sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-05-08 09:49:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge main branch into feature/client-metrics

Browse Source
This commit is contained in:
Zoltán Papp
2026-01-21 11:22:01 +01:00
parent e3a5c44d37 e908dea702
commit bb377a2885
162 changed files with 16301 additions and 2734 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
shared/management/client/client.go
View File

@@ -14,6 +14,7 @@ import (
type Client interface {
io.Closer
Sync(ctx context.Context, sysInfo *system.Info, msgHandler func(msg *proto.SyncResponse) error) error
Job(ctx context.Context, msgHandler func(msg *proto.JobRequest) *proto.JobResponse) error
GetServerPublicKey() (*wgtypes.Key, error)
Register(serverKey wgtypes.Key, setupKey string, jwtToken string, sysInfo *system.Info, sshKey []byte, dnsLabels domain.List) (*proto.LoginResponse, error)
Login(serverKey wgtypes.Key, sysInfo *system.Info, sshKey []byte, dnsLabels domain.List) (*proto.LoginResponse, error)

10
shared/management/client/client_test.go
View File

@@ -18,12 +18,13 @@ import (
"google.golang.org/grpc/status"
"github.com/netbirdio/management-integrations/integrations"
ephemeral_manager "github.com/netbirdio/netbird/management/internals/modules/peers/ephemeral/manager"
"github.com/netbirdio/netbird/management/internals/controllers/network_map/controller"
"github.com/netbirdio/netbird/management/internals/controllers/network_map/update_channel"
"github.com/netbirdio/netbird/management/internals/modules/peers"
"github.com/netbirdio/netbird/management/internals/modules/peers/ephemeral/manager"
nbgrpc "github.com/netbirdio/netbird/management/internals/shared/grpc"
"github.com/netbirdio/netbird/management/server/job"
"github.com/netbirdio/netbird/client/system"
"github.com/netbirdio/netbird/encryption"
@@ -92,6 +93,7 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
peersManger := peers.NewManager(store, permissionsManagerMock)
settingsManagerMock := settings.NewMockManager(ctrl)
jobManager := job.NewJobManager(nil, store, peersManger)
ia, _ := integrations.NewIntegratedValidator(context.Background(), peersManger, settingsManagerMock, eventStore)
@@ -117,8 +119,8 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
ctx := context.Background()
updateManager := update_channel.NewPeersUpdateManager(metrics)
requestBuffer := mgmt.NewAccountRequestBuffer(ctx, store)
networkMapController := controller.NewController(ctx, store, metrics, updateManager, requestBuffer, mgmt.MockIntegratedValidator{}, settingsMockManager, "netbird.selfhosted", port_forwarding.NewControllerMock(), manager.NewEphemeralManager(store, peersManger), config)
accountManager, err := mgmt.BuildManager(context.Background(), config, store, networkMapController, nil, "", eventStore, nil, false, ia, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManagerMock, false)
networkMapController := controller.NewController(ctx, store, metrics, updateManager, requestBuffer, mgmt.MockIntegratedValidator{}, settingsMockManager, "netbird.selfhosted", port_forwarding.NewControllerMock(), ephemeral_manager.NewEphemeralManager(store, peersManger), config)
accountManager, err := mgmt.BuildManager(context.Background(), config, store, networkMapController, jobManager, nil, "", eventStore, nil, false, ia, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManagerMock, false)
if err != nil {
t.Fatal(err)
}
@@ -129,7 +131,7 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
if err != nil {
t.Fatal(err)
}
mgmtServer, err := nbgrpc.NewServer(config, accountManager, settingsMockManager, secretsManager, nil, nil, mgmt.MockIntegratedValidator{}, networkMapController, nil)
mgmtServer, err := nbgrpc.NewServer(config, accountManager, settingsMockManager, jobManager, secretsManager, nil, nil, mgmt.MockIntegratedValidator{}, networkMapController, nil)
if err != nil {
t.Fatal(err)
}

202
shared/management/client/grpc.go
View File

@@ -12,6 +12,7 @@ import (
gstatus "google.golang.org/grpc/status"
"github.com/cenkalti/backoff/v4"
"github.com/google/uuid"
log "github.com/sirupsen/logrus"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
"google.golang.org/grpc"
@@ -118,8 +119,26 @@ func (c *GrpcClient) ready() bool {
// Sync wraps the real client's Sync endpoint call and takes care of retries and encryption/decryption of messages
// Blocking request. The result will be sent via msgHandler callback function
func (c *GrpcClient) Sync(ctx context.Context, sysInfo *system.Info, msgHandler func(msg *proto.SyncResponse) error) error {
backOff := defaultBackoff(ctx)
return c.withMgmtStream(ctx, func(ctx context.Context, serverPubKey wgtypes.Key) error {
return c.handleSyncStream(ctx, serverPubKey, sysInfo, msgHandler)
})
}
// Job wraps the real client's Job endpoint call and takes care of retries and encryption/decryption of messages
// Blocking request. The result will be sent via msgHandler callback function
func (c *GrpcClient) Job(ctx context.Context, msgHandler func(msg *proto.JobRequest) *proto.JobResponse) error {
return c.withMgmtStream(ctx, func(ctx context.Context, serverPubKey wgtypes.Key) error {
return c.handleJobStream(ctx, serverPubKey, msgHandler)
})
}
// withMgmtStream runs a streaming operation against the ManagementService
// It takes care of retries, connection readiness, and fetching server public key.
func (c *GrpcClient) withMgmtStream(
ctx context.Context,
handler func(ctx context.Context, serverPubKey wgtypes.Key) error,
) error {
backOff := defaultBackoff(ctx)
operation := func() error {
log.Debugf("management connection state %v", c.conn.GetState())
connState := c.conn.GetState()
@@ -137,7 +156,7 @@ func (c *GrpcClient) Sync(ctx context.Context, sysInfo *system.Info, msgHandler
return err
}
return c.handleStream(ctx, *serverPubKey, sysInfo, msgHandler, backOff)
return handler(ctx, *serverPubKey)
}
err := backoff.Retry(operation, backOff)
@@ -148,12 +167,153 @@ func (c *GrpcClient) Sync(ctx context.Context, sysInfo *system.Info, msgHandler
return err
}
func (c *GrpcClient) handleStream(ctx context.Context, serverPubKey wgtypes.Key, sysInfo *system.Info,
msgHandler func(msg *proto.SyncResponse) error, backOff backoff.BackOff) error {
func (c *GrpcClient) handleJobStream(
ctx context.Context,
serverPubKey wgtypes.Key,
msgHandler func(msg *proto.JobRequest) *proto.JobResponse,
) error {
ctx, cancelStream := context.WithCancel(ctx)
defer cancelStream()
stream, err := c.connectToStream(ctx, serverPubKey, sysInfo)
stream, err := c.realClient.Job(ctx)
if err != nil {
log.Errorf("failed to open job stream: %v", err)
return err
}
// Handshake with the server
if err := c.sendHandshake(ctx, stream, serverPubKey); err != nil {
return err
}
log.Debug("job stream handshake sent successfully")
// Main loop: receive, process, respond
for {
jobReq, err := c.receiveJobRequest(ctx, stream, serverPubKey)
if err != nil {
if s, ok := gstatus.FromError(err); ok {
switch s.Code() {
case codes.PermissionDenied:
c.notifyDisconnected(err)
return backoff.Permanent(err) // unrecoverable error, propagate to the upper layer
case codes.Canceled:
log.Debugf("management connection context has been canceled, this usually indicates shutdown")
return err
case codes.Unimplemented:
log.Warn("Job feature is not supported by the current management server version. " +
"Please update the management service to use this feature.")
return nil
default:
c.notifyDisconnected(err)
log.Warnf("disconnected from the Management service but will retry silently. Reason: %v", err)
return err
}
} else {
// non-gRPC error
c.notifyDisconnected(err)
log.Warnf("disconnected from the Management service but will retry silently. Reason: %v", err)
return err
}
}
if jobReq == nil || len(jobReq.ID) == 0 {
log.Debug("received unknown or empty job request, skipping")
continue
}
log.Infof("received a new job from the management server (ID: %s)", jobReq.ID)
jobResp := c.processJobRequest(ctx, jobReq, msgHandler)
if err := c.sendJobResponse(ctx, stream, serverPubKey, jobResp); err != nil {
return err
}
}
}
// sendHandshake sends the initial handshake message
func (c *GrpcClient) sendHandshake(ctx context.Context, stream proto.ManagementService_JobClient, serverPubKey wgtypes.Key) error {
handshakeReq := &proto.JobRequest{
ID: []byte(uuid.New().String()),
}
encHello, err := encryption.EncryptMessage(serverPubKey, c.key, handshakeReq)
if err != nil {
log.Errorf("failed to encrypt handshake message: %v", err)
return err
}
return stream.Send(&proto.EncryptedMessage{
WgPubKey: c.key.PublicKey().String(),
Body: encHello,
})
}
// receiveJobRequest waits for and decrypts a job request
func (c *GrpcClient) receiveJobRequest(
ctx context.Context,
stream proto.ManagementService_JobClient,
serverPubKey wgtypes.Key,
) (*proto.JobRequest, error) {
encryptedMsg, err := stream.Recv()
if err != nil {
return nil, err
}
jobReq := &proto.JobRequest{}
if err := encryption.DecryptMessage(serverPubKey, c.key, encryptedMsg.Body, jobReq); err != nil {
log.Warnf("failed to decrypt job request: %v", err)
return nil, err
}
return jobReq, nil
}
// processJobRequest executes the handler and ensures a valid response
func (c *GrpcClient) processJobRequest(
ctx context.Context,
jobReq *proto.JobRequest,
msgHandler func(msg *proto.JobRequest) *proto.JobResponse,
) *proto.JobResponse {
jobResp := msgHandler(jobReq)
if jobResp == nil {
jobResp = &proto.JobResponse{
ID: jobReq.ID,
Status: proto.JobStatus_failed,
Reason: []byte("handler returned nil response"),
}
log.Warnf("job handler returned nil for job %s", string(jobReq.ID))
}
return jobResp
}
// sendJobResponse encrypts and sends a job response
func (c *GrpcClient) sendJobResponse(
ctx context.Context,
stream proto.ManagementService_JobClient,
serverPubKey wgtypes.Key,
resp *proto.JobResponse,
) error {
encResp, err := encryption.EncryptMessage(serverPubKey, c.key, resp)
if err != nil {
log.Errorf("failed to encrypt job response for job %s: %v", string(resp.ID), err)
return err
}
if err := stream.Send(&proto.EncryptedMessage{
WgPubKey: c.key.PublicKey().String(),
Body: encResp,
}); err != nil {
log.Errorf("failed to send job response for job %s: %v", string(resp.ID), err)
return err
}
log.Infof("job response sent for job %s (status: %s)", string(resp.ID), resp.Status.String())
return nil
}
func (c *GrpcClient) handleSyncStream(ctx context.Context, serverPubKey wgtypes.Key, sysInfo *system.Info, msgHandler func(msg *proto.SyncResponse) error) error {
ctx, cancelStream := context.WithCancel(ctx)
defer cancelStream()
stream, err := c.connectToSyncStream(ctx, serverPubKey, sysInfo)
if err != nil {
log.Debugf("failed to open Management Service stream: %s", err)
if s, ok := gstatus.FromError(err); ok && s.Code() == codes.PermissionDenied {
@@ -166,20 +326,22 @@ func (c *GrpcClient) handleStream(ctx context.Context, serverPubKey wgtypes.Key,
c.notifyConnected()
// blocking until error
err = c.receiveEvents(stream, serverPubKey, msgHandler)
// we need this reset because after a successful connection and a consequent error, backoff lib doesn't
// reset times and next try will start with a long delay
backOff.Reset()
err = c.receiveUpdatesEvents(stream, serverPubKey, msgHandler)
if err != nil {
c.notifyDisconnected(err)
s, _ := gstatus.FromError(err)
switch s.Code() {
case codes.PermissionDenied:
return backoff.Permanent(err) // unrecoverable error, propagate to the upper layer
case codes.Canceled:
log.Debugf("management connection context has been canceled, this usually indicates shutdown")
return nil
default:
if s, ok := gstatus.FromError(err); ok {
switch s.Code() {
case codes.PermissionDenied:
return backoff.Permanent(err) // unrecoverable error, propagate to the upper layer
case codes.Canceled:
log.Debugf("management connection context has been canceled, this usually indicates shutdown")
return nil
default:
log.Warnf("disconnected from the Management service but will retry silently. Reason: %v", err)
return err
}
} else {
// non-gRPC error
log.Warnf("disconnected from the Management service but will retry silently. Reason: %v", err)
return err
}
@@ -198,7 +360,7 @@ func (c *GrpcClient) GetNetworkMap(sysInfo *system.Info) (*proto.NetworkMap, err
ctx, cancelStream := context.WithCancel(c.ctx)
defer cancelStream()
stream, err := c.connectToStream(ctx, *serverPubKey, sysInfo)
stream, err := c.connectToSyncStream(ctx, *serverPubKey, sysInfo)
if err != nil {
log.Debugf("failed to open Management Service stream: %s", err)
return nil, err
@@ -231,7 +393,7 @@ func (c *GrpcClient) GetNetworkMap(sysInfo *system.Info) (*proto.NetworkMap, err
return decryptedResp.GetNetworkMap(), nil
}
func (c *GrpcClient) connectToStream(ctx context.Context, serverPubKey wgtypes.Key, sysInfo *system.Info) (proto.ManagementService_SyncClient, error) {
func (c *GrpcClient) connectToSyncStream(ctx context.Context, serverPubKey wgtypes.Key, sysInfo *system.Info) (proto.ManagementService_SyncClient, error) {
req := &proto.SyncRequest{Meta: infoToMetaData(sysInfo)}
myPrivateKey := c.key
@@ -250,7 +412,7 @@ func (c *GrpcClient) connectToStream(ctx context.Context, serverPubKey wgtypes.K
return sync, nil
}
func (c *GrpcClient) receiveEvents(stream proto.ManagementService_SyncClient, serverPubKey wgtypes.Key, msgHandler func(msg *proto.SyncResponse) error) error {
func (c *GrpcClient) receiveUpdatesEvents(stream proto.ManagementService_SyncClient, serverPubKey wgtypes.Key, msgHandler func(msg *proto.SyncResponse) error) error {
for {
update, err := stream.Recv()
if err == io.EOF {

