types

package
v0.35.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2024 License: BSD-3-Clause Imports: 38 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultPeerLoginExpiration      = 24 * time.Hour
	DefaultPeerInactivityExpiration = 10 * time.Minute

	PublicCategory  = "public"
	PrivateCategory = "private"
	UnknownCategory = "unknown"
)
View Source 
const (
	FirewallRuleDirectionIN  = 0
	FirewallRuleDirectionOUT = 1
)
View Source 
const (
	GroupIssuedAPI         = "api"
	GroupIssuedJWT         = "jwt"
	GroupIssuedIntegration = "integration"
)
View Source 
const (
	// SubnetSize is a size of the subnet of the global network, e.g.  100.77.0.0/16
	SubnetSize = 16
	// NetSize is a global network size 100.64.0.0/10
	NetSize = 10

	// AllowedIPsFormat generates Wireguard AllowedIPs format (e.g. 100.64.30.1/32)
	AllowedIPsFormat = "%s/32"
)
View Source 
const (
	// PATPrefix is the globally used, 4 char prefix for personal access tokens
	PATPrefix = "nbp_"
	// PATSecretLength number of characters used for the secret inside the token
	PATSecretLength = 30
	// PATChecksumLength number of characters used for the encoded checksum of the secret inside the token
	PATChecksumLength = 6
	// PATLength total number of characters used for the token
	PATLength = 40
)
View Source 
const (
	// PolicyTrafficActionAccept indicates that the traffic is accepted
	PolicyTrafficActionAccept = PolicyTrafficActionType("accept")
	// PolicyTrafficActionDrop indicates that the traffic is dropped
	PolicyTrafficActionDrop = PolicyTrafficActionType("drop")
)
View Source 
const (
	// PolicyRuleProtocolALL type of traffic
	PolicyRuleProtocolALL = PolicyRuleProtocolType("all")
	// PolicyRuleProtocolTCP type of traffic
	PolicyRuleProtocolTCP = PolicyRuleProtocolType("tcp")
	// PolicyRuleProtocolUDP type of traffic
	PolicyRuleProtocolUDP = PolicyRuleProtocolType("udp")
	// PolicyRuleProtocolICMP type of traffic
	PolicyRuleProtocolICMP = PolicyRuleProtocolType("icmp")
)
View Source 
const (
	// PolicyRuleFlowDirect allows traffic from source to destination
	PolicyRuleFlowDirect = PolicyRuleDirection("direct")
	// PolicyRuleFlowBidirect allows traffic to both directions
	PolicyRuleFlowBidirect = PolicyRuleDirection("bidirect")
)
View Source 
const (
	// DefaultRuleName is a name for the Default rule that is created for every account
	DefaultRuleName = "Default"
	// DefaultRuleDescription is a description for the Default rule that is created for every account
	DefaultRuleDescription = "This is a default rule that allows connections between all the resources"
	// DefaultPolicyName is a name for the Default policy that is created for every account
	DefaultPolicyName = "Default"
	// DefaultPolicyDescription is a description for the Default policy that is created for every account
	DefaultPolicyDescription = "This is a default policy that allows connections between all the resources"
)
View Source 
const (
	// SetupKeyReusable is a multi-use key (can be used for multiple machