netbird/management/server
pascal-fischer 51f133fdc6
Extend system meta (#1598)
* wip: add posture checks structs

* add netbird version check

* Refactor posture checks and add version checks

* Add posture check activities (#1445)

* Integrate Endpoints for Posture Checks (#1432)

* wip: add posture checks structs

* add netbird version check

* Refactor posture checks and add version checks

* Implement posture and version checks in API models

* Refactor API models and enhance posture check functionality

* wip: add posture checks endpoints

* go mod tidy

* Reference the posture checks by id's in policy

* Add posture checks management to server

* Add posture checks management mocks

* implement posture checks handlers

* Add posture checks to account copy and fix tests

* Refactor posture checks validation

* wip: Add posture checks handler tests

* Add JSON encoding support to posture checks

* Encode posture checks to correct api response object

* Refactored posture checks implementation to align with the new API schema

* Refactor structure of `Checks` from slice to map

* Cleanup

* Add posture check activities (#1445)

* Revert map to use list of checks

* Add posture check activity events

* Refactor posture check initialization in account test

* Improve the handling of version range in posture check

* Fix tests and linter

* Remove max_version from NBVersionCheck

* Added unit tests for NBVersionCheck

* go mod tidy

* Extend policy endpoint with posture checks (#1450)

* Implement posture and version checks in API models

* go mod tidy

* Allow attaching posture checks to policy

* Update error message for linked posture check on deleting

* Refactor PostureCheck and Checks structures

* go mod tidy

* Add validation for non-existing posture checks

* fix unit tests

* use Wt version

* Remove the enabled field, as posture check will now automatically be activated by default when attaching to a policy

* wip: add posture checks structs

* add netbird version check

* Refactor posture checks and add version checks

* Add posture check activities (#1445)

* Integrate Endpoints for Posture Checks (#1432)

* wip: add posture checks structs

* add netbird version check

* Refactor posture checks and add version checks

* Implement posture and version checks in API models

* Refactor API models and enhance posture check functionality

* wip: add posture checks endpoints

* go mod tidy

* Reference the posture checks by id's in policy

* Add posture checks management to server

* Add posture checks management mocks

* implement posture checks handlers

* Add posture checks to account copy and fix tests

* Refactor posture checks validation

* wip: Add posture checks handler tests

* Add JSON encoding support to posture checks

* Encode posture checks to correct api response object

* Refactored posture checks implementation to align with the new API schema

* Refactor structure of `Checks` from slice to map

* Cleanup

* Add posture check activities (#1445)

* Revert map to use list of checks

* Add posture check activity events

* Refactor posture check initialization in account test

* Improve the handling of version range in posture check

* Fix tests and linter

* Remove max_version from NBVersionCheck

* Added unit tests for NBVersionCheck

* go mod tidy

* Extend policy endpoint with posture checks (#1450)

* Implement posture and version checks in API models

* go mod tidy

* Allow attaching posture checks to policy

* Update error message for linked posture check on deleting

* Refactor PostureCheck and Checks structures

* go mod tidy

* Add validation for non-existing posture checks

* fix unit tests

* use Wt version

* Remove the enabled field, as posture check will now automatically be activated by default when attaching to a policy

* Extend network map generation with posture checks (#1466)

* Apply posture checks to network map generation

* run policy posture checks on peers to connect

* Refactor and streamline policy posture check process for peers to connect.

* Add posture checks testing in a network map

* Remove redundant nil check in policy.go

* Refactor peer validation check in policy.go

* Update 'Check' function signature and use logger for version check

* Refactor posture checks run on sources and updated the validation func

* Update peer validation

* fix tests

* improved test coverage for policy posture check

* Refactoring

* Extend NetBird agent to collect kernel version (#1495)

* Add KernelVersion field to LoginRequest

* Add KernelVersion to system info retrieval

* Fix tests

* Remove Core field from system info

* Replace Core field with new OSVersion field in system info

* Added WMI dependency to info_windows.go

* Add OS Version posture checks  (#1479)

* Initial support of Geolocation service (#1491)

* Add Geo Location posture check (#1500)

