diff --git a/management/internals/modules/reverseproxy/domain/manager/manager.go b/management/internals/modules/reverseproxy/domain/manager/manager.go index 63bdc6dc0..f28a1a36c 100644 --- a/management/internals/modules/reverseproxy/domain/manager/manager.go +++ b/management/internals/modules/reverseproxy/domain/manager/manager.go @@ -69,7 +69,7 @@ func (m Manager) GetDomains(ctx context.Context, accountID, userID string) ([]*d var ret []*domain.Domain // Add connected proxy clusters as free domains. - // For BYOD accounts, only their own cluster is returned; otherwise shared clusters. + // For BYOP accounts, only their own cluster is returned; otherwise shared clusters. allowList, err := m.getClusterAllowList(ctx, accountID) if err != nil { log.WithContext(ctx).Errorf("failed to get active proxy cluster addresses: %v", err) @@ -286,12 +286,12 @@ func (m Manager) DeriveClusterFromDomain(ctx context.Context, accountID, domain } func (m Manager) getClusterAllowList(ctx context.Context, accountID string) ([]string, error) { - byodAddresses, err := m.proxyManager.GetActiveClusterAddressesForAccount(ctx, accountID) + byopAddresses, err := m.proxyManager.GetActiveClusterAddressesForAccount(ctx, accountID) if err != nil { - return nil, fmt.Errorf("get BYOD cluster addresses: %w", err) + return nil, fmt.Errorf("get BYOP cluster addresses: %w", err) } - if len(byodAddresses) > 0 { - return byodAddresses, nil + if len(byopAddresses) > 0 { + return byopAddresses, nil } return m.proxyManager.GetActiveClusterAddresses(ctx) } diff --git a/management/internals/modules/reverseproxy/domain/manager/manager_test.go b/management/internals/modules/reverseproxy/domain/manager/manager_test.go index cf317ca4c..2a88fd2b0 100644 --- a/management/internals/modules/reverseproxy/domain/manager/manager_test.go +++ b/management/internals/modules/reverseproxy/domain/manager/manager_test.go @@ -28,14 +28,14 @@ func (m *mockProxyManager) GetActiveClusterAddressesForAccount(ctx context.Conte return nil, nil } -func TestGetClusterAllowList_BYODProxy(t *testing.T) { +func TestGetClusterAllowList_BYOPProxy(t *testing.T) { pm := &mockProxyManager{ getActiveClusterAddressesForAccountFunc: func(_ context.Context, accID string) ([]string, error) { assert.Equal(t, "acc-123", accID) - return []string{"byod.example.com"}, nil + return []string{"byop.example.com"}, nil }, getActiveClusterAddressesFunc: func(_ context.Context) ([]string, error) { - t.Fatal("should not call GetActiveClusterAddresses when BYOD addresses exist") + t.Fatal("should not call GetActiveClusterAddresses when BYOP addresses exist") return nil, nil }, } @@ -43,10 +43,10 @@ func TestGetClusterAllowList_BYODProxy(t *testing.T) { mgr := Manager{proxyManager: pm} result, err := mgr.getClusterAllowList(context.Background(), "acc-123") require.NoError(t, err) - assert.Equal(t, []string{"byod.example.com"}, result) + assert.Equal(t, []string{"byop.example.com"}, result) } -func TestGetClusterAllowList_NoBYOD_FallbackToShared(t *testing.T) { +func TestGetClusterAllowList_NoBYOP_FallbackToShared(t *testing.T) { pm := &mockProxyManager{ getActiveClusterAddressesForAccountFunc: func(_ context.Context, _ string) ([]string, error) { return nil, nil @@ -62,7 +62,7 @@ func TestGetClusterAllowList_NoBYOD_FallbackToShared(t *testing.T) { assert.Equal(t, []string{"eu.proxy.netbird.io", "us.proxy.netbird.io"}, result) } -func TestGetClusterAllowList_BYODError_FallbackToShared(t *testing.T) { +func TestGetClusterAllowList_BYOPError_FallbackToShared(t *testing.T) { pm := &mockProxyManager{ getActiveClusterAddressesForAccountFunc: func(_ context.Context, _ string) ([]string, error) { return nil, errors.New("db error") @@ -78,7 +78,7 @@ func TestGetClusterAllowList_BYODError_FallbackToShared(t *testing.T) { assert.Equal(t, []string{"eu.proxy.netbird.io"}, result) } -func TestGetClusterAllowList_BYODEmptySlice_FallbackToShared(t *testing.T) { +func TestGetClusterAllowList_BYOPEmptySlice_FallbackToShared(t *testing.T) { pm := &mockProxyManager{ getActiveClusterAddressesForAccountFunc: func(_ context.Context, _ string) ([]string, error) { return []string{}, nil diff --git a/management/internals/modules/reverseproxy/proxy/manager/manager_test.go b/management/internals/modules/reverseproxy/proxy/manager/manager_test.go index 3c3bf8fa4..3bf102ffb 100644 --- a/management/internals/modules/reverseproxy/proxy/manager/manager_test.go +++ b/management/internals/modules/reverseproxy/proxy/manager/manager_test.go @@ -246,7 +246,7 @@ func TestGetAccountProxy(t *testing.T) { t.Run("found", func(t *testing.T) { expected := &proxy.Proxy{ ID: "proxy-1", - ClusterAddress: "byod.example.com", + ClusterAddress: "byop.example.com", AccountID: &accountID, Status: proxy.StatusConnected, } @@ -306,7 +306,7 @@ func TestDeleteProxy(t *testing.T) { } func TestGetActiveClusterAddressesForAccount(t *testing.T) { - expected := []string{"byod.example.com"} + expected := []string{"byop.example.com"} s := &mockStore{ getActiveProxyClusterAddressesForAccFunc: func(_ context.Context, accID string) ([]string, error) { assert.Equal(t, "acc-123", accID) diff --git a/management/internals/modules/reverseproxy/selfhostedproxy/handler_test.go b/management/internals/modules/reverseproxy/selfhostedproxy/handler_test.go index 00515d24d..ea26233b1 100644 --- a/management/internals/modules/reverseproxy/selfhostedproxy/handler_test.go +++ b/management/internals/modules/reverseproxy/selfhostedproxy/handler_test.go @@ -50,7 +50,7 @@ func TestListProxies_Success(t *testing.T) { proxyMgr := proxy.NewMockManager(ctrl) proxyMgr.EXPECT().GetAccountProxy(gomock.Any(), accountID).Return(&proxy.Proxy{ ID: "proxy-1", - ClusterAddress: "byod.example.com", + ClusterAddress: "byop.example.com", IPAddress: "10.0.0.1", AccountID: &accountID, Status: proxy.StatusConnected, @@ -60,8 +60,8 @@ func TestListProxies_Success(t *testing.T) { serviceMgr := rpservice.NewMockManager(ctrl) serviceMgr.EXPECT().GetAccountServices(gomock.Any(), accountID).Return([]*rpservice.Service{ - {ProxyCluster: "byod.example.com"}, - {ProxyCluster: "byod.example.com"}, + {ProxyCluster: "byop.example.com"}, + {ProxyCluster: "byop.example.com"}, {ProxyCluster: "other.cluster.com"}, }, nil) @@ -85,7 +85,7 @@ func TestListProxies_Success(t *testing.T) { require.NoError(t, json.NewDecoder(w.Body).Decode(&resp)) require.Len(t, resp, 1) assert.Equal(t, "proxy-1", resp[0].Id) - assert.Equal(t, "byod.example.com", resp[0].ClusterAddress) + assert.Equal(t, "byop.example.com", resp[0].ClusterAddress) assert.Equal(t, 2, resp[0].ServiceCount) assert.Equal(t, api.SelfHostedProxyStatus(proxy.StatusConnected), resp[0].Status) } diff --git a/management/internals/shared/grpc/proxy.go b/management/internals/shared/grpc/proxy.go index 2a445bd6d..f8c674749 100644 --- a/management/internals/shared/grpc/proxy.go +++ b/management/internals/shared/grpc/proxy.go @@ -226,7 +226,7 @@ func (s *ProxyServiceServer) GetMappingUpdate(req *proto.GetMappingUpdateRequest if strings.Contains(err.Error(), "UNIQUE constraint") || strings.Contains(err.Error(), "duplicate key") || strings.Contains(err.Error(), "idx_proxy_account_id_unique") { return status.Errorf(codes.ResourceExhausted, "limit of 1 self-hosted proxy per account") } - return status.Errorf(codes.Internal, "failed to register BYOD proxy: %v", err) + return status.Errorf(codes.Internal, "failed to register BYOP proxy: %v", err) } log.WithContext(ctx).Warnf("Failed to register proxy %s in database: %v", proxyID, err) } @@ -308,7 +308,7 @@ func (s *ProxyServiceServer) heartbeat(ctx context.Context, conn *proxyConnectio // sendSnapshot sends the initial snapshot of services to the connecting proxy. // Only services matching the proxy's cluster address are sent. -// For BYOD proxies (account-scoped), only account services are sent. +// For BYOP proxies (account-scoped), only account services are sent. func (s *ProxyServiceServer) sendSnapshot(ctx context.Context, conn *proxyConnection) error { var services []*rpservice.Service var err error @@ -450,7 +450,7 @@ func (s *ProxyServiceServer) SendAccessLog(ctx context.Context, req *proto.SendA // Management should call this when services are created/updated/removed. // For create/update operations a unique one-time auth token is generated per // proxy so that every replica can independently authenticate with management. -// BYOD proxies only receive updates for their own account's services. +// BYOP proxies only receive updates for their own account's services. func (s *ProxyServiceServer) SendServiceUpdate(update *proto.GetMappingUpdateResponse) { log.Debugf("Broadcasting service update to all connected proxy servers") var updateAccountID string diff --git a/management/internals/shared/grpc/proxy_address_test.go b/management/internals/shared/grpc/proxy_address_test.go index 8e3181f78..824a57226 100644 --- a/management/internals/shared/grpc/proxy_address_test.go +++ b/management/internals/shared/grpc/proxy_address_test.go @@ -13,7 +13,7 @@ func TestIsProxyAddressValid(t *testing.T) { valid bool }{ {name: "valid domain", addr: "eu.proxy.netbird.io", valid: true}, - {name: "valid subdomain", addr: "byod.proxy.example.com", valid: true}, + {name: "valid subdomain", addr: "byop.proxy.example.com", valid: true}, {name: "valid IPv4", addr: "10.0.0.1", valid: true}, {name: "valid IPv4 public", addr: "203.0.113.10", valid: true}, {name: "valid IPv6", addr: "::1", valid: true}, diff --git a/proxy/management_byod_integration_test.go b/proxy/management_byop_integration_test.go similarity index 82% rename from proxy/management_byod_integration_test.go rename to proxy/management_byop_integration_test.go index d40178527..ea29b6960 100644 --- a/proxy/management_byod_integration_test.go +++ b/proxy/management_byop_integration_test.go @@ -27,7 +27,7 @@ import ( "github.com/netbirdio/netbird/shared/management/proto" ) -type byodTestSetup struct { +type byopTestSetup struct { store store.Store proxyService *nbgrpc.ProxyServiceServer grpcServer *grpc.Server @@ -42,15 +42,15 @@ type byodTestSetup struct { accountBCluster string } -func setupBYODIntegrationTest(t *testing.T) *byodTestSetup { +func setupBYOPIntegrationTest(t *testing.T) *byopTestSetup { t.Helper() ctx := context.Background() testStore, storeCleanup, err := store.NewTestStoreFromSQL(ctx, "", t.TempDir()) require.NoError(t, err) - accountAID := "byod-account-a" - accountBID := "byod-account-b" + accountAID := "byop-account-a" + accountBID := "byop-account-b" for _, acc := range []*types.Account{ {Id: accountAID, Domain: "a.test.com", DomainCategory: "private", IsDomainPrimaryAccount: true, CreatedAt: time.Now()}, @@ -64,8 +64,8 @@ func setupBYODIntegrationTest(t *testing.T) *byodTestSetup { pubKey := base64.StdEncoding.EncodeToString(pub) privKey := base64.StdEncoding.EncodeToString(priv) - clusterA := "byod-a.proxy.test" - clusterB := "byod-b.proxy.test" + clusterA := "byop-a.proxy.test" + clusterB := "byop-b.proxy.test" services := []*service.Service{ { @@ -91,11 +91,11 @@ func setupBYODIntegrationTest(t *testing.T) *byodTestSetup { require.NoError(t, testStore.CreateService(ctx, svc)) } - tokenA, err := types.CreateNewProxyAccessToken("byod-token-a", 0, &accountAID, "admin-a") + tokenA, err := types.CreateNewProxyAccessToken("byop-token-a", 0, &accountAID, "admin-a") require.NoError(t, err) require.NoError(t, testStore.SaveProxyAccessToken(ctx, &tokenA.ProxyAccessToken)) - tokenB, err := types.CreateNewProxyAccessToken("byod-token-b", 0, &accountBID, "admin-b") + tokenB, err := types.CreateNewProxyAccessToken("byop-token-b", 0, &accountBID, "admin-b") require.NoError(t, err) require.NoError(t, testStore.SaveProxyAccessToken(ctx, &tokenB.ProxyAccessToken)) @@ -147,7 +147,7 @@ func setupBYODIntegrationTest(t *testing.T) *byodTestSetup { } }() - return &byodTestSetup{ + return &byopTestSetup{ store: testStore, proxyService: proxyService, grpcServer: grpcServer, @@ -166,12 +166,12 @@ func setupBYODIntegrationTest(t *testing.T) *byodTestSetup { } } -func byodContext(ctx context.Context, token types.PlainProxyToken) context.Context { +func byopContext(ctx context.Context, token types.PlainProxyToken) context.Context { md := metadata.Pairs("authorization", "Bearer "+string(token)) return metadata.NewOutgoingContext(ctx, md) } -func receiveBYODMappings(t *testing.T, stream proto.ProxyService_GetMappingUpdateClient) []*proto.ProxyMapping { +func receiveBYOPMappings(t *testing.T, stream proto.ProxyService_GetMappingUpdateClient) []*proto.ProxyMapping { t.Helper() var mappings []*proto.ProxyMapping for { @@ -185,8 +185,8 @@ func receiveBYODMappings(t *testing.T, stream proto.ProxyService_GetMappingUpdat return mappings } -func TestIntegration_BYODProxy_ReceivesOnlyAccountServices(t *testing.T) { - setup := setupBYODIntegrationTest(t) +func TestIntegration_BYOPProxy_ReceivesOnlyAccountServices(t *testing.T) { + setup := setupBYOPIntegrationTest(t) defer setup.cleanup() conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials())) @@ -195,19 +195,19 @@ func TestIntegration_BYODProxy_ReceivesOnlyAccountServices(t *testing.T) { client := proto.NewProxyServiceClient(conn) - ctx, cancel := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second) + ctx, cancel := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second) defer cancel() stream, err := client.GetMappingUpdate(ctx, &proto.GetMappingUpdateRequest{ - ProxyId: "byod-proxy-a", + ProxyId: "byop-proxy-a", Version: "test-v1", Address: setup.accountACluster, }) require.NoError(t, err) - mappings := receiveBYODMappings(t, stream) + mappings := receiveBYOPMappings(t, stream) - assert.Len(t, mappings, 2, "BYOD proxy should receive only account A's 2 services") + assert.Len(t, mappings, 2, "BYOP proxy should receive only account A's 2 services") for _, m := range mappings { assert.Equal(t, setup.accountA, m.GetAccountId(), "all mappings should belong to account A") t.Logf("received mapping: id=%s domain=%s account=%s", m.GetId(), m.GetDomain(), m.GetAccountId()) @@ -222,8 +222,8 @@ func TestIntegration_BYODProxy_ReceivesOnlyAccountServices(t *testing.T) { assert.False(t, ids["svc-b1"], "should NOT contain account B's svc-b1") } -func TestIntegration_BYODProxy_AccountBReceivesOnlyItsServices(t *testing.T) { - setup := setupBYODIntegrationTest(t) +func TestIntegration_BYOPProxy_AccountBReceivesOnlyItsServices(t *testing.T) { + setup := setupBYOPIntegrationTest(t) defer setup.cleanup() conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials())) @@ -232,25 +232,25 @@ func TestIntegration_BYODProxy_AccountBReceivesOnlyItsServices(t *testing.T) { client := proto.NewProxyServiceClient(conn) - ctx, cancel := context.WithTimeout(byodContext(context.Background(), setup.accountBToken), 5*time.Second) + ctx, cancel := context.WithTimeout(byopContext(context.Background(), setup.accountBToken), 5*time.Second) defer cancel() stream, err := client.GetMappingUpdate(ctx, &proto.GetMappingUpdateRequest{ - ProxyId: "byod-proxy-b", + ProxyId: "byop-proxy-b", Version: "test-v1", Address: setup.accountBCluster, }) require.NoError(t, err) - mappings := receiveBYODMappings(t, stream) + mappings := receiveBYOPMappings(t, stream) - assert.Len(t, mappings, 1, "BYOD proxy B should receive only 1 service") + assert.Len(t, mappings, 1, "BYOP proxy B should receive only 1 service") assert.Equal(t, "svc-b1", mappings[0].GetId()) assert.Equal(t, setup.accountB, mappings[0].GetAccountId()) } -func TestIntegration_BYODProxy_LimitOnePerAccount(t *testing.T) { - setup := setupBYODIntegrationTest(t) +func TestIntegration_BYOPProxy_LimitOnePerAccount(t *testing.T) { + setup := setupBYOPIntegrationTest(t) defer setup.cleanup() conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials())) @@ -259,23 +259,23 @@ func TestIntegration_BYODProxy_LimitOnePerAccount(t *testing.T) { client := proto.NewProxyServiceClient(conn) - ctx1, cancel1 := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second) + ctx1, cancel1 := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second) defer cancel1() stream1, err := client.GetMappingUpdate(ctx1, &proto.GetMappingUpdateRequest{ - ProxyId: "byod-proxy-a-first", + ProxyId: "byop-proxy-a-first", Version: "test-v1", Address: setup.accountACluster, }) require.NoError(t, err) - _ = receiveBYODMappings(t, stream1) + _ = receiveBYOPMappings(t, stream1) - ctx2, cancel2 := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second) + ctx2, cancel2 := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second) defer cancel2() stream2, err := client.GetMappingUpdate(ctx2, &proto.GetMappingUpdateRequest{ - ProxyId: "byod-proxy-a-second", + ProxyId: "byop-proxy-a-second", Version: "test-v1", Address: setup.accountACluster, }) @@ -286,12 +286,12 @@ func TestIntegration_BYODProxy_LimitOnePerAccount(t *testing.T) { st, ok := grpcstatus.FromError(err) require.True(t, ok) - assert.Equal(t, codes.ResourceExhausted, st.Code(), "second BYOD proxy should be rejected with ResourceExhausted") + assert.Equal(t, codes.ResourceExhausted, st.Code(), "second BYOP proxy should be rejected with ResourceExhausted") t.Logf("expected rejection: %s", st.Message()) } -func TestIntegration_BYODProxy_ClusterAddressConflict(t *testing.T) { - setup := setupBYODIntegrationTest(t) +func TestIntegration_BYOPProxy_ClusterAddressConflict(t *testing.T) { + setup := setupBYOPIntegrationTest(t) defer setup.cleanup() conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials())) @@ -300,23 +300,23 @@ func TestIntegration_BYODProxy_ClusterAddressConflict(t *testing.T) { client := proto.NewProxyServiceClient(conn) - ctx1, cancel1 := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second) + ctx1, cancel1 := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second) defer cancel1() stream1, err := client.GetMappingUpdate(ctx1, &proto.GetMappingUpdateRequest{ - ProxyId: "byod-proxy-a-cluster", + ProxyId: "byop-proxy-a-cluster", Version: "test-v1", Address: setup.accountACluster, }) require.NoError(t, err) - _ = receiveBYODMappings(t, stream1) + _ = receiveBYOPMappings(t, stream1) - ctx2, cancel2 := context.WithTimeout(byodContext(context.Background(), setup.accountBToken), 5*time.Second) + ctx2, cancel2 := context.WithTimeout(byopContext(context.Background(), setup.accountBToken), 5*time.Second) defer cancel2() stream2, err := client.GetMappingUpdate(ctx2, &proto.GetMappingUpdateRequest{ - ProxyId: "byod-proxy-b-conflict", + ProxyId: "byop-proxy-b-conflict", Version: "test-v1", Address: setup.accountACluster, }) @@ -331,8 +331,8 @@ func TestIntegration_BYODProxy_ClusterAddressConflict(t *testing.T) { t.Logf("expected rejection: %s", st.Message()) } -func TestIntegration_BYODProxy_SameProxyReconnects(t *testing.T) { - setup := setupBYODIntegrationTest(t) +func TestIntegration_BYOPProxy_SameProxyReconnects(t *testing.T) { + setup := setupBYOPIntegrationTest(t) defer setup.cleanup() conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials())) @@ -341,9 +341,9 @@ func TestIntegration_BYODProxy_SameProxyReconnects(t *testing.T) { client := proto.NewProxyServiceClient(conn) - proxyID := "byod-proxy-reconnect" + proxyID := "byop-proxy-reconnect" - ctx1, cancel1 := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second) + ctx1, cancel1 := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second) stream1, err := client.GetMappingUpdate(ctx1, &proto.GetMappingUpdateRequest{ ProxyId: proxyID, Version: "test-v1", @@ -351,12 +351,12 @@ func TestIntegration_BYODProxy_SameProxyReconnects(t *testing.T) { }) require.NoError(t, err) - firstMappings := receiveBYODMappings(t, stream1) + firstMappings := receiveBYOPMappings(t, stream1) cancel1() time.Sleep(200 * time.Millisecond) - ctx2, cancel2 := context.WithTimeout(byodContext(context.Background(), setup.accountAToken), 5*time.Second) + ctx2, cancel2 := context.WithTimeout(byopContext(context.Background(), setup.accountAToken), 5*time.Second) defer cancel2() stream2, err := client.GetMappingUpdate(ctx2, &proto.GetMappingUpdateRequest{ @@ -366,7 +366,7 @@ func TestIntegration_BYODProxy_SameProxyReconnects(t *testing.T) { }) require.NoError(t, err) - secondMappings := receiveBYODMappings(t, stream2) + secondMappings := receiveBYOPMappings(t, stream2) assert.Equal(t, len(firstMappings), len(secondMappings), "reconnect should receive same mappings") @@ -379,8 +379,8 @@ func TestIntegration_BYODProxy_SameProxyReconnects(t *testing.T) { } } -func TestIntegration_BYODProxy_UnauthenticatedRejected(t *testing.T) { - setup := setupBYODIntegrationTest(t) +func TestIntegration_BYOPProxy_UnauthenticatedRejected(t *testing.T) { + setup := setupBYOPIntegrationTest(t) defer setup.cleanup() conn, err := grpc.NewClient(setup.grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))