Add private network posture check (#1606)

* wip: Add PrivateNetworkCheck checks interface implementation * use generic CheckAction constant * Add private network check to posture checks * Fix copy function target in posture checks * Add network check functionality to posture package * regenerate the openapi specs * Update Posture Check actions in test file * Remove unused function * Refactor network address handling in PrivateNetworkCheck * Refactor Prefixes to Ranges in private network checks * Implement private network checks in posture checks handler tests * Add test for check copy * Add gorm serializer for network range
2026-04-19 00:36:38 +00:00 · 2024-02-22 19:22:43 +03:00
parent bbea4c3cc3
commit a47c69c472
11 changed files with 572 additions and 81 deletions
--- a/management/server/http/api/openapi.yml
+++ b/management/server/http/api/openapi.yml
@@ -862,6 +862,8 @@ components:
          $ref: '#/components/schemas/OSVersionCheck'
        geo_location_check:
          $ref: '#/components/schemas/GeoLocationCheck'
+        private_network_check:
+          $ref: '#/components/schemas/PrivateNetworkCheck'
    NBVersionCheck:
      description: Posture check for the version of NetBird
      type: object
@@ -932,6 +934,24 @@ components:
      required:
        - locations
        - action
+    PrivateNetworkCheck:
+      description: Posture check for allow or deny private network
+      type: object
+      properties:
+        ranges:
+          description: List of private network ranges in CIDR notation
+          type: array
+          items:
+            type: string
+            example: ["192.168.1.0/24", "10.0.0.0/8"]
+        action:
+          description: Action to take upon policy match
+          type: string
+          enum: [ "allow", "deny" ]
+          example: "allow"
+      required:
+        - ranges
+        - action
    Location:
      description: Describe geographical location information
      type: object