rename byod to byop

management/internals/modules/reverseproxy/domain/manager/manager.go

@@ -69,7 +69,7 @@ func (m Manager) GetDomains(ctx context.Context, accountID, userID string) ([]*d
 	var ret []*domain.Domain
 
 	// Add connected proxy clusters as free domains.
-	// For BYOD accounts, only their own cluster is returned; otherwise shared clusters.
+	// For BYOP accounts, only their own cluster is returned; otherwise shared clusters.
 	allowList, err := m.getClusterAllowList(ctx, accountID)
 	if err != nil {
 		log.WithContext(ctx).Errorf("failed to get active proxy cluster addresses: %v", err)
@@ -286,12 +286,12 @@ func (m Manager) DeriveClusterFromDomain(ctx context.Context, accountID, domain
 }
 
 func (m Manager) getClusterAllowList(ctx context.Context, accountID string) ([]string, error) {
-	byodAddresses, err := m.proxyManager.GetActiveClusterAddressesForAccount(ctx, accountID)
+	byopAddresses, err := m.proxyManager.GetActiveClusterAddressesForAccount(ctx, accountID)
 	if err != nil {
-		return nil, fmt.Errorf("get BYOD cluster addresses: %w", err)
+		return nil, fmt.Errorf("get BYOP cluster addresses: %w", err)
 	}
-	if len(byodAddresses) > 0 {
-		return byodAddresses, nil
+	if len(byopAddresses) > 0 {
+		return byopAddresses, nil
 	}
 	return m.proxyManager.GetActiveClusterAddresses(ctx)
 }

management/internals/modules/reverseproxy/domain/manager/manager_test.go

@@ -28,14 +28,14 @@ func (m *mockProxyManager) GetActiveClusterAddressesForAccount(ctx context.Conte
 	return nil, nil
 }
 
-func TestGetClusterAllowList_BYODProxy(t *testing.T) {
+func TestGetClusterAllowList_BYOPProxy(t *testing.T) {
 	pm := &mockProxyManager{
 		getActiveClusterAddressesForAccountFunc: func(_ context.Context, accID string) ([]string, error) {
 			assert.Equal(t, "acc-123", accID)
-			return []string{"byod.example.com"}, nil
+			return []string{"byop.example.com"}, nil
 		},
 		getActiveClusterAddressesFunc: func(_ context.Context) ([]string, error) {
-			t.Fatal("should not call GetActiveClusterAddresses when BYOD addresses exist")
+			t.Fatal("should not call GetActiveClusterAddresses when BYOP addresses exist")
 			return nil, nil
 		},
 	}
@@ -43,10 +43,10 @@ func TestGetClusterAllowList_BYODProxy(t *testing.T) {
 	mgr := Manager{proxyManager: pm}
 	result, err := mgr.getClusterAllowList(context.Background(), "acc-123")
 	require.NoError(t, err)
-	assert.Equal(t, []string{"byod.example.com"}, result)
+	assert.Equal(t, []string{"byop.example.com"}, result)
 }
 
-func TestGetClusterAllowList_NoBYOD_FallbackToShared(t *testing.T) {
+func TestGetClusterAllowList_NoBYOP_FallbackToShared(t *testing.T) {
 	pm := &mockProxyManager{
 		getActiveClusterAddressesForAccountFunc: func(_ context.Context, _ string) ([]string, error) {
 			return nil, nil
@@ -62,7 +62,7 @@ func TestGetClusterAllowList_NoBYOD_FallbackToShared(t *testing.T) {
 	assert.Equal(t, []string{"eu.proxy.netbird.io", "us.proxy.netbird.io"}, result)
 }
 
-func TestGetClusterAllowList_BYODError_FallbackToShared(t *testing.T) {
+func TestGetClusterAllowList_BYOPError_FallbackToShared(t *testing.T) {
 	pm := &mockProxyManager{
 		getActiveClusterAddressesForAccountFunc: func(_ context.Context, _ string) ([]string, error) {
 			return nil, errors.New("db error")
@@ -78,7 +78,7 @@ func TestGetClusterAllowList_BYODError_FallbackToShared(t *testing.T) {
 	assert.Equal(t, []string{"eu.proxy.netbird.io"}, result)
 }
 
