* add list roles to pro and ce
* if not pro set user role to admin
* validate update user
* add separate validation check for password on update
* remove validate check
* fix github SSO with invite signup
* add oauth scopes for user email
* remove debug log
* fix azure ad
* add list roles to pro and ce
* if not pro set user role to admin
* validate update user
* add separate validation check for password on update
* remove validate check
* fix github SSO with invite signup
* generalise smtp config
* copy over smtp vars
* env new line
* fix master key api access
* comment user tests
* fix network and user invite for master key access
* remove email sender type
* user mgmt commands
* check user role on CE
* user role nmtcl cmds
* user groups commands
* fix role and groups command
* fix user create cmd
* add usage info
* rm user role check
* fix user update cmd
* fix static check
* add backwards comptability support for extclient api for mobile
* rm debug logs
* set frontend url from base domain if empty
* generalise smtp config
* copy over smtp vars
* env new line
* fix master key api access
* comment user tests
* fix network and user invite for master key access
* remove email sender type
* generalise smtp config
* copy over smtp vars
* env new line
* fix master key api access
* comment user tests
* fix network and user invite for master key access
* user mgmt models
* define user roles
* define models for new user mgmt and groups
* oauth debug log
* initialize user role after db conn
* print oauth token in debug log
* user roles CRUD apis
* user groups CRUD Apis
* additional api checks
* add additional scopes
* add additional scopes url
* add additional scopes url
* rm additional scopes url
* setup middlleware permission checks
* integrate permission check into middleware
* integrate permission check into middleware
* check for headers for subjects
* refactor user role models
* refactor user groups models
* add new user to pending user via RAC login
* untracked
* allow multiple groups for an user
* change json tag
* add debug headers
* refer network controls form roles, add debug headers
* refer network controls form roles, add debug headers
* replace auth checks, add network id to role model
* nodes handler
* migration funcs
* invoke sync users migration func
* add debug logs
* comment middleware
* fix get all nodes api
* add debug logs
* fix middleware error nil check
* add new func to get username from jwt
* fix jwt parsing
* abort on error
* allow multiple network roles
* allow multiple network roles
* add migration func
* return err if jwt parsing fails
* set global check to true when accessing user apis
* set netid for acls api calls
* set netid for acls api calls
* update role and groups routes
* add validation checks
* add invite flow apis and magic links
* add invited user via oauth signup automatically
* create invited user on oauth signup, with groups in the invite
* add group validation for user invite
* update create user handler with new role mgmt
* add validation checks
* create user invites tables
* add error logging for email invite
* fix invite singup url
* debug log
* get query params from url
* get query params from url
* add query escape
* debug log
* debug log
* fix user signup via invite api
* set admin field for backward compatbility
* use new role id for user apis
* deprecate use of old admin fields
* deprecate usage of old user fields
* add user role as service user if empty
* setup email sender
* delete invite after user singup
* add plaform user role
* redirect on invite verification link
* fix invite redirect
* temporary redirect
* fix invite redirect
* point invite link to frontend
* fix query params lookup
* add resend support, configure email interface types
* fix groups and user creation
* validate user groups, add check for metrics api in middleware
* add invite url to invite model
* migrate rac apis to new user mgmt
* handle network nodes
* add platform user to default role
* fix user role migration
* add default on rag creation and cleanup after deletion
* fix rac apis
* change to invite code param
* filter nodes and hosts based on user network access
* extend create user group req to accomodate users
* filter network based on user access
* format oauth error
* move user roles and groups
* fix get user v1 api
* move user mgmt func to pro
* add user auth type to user model
* fix roles init
* remove platform role from group object
* list only platform roles
* add network roles to invite req
* create default groups and roles
* fix middleware for global access
* create default role
* fix nodes filter with global network roles
* block selfupdate of groups and network roles
* delete netID if net roles are empty
* validate user roles nd groups on update
* set extclient permission scope when rag vpn access is set
* allow deletion of roles and groups
* replace _ with - in role naming convention
* fix failover middleware mgmt
* format oauth templates
* fetch route temaplate
* return err if user wrong login type
* check user groups on rac apis
* fix rac apis
* fix resp msg
* add validation checks for admin invite
* return oauth type
* format group err msg
* fix html tag
* clean up default groups
* create default rag role
* add UI name to roles
* remove default net group from user when deleted
* reorder migration funcs
* fix duplicacy of hosts
* check old field for migration
* from pro to ce make all secondary users admins
* from pro to ce make all secondary users admins
* revert: from pro to ce make all secondary users admins
* make sure downgrades work
* fix pending users approval
* fix duplicate hosts