8
shared/management/client/mock.go
View File

@@ -20,6 +20,7 @@ type MockClient struct {
GetPKCEAuthorizationFlowFunc func(serverKey wgtypes.Key) (*proto.PKCEAuthorizationFlow, error)
SyncMetaFunc func(sysInfo *system.Info) error
LogoutFunc func() error
JobFunc func(ctx context.Context, msgHandler func(msg *proto.JobRequest) *proto.JobResponse) error
}
func (m *MockClient) IsHealthy() bool {
@@ -40,6 +41,13 @@ func (m *MockClient) Sync(ctx context.Context, sysInfo *system.Info, msgHandler
return m.SyncFunc(ctx, sysInfo, msgHandler)
}
func (m *MockClient) Job(ctx context.Context, msgHandler func(msg *proto.JobRequest) *proto.JobResponse) error {
if m.JobFunc == nil {
return nil
}
return m.JobFunc(ctx, msgHandler)
}
func (m *MockClient) GetServerPublicKey() (*wgtypes.Key, error) {
if m.GetServerPublicKeyFunc == nil {
return nil, nil

7
shared/management/client/rest/client.go
View File

@@ -59,9 +59,13 @@ type Client struct {
Routes *RoutesAPI
// DNS NetBird DNS APIs
// see more: https://docs.netbird.io/api/resources/routes
// see more: https://docs.netbird.io/api/resources/dns
DNS *DNSAPI
// DNSZones NetBird DNS Zones APIs
// see more: https://docs.netbird.io/api/resources/dns-zones
DNSZones *DNSZonesAPI
// GeoLocation NetBird Geo Location APIs
// see more: https://docs.netbird.io/api/resources/geo-locations
GeoLocation *GeoLocationAPI
@@ -113,6 +117,7 @@ func (c *Client) initialize() {
c.Networks = &NetworksAPI{c}
c.Routes = &RoutesAPI{c}
c.DNS = &DNSAPI{c}
c.DNSZones = &DNSZonesAPI{c}
c.GeoLocation = &GeoLocationAPI{c}
c.Events = &EventsAPI{c}
}

170
shared/management/client/rest/dns_zones.go Normal file
View File

@@ -0,0 +1,170 @@
package rest
import (
"bytes"
"context"
"encoding/json"
"github.com/netbirdio/netbird/shared/management/http/api"
)
// DNSZonesAPI APIs for DNS Zones Management, do not use directly
type DNSZonesAPI struct {
c *Client
}
// ListZones list all DNS zones
// See more: https://docs.netbird.io/api/resources/dns-zones#list-all-dns-zones
func (a *DNSZonesAPI) ListZones(ctx context.Context) ([]api.Zone, error) {
resp, err := a.c.NewRequest(ctx, "GET", "/api/dns/zones", nil, nil)
if err != nil {
return nil, err
}
if resp.Body != nil {
defer resp.Body.Close()
}
ret, err := parseResponse[[]api.Zone](resp)
return ret, err
}
// GetZone get DNS zone info
// See more: https://docs.netbird.io/api/resources/dns-zones#retrieve-a-dns-zone
func (a *DNSZonesAPI) GetZone(ctx context.Context, zoneID string) (*api.Zone, error) {
resp, err := a.c.NewRequest(ctx, "GET", "/api/dns/zones/"+zoneID, nil, nil)
if err != nil {
return nil, err
}
if resp.Body != nil {
defer resp.Body.Close()
}
ret, err := parseResponse[api.Zone](resp)
return &ret, err
}
// CreateZone create new DNS zone
// See more: https://docs.netbird.io/api/resources/dns-zones#create-a-dns-zone
func (a *DNSZonesAPI) CreateZone(ctx context.Context, request api.PostApiDnsZonesJSONRequestBody) (*api.Zone, error) {
requestBytes, err := json.Marshal(request)
if err != nil {
return nil, err
}
resp, err := a.c.NewRequest(ctx, "POST", "/api/dns/zones", bytes.NewReader(requestBytes), nil)
if err != nil {
return nil, err
}
if resp.Body != nil {
defer resp.Body.Close()
}
ret, err := parseResponse[api.Zone](resp)
return &ret, err
}
// UpdateZone update DNS zone info
// See more: https://docs.netbird.io/api/resources/dns-zones#update-a-dns-zone
func (a *DNSZonesAPI) UpdateZone(ctx context.Context, zoneID string, request api.PutApiDnsZonesZoneIdJSONRequestBody) (*api.Zone, error) {
requestBytes, err := json.Marshal(request)
if err != nil {
return nil, err
}
resp, err := a.c.NewRequest(ctx, "PUT", "/api/dns/zones/"+zoneID, bytes.NewReader(requestBytes), nil)
if err != nil {
return nil, err
}
if resp.Body != nil {
defer resp.Body.Close()
}
ret, err := parseResponse[api.Zone](resp)
return &ret, err
}
// DeleteZone delete DNS zone
// See more: https://docs.netbird.io/api/resources/dns-zones#delete-a-dns-zone
func (a *DNSZonesAPI) DeleteZone(ctx context.Context, zoneID string) error {
resp, err := a.c.NewRequest(ctx, "DELETE", "/api/dns/zones/"+zoneID, nil, nil)
if err != nil {
return err
}
if resp.Body != nil {
defer resp.Body.Close()
}
return nil
}
// ListRecords list all DNS records in a zone
// See more: https://docs.netbird.io/api/resources/dns-zones#list-all-dns-records
func (a *DNSZonesAPI) ListRecords(ctx context.Context, zoneID string) ([]api.DNSRecord, error) {
resp, err := a.c.NewRequest(ctx, "GET", "/api/dns/zones/"+zoneID+"/records", nil, nil)
if err != nil {
return nil, err
}
if resp.Body != nil {
defer resp.Body.Close()
}
ret, err := parseResponse[[]api.DNSRecord](resp)
return ret, err
}
// GetRecord get DNS record info
// See more: https://docs.netbird.io/api/resources/dns-zones#retrieve-a-dns-record
func (a *DNSZonesAPI) GetRecord(ctx context.Context, zoneID, recordID string) (*api.DNSRecord, error) {
resp, err := a.c.NewRequest(ctx, "GET", "/api/dns/zones/"+zoneID+"/records/"+recordID, nil, nil)
if err != nil {
return nil, err
}
if resp.Body != nil {
defer resp.Body.Close()
}
ret, err := parseResponse[api.DNSRecord](resp)
return &ret, err
}
// CreateRecord create new DNS record in a zone
// See more: https://docs.netbird.io/api/resources/dns-zones#create-a-dns-record
func (a *DNSZonesAPI) CreateRecord(ctx context.Context, zoneID string, request api.PostApiDnsZonesZoneIdRecordsJSONRequestBody) (*api.DNSRecord, error) {
requestBytes, err := json.Marshal(request)
if err != nil {
return nil, err
}
resp, err := a.c.NewRequest(ctx, "POST", "/api/dns/zones/"+zoneID+"/records", bytes.NewReader(requestBytes), nil)
if err != nil {
return nil, err
}
if resp.Body != nil {
defer resp.Body.Close()
}
ret, err := parseResponse[api.DNSRecord](resp)
return &ret, err
}
// UpdateRecord update DNS record info
// See more: https://docs.netbird.io/api/resources/dns-zones#update-a-dns-record
func (a *DNSZonesAPI) UpdateRecord(ctx context.Context, zoneID, recordID string, request api.PutApiDnsZonesZoneIdRecordsRecordIdJSONRequestBody) (*api.DNSRecord, error) {
requestBytes, err := json.Marshal(request)
if err != nil {
return nil, err
}
resp, err := a.c.NewRequest(ctx, "PUT", "/api/dns/zones/"+zoneID+"/records/"+recordID, bytes.NewReader(requestBytes), nil)
if err != nil {
return nil, err
}
if resp.Body != nil {
defer resp.Body.Close()
}
ret, err := parseResponse[api.DNSRecord](resp)
return &ret, err
}
// DeleteRecord delete DNS record
// See more: https://docs.netbird.io/api/resources/dns-zones#delete-a-dns-record
func (a *DNSZonesAPI) DeleteRecord(ctx context.Context, zoneID, recordID string) error {
resp, err := a.c.NewRequest(ctx, "DELETE", "/api/dns/zones/"+zoneID+"/records/"+recordID, nil, nil)
if err != nil {
return err
}
if resp.Body != nil {
defer resp.Body.Close()
}
return nil
}