-func TestGetClusterAllowList_BYODEmptySlice_FallbackToShared(t *testing.T) {
+func TestGetClusterAllowList_BYOPEmptySlice_FallbackToShared(t *testing.T) {
 	pm := &mockProxyManager{
 		getActiveClusterAddressesForAccountFunc: func(_ context.Context, _ string) ([]string, error) {
 			return []string{}, nil

management/internals/modules/reverseproxy/proxy/manager/manager_test.go

@@ -246,7 +246,7 @@ func TestGetAccountProxy(t *testing.T) {
 	t.Run("found", func(t *testing.T) {
 		expected := &proxy.Proxy{
 			ID:             "proxy-1",
-			ClusterAddress: "byod.example.com",
+			ClusterAddress: "byop.example.com",
 			AccountID:      &accountID,
 			Status:         proxy.StatusConnected,
 		}
@@ -306,7 +306,7 @@ func TestDeleteProxy(t *testing.T) {
 }
 
 func TestGetActiveClusterAddressesForAccount(t *testing.T) {
-	expected := []string{"byod.example.com"}
+	expected := []string{"byop.example.com"}
 	s := &mockStore{
 		getActiveProxyClusterAddressesForAccFunc: func(_ context.Context, accID string) ([]string, error) {
 			assert.Equal(t, "acc-123", accID)

management/internals/modules/reverseproxy/selfhostedproxy/handler_test.go

@@ -50,7 +50,7 @@ func TestListProxies_Success(t *testing.T) {
 	proxyMgr := proxy.NewMockManager(ctrl)
 	proxyMgr.EXPECT().GetAccountProxy(gomock.Any(), accountID).Return(&proxy.Proxy{
 		ID:             "proxy-1",
-		ClusterAddress: "byod.example.com",
+		ClusterAddress: "byop.example.com",
 		IPAddress:      "10.0.0.1",
 		AccountID:      &accountID,
 		Status:         proxy.StatusConnected,
@@ -60,8 +60,8 @@ func TestListProxies_Success(t *testing.T) {
 
 	serviceMgr := rpservice.NewMockManager(ctrl)
 	serviceMgr.EXPECT().GetAccountServices(gomock.Any(), accountID).Return([]*rpservice.Service{
-		{ProxyCluster: "byod.example.com"},
-		{ProxyCluster: "byod.example.com"},
+		{ProxyCluster: "byop.example.com"},
+		{ProxyCluster: "byop.example.com"},
 		{ProxyCluster: "other.cluster.com"},
 	}, nil)
 
@@ -85,7 +85,7 @@ func TestListProxies_Success(t *testing.T) {
 	require.NoError(t, json.NewDecoder(w.Body).Decode(&resp))
 	require.Len(t, resp, 1)
 	assert.Equal(t, "proxy-1", resp[0].Id)
-	assert.Equal(t, "byod.example.com", resp[0].ClusterAddress)
+	assert.Equal(t, "byop.example.com", resp[0].ClusterAddress)
 	assert.Equal(t, 2, resp[0].ServiceCount)
 	assert.Equal(t, api.SelfHostedProxyStatus(proxy.StatusConnected), resp[0].Status)
 }

management/internals/shared/grpc/proxy.go

@@ -226,7 +226,7 @@ func (s *ProxyServiceServer) GetMappingUpdate(req *proto.GetMappingUpdateRequest
 			if strings.Contains(err.Error(), "UNIQUE constraint") || strings.Contains(err.Error(), "duplicate key") || strings.Contains(err.Error(), "idx_proxy_account_id_unique") {
 				return status.Errorf(codes.ResourceExhausted, "limit of 1 self-hosted proxy per account")
 			}
-			return status.Errorf(codes.Internal, "failed to register BYOD proxy: %v", err)
+			return status.Errorf(codes.Internal, "failed to register BYOP proxy: %v", err)
 		}
 		log.WithContext(ctx).Warnf("Failed to register proxy %s in database: %v", proxyID, err)
 	}
@@ -308,7 +308,7 @@ func (s *ProxyServiceServer) heartbeat(ctx context.Context, conn *proxyConnectio
 
