sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-29 21:56:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,890 Commits 384 Branches 326 Tags
b0f5d78df13051eb0476e8ebbe69f2ce9e65eae8
Commit Graph

1101 Commits

Author SHA1 Message Date
Viktor Liu
7e683f79b7 Propagate IPv6 capability changes to other peers 2026-04-28 08:18:58 +02:00
Viktor Liu
612fe1cb32 Merge remote-tracking branch 'origin/main' into proto-ipv6-overlay 
# Conflicts:
#	management/server/route_test.go
#	management/server/types/account.go
#	management/server/types/account_test.go
#	management/server/types/networkmap_comparison_test.go
#	management/server/types/networkmap_golden_test.go
#	management/server/types/networkmapbuilder.go
 2026-04-28 07:44:06 +02:00
Vlad
154b81645a [management] removed legacy network map code (#5565) 2026-04-27 16:02:54 +02:00
Zoltan Papp
f732b01a05 [management] unify peer-update test timeout via constant (#5952) 
peerShouldReceiveUpdate waited 500ms for the expected update message,
and every outer wrapper across the management/server test suite paired
it with a 1s goroutine-drain timeout. Both were too tight for slower
CI runners (MySQL, FreeBSD, loaded sqlite), producing intermittent
"Timed out waiting for update message" failures in tests like
TestDNSAccountPeersUpdate, TestPeerAccountPeersUpdate, and
TestNameServerAccountPeersUpdate.

Introduce peerUpdateTimeout (5s) next to the helper and use it both in
the helper and in every outer wrapper so the two timeouts stay in sync.
Only runs down on failure; passing tests return as soon as the channel
delivers, so there is no slowdown on green runs.
 2026-04-23 21:19:21 +02:00
Pascal Fischer
fa0d58d093 [management] exclude peers for expiration job that have already been marked expired (#5970) 2026-04-23 16:01:54 +02:00
Vlad
b6038e8acd [management] refactor: changeable pat rate limiting (#5946) 2026-04-23 15:13:22 +02:00
Viktor Liu
e19d0c7d77 Merge branch 'main' into proto-ipv6-overlay 
# Conflicts:
#	client/firewall/iptables/manager_linux.go
#	client/firewall/nftables/manager_linux.go
#	client/firewall/nftables/router_linux.go
 2026-04-23 11:48:15 +02:00
Bethuel Mmbaga
57b23c5b25 [management] Propagate context changes to upstream middleware (#5956) 2026-04-21 23:06:52 +03:00
Vlad
eb3aa96257 [management] check policy for changes before actual db update (#5405) 2026-04-21 18:37:04 +02:00
Viktor Liu
0c9f4706b2 Merge branch 'main' into proto-ipv6-overlay 2026-04-17 05:45:43 +02:00
Nicolas Frati
8ae8f2098f [management] chores: fix lint error on google workspace (#5907) 
* chores: fix lint error on google workspace

* chores: updated google api dependency

* update google golang api sdk to latest
 2026-04-16 20:02:09 +02:00
Maycon Santos
53b04e512a [management] Reuse a single cache store across all management server consumers (#5889) 
* Add support for legacy IDP cache environment variable

* Centralize cache store creation to reuse a single Redis connection pool

Each cache consumer (IDP cache, token store, PKCE store, secrets manager,
EDR validator) was independently calling NewStore, creating separate Redis
clients with their own connection pools — up to 1400 potential connections
from a single management server process.

Introduce a shared CacheStore() singleton on BaseServer that creates one
store at boot and injects it into all consumers. Consumer constructors now
receive a store.StoreInterface instead of creating their own.

For Redis mode, all consumers share one connection pool (1000 max conns).
For in-memory mode, all consumers share one GoCache instance.

* Update management-integrations module to latest version

* sync go.sum

* Export `GetAddrFromEnv` to allow reuse across packages

* Update management-integrations module version in go.mod and go.sum

* Update management-integrations module version in go.mod and go.sum
 2026-04-16 16:04:53 +02:00
Bethuel Mmbaga
08f624507d [management] Enforce peer or peer groups requirement for network routers (#5894) 2026-04-16 13:12:19 +03:00
Pascal Fischer
c5623307cc [management] add context cancel monitoring (#5879) 2026-04-14 12:49:18 +02:00
Vlad
7f666b8022 [management] revert ctx dependency in get account with backpressure (#5878) 2026-04-14 12:16:03 +02:00
Viktor Liu
0a30b9b275 [management, proxy] Add CrowdSec IP reputation integration for reverse proxy (#5722) 2026-04-14 12:14:58 +02:00
Viktor Liu
2c792d12cc Merge remote-tracking branch 'origin/main' into proto-ipv6-overlay 2026-04-11 18:48:14 +02:00
Pascal Fischer
5259e5df51 [management] add domain and service cleanup migration (#5850) 2026-04-11 12:00:40 +02:00
Viktor Liu
762bf9fa4c Reduce cognitive complexity in DeleteAccount and getNetworkResourcesRoutesToSync 2026-04-10 17:25:08 +02:00
Pascal Fischer
cf86b9a528 [management] enable access log cleanup by default (#5842) 2026-04-10 17:07:27 +02:00
Viktor Liu
aa856357eb Merge remote-tracking branch 'origin/main' into proto-ipv6-overlay 
# Conflicts:
#	management/server/types/networkmap_components.go
 2026-04-10 15:21:52 +02:00
Viktor Liu
6f5c272e2a Revert "Reduce cognitive complexity in DeleteAccount and getNetworkResourcesRoutesToSync" 
This reverts commit 14a39f1236.
 2026-04-10 15:15:58 +02:00
Pascal Fischer
ee588e1536 Revert "[management] allow local routing peer resource (#5814)" (#5847) 2026-04-10 14:53:47 +02:00
Viktor Liu
14a39f1236 Reduce cognitive complexity in DeleteAccount and getNetworkResourcesRoutesToSync 
Extract deleteAccountUsers from DeleteAccount (complexity 21 -> ~14).
Extract processResourcePolicies and getResourcePolicyPeers from
getNetworkResourcesRoutesToSync (complexity 31 -> ~15).

