[client, management] Add new network concept (#3047)

---------

Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com>
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>

management/server/networks/routers/manager.go

@@ -0,0 +1,289 @@
+package routers
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"github.com/rs/xid"
+
+	s "github.com/netbirdio/netbird/management/server"
+	"github.com/netbirdio/netbird/management/server/activity"
+	"github.com/netbirdio/netbird/management/server/networks/routers/types"
+	networkTypes "github.com/netbirdio/netbird/management/server/networks/types"
+	"github.com/netbirdio/netbird/management/server/permissions"
+	"github.com/netbirdio/netbird/management/server/status"
+	"github.com/netbirdio/netbird/management/server/store"
+)
+
+type Manager interface {
+	GetAllRoutersInNetwork(ctx context.Context, accountID, userID, networkID string) ([]*types.NetworkRouter, error)
+	GetAllRoutersInAccount(ctx context.Context, accountID, userID string) (map[string][]*types.NetworkRouter, error)
+	CreateRouter(ctx context.Context, userID string, router *types.NetworkRouter) (*types.NetworkRouter, error)
+	GetRouter(ctx context.Context, accountID, userID, networkID, routerID string) (*types.NetworkRouter, error)
+	UpdateRouter(ctx context.Context, userID string, router *types.NetworkRouter) (*types.NetworkRouter, error)
+	DeleteRouter(ctx context.Context, accountID, userID, networkID, routerID string) error
+	DeleteRouterInTransaction(ctx context.Context, transaction store.Store, accountID, userID, networkID, routerID string) (func(), error)
+}
+
+type managerImpl struct {
+	store              store.Store
+	permissionsManager permissions.Manager
+	accountManager     s.AccountManager
+}
+
+type mockManager struct {
+}
+
+func NewManager(store store.Store, permissionsManager permissions.Manager, accountManager s.AccountManager) Manager {
+	return &managerImpl{
+		store:              store,
+		permissionsManager: permissionsManager,
+		accountManager:     accountManager,
+	}
+}
+
+func (m *managerImpl) GetAllRoutersInNetwork(ctx context.Context, accountID, userID, networkID string) ([]*types.NetworkRouter, error) {
+	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, permissions.Networks, permissions.Read)
+	if err != nil {
+		return nil, status.NewPermissionValidationError(err)
+	}
+	if !ok {
+		return nil, status.NewPermissionDeniedError()
+	}
+
+	return m.store.GetNetworkRoutersByNetID(ctx, store.LockingStrengthShare, accountID, networkID)
+}
+
+func (m *managerImpl) GetAllRoutersInAccount(ctx context.Context, accountID, userID string) (map[string][]*types.NetworkRouter, error) {
+	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, permissions.Networks, permissions.Read)
+	if err != nil {
+		return nil, status.NewPermissionValidationError(err)
+	}
+	if !ok {
+		return nil, status.NewPermissionDeniedError()
+	}
+
+	routers, err := m.store.GetNetworkRoutersByAccountID(ctx, store.LockingStrengthShare, accountID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get network routers: %w", err)
+	}
+
+	routersMap := make(map[string][]*types.NetworkRouter)
+	for _, router := range routers {
+		routersMap[router.NetworkID] = append(routersMap[router.NetworkID], router)
+	}
+
+	return routersMap, nil
+}
+
+func (m *managerImpl) CreateRouter(ctx context.Context, userID string, router *types.NetworkRouter) (*types.NetworkRouter, error) {
+	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, router.AccountID, userID, permissions.Networks, permissions.Write)
+	if err != nil {
+		return nil, status.NewPermissionValidationError(err)
+	}