 // sendSnapshot sends the initial snapshot of services to the connecting proxy.
 // Only services matching the proxy's cluster address are sent.
-// For BYOD proxies (account-scoped), only account services are sent.
+// For BYOP proxies (account-scoped), only account services are sent.
 func (s *ProxyServiceServer) sendSnapshot(ctx context.Context, conn *proxyConnection) error {
 	var services []*rpservice.Service
 	var err error
@@ -450,7 +450,7 @@ func (s *ProxyServiceServer) SendAccessLog(ctx context.Context, req *proto.SendA
 // Management should call this when services are created/updated/removed.
 // For create/update operations a unique one-time auth token is generated per
 // proxy so that every replica can independently authenticate with management.
-// BYOD proxies only receive updates for their own account's services.
+// BYOP proxies only receive updates for their own account's services.
 func (s *ProxyServiceServer) SendServiceUpdate(update *proto.GetMappingUpdateResponse) {
 	log.Debugf("Broadcasting service update to all connected proxy servers")
 	var updateAccountID string

management/internals/shared/grpc/proxy_address_test.go

@@ -13,7 +13,7 @@ func TestIsProxyAddressValid(t *testing.T) {
 		valid bool
 	}{
 		{name: "valid domain", addr: "eu.proxy.netbird.io", valid: true},
-		{name: "valid subdomain", addr: "byod.proxy.example.com", valid: true},
+		{name: "valid subdomain", addr: "byop.proxy.example.com", valid: true},
 		{name: "valid IPv4", addr: "10.0.0.1", valid: true},
 		{name: "valid IPv4 public", addr: "203.0.113.10", valid: true},
 		{name: "valid IPv6", addr: "::1", valid: true},

proxy/management_byop_integration_test.go

@@ -27,7 +27,7 @@ import (
 	"github.com/netbirdio/netbird/shared/management/proto"
 )
 
-type byodTestSetup struct {
+type byopTestSetup struct {
 	store        store.Store
 	proxyService *nbgrpc.ProxyServiceServer
 	grpcServer   *grpc.Server
@@ -42,15 +42,15 @@ type byodTestSetup struct {
 	accountBCluster string
 }
 
-func setupBYODIntegrationTest(t *testing.T) *byodTestSetup {
+func setupBYOPIntegrationTest(t *testing.T) *byopTestSetup {
 	t.Helper()
 	ctx := context.Background()
 
 	testStore, storeCleanup, err := store.NewTestStoreFromSQL(ctx, "", t.TempDir())
 	require.NoError(t, err)
 
-	accountAID := "byod-account-a"
-	accountBID := "byod-account-b"
+	accountAID := "byop-account-a"
+	accountBID := "byop-account-b"
 
 	for _, acc := range []*types.Account{
 		{Id: accountAID, Domain: "a.test.com", DomainCategory: "private", IsDomainPrimaryAccount: true, CreatedAt: time.Now()},
@@ -64,8 +64,8 @@ func setupBYODIntegrationTest(t *testing.T) *byodTestSetup {
 	pubKey := base64.StdEncoding.EncodeToString(pub)
 	privKey := base64.StdEncoding.EncodeToString(priv)
 
-	clusterA := "byod-a.proxy.test"
-	clusterB := "byod-b.proxy.test"
+	clusterA := "byop-a.proxy.test"
+	clusterB := "byop-b.proxy.test"
 
 	services := []*service.Service{
 		{
@@ -91,11 +91,11 @@ func setupBYODIntegrationTest(t *testing.T) *byodTestSetup {
 		require.NoError(t, testStore.CreateService(ctx, svc))
 	}
 
