* revert inet gws from acl policies
* add egress range with metric for inet gw
* link pro inet funcs
* fix extclient comms with users
* remove TODO comments
* move relevant acl and tag code to CE and Pro pkgs
* intialise pro acl funcs
* list gateways by user access
* check user gw access by policies
* filter out user policies on CE
* filter out tagged policies on CE
* fix ce acl comms
* allow gateways tag
* allow gateway tag on CE, remove failover and gw check on acl policy
* add gw rules func to pro
* add inet gw support on CE
* add egress acl API
* add egress acl API
* fix(go): set is_gw when converting api node to server node;
* fix(go): set is_gw when converting api node to server node;
* fix policy validity checker for inet gws
* move dns option to host model
* fix node removal from egress policy on delete
* add migration logic for ManageDNS
* fix dns json field
* fix nil error on node tags
* add egress info to relayed nodes
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
* feat: api access tokens
* revoke all user tokens
* redefine access token api routes, add auto egress option to enrollment keys
* add server settings apis, add db table for settigs
* handle server settings updates
* switch to using settings from DB
* fix sever settings migration
* revet force migration for settings
* fix server settings database write
* egress model
* fix revoked tokens to be unauthorized
* update egress model
* remove unused functions
* convert access token to sql schema
* switch access token to sql schema
* fix merge conflicts
* fix server settings types
* bypass basic auth setting for super admin
* add TODO comment
* setup api handlers for egress revamp
* use single DB, fix update nat boolean field
* extend validaiton checks for egress ranges
* add migration to convert to new egress model
* fix panic interface conversion
* publish peer update on settings update
* revoke token generated by an user
* add user token creation restriction by user role
* add forbidden check for access token creation
* revoke user token when group or role is changed
* add default group to admin users on update
* chore(go): import style changes from migration branch;
1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.
* remove nat check on egress gateway request
* Revert "remove nat check on egress gateway request"
This reverts commit 0aff12a189.
* remove nat check on egress gateway request
* feat(go): add db middleware;
* feat(go): restore method;
* feat(go): add user access token schema;
* add inet gw status to egress model
* fetch node ids in the tag, add inet gw info clients
* add inet gw info to node from egress list
* add migration logic internet gws
* create default acl policies
* add egress info
* add egress TODO
* add egress TODO
* fix user auth api:
* add reference id to acl policy
* add egress response from DB
* publish peer update on egress changes
* re initalise oauth and email config
* set verbosity
* normalise cidr on egress req
* add egress id to acl group
* change acls to use egress id
* resolve merge conflicts
* fix egress reference errors
* move egress model to schema
* add api context to DB
* sync auto update settings with hosts
* sync auto update settings with hosts
* check acl for egress node
* check for egress policy in the acl dst groups
* fix acl rules for egress policies with new models
* add status to egress model
* fix inet node func
* mask secret and convert jwt duration to minutes
* enable egress policies on creation
* convert jwt duration to minutes
* add relevant ranges to inet egress
* skip non active egress routes
* resolve merge conflicts
* fix static check
* update gorm tag for primary key on egress model
* create user policies for egress resources
* resolve merge conflicts
* get egress info on failover apis, add egress src validation for inet gws
* add additional validation checks on egress req
* add additional validation checks on egress req
* skip all resources for inet policy
* delete associated egress acl policies
* fix failover of inetclient
* avoid setting inet client asd inet gw
* fix all resource egress policy
* fix inet gw egress rule
* check for node egress on relay req
* fix egress acl rules comms
* add new field for egress info on node
* check acl policy in failover ctx
* avoid default host to be set as inet client