460
shared/management/client/rest/dns_zones_test.go Normal file
View File

@@ -0,0 +1,460 @@
//go:build integration
// +build integration
package rest_test
import (
"context"
"encoding/json"
"io"
"net/http"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/netbirdio/netbird/shared/management/client/rest"
"github.com/netbirdio/netbird/shared/management/http/api"
"github.com/netbirdio/netbird/shared/management/http/util"
)
var (
testZone = api.Zone{
Id: "zone123",
Name: "test-zone",
Domain: "example.com",
Enabled: true,
EnableSearchDomain: false,
DistributionGroups: []string{"group1"},
}
testDNSRecord = api.DNSRecord{
Id: "record123",
Name: "www",
Content: "192.168.1.1",
Type: api.DNSRecordTypeA,
Ttl: 300,
}
)
func TestDNSZone_List_200(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones", func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "GET", r.Method)
retBytes, _ := json.Marshal([]api.Zone{testZone})
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.ListZones(context.Background())
require.NoError(t, err)
assert.Len(t, ret, 1)
assert.Equal(t, testZone, ret[0])
})
}
func TestDNSZone_List_Err(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones", func(w http.ResponseWriter, r *http.Request) {
retBytes, _ := json.Marshal(util.ErrorResponse{Message: "No", Code: 400})
w.WriteHeader(400)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.ListZones(context.Background())
assert.Error(t, err)
assert.Equal(t, "No", err.Error())
assert.Empty(t, ret)
})
}
func TestDNSZone_Get_200(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123", func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "GET", r.Method)
retBytes, _ := json.Marshal(testZone)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.GetZone(context.Background(), "zone123")
require.NoError(t, err)
assert.Equal(t, testZone, *ret)
})
}
func TestDNSZone_Get_Err(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123", func(w http.ResponseWriter, r *http.Request) {
retBytes, _ := json.Marshal(util.ErrorResponse{Message: "Not found", Code: 404})
w.WriteHeader(404)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.GetZone(context.Background(), "zone123")
assert.Error(t, err)
assert.Equal(t, "Not found", err.Error())
assert.Empty(t, ret)
})
}
func TestDNSZone_Create_200(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones", func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "POST", r.Method)
reqBytes, err := io.ReadAll(r.Body)
require.NoError(t, err)
var req api.PostApiDnsZonesJSONRequestBody
err = json.Unmarshal(reqBytes, &req)
require.NoError(t, err)
assert.Equal(t, "test-zone", req.Name)
assert.Equal(t, "example.com", req.Domain)
retBytes, _ := json.Marshal(testZone)
_, err = w.Write(retBytes)
require.NoError(t, err)
})
enabled := true
ret, err := c.DNSZones.CreateZone(context.Background(), api.PostApiDnsZonesJSONRequestBody{
Name: "test-zone",
Domain: "example.com",
Enabled: &enabled,
EnableSearchDomain: false,
DistributionGroups: []string{"group1"},
})
require.NoError(t, err)
assert.Equal(t, testZone, *ret)
})
}
func TestDNSZone_Create_Err(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones", func(w http.ResponseWriter, r *http.Request) {
retBytes, _ := json.Marshal(util.ErrorResponse{Message: "Invalid request", Code: 400})
w.WriteHeader(400)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.CreateZone(context.Background(), api.PostApiDnsZonesJSONRequestBody{
Name: "test-zone",
Domain: "example.com",
})
assert.Error(t, err)
assert.Equal(t, "Invalid request", err.Error())
assert.Nil(t, ret)
})
}
func TestDNSZone_Update_200(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123", func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "PUT", r.Method)
reqBytes, err := io.ReadAll(r.Body)
require.NoError(t, err)
var req api.PutApiDnsZonesZoneIdJSONRequestBody
err = json.Unmarshal(reqBytes, &req)
require.NoError(t, err)
assert.Equal(t, "updated-zone", req.Name)
retBytes, _ := json.Marshal(testZone)
_, err = w.Write(retBytes)
require.NoError(t, err)
})
enabled := true
ret, err := c.DNSZones.UpdateZone(context.Background(), "zone123", api.PutApiDnsZonesZoneIdJSONRequestBody{
Name: "updated-zone",
Domain: "example.com",
Enabled: &enabled,
EnableSearchDomain: false,
DistributionGroups: []string{"group1"},
})
require.NoError(t, err)
assert.Equal(t, testZone, *ret)
})
}
func TestDNSZone_Update_Err(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123", func(w http.ResponseWriter, r *http.Request) {
retBytes, _ := json.Marshal(util.ErrorResponse{Message: "Invalid request", Code: 400})
w.WriteHeader(400)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.UpdateZone(context.Background(), "zone123", api.PutApiDnsZonesZoneIdJSONRequestBody{
Name: "updated-zone",
Domain: "example.com",
})
assert.Error(t, err)
assert.Equal(t, "Invalid request", err.Error())
assert.Nil(t, ret)
})
}
func TestDNSZone_Delete_200(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123", func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "DELETE", r.Method)
w.WriteHeader(200)
})
err := c.DNSZones.DeleteZone(context.Background(), "zone123")
require.NoError(t, err)
})
}
func TestDNSZone_Delete_Err(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123", func(w http.ResponseWriter, r *http.Request) {
retBytes, _ := json.Marshal(util.ErrorResponse{Message: "Not found", Code: 404})
w.WriteHeader(404)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
err := c.DNSZones.DeleteZone(context.Background(), "zone123")
assert.Error(t, err)
assert.Equal(t, "Not found", err.Error())
})
}
func TestDNSRecord_List_200(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123/records", func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "GET", r.Method)
retBytes, _ := json.Marshal([]api.DNSRecord{testDNSRecord})
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.ListRecords(context.Background(), "zone123")
require.NoError(t, err)
assert.Len(t, ret, 1)
assert.Equal(t, testDNSRecord, ret[0])
})
}
func TestDNSRecord_List_Err(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123/records", func(w http.ResponseWriter, r *http.Request) {
retBytes, _ := json.Marshal(util.ErrorResponse{Message: "Zone not found", Code: 404})
w.WriteHeader(404)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.ListRecords(context.Background(), "zone123")
assert.Error(t, err)
assert.Equal(t, "Zone not found", err.Error())
assert.Empty(t, ret)
})
}
func TestDNSRecord_Get_200(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123/records/record123", func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "GET", r.Method)
retBytes, _ := json.Marshal(testDNSRecord)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.GetRecord(context.Background(), "zone123", "record123")
require.NoError(t, err)
assert.Equal(t, testDNSRecord, *ret)
})
}
func TestDNSRecord_Get_Err(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123/records/record123", func(w http.ResponseWriter, r *http.Request) {
retBytes, _ := json.Marshal(util.ErrorResponse{Message: "Not found", Code: 404})
w.WriteHeader(404)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.GetRecord(context.Background(), "zone123", "record123")
assert.Error(t, err)
assert.Equal(t, "Not found", err.Error())
assert.Empty(t, ret)
})
}
func TestDNSRecord_Create_200(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123/records", func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "POST", r.Method)
reqBytes, err := io.ReadAll(r.Body)
require.NoError(t, err)
var req api.PostApiDnsZonesZoneIdRecordsJSONRequestBody
err = json.Unmarshal(reqBytes, &req)
require.NoError(t, err)
assert.Equal(t, "www", req.Name)
assert.Equal(t, "192.168.1.1", req.Content)
assert.Equal(t, api.DNSRecordTypeA, req.Type)
retBytes, _ := json.Marshal(testDNSRecord)
_, err = w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.CreateRecord(context.Background(), "zone123", api.PostApiDnsZonesZoneIdRecordsJSONRequestBody{
Name: "www",
Content: "192.168.1.1",
Type: api.DNSRecordTypeA,
Ttl: 300,
})
require.NoError(t, err)
assert.Equal(t, testDNSRecord, *ret)
})
}
func TestDNSRecord_Create_Err(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123/records", func(w http.ResponseWriter, r *http.Request) {
retBytes, _ := json.Marshal(util.ErrorResponse{Message: "Invalid record", Code: 400})
w.WriteHeader(400)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.CreateRecord(context.Background(), "zone123", api.PostApiDnsZonesZoneIdRecordsJSONRequestBody{
Name: "www",
Content: "192.168.1.1",
Type: api.DNSRecordTypeA,
Ttl: 300,
})
assert.Error(t, err)
assert.Equal(t, "Invalid record", err.Error())
assert.Nil(t, ret)
})
}
func TestDNSRecord_Update_200(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123/records/record123", func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "PUT", r.Method)
reqBytes, err := io.ReadAll(r.Body)
require.NoError(t, err)
var req api.PutApiDnsZonesZoneIdRecordsRecordIdJSONRequestBody
err = json.Unmarshal(reqBytes, &req)
require.NoError(t, err)
assert.Equal(t, "api", req.Name)
assert.Equal(t, "192.168.1.2", req.Content)
retBytes, _ := json.Marshal(testDNSRecord)
_, err = w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.UpdateRecord(context.Background(), "zone123", "record123", api.PutApiDnsZonesZoneIdRecordsRecordIdJSONRequestBody{
Name: "api",
Content: "192.168.1.2",
Type: api.DNSRecordTypeA,
Ttl: 300,
})
require.NoError(t, err)
assert.Equal(t, testDNSRecord, *ret)
})
}
func TestDNSRecord_Update_Err(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123/records/record123", func(w http.ResponseWriter, r *http.Request) {
retBytes, _ := json.Marshal(util.ErrorResponse{Message: "Invalid record", Code: 400})
w.WriteHeader(400)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
ret, err := c.DNSZones.UpdateRecord(context.Background(), "zone123", "record123", api.PutApiDnsZonesZoneIdRecordsRecordIdJSONRequestBody{
Name: "api",
Content: "192.168.1.2",
Type: api.DNSRecordTypeA,
Ttl: 300,
})
assert.Error(t, err)
assert.Equal(t, "Invalid record", err.Error())
assert.Nil(t, ret)
})
}
func TestDNSRecord_Delete_200(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123/records/record123", func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "DELETE", r.Method)
w.WriteHeader(200)
})
err := c.DNSZones.DeleteRecord(context.Background(), "zone123", "record123")
require.NoError(t, err)
})
}
func TestDNSRecord_Delete_Err(t *testing.T) {
withMockClient(func(c *rest.Client, mux *http.ServeMux) {
mux.HandleFunc("/api/dns/zones/zone123/records/record123", func(w http.ResponseWriter, r *http.Request) {
retBytes, _ := json.Marshal(util.ErrorResponse{Message: "Not found", Code: 404})
w.WriteHeader(404)
_, err := w.Write(retBytes)
require.NoError(t, err)
})
err := c.DNSZones.DeleteRecord(context.Background(), "zone123", "record123")
assert.Error(t, err)
assert.Equal(t, "Not found", err.Error())
})
}
func TestDNSZones_Integration(t *testing.T) {
enabled := true
zoneReq := api.ZoneRequest{
Name: "test-zone",
Domain: "test.example.com",
Enabled: &enabled,
EnableSearchDomain: false,
DistributionGroups: []string{"cs1tnh0hhcjnqoiuebeg"},
}
recordReq := api.DNSRecordRequest{
Name: "api.test.example.com",
Content: "192.168.1.100",
Type: api.DNSRecordTypeA,
Ttl: 300,
}
withBlackBoxServer(t, func(c *rest.Client) {
zone, err := c.DNSZones.CreateZone(context.Background(), zoneReq)
require.NoError(t, err)
assert.Equal(t, "test-zone", zone.Name)
assert.Equal(t, "test.example.com", zone.Domain)
zones, err := c.DNSZones.ListZones(context.Background())
require.NoError(t, err)
assert.Equal(t, *zone, zones[0])
getZone, err := c.DNSZones.GetZone(context.Background(), zone.Id)
require.NoError(t, err)
assert.Equal(t, *zone, *getZone)
zoneReq.Name = "updated-zone"
updatedZone, err := c.DNSZones.UpdateZone(context.Background(), zone.Id, zoneReq)
require.NoError(t, err)
assert.Equal(t, "updated-zone", updatedZone.Name)
record, err := c.DNSZones.CreateRecord(context.Background(), zone.Id, recordReq)
require.NoError(t, err)
assert.Equal(t, "api.test.example.com", record.Name)
assert.Equal(t, "192.168.1.100", record.Content)
records, err := c.DNSZones.ListRecords(context.Background(), zone.Id)
require.NoError(t, err)
assert.Equal(t, *record, records[0])
getRecord, err := c.DNSZones.GetRecord(context.Background(), zone.Id, record.Id)
require.NoError(t, err)
assert.Equal(t, *record, *getRecord)
recordReq.Name = "www.test.example.com"
updatedRecord, err := c.DNSZones.UpdateRecord(context.Background(), zone.Id, record.Id, recordReq)
require.NoError(t, err)
assert.Equal(t, "www.test.example.com", updatedRecord.Name)
err = c.DNSZones.DeleteRecord(context.Background(), zone.Id, record.Id)
require.NoError(t, err)
records, err = c.DNSZones.ListRecords(context.Background(), zone.Id)
require.NoError(t, err)
assert.Len(t, records, 0)
err = c.DNSZones.DeleteZone(context.Background(), zone.Id)
require.NoError(t, err)
zones, err = c.DNSZones.ListZones(context.Background())
require.NoError(t, err)
assert.Len(t, zones, 0)
})
}

