Revert "Merge branch 'main' into feature/remote-debug"

This reverts commit 6d6333058c, reversing
changes made to 446aded1f7.

shared/management/client/client_test.go

@@ -9,30 +9,34 @@ import (
 	"time"
 
 	"github.com/golang/mock/gomock"
-	log "github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 
-	"github.com/netbirdio/management-integrations/integrations"
 	"github.com/netbirdio/netbird/client/system"
-	"github.com/netbirdio/netbird/encryption"
 	"github.com/netbirdio/netbird/management/internals/server/config"
-	mgmt "github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/groups"
 	"github.com/netbirdio/netbird/management/server/integrations/port_forwarding"
-	"github.com/netbirdio/netbird/management/server/mock_server"
-	"github.com/netbirdio/netbird/management/server/peers"
 	"github.com/netbirdio/netbird/management/server/permissions"
 	"github.com/netbirdio/netbird/management/server/settings"
 	"github.com/netbirdio/netbird/management/server/store"
 	"github.com/netbirdio/netbird/management/server/telemetry"
 	"github.com/netbirdio/netbird/management/server/types"
+
+	log "github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/netbirdio/management-integrations/integrations"
+
+	"github.com/netbirdio/netbird/encryption"
+	mgmt "github.com/netbirdio/netbird/management/server"
+	"github.com/netbirdio/netbird/management/server/mock_server"
 	mgmtProto "github.com/netbirdio/netbird/shared/management/proto"
+
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
 	"github.com/netbirdio/netbird/util"
 )
 
@@ -69,31 +73,13 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
 	peersUpdateManager := mgmt.NewPeersUpdateManager(nil)
 	jobManager := mgmt.NewJobManager(nil, store)
 	eventStore := &activity.InMemoryEventStore{}
-
-	ctrl := gomock.NewController(t)
-	t.Cleanup(ctrl.Finish)
-
-	permissionsManagerMock := permissions.NewMockManager(ctrl)
-	permissionsManagerMock.
-		EXPECT().
-		ValidateUserPermissions(
-			gomock.Any(),
-			gomock.Any(),
-			gomock.Any(),
-			gomock.Any(),
-			gomock.Any(),
-		).
-		Return(true, nil).
-		AnyTimes()
-
-	peersManger := peers.NewManager(store, permissionsManagerMock)
-	settingsManagerMock := settings.NewMockManager(ctrl)
-
-	ia, _ := integrations.NewIntegratedValidator(context.Background(), peersManger, settingsManagerMock, eventStore)
+	ia, _ := integrations.NewIntegratedValidator(context.Background(), eventStore)
 
 	metrics, err := telemetry.NewDefaultAppMetrics(context.Background())
 	require.NoError(t, err)
 
+	ctrl := gomock.NewController(t)
+	t.Cleanup(ctrl.Finish)
 	settingsMockManager := settings.NewMockManager(ctrl)
 	settingsMockManager.
 		EXPECT().
@@ -124,7 +110,6 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
 		AnyTimes()
 
 	accountManager, err := mgmt.BuildManager(context.Background(), store, peersUpdateManager, jobManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManagerMock, false)
-
 	if err != nil {
 		t.Fatal(err)
 	}

shared/management/client/grpc.go

@@ -18,11 +18,11 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/connectivity"
 
-	nbgrpc "github.com/netbirdio/netbird/client/grpc"
 	"github.com/netbirdio/netbird/client/system"
 	"github.com/netbirdio/netbird/encryption"
 	"github.com/netbirdio/netbird/shared/management/domain"
 	"github.com/netbirdio/netbird/shared/management/proto"
+	nbgrpc "github.com/netbirdio/netbird/util/grpc"
 )
 
 const ConnectTimeout = 10 * time.Second
@@ -53,7 +53,7 @@ func NewClient(ctx context.Context, addr string, ourPrivateKey wgtypes.Key, tlsE
 
 	operation := func() error {
 		var err error
-		conn, err = nbgrpc.CreateConnection(ctx, addr, tlsEnabled)
+		conn, err = nbgrpc.CreateConnection(addr, tlsEnabled)
 		if err != nil {
 			log.Printf("createConnection error: %v", err)
 			return err

