gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-06 05:04:27 +08:00
Code Issues Projects Releases Packages Wiki Activity
6869 commits 1586 branches 84 tags 295 MiB
Commit graph

113 commits

Author SHA1 Message Date
Abhishek K
307a3d1e4b
NET-1932: Merge egress and internet gateways (#3436) 
* feat: api access tokens

* revoke all user tokens

* redefine access token api routes, add auto egress option to enrollment keys

* add server settings apis, add db table for settigs

* handle server settings updates

* switch to using settings from DB

* fix sever settings migration

* revet force migration for settings

* fix server settings database write

* egress model

* fix revoked tokens to be unauthorized

* update egress model

* remove unused functions

* convert access token to sql schema

* switch access token to sql schema

* fix merge conflicts

* fix server settings types

* bypass basic auth setting for super admin

* add TODO comment

* setup api handlers for egress revamp

* use single DB, fix update nat boolean field

* extend validaiton checks for egress ranges

* add migration to convert to new egress model

* fix panic interface conversion

* publish peer update on settings update

* revoke token generated by an user

* add user token creation restriction by user role

* add forbidden check for access token creation

* revoke user token when group or role is changed

* add default group to admin users on update

* chore(go): import style changes from migration branch;

1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.

* remove nat check on egress gateway request

* Revert "remove nat check on egress gateway request"

This reverts commit 0aff12a189.

* remove nat check on egress gateway request

* feat(go): add db middleware;

* feat(go): restore method;

* feat(go): add user access token schema;

* add inet gw status to egress model

* fetch node ids in the tag, add inet gw info clients

* add inet gw info to node from egress list

* add migration logic internet gws

* create default acl policies

* add egress info

* add egress TODO

* add egress TODO

* fix user auth api:

* add reference id to acl policy

* add egress response from DB

* publish peer update on egress changes

* re initalise oauth and email config

* set verbosity

* normalise cidr on egress req

* add egress id to acl group

* change acls to use egress id

* resolve merge conflicts

* fix egress reference errors

* move egress model to schema

* add api context to DB

* sync auto update settings with hosts

* sync auto update settings with hosts

* check acl for egress node

* check for egress policy in the acl dst groups

* fix acl rules for egress policies with new models

* add status to egress model

* fix inet node func

* mask secret and convert jwt duration to minutes

* enable egress policies on creation

* convert jwt duration to minutes

* add relevant ranges to inet egress

* skip non active egress routes

* resolve merge conflicts

* fix static check

* update gorm tag for primary key on egress model

* create user policies for egress resources

* resolve merge conflicts

* get egress info on failover apis, add egress src validation for inet gws

* add additional validation checks on egress req

* add additional validation checks on egress req

* skip all resources for inet policy

* delete associated egress acl policies

* fix failover of inetclient

* avoid setting inet client asd inet gw

* fix all resource egress policy

* fix inet gw egress rule

* check for node egress on relay req

* fix egress acl rules comms

* add new field for egress info on node

* check acl policy in failover ctx

* avoid default host to be set as inet client

* fix relayed egress node

* add valid error messaging for egress validate func

* return if inet default host

* jump port detection to 51821

* check host ports on pull

* check user access gws via acls

* add validation check for default host and failover for inet clients

* add error messaging for acl policy check

* fix inet gw status

* ignore failover req for peer using inet gw

* check for allowed egress ranges for a peer

* add egress routes to static nodes by access

* avoid setting failvoer as inet client

* fix egress error messaging

* fix extclients egress comms

* fix inet gw acting as inet client

* return formatted error on update acl validation

* add default route for static nodes on inetclient

* check relay node acting as inetclient

* move inet node info to separate field, fix all resouces policy

* remove debug logs

---------

Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
 2025-05-21 12:50:21 +05:30
abhishek9686
f3fd10326f migrate remote access gw tags 2025-03-11 00:50:44 +04:00
abhishek9686
2cb5519978 fix egress range comparison 2025-03-03 20:24:18 +04:00
abhishek9686
d21411392b fix integration tests 2025-03-03 12:05:23 +04:00
abhishek9686
7e0ff17420 validate egress ranges with metric 2025-03-03 11:33:46 +04:00
Abhishek K
8297642b90
NET-1914: add gw apis, move relays into CE (#3309) 
* add gw apis, move relays into CE

