Merge remote-tracking branch 'origin/prototype/reverse-proxy-clusters' into prototype/reverse-proxy

# Conflicts: # management/internals/modules/reverseproxy/manager/manager.go # management/internals/modules/reverseproxy/reverseproxy.go # management/internals/server/modules.go # management/internals/shared/grpc/proxy.go # management/server/http/handler.go # management/server/http/testing/testing_tools/channel/channel.go
2026-04-18 08:16:39 +00:00 · 2026-02-05 15:19:57 +01:00
parent 9b0387e7ee 5ccce1ab3f
commit 0e00f1c8f7
22 changed files with 466 additions and 126 deletions
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -26,7 +26,6 @@ import (
 	"golang.org/x/exp/maps"

 	nbdns "github.com/netbirdio/netbird/dns"
-	nbdomain "github.com/netbirdio/netbird/shared/management/domain"
 	"github.com/netbirdio/netbird/formatter/hook"
 	"github.com/netbirdio/netbird/management/internals/controllers/network_map"
 	nbconfig "github.com/netbirdio/netbird/management/internals/server/config"
@@ -49,6 +48,7 @@ import (
 	"github.com/netbirdio/netbird/management/server/types"
 	"github.com/netbirdio/netbird/management/server/util"
 	"github.com/netbirdio/netbird/route"
+	nbdomain "github.com/netbirdio/netbird/shared/management/domain"
 	"github.com/netbirdio/netbird/shared/management/status"
 )

--- a/management/server/http/handler.go
+++ b/management/server/http/handler.go
@@ -66,7 +66,7 @@ const (
 )

 // NewAPIHandler creates the Management service HTTP API handler registering all the available endpoints.
-func NewAPIHandler(ctx context.Context, accountManager account.Manager, networksManager nbnetworks.Manager, resourceManager resources.Manager, routerManager routers.Manager, groupsManager nbgroups.Manager, LocationManager geolocation.Geolocation, authManager auth.Manager, appMetrics telemetry.AppMetrics, integratedValidator integrated_validator.IntegratedValidator, proxyController port_forwarding.Controller, permissionsManager permissions.Manager, peersManager nbpeers.Manager, settingsManager settings.Manager, zManager zones.Manager, rManager records.Manager, networkMapController network_map.Controller, idpManager idpmanager.Manager, reverseProxyManager reverseproxy.Manager, reverseProxyDomainManager domain.Manager, reverseProxyAccessLogsManager accesslogs.Manager, proxyGRPCServer *nbgrpc.ProxyServiceServer) (http.Handler, error) {
+func NewAPIHandler(ctx context.Context, accountManager account.Manager, networksManager nbnetworks.Manager, resourceManager resources.Manager, routerManager routers.Manager, groupsManager nbgroups.Manager, LocationManager geolocation.Geolocation, authManager auth.Manager, appMetrics telemetry.AppMetrics, integratedValidator integrated_validator.IntegratedValidator, proxyController port_forwarding.Controller, permissionsManager permissions.Manager, peersManager nbpeers.Manager, settingsManager settings.Manager, zManager zones.Manager, rManager records.Manager, networkMapController network_map.Controller, idpManager idpmanager.Manager, reverseProxyManager reverseproxy.Manager, reverseProxyDomainManager *domain.Manager, reverseProxyAccessLogsManager accesslogs.Manager, proxyGRPCServer *nbgrpc.ProxyServiceServer) (http.Handler, error) {

 	// Register bypass paths for unauthenticated endpoints
 	if err := bypass.AddBypassPath("/api/instance"); err != nil {
@@ -166,7 +166,9 @@ func NewAPIHandler(ctx context.Context, accountManager account.Manager, networks
 	idp.AddEndpoints(accountManager, router)
 	instance.AddEndpoints(instanceManager, router)
 	instance.AddVersionEndpoint(instanceManager, router)
-	reverseproxymanager.RegisterEndpoints(reverseProxyManager, reverseProxyDomainManager, reverseProxyAccessLogsManager, router)
+	if reverseProxyManager != nil && reverseProxyDomainManager != nil {
+		reverseproxymanager.RegisterEndpoints(reverseProxyManager, *reverseProxyDomainManager, reverseProxyAccessLogsManager, router)
+	}

 	// Register OAuth callback handler for proxy authentication
 	if proxyGRPCServer != nil {
--- a/management/server/http/testing/testing_tools/channel/channel.go
+++ b/management/server/http/testing/testing_tools/channel/channel.go
@@ -110,7 +110,7 @@ func BuildApiBlackBoxWithDBState(t testing_tools.TB, sqlFile string, expectedPee
 	reverseProxyDomainManager := domain.NewManager(store, nil)
 	var accessLogsManager accesslogs.Manager

-	apiHandler, err := http2.NewAPIHandler(context.Background(), am, networksManagerMock, resourcesManagerMock, routersManagerMock, groupsManagerMock, geoMock, authManagerMock, metrics, validatorMock, proxyController, permissionsManager, peersManager, settingsManager, customZonesManager, zoneRecordsManager, networkMapController, nil, reverseProxyManager, reverseProxyDomainManager, accessLogsManager)
+	apiHandler, err := http2.NewAPIHandler(context.Background(), am, networksManagerMock, resourcesManagerMock, routersManagerMock, groupsManagerMock, geoMock, authManagerMock, metrics, validatorMock, proxyController, permissionsManager, peersManager, settingsManager, customZonesManager, zoneRecordsManager, networkMapController, nil, reverseProxyManager, reverseProxyDomainManager, accessLogsManager, nil)
 	if err != nil {
 		t.Fatalf("Failed to create API handler: %v", err)
 	}
--- a/management/server/idp/auth0.go
+++ b/management/server/idp/auth0.go
@@ -135,7 +135,7 @@ func NewAuth0Manager(config Auth0ClientConfig, appMetrics telemetry.AppMetrics)
 	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
 	httpTransport.MaxIdleConns = 5