shared/management/client/rest/client_test.go

@@ -8,8 +8,8 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/netbirdio/netbird/management/server/http/testing/testing_tools/channel"
 	"github.com/netbirdio/netbird/shared/management/client/rest"
+	"github.com/netbirdio/netbird/management/server/http/testing/testing_tools"
 )
 
 func withMockClient(callback func(*rest.Client, *http.ServeMux)) {
@@ -26,7 +26,7 @@ func ptr[T any, PT *T](x T) PT {
 
 func withBlackBoxServer(t *testing.T, callback func(*rest.Client)) {
 	t.Helper()
-	handler, _, _ := channel.BuildApiBlackBoxWithDBState(t, "../../../../management/server/testdata/store.sql", nil, false)
+	handler, _, _ := testing_tools.BuildApiBlackBoxWithDBState(t, "../../../../management/server/testdata/store.sql", nil, false)
 	server := httptest.NewServer(handler)
 	defer server.Close()
 	c := rest.New(server.URL, "nbp_apTmlmUXHSC4PKmHwtIZNaGr8eqcVI2gMURp")

shared/management/http/api/openapi.yml

@@ -278,10 +278,6 @@ components:
           description: (Cloud only) Enables or disables peer approval globally. If enabled, all peers added will be in pending state until approved by an admin.
           type: boolean
           example: true
-        user_approval_required:
-          description: Enables manual approval for new users joining via domain matching. When enabled, users are blocked with pending approval status until explicitly approved by an admin.
-          type: boolean
-          example: false
         network_traffic_logs_enabled:
           description: Enables or disables network traffic logging. If enabled, all network traffic events from peers will be stored.
           type: boolean
@@ -298,7 +294,6 @@ components:
           example: true
       required:
         - peer_approval_enabled
-        - user_approval_required
         - network_traffic_logs_enabled
         - network_traffic_logs_groups
         - network_traffic_packet_counter_enabled
@@ -360,10 +355,6 @@ components:
           description: Is true if this user is blocked. Blocked users can't use the system
           type: boolean
           example: false
-        pending_approval:
-          description: Is true if this user requires approval before being activated. Only applicable for users joining via domain matching when user_approval_required is enabled.
-          type: boolean
-          example: false
         issued:
           description: How user was issued by API or Integration
           type: string
@@ -378,7 +369,6 @@ components:
         - auto_groups
         - status
         - is_blocked
-        - pending_approval
     UserPermissions:
       type: object
       properties:
@@ -1472,10 +1462,6 @@ components:
           items:
             type: string
             example: "chacbco6lnnbn6cg5s91"
-        skip_auto_apply:
-          description: Indicate if this exit node route (0.0.0.0/0) should skip auto-application for client routing
-          type: boolean
-          example: false
       required:
         - id
         - description
@@ -2778,63 +2764,6 @@ paths:
           "$ref": "#/components/responses/forbidden"
         '500':
           "$ref": "#/components/responses/internal_error"
-  /api/users/{userId}/approve:
-    post:
-      summary: Approve user
-      description: Approve a user that is pending approval
-      tags: [ Users ]
-      security:
-        - BearerAuth: [ ]
-        - TokenAuth: [ ]
-      parameters:
-        - in: path
-          name: userId
-          required: true
-          schema:
-            type: string
-          description: The unique identifier of a user
-      responses:
-        '200':
-          description: Returns the approved user
-          content:
-            application/json:
-              schema:
-                "$ref": "#/components/schemas/User"
-        '400':
-          "$ref": "#/components/responses/bad_request"
-        '401':
-          "$ref": "#/components/responses/requires_authentication"
-        '403':
-          "$ref": "#/components/responses/forbidden"
-        '500':
-          "$ref": "#/components/responses/internal_error"
-  /api/users/{userId}/reject:
-    delete:
-      summary: Reject user
-      description: Reject a user that is pending approval by removing them from the account
-      tags: [ Users ]
-      security:
-        - BearerAuth: [ ]
-        - TokenAuth: [ ]
-      parameters:
-        - in: path
-          name: userId
-          required: true
-          schema:
-            type: string
-          description: The unique identifier of a user
-      responses:
-        '200':
-          description: User rejected successfully
-          content: {}
-        '400':
-          "$ref": "#/components/responses/bad_request"
-        '401':
-          "$ref": "#/components/responses/requires_authentication"
-        '403':
-          "$ref": "#/components/responses/forbidden"
-        '500':
-          "$ref": "#/components/responses/internal_error"
   /api/users/current:
     get:
       summary: Retrieve current user