+	if !ok {
+		return nil, status.NewPermissionDeniedError()
+	}
+
+	unlock := m.store.AcquireWriteLockByUID(ctx, router.AccountID)
+	defer unlock()
+
+	var network *networkTypes.Network
+	err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
+		network, err = transaction.GetNetworkByID(ctx, store.LockingStrengthShare, router.AccountID, router.NetworkID)
+		if err != nil {
+			return fmt.Errorf("failed to get network: %w", err)
+		}
+
+		if network.ID != router.NetworkID {
+			return status.NewNetworkNotFoundError(router.NetworkID)
+		}
+
+		router.ID = xid.New().String()
+
+		err = transaction.SaveNetworkRouter(ctx, store.LockingStrengthUpdate, router)
+		if err != nil {
+			return fmt.Errorf("failed to create network router: %w", err)
+		}
+
+		err = transaction.IncrementNetworkSerial(ctx, store.LockingStrengthUpdate, router.AccountID)
+		if err != nil {
+			return fmt.Errorf("failed to increment network serial: %w", err)
+		}
+
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	m.accountManager.StoreEvent(ctx, userID, router.ID, router.AccountID, activity.NetworkRouterCreated, router.EventMeta(network))
+
+	go m.accountManager.UpdateAccountPeers(ctx, router.AccountID)
+
+	return router, nil
+}
+
+func (m *managerImpl) GetRouter(ctx context.Context, accountID, userID, networkID, routerID string) (*types.NetworkRouter, error) {
+	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, permissions.Networks, permissions.Read)
+	if err != nil {
+		return nil, status.NewPermissionValidationError(err)
+	}
+	if !ok {
+		return nil, status.NewPermissionDeniedError()
+	}
+
+	router, err := m.store.GetNetworkRouterByID(ctx, store.LockingStrengthShare, accountID, routerID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get network router: %w", err)
+	}
+
+	if router.NetworkID != networkID {
+		return nil, errors.New("router not part of network")
+	}
+
+	return router, nil
+}
+
+func (m *managerImpl) UpdateRouter(ctx context.Context, userID string, router *types.NetworkRouter) (*types.NetworkRouter, error) {
+	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, router.AccountID, userID, permissions.Networks, permissions.Write)
+	if err != nil {
+		return nil, status.NewPermissionValidationError(err)
+	}
+	if !ok {
+		return nil, status.NewPermissionDeniedError()
+	}
+
+	unlock := m.store.AcquireWriteLockByUID(ctx, router.AccountID)
+	defer unlock()
+
+	var network *networkTypes.Network
+	err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
+		network, err = transaction.GetNetworkByID(ctx, store.LockingStrengthShare, router.AccountID, router.NetworkID)
+		if err != nil {
+			return fmt.Errorf("failed to get network: %w", err)
+		}
+
+		if network.ID != router.NetworkID {
+			return status.NewRouterNotPartOfNetworkError(router.ID, router.NetworkID)
+		}
+
+		err = transaction.SaveNetworkRouter(ctx, store.LockingStrengthUpdate, router)
+		if err != nil {
+			return fmt.Errorf("failed to update network router: %w", err)
+		}
+
+		err = transaction.IncrementNetworkSerial(ctx, store.LockingStrengthUpdate, router.AccountID)
+		if err != nil {
+			return fmt.Errorf("failed to increment network serial: %w", err)
+		}
+
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	m.accountManager.StoreEvent(ctx, userID, router.ID, router.AccountID, activity.NetworkRouterUpdated, router.EventMeta(network))
+
+	go m.accountManager.UpdateAccountPeers(ctx, router.AccountID)
+
+	return router, nil
+}
+
+func (m *managerImpl) DeleteRouter(ctx context.Context, accountID, userID, networkID, routerID string) error {
+	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, permissions.Networks, permissions.Write)
+	if err != nil {
+		return status.NewPermissionValidationError(err)
+	}
+	if !ok {
+		return status.NewPermissionDeniedError()
+	}
+
+	unlock := m.store.AcquireWriteLockByUID(ctx, accountID)
+	defer unlock()
+
+	var event func()
+	err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
+		event, err = m.DeleteRouterInTransaction(ctx, transaction, accountID, userID, networkID, routerID)
+		if err != nil {
+			return fmt.Errorf("failed to delete network router: %w", err)
+		}
+
+		err = transaction.IncrementNetworkSerial(ctx, store.LockingStrengthUpdate, accountID)
+		if err != nil {
+			return fmt.Errorf("failed to increment network serial: %w", err)
+		}
+
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	event()
+
+	go m.accountManager.UpdateAccountPeers(ctx, accountID)
+
+	return nil
+}
+
+func (m *managerImpl) DeleteRouterInTransaction(ctx context.Context, transaction store.Store, accountID, userID, networkID, routerID string) (func(), error) {
+	network, err := transaction.GetNetworkByID(ctx, store.LockingStrengthShare, accountID, networkID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get network: %w", err)
+	}
+
+	router, err := transaction.GetNetworkRouterByID(ctx, store.LockingStrengthUpdate, accountID, routerID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get network router: %w", err)
+	}
+
+	if router.NetworkID != networkID {
+		return nil, status.NewRouterNotPartOfNetworkError(routerID, networkID)
+	}
+
+	err = transaction.DeleteNetworkRouter(ctx, store.LockingStrengthUpdate, accountID, routerID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to delete network router: %w", err)
+	}
+
+	event := func() {
+		m.accountManager.StoreEvent(ctx, userID, routerID, accountID, activity.NetworkRouterDeleted, router.EventMeta(network))
+	}
+
+	return event, nil
+}
+
+func NewManagerMock() Manager {
+	return &mockManager{}
+}
+
+func (m *mockManager) GetAllRoutersInNetwork(ctx context.Context, accountID, userID, networkID string) ([]*types.NetworkRouter, error) {
+	return []*types.NetworkRouter{}, nil
+}
+
+func (m *mockManager) GetAllRoutersInAccount(ctx context.Context, accountID, userID string) (map[string][]*types.NetworkRouter, error) {
+	return map[string][]*types.NetworkRouter{}, nil
+}
+
+func (m *mockManager) CreateRouter(ctx context.Context, userID string, router *types.NetworkRouter) (*types.NetworkRouter, error) {
+	return router, nil
+}
+
+func (m *mockManager) GetRouter(ctx context.Context, accountID, userID, networkID, routerID string) (*types.NetworkRouter, error) {
+	return &types.NetworkRouter{}, nil
+}
+
+func (m *mockManager) UpdateRouter(ctx context.Context, userID string, router *types.NetworkRouter) (*types.NetworkRouter, error) {
+	return router, nil
+}
+
+func (m *mockManager) DeleteRouter(ctx context.Context, accountID, userID, networkID, routerID string) error {
+	return nil
+}
+
+func (m *mockManager) DeleteRouterInTransaction(ctx context.Context, transaction store.Store, accountID, userID, networkID, routerID string) (func(), error) {
+	return func() {}, nil
+}

management/server/networks/routers/manager_test.go

@@ -0,0 +1,234 @@
+package routers
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/netbirdio/netbird/management/server/mock_server"
+	"github.com/netbirdio/netbird/management/server/networks/routers/types"
+	"github.com/netbirdio/netbird/management/server/permissions"
+	"github.com/netbirdio/netbird/management/server/status"
+	"github.com/netbirdio/netbird/management/server/store"
+)
+
+func Test_GetAllRoutersInNetworkReturnsRouters(t *testing.T) {
+	ctx := context.Background()