4
shared/management/http/api/generate.sh
View File

@@ -11,6 +11,6 @@ fi
old_pwd=$(pwd)
script_path=$(dirname $(realpath "$0"))
cd "$script_path"
go install github.com/deepmap/oapi-codegen/cmd/oapi-codegen@4a1477f6a8ba6ca8115cc23bb2fb67f0b9fca18e
go install github.com/oapi-codegen/oapi-codegen/v2/cmd/oapi-codegen@latest
oapi-codegen --config cfg.yaml openapi.yml
cd "$old_pwd"
cd "$old_pwd"

769
shared/management/http/api/openapi.yml
View File

@@ -25,6 +25,8 @@ tags:
description: Interact with and view information about routes.
- name: DNS
description: Interact with and view information about DNS configuration.
- name: DNS Zones
description: Interact with and view information about custom DNS zones.
- name: Events
description: View information about the account and network events.
- name: Accounts
@@ -36,8 +38,142 @@ tags:
description: Interact with and view information about identity providers.
- name: Instance
description: Instance setup and status endpoints for initial configuration.
- name: Jobs
description: Interact with and view information about remote jobs.
x-experimental: true
components:
schemas:
PasswordChangeRequest:
type: object
properties:
old_password:
description: The current password
type: string
example: "currentPassword123"
new_password:
description: The new password to set
type: string
example: "newSecurePassword456"
required:
- old_password
- new_password
WorkloadType:
type: string
description: |
Identifies the type of workload the job will execute.
Currently only `"bundle"` is supported.
enum:
- bundle
example: "bundle"
BundleParameters:
type: object
description: These parameters control what gets included in the bundle and how it is processed.
properties:
bundle_for:
type: boolean
description: Whether to generate a bundle for the given timeframe.
example: true
bundle_for_time:
type: integer
minimum: 1
maximum: 5
description: Time period in minutes for which to generate the bundle.
example: 2
log_file_count:
type: integer
minimum: 1
maximum: 1000
description: Maximum number of log files to include in the bundle.
example: 100
anonymize:
type: boolean
description: Whether sensitive data should be anonymized in the bundle.
example: false
required:
- bundle_for
- bundle_for_time
- log_file_count
- anonymize
BundleResult:
type: object
properties:
upload_key:
type: string
example: "upload_key_123"
nullable: true
BundleWorkloadRequest:
type: object
properties:
type:
$ref: '#/components/schemas/WorkloadType'
parameters:
$ref: '#/components/schemas/BundleParameters'
required:
- type
- parameters
BundleWorkloadResponse:
type: object
properties:
type:
$ref: '#/components/schemas/WorkloadType'
parameters:
$ref: '#/components/schemas/BundleParameters'
result:
$ref: '#/components/schemas/BundleResult'
required:
- type
- parameters
- result
WorkloadRequest:
oneOf:
- $ref: '#/components/schemas/BundleWorkloadRequest'
discriminator:
propertyName: type
mapping:
bundle: '#/components/schemas/BundleWorkloadRequest'
WorkloadResponse:
oneOf:
- $ref: '#/components/schemas/BundleWorkloadResponse'
discriminator:
propertyName: type
mapping:
bundle: '#/components/schemas/BundleWorkloadResponse'
JobRequest:
type: object
properties:
workload:
$ref: '#/components/schemas/WorkloadRequest'
required:
- workload
JobResponse:
type: object
properties:
id:
type: string
created_at:
type: string
format: date-time
completed_at:
type: string
format: date-time
nullable: true
triggered_by:
type: string
status:
type: string
enum: [pending, succeeded, failed]
failed_reason:
type: string
nullable: true
workload:
$ref: '#/components/schemas/WorkloadResponse'
required:
- id
- created_at
- status
- triggered_by
- workload
Account:
type: object
properties:
@@ -1779,6 +1915,100 @@ components:
example: ch8i4ug6lnn4g9hqv7m0
required:
- disabled_management_groups
ZoneRequest:
type: object
properties:
name:
description: Zone name identifier
type: string
maxLength: 255
minLength: 1
example: Office Zone
domain:
description: Zone domain (FQDN)
type: string
example: example.com
enabled:
description: Zone status
type: boolean
default: true
enable_search_domain:
description: Enable this zone as a search domain
type: boolean
example: false
distribution_groups:
description: Group IDs that defines groups of peers that will resolve this zone
type: array
items:
type: string
example: ch8i4ug6lnn4g9hqv7m0
required:
- name
- domain
- enable_search_domain
- distribution_groups
Zone:
allOf:
- type: object
properties:
id:
description: Zone ID
type: string
example: ch8i4ug6lnn4g9hqv7m0
records:
description: DNS records associated with this zone
type: array
items:
$ref: '#/components/schemas/DNSRecord'
required:
- id
- enabled
- records
- $ref: '#/components/schemas/ZoneRequest'
DNSRecordType:
type: string
description: DNS record type
enum:
- A
- AAAA
- CNAME
example: A
DNSRecordRequest:
type: object
properties:
name:
description: FQDN for the DNS record. Must be a subdomain within or match the zone's domain.
type: string
example: www.example.com
type:
$ref: '#/components/schemas/DNSRecordType'
content:
description: DNS record content (IP address for A/AAAA, domain for CNAME)
type: string
maxLength: 255
minLength: 1
example: 192.168.1.1
ttl:
description: Time to live in seconds
type: integer
minimum: 0
example: 300
required:
- name
- type
- content
- ttl
DNSRecord:
allOf:
- type: object
properties:
id:
description: DNS record ID
type: string
example: ch8i4ug6lnn4g9hqv7m0
required:
- id
- $ref: '#/components/schemas/DNSRecordRequest'
Event:
type: object
properties:
@@ -1798,18 +2028,51 @@ components:
activity_code:
description: The string code of the activity that occurred during the event
type: string
enum: [ "user.peer.delete", "user.join", "user.invite", "user.peer.add", "user.group.add", "user.group.delete",
"user.role.update", "user.block", "user.unblock", "user.peer.login",
"setupkey.peer.add", "setupkey.add", "setupkey.update", "setupkey.revoke", "setupkey.overuse",
"setupkey.group.delete", "setupkey.group.add",
"rule.add", "rule.delete", "rule.update",
"policy.add", "policy.delete", "policy.update",
"group.add", "group.update", "dns.setting.disabled.management.group.add", "dns.setting.disabled.management.group.delete",
"account.create", "account.setting.peer.login.expiration.update", "account.setting.peer.login.expiration.disable", "account.setting.peer.login.expiration.enable",
"route.add", "route.delete", "route.update",
"nameserver.group.add", "nameserver.group.delete", "nameserver.group.update",
"peer.ssh.disable", "peer.ssh.enable", "peer.rename", "peer.login.expiration.disable", "peer.login.expiration.enable", "peer.login.expire",
"service.user.create", "personal.access.token.create", "service.user.delete", "personal.access.token.delete" ]
enum: [
"peer.user.add", "peer.setupkey.add", "user.join", "user.invite", "account.create", "account.delete",
"user.peer.delete", "rule.add", "rule.update", "rule.delete",
"policy.add", "policy.update", "policy.delete",
"setupkey.add", "setupkey.update", "setupkey.revoke", "setupkey.overuse", "setupkey.delete",
"group.add", "group.update", "group.delete",
"peer.group.add", "peer.group.delete",
"user.group.add", "user.group.delete", "user.role.update",
"setupkey.group.add", "setupkey.group.delete",
"dns.setting.disabled.management.group.add", "dns.setting.disabled.management.group.delete",
"route.add", "route.delete", "route.update",
"peer.ssh.enable", "peer.ssh.disable", "peer.rename",
"peer.login.expiration.enable", "peer.login.expiration.disable",
"nameserver.group.add", "nameserver.group.delete", "nameserver.group.update",
"account.setting.peer.login.expiration.update", "account.setting.peer.login.expiration.enable", "account.setting.peer.login.expiration.disable",
"personal.access.token.create", "personal.access.token.delete",
"service.user.create", "service.user.delete",
"user.block", "user.unblock", "user.delete",
"user.peer.login", "peer.login.expire",
"dashboard.login",
"integration.create", "integration.update", "integration.delete",
"account.setting.peer.approval.enable", "account.setting.peer.approval.disable",
"peer.approve", "peer.approval.revoke",
"transferred.owner.role",
"posture.check.create", "posture.check.update", "posture.check.delete",
"peer.inactivity.expiration.enable", "peer.inactivity.expiration.disable",
"account.peer.inactivity.expiration.enable", "account.peer.inactivity.expiration.disable", "account.peer.inactivity.expiration.update",
"account.setting.group.propagation.enable", "account.setting.group.propagation.disable",
"account.setting.routing.peer.dns.resolution.enable", "account.setting.routing.peer.dns.resolution.disable",
"network.create", "network.update", "network.delete",
"network.resource.create", "network.resource.update", "network.resource.delete",
"network.router.create", "network.router.update", "network.router.delete",
"resource.group.add", "resource.group.delete",
"account.dns.domain.update",
"account.setting.lazy.connection.enable", "account.setting.lazy.connection.disable",
"account.network.range.update",
"peer.ip.update",
"user.approve", "user.reject", "user.create",
"account.settings.auto.version.update",
"identityprovider.create", "identityprovider.update", "identityprovider.delete",
"dns.zone.create", "dns.zone.update", "dns.zone.delete",
"dns.zone.record.create", "dns.zone.record.update", "dns.zone.record.delete",
"peer.job.create",
"user.password.change"
]
example: route.add
initiator_id:
description: The ID of the initiator of the event. E.g., an ID of a user that triggered the event.
@@ -2458,6 +2721,110 @@ paths:
content: { }
'500':
"$ref": "#/components/responses/internal_error"
/api/peers/{peerId}/jobs:
get:
summary: List Jobs
description: Retrieve all jobs for a given peer
tags: [ Jobs ]
security:
- BearerAuth: []
- TokenAuth: []
parameters:
- in: path
name: peerId