* set gw field on relay and ingress creation

* add gw handlers to relay and ingress apis

* if node is inetgw and gw add dns

* remove pro check on relays

* fetch node before updating
 2025-01-28 11:28:31 +05:30
abhishek9686
ce93c9e0c1 add migrate fix on tags init 2024-11-08 10:55:43 +04:00
abhishek9686
bb06ddaabe improve egress error 2024-11-07 11:44:08 +04:00
abhishek9686
4cf6771b11 remove firewall requirement for ingress node 2024-11-07 11:42:57 +04:00
abhishek9686
a954f87c9d deprecate rag role 2024-10-28 16:53:02 +04:00
abhishek9686
4eacadbb27 convert network roles to groups, deprecate RAG roles 2024-10-28 16:18:50 +04:00
abhishek9686
d407c6b6c4 add node to remote access gw tag 2024-10-17 11:24:37 +04:00
Max Ma
189ac27527
NET-1509:add ingresspersistentkeepalive and ingressmtu for extClient/RAC config (#3107) 
* add ingresspersistentkeepalive and ingressmtu for extClient/RAC config

* add ingressmtu and PKA in api response

* add pka and mtu in api/nodes PUT call

* add default value for PKA and mtu for extClients
 2024-09-12 12:19:27 +04:00
Abhishek K
2e8d95e80e
NET-1227: User Mgmt V2 (#3055) 
* user mgmt models