shared/management/http/api/types.gen.go

@@ -284,9 +284,6 @@ type AccountExtraSettings struct {
 
 	// PeerApprovalEnabled (Cloud only) Enables or disables peer approval globally. If enabled, all peers added will be in pending state until approved by an admin.
 	PeerApprovalEnabled bool `json:"peer_approval_enabled"`
-
-	// UserApprovalRequired Enables manual approval for new users joining via domain matching. When enabled, users are blocked with pending approval status until explicitly approved by an admin.
-	UserApprovalRequired bool `json:"user_approval_required"`
 }
 
 // AccountOnboarding defines model for AccountOnboarding.
@@ -1622,9 +1619,6 @@ type Route struct {
 
 	// PeerGroups Peers Group Identifier associated with route. This property can not be set together with `peer`
 	PeerGroups *[]string `json:"peer_groups,omitempty"`
-
-	// SkipAutoApply Indicate if this exit node route (0.0.0.0/0) should skip auto-application for client routing
-	SkipAutoApply *bool `json:"skip_auto_apply,omitempty"`
 }
 
 // RouteRequest defines model for RouteRequest.
@@ -1664,9 +1658,6 @@ type RouteRequest struct {
 
 	// PeerGroups Peers Group Identifier associated with route. This property can not be set together with `peer`
 	PeerGroups *[]string `json:"peer_groups,omitempty"`
-
-	// SkipAutoApply Indicate if this exit node route (0.0.0.0/0) should skip auto-application for client routing
-	SkipAutoApply *bool `json:"skip_auto_apply,omitempty"`
 }
 
 // RulePortRange Policy rule affected ports range
@@ -1855,11 +1846,8 @@ type User struct {
 	LastLogin *time.Time `json:"last_login,omitempty"`
 
 	// Name User's name from idp provider
-	Name string `json:"name"`
-
-	// PendingApproval Is true if this user requires approval before being activated. Only applicable for users joining via domain matching when user_approval_required is enabled.
-	PendingApproval bool             `json:"pending_approval"`
-	Permissions     *UserPermissions `json:"permissions,omitempty"`
+	Name        string           `json:"name"`
+	Permissions *UserPermissions `json:"permissions,omitempty"`
 
 	// Role User's NetBird account role
 	Role string `json:"role"`

shared/management/proto/management.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v4.24.3
+// 	protoc        v3.21.12
 // source: management.proto
 
 package proto
@@ -1982,7 +1982,6 @@ type PeerConfig struct {
 	Fqdn                            string `protobuf:"bytes,4,opt,name=fqdn,proto3" json:"fqdn,omitempty"`
 	RoutingPeerDnsResolutionEnabled bool   `protobuf:"varint,5,opt,name=RoutingPeerDnsResolutionEnabled,proto3" json:"RoutingPeerDnsResolutionEnabled,omitempty"`
 	LazyConnectionEnabled           bool   `protobuf:"varint,6,opt,name=LazyConnectionEnabled,proto3" json:"LazyConnectionEnabled,omitempty"`
-	Mtu                             int32  `protobuf:"varint,7,opt,name=mtu,proto3" json:"mtu,omitempty"`
 }
 
 func (x *PeerConfig) Reset() {
@@ -2059,13 +2058,6 @@ func (x *PeerConfig) GetLazyConnectionEnabled() bool {
 	return false
 }
 
