Merge branch 'main' into feature/flow

# Conflicts: # client/cmd/testutil_test.go # client/firewall/iptables/router_linux.go # client/firewall/nftables/router_linux.go # client/firewall/uspfilter/allow_netbird.go # client/firewall/uspfilter/allow_netbird_windows.go # client/firewall/uspfilter/uspfilter_test.go # client/internal/engine.go # client/internal/engine_test.go # client/server/server_test.go # go.mod # go.sum # management/client/client_test.go # management/cmd/management.go # management/proto/management.pb.go # management/proto/management.proto # management/server/account.go # management/server/account_test.go # management/server/dns_test.go # management/server/http/handler.go # management/server/http/testing/testing_tools/tools.go # management/server/integrations/port_forwarding/controller.go # management/server/management_proto_test.go # management/server/management_test.go # management/server/nameserver_test.go # management/server/peer.go # management/server/peer_test.go # management/server/route_test.go
2026-05-16 05:39:56 +00:00 · 2025-03-09 17:42:16 +01:00
parent 36da464413 fc1da94520
commit fd62665b1f
96 changed files with 6980 additions and 391 deletions
--- a/management/server/integrations/port_forwarding/controller.go
+++ b/management/server/integrations/port_forwarding/controller.go
@@ -9,6 +9,7 @@ import (
 type Controller interface {
 	SendUpdate(ctx context.Context, accountID string, affectedProxyID string, affectedPeerIDs []string)
 	GetProxyNetworkMaps(ctx context.Context, accountID string) (map[string]*nbtypes.NetworkMap, error)
+	IsPeerInIngressPorts(ctx context.Context, accountID, peerID string) (bool, error)
 }

 type ControllerMock struct {
@@ -25,3 +26,7 @@ func (c *ControllerMock) SendUpdate(ctx context.Context, accountID string, affec
 func (c *ControllerMock) GetProxyNetworkMaps(ctx context.Context, accountID string) (map[string]*nbtypes.NetworkMap, error) {
 	return make(map[string]*nbtypes.NetworkMap), nil
 }
+
+func (c *ControllerMock) IsPeerInIngressPorts(ctx context.Context, accountID, peerID string) (bool, error) {
+	return false, nil
+}
--- a/management/server/management_proto_test.go
+++ b/management/server/management_proto_test.go
@@ -20,7 +20,7 @@ import (
 	"google.golang.org/grpc/keepalive"

 	"github.com/netbirdio/netbird/encryption"
-	"github.com/netbirdio/netbird/formatter"
+	"github.com/netbirdio/netbird/formatter/hook"
 	mgmtProto "github.com/netbirdio/netbird/management/proto"
 	nbAccount "github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/activity"
@@ -426,7 +426,7 @@ func startManagementForTest(t *testing.T, testFile string, config *Config) (*grp
 	peersUpdateManager := NewPeersUpdateManager(nil)
 	eventStore := &activity.InMemoryEventStore{}

-	ctx := context.WithValue(context.Background(), formatter.ExecutionContextKey, formatter.SystemSource) //nolint:staticcheck
+	ctx := context.WithValue(context.Background(), hook.ExecutionContextKey, hook.SystemSource) //nolint:staticcheck

 	metrics, err := telemetry.NewDefaultAppMetrics(context.Background())
 	require.NoError(t, err)
--- a/management/server/peer.go
+++ b/management/server/peer.go
@@ -346,6 +346,10 @@ func (am *DefaultAccountManager) DeletePeer(ctx context.Context, accountID, peer
 			return err
 		}

+		if err = am.validatePeerDelete(ctx, accountID, peerID); err != nil {
+			return err
+		}
+
 		updateAccountPeers, err = isPeerInActiveGroup(ctx, transaction, accountID, peerID)
 		if err != nil {
 			return err
@@ -371,6 +375,9 @@ func (am *DefaultAccountManager) DeletePeer(ctx context.Context, accountID, peer
 		eventsToStore, err = deletePeers(ctx, am, transaction, accountID, userID, []*nbpeer.Peer{peer})
 		return err
 	})
+	if err != nil {
+		return err
+	}

 	for _, storeEvent := range eventsToStore {
 		storeEvent()
@@ -1505,3 +1512,17 @@ func ConvertSliceToMap(existingLabels []string) map[string]struct{} {
 	}
 	return labelMap
 }
+
+// validatePeerDelete checks if the peer can be deleted.
+func (am *DefaultAccountManager) validatePeerDelete(ctx context.Context, accountId, peerId string) error {
+	linkedInIngressPorts, err := am.proxyController.IsPeerInIngressPorts(ctx, accountId, peerId)
+	if err != nil {
+		return err
+	}
+
+	if linkedInIngressPorts {
+		return status.Errorf(status.PreconditionFailed, "peer is linked to ingress ports: %s", peerId)
+	}
+
+	return nil
+}
--- a/management/server/telemetry/http_api_metrics.go
+++ b/management/server/telemetry/http_api_metrics.go
@@ -13,7 +13,7 @@ import (
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/metric"

-	"github.com/netbirdio/netbird/formatter"
+	"github.com/netbirdio/netbird/formatter/hook"
 	nbContext "github.com/netbirdio/netbird/management/server/context"
 )

@@ -167,7 +167,7 @@ func (m *HTTPMiddleware) Handler(h http.Handler) http.Handler {
 		reqStart := time.Now()

 		//nolint
-		ctx := context.WithValue(r.Context(), formatter.ExecutionContextKey, formatter.HTTPSource)
+		ctx := context.WithValue(r.Context(), hook.ExecutionContextKey, hook.HTTPSource)

 		reqID := uuid.New().String()
 		//nolint