* fix relayed egress node
* add valid error messaging for egress validate func
* return if inet default host
* jump port detection to 51821
* check host ports on pull
* check user access gws via acls
* add validation check for default host and failover for inet clients
* add error messaging for acl policy check
* fix inet gw status
* ignore failover req for peer using inet gw
* check for allowed egress ranges for a peer
* add egress routes to static nodes by access
* avoid setting failvoer as inet client
* fix egress error messaging
* fix extclients egress comms
* fix inet gw acting as inet client
* return formatted error on update acl validation
* add default route for static nodes on inetclient
* check relay node acting as inetclient
* move inet node info to separate field, fix all resouces policy
* remove debug logs
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
* add gw apis, move relays into CE
* set gw field on relay and ingress creation
* add gw handlers to relay and ingress apis
* if node is inetgw and gw add dns
* remove pro check on relays
* fetch node before updating
* add live status of node
* handle static node status
* add public IP field to server configuration
* get public Ip from config
* improve node status logic
* improvise status check
* use only checkin status on old nodes
---------
Co-authored-by: the_aceix <aceixsmartx@gmail.com>
* add ingresspersistentkeepalive and ingressmtu for extClient/RAC config
* add ingressmtu and PKA in api response
* add pka and mtu in api/nodes PUT call
* add default value for PKA and mtu for extClients
* New Docs
CSS update and Dockerfile to include docs folder
flash of unrendered text fix
markdown docs
ignore docs/docs.go
improving the docs generation
github actions for docs generation
go runner version fix
updated docs.yml
update repo action updated
updated actions and dns docs
dns complete
More docs update
Complete docs and updated workflow
Update documentation Tue Aug 6 11:17:42 UTC 2024
Update documentation Thu Aug 8 12:26:57 UTC 2024
clean up
clean up
Dockerfile clean up
Updated workflow
Updated workflow
Update docs.yml
Update docs.yml
* requested changes
* changed ingress gateway to remote access gateway
* internet gws apis
* add validate check for inet request
* add default gw changes to peer update
* update json tag
* add OS checks for inet gws
* add set defaul gw pro func
* allow disable and enable inet gw
* add inet handlers to pro
* add fields to api node
* add inet allowed ips
* add default gw to pull
* unset node inet details on deletion
* unset internet gw on network nodes
* unset inet gw fix
* unset inet gw fix
* send default gw ip
* fix inet node endpoint
* add default gw endpoint ip to pull resp
* validate after unset gws
* add inet client peer allowedips to inet node
* validate after unset gws
* fix allowed ips for inet peer and gw node
* fix allowed ips for inet peer and gw node
* fix allowed ips for inet peer and gw node
* fix allowed ips for inet peer and gw node
* fix inet gw and relayed conflict
* fix inet gw and relayed conflict
* fix update req
* fix update inet gw api
* when inet gw is peer ignore other allowedIps
* test relay
* revert test relay
* revert inet peer update changes
* channel internet traffic of relayed node to relay's inetgw
* channel internet traffic of relayed node to relay's inetgw
* channel internet traffic of relayed node to relay's inetgw
* add check for relayed node
* add inet info to peer update
* add inet info to peer update
* fix update node to persist inet info
* fix go tests
* egress ranges with inet gw fix
* egress ranges with inet gw fix
* disallow node acting using inet gw to act as inet gw
* add check to validate inet gw
* fix typos
* add firewall check
* set inetgw on ingress req on community
* set inetgw to false on community on ingress del
* send deleted node peer update when expired
* set default expiration to 100 years
* pruge expired nodes
* send mq node delete update before deleting node
* initalise to new var
* revert expiration time interval
* add internet gateway to client gateway
* migration func to remove internet egress range from egress gateway
* add internet gateways ranges to firewall update
* add internet gw ranges to extcleint conf
* add ipv6 internet address
* remove failover field from ingress req
* only let normal to be created on PRO (#2716)