-	tokenA, err := types.CreateNewProxyAccessToken("byod-token-a", 0, &accountAID, "admin-a")
+	tokenA, err := types.CreateNewProxyAccessToken("byop-token-a", 0, &accountAID, "admin-a")
 	require.NoError(t, err)
 	require.NoError(t, testStore.SaveProxyAccessToken(ctx, &tokenA.ProxyAccessToken))
 
-	tokenB, err := types.CreateNewProxyAccessToken("byod-token-b", 0, &accountBID, "admin-b")
+	tokenB, err := types.CreateNewProxyAccessToken("byop-token-b", 0, &accountBID, "admin-b")
 	require.NoError(t, err)
 	require.NoError(t, testStore.SaveProxyAccessToken(ctx, &tokenB.ProxyAccessToken))
 
@@ -147,7 +147,7 @@ func setupBYODIntegrationTest(t *testing.T) *byodTestSetup {
 		}
 	}()
 
-	return &byodTestSetup{
+	return &byopTestSetup{
 		store:        testStore,
 		proxyService: proxyService,
 		grpcServer:   grpcServer,
@@ -166,12 +166,12 @@ func setupBYODIntegrationTest(t *testing.T) *byodTestSetup {
 	}
 }
 
-func byodContext(ctx context.Context, token types.PlainProxyToken) context.Context {
+func byopContext(ctx context.Context, token types.PlainProxyToken) context.Context {
 	md := metadata.Pairs("authorization", "Bearer "+string(token))
 	return metadata.NewOutgoingContext(ctx, md)
 }
 
-func receiveBYODMappings(t *testing.T, stream proto.ProxyService_GetMappingUpdateClient) []*proto.ProxyMapping {
+func receiveBYOPMappings(t *testing.T, stream proto.ProxyService_GetMappingUpdateClient) []*proto.ProxyMapping {
 	t.Helper()
 	var mappings []*proto.ProxyMapping
 	for {
@@ -185,8 +185,8 @@ func receiveBYODMappings(t *testing.T, stream proto.ProxyService_GetMappingUpdat
 	return mappings
 }
 
-func TestIntegration_BYODProxy_ReceivesOnlyAccountServices(t *testing.T) {
-	setup := setupBYODIntegrationTest(t)
+func TestIntegration_BYOPProxy_ReceivesOnlyAccountServices(t *testing.T) {
+	setup := setupBYOPIntegrationTest(t)
 	defer setup.cleanup()
 
 	conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
@@ -195,19 +195,19 @@ func TestIntegration_BYODProxy_ReceivesOnlyAccountServices(t *testing.T) {
 
 	client := proto.NewProxyServiceClient(conn)
 
-	ctx, cancel := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second)
+	ctx, cancel := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second)
 	defer cancel()
 
 	stream, err := client.GetMappingUpdate(ctx, &proto.GetMappingUpdateRequest{
-		ProxyId: "byod-proxy-a",
+		ProxyId: "byop-proxy-a",
 		Version: "test-v1",
 		Address: setup.accountACluster,
 	})
 	require.NoError(t, err)
 
-	mappings := receiveBYODMappings(t, stream)
+	mappings := receiveBYOPMappings(t, stream)
 
-	assert.Len(t, mappings, 2, "BYOD proxy should receive only account A's 2 services")
+	assert.Len(t, mappings, 2, "BYOP proxy should receive only account A's 2 services")
 	for _, m := range mappings {
 		assert.Equal(t, setup.accountA, m.GetAccountId(), "all mappings should belong to account A")
 		t.Logf("received mapping: id=%s domain=%s account=%s", m.GetId(), m.GetDomain(), m.GetAccountId())
@@ -222,8 +222,8 @@ func TestIntegration_BYODProxy_ReceivesOnlyAccountServices(t *testing.T) {
 	assert.False(t, ids["svc-b1"], "should NOT contain account B's svc-b1")
 }
 
