Merge branch 'main' into feature/flow

# Conflicts: # client/cmd/testutil_test.go # client/firewall/iptables/router_linux.go # client/firewall/nftables/router_linux.go # client/firewall/uspfilter/allow_netbird.go # client/firewall/uspfilter/allow_netbird_windows.go # client/firewall/uspfilter/uspfilter_test.go # client/internal/engine.go # client/internal/engine_test.go # client/server/server_test.go # go.mod # go.sum # management/client/client_test.go # management/cmd/management.go # management/proto/management.pb.go # management/proto/management.proto # management/server/account.go # management/server/account_test.go # management/server/dns_test.go # management/server/http/handler.go # management/server/http/testing/testing_tools/tools.go # management/server/integrations/port_forwarding/controller.go # management/server/management_proto_test.go # management/server/management_test.go # management/server/nameserver_test.go # management/server/peer.go # management/server/peer_test.go # management/server/route_test.go
2026-04-27 20:56:44 +00:00 · 2025-03-09 17:42:16 +01:00
parent 36da464413 fc1da94520
commit fd62665b1f
96 changed files with 6980 additions and 391 deletions
--- a/management/server/peer.go
+++ b/management/server/peer.go
@@ -346,6 +346,10 @@ func (am *DefaultAccountManager) DeletePeer(ctx context.Context, accountID, peer
 			return err
 		}

+		if err = am.validatePeerDelete(ctx, accountID, peerID); err != nil {
+			return err
+		}
+
 		updateAccountPeers, err = isPeerInActiveGroup(ctx, transaction, accountID, peerID)
 		if err != nil {
 			return err
@@ -371,6 +375,9 @@ func (am *DefaultAccountManager) DeletePeer(ctx context.Context, accountID, peer
 		eventsToStore, err = deletePeers(ctx, am, transaction, accountID, userID, []*nbpeer.Peer{peer})
 		return err
 	})
+	if err != nil {
+		return err
+	}

 	for _, storeEvent := range eventsToStore {
 		storeEvent()
@@ -1505,3 +1512,17 @@ func ConvertSliceToMap(existingLabels []string) map[string]struct{} {
 	}
 	return labelMap
 }
+
+// validatePeerDelete checks if the peer can be deleted.
+func (am *DefaultAccountManager) validatePeerDelete(ctx context.Context, accountId, peerId string) error {
+	linkedInIngressPorts, err := am.proxyController.IsPeerInIngressPorts(ctx, accountId, peerId)
+	if err != nil {
+		return err
+	}
+
+	if linkedInIngressPorts {
+		return status.Errorf(status.PreconditionFailed, "peer is linked to ingress ports: %s", peerId)
+	}
+
+	return nil
+}