+	accountID := "testAccountId"
+	userID := "allowedUser"
+	networkID := "testNetworkId"
+
+	s, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(cleanUp)
+	permissionsManager := permissions.NewManagerMock()
+	am := mock_server.MockAccountManager{}
+	manager := NewManager(s, permissionsManager, &am)
+
+	routers, err := manager.GetAllRoutersInNetwork(ctx, accountID, userID, networkID)
+	require.NoError(t, err)
+	require.Len(t, routers, 1)
+	require.Equal(t, "testRouterId", routers[0].ID)
+}
+
+func Test_GetAllRoutersInNetworkReturnsPermissionDenied(t *testing.T) {
+	ctx := context.Background()
+	accountID := "testAccountId"
+	userID := "invalidUser"
+	networkID := "testNetworkId"
+
+	s, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(cleanUp)
+	permissionsManager := permissions.NewManagerMock()
+	am := mock_server.MockAccountManager{}
+	manager := NewManager(s, permissionsManager, &am)
+
+	routers, err := manager.GetAllRoutersInNetwork(ctx, accountID, userID, networkID)
+	require.Error(t, err)
+	require.Equal(t, status.NewPermissionDeniedError(), err)
+	require.Nil(t, routers)
+}
+
+func Test_GetRouterReturnsRouter(t *testing.T) {
+	ctx := context.Background()
+	accountID := "testAccountId"
+	userID := "allowedUser"
+	networkID := "testNetworkId"
+	resourceID := "testRouterId"
+
+	s, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(cleanUp)
+	permissionsManager := permissions.NewManagerMock()
+	am := mock_server.MockAccountManager{}
+	manager := NewManager(s, permissionsManager, &am)
+
+	router, err := manager.GetRouter(ctx, accountID, userID, networkID, resourceID)
+	require.NoError(t, err)
+	require.Equal(t, "testRouterId", router.ID)
+}
+
+func Test_GetRouterReturnsPermissionDenied(t *testing.T) {
+	ctx := context.Background()
+	accountID := "testAccountId"
+	userID := "invalidUser"
+	networkID := "testNetworkId"
+	resourceID := "testRouterId"
+
+	s, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(cleanUp)
+	permissionsManager := permissions.NewManagerMock()
+	am := mock_server.MockAccountManager{}
+	manager := NewManager(s, permissionsManager, &am)
+
+	router, err := manager.GetRouter(ctx, accountID, userID, networkID, resourceID)
+	require.Error(t, err)
+	require.Equal(t, status.NewPermissionDeniedError(), err)
+	require.Nil(t, router)
+}
+
+func Test_CreateRouterSuccessfully(t *testing.T) {
+	ctx := context.Background()
+	userID := "allowedUser"
+	router, err := types.NewNetworkRouter("testAccountId", "testNetworkId", "testPeerId", []string{}, false, 9999)
+	if err != nil {
+		require.NoError(t, err)
+	}
+
+	s, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(cleanUp)
+	permissionsManager := permissions.NewManagerMock()
+	am := mock_server.MockAccountManager{}
+	manager := NewManager(s, permissionsManager, &am)
+
+	createdRouter, err := manager.CreateRouter(ctx, userID, router)
+	require.NoError(t, err)
+	require.NotEqual(t, "", router.ID)
+	require.Equal(t, router.NetworkID, createdRouter.NetworkID)
+	require.Equal(t, router.Peer, createdRouter.Peer)
+	require.Equal(t, router.Metric, createdRouter.Metric)
+	require.Equal(t, router.Masquerade, createdRouter.Masquerade)
+}
+
+func Test_CreateRouterFailsWithPermissionDenied(t *testing.T) {
+	ctx := context.Background()
+	userID := "invalidUser"
+	router, err := types.NewNetworkRouter("testAccountId", "testNetworkId", "testPeerId", []string{}, false, 9999)
+	if err != nil {
+		require.NoError(t, err)
+	}
+
+	s, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(cleanUp)
+	permissionsManager := permissions.NewManagerMock()
+	am := mock_server.MockAccountManager{}
+	manager := NewManager(s, permissionsManager, &am)