* define user roles

* define models for new user mgmt and groups

* oauth debug log

* initialize user role after db conn

* print oauth token in debug log

* user roles CRUD apis

* user groups CRUD Apis

* additional api checks

* add additional scopes

* add additional scopes url

* add additional scopes url

* rm additional scopes url

* setup middlleware permission checks

* integrate permission check into middleware

* integrate permission check into middleware

* check for headers for subjects

* refactor user role models

* refactor user groups models

* add new user to pending user via RAC login

* untracked

* allow multiple groups for an user

* change json tag

* add debug headers

* refer network controls form roles, add debug headers

* refer network controls form roles, add debug headers

* replace auth checks, add network id to role model

* nodes handler

* migration funcs

* invoke sync users migration func

* add debug logs

* comment middleware

* fix get all nodes api

* add debug logs

* fix middleware error nil check

* add new func to get username from jwt

* fix jwt parsing

* abort on error

* allow multiple network roles

* allow multiple network roles

* add migration func

* return err if jwt parsing fails

* set global check to true when accessing user apis

* set netid for acls api calls

* set netid for acls api calls

* update role and groups routes

* add validation checks

* add invite flow apis and magic links

* add invited user via oauth signup automatically

* create invited user on oauth signup, with groups in the invite

* add group validation for user invite

* update create user handler with new role mgmt

* add validation checks

* create user invites tables

* add error logging for email invite

* fix invite singup url

* debug log

* get query params from url

* get query params from url

* add query escape

* debug log

* debug log

* fix user signup via invite api

* set admin field for backward compatbility

* use new role id for user apis

* deprecate use of old admin fields

* deprecate usage of old user fields

* add user role as service user if empty

* setup email sender

* delete invite after user singup

* add plaform user role

* redirect on invite verification link

* fix invite redirect

* temporary redirect

* fix invite redirect

* point invite link to frontend

* fix query params lookup

* add resend support, configure email interface types

* fix groups and user creation

* validate user groups, add check for metrics api in middleware

* add invite url to invite model

* migrate rac apis to new user mgmt

* handle network nodes

* add platform user to default role

* fix user role migration

* add default on rag creation and cleanup after deletion

* fix rac apis

* change to invite code param

* filter nodes and hosts based on user network access

* extend create user group req to accomodate users

* filter network based on user access

* format oauth error

* move user roles and groups

* fix get user v1 api

* move user mgmt func to pro

* add user auth type to user model

* fix roles init

* remove platform role from group object

* list only platform roles

* add network roles to invite req

* create default groups and roles

* fix middleware for global access

* create default role

* fix nodes filter with global network roles

* block selfupdate of groups and network roles

* delete netID if net roles are empty

* validate user roles nd groups on update

* set extclient permission scope when rag vpn access is set

* allow deletion of roles and groups

* replace _ with - in role naming convention

* fix failover middleware mgmt

* format oauth templates

* fetch route temaplate

* return err if user wrong login type

* check user groups on rac apis

* fix rac apis

* fix resp msg

* add validation checks for admin invite

* return oauth type

* format group err msg

* fix html tag

* clean up default groups

* create default rag role

* add UI name to roles

* remove default net group from user when deleted

* reorder migration funcs

* fix duplicacy of hosts

* check old field for migration

* from pro to ce make all secondary users admins

* from pro to ce make all secondary users admins

* revert: from pro to ce make all secondary users admins

* make sure downgrades work

* fix pending users approval

* fix duplicate hosts

* fix duplicate hosts entries

* fix cache reference issue

* feat: configure FRONTEND_URL during installation

* disable user vpn access when network roles are modified

* rm vpn acces when roles or groups are deleted

* add http to frontend url

* revert crypto version

* downgrade crytpo version

* add platform id check on user invites

---------

Co-authored-by: the_aceix <aceixsmartx@gmail.com>
 2024-08-20 17:08:56 +05:30
Max Ma
5b9ccb74a9
improve message for create egressGW (#3001) 2024-07-09 18:56:36 +05:30
the_aceix
78180c86be fix: add metadata field to create RAG 2024-05-17 10:45:32 +00:00
Max Ma
961f8eab6e
NET-1119 (#2886) 
* exclude IngressGW in failover

* resetfailoverpeer when adding IngressGw if failover enabled

* exclude InetGW in failover

* get egress ranges of failedover peer

---------

Co-authored-by: abhishek9686 <abhi281342@gmail.com>
 2024-04-12 18:22:03 +05:30
Abhishek K
0638dcac49
NET-940: Inet Gws (#2828) 
* internet gws apis

* add validate check for inet request

* add default gw changes to peer update

* update json tag

* add OS checks for inet gws

* add set defaul gw pro func

* allow disable and enable inet gw

* add inet handlers to pro

* add fields to api node

* add inet allowed ips

* add default gw to pull

* unset node inet details on deletion

* unset internet gw on network nodes

* unset inet gw fix

* unset inet gw fix

* send default gw ip

* fix inet node endpoint

* add default gw endpoint ip to pull resp

* validate after unset gws

* add inet client peer allowedips to inet node

* validate after unset gws

* fix allowed ips for inet peer and gw node

* fix allowed ips for inet peer and gw node

* fix allowed ips for inet peer and gw node

* fix allowed ips for inet peer and gw node

* fix inet gw and relayed conflict

* fix inet gw and relayed conflict

* fix update req

* fix update inet gw api

* when inet gw is peer ignore other allowedIps

* test relay

* revert test relay

* revert inet peer update changes

* channel internet traffic of relayed node to relay's inetgw

* channel internet traffic of relayed node to relay's inetgw

* channel internet traffic of relayed node to relay's inetgw

* add check for relayed node

* add inet info to peer update

* add inet info to peer update

* fix update node to persist inet info

* fix go tests

* egress ranges with inet gw fix

* egress ranges with inet gw fix

* disallow node acting using inet gw to act as inet gw

* add check to validate inet gw

* fix typos

* add firewall check

* set inetgw on ingress req on community

* set inetgw to false on community on ingress del
 2024-02-28 08:46:51 +07:00
Abhishek K
2c29a70df1
NET-941: allows creation of gws without client node or egress ranges (#2822) 
* allow creation of relay without relayed nodes

* allow creation of egress gw without egress ranges

* initalize empty egress ranges
 2024-02-13 20:24:22 +07:00
Abhishek K
ecd769ea07
Merge pull request #2780 from gravitl/kwesi/net-709-add-metadata-field-to-gateway-node 
feat(NET-709): add node metadata for remote gateways
 2024-02-06 14:59:59 +05:30
the_aceix
5882b86d40 feat(NET-709): add node metadata for remote gws 2024-01-26 10:06:36 +00:00
abhishek9686
88d5f2f37a remove inet addr if present during creation of internet gateway 2024-01-17 22:23:48 +05:30
Abhishek K
530dbdc65c
NET-710: Internet Gws Re-Design (#2718) 
* add internet gateway to client gateway