-func (x *PeerConfig) GetMtu() int32 {
-	if x != nil {
-		return x.Mtu
-	}
-	return 0
-}
-
 // NetworkMap represents a network state of the peer with the corresponding configuration parameters to establish peer-to-peer connections
 type NetworkMap struct {
 	state         protoimpl.MessageState
@@ -2701,16 +2693,15 @@ type Route struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	ID            string   `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
-	Network       string   `protobuf:"bytes,2,opt,name=Network,proto3" json:"Network,omitempty"`
-	NetworkType   int64    `protobuf:"varint,3,opt,name=NetworkType,proto3" json:"NetworkType,omitempty"`
-	Peer          string   `protobuf:"bytes,4,opt,name=Peer,proto3" json:"Peer,omitempty"`
-	Metric        int64    `protobuf:"varint,5,opt,name=Metric,proto3" json:"Metric,omitempty"`
-	Masquerade    bool     `protobuf:"varint,6,opt,name=Masquerade,proto3" json:"Masquerade,omitempty"`
-	NetID         string   `protobuf:"bytes,7,opt,name=NetID,proto3" json:"NetID,omitempty"`
-	Domains       []string `protobuf:"bytes,8,rep,name=Domains,proto3" json:"Domains,omitempty"`
-	KeepRoute     bool     `protobuf:"varint,9,opt,name=keepRoute,proto3" json:"keepRoute,omitempty"`
-	SkipAutoApply bool     `protobuf:"varint,10,opt,name=skipAutoApply,proto3" json:"skipAutoApply,omitempty"`
+	ID          string   `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
+	Network     string   `protobuf:"bytes,2,opt,name=Network,proto3" json:"Network,omitempty"`
+	NetworkType int64    `protobuf:"varint,3,opt,name=NetworkType,proto3" json:"NetworkType,omitempty"`
+	Peer        string   `protobuf:"bytes,4,opt,name=Peer,proto3" json:"Peer,omitempty"`
+	Metric      int64    `protobuf:"varint,5,opt,name=Metric,proto3" json:"Metric,omitempty"`
+	Masquerade  bool     `protobuf:"varint,6,opt,name=Masquerade,proto3" json:"Masquerade,omitempty"`
+	NetID       string   `protobuf:"bytes,7,opt,name=NetID,proto3" json:"NetID,omitempty"`
+	Domains     []string `protobuf:"bytes,8,rep,name=Domains,proto3" json:"Domains,omitempty"`
+	KeepRoute   bool     `protobuf:"varint,9,opt,name=keepRoute,proto3" json:"keepRoute,omitempty"`
 }
 
 func (x *Route) Reset() {
@@ -2808,13 +2799,6 @@ func (x *Route) GetKeepRoute() bool {
 	return false
 }
 
-func (x *Route) GetSkipAutoApply() bool {
-	if x != nil {
-		return x.SkipAutoApply
-	}
-	return false
-}
-
 // DNSConfig represents a dns.Update
 type DNSConfig struct {
 	state         protoimpl.MessageState

shared/management/proto/management.proto

@@ -303,8 +303,6 @@ message PeerConfig {
   bool RoutingPeerDnsResolutionEnabled = 5;
 
   bool LazyConnectionEnabled = 6;
-
-  int32 mtu = 7;
 }
 
 // NetworkMap represents a network state of the peer with the corresponding configuration parameters to establish peer-to-peer connections
@@ -441,7 +439,6 @@ message Route {
   string NetID = 7;
   repeated string Domains = 8;
   bool keepRoute = 9;
-  bool skipAutoApply = 10;
 }
 
 // DNSConfig represents a dns.Update

shared/management/status/error.go

@@ -42,10 +42,7 @@ const (
 // Type is a type of the Error
 type Type int32
 
-var (
-	ErrExtraSettingsNotFound = errors.New("extra settings not found")
-	ErrPeerAlreadyLoggedIn   = errors.New("peer with the same public key is already logged in")
-)
+var ErrExtraSettingsNotFound = fmt.Errorf("extra settings not found")
 
 // Error is an internal error
 type Error struct {
@@ -113,11 +110,6 @@ func NewUserBlockedError() error {
 	return Errorf(PermissionDenied, "user is blocked")
 }
 
-// NewUserPendingApprovalError creates a new Error with PermissionDenied type for a blocked user pending approval
-func NewUserPendingApprovalError() error {
-	return Errorf(PermissionDenied, "user is pending approval")
-}
-
 // NewPeerNotRegisteredError creates a new Error with Unauthenticated type unregistered peer
 func NewPeerNotRegisteredError() error {
 	return Errorf(Unauthenticated, "peer is not registered")