* NM-195: add key tags info to posture check on join
* NM-195: add network user grps to posture check
* NM-195: add posture checks to middleware
* fix: return error when group network roles are set for specific networks and all networks;
* add all posture check to rsrc permission check func
* NM-202: fix egress domain routing
* fix: add username filter;
* feat: add fallback nameserver support;
* fix: add validation for pro as well;
* fix: skip fallback domains for user gws;
* fix: don't set domains for fallback dns servers;
* fix: validation fixes;
* fix: empty match domains for fallback nameservers;
---------
Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
* NM-195: add key tags info to posture check on join
* NM-195: add network user grps to posture check
* NM-195: add posture checks to middleware
* add all posture check to rsrc permission check func
* NM-195: cleanup deleted tags and user groups from posturechecks
* NM-195: add Nameserver to middleware
* NM-195: add key tags info to posture check on join
* NM-195: add network user grps to posture check
* NM-195: add posture checks to middleware
* add all posture check to rsrc permission check func
* NM-188: optimise user DB writes on migration
* NM-188: remove user migration debug logs
* NM-188: add debug logs for user migration funcs
* NM-188: fix migration bug
* NM-188: update migration comments in the test file
* NM-188: fix static checks
* fix: save acl src and dst;
* fix: check for all network access;
---------
Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
* NM-166: add device posture checks apis and logic
* NM-166: add severity level to posture check and api to fetch all available attributes
* NM-166: register posture check schema
* add periodic posture check evaluation of nodes
* NM-166: add os family and kernel version to host model for linux
* add posture check violations on host registration, api to fetch node violations
* NM-166: trigger posture checks on posture checks updates
* NM-166: add version clean func
* NM-166: add allowed values for posture check attributes to api
* NM-166: format violation messages
* NM-166: fix static check
* NM-166: fix static check
* NM-166: add OS info to update extclient api
* NM-166: add sysinfo funcs
* set if only new values are not empty
* format client location
* fix posture violation for static nodes
* skip non user nodes from posture checks
* NM-166: check posture checks by tags
* NM-166: set host location before posture check
* validate posture checks by OR condition
* run posture check violation on node update
* NM-166: allow join on unviolated networks
* NM-166: update response message when posture checks are violated
* NM-166: fix static check
* NM-166: add mutex for posture check runs
* NM-166: add OS family fields to api host model
* NM-166: run posture eval for gateway ops
* NM-166: add user groups to posture checks
* NM-166: add default all user grp
* NM-166: fix posture check eval for users
* NM-166: handle user nodes in the posture checks
* NM-166: fix posture check for new config
* NM-166: skip auto update check on users and show violation on disbaled static nodes
* NM-166: add min verison check for attr
* NM-166: fix static check
* NM-166: add default admin groups
* fix(go): prevent resetting user principal name;
* fix(go): user upn for get user and auth request;
* fix(go): unescape email before using;
* fix(go): use id as external idp id for google;
---------
Co-authored-by: Abhishek Kondur <abhi281342@gmail.com>
* feat(go): add user group as source to default network user acl;
* feat(go): handle "all_networks" network id when removing and cleaning up groups;
* feat(go): handle "all_networks" network id when updating groups;
* force update host dns field if node is acting as inet gw
* add old acl support checks
* move auto relay migration to pro pkg
* add check to avoid unsetting relayed node
* simplify auto assign gw logic
* send auto assign update on un relay
* set checking time to latest on updates
* fix HA auto Relay logic
* add relay node metrics to peer signal
* move auto relay peer check
* publish host peer update
* check and unset unrelayed auto peers
* use relay node mutex to avoid rac condition
* reset autorelayed peers on auto assign gw
* add auto realy handlers and logic funcs
* add pro func connectors
* Add auto relayed peer ips on peer update, set auto relay on gw creation
* add network id to signal, add autorelay nodes to peerudpate
* add autorelay peer update logic
* add nodes to peer update
* revert node model change
* reset auto relayed peers on the relay node on reset, add auto relay nodes to pull
* add logic api to update auto relay node
