* feat(go): add user group as source to default network user acl;
* feat(go): handle "all_networks" network id when removing and cleaning up groups;
* feat(go): handle "all_networks" network id when updating groups;
* force update host dns field if node is acting as inet gw
* add old acl support checks
* move auto relay migration to pro pkg
* add check to avoid unsetting relayed node
* simplify auto assign gw logic
* send auto assign update on un relay
* set checking time to latest on updates
* fix HA auto Relay logic
* add relay node metrics to peer signal
* move auto relay peer check
* publish host peer update
* check and unset unrelayed auto peers
* use relay node mutex to avoid rac condition
* reset autorelayed peers on auto assign gw
* add auto realy handlers and logic funcs
* add pro func connectors
* Add auto relayed peer ips on peer update, set auto relay on gw creation
* add network id to signal, add autorelay nodes to peerudpate
* add autorelay peer update logic
* add nodes to peer update
* revert node model change
* reset auto relayed peers on the relay node on reset, add auto relay nodes to pull
* add logic api to update auto relay node
* add autoassigngw field to node, add logic to swith relay node in relayme udpate api
* add gw nodes to pull
* intilaise gw map
* HA relay functionality
* add autoassign gw option to enrollment key
* publish intant action to auto assign gw
* fix static checks
* unset relay if auto assign removed
* add host node model to auto relay info
* add host node model to auto relay info
* only use hostNode model for gws info
* handle autoassigned gw peer in the update
* handle autoassigned gw peer in the update
* handle peer updates for autoassigned gw peer
* unset auto assigned peer if relayed or failedovered
* enable egress routing peers with tags
* remove tag from egress when deleted
* fix egress tag functionality
* filter duplicate egress ips
* set default stun server if unset
* add version to status api
* sync deleted node udpate host deletion
* fix(go): prevent creating network with fully-masked cidr;
* fix(go): filter out static non-user nodes;
* fix(go): prevent creation of networks with only broadcast and network ip;
* fix(go): cleanup user and groups resources on idp sync;
* fix(go): add "$filter" only once;
* fix(go): add "$filter" only once;
* fix(go): add "$filter" only once;
* fix(go): escape "$filter";
* feat(go): assign synced group global user role id;
---------
Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
* fix(go): prevent creating network with fully-masked cidr;
* fix(go): filter out static non-user nodes;
* fix(go): prevent creation of networks with only broadcast and network ip;
* fix(go): cleanup user and groups resources on idp sync;
* fix(go): add "$filter" only once;
* fix(go): add "$filter" only once;
* fix(go): add "$filter" only once;
* fix(go): escape "$filter";
* feat(go): assign synced group global user role id;
* handle all resources tag on gw
* add egress domain ranges to node acls
* simplify extclient egress alloweips, handle nil acl rule
* fix static node status check for gw acls
* skip ns ip if contains network cidr
* skip ns ip if contains network cidr
* skip ns ip if contains network cidr
* fix(go): prevent creating network with fully-masked cidr;
* fix(go): filter out static non-user nodes;
* fix(go): prevent creation of networks with only broadcast and network ip;
* add support for egress domain routing
* add domain info to egress range
* fix egress domain update
* send peer update domain resolution update
* add egress domain update in the peer update
* use range field for domain check
* add egress domain to host pull
* add egress domain model to egress host update
* add egress domain model to egress host update
* update egress domain model on acls
* add check of range if domain is set
* sync egress domains to dns system
* add egress domain to match domain list, fix egress nat rule for domains
* fix all rsrcs comms
* fix static checks
* fix egress acls on CE
* check for all resources access on a node
* simplify egress acl rules
* merged ce and pro acl rule func
* fix uni direction acl rule for static nodes
* allow relayed nodes traffic
* resolve merge conflicts
* remove anywhere dst rule on user node acls
* fix: broadcast user groups update for acl changes
* add egress domain ans routes to nodes
* add egress ranges to DST
* add all egress ranges for all resources
* fix DNS routing acls rules
* fix(go): check for all networks access;
* fix(go): skip group on error;
* fix(go): stabilize get user remote access gw;
* fix(go): use existing extclient sort function;
---------
Co-authored-by: Abhishek K <abhi281342@gmail.com>
* fix all rsrcs comms
* fix static checks
* fix egress acls on CE
* check for all resources access on a node
* simplify egress acl rules
* merged ce and pro acl rule func
* fix uni direction acl rule for static nodes
* allow relayed nodes traffic
* remove anywhere dst rule on user node acls
* fix: broadcast user groups update for acl changes
* add egress ranges to DST
* add all egress ranges for all resources
* fix all rsrcs comms
* fix static checks
* fix egress acls on CE
* check for all resources access on a node
* simplify egress acl rules
* merged ce and pro acl rule func
* fix uni direction acl rule for static nodes
* allow relayed nodes traffic
* feat(go): prevent removing idp integration when oauth user is superadmin.
* feat(go): add suggestion for user;
* feat(go): remove usages of boolean fields on user;
* feat(go): set boolean fields correctly, but don't use;
* fix(go): static issues;
* feat(go): add suggestion for user;
* check for all network user groups on gateways selection
* check network admin policy for admins and superadmins
* auto create default group gateways policies
* publish peer update on user group updates
* update name for default group policy
* feat(go): cleanup user extclients;
1. On disabling a user, remove all their extclients.
2. Add comments and rename variables to clarify the user group extclient cleanup function.
* feat(go): add checks for disable and enable user api;
* feat(go): refactor extclient cleanup on group network roles changes;
* feat(go): delete extclient on user group membership changes;
* user policies fix
* fix user acl rules for all resources tag
* handle relayed comms via gateway with active acl policies
* fix static node comms to all resources
* feat(go): create default acl only for networks that are part of the group;
* feat(go): update acls on user group update and delete;
* feat(go): add migration for existing acls.
* feat(go): check for network roles in migration.
* fix(go): permissions for network graph;
* fix(go): allow platform user to get network graph;
* feat(go): allow read only access to host resource to network users.
* feat(go): remove specific check for hosts resource.