* fix duplicate hosts entries
* fix cache reference issue
* feat: configure FRONTEND_URL during installation
* disable user vpn access when network roles are modified
* rm vpn acces when roles or groups are deleted
* add http to frontend url
* revert crypto version
* downgrade crytpo version
* add platform id check on user invites
---------
Co-authored-by: the_aceix <aceixsmartx@gmail.com>
* NET-1440 scale test changes
* fix UT error and add error info
* load metric data into cacha in startup
* remove debug info for metric
* add server telemetry and hasSuperAdmin to cache
* fix user UT case
* update sqlite connection string for performance
* update check-in TS in cache only if cache enabled
* update metric data in cache only if cache enabled and write to DB once in stop
* update server status in mq topic
* add failover existed to server status update
* only send mq messsage when there is server status change
* batch peerUpdate
* code changes for scale for review
* update UT case
* update mq client check
* mq connection code change
* revert server status update changes
* revert batch peerUpdate
* remove server status update info
* batch peerUpdate
* code changes based on review and setupmqtt in keepalive
* set the mq message order to false for PIN
* remove setupmqtt in keepalive
* add peerUpdate batch size to config
* update batch peerUpdate
* recycle ip in node deletion
* update ip allocation logic
* remove ip addr cap
* remove ippool file
* update get extClient func
* remove ip from cache map when extClient is removed
* add batch peerUpdate switch
* set batch peerUpdate to true by default
---------
Co-authored-by: Max Ma <mayabin@gmail.com>
* NET-1440 scale test changes
* fix UT error and add error info
* load metric data into cacha in startup
* remove debug info for metric
* add server telemetry and hasSuperAdmin to cache
* fix user UT case
* update sqlite connection string for performance
* update check-in TS in cache only if cache enabled
* update metric data in cache only if cache enabled and write to DB once in stop
* update server status in mq topic
* add failover existed to server status update
* only send mq messsage when there is server status change
* batch peerUpdate
* code changes for scale for review
* update UT case
* update mq client check
* mq connection code change
* revert server status update changes
* revert batch peerUpdate
* remove server status update info
* code changes based on review and setupmqtt in keepalive
* set the mq message order to false for PIN
* remove setupmqtt in keepalive
* recycle ip in node deletion
* update ip allocation logic
* remove ip addr cap
* remove ippool file
* update get extClient func
* remove ip from cache map when extClient is removed
* New Docs
CSS update and Dockerfile to include docs folder
flash of unrendered text fix
markdown docs
ignore docs/docs.go
improving the docs generation
github actions for docs generation
go runner version fix
updated docs.yml
update repo action updated
updated actions and dns docs
dns complete
More docs update
Complete docs and updated workflow
Update documentation Tue Aug 6 11:17:42 UTC 2024
Update documentation Thu Aug 8 12:26:57 UTC 2024
clean up
clean up
Dockerfile clean up
Updated workflow
Updated workflow
Update docs.yml
Update docs.yml
* requested changes
* changed ingress gateway to remote access gateway
* add api to check if failover node existed
* remove 5 minute peerUpdate
* update peerUpdate to trigger pull
* update Action name to SignalPull
* revert the peerUpdate from SignalPull
* fix getfailover error issue
* rm acls creation for on-prem emqx
* remove use of acls
* add additional broker status field on status api
* NET-1165: Remove creation of acls on emqx (#2996)
* rm acls creation for on-prem emqx
* remove use of acls
* add additional broker status field on status api
* comment out mq reconnect logic
* configure mq conn params
* add metric_interval in ENV for publishing metrics
* add metric_interval in ENV for publishing metrics
* update PUBLISH_METRIC_INTERVAL env name
* revert the mq setttings back
* fix error nil issue
---------
Co-authored-by: abhishek9686 <abhi281342@gmail.com>
Co-authored-by: Abhishek K <32607604+abhishek9686@users.noreply.github.com>
* add additional checks to avoid failovers
* add failover defence check on signal handler
* only add check for victim node
* avoid failover reset on pull
* add relayed for failoverme
* misc changes for failover
* remove resetfailoverpeers for InetNode
* add egress route back to allowedip list if relayed is egressGW
* add extclient back to allowedip list if peer is ingressGW
* reset failover on pull
---------
Co-authored-by: Max Ma <mayabin@gmail.com>
* move oauth from CE build block to pro
* move oauth code and api handler under pro
* move common func back to auth from pro/auth
* change log level to Info for information logs
* fix import issue
* exclude IngressGW in failover
* resetfailoverpeer when adding IngressGw if failover enabled
* exclude InetGW in failover
* get egress ranges of failedover peer
---------
Co-authored-by: abhishek9686 <abhi281342@gmail.com>
* add additional mutex lock on node acls func
* increase verbosity
* disable acls on cloud emqx
* add emqx creds creation to go routine
* add debug log of mq client id
* comment port check
* uncomment port check
* check for connection mq connection open
* use username for client id
* add write mutex on acl is allowed
* add mq connection lost handler on server
* spin off zombie init as go routine
* get whole api path from config
* Revert "get whole api path from config"
This reverts commit 392f5f4c5f.