* add autoassigngw field to node, add logic to swith relay node in relayme udpate api
* add gw nodes to pull
* intilaise gw map
* HA relay functionality
* add autoassign gw option to enrollment key
* publish intant action to auto assign gw
* fix static checks
* unset relay if auto assign removed
* add host node model to auto relay info
* add host node model to auto relay info
* only use hostNode model for gws info
* handle autoassigned gw peer in the update
* handle autoassigned gw peer in the update
* handle peer updates for autoassigned gw peer
* unset auto assigned peer if relayed or failedovered
* enable egress routing peers with tags
* remove tag from egress when deleted
* fix egress tag functionality
* filter duplicate egress ips
* set default stun server if unset
* add version to status api
* sync deleted node udpate host deletion
* fix(go): prevent creating network with fully-masked cidr;
* fix(go): filter out static non-user nodes;
* fix(go): prevent creation of networks with only broadcast and network ip;
* fix(go): cleanup user and groups resources on idp sync;
* fix(go): add "$filter" only once;
* fix(go): add "$filter" only once;
* fix(go): add "$filter" only once;
* fix(go): escape "$filter";
* feat(go): assign synced group global user role id;
---------
Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
* fix(go): prevent creating network with fully-masked cidr;
* fix(go): filter out static non-user nodes;
* fix(go): prevent creation of networks with only broadcast and network ip;
* fix(go): cleanup user and groups resources on idp sync;
* fix(go): add "$filter" only once;
* fix(go): add "$filter" only once;
* fix(go): add "$filter" only once;
* fix(go): escape "$filter";
* feat(go): assign synced group global user role id;
* handle all resources tag on gw
* add egress domain ranges to node acls
* simplify extclient egress alloweips, handle nil acl rule
* fix static node status check for gw acls
* skip ns ip if contains network cidr
* skip ns ip if contains network cidr
* skip ns ip if contains network cidr
* fix(go): prevent creating network with fully-masked cidr;
* fix(go): filter out static non-user nodes;
* fix(go): prevent creation of networks with only broadcast and network ip;
* add support for egress domain routing
* add domain info to egress range
* fix egress domain update
* send peer update domain resolution update
* add egress domain update in the peer update
* use range field for domain check
* add egress domain to host pull
* add egress domain model to egress host update
* add egress domain model to egress host update
* update egress domain model on acls
* add check of range if domain is set
* sync egress domains to dns system
* add egress domain to match domain list, fix egress nat rule for domains
* fix all rsrcs comms
* fix static checks
* fix egress acls on CE
* check for all resources access on a node
* simplify egress acl rules
* merged ce and pro acl rule func
* fix uni direction acl rule for static nodes
* allow relayed nodes traffic
* resolve merge conflicts
* remove anywhere dst rule on user node acls
* fix: broadcast user groups update for acl changes
* add egress domain ans routes to nodes
* add egress ranges to DST
* add all egress ranges for all resources
* fix DNS routing acls rules
* fix(go): check for all networks access;
* fix(go): skip group on error;
* fix(go): stabilize get user remote access gw;
* fix(go): use existing extclient sort function;
---------
Co-authored-by: Abhishek K <abhi281342@gmail.com>
* fix all rsrcs comms
* fix static checks
* fix egress acls on CE
* check for all resources access on a node
* simplify egress acl rules
* merged ce and pro acl rule func
* fix uni direction acl rule for static nodes
* allow relayed nodes traffic
* remove anywhere dst rule on user node acls
* fix: broadcast user groups update for acl changes
* add egress ranges to DST
* add all egress ranges for all resources
* fix all rsrcs comms
* fix static checks
* fix egress acls on CE
* check for all resources access on a node
* simplify egress acl rules
* merged ce and pro acl rule func
* fix uni direction acl rule for static nodes
* allow relayed nodes traffic
* feat(go): prevent removing idp integration when oauth user is superadmin.
* feat(go): add suggestion for user;
* feat(go): remove usages of boolean fields on user;
* feat(go): set boolean fields correctly, but don't use;
* fix(go): static issues;
* feat(go): add suggestion for user;
* check for all network user groups on gateways selection
* check network admin policy for admins and superadmins
* auto create default group gateways policies
* publish peer update on user group updates
* update name for default group policy
