netbird

mirror of https://github.com/netbirdio/netbird.git synced 2026-05-13 12:19:54 +00:00

Author	SHA1	Message	Date
pascal	40e6ec16c6	log	2026-05-07 17:36:09 +02:00
pascal	ec476d5072	extend logging	2026-05-07 16:55:45 +02:00
pascal	3a95f39f2c	Merge branch 'main' into feature/affected-peers # Conflicts: # management/server/group.go # management/server/peer.go	2026-05-07 12:28:51 +02:00
Viktor Liu	205ebcfda2	[management, client] Add IPv6 overlay support (#5631 )	2026-05-07 11:33:37 +02:00
Pascal Fischer	f29f5a0978	[management] add monitoring for nmap update source (#6036 )	2026-04-30 14:52:54 +02:00
pascal	26d778374b	clean comments	2026-04-28 16:56:34 +02:00
pascal	cefb37e920	affected filtering on peers update	2026-04-28 13:48:01 +02:00
pascal	285bbc5ffb	calculate affected peers	2026-04-27 17:49:12 +02:00
Pascal Fischer	14b3b77bda	[management] validate permissions on groups read with name (#5749 )	2026-04-07 14:13:09 +02:00
Bethuel Mmbaga	afe6d9fca4	[management] Prevent deletion of groups linked to flow groups (#5439 )	2026-02-24 21:19:43 +03:00
Pascal Fischer	7ac65bf1ad	[management] Fix/delete groups without lock (#5012 )	2025-12-31 11:53:20 +01:00
Pascal Fischer	cc97cffff1	[management] move network map logic into new design (#4774 )	2025-11-13 12:09:46 +01:00
Vlad	6aa4ba7af4	[management] incremental network map builder (#4753 )	2025-11-07 10:44:46 +01:00
Pascal Fischer	5c29d395b2	[management] activity events on group updates (#4750 )	2025-11-06 12:51:14 +01:00
Pascal Fischer	dbefa8bd9f	[management] remove lock and continue user update on failure (#4410 )	2025-08-28 17:50:12 +02:00
Pascal Fischer	3488a516c9	[management] Move increment network serial as last step of each transaction (#4397 )	2025-08-25 17:27:07 +02:00
Pascal Fischer	28bef26537	[management] Remove Store Locks 2 (#4385 )	2025-08-21 12:23:49 +02:00
Pascal Fischer	5860e5343f	[management] Rework DB locks (#4291 )	2025-08-06 18:55:14 +02:00
Viktor Liu	abd152ee5a	[misc] Separate shared code dependencies (#4288 ) * Separate shared code dependencies * Fix import * Test respective shared code * Update openapi ref * Fix test * Fix test path	2025-08-05 18:34:41 +02:00
Pascal Fischer	552dc60547	[management] migrate group peers into seperate table (#4096 )	2025-08-01 12:22:07 +02:00
Bethuel Mmbaga	7c6b85b4cb	[management] Refactor routes to use store methods (#2928 )	2025-06-18 16:40:29 +03:00
Pedro Maia Costa	5bed6777d5	[management] force account id on save groups update (#3850 )	2025-05-23 14:42:42 +01:00
Pascal Fischer	312bfd9bd7	[management] support custom domains per account (#3726 )	2025-04-23 19:36:53 +02:00
Pascal Fischer	e0b33d325d	[management] permissions manager use crud operations (#3690 )	2025-04-16 17:25:03 +02:00
Pascal Fischer	5ea2806663	[management] use permission modules (#3622 )	2025-04-10 11:06:52 +02:00
Pedro Maia Costa	cbec7bda80	[management] permission manager validate account access (#3444 )	2025-03-30 17:08:22 +02:00
Bethuel Mmbaga	34d86c5ab8	[management] Sync account peers on network router group changes (#3573 ) - Updates account peers when a group linked to a network router is modified - Prevents group deletion if it's still being used by any network router	2025-03-27 12:19:22 +01:00
Pascal Fischer	c6f7a299a9	[management] fix groups delete and resource create and update error response (#3189 )	2025-01-16 13:39:15 +01:00
Bethuel Mmbaga	445b626dc8	[management] Add missing group usage checks for network resources and routes access control (#3117 ) * Prevent deletion of groups linked to routes access control groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Prevent deletion of groups linked to network resource Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-12-27 14:39:34 +03:00
Viktor Liu	ddc365f7a0	[client, management] Add new network concept (#3047 ) --------- Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com> Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>	2024-12-20 11:30:28 +01:00
Bethuel Mmbaga	ca12bc6953	[management] Refactor posture check to use store methods (#2874 )	2024-11-25 16:26:24 +01:00
Bethuel Mmbaga	12f442439a	[management] Refactor group to use store methods (#2867 ) * Refactor setup key handling to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add lock to get account groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add check for regular user Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * get only required groups for auto-group validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add account lock and return auto groups map on validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor account peers update Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor groups to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor GetGroupByID and add NewGroupNotFoundError Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add AddPeer and RemovePeer methods to Group struct Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Preserve store engine in SqlStore transactions Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Run groups ops in transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix missing group removed from setup key activity Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix sonar Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Change setup key log level to debug for missing group Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve modified peers once for group events Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add account locking and merge group deletion methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-11-15 20:09:32 +03:00
