: %s not found", postureChecksID)
|
|
}
|
|
|
|
// NewPolicyNotFoundError creates a new Error with NotFound type for a missing policy
|
|
func NewPolicyNotFoundError(policyID string) error {
|
|
return Errorf(NotFound, "policy: %s not found", policyID)
|
|
}
|
|
|
|
// NewNameServerGroupNotFoundError creates a new Error with NotFound type for a missing name server group
|
|
func NewNameServerGroupNotFoundError(nsGroupID string) error {
|
|
return Errorf(NotFound, "nameserver group: %s not found", nsGroupID)
|
|
}
|
|
|
|
// NewNetworkNotFoundError creates a new Error with NotFound type for a missing network.
|
|
func NewNetworkNotFoundError(networkID string) error {
|
|
return Errorf(NotFound, "network: %s not found", networkID)
|
|
}
|
|
|
|
// NewNetworkRouterNotFoundError creates a new Error with NotFound type for a missing network router.
|
|
func NewNetworkRouterNotFoundError(routerID string) error {
|
|
return Errorf(NotFound, "network router: %s not found", routerID)
|
|
}
|
|
|
|
// NewNetworkResourceNotFoundError creates a new Error with NotFound type for a missing network resource.
|
|
func NewNetworkResourceNotFoundError(resourceID string) error {
|
|
return Errorf(NotFound, "network resource: %s not found", resourceID)
|
|
}
|
|
|
|
// NewPermissionDeniedError creates a new Error with PermissionDenied type for a permission denied error.
|
|
func NewPermissionDeniedError() error {
|
|
return Errorf(PermissionDenied, "permission denied")
|
|
}
|
|
|
|
func NewPermissionValidationError(err error) error {
|
|
return Errorf(PermissionDenied, "failed to vlidate user permissions: %s", err)
|
|
}
|
|
|
|
func NewResourceNotPartOfNetworkError(resourceID, networkID string) error {
|
|
return Errorf(BadRequest, "resource %s is not part of the network %s", resourceID, networkID)
|
|
}
|
|
|
|
func NewRouterNotPartOfNetworkError(routerID, networkID string) error {
|
|
return Errorf(BadRequest, "router %s is not part of the network %s", routerID, networkID)
|
|
}
|
|
|
|
// NewServiceUserRoleInvalidError creates a new Error with InvalidArgument type for creating a service user with owner role
|
|
func NewServiceUserRoleInvalidError() error {
|
|
return Errorf(InvalidArgument, "can't create a service user with owner role")
|
|
}
|
|
|
|
// NewOwnerDeletePermissionError creates a new Error with PermissionDenied type for attempting
|
|
// to delete a user with the owner role.
|
|
func NewOwnerDeletePermissionError() error {
|
|
return Errorf(PermissionDenied, "can't delete a user with the owner role")
|
|
}
|
|
|
|
func NewPATNotFoundError(patID string) error {
|
|
return Errorf(NotFound, "PAT: %s not found", patID)
|
|
}
|