+
+	createdRouter, err := manager.CreateRouter(ctx, userID, router)
+	require.Error(t, err)
+	require.Equal(t, status.NewPermissionDeniedError(), err)
+	require.Nil(t, createdRouter)
+}
+
+func Test_DeleteRouterSuccessfully(t *testing.T) {
+	ctx := context.Background()
+	accountID := "testAccountId"
+	userID := "allowedUser"
+	networkID := "testNetworkId"
+	routerID := "testRouterId"
+
+	s, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(cleanUp)
+	permissionsManager := permissions.NewManagerMock()
+	am := mock_server.MockAccountManager{}
+	manager := NewManager(s, permissionsManager, &am)
+
+	err = manager.DeleteRouter(ctx, accountID, userID, networkID, routerID)
+	require.NoError(t, err)
+}
+
+func Test_DeleteRouterFailsWithPermissionDenied(t *testing.T) {
+	ctx := context.Background()
+	accountID := "testAccountId"
+	userID := "invalidUser"
+	networkID := "testNetworkId"
+	routerID := "testRouterId"
+
+	s, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(cleanUp)
+	permissionsManager := permissions.NewManagerMock()
+	am := mock_server.MockAccountManager{}
+	manager := NewManager(s, permissionsManager, &am)
+
+	err = manager.DeleteRouter(ctx, accountID, userID, networkID, routerID)
+	require.Error(t, err)
+	require.Equal(t, status.NewPermissionDeniedError(), err)
+}
+
+func Test_UpdateRouterSuccessfully(t *testing.T) {
+	ctx := context.Background()
+	userID := "allowedUser"
+	router, err := types.NewNetworkRouter("testAccountId", "testNetworkId", "testPeerId", []string{}, false, 1)
+	if err != nil {
+		require.NoError(t, err)
+	}
+
+	s, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(cleanUp)
+	permissionsManager := permissions.NewManagerMock()
+	am := mock_server.MockAccountManager{}
+	manager := NewManager(s, permissionsManager, &am)
+
+	updatedRouter, err := manager.UpdateRouter(ctx, userID, router)
+	require.NoError(t, err)
+	require.Equal(t, router.Metric, updatedRouter.Metric)
+}
+
+func Test_UpdateRouterFailsWithPermissionDenied(t *testing.T) {
+	ctx := context.Background()
+	userID := "invalidUser"
+	router, err := types.NewNetworkRouter("testAccountId", "testNetworkId", "testPeerId", []string{}, false, 1)
+	if err != nil {
+		require.NoError(t, err)
+	}
+
+	s, cleanUp, err := store.NewTestStoreFromSQL(context.Background(), "../../testdata/networks.sql", t.TempDir())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(cleanUp)
+	permissionsManager := permissions.NewManagerMock()
+	am := mock_server.MockAccountManager{}
+	manager := NewManager(s, permissionsManager, &am)
+
+	updatedRouter, err := manager.UpdateRouter(ctx, userID, router)
+	require.Error(t, err)
+	require.Equal(t, status.NewPermissionDeniedError(), err)
+	require.Nil(t, updatedRouter)
+}

management/server/networks/routers/types/router.go

@@ -0,0 +1,75 @@
+package types
+
+import (
+	"errors"
+
+	"github.com/rs/xid"
+
+	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/networks/types"
+)
+
+type NetworkRouter struct {
+	ID         string `gorm:"index"`
+	NetworkID  string `gorm:"index"`
+	AccountID  string `gorm:"index"`
+	Peer       string
+	PeerGroups []string `gorm:"serializer:json"`
+	Masquerade bool
+	Metric     int
+}
+
+func NewNetworkRouter(accountID string, networkID string, peer string, peerGroups []string, masquerade bool, metric int) (*NetworkRouter, error) {
+	if peer != "" && len(peerGroups) > 0 {
+		return nil, errors.New("peer and peerGroups cannot be set at the same time")
+	}
+
+	return &NetworkRouter{
+		ID:         xid.New().String(),
+		AccountID:  accountID,
+		NetworkID:  networkID,
+		Peer:       peer,
+		PeerGroups: peerGroups,
