Commit Graph

153 Commits

Author SHA1 Message Date
Abhishek Kondur c3c3ed1fb8 NM-254: add bulk delete apis, rm old acl code (#3937)
* NM-254: add bulk delete apis for users, hosts, nodes and optimise postgres connection settings

* NM-254: rm debug logs

* NM-254: add bulk delete apis, remove old acl code

* NM-254: rm unused flag

* NM-254: fix bulk delete bugs, add security and performance improvements

- Fix host delete notifying peers before confirming deletion from DB
- Fix self-delete vulnerability in bulk user delete
- Fix DissasociateNodeFromHost failing when host.Nodes is empty
- Fix AssociateNodeToHost/DissasociateNodeFromHost stale read race
- Hoist GetAllExtClients outside loop in bulk user delete/status
- Move initializeUUID outside master-pod guard for HA correctness

* NM-254: return 202 Accepted for async bulk APIs, fix relay allowedIPs and host association error handling

- Change all bulk endpoints (hosts, nodes, users, ext clients) from
  200 OK to 202 Accepted to correctly signal async processing
- Add ReturnAcceptedResponse helper in logic/errors.go
- Fix GetAllowedIpsForRelayed returning empty allowedIPs slice,
  restoring relay connectivity
- Make AssociateNodeToHost and DissasociateNodeFromHost return an
  error when the host DB re-fetch fails instead of silently using
  stale data
- Add bulk-apis.md documenting all five bulk endpoints

* NM-254: rm coredns container

* NM-254: add bulk apis for node,extclient status, add activity logs to bulk apis

* NM-254: add bulk api for connection toggle

* NM-254: add network check

* Update controllers/hosts.go

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>

* NM-254: optimise bulk extclient deletion

---------

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
2026-03-26 10:15:07 +05:30
Abhishek Kondur edda2868fc NM-163: Users, Groups, Roles, Networks and Hosts Table Migration (#3910)
* feat(go): add user schema;

* feat(go): migrate to user schema;

* feat(go): add audit fields;

* feat(go): remove unused fields from the network model;

* feat(go): add network schema;

* feat(go): migrate to network schema;

* refactor(go): add comment to clarify migration logic;

* fix(go): test failures;

* fix(go): test failures;

* feat(go): change membership table to store memberships at all scopes;

* feat(go): add schema for access grants;

* feat(go): remove nameservers from new networks table; ensure db passed for schema functions;

* feat(go): set max conns for sqlite to 1;

* fix(go): issues updating user account status;

* refactor(go): remove converters and access grants;

* refactor(go): add json tags in schema models;

* refactor(go): rename file to migrate_v1_6_0.go;

* refactor(go): add user groups and user roles tables; use schema tables;

* refactor(go): inline get and list from schema package;

* refactor(go): inline get network and list users from schema package;

* fix(go): staticcheck issues;

* fix(go): remove test not in use; fix test case;

* fix(go): validate network;

* fix(go): resolve static checks;

* fix(go): new models errors;

* fix(go): test errors;

* fix(go): handle no records;

* fix(go): add validations for user object;

* fix(go): set correct extclient status;

* fix(go): test error;

* feat(go): make schema the base package;

* feat(go): add host schema;

* feat(go): use schema host everywhere;

* feat(go): inline get host, list hosts and delete host;

* feat(go): use non-ptr value;

* feat(go): use save to upsert all fields;

* feat(go): use save to upsert all fields;

* feat(go): save turn endpoint as string;

* feat(go): check for gorm error record not found;

* fix(go): test failures;

* fix(go): update all network fields;

* fix(go): update all network fields;

* feat(go): add paginated list networks api;

* feat(go): add paginated list users api;

* feat(go): add paginated list hosts api;

* feat(go): add pagination to list groups api;

* fix(go): comment;

* fix(go): implement marshal and unmarshal text for custom types;

* fix(go): implement marshal and unmarshal json for custom types;

* fix(go): just use the old model for unmarshalling;

* fix(go): implement marshal and unmarshal json for custom types;

* feat(go): remove paginated list networks api;

* feat(go): use custom paginated response object;

* fix(go): ensure default values for page and per_page are used when not passed;

* fix(go): rename v1.6.0 to v1.5.1;

* fix(go): check for gorm.ErrRecordNotFound instead of database.IsEmptyRecord;

* fix(go): use host id, not pending host id;

* feat(go): add filters to paginated apis;

* feat(go): add filters to paginated apis;

* feat(go): remove check for max username length;

* feat(go): add filters to count as well;

* feat(go): use library to check email address validity;

* feat(go): ignore pagination if params not passed;

* fix(go): pagination issues;

* fix(go): check exists before using;

* fix(go): remove debug log;