description: The unique identifier of a peer
required: true
schema:
type: string
responses:
'200':
description: List of jobs
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/JobResponse'
'400':
$ref: '#/components/responses/bad_request'
'401':
$ref: '#/components/responses/requires_authentication'
'403':
$ref: '#/components/responses/forbidden'
'500':
$ref: '#/components/responses/internal_error'
post:
summary: Create Job
description: Create a new job for a given peer
tags: [ Jobs ]
security:
- BearerAuth: []
- TokenAuth: []
parameters:
- in: path
name: peerId
description: The unique identifier of a peer
required: true
schema:
type: string
requestBody:
description: Create job request
content:
application/json:
schema:
$ref: '#/components/schemas/JobRequest'
required: true
responses:
'201':
description: Job created
content:
application/json:
schema:
$ref: '#/components/schemas/JobResponse'
'400':
"$ref": "#/components/responses/bad_request"
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'500':
"$ref": "#/components/responses/internal_error"
/api/peers/{peerId}/jobs/{jobId}:
get:
summary: Get Job
description: Retrieve details of a specific job
tags: [ Jobs ]
security:
- BearerAuth: []
- TokenAuth: []
parameters:
- in: path
name: peerId
required: true
description: The unique identifier of a peer
schema:
type: string
- in: path
name: jobId
required: true
description: The unique identifier of a job
schema:
type: string
responses:
'200':
description: A Job object
content:
application/json:
schema:
$ref: '#/components/schemas/JobResponse'
'400':
"$ref": "#/components/responses/bad_request"
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'500':
"$ref": "#/components/responses/internal_error"
/api/accounts:
get:
summary: List all Accounts
@@ -2885,6 +3252,43 @@ paths:
"$ref": "#/components/responses/forbidden"
'500':
"$ref": "#/components/responses/internal_error"
/api/users/{userId}/password:
put:
summary: Change user password
description: Change the password for a user. Only available when embedded IdP is enabled. Users can only change their own password.
tags: [ Users ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
parameters:
- in: path
name: userId
required: true
schema:
type: string
description: The unique identifier of a user
requestBody:
description: Password change request
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/PasswordChangeRequest'
responses:
'200':
description: Password changed successfully
content: {}
'400':
"$ref": "#/components/responses/bad_request"
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'412':
description: Precondition failed - embedded IdP is not enabled
content: { }
'500':
"$ref": "#/components/responses/internal_error"
/api/users/current:
get:
summary: Retrieve current user
@@ -4733,6 +5137,347 @@ paths:
"$ref": "#/components/responses/forbidden"
'500':
"$ref": "#/components/responses/internal_error"
/api/dns/zones:
get:
summary: List all DNS Zones
description: Returns a list of all custom DNS zones
tags: [ DNS Zones ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
responses:
'200':
description: A JSON Array of DNS Zones
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Zone'
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'500':
"$ref": "#/components/responses/internal_error"
post:
summary: Create a DNS Zone
description: Creates a new custom DNS zone
tags: [ DNS Zones ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
requestBody:
description: A DNS zone object
content:
'application/json':
schema:
$ref: '#/components/schemas/ZoneRequest'
responses:
'200':
description: A JSON Object of the created DNS Zone
content:
application/json:
schema:
$ref: '#/components/schemas/Zone'
'400':
"$ref": "#/components/responses/bad_request"
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'500':
"$ref": "#/components/responses/internal_error"
/api/dns/zones/{zoneId}:
get:
summary: Retrieve a DNS Zone
description: Returns information about a specific DNS zone
tags: [ DNS Zones ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
parameters:
- in: path
name: zoneId
required: true
schema:
type: string
description: The unique identifier of a zone
example: chacbco6lnnbn6cg5s91
responses:
'200':
description: A JSON Object of a DNS Zone
content:
application/json:
schema:
$ref: '#/components/schemas/Zone'
'400':
"$ref": "#/components/responses/bad_request"
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'404':
"$ref": "#/components/responses/not_found"
'500':
"$ref": "#/components/responses/internal_error"
put:
summary: Update a DNS Zone
description: Updates a custom DNS zone
tags: [ DNS Zones ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
parameters:
- in: path
name: zoneId
required: true
schema:
type: string
description: The unique identifier of a zone
example: chacbco6lnnbn6cg5s91
requestBody:
description: A DNS zone object
content:
'application/json':
schema:
$ref: '#/components/schemas/ZoneRequest'
responses:
'200':
description: A JSON Object of the updated DNS Zone
content:
application/json:
schema:
$ref: '#/components/schemas/Zone'
'400':
"$ref": "#/components/responses/bad_request"
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'404':
"$ref": "#/components/responses/not_found"
'500':
"$ref": "#/components/responses/internal_error"
delete:
summary: Delete a DNS Zone
description: Deletes a custom DNS zone
tags: [ DNS Zones ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
parameters:
- in: path
name: zoneId
required: true
schema:
type: string
description: The unique identifier of a zone
example: chacbco6lnnbn6cg5s91
responses:
'200':
description: Zone deletion successful
'400':
"$ref": "#/components/responses/bad_request"
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'404':
"$ref": "#/components/responses/not_found"
'500':
"$ref": "#/components/responses/internal_error"
/api/dns/zones/{zoneId}/records:
get:
summary: List all DNS Records
description: Returns a list of all DNS records in a zone
tags: [ DNS Zones ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
parameters:
- in: path
name: zoneId
required: true
schema:
type: string
description: The unique identifier of a zone
example: chacbco6lnnbn6cg5s91
responses:
'200':
description: A JSON Array of DNS Records
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/DNSRecord'
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'404':
"$ref": "#/components/responses/not_found"
'500':
"$ref": "#/components/responses/internal_error"
post:
summary: Create a DNS Record
description: Creates a new DNS record in a zone
tags: [ DNS Zones ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
parameters:
- in: path
name: zoneId
required: true
schema:
type: string
description: The unique identifier of a zone
example: chacbco6lnnbn6cg5s91
requestBody:
description: A DNS record object
content:
'application/json':
schema:
$ref: '#/components/schemas/DNSRecordRequest'
responses:
'200':
description: A JSON Object of the created DNS Record
content:
application/json:
schema:
$ref: '#/components/schemas/DNSRecord'
'400':
"$ref": "#/components/responses/bad_request"
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'404':
"$ref": "#/components/responses/not_found"
'500':
"$ref": "#/components/responses/internal_error"
/api/dns/zones/{zoneId}/records/{recordId}:
get:
summary: Retrieve a DNS Record
description: Returns information about a specific DNS record
tags: [ DNS Zones ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
parameters:
- in: path
name: zoneId
required: true
schema:
type: string
description: The unique identifier of a zone
example: chacbco6lnnbn6cg5s91
- in: path
name: recordId
required: true
schema:
type: string
description: The unique identifier of a DNS record
example: chacbco6lnnbn6cg5s92
responses:
'200':
description: A JSON Object of a DNS Record
content:
application/json:
schema:
$ref: '#/components/schemas/DNSRecord'
'400':
"$ref": "#/components/responses/bad_request"
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'404':
"$ref": "#/components/responses/not_found"
'500':
"$ref": "#/components/responses/internal_error"
put:
summary: Update a DNS Record
description: Updates a DNS record in a zone
tags: [ DNS Zones ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
parameters:
- in: path
name: zoneId
required: true
schema:
type: string
description: The unique identifier of a zone
example: chacbco6lnnbn6cg5s91
- in: path
name: recordId
required: true
schema:
type: string
description: The unique identifier of a DNS record
example: chacbco6lnnbn6cg5s92
requestBody:
description: A DNS record object
content:
'application/json':
schema:
$ref: '#/components/schemas/DNSRecordRequest'
responses:
'200':
description: A JSON Object of the updated DNS Record
content:
application/json:
schema:
$ref: '#/components/schemas/DNSRecord'
'400':
"$ref": "#/components/responses/bad_request"
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'404':
"$ref": "#/components/responses/not_found"
'500':
"$ref": "#/components/responses/internal_error"
delete:
summary: Delete a DNS Record
description: Deletes a DNS record from a zone
tags: [ DNS Zones ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
parameters:
- in: path
name: zoneId
required: true
schema:
type: string
description: The unique identifier of a zone
example: chacbco6lnnbn6cg5s91
- in: path
name: recordId
required: true
schema:
type: string
description: The unique identifier of a DNS record
example: chacbco6lnnbn6cg5s92
responses:
'200':
description: Record deletion successful
'400':
"$ref": "#/components/responses/bad_request"
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'404':
"$ref": "#/components/responses/not_found"
'500':
"$ref": "#/components/responses/internal_error"
/api/events/audit:
get:
summary: List all Audit Events