* update extclient acls async
* add additional mutex lock on node acls func
(cherry picked from commit 5325f0e7d7)
* increase verbosity
(cherry picked from commit 705b3cf0bf)
* add emqx creds creation to go routine
(cherry picked from commit c8e65f4820)
* add debug log of mq client id
(cherry picked from commit 29c5d6ceca)
* comment port check
(cherry picked from commit db8d6d95ea)
* check for connection mq connection open
(cherry picked from commit 13b11033b0)
* use username for client id
(cherry picked from commit e90c7386de)
* add write mutex on acl is allowed
(cherry picked from commit 4cae1b0bb4)
* add mq connection lost handler on server
(cherry picked from commit c82918ad35)
* spin off zombie init as go routine
(cherry picked from commit 6d65c44c43)
* update extclient acls async
(cherry picked from commit 6557ef1ebe)
* additionl logs for oauth user flow
(cherry picked from commit 61703038ae)
* add more debug logs
(cherry picked from commit 5980beacd1)
* add more debug logs
(cherry picked from commit 4d001f0d27)
* add set auth secret
(cherry picked from commit f41cef5da5)
* fix fetch pass
(cherry picked from commit 825caf4b60)
* make sure auth secret is set only once
(cherry picked from commit ba33ed02aa)
* make sure auth secret is set only once
(cherry picked from commit 920ac4c507)
* comment usage of emqx acls
* replace read lock with write lock on acls
* replace read lock with write lock on acls
(cherry picked from commit 808d2135c8)
* use deadlock pkg for visibility
* add additional mutex locks
* remove race flag
* on mq re-connecting donot exit if failed
* on mq re-connecting donot exit if failed
* revert mutex package change
* set mq clean session
* remove debug log
* go mod tidy
* revert on prem emqx acls del
* add pending users api
* insert user to pending users on first time oauth login
* add pending user check on headless login
* fix conflicting apis
* no records error
* add allowed emails domains for oauth singup to config
* check if user is allowed to signup
* improve oauth message prompts
* handle trial enddate error logs
* set clean session
* delete emqx hosts creds api
* add emqx hosts del api to limited middleware controller
* add emqx hosts del api to limited middleware controller
* remove server creds from emqx
* internet gws apis
* add validate check for inet request
* add default gw changes to peer update
* update json tag
* add OS checks for inet gws
* add set defaul gw pro func
* allow disable and enable inet gw
* add inet handlers to pro
* add fields to api node
* add inet allowed ips
* add default gw to pull
* unset node inet details on deletion
* unset internet gw on network nodes
* unset inet gw fix
* unset inet gw fix
* send default gw ip
* fix inet node endpoint
* add default gw endpoint ip to pull resp
* validate after unset gws
* add inet client peer allowedips to inet node
* validate after unset gws
* fix allowed ips for inet peer and gw node
* fix allowed ips for inet peer and gw node
* fix allowed ips for inet peer and gw node
* fix allowed ips for inet peer and gw node
* fix inet gw and relayed conflict
* fix inet gw and relayed conflict
* fix update req
* fix update inet gw api
* when inet gw is peer ignore other allowedIps
* test relay
* revert test relay
* revert inet peer update changes
* channel internet traffic of relayed node to relay's inetgw
* channel internet traffic of relayed node to relay's inetgw
* channel internet traffic of relayed node to relay's inetgw
* add check for relayed node
* add inet info to peer update
* add inet info to peer update
* fix update node to persist inet info
* fix go tests
* egress ranges with inet gw fix
* egress ranges with inet gw fix
* disallow node acting using inet gw to act as inet gw
* add check to validate inet gw
* fix typos
* add firewall check
* set inetgw on ingress req on community
* set inetgw to false on community on ingress del