* feat(NET-805): send internet gw props to rac
* set inet gw field on node update api
* move internet gws to EE
---------
Co-authored-by: the_aceix <aceixsmartx@gmail.com>
* api to to get host relayed from client
* add auto relay to api host
* add peer nat type
* set pro field on signal
* rm net check on relay me handler
* return success response
* re-establish failover logic
* set failOver ctx
* failOver with peer pub key
* failovered peer updates
* failover handlers, reset failovered peer on deletion
* rm unused funcs
* initialize failover handler on EE
* ignore failover node on signal
* failover changes
* set host id on signal
* extend signal model to include node ids
* add backwards compatibility
* add failover as node api
* set json response on failover handers
* add failover field to api node
* fix signal data check
* initialize failover peer map
* reset failovered status when relayed or deleted
* add failover info to api node
* reset network failover
* only proceed furtuer if failover exists in the network
* set failOver node defaults
* cannot set failover node as relayed
* debug log
* debug log
* debug changes
* debug changes
* debug changes
* revert debug changes
* don't add peers to idmap when removed
* reset failed Over
* fix static checks
* rm debug log
* add check for linux host
* Move PKA field from models node to host level
* Move PKA field from api models node to host level
* Adapt logic package to node->host PKA
* Adapt migration-related code to node->host PKA
* Adapt cli code to node->host PKA
* Change host PKA default to 20s
* On IfaceDelta, check for PKA on host
* On handleHostRegister, set default PKA
* Use a default PKA
* Use int64 for api host pka
* Reorder imports
* Don't use host pka in iface delta
* Fix ConvertAPIHostToNMHost
* Add swagger doc for host PKA field
* Fix swagger.yml
* Set default PKA only for new hosts
* Remove TODO comment
* Remove redundant check
* Have api-host pka be specified in seconds
* Move ee code to ee package and unify ee status to IsPro
* Consolidate naming for paid/professional/enterprise version as "pro". Notes:
- Changes image tags
- Changes build tags
- Changes package names
- Doesn't change links to docs that mention "ee"
- Doesn't change parameters sent to PostHog that mention "ee"
* Revert docker image tag being -pro, back to -ee
* Revert go build tag being pro, back to ee
* Add build tags for some ee content
* [2] Revert go build tag being pro, back to ee
* Fix test workflow
* Add a json tag to be backwards compatible with frontend "IsEE" check
* Add a json tag for the serverconfig struct for IsEE
* Ammend json tag to Is_EE
* fix ee tags
---------
Co-authored-by: Abhishek Kondur <abhi281342@gmail.com>
* create gateways during migration
* set version for testing
* restruct migration
* debug logging
* enforce unique names for ext client names (#2476)
* enforce unique names for ext client names
* only check for unique id on creation
* check for unique id if changed
* prune(NET-483): remove defunct host.internetgateway field (#2487)
* don't reference host on err (#2493)
* deprecrate netclient install scripts (#2490)
* Net 500: validate network parameter passed to node endpoints (#2480)
* enforce unique names for ext client names
* only check for unique id on creation
* check for unique id if changed
* validate network parameter passed to node endpoints
---------
Co-authored-by: Abhishek K <32607604+abhishek9686@users.noreply.github.com>
* NET-513 (#2492)
nm-certs.sh now requests certificate for EE and CE edition domains accordingly.
* [NET-404] Run in limited mode when ee checks fail (#2474)
* Add limited http handlers functionality to rest handler
* Export ee.errValidation (ee.ErrValidation)
* Export a fatal error handled by the hook manager
* Export a new status variable for unlicensed server
* Mark server as unlicensed when ee checks fail
* Handle license validation failures with a (re)boot in a limited state
* Revert "Export a fatal error handled by the hook manager"
This reverts commit 069c21974a8d36e889c73ad78023448d787d62a5.
* Revert "Export ee.errValidation (ee.ErrValidation)"
This reverts commit 59dbab8c79773ca5d879f28cbaf53f3dd4297b9b.
* Revert "Add limited http handlers functionality to rest handler"
This reverts commit e2f1f28facaca54713db76a588839cd2733cf673.