Pascal Fischer	44e799c687	[management] Fix limited peer view groups (#2894 )	2024-11-15 11:16:16 +01:00
Bethuel Mmbaga	6cb697eed6	[management] Refactor setup key to use store methods (#2861 ) * Refactor setup key handling to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add lock to get account groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add check for regular user Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * get only required groups for auto-group validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add account lock and return auto groups map on validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix missing group removed from setup key activity Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Remove context from DB queries Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add user permission check and add setup events into events to store slice Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve all groups once during setup key auto-group validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix sonar Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-11-11 19:46:10 +03:00
Bethuel Mmbaga	7bda385e1b	[management] Optimize network map updates (#2718 ) * Skip peer update on unchanged network map (#2236) * Enhance network updates by skipping unchanged messages Optimizes the network update process by skipping updates where no changes in the peer update message received. * Add unit tests * add locks * Improve concurrency and update peer message handling * Refactor account manager network update tests * fix test * Fix inverted network map update condition * Add default group and policy to test data * Run peer updates in a separate goroutine * Refactor * Refactor lock * Fix peers update by including NetworkMap and posture Checks * go mod tidy * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Skip account peers update if no changes affect peers (#2310) * Remove incrementing network serial and updating peers after group deletion * Update account peer if posture check is linked to policy * Remove account peers update on saving setup key * Refactor group link checking into re-usable functions * Add HasPeers function to group * Refactor group management * Optimize group change effects on account peers * Update account peers if ns group has peers * Refactor group changes * Optimize account peers update in DNS settings * Optimize update of account peers on jwt groups sync * Refactor peer account updates for efficiency * Optimize peer update on user deletion and changes * Remove condition check for network serial update * Optimize account peers updates on route changes * Remove UpdatePeerSSHKey method * Remove unused isPolicyRuleGroupsEmpty * Add tests for peer update behavior on posture check changes * Add tests for peer update behavior on policy changes * Add tests for peer update behavior on group changes * Add tests for peer update behavior on dns settings changes * Refactor * Add tests for peer update behavior on name server changes * Add tests for peer update behavior on user changes * Add tests for peer update behavior on route changes * fix tests * Add tests for peer update behavior on setup key changes * Add tests for peer update behavior on peers changes * fix merge * Fix tests * go mod tidy * Add NameServer and Route comparators * Update network map diff logic with custom comparators * Add tests * Refactor duplicate diff handling logic * fix linter * fix tests * Refactor policy group handling and update logic. Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update route check by checking if group has peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor posture check policy linking logic Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Simplify peer update condition in DNS management Refactor the condition for updating account peers to remove redundant checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add policy tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add posture checks tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix user and setup key tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix account and route tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix typo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix nameserver tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix routes tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix group tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * upgrade diff package Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix nameserver tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * use generic differ for netip.Addr and netip.Prefix Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * go mod tidy Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add peer tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix management suite tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix postgres tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * enable diff nil structs comparison Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip the update only last sent the serial is larger Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor peer and user Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip spell check for groupD Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor group, ns group, policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip spell check for GroupD Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update account policy check