* fix(go): use gorm err record not found;

* fix(go): use gorm err record not found;

* fix(go): use user principal name when creating pending user;

* fix(go): use schema package for consts;

* fix(go): prevent disabling superadmin user;

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>

* fix(go): swap is admin and is superadmin;

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>

* fix(go): remove dead code block;

https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837937

* fix(go): incorrect message when trying to disable self;

https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837934

* fix(go): use correct header;

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>

* fix(go): return after error response;

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>

* fix(go): use correct order of params;

https://github.com/gravitl/netmaker/pull/3910#discussion_r2929593036

* fix(go): set default values for page and page size; use v2 instead of /list;

* Update logic/auth.go

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>

* Update schema/user_roles.go

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>

* fix(go): syntax error;

* fix(go): set default values when page and per_page are not passed or 0;

* fix(go): use uuid.parse instead of uuid.must parse;

* fix(go): review errors;

* fix(go): review errors;

* Update controllers/user.go

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>

* Update controllers/user.go

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>

* NM-163: fix errors:

* Update db/types/options.go

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>

* fix(go): persist return user in event;

* Update db/types/options.go

Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>

* NM-163: duplicate lines of code

* NM-163: fix(go): fix missing return and filter parsing in user controller

- Add missing return after error response in updateUserAccountStatus
  to prevent double-response and spurious ext-client side-effects
- Use switch statements in listUsers to skip unrecognized
  account_status and mfa_status filter values

* fix(go): check for both min and max page size;

* fix(go): enclose transfer superadmin in transaction;

* fix(go): review errors;

* fix(go): remove free tier checks;

* fix(go): review fixes;

---------

Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
2026-03-17 19:36:52 +05:30
Abhishek K 4431dc99a7 NET-1933: option to force destroy network (#3311)
* option to force destroy network

* fix network tests

* fix network defaults func

* fix network destroy action

* delete network if node count is zero

* push peer update network deletion

* send node update
2025-02-03 15:19:44 +04:00
Max Ma 19d4fbaa24 NET-1497:set node lastcheckin after reboot (#3102)
* set node lastcheckin after reboot

* set node connected after reboot
2024-09-16 18:41:11 +04:00
Abhishek K 719e0c254d NET-551: User Mgmt Re-Design (#2547)
* add superadmin role, apis to create superadmin user

* apis to attach and remove user from remote access gateways

* add api to list user's remote client has gateway clients

* remove code related user groups

* remove networks and groups from user model

* refactor user CRUD operations

* fix network permission test

* add superadmin to authorize func

* remove user network and groups from cli

* api to transfer superadmin role

* add api to list users on a ingress gw

* restrict user access to resources on server

* deny request from remote access client if extclient is already created

* fix user tests

* fix static checks

* fix static checks

* add limits to extclient create handler

* set username to superadmin on if masterkey is used

* allow creation of extclients using masterkey

* add migration func to assign superadmin role for existing admin user

* check for superadmin on migration if users are present

* allowe masterkey to extcleint apis

* check ownerid

* format error, on jwt token verification failure return unauthorized rather than forbidden

* user update fix

* move user remote functionality to ee

* fix update user api

* security patch

* initalise ee user handlers

* allow user to use master key to update any user

* use slog

* fix auth user test

* table headers

* remove user role, it's covered in middleware

* setuser defaults fix
2023-09-01 14:27:08 +05:30
Matthew R Kasun 9b072e1050 remove network capabilities from netmaker
remove NET_ADMIN, NET_RAW, SYS_MODULE capabilities from docker-compose
files
remove sysctls from dockerfiles
remove ManageIPTables and PortForwardServices from ServerConfig
remove functions related to removed attributes
2023-01-23 12:37:07 -05:00
Matthew R Kasun 9edb541388 remove localrange 2023-01-20 05:42:05 -05:00
Matthew R. Kasun 8bfe255eab Merge remote-tracking branch 'origin/develop' into netclient_refactor_latest
Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca>
2023-01-04 14:16:12 -05:00
Matthew R. Kasun 38cd4d7700 refactor join
also removes server node
suspect there may be issues with proxy
and UI interactions with nodes
2022-12-20 15:29:09 -05:00
walkerwmanuel 71d66b7f93 Refactored user functions to use refrences rather than values 2022-12-20 15:10:40 -05:00
kayos@tcp.direct e878e4820a Fixes+Chores: avoid de-referencing nil ptrs + lint
- Avoid referencing conditions we know are false/true

 - Avoid using name of imported package as variable

 - Avoid broken (see list item 1) if else statement in `ipservice.go` by refactoring to switch statement

 - When assigning a pointer value to a variable along with an error, check that error before referencing that pointer. Thus avoiding de-referencing a nil and causing a panic.
  *** This item is the most important ***