* migration func to remove internet egress range from egress gateway

* add internet gateways ranges to firewall update

* add internet gw ranges to extcleint conf

* add ipv6 internet address

* remove failover field from ingress req

* only let normal to be created on PRO (#2716)

* feat(NET-805): send internet gw props to rac

* set inet gw field on node update api

* move internet gws to EE

---------

Co-authored-by: the_aceix <aceixsmartx@gmail.com>
 2023-12-06 23:57:58 +04:00
Abhishek K
b78cc0a8a1
NET-725: Failovers (#2685) 
* api to  to get host relayed from client

* add auto relay to api host

* add peer nat type

* set pro field on signal

* rm net check on relay me handler

* return success response

* re-establish failover logic

* set failOver ctx

* failOver with peer pub key

* failovered peer updates

* failover handlers, reset failovered peer on deletion

* rm unused funcs

* initialize failover handler on EE

* ignore failover node on signal

* failover changes

* set host id on signal

* extend signal model to include node ids

* add backwards compatibility

* add failover as node api

* set json response on failover handers

* add failover field to api node

* fix signal data check

* initialize failover peer map

* reset failovered status when relayed or deleted

* add failover info to api node

* reset network failover

* only proceed furtuer if failover exists in the network

* set failOver node defaults

* cannot set failover node as relayed

* debug log

* debug log

* debug changes

* debug changes

* debug changes

* revert debug changes

* don't add peers to idmap when removed

* reset failed Over

* fix static checks

* rm debug log

* add check for linux host
 2023-11-29 20:10:07 +04:00
Gabriel de Souza Seibel
001442e75e
[NET-493] - Additional data fields to send to account management (#2583) 
* Send relays and internet gws count to amb

* Unify usage funcs in logic pkg

* Fix ee build

* Revert "Unify usage funcs in logic pkg"

This reverts commit 28afc91f7e.

* Add more resource metrics on getUsage handler

* Use pro module's function to get server usage on lic val

* Move GetRelays to pro package
 2023-10-06 10:22:58 +04:00
Abhishek K
719e0c254d
NET-551: User Mgmt Re-Design (#2547) 
* add superadmin role, apis to create superadmin user

* apis to attach and remove user from remote access gateways

* add api to list user's remote client has gateway clients

* remove code related user groups

* remove networks and groups from user model

* refactor user CRUD operations

* fix network permission test

* add superadmin to authorize func

* remove user network and groups from cli

* api to transfer superadmin role

* add api to list users on a ingress gw

* restrict user access to resources on server

* deny request from remote access client if extclient is already created

* fix user tests

* fix static checks

* fix static checks

* add limits to extclient create handler

* set username to superadmin on if masterkey is used

* allow creation of extclients using masterkey

* add migration func to assign superadmin role for existing admin user

* check for superadmin on migration if users are present

* allowe masterkey to extcleint apis

* check ownerid

* format error, on jwt token verification failure return unauthorized rather than forbidden

* user update fix

* move user remote functionality to ee

* fix update user api

* security patch

* initalise ee user handlers

* allow user to use master key to update any user

* use slog

* fix auth user test

* table headers

* remove user role, it's covered in middleware

* setuser defaults fix
 2023-09-01 14:27:08 +05:30
Gabriel de Souza Seibel
1a1ba1ccf4
[NET-546] Move ee code to ee package, unify ee status and terminology (#2538) 
* Move ee code to ee package and unify ee status to IsPro

* Consolidate naming for paid/professional/enterprise version as "pro". Notes:

- Changes image tags
- Changes build tags
- Changes package names
- Doesn't change links to docs that mention "ee"
- Doesn't change parameters sent to PostHog that mention "ee"

* Revert docker image tag being -pro, back to -ee

* Revert go build tag being pro, back to ee

* Add build tags for some ee content

* [2] Revert go build tag being pro, back to ee

* Fix test workflow

* Add a json tag to be backwards compatible with frontend "IsEE" check

* Add a json tag for the serverconfig struct for IsEE

* Ammend json tag to Is_EE

* fix ee tags

---------

Co-authored-by: Abhishek Kondur <abhi281342@gmail.com>
 2023-09-01 07:42:05 +05:30
Gabriel de Souza Seibel
8ce7da2ce9
[NET-494 / ACC-322] New free tier limits (#2495) 
* Rename var