+		Masquerade: masquerade,
+		Metric:     metric,
+	}, nil
+}
+
+func (n *NetworkRouter) ToAPIResponse() *api.NetworkRouter {
+	return &api.NetworkRouter{
+		Id:         n.ID,
+		Peer:       &n.Peer,
+		PeerGroups: &n.PeerGroups,
+		Masquerade: n.Masquerade,
+		Metric:     n.Metric,
+	}
+}
+
+func (n *NetworkRouter) FromAPIRequest(req *api.NetworkRouterRequest) {
+	if req.Peer != nil {
+		n.Peer = *req.Peer
+	}
+
+	if req.PeerGroups != nil {
+		n.PeerGroups = *req.PeerGroups
+	}
+
+	n.Masquerade = req.Masquerade
+	n.Metric = req.Metric
+}
+
+func (n *NetworkRouter) Copy() *NetworkRouter {
+	return &NetworkRouter{
+		ID:         n.ID,
+		NetworkID:  n.NetworkID,
+		AccountID:  n.AccountID,
+		Peer:       n.Peer,
+		PeerGroups: n.PeerGroups,
+		Masquerade: n.Masquerade,
+		Metric:     n.Metric,
+	}
+}
+
+func (n *NetworkRouter) EventMeta(network *types.Network) map[string]any {
+	return map[string]any{"network_name": network.Name, "network_id": network.ID, "peer": n.Peer, "peer_groups": n.PeerGroups}
+}

management/server/networks/routers/types/router_test.go

@@ -0,0 +1,100 @@
+package types
+
+import "testing"
+
+func TestNewNetworkRouter(t *testing.T) {
+	tests := []struct {
+		name          string
+		accountID     string
+		networkID     string
+		peer          string
+		peerGroups    []string
+		masquerade    bool
+		metric        int
+		expectedError bool
+	}{
+		// Valid cases
+		{
+			name:          "Valid with peer only",
+			networkID:     "network-1",
+			accountID:     "account-1",
+			peer:          "peer-1",
+			peerGroups:    nil,
+			masquerade:    true,
+			metric:        100,
+			expectedError: false,
+		},
+		{
+			name:          "Valid with peerGroups only",
+			networkID:     "network-2",
+			accountID:     "account-2",
+			peer:          "",
+			peerGroups:    []string{"group-1", "group-2"},
+			masquerade:    false,
+			metric:        200,
+			expectedError: false,
+		},
+		{
+			name:          "Valid with no peer or peerGroups",
+			networkID:     "network-3",
+			accountID:     "account-3",
+			peer:          "",
+			peerGroups:    nil,
+			masquerade:    true,
+			metric:        300,
+			expectedError: false,
+		},
+
+		// Invalid cases
+		{
+			name:          "Invalid with both peer and peerGroups",
+			networkID:     "network-4",
+			accountID:     "account-4",
+			peer:          "peer-2",
+			peerGroups:    []string{"group-3"},
+			masquerade:    false,
+			metric:        400,
+			expectedError: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			router, err := NewNetworkRouter(tt.accountID, tt.networkID, tt.peer, tt.peerGroups, tt.masquerade, tt.metric)
+
+			if tt.expectedError && err == nil {
+				t.Fatalf("Expected an error, got nil")
+			}
+
+			if tt.expectedError == false {
+				if router == nil {
+					t.Fatalf("Expected a NetworkRouter object, got nil")
+				}
+
+				if router.AccountID != tt.accountID {
+					t.Errorf("Expected AccountID %s, got %s", tt.accountID, router.AccountID)
+				}
+
+				if router.NetworkID != tt.networkID {
+					t.Errorf("Expected NetworkID %s, got %s", tt.networkID, router.NetworkID)
+				}
+
+				if router.Peer != tt.peer {
+					t.Errorf("Expected Peer %s, got %s", tt.peer, router.Peer)
+				}
+
+				if len(router.PeerGroups) != len(tt.peerGroups) {
+					t.Errorf("Expected PeerGroups %v, got %v", tt.peerGroups, router.PeerGroups)
+				}
+
+				if router.Masquerade != tt.masquerade {
+					t.Errorf("Expected Masquerade %v, got %v", tt.masquerade, router.Masquerade)
+				}
+
+				if router.Metric != tt.metric {
+					t.Errorf("Expected Metric %d, got %d", tt.metric, router.Metric)
+				}
+			}
+		})
+	}
+}