 - Standard gofmt package sorting + linting; This includes fixing comment starts for go doc

 - Explicit non-handling of unhandled errors where appropriate (assigning errs to _ to reduce linter screaming)

 - Export ErrExpired in `netcache` package so that we can properly reference it using `errors.Is` instead of using `strings.Contains` against an `error.Error()` value
2022-12-06 20:11:20 -08:00
Abhishek Kondur 4b1a85a3ee proxy changes 2022-12-02 17:35:41 +05:30
Abhishek Kondur a7c0abe2fc refactor proxy updates 2022-11-07 01:25:04 +05:30
Abhishek Kondur acae6c3aed added relay functionality to proxy 2022-11-04 01:24:48 +05:30
Abhishek Kondur 17e05d430b sync peers updates with proxy 2022-11-02 15:33:42 +05:30
Abhishek Kondur 31a7e73473 add proxy to netmaker server 2022-10-28 17:02:22 +05:30
Matthew R. Kasun 1de2989b84 move logic to serverctl.setNetworkDefaults() 2022-09-30 15:16:13 -04:00
afeiszli 5916dffb91 fix update user 2022-09-14 14:44:52 -04:00
afeiszli 8a1ba674a7 ee fixes 2022-09-14 09:58:01 -04:00
afeiszli 90bb3884e6 initialize network settings to avoid panic 2022-09-13 16:32:11 -04:00
afeiszli 96772bb4bd network and ACL initialization 2022-09-13 15:41:23 -04:00
0xdcarns 88cd0a6497 initial commit 2022-09-13 15:25:56 -04:00
afeiszli 8fc9dac969 adding security fixes 2022-08-31 11:38:29 -04:00
0xdcarns 5c2106dd46 re-add server mq port 2022-07-07 14:08:24 -04:00
0xdcarns 3a74170ab2 added v0.14.5 and removed MQ_SERVER_PORT 2022-07-07 10:23:07 -04:00
0xdcarns 393102ad69 first connection established 2022-07-05 16:27:17 -04:00
0xdcarns adaf8f1ca6 initial changes to make cert <-> broker comms work 2022-07-05 15:04:45 -04:00
afeiszli f28d361bea refactoring cert logic to use database 2022-06-30 22:30:28 -04:00
Matthew R. Kasun 932eba8d21 fix statticcheck errors 2022-06-16 15:42:32 -04:00
afeiszli 8d422526b3 refactoring servercfg 2022-05-31 12:07:56 -04:00
afeiszli 709ecd8cfe fixing ip check 2022-05-27 10:52:47 -04:00
Matthew R. Kasun 53b3e7f415 configurable mq ports 2022-05-25 10:31:44 -04:00
0xdcarns 6eab0498fc some changes around iptables 2022-04-25 13:10:55 -04:00
Matthew R. Kasun 747d6bc692 remove comms network leftovers
Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca>
2022-04-22 05:21:35 -04:00
Matthew R. Kasun 7152f6ccd4 remove references to grpc/comms net 2022-04-21 15:53:44 -04:00
dcarns ff89e3a391 Merge pull request #980 from gravitl/feature_v0.12.2_version_update
update server version on start; update client version on ping
2022-03-28 20:01:18 -04:00
Matthew R. Kasun 52a14877ff update versions
Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca>
2022-03-28 17:26:03 -04:00
0xdcarns 7ca2c259ed added option to make iptables change 2022-03-28 10:36:23 -04:00
0xdcarns ffdc3daed4 change log msg 2022-03-28 10:23:13 -04:00
0xdcarns a2a6d75c25 fixed iptable check 2022-03-28 10:21:18 -04:00
0xdcarns d74106c071 added iptables check cmd 2022-03-28 10:00:35 -04:00
0xdcarns 22a06005f0 removed annoying log 2022-03-25 16:30:20 -04:00
0xdcarns 4cd75f2985 initial commit 2022-03-22 15:13:48 -04:00
0xdcarns 8d63a8e058 added graceful wait for comms 2022-03-21 14:47:51 -04:00
0xdcarns 772e5e6e80 commsnet else init 2022-03-17 13:54:41 -04:00
0xdcarns d738a35eaf added comms net default acl check 2022-03-17 13:51:23 -04:00
0xdcarns 3157511cd5 fixed comms id init 2022-03-17 13:14:06 -04:00
afeiszli fdfbde118e putting acl check before server pull 2022-03-13 21:35:22 -04:00
afeiszli 8306c213a7 adding default acl function 2022-03-13 20:58:30 -04:00
0xdcarns 8516524d02 sync hotfix 2022-02-22 16:14:23 -05:00