Merge remote-tracking branch 'origin/fix/export-mgmt-config-url' into deploy/permissions-account

2026-04-20 17:26:40 +00:00 · 2025-03-25 11:45:41 +01:00
parent 865d89a142 dc8aac6549
commit 93c0172c8a
22 changed files with 196 additions and 106 deletions
--- a/management/server/config.go
+++ b/management/server/config.go
@@ -5,6 +5,7 @@ import (

 	"github.com/netbirdio/netbird/management/server/idp"
 	"github.com/netbirdio/netbird/management/server/store"
+	"github.com/netbirdio/netbird/management/server/types"
 	"github.com/netbirdio/netbird/util"
 )

@@ -34,7 +35,7 @@ const (
 type Config struct {
 	Stuns      []*Host
 	TURNConfig *TURNConfig
-	Relay      *Relay
+	Relay      *types.Relay
 	Signal     *Host

 	Datadir                string
@@ -76,12 +77,6 @@ type TURNConfig struct {
 	Turns                []*Host
 }

-type Relay struct {
-	Addresses      []string
-	CredentialsTTL util.Duration
-	Secret         string
-}
-
 // HttpServerConfig is a config of the HTTP Management service server
 type HttpServerConfig struct {
 	LetsEncryptDomain string
--- a/management/server/policy.go
+++ b/management/server/policy.go
@@ -255,15 +255,24 @@ func toProtocolFirewallRules(rules []*types.FirewallRule) []*proto.FirewallRule
 	for i := range rules {
 		rule := rules[i]

-		result[i] = &proto.FirewallRule{
+		fwRule := &proto.FirewallRule{
 			PolicyID:  []byte(rule.PolicyID),
 			PeerIP:    rule.PeerIP,
 			Direction: getProtoDirection(rule.Direction),
 			Action:    getProtoAction(rule.Action),
 			Protocol:  getProtoProtocol(rule.Protocol),
 			Port:      rule.Port,
-			PortInfo:  rule.PortRange.ToProto(),
 		}
+
+		if shouldUsePortRange(fwRule) {
+			fwRule.PortInfo = rule.PortRange.ToProto()
+		}
+
+		result[i] = fwRule
 	}
 	return result
 }
+
+func shouldUsePortRange(rule *proto.FirewallRule) bool {
+	return rule.Port == "" && (rule.Protocol == proto.RuleProtocol_UDP || rule.Protocol == proto.RuleProtocol_TCP)
+}
--- a/management/server/store/sql_store.go
+++ b/management/server/store/sql_store.go
@@ -220,6 +220,10 @@ func generateAccountSQLTypes(account *types.Account) {
 		account.SetupKeysG = append(account.SetupKeysG, *key)
 	}

+	if len(account.SetupKeys) != len(account.SetupKeysG) {
+		log.Warnf("SetupKeysG length mismatch for account %s", account.Id)
+	}
+
 	for id, peer := range account.Peers {
 		peer.ID = id
 		account.PeersG = append(account.PeersG, *peer)
--- a/management/server/store/sql_store_test.go
+++ b/management/server/store/sql_store_test.go
@@ -148,6 +148,10 @@ func runLargeTest(t *testing.T, store Store) {
 		account.NameServerGroups[nameserver.ID] = nameserver

 		setupKey, _ := types.GenerateDefaultSetupKey()
+		_, exists := account.SetupKeys[setupKey.Key]
+		if exists {
+			t.Errorf("setup key already exists")
+		}
 		account.SetupKeys[setupKey.Key] = setupKey
 	}

--- a/management/server/token_mgr.go
+++ b/management/server/token_mgr.go
@@ -13,6 +13,7 @@ import (

 	"github.com/netbirdio/netbird/management/proto"
 	"github.com/netbirdio/netbird/management/server/settings"
+	"github.com/netbirdio/netbird/management/server/types"
 	auth "github.com/netbirdio/netbird/relay/auth/hmac"
 	authv2 "github.com/netbirdio/netbird/relay/auth/hmac/v2"

@@ -33,7 +34,7 @@ type SecretsManager interface {
 type TimeBasedAuthSecretsManager struct {
 	mux             sync.Mutex
 	turnCfg         *TURNConfig
-	relayCfg        *Relay
+	relayCfg        *types.Relay
 	turnHmacToken   *auth.TimedHMAC
 	relayHmacToken  *authv2.Generator
 	updateManager   *PeersUpdateManager
@@ -44,7 +45,7 @@ type TimeBasedAuthSecretsManager struct {

 type Token auth.Token

-func NewTimeBasedAuthSecretsManager(updateManager *PeersUpdateManager, turnCfg *TURNConfig, relayCfg *Relay, settingsManager settings.Manager) *TimeBasedAuthSecretsManager {
+func NewTimeBasedAuthSecretsManager(updateManager *PeersUpdateManager, turnCfg *TURNConfig, relayCfg *types.Relay, settingsManager settings.Manager) *TimeBasedAuthSecretsManager {
 	mgr := &TimeBasedAuthSecretsManager{
 		updateManager:   updateManager,
 		turnCfg:         turnCfg,
--- a/management/server/token_mgr_test.go
+++ b/management/server/token_mgr_test.go
@@ -31,7 +31,7 @@ func TestTimeBasedAuthSecretsManager_GenerateCredentials(t *testing.T) {
 	secret := "some_secret"
 	peersManager := NewPeersUpdateManager(nil)

-	rc := &Relay{
+	rc := &types.Relay{
 		Addresses:      []string{"localhost:0"},
 		CredentialsTTL: ttl,
 		Secret:         secret,
@@ -81,7 +81,7 @@ func TestTimeBasedAuthSecretsManager_SetupRefresh(t *testing.T) {
 	peer := "some_peer"
 	updateChannel := peersManager.CreateChannel(context.Background(), peer)

-	rc := &Relay{
+	rc := &types.Relay{
 		Addresses:      []string{"localhost:0"},
 		CredentialsTTL: ttl,
 		Secret:         secret,
@@ -184,7 +184,7 @@ func TestTimeBasedAuthSecretsManager_CancelRefresh(t *testing.T) {
 	peersManager := NewPeersUpdateManager(nil)
 	peer := "some_peer"

-	rc := &Relay{
+	rc := &types.Relay{
 		Addresses:      []string{"localhost:0"},
 		CredentialsTTL: ttl,
 		Secret:         secret,
--- a/management/server/types/config.go
+++ b/management/server/types/config.go
@@ -0,0 +1,13 @@
+package types
+
+import "github.com/netbirdio/netbird/util"
+
+// MgmtConfigPath Config path of the Management service
+var MgmtConfigPath string
+
+// Relay configuration type
+type Relay struct {
+	Addresses      []string
+	CredentialsTTL util.Duration
+	Secret         string
+}