* Revert "Handle license validation failures with a (re)boot in a limited state"
This reverts commit 58cfbbaf522a1345aac1fa67964ebff0a6d60cd8.
* Revert "Mark server as unlicensed when ee checks fail"
This reverts commit 77c6dbdd3c9cfa6e7d6becedef6251e8617ae367.
* Handle license validation failures with a middleware
* Forbid responses if unlicensed ee and not in status api
* Remove unused func
* feat(NET-449): add sync feature to request a host pull from server (#2491)
* fix(NET-486): change client name length validation (#2498)
set limit to 5<=x<=32
* [NET-477] Pick AMB URL dynamically (#2489)
* Introduce config for environment
* Introduce func to get environment
* Choose accounts api host from environment
* Test the ee package on workflows
* Use build tag ee for license_test.go
* [Feature]: nm-quick script tackling arm TODO support (#2488)
* domain flag for auto installs
* use static servers with custom domain (#2421)
* send delete peer update always
* fix add/remove host api calls
* keep mq updates in a single go func
* move branch test logic to devops (#2443)
* handle IOT OS
* save server name to env (#2460)
* ensure branch test servers available after test runs (#2467)
* save server name to env
* free server always; add PR to discord messages
* use correct method to delete droplets (#2468)
* quick fix for the launcher
* removed exit when triggering not supported exit and removed the TODO comments related to this issue
---------
Co-authored-by: Matthew R Kasun <mkasun@nusak.ca>
Co-authored-by: Alex Feiszli <31018251+afeiszli@users.noreply.github.com>
Co-authored-by: Christopher Blaha <crispspiceguitar@gmail.com>
Co-authored-by: Abhishek Kondur <abhi281342@gmail.com>
Co-authored-by: Abhishek K <32607604+abhishek9686@users.noreply.github.com>
* rebase conflict
* include pass and os in mirgration data
* node network ranges
* remove debugging logs
* add gateways
* use sent node
* upgrade shell script
* associate node to host during migration
* add node to host.Nodes and publish peer update
* save host outside loop
* fix script name
* simplify upgrade script
* don't migrate relays
* simplify upgrade script even more
* guard against blank address or address6
* typos
---------
Co-authored-by: Aceix <aceixsmartX@gmail.com>
Co-authored-by: Abhishek K <32607604+abhishek9686@users.noreply.github.com>
Co-authored-by: Farukh Khan <farukhkhan21@gmail.com>
Co-authored-by: Gabriel de Souza Seibel <gabrielseibel1@gmail.com>
Co-authored-by: bornav <51048565+bornav@users.noreply.github.com>
Co-authored-by: Alex Feiszli <31018251+afeiszli@users.noreply.github.com>
Co-authored-by: Christopher Blaha <crispspiceguitar@gmail.com>
Co-authored-by: Abhishek Kondur <abhi281342@gmail.com>
* NET-507
* Fixed server restart changing the node expiration date to the defaults.
* Removed expired nodes removal from zombie cleanup routine.
* Added a new expired nodes deletion routine which removes expired nodes every hour.
* NET-507 suggested changes
* Possible fix for zombie nodes upon node deletion from the UI.
* Suggested changes implemented for expired nodes deletion go routine.
* NET-507 typo fix
* typo fix for DeleteNode purge parameter
* remove related fields and code
* remover metrics collection from server code
* fw update struct
* add ext client flag to metrics data
* simply nat types
* rm proxy update from cli
* send peer update to IOT client only when it is relayed
* move node check
* send relay del update for iot client
* fix relay delete logic for iot
* set relay node to true for iot peer update
* add node addrs to peer update
* revert tag
* model changes
* additional fields for extclient create
* add DNS to extclient config
* extclient name checks
* update extclient
* nmctl extclient
* final tweaks
* review comments
* add extclientdns to node on ingress creation
* fix to add ingress dns to api (#2296)
---------
Co-authored-by: Aceix <aceixsmartX@gmail.com>