-		httpClient := &http.Client{
+	httpClient := &http.Client{
 		Timeout:   idpTimeout(),
 		Transport: httpTransport,
 	}
--- a/management/server/idp/authentik.go
+++ b/management/server/idp/authentik.go
@@ -56,7 +56,7 @@ func NewAuthentikManager(config AuthentikClientConfig, appMetrics telemetry.AppM
 		Timeout:   idpTimeout(),
 		Transport: httpTransport,
 	}
-	
+
 	helper := JsonParser{}

 	if config.ClientID == "" {
--- a/management/server/idp/azure.go
+++ b/management/server/idp/azure.go
@@ -57,11 +57,11 @@ func NewAzureManager(config AzureClientConfig, appMetrics telemetry.AppMetrics)
 	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
 	httpTransport.MaxIdleConns = 5

-		httpClient := &http.Client{
+	httpClient := &http.Client{
 		Timeout:   idpTimeout(),
 		Transport: httpTransport,
 	}
-	
+
 	helper := JsonParser{}

 	if config.ClientID == "" {
--- a/management/server/idp/google_workspace.go
+++ b/management/server/idp/google_workspace.go
@@ -51,7 +51,7 @@ func NewGoogleWorkspaceManager(ctx context.Context, config GoogleWorkspaceClient
 		Timeout:   idpTimeout(),
 		Transport: httpTransport,
 	}
-	
+
 	helper := JsonParser{}

 	if config.CustomerID == "" {
--- a/management/server/idp/keycloak.go
+++ b/management/server/idp/keycloak.go
@@ -66,7 +66,7 @@ func NewKeycloakManager(config KeycloakClientConfig, appMetrics telemetry.AppMet
 		Timeout:   idpTimeout(),
 		Transport: httpTransport,
 	}
-	
+
 	helper := JsonParser{}

 	if config.ClientID == "" {
--- a/management/server/idp/pocketid.go
+++ b/management/server/idp/pocketid.go
@@ -90,7 +90,7 @@ func NewPocketIdManager(config PocketIdClientConfig, appMetrics telemetry.AppMet
 		Timeout:   idpTimeout(),
 		Transport: httpTransport,
 	}
-	
+
 	helper := JsonParser{}

 	if config.ManagementEndpoint == "" {
--- a/management/server/idp/util.go
+++ b/management/server/idp/util.go
@@ -76,7 +76,7 @@ const (
 	// Provides the env variable name for use with idpTimeout function
 	idpTimeoutEnv = "NB_IDP_TIMEOUT"
 	// Sets the defaultTimeout to 10s.
-	defaultTimeout  = 10 * time.Second
+	defaultTimeout = 10 * time.Second
 )

 // idpTimeout returns a timeout value for the IDP
--- a/management/server/idp/zitadel.go
+++ b/management/server/idp/zitadel.go
@@ -167,7 +167,7 @@ func NewZitadelManager(config ZitadelClientConfig, appMetrics telemetry.AppMetri
 		Timeout:   idpTimeout(),
 		Transport: httpTransport,
 	}
-	
+
 	helper := JsonParser{}

 	hasPAT := config.PAT != ""
--- a/management/server/permissions/modules/module.go
+++ b/management/server/permissions/modules/module.go
@@ -3,38 +3,38 @@ package modules
 type Module string

 const (
-	Networks    Module = "networks"
-	Peers       Module = "peers"
-	RemoteJobs  Module = "remote_jobs"
-	Groups      Module = "groups"
-	Settings    Module = "settings"
-	Accounts    Module = "accounts"
-	Dns         Module = "dns"
-	Nameservers Module = "nameservers"
-	Events      Module = "events"
-	Policies    Module = "policies"
-	Routes      Module = "routes"
-	Users       Module = "users"
-	SetupKeys   Module = "setup_keys"
-	Pats        Module = "pats"
+	Networks          Module = "networks"
+	Peers             Module = "peers"
+	RemoteJobs        Module = "remote_jobs"
+	Groups            Module = "groups"
+	Settings          Module = "settings"
+	Accounts          Module = "accounts"
+	Dns               Module = "dns"
+	Nameservers       Module = "nameservers"
+	Events            Module = "events"
+	Policies          Module = "policies"
+	Routes            Module = "routes"
+	Users             Module = "users"
+	SetupKeys         Module = "setup_keys"
+	Pats              Module = "pats"
 	IdentityProviders Module = "identity_providers"
 	Services          Module = "services"
 )

 var All = map[Module]struct{}{
-	Networks:    {},
-	Peers:       {},
-	RemoteJobs:  {},
-	Groups:      {},
-	Settings:    {},
-	Accounts:    {},
-	Dns:         {},
-	Nameservers: {},
-	Events:      {},
-	Policies:    {},
-	Routes:      {},
-	Users:       {},
-	SetupKeys:   {},
-	Pats:        {},
+	Networks:          {},
+	Peers:             {},
+	RemoteJobs:        {},
+	Groups:            {},
+	Settings:          {},
+	Accounts:          {},
+	Dns:               {},
+	Nameservers:       {},
+	Events:            {},
+	Policies:          {},
+	Routes:            {},
+	Users:             {},
+	SetupKeys:         {},
+	Pats:              {},
 	IdentityProviders: {},
 }
--- a/management/server/util/util.go
+++ b/management/server/util/util.go
@@ -50,4 +50,3 @@ func contains[T comparableObject[T]](slice []T, element T) bool {
 	}
 	return false
 }
-