before verifying policy status Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Update management/server/route_test.go Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * add tests missing tests for dns setting groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add tests for posture checks changes Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add ns group and policy tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add route and group tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * increase Linux test timeout to 10 minutes Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Run diff for client posture checks only Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add panic recovery and detailed logging in peer update comparison Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>	2024-10-23 13:05:02 +03:00
Bethuel Mmbaga	acb73bd64a	[management] Remove redundant get account calls in GetAccountFromToken (#2615 ) * refactor access control middleware and user access by JWT groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor jwt groups extractor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to get account when necessary Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * revert handles change Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove GetUserByID from account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims to return account id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to use GetAccountIDFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByName from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByID from store and refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor retrieval of policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user permissions and retrieves PAT Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor route, setupkey, nameserver and dns to get record(s) from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix add missing policy source posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add store lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add get account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-27 17:10:50 +03:00
Bethuel Mmbaga	0911163146	Add batch delete for groups and users (#2370 ) * Refactor user deletion logic and introduce batch delete * Prevent self-deletion for users * Add delete multiple groups * Refactor group deletion with validation * Fix tests * Add bulk delete functions for Users and Groups in account manager interface and mocks * Add tests for DeleteGroups method in group management * Add tests for DeleteUsers method in users management	2024-08-08 18:01:38 +03:00
Bethuel Mmbaga	c832cef44c	Update SaveUsers and SaveGroups to SaveAccount (#2362 ) Changed SaveUsers and SaveGroups method calls to SaveAccount for consistency in data persistence operations.	2024-07-31 19:48:12 +03:00
Maycon Santos	165988429c	Add write lock for peer when saving its connection status (#2359 )	2024-07-31 14:53:32 +02:00
Bethuel Mmbaga	1537b0f5e7	Add batch save/update for groups and users (#2245 ) * Add functionality to update multiple users * Remove SaveUsers from DefaultAccountManager * Add SaveGroups method to AccountManager interface * Refactoring * Add SaveUsers and SaveGroups methods to store interface * Refactor method SaveAccount to SaveUsers and SaveGroups The method SaveAccount in user.go and group.go files was split into two separate methods. Now, user-specific data is handled by SaveUsers and group-specific data is handled by SaveGroups method. This provides a cleaner and more efficient way to save user and group data. * Add account ID to user and group in SqlStore * Refactor SaveUsers and SaveGroups in store * Remove unnecessary ID assignment in SaveUsers and SaveGroups	2024-07-15 17:04:06 +03:00
pascal-fischer	765aba2c1c	Add context to throughout the project and update logging (#2209 ) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>	2024-07-03 11:33:02 +02:00
Maycon Santos	d4c47eaf8a	Don't allow delete group from peer groups (#2055 )	2024-05-27 11:06:43 +02:00
pascal-fischer	2e0047daea	Improve Sync performance (#1901 )	2024-05-07 14:30:03 +02:00
Viktor Liu	4e7c17756c	Refactor Route IDs (#1891 )	2024-05-06 14:47:49 +02:00
Zoltan Papp	2d76b058fc	Feature/peer validator (#1553 ) Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action	2024-03-27 18:48:48 +01:00
pascal-fischer	ea2d060f93	Add limited dashboard view (#1738 )	2024-03-27 16:11:45 +01:00
Misha Bragin	abd57d1191	Avoid creating duplicate groups with the same name (#1579 ) Avoid creating groups with the same name via API calls. JWT and integrations still allowed to register groups with duplicated names	2024-03-17 11:13:39 +01:00
Maycon Santos	e890fdae54	Return error when peer is not valid (#1573 ) Fix count with invalid peers	2024-02-13 10:59:31 +01:00
pascal-fischer	131d9f1bc7	Add getGroupByName method (#1481 ) * add get group by name method to account manager * remove contains function and add proper description for GetGroupByName method * add to mock server	2024-01-19 15:41:27 +01:00
Maycon Santos	d7efea74b6	add owner role support (#1340 ) This PR adds support to Owner roles. The owner role has a similar access level as the admin, but it has the power to delete the account. Besides that, the role has the following constraints: - The role can only be transferred. So, only a user with the owner role can transfer the owner role to a new user - It can't be assigned to users being invited - It can't be assigned to service users	2023-12-01 17:24:57 +01:00

1 2

72 Commits