* Rename consts and use iota

* Use switch instead of repeated else if

* Rename limits related vars

* Introduce new free tier limits

* Measure new limits and report on license validation

* Separate usage and limits, have new ones

* Don't check for hosts and clients limits, but for machines instead

* Error on egress creation @ free tier w/ internet gateways

* Remove clients and hosts limit from code

* Rename var

* Rename consts and use iota

* Use switch instead of repeated else if

* Rename limits related vars

* Introduce new free tier limits

* Measure new limits and report on license validation

* Separate usage and limits, have new ones

* Don't check for hosts and clients limits, but for machines instead

* Error on egress creation @ free tier w/ internet gateways

* Remove clients and hosts limit from code
 2023-08-08 23:17:49 +05:30
Matthew R Kasun
114db708d6
ignore network parameter passed to delete ingress endpoint (#2471) 2023-07-28 21:16:35 +05:30
Abhishek Kondur
4071bb2bac db cache nodes and hosts 2023-06-27 16:10:04 +05:30
Aceix
34c56d5ea1
Revert "prevent ingress creation on NATed host (#2395)" (#2422) 
This reverts commit 20998dd613.
 2023-06-27 12:30:25 +05:30
Abhishek K
6c2582651c
Net-137: Node relays (#2401) 
* revert relays

* initial relay commit

* get relayed allowed ips

* add more relay validation checks, peer logic cleanup

* rm relayed nodes from relay node when relayed node is deleted

* fix egress updates for relayed nodes

* rm unused func

* remove  debug logs

* avoid adding egress ranges on the relayed gw node

---------

Co-authored-by: Matthew R Kasun <mkasun@nusak.ca>
 2023-06-19 12:26:14 -04:00
Matthew R Kasun
20998dd613
prevent ingress creation on NATed host (#2395) 2023-06-14 21:37:18 -04:00
Matthew R Kasun
78640f1342
Extclient NET-63x (#2286) 
* model changes

* additional fields for extclient create

* add DNS to extclient config

* extclient name checks

* update extclient

* nmctl extclient

* final tweaks

* review comments

* add extclientdns to node on ingress creation

* fix to add ingress dns to api (#2296)

---------

Co-authored-by: Aceix <aceixsmartX@gmail.com>
 2023-05-17 10:58:03 -04:00
Matthew R Kasun
0821d47b1a gateway name 2023-04-27 10:35:41 -04:00
Matthew R Kasun
075848e6fe check for firewall on egress creation 2023-04-27 10:32:58 -04:00
dcarns
e563671eba
Merge pull request #2182 from gravitl/GRA-1205/internet-gateways 
GRA-1205: internet gateways
 2023-04-18 13:34:58 -04:00
Matthew R Kasun
3711c1ea28 don't fail deleting ingress if no extclients exist 2023-04-12 10:16:18 -04:00
0xdcarns
8410c32ad4 disallowed IPv6 2023-04-11 16:49:51 -04:00
Matthew R Kasun
59ea7f0004 don't fail deleting ingress if no extclients exist 2023-04-11 11:06:54 -04:00
0xdcarns
9d230d3540 initial commit 2023-04-06 12:27:33 -04:00
Abhishek Kondur
055ef54395 rm firewall check 2023-02-06 20:14:30 +04:00
Abhishek Kondur
66faa18fb9 skip internet gateways 2023-02-06 20:04:47 +04:00
Abhishek Kondur
b695f6e288 Merge branch 'develop' of https://github.com/gravitl/netmaker into GRA-1054/egress_route_manager 2023-02-06 20:01:33 +04:00
Abhishek Kondur
0505629fd1 egress model update,remove interface check 2023-02-04 09:54:56 +04:00
Matthew R Kasun
77cfae41ff remove postup/down 2023-02-02 11:16:54 -05:00
Abhishek Kondur
051f60343b reset ingress to older way 2023-01-25 15:35:45 +04:00
Matthew R. Kasun
eae92470c5 refactor of peerUpdate 
contains some debugging logging
 2022-12-23 13:41:17 -05:00
Matthew R. Kasun
bce2f8a45c fix compile errors 2022-12-22 06:42:33 -05:00
Matthew R. Kasun
770a293049 new constant for wireguard interface name 2022-12-21 03:31:37 -05:00