Fixes SonarCloud S3776 violations.
 2026-04-10 13:43:16 +02:00
Viktor Liu
afa125641a Merge remote-tracking branch 'origin/main' into proto-ipv6-overlay 
# Conflicts:
#	management/server/types/networkmap_components.go
 2026-04-10 13:40:56 +02:00
Pascal Fischer
2a8aacc5c9 [management] allow local routing peer resource (#5814) 2026-04-10 13:08:21 +02:00
Pascal Fischer
15709bc666 [management] update account delete with proper proxy domain and service cleanup (#5817) 2026-04-10 13:08:04 +02:00
Viktor Liu
6c5ff88569 Return error from EncodePrefix instead of silently clamping bits 2026-04-10 06:51:55 +02:00
Viktor Liu
456298864c Merge remote-tracking branch 'origin/main' into proto-ipv6-overlay 
# Conflicts:
#	client/firewall/iptables/manager_linux.go
#	client/firewall/nftables/manager_linux.go
 2026-04-10 06:51:49 +02:00
Viktor Liu
a1cb952764 Reconcile IPv6 addresses on group membership changes (#5837) 2026-04-10 09:14:42 +08:00
Viktor Liu
f484835292 Use net.JoinHostPort and net.SplitHostPort for IPv6-safe host:port handling (#5836) 2026-04-10 09:10:57 +08:00
Pascal Fischer
ee343d5d77 [management] use sql null vars (#5844) 2026-04-09 18:12:38 +02:00
Viktor Liu
0cc90e2a8a Fix networkmap correctness test for netip.Addr Peer.IP type 2026-04-09 12:41:15 +02:00
Viktor Liu
ac816a8382 Merge remote-tracking branch 'origin/main' into proto-ipv6-overlay 2026-04-09 11:58:06 +02:00
Maycon Santos
099c493b18 [management] network map tests (#5795) 
* Add network map benchmark and correctness test files

* Add tests for network map components correctness and edge cases

* Skip benchmarks in CI and enhance network map test coverage with new helper functions

* Remove legacy network map benchmarks and tests; refactor components-based test coverage for clarity and scalability.
 2026-04-08 21:28:29 +02:00
Pascal Fischer
c1d1229ae0 [management] use NullBool for terminated flag (#5829) 2026-04-08 21:08:43 +02:00
Viktor Liu
a1e7db2713 [management] Add IPv6 overlay addressing and capability gating (#5698) 2026-04-08 16:40:51 +02:00
Viktor Liu
86f1b53bd4 Fix MySQL no-op update returning account not found in SaveAccountSettings 2026-04-08 07:55:05 +02:00
Viktor Liu
9592de1aac Merge remote-tracking branch 'origin/main' into proto-ipv6-overlay 
# Conflicts:
#	client/android/client.go
#	client/ssh/server/server.go
#	shared/management/proto/management.pb.go
 2026-04-07 18:35:13 +02:00
Viktor Liu
0588d2dbe1 [management] Load missing service columns in pgx account loader (#5816) 2026-04-07 14:56:56 +02:00
Pascal Fischer
14b3b77bda [management] validate permissions on groups read with name (#5749) 2026-04-07 14:13:09 +02:00
Bethuel Mmbaga
9d1a37c644 [management,client] Revert gRPC client secret removal (#5781) 
* This reverts commit e5914e4e8b

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* Deprecate client secret in proto

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* Fix lint

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

---------

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
 2026-04-02 18:21:00 +02:00
Viktor Liu
5bf2372c4d [management] Fix L4 service creation deadlock on single-connection databases (#5779) 2026-04-02 14:46:14 +02:00
Bethuel Mmbaga
c2c6396a04 [management] Allow updating embedded IdP user name and email (#5721) 2026-04-02 13:02:10 +03:00
Vlad
d97fe84296 [management] fix race condition in the setup flow that enables creation of multiple owner users (#5754) 2026-04-01 16:25:35 +02:00
shuuri-labs
940f530ac2 [management] Legacy to embedded IdP migration tool (#5586) 2026-04-01 13:53:19 +02:00
Vlad
5ae986e1c4 [management] fix panic on management reboot (#5759) 2026-04-01 12:31:30 +02:00
Bethuel Mmbaga
e5914e4e8b [management,client] Remove client secret from gRPC auth flow (#5751) 
Remove client secret from gRPC auth flow. The secret was originally included to support providers like Google Workspace that don't offer a proper PKCE flow, but this is no longer necessary with the embedded IdP. Deployments using such providers should migrate to the embedded IdP instead.
 2026-03-31 18:50:49 +03:00
Pascal Fischer
c238f5425f [management] proper module permission validation for posture check delete (#5742) 2026-03-31 16:43:49 +02:00
Pascal Fischer
3c3097ea74 [management] add target user account validation (#5741) 2026-03-31 16:43:16 +02:00