-func TestIntegration_BYODProxy_AccountBReceivesOnlyItsServices(t *testing.T) {
-	setup := setupBYODIntegrationTest(t)
+func TestIntegration_BYOPProxy_AccountBReceivesOnlyItsServices(t *testing.T) {
+	setup := setupBYOPIntegrationTest(t)
 	defer setup.cleanup()
 
 	conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
@@ -232,25 +232,25 @@ func TestIntegration_BYODProxy_AccountBReceivesOnlyItsServices(t *testing.T) {
 
 	client := proto.NewProxyServiceClient(conn)
 
-	ctx, cancel := context.WithTimeout(byodContext(context.Background(), setup.accountBToken), 5*time.Second)
+	ctx, cancel := context.WithTimeout(byopContext(context.Background(), setup.accountBToken), 5*time.Second)
 	defer cancel()
 
 	stream, err := client.GetMappingUpdate(ctx, &proto.GetMappingUpdateRequest{
-		ProxyId: "byod-proxy-b",
+		ProxyId: "byop-proxy-b",
 		Version: "test-v1",
 		Address: setup.accountBCluster,
 	})
 	require.NoError(t, err)
 
-	mappings := receiveBYODMappings(t, stream)
+	mappings := receiveBYOPMappings(t, stream)
 
-	assert.Len(t, mappings, 1, "BYOD proxy B should receive only 1 service")
+	assert.Len(t, mappings, 1, "BYOP proxy B should receive only 1 service")
 	assert.Equal(t, "svc-b1", mappings[0].GetId())
 	assert.Equal(t, setup.accountB, mappings[0].GetAccountId())
 }
 
-func TestIntegration_BYODProxy_LimitOnePerAccount(t *testing.T) {
-	setup := setupBYODIntegrationTest(t)
+func TestIntegration_BYOPProxy_LimitOnePerAccount(t *testing.T) {
+	setup := setupBYOPIntegrationTest(t)
 	defer setup.cleanup()
 
 	conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
@@ -259,23 +259,23 @@ func TestIntegration_BYODProxy_LimitOnePerAccount(t *testing.T) {
 
 	client := proto.NewProxyServiceClient(conn)
 
-	ctx1, cancel1 := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second)
+	ctx1, cancel1 := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second)
 	defer cancel1()
 
 	stream1, err := client.GetMappingUpdate(ctx1, &proto.GetMappingUpdateRequest{
-		ProxyId: "byod-proxy-a-first",
+		ProxyId: "byop-proxy-a-first",
 		Version: "test-v1",
 		Address: setup.accountACluster,
 	})
 	require.NoError(t, err)
 
-	_ = receiveBYODMappings(t, stream1)
+	_ = receiveBYOPMappings(t, stream1)
 
-	ctx2, cancel2 := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second)
+	ctx2, cancel2 := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second)
 	defer cancel2()
 
 	stream2, err := client.GetMappingUpdate(ctx2, &proto.GetMappingUpdateRequest{
-		ProxyId: "byod-proxy-a-second",
+		ProxyId: "byop-proxy-a-second",
 		Version: "test-v1",
 		Address: setup.accountACluster,
 	})
@@ -286,12 +286,12 @@ func TestIntegration_BYODProxy_LimitOnePerAccount(t *testing.T) {
 
 	st, ok := grpcstatus.FromError(err)
 	require.True(t, ok)
-	assert.Equal(t, codes.ResourceExhausted, st.Code(), "second BYOD proxy should be rejected with ResourceExhausted")
+	assert.Equal(t, codes.ResourceExhausted, st.Code(), "second BYOP proxy should be rejected with ResourceExhausted")
 	t.Logf("expected rejection: %s", st.Message())
 }
 
-func TestIntegration_BYODProxy_ClusterAddressConflict(t *testing.T) {
-	setup := setupBYODIntegrationTest(t)
+func TestIntegration_BYOPProxy_ClusterAddressConflict(t *testing.T) {
+	setup := setupBYOPIntegrationTest(t)
 	defer setup.cleanup()
 
 	conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
@@ -300,23 +300,23 @@ func TestIntegration_BYODProxy_ClusterAddressConflict(t *testing.T) {
 
 	client := proto.NewProxyServiceClient(conn)
 