474
shared/management/http/api/types.gen.go
View File

@@ -1,10 +1,14 @@
// Package api provides primitives to interact with the openapi HTTP API.
//
// Code generated by github.com/deepmap/oapi-codegen version v1.11.1-0.20220912230023-4a1477f6a8ba DO NOT EDIT.
// Code generated by github.com/oapi-codegen/oapi-codegen/v2 version v2.5.1 DO NOT EDIT.
package api
import (
"encoding/json"
"errors"
"time"
"github.com/oapi-codegen/runtime"
)
const (
@@ -12,55 +16,120 @@ const (
TokenAuthScopes = "TokenAuth.Scopes"
)
// Defines values for DNSRecordType.
const (
DNSRecordTypeA DNSRecordType = "A"
DNSRecordTypeAAAA DNSRecordType = "AAAA"
DNSRecordTypeCNAME DNSRecordType = "CNAME"
)
// Defines values for EventActivityCode.
const (
EventActivityCodeAccountCreate EventActivityCode = "account.create"
EventActivityCodeAccountSettingPeerLoginExpirationDisable EventActivityCode = "account.setting.peer.login.expiration.disable"
EventActivityCodeAccountSettingPeerLoginExpirationEnable EventActivityCode = "account.setting.peer.login.expiration.enable"
EventActivityCodeAccountSettingPeerLoginExpirationUpdate EventActivityCode = "account.setting.peer.login.expiration.update"
EventActivityCodeDnsSettingDisabledManagementGroupAdd EventActivityCode = "dns.setting.disabled.management.group.add"
EventActivityCodeDnsSettingDisabledManagementGroupDelete EventActivityCode = "dns.setting.disabled.management.group.delete"
EventActivityCodeGroupAdd EventActivityCode = "group.add"
EventActivityCodeGroupUpdate EventActivityCode = "group.update"
EventActivityCodeNameserverGroupAdd EventActivityCode = "nameserver.group.add"
EventActivityCodeNameserverGroupDelete EventActivityCode = "nameserver.group.delete"
EventActivityCodeNameserverGroupUpdate EventActivityCode = "nameserver.group.update"
EventActivityCodePeerLoginExpirationDisable EventActivityCode = "peer.login.expiration.disable"
EventActivityCodePeerLoginExpirationEnable EventActivityCode = "peer.login.expiration.enable"
EventActivityCodePeerLoginExpire EventActivityCode = "peer.login.expire"
EventActivityCodePeerRename EventActivityCode = "peer.rename"
EventActivityCodePeerSshDisable EventActivityCode = "peer.ssh.disable"
EventActivityCodePeerSshEnable EventActivityCode = "peer.ssh.enable"
EventActivityCodePersonalAccessTokenCreate EventActivityCode = "personal.access.token.create"
EventActivityCodePersonalAccessTokenDelete EventActivityCode = "personal.access.token.delete"
EventActivityCodePolicyAdd EventActivityCode = "policy.add"
EventActivityCodePolicyDelete EventActivityCode = "policy.delete"
EventActivityCodePolicyUpdate EventActivityCode = "policy.update"
EventActivityCodeRouteAdd EventActivityCode = "route.add"
EventActivityCodeRouteDelete EventActivityCode = "route.delete"
EventActivityCodeRouteUpdate EventActivityCode = "route.update"
EventActivityCodeRuleAdd EventActivityCode = "rule.add"
EventActivityCodeRuleDelete EventActivityCode = "rule.delete"
EventActivityCodeRuleUpdate EventActivityCode = "rule.update"
EventActivityCodeServiceUserCreate EventActivityCode = "service.user.create"
EventActivityCodeServiceUserDelete EventActivityCode = "service.user.delete"
EventActivityCodeSetupkeyAdd EventActivityCode = "setupkey.add"
EventActivityCodeSetupkeyGroupAdd EventActivityCode = "setupkey.group.add"
EventActivityCodeSetupkeyGroupDelete EventActivityCode = "setupkey.group.delete"
EventActivityCodeSetupkeyOveruse EventActivityCode = "setupkey.overuse"
EventActivityCodeSetupkeyPeerAdd EventActivityCode = "setupkey.peer.add"
EventActivityCodeSetupkeyRevoke EventActivityCode = "setupkey.revoke"
EventActivityCodeSetupkeyUpdate EventActivityCode = "setupkey.update"
EventActivityCodeUserBlock EventActivityCode = "user.block"
EventActivityCodeUserGroupAdd EventActivityCode = "user.group.add"
EventActivityCodeUserGroupDelete EventActivityCode = "user.group.delete"
EventActivityCodeUserInvite EventActivityCode = "user.invite"
EventActivityCodeUserJoin EventActivityCode = "user.join"
EventActivityCodeUserPeerAdd EventActivityCode = "user.peer.add"
EventActivityCodeUserPeerDelete EventActivityCode = "user.peer.delete"
EventActivityCodeUserPeerLogin EventActivityCode = "user.peer.login"
EventActivityCodeUserRoleUpdate EventActivityCode = "user.role.update"
EventActivityCodeUserUnblock EventActivityCode = "user.unblock"
EventActivityCodeAccountCreate EventActivityCode = "account.create"
EventActivityCodeAccountDelete EventActivityCode = "account.delete"
EventActivityCodeAccountDnsDomainUpdate EventActivityCode = "account.dns.domain.update"
EventActivityCodeAccountNetworkRangeUpdate EventActivityCode = "account.network.range.update"
EventActivityCodeAccountPeerInactivityExpirationDisable EventActivityCode = "account.peer.inactivity.expiration.disable"
EventActivityCodeAccountPeerInactivityExpirationEnable EventActivityCode = "account.peer.inactivity.expiration.enable"
EventActivityCodeAccountPeerInactivityExpirationUpdate EventActivityCode = "account.peer.inactivity.expiration.update"
EventActivityCodeAccountSettingGroupPropagationDisable EventActivityCode = "account.setting.group.propagation.disable"
EventActivityCodeAccountSettingGroupPropagationEnable EventActivityCode = "account.setting.group.propagation.enable"
EventActivityCodeAccountSettingLazyConnectionDisable EventActivityCode = "account.setting.lazy.connection.disable"
EventActivityCodeAccountSettingLazyConnectionEnable EventActivityCode = "account.setting.lazy.connection.enable"
EventActivityCodeAccountSettingPeerApprovalDisable EventActivityCode = "account.setting.peer.approval.disable"
EventActivityCodeAccountSettingPeerApprovalEnable EventActivityCode = "account.setting.peer.approval.enable"
EventActivityCodeAccountSettingPeerLoginExpirationDisable EventActivityCode = "account.setting.peer.login.expiration.disable"
EventActivityCodeAccountSettingPeerLoginExpirationEnable EventActivityCode = "account.setting.peer.login.expiration.enable"
EventActivityCodeAccountSettingPeerLoginExpirationUpdate EventActivityCode = "account.setting.peer.login.expiration.update"
EventActivityCodeAccountSettingRoutingPeerDnsResolutionDisable EventActivityCode = "account.setting.routing.peer.dns.resolution.disable"
EventActivityCodeAccountSettingRoutingPeerDnsResolutionEnable EventActivityCode = "account.setting.routing.peer.dns.resolution.enable"
EventActivityCodeAccountSettingsAutoVersionUpdate EventActivityCode = "account.settings.auto.version.update"
EventActivityCodeDashboardLogin EventActivityCode = "dashboard.login"
EventActivityCodeDnsSettingDisabledManagementGroupAdd EventActivityCode = "dns.setting.disabled.management.group.add"
EventActivityCodeDnsSettingDisabledManagementGroupDelete EventActivityCode = "dns.setting.disabled.management.group.delete"
EventActivityCodeDnsZoneCreate EventActivityCode = "dns.zone.create"
EventActivityCodeDnsZoneDelete EventActivityCode = "dns.zone.delete"
EventActivityCodeDnsZoneRecordCreate EventActivityCode = "dns.zone.record.create"
EventActivityCodeDnsZoneRecordDelete EventActivityCode = "dns.zone.record.delete"
EventActivityCodeDnsZoneRecordUpdate EventActivityCode = "dns.zone.record.update"
EventActivityCodeDnsZoneUpdate EventActivityCode = "dns.zone.update"
EventActivityCodeGroupAdd EventActivityCode = "group.add"
EventActivityCodeGroupDelete EventActivityCode = "group.delete"
EventActivityCodeGroupUpdate EventActivityCode = "group.update"
EventActivityCodeIdentityproviderCreate EventActivityCode = "identityprovider.create"
EventActivityCodeIdentityproviderDelete EventActivityCode = "identityprovider.delete"
EventActivityCodeIdentityproviderUpdate EventActivityCode = "identityprovider.update"
EventActivityCodeIntegrationCreate EventActivityCode = "integration.create"
EventActivityCodeIntegrationDelete EventActivityCode = "integration.delete"
EventActivityCodeIntegrationUpdate EventActivityCode = "integration.update"
EventActivityCodeNameserverGroupAdd EventActivityCode = "nameserver.group.add"
EventActivityCodeNameserverGroupDelete EventActivityCode = "nameserver.group.delete"
EventActivityCodeNameserverGroupUpdate EventActivityCode = "nameserver.group.update"
EventActivityCodeNetworkCreate EventActivityCode = "network.create"
EventActivityCodeNetworkDelete EventActivityCode = "network.delete"
EventActivityCodeNetworkResourceCreate EventActivityCode = "network.resource.create"
EventActivityCodeNetworkResourceDelete EventActivityCode = "network.resource.delete"
EventActivityCodeNetworkResourceUpdate EventActivityCode = "network.resource.update"
EventActivityCodeNetworkRouterCreate EventActivityCode = "network.router.create"
EventActivityCodeNetworkRouterDelete EventActivityCode = "network.router.delete"
EventActivityCodeNetworkRouterUpdate EventActivityCode = "network.router.update"
EventActivityCodeNetworkUpdate EventActivityCode = "network.update"
EventActivityCodePeerApprovalRevoke EventActivityCode = "peer.approval.revoke"
EventActivityCodePeerApprove EventActivityCode = "peer.approve"
EventActivityCodePeerGroupAdd EventActivityCode = "peer.group.add"
EventActivityCodePeerGroupDelete EventActivityCode = "peer.group.delete"
EventActivityCodePeerInactivityExpirationDisable EventActivityCode = "peer.inactivity.expiration.disable"
EventActivityCodePeerInactivityExpirationEnable EventActivityCode = "peer.inactivity.expiration.enable"
EventActivityCodePeerIpUpdate EventActivityCode = "peer.ip.update"
EventActivityCodePeerJobCreate EventActivityCode = "peer.job.create"
EventActivityCodePeerLoginExpirationDisable EventActivityCode = "peer.login.expiration.disable"
EventActivityCodePeerLoginExpirationEnable EventActivityCode = "peer.login.expiration.enable"
EventActivityCodePeerLoginExpire EventActivityCode = "peer.login.expire"
EventActivityCodePeerRename EventActivityCode = "peer.rename"
EventActivityCodePeerSetupkeyAdd EventActivityCode = "peer.setupkey.add"
EventActivityCodePeerSshDisable EventActivityCode = "peer.ssh.disable"
EventActivityCodePeerSshEnable EventActivityCode = "peer.ssh.enable"
EventActivityCodePeerUserAdd EventActivityCode = "peer.user.add"
EventActivityCodePersonalAccessTokenCreate EventActivityCode = "personal.access.token.create"
EventActivityCodePersonalAccessTokenDelete EventActivityCode = "personal.access.token.delete"
EventActivityCodePolicyAdd EventActivityCode = "policy.add"
EventActivityCodePolicyDelete EventActivityCode = "policy.delete"
EventActivityCodePolicyUpdate EventActivityCode = "policy.update"
EventActivityCodePostureCheckCreate EventActivityCode = "posture.check.create"
EventActivityCodePostureCheckDelete EventActivityCode = "posture.check.delete"
EventActivityCodePostureCheckUpdate EventActivityCode = "posture.check.update"
EventActivityCodeResourceGroupAdd EventActivityCode = "resource.group.add"
EventActivityCodeResourceGroupDelete EventActivityCode = "resource.group.delete"
EventActivityCodeRouteAdd EventActivityCode = "route.add"
EventActivityCodeRouteDelete EventActivityCode = "route.delete"
EventActivityCodeRouteUpdate EventActivityCode = "route.update"
EventActivityCodeRuleAdd EventActivityCode = "rule.add"
EventActivityCodeRuleDelete EventActivityCode = "rule.delete"
EventActivityCodeRuleUpdate EventActivityCode = "rule.update"
EventActivityCodeServiceUserCreate EventActivityCode = "service.user.create"
EventActivityCodeServiceUserDelete EventActivityCode = "service.user.delete"
EventActivityCodeSetupkeyAdd EventActivityCode = "setupkey.add"
EventActivityCodeSetupkeyDelete EventActivityCode = "setupkey.delete"
EventActivityCodeSetupkeyGroupAdd EventActivityCode = "setupkey.group.add"
EventActivityCodeSetupkeyGroupDelete EventActivityCode = "setupkey.group.delete"
EventActivityCodeSetupkeyOveruse EventActivityCode = "setupkey.overuse"
EventActivityCodeSetupkeyRevoke EventActivityCode = "setupkey.revoke"
EventActivityCodeSetupkeyUpdate EventActivityCode = "setupkey.update"
EventActivityCodeTransferredOwnerRole EventActivityCode = "transferred.owner.role"
EventActivityCodeUserApprove EventActivityCode = "user.approve"
EventActivityCodeUserBlock EventActivityCode = "user.block"
EventActivityCodeUserCreate EventActivityCode = "user.create"
EventActivityCodeUserDelete EventActivityCode = "user.delete"
EventActivityCodeUserGroupAdd EventActivityCode = "user.group.add"
EventActivityCodeUserGroupDelete EventActivityCode = "user.group.delete"
EventActivityCodeUserInvite EventActivityCode = "user.invite"
EventActivityCodeUserJoin EventActivityCode = "user.join"
EventActivityCodeUserPasswordChange EventActivityCode = "user.password.change"
EventActivityCodeUserPeerDelete EventActivityCode = "user.peer.delete"
EventActivityCodeUserPeerLogin EventActivityCode = "user.peer.login"