* wip: implement geolocation check

* add geo location posture checks to posture api

* Merge branch 'feature/posture-checks' into geo-posture-check

* Remove CityGeoNameID and update required fields in API

* Add geoLocation checks to posture checks handler tests

* Implement geo location-based checks for peers

* Update test values and embed location struct in peer system

* add support for country wide checks

* initialize country code regex once

* Fix peer meta core compability with older clients (#1515)

* Refactor extraction of OSVersion in grpcserver

* Ignore lint check

* Fix peer meta core compability with older management (#1532)

* Revert core field deprecation

* fix tests

* Extend peer meta with location information (#1517)

This PR uses the geolocation service to resolve IP to location. 
The lookup happens once on the first connection - when a client calls the Sync func.
The location is stored as part of the peer:

* Add Locations endpoints (#1516)

* add locations endpoints

* Add sqlite3 check and database generation in geolite script

* Add SQLite storage for geolocation data

* Refactor file existence check into a separate function

* Integrate geolocation services into management application

* Refactoring

* Refactor city retrieval to include Geonames ID

* Add signature verification for GeoLite2 database download

* Change to in-memory database for geolocation store

* Merge manager to geolocation

* Update GetAllCountries to return Country name and iso code

* fix tests

* Add reload to SqliteStore

* Add geoname indexes

* move db file check to connectDB

* Add concurrency safety to SQL queries and database reloading

The commit adds mutex locks to the GetAllCountries and GetCitiesByCountry functions to ensure thread-safety during database queries. Additionally, it introduces a mechanism to safely close the old database connection before a new connection is established upon reloading, which improves the reliability of database operations. Lastly, it moves the checking of database file existence to the connectDB function.

* Add sha256 sum check to geolocation store before reload

* Use read lock

* Check SHA256 twice when reload geonames db

---------

Co-authored-by: Yury Gargay <yury.gargay@gmail.com>

* Add tests and validation for empty peer location in GeoLocationCheck (#1546)

* Disallow Geo check creation/update without configured Geo DB (#1548)

* Fix shared access to in memory copy of geonames.db (#1550)

* Trim suffix in when evaluate Min Kernel Version in OS check

* Add Valid Peer Windows Kernel version test

* Add Geolocation handler tests (#1556)

* Implement user admin checks in posture checks

* Add geolocation handler tests

* Mark initGeolocationTestData as helper func

* Add error handling to geolocation database closure

* Add cleanup function to close geolocation resources

* Simplify checks definition serialisation (#1555)

* Regenerate network map on posture check update (#1563)

* change network state and generate map on posture check update

* Refactoring

* Make city name optional (#1575)

* Do not return empty city name

* Validate action param of geo location checks (#1577)

We only support allow and deny

* Switch realip middleware to upstream (#1578)

* Be more silent in download-geolite2.sh script

* Fix geonames db reload (#1580)

* Ensure posture check name uniqueness when create (#1594)

* Enhance the management of posture checks (#1595)

* add a correct min version and kernel for os posture check example

* handle error when geo or location db is nil

* expose all peer location details in api response

* Check for nil geolocation manager only

* Validate posture check before save

* bump open api version

* add peer location fields to toPeerListItemResponse

* Feautre/extend sys meta (#1536)

* Collect network addresses

* Add Linux sys product info

* Fix peer meta comparison

* Collect sys info on mac

* Add windows sys info

* Fix test

* Fix test

* Fix grpc client

* Ignore test

* Fix test

* Collect IPv6 addresses

* Change the IP to IP + net

* fix tests

* Use netip on server side

* Serialize netip to json

* Extend Peer metadata with cloud detection (#1552)