-	ctx1, cancel1 := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second)
+	ctx1, cancel1 := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second)
 	defer cancel1()
 
 	stream1, err := client.GetMappingUpdate(ctx1, &proto.GetMappingUpdateRequest{
-		ProxyId: "byod-proxy-a-cluster",
+		ProxyId: "byop-proxy-a-cluster",
 		Version: "test-v1",
 		Address: setup.accountACluster,
 	})
 	require.NoError(t, err)
 
-	_ = receiveBYODMappings(t, stream1)
+	_ = receiveBYOPMappings(t, stream1)
 
-	ctx2, cancel2 := context.WithTimeout(byodContext(context.Background(), setup.accountBToken), 5*time.Second)
+	ctx2, cancel2 := context.WithTimeout(byopContext(context.Background(), setup.accountBToken), 5*time.Second)
 	defer cancel2()
 
 	stream2, err := client.GetMappingUpdate(ctx2, &proto.GetMappingUpdateRequest{
-		ProxyId: "byod-proxy-b-conflict",
+		ProxyId: "byop-proxy-b-conflict",
 		Version: "test-v1",
 		Address: setup.accountACluster,
 	})
@@ -331,8 +331,8 @@ func TestIntegration_BYODProxy_ClusterAddressConflict(t *testing.T) {
 	t.Logf("expected rejection: %s", st.Message())
 }
 
-func TestIntegration_BYODProxy_SameProxyReconnects(t *testing.T) {
-	setup := setupBYODIntegrationTest(t)
+func TestIntegration_BYOPProxy_SameProxyReconnects(t *testing.T) {
+	setup := setupBYOPIntegrationTest(t)
 	defer setup.cleanup()
 
 	conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
@@ -341,9 +341,9 @@ func TestIntegration_BYODProxy_SameProxyReconnects(t *testing.T) {
 
 	client := proto.NewProxyServiceClient(conn)
 
-	proxyID := "byod-proxy-reconnect"
+	proxyID := "byop-proxy-reconnect"
 
-	ctx1, cancel1 := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second)
+	ctx1, cancel1 := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second)
 	stream1, err := client.GetMappingUpdate(ctx1, &proto.GetMappingUpdateRequest{
 		ProxyId: proxyID,
 		Version: "test-v1",
@@ -351,12 +351,12 @@ func TestIntegration_BYODProxy_SameProxyReconnects(t *testing.T) {
 	})
 	require.NoError(t, err)
 
-	firstMappings := receiveBYODMappings(t, stream1)
+	firstMappings := receiveBYOPMappings(t, stream1)
 	cancel1()
 
 	time.Sleep(200 * time.Millisecond)
 
-	ctx2, cancel2 := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second)
+	ctx2, cancel2 := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second)
 	defer cancel2()
 
 	stream2, err := client.GetMappingUpdate(ctx2, &proto.GetMappingUpdateRequest{
@@ -366,7 +366,7 @@ func TestIntegration_BYODProxy_SameProxyReconnects(t *testing.T) {
 	})
 	require.NoError(t, err)
 
-	secondMappings := receiveBYODMappings(t, stream2)
+	secondMappings := receiveBYOPMappings(t, stream2)
 
 	assert.Equal(t, len(firstMappings), len(secondMappings), "reconnect should receive same mappings")
 
@@ -379,8 +379,8 @@ func TestIntegration_BYODProxy_SameProxyReconnects(t *testing.T) {
 	}
 }
 
-func TestIntegration_BYODProxy_UnauthenticatedRejected(t *testing.T) {
-	setup := setupBYODIntegrationTest(t)
+func TestIntegration_BYOPProxy_UnauthenticatedRejected(t *testing.T) {
+	setup := setupBYOPIntegrationTest(t)
 	defer setup.cleanup()
 
 	conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))