EventActivityCodeUserReject EventActivityCode = "user.reject"
EventActivityCodeUserRoleUpdate EventActivityCode = "user.role.update"
EventActivityCodeUserUnblock EventActivityCode = "user.unblock"
)
// Defines values for GeoLocationCheckAction.
@@ -115,6 +184,13 @@ const (
IngressPortAllocationRequestPortRangeProtocolUdp IngressPortAllocationRequestPortRangeProtocol = "udp"
)
// Defines values for JobResponseStatus.
const (
JobResponseStatusFailed JobResponseStatus = "failed"
JobResponseStatusPending JobResponseStatus = "pending"
JobResponseStatusSucceeded JobResponseStatus = "succeeded"
)
// Defines values for NameserverNsType.
const (
NameserverNsTypeUdp NameserverNsType = "udp"
@@ -193,6 +269,11 @@ const (
UserStatusInvited UserStatus = "invited"
)
// Defines values for WorkloadType.
const (
WorkloadTypeBundle WorkloadType = "bundle"
)
// Defines values for GetApiEventsNetworkTrafficParamsType.
const (
GetApiEventsNetworkTrafficParamsTypeTYPEDROP GetApiEventsNetworkTrafficParamsType = "TYPE_DROP"
@@ -361,6 +442,47 @@ type AvailablePorts struct {
Udp int `json:"udp"`
}
// BundleParameters These parameters control what gets included in the bundle and how it is processed.
type BundleParameters struct {
// Anonymize Whether sensitive data should be anonymized in the bundle.
Anonymize bool `json:"anonymize"`
// BundleFor Whether to generate a bundle for the given timeframe.
BundleFor bool `json:"bundle_for"`
// BundleForTime Time period in minutes for which to generate the bundle.
BundleForTime int `json:"bundle_for_time"`
// LogFileCount Maximum number of log files to include in the bundle.
LogFileCount int `json:"log_file_count"`
}
// BundleResult defines model for BundleResult.
type BundleResult struct {
UploadKey *string `json:"upload_key"`
}
// BundleWorkloadRequest defines model for BundleWorkloadRequest.
type BundleWorkloadRequest struct {
// Parameters These parameters control what gets included in the bundle and how it is processed.
Parameters BundleParameters `json:"parameters"`
// Type Identifies the type of workload the job will execute.
// Currently only `"bundle"` is supported.
Type WorkloadType `json:"type"`
}
// BundleWorkloadResponse defines model for BundleWorkloadResponse.
type BundleWorkloadResponse struct {
// Parameters These parameters control what gets included in the bundle and how it is processed.
Parameters BundleParameters `json:"parameters"`
Result BundleResult `json:"result"`
// Type Identifies the type of workload the job will execute.
// Currently only `"bundle"` is supported.
Type WorkloadType `json:"type"`
}
// Checks List of objects that perform the actual checks
type Checks struct {
// GeoLocationCheck Posture check for geo location
@@ -427,6 +549,42 @@ type CreateSetupKeyRequest struct {
UsageLimit int `json:"usage_limit"`
}
// DNSRecord defines model for DNSRecord.
type DNSRecord struct {
// Content DNS record content (IP address for A/AAAA, domain for CNAME)
Content string `json:"content"`
// Id DNS record ID
Id string `json:"id"`
// Name FQDN for the DNS record. Must be a subdomain within or match the zone's domain.
Name string `json:"name"`
// Ttl Time to live in seconds
Ttl int `json:"ttl"`
// Type DNS record type
Type DNSRecordType `json:"type"`
}
// DNSRecordRequest defines model for DNSRecordRequest.
type DNSRecordRequest struct {
// Content DNS record content (IP address for A/AAAA, domain for CNAME)
Content string `json:"content"`
// Name FQDN for the DNS record. Must be a subdomain within or match the zone's domain.
Name string `json:"name"`
// Ttl Time to live in seconds
Ttl int `json:"ttl"`
// Type DNS record type
Type DNSRecordType `json:"type"`
}
// DNSRecordType DNS record type
type DNSRecordType string
// DNSSettings defines model for DNSSettings.
type DNSSettings struct {
// DisabledManagementGroups Groups whose DNS management is disabled
@@ -712,6 +870,25 @@ type InstanceStatus struct {
SetupRequired bool `json:"setup_required"`
}
// JobRequest defines model for JobRequest.
type JobRequest struct {
Workload WorkloadRequest `json:"workload"`
}
// JobResponse defines model for JobResponse.
type JobResponse struct {
CompletedAt *time.Time `json:"completed_at"`
CreatedAt time.Time `json:"created_at"`
FailedReason *string `json:"failed_reason"`
Id string `json:"id"`
Status JobResponseStatus `json:"status"`
TriggeredBy string `json:"triggered_by"`
Workload WorkloadResponse `json:"workload"`
}
// JobResponseStatus defines model for JobResponse.Status.
type JobResponseStatus string
// Location Describe geographical location information
type Location struct {
// CityName Commonly used English name of the city
@@ -1082,6 +1259,15 @@ type OSVersionCheck struct {
Windows *MinKernelVersionCheck `json:"windows,omitempty"`
}
// PasswordChangeRequest defines model for PasswordChangeRequest.
type PasswordChangeRequest struct {
// NewPassword The new password to set
NewPassword string `json:"new_password"`
// OldPassword The current password
OldPassword string `json:"old_password"`
}
// Peer defines model for Peer.
type Peer struct {
// ApprovalRequired (Cloud only) Indicates whether peer needs approval
@@ -1999,6 +2185,62 @@ type UserRequest struct {
Role string `json:"role"`
}
// WorkloadRequest defines model for WorkloadRequest.
type WorkloadRequest struct {
union json.RawMessage
}
// WorkloadResponse defines model for WorkloadResponse.
type WorkloadResponse struct {
union json.RawMessage
}
// WorkloadType Identifies the type of workload the job will execute.
// Currently only `"bundle"` is supported.
type WorkloadType string
// Zone defines model for Zone.
type Zone struct {
// DistributionGroups Group IDs that defines groups of peers that will resolve this zone
DistributionGroups []string `json:"distribution_groups"`
// Domain Zone domain (FQDN)
Domain string `json:"domain"`
// EnableSearchDomain Enable this zone as a search domain
EnableSearchDomain bool `json:"enable_search_domain"`
// Enabled Zone status
Enabled bool `json:"enabled"`
// Id Zone ID
Id string `json:"id"`
// Name Zone name identifier
Name string `json:"name"`
// Records DNS records associated with this zone
Records []DNSRecord `json:"records"`
}
// ZoneRequest defines model for ZoneRequest.
type ZoneRequest struct {
// DistributionGroups Group IDs that defines groups of peers that will resolve this zone
DistributionGroups []string `json:"distribution_groups"`
// Domain Zone domain (FQDN)
Domain string `json:"domain"`
// EnableSearchDomain Enable this zone as a search domain
EnableSearchDomain bool `json:"enable_search_domain"`
// Enabled Zone status
Enabled *bool `json:"enabled,omitempty"`
// Name Zone name identifier
Name string `json:"name"`
}
// GetApiEventsNetworkTrafficParams defines parameters for GetApiEventsNetworkTraffic.
type GetApiEventsNetworkTrafficParams struct {
// Page Page number
@@ -2083,6 +2325,18 @@ type PutApiDnsNameserversNsgroupIdJSONRequestBody = NameserverGroupRequest
// PutApiDnsSettingsJSONRequestBody defines body for PutApiDnsSettings for application/json ContentType.
type PutApiDnsSettingsJSONRequestBody = DNSSettings
// PostApiDnsZonesJSONRequestBody defines body for PostApiDnsZones for application/json ContentType.
type PostApiDnsZonesJSONRequestBody = ZoneRequest
// PutApiDnsZonesZoneIdJSONRequestBody defines body for PutApiDnsZonesZoneId for application/json ContentType.
type PutApiDnsZonesZoneIdJSONRequestBody = ZoneRequest
// PostApiDnsZonesZoneIdRecordsJSONRequestBody defines body for PostApiDnsZonesZoneIdRecords for application/json ContentType.
type PostApiDnsZonesZoneIdRecordsJSONRequestBody = DNSRecordRequest
// PutApiDnsZonesZoneIdRecordsRecordIdJSONRequestBody defines body for PutApiDnsZonesZoneIdRecordsRecordId for application/json ContentType.
type PutApiDnsZonesZoneIdRecordsRecordIdJSONRequestBody = DNSRecordRequest
// PostApiGroupsJSONRequestBody defines body for PostApiGroups for application/json ContentType.
type PostApiGroupsJSONRequestBody = GroupRequest
@@ -2128,6 +2382,9 @@ type PostApiPeersPeerIdIngressPortsJSONRequestBody = IngressPortAllocationReques
// PutApiPeersPeerIdIngressPortsAllocationIdJSONRequestBody defines body for PutApiPeersPeerIdIngressPortsAllocationId for application/json ContentType.
type PutApiPeersPeerIdIngressPortsAllocationIdJSONRequestBody = IngressPortAllocationRequest
// PostApiPeersPeerIdJobsJSONRequestBody defines body for PostApiPeersPeerIdJobs for application/json ContentType.
type PostApiPeersPeerIdJobsJSONRequestBody = JobRequest
// PostApiPeersPeerIdTemporaryAccessJSONRequestBody defines body for PostApiPeersPeerIdTemporaryAccess for application/json ContentType.
type PostApiPeersPeerIdTemporaryAccessJSONRequestBody = PeerTemporaryAccessRequest
@@ -2164,5 +2421,126 @@ type PostApiUsersJSONRequestBody = UserCreateRequest
// PutApiUsersUserIdJSONRequestBody defines body for PutApiUsersUserId for application/json ContentType.
type PutApiUsersUserIdJSONRequestBody = UserRequest
// PutApiUsersUserIdPasswordJSONRequestBody defines body for PutApiUsersUserIdPassword for application/json ContentType.
type PutApiUsersUserIdPasswordJSONRequestBody = PasswordChangeRequest
// PostApiUsersUserIdTokensJSONRequestBody defines body for PostApiUsersUserIdTokens for application/json ContentType.
type PostApiUsersUserIdTokensJSONRequestBody = PersonalAccessTokenRequest
// AsBundleWorkloadRequest returns the union data inside the WorkloadRequest as a BundleWorkloadRequest
func (t WorkloadRequest) AsBundleWorkloadRequest() (BundleWorkloadRequest, error) {
var body BundleWorkloadRequest
err := json.Unmarshal(t.union, &body)
return body, err
}
// FromBundleWorkloadRequest overwrites any union data inside the WorkloadRequest as the provided BundleWorkloadRequest
func (t *WorkloadRequest) FromBundleWorkloadRequest(v BundleWorkloadRequest) error {
v.Type = "bundle"
b, err := json.Marshal(v)
t.union = b
return err
}
// MergeBundleWorkloadRequest performs a merge with any union data inside the WorkloadRequest, using the provided BundleWorkloadRequest
func (t *WorkloadRequest) MergeBundleWorkloadRequest(v BundleWorkloadRequest) error {
v.Type = "bundle"
b, err := json.Marshal(v)
if err != nil {
return err
}
merged, err := runtime.JSONMerge(t.union, b)
t.union = merged
return err
}
func (t WorkloadRequest) Discriminator() (string, error) {
var discriminator struct {
Discriminator string `json:"type"`
}
err := json.Unmarshal(t.union, &discriminator)
return discriminator.Discriminator, err
}
func (t WorkloadRequest) ValueByDiscriminator() (interface{}, error) {
discriminator, err := t.Discriminator()
if err != nil {
return nil, err
}
switch discriminator {
case "bundle":
return t.AsBundleWorkloadRequest()
default:
return nil, errors.New("unknown discriminator value: " + discriminator)
}
}
func (t WorkloadRequest) MarshalJSON() ([]byte, error) {
b, err := t.union.MarshalJSON()
return b, err
}
func (t *WorkloadRequest) UnmarshalJSON(b []byte) error {
err := t.union.UnmarshalJSON(b)
return err
}
// AsBundleWorkloadResponse returns the union data inside the WorkloadResponse as a BundleWorkloadResponse
func (t WorkloadResponse) AsBundleWorkloadResponse() (BundleWorkloadResponse, error) {
var body BundleWorkloadResponse
err := json.Unmarshal(t.union, &body)
return body, err
}
// FromBundleWorkloadResponse overwrites any union data inside the WorkloadResponse as the provided BundleWorkloadResponse
func (t *WorkloadResponse) FromBundleWorkloadResponse(v BundleWorkloadResponse) error {
v.Type = "bundle"
b, err := json.Marshal(v)
t.union = b
return err
}
// MergeBundleWorkloadResponse performs a merge with any union data inside the WorkloadResponse, using the provided BundleWorkloadResponse
func (t *WorkloadResponse) MergeBundleWorkloadResponse(v BundleWorkloadResponse) error {
v.Type = "bundle"
b, err := json.Marshal(v)
if err != nil {
return err
}
merged, err := runtime.JSONMerge(t.union, b)
t.union = merged
return err
}
func (t WorkloadResponse) Discriminator() (string, error) {
var discriminator struct {
Discriminator string `json:"type"`
}
err := json.Unmarshal(t.union, &discriminator)
return discriminator.Discriminator, err
}
func (t WorkloadResponse) ValueByDiscriminator() (interface{}, error) {
discriminator, err := t.Discriminator()
if err != nil {
return nil, err
}
switch discriminator {
case "bundle":
return t.AsBundleWorkloadResponse()
default:
return nil, errors.New("unknown discriminator value: " + discriminator)
}
}
func (t WorkloadResponse) MarshalJSON() ([]byte, error) {
b, err := t.union.MarshalJSON()
return b, err
}
func (t *WorkloadResponse) UnmarshalJSON(b []byte) error {
err := t.union.UnmarshalJSON(b)
return err
}