* add cloud detection + test binary

* test windows exe

* Collect IPv6 addresses

* Change the IP to IP + net

* switch to forked cloud detect lib

* new test builds

* new GCE build

* discontinue using library but local copy instead

* fix imports

* remove openstack check

* add hierarchy to cloud check

* merge IBM and SoftLayer

* close resp bodies and use os lib for file reading

* close more resp bodies

* fix error check logic

* parallelize IBM checks

* fix response value

* go mod tidy

* include context + change kubernetes detection

* add context in info functions

* extract platform into separate field

* fix imports

* add missing wmi import

---------

Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>

---------

Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>

* generate proto

* remove test binaries

---------

Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: Yury Gargay <yury.gargay@gmail.com>
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-02-20 11:53:11 +01:00
..
account extract account into separate package 2023-11-28 14:34:57 +01:00
activity Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
geolocation Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
http Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
idp add owner role support (#1340) 2023-12-01 17:24:57 +01:00
jwtclaims Fix jwks validation and flag/config overriding (#1380) 2023-12-12 14:56:27 +01:00
metrics Merge branch 'main' into feature/peer-approval 2023-12-04 17:34:53 +01:00
mock_server Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
peer Extend system meta (#1598) 2024-02-20 11:53:11 +01:00
posture Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
status Move Login business logic from gRPC API to Accountmanager (#713) 2023-03-03 18:35:38 +01:00
telemetry Implement lightweight method to check is peer has update channel (#1351) 2023-12-05 14:17:56 +01:00
testdata Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
account_test.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
account.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
config.go Expose trusted proxy list and counter configuration for realip middleware (#1535) 2024-02-08 14:40:40 +01:00
dns_test.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
dns.go Allow service users with user role read-only access to all resources (#1484) 2024-01-25 09:50:27 +01:00
ephemeral_test.go extract peer into seperate package 2023-11-28 13:45:26 +01:00
ephemeral.go extract peer into seperate package 2023-11-28 13:45:26 +01:00
event_test.go Extend linter rules (#1300) 2023-11-10 16:33:13 +01:00
event.go Allow service users with user role read-only access to all resources (#1484) 2024-01-25 09:50:27 +01:00
file_store_test.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
file_store.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
group_test.go add owner role support (#1340) 2023-12-01 17:24:57 +01:00
group.go Return error when peer is not valid (#1573) 2024-02-13 10:59:31 +01:00
grpcserver.go Extend system meta (#1598) 2024-02-20 11:53:11 +01:00
management_proto_test.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
management_suite_test.go Move management server to a separate directory (#67) 2021-07-24 16:14:29 +02:00
management_test.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
nameserver_test.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
nameserver.go Allow adding 3 nameserver addresses (#1588) 2024-02-19 14:29:20 +01:00
network_test.go Exclude second last IP from allocation to use it in the Fake DNS (#912) 2023-05-30 18:26:44 +04:00
network.go Merge branch 'main' into feature/peer-approval 2023-11-29 16:27:01 +01:00
peer_test.go extract peer into seperate package 2023-11-28 13:45:26 +01:00
peer.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
personal_access_token_test.go move into separate package 2023-05-16 12:57:56 +02:00
personal_access_token.go Implement SQLite Store using gorm and relational approach (#1065) 2023-10-12 15:42:36 +02:00
policy_test.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
policy.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
posture_checks_test.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
posture_checks.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
route_test.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
route.go Allow service users with user role read-only access to all resources (#1484) 2024-01-25 09:50:27 +01:00
rule.go Implement SQLite Store using gorm and relational approach (#1065) 2023-10-12 15:42:36 +02:00
scheduler_test.go Proactively expire peers' login per account (#698) 2023-02-27 16:44:26 +01:00
scheduler.go Proactively expire peers' login per account (#698) 2023-02-27 16:44:26 +01:00
setupkey_test.go Allow service users with user role read-only access to all resources (#1484) 2024-01-25 09:50:27 +01:00
setupkey.go Allow service users with user role read-only access to all resources (#1484) 2024-01-25 09:50:27 +01:00
sqlite_store_test.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
sqlite_store.go Extend system meta (#1598) 2024-02-20 11:53:11 +01:00
store_test.go Extend linter rules (#1300) 2023-11-10 16:33:13 +01:00
store.go Add initial support of device posture checks (#1540) 2024-02-20 09:59:56 +01:00
turncredentials_test.go Add metrics for PeersUpdateManager (#1310) 2023-11-16 18:21:52 +01:00
turncredentials.go Reorder peer deletion when deleteing a user (#1191) 2023-10-03 16:46:58 +02:00
updatechannel_test.go Add metrics for PeersUpdateManager (#1310) 2023-11-16 18:21:52 +01:00
updatechannel.go Implement lightweight method to check is peer has update channel (#1351) 2023-12-05 14:17:56 +01:00
user_test.go Allow service users with user role read-only access to all resources (#1484) 2024-01-25 09:50:27 +01:00
user.go Get cache from external cache when refresh fails (#1537) 2024-02-07 16:14:30 +01:00