2237
shared/management/proto/management.pb.go
View File

File diff suppressed because it is too large Load Diff

49
shared/management/proto/management.proto
View File

@@ -48,6 +48,9 @@ service ManagementService {
// Logout logs out the peer and removes it from the management server
rpc Logout(EncryptedMessage) returns (Empty) {}
// Executes a job on a target peer (e.g., debug bundle)
rpc Job(stream EncryptedMessage) returns (stream EncryptedMessage) {}
}
message EncryptedMessage {
@@ -60,6 +63,42 @@ message EncryptedMessage {
int32 version = 3;
}
message JobRequest {
bytes ID = 1;
oneof workload_parameters {
BundleParameters bundle = 10;
//OtherParameters other = 11;
}
}
enum JobStatus {
unknown_status = 0; //placeholder
succeeded = 1;
failed = 2;
}
message JobResponse{
bytes ID = 1;
JobStatus status=2;
bytes Reason=3;
oneof workload_results {
BundleResult bundle = 10;
//OtherResult other = 11;
}
}
message BundleParameters {
bool bundle_for = 1;
int64 bundle_for_time = 2;
int32 log_file_count = 3;
bool anonymize = 4;
}
message BundleResult {
string upload_key = 1;
}
message SyncRequest {
// Meta data of the peer
PeerSystemMeta meta = 1;
@@ -246,12 +285,16 @@ message FlowConfig {
bool dnsCollection = 8;
}
// JWTConfig represents JWT authentication configuration
// JWTConfig represents JWT authentication configuration for validating tokens.
message JWTConfig {
string issuer = 1;
// Deprecated: audience is kept for backwards compatibility only. Use audiences instead in the client code but populate this field.
string audience = 2;
string keysLocation = 3;
int64 maxTokenAge = 4;
// audiences contains the list of valid audiences for JWT validation.
// Tokens matching any audience in this list are considered valid.
repeated string audiences = 5;
}
// ProtectedHostConfig is similar to HostConfig but has additional user and password
@@ -464,7 +507,9 @@ message CustomZone {
string Domain = 1;
repeated SimpleRecord Records = 2;
bool SearchDomainDisabled = 3;
bool SkipPTRProcess = 4;
// NonAuthoritative indicates this is a user-created zone (not the built-in peer DNS zone).
// Non-authoritative zones will fallthrough to lower-priority handlers on NXDOMAIN and skip PTR processing.
bool NonAuthoritative = 4;
}
// SimpleRecord represents a dns.SimpleRecord

70
shared/management/proto/management_grpc.pb.go
View File

@@ -50,6 +50,8 @@ type ManagementServiceClient interface {
SyncMeta(ctx context.Context, in *EncryptedMessage, opts ...grpc.CallOption) (*Empty, error)
// Logout logs out the peer and removes it from the management server
Logout(ctx context.Context, in *EncryptedMessage, opts ...grpc.CallOption) (*Empty, error)
// Executes a job on a target peer (e.g., debug bundle)
Job(ctx context.Context, opts ...grpc.CallOption) (ManagementService_JobClient, error)
}
type managementServiceClient struct {
@@ -155,6 +157,37 @@ func (c *managementServiceClient) Logout(ctx context.Context, in *EncryptedMessa
return out, nil
}
func (c *managementServiceClient) Job(ctx context.Context, opts ...grpc.CallOption) (ManagementService_JobClient, error) {
stream, err := c.cc.NewStream(ctx, &ManagementService_ServiceDesc.Streams[1], "/management.ManagementService/Job", opts...)
if err != nil {
return nil, err
}
x := &managementServiceJobClient{stream}
return x, nil
}
type ManagementService_JobClient interface {
Send(*EncryptedMessage) error
Recv() (*EncryptedMessage, error)
grpc.ClientStream
}
type managementServiceJobClient struct {
grpc.ClientStream
}
func (x *managementServiceJobClient) Send(m *EncryptedMessage) error {
return x.ClientStream.SendMsg(m)
}
func (x *managementServiceJobClient) Recv() (*EncryptedMessage, error) {
m := new(EncryptedMessage)
if err := x.ClientStream.RecvMsg(m); err != nil {
return nil, err
}
return m, nil
}
// ManagementServiceServer is the server API for ManagementService service.
// All implementations must embed UnimplementedManagementServiceServer
// for forward compatibility
@@ -191,6 +224,8 @@ type ManagementServiceServer interface {
SyncMeta(context.Context, *EncryptedMessage) (*Empty, error)
// Logout logs out the peer and removes it from the management server
Logout(context.Context, *EncryptedMessage) (*Empty, error)
// Executes a job on a target peer (e.g., debug bundle)
Job(ManagementService_JobServer) error
mustEmbedUnimplementedManagementServiceServer()
}
@@ -222,6 +257,9 @@ func (UnimplementedManagementServiceServer) SyncMeta(context.Context, *Encrypted
func (UnimplementedManagementServiceServer) Logout(context.Context, *EncryptedMessage) (*Empty, error) {
return nil, status.Errorf(codes.Unimplemented, "method Logout not implemented")
}
func (UnimplementedManagementServiceServer) Job(ManagementService_JobServer) error {
return status.Errorf(codes.Unimplemented, "method Job not implemented")
}
func (UnimplementedManagementServiceServer) mustEmbedUnimplementedManagementServiceServer() {}
// UnsafeManagementServiceServer may be embedded to opt out of forward compatibility for this service.
@@ -382,6 +420,32 @@ func _ManagementService_Logout_Handler(srv interface{}, ctx context.Context, dec
return interceptor(ctx, in, info, handler)
}
func _ManagementService_Job_Handler(srv interface{}, stream grpc.ServerStream) error {
return srv.(ManagementServiceServer).Job(&managementServiceJobServer{stream})
}
type ManagementService_JobServer interface {
Send(*EncryptedMessage) error
Recv() (*EncryptedMessage, error)
grpc.ServerStream
}
type managementServiceJobServer struct {
grpc.ServerStream
}
func (x *managementServiceJobServer) Send(m *EncryptedMessage) error {
return x.ServerStream.SendMsg(m)
}
func (x *managementServiceJobServer) Recv() (*EncryptedMessage, error) {
m := new(EncryptedMessage)
if err := x.ServerStream.RecvMsg(m); err != nil {
return nil, err
}
return m, nil
}
// ManagementService_ServiceDesc is the grpc.ServiceDesc for ManagementService service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
@@ -424,6 +488,12 @@ var ManagementService_ServiceDesc = grpc.ServiceDesc{
Handler: _ManagementService_Sync_Handler,
ServerStreams: true,
},
{
StreamName: "Job",
Handler: _ManagementService_Job_Handler,
ServerStreams: true,
ClientStreams: true,
},
},
Metadata: "management.proto",
}

10
shared/management/status/error.go
View File

@@ -252,3 +252,13 @@ func NewOperationNotFoundError(operation operations.Operation) error {
func NewRouteNotFoundError(routeID string) error {
return Errorf(NotFound, "route: %s not found", routeID)
}
// NewZoneNotFoundError creates a new Error with NotFound type for a missing dns zone.
func NewZoneNotFoundError(zoneID string) error {
return Errorf(NotFound, "zone: %s not found", zoneID)
}
// NewDNSRecordNotFoundError creates a new Error with NotFound type for a missing dns record.
func NewDNSRecordNotFoundError(recordID string) error {
return Errorf(NotFound, "dns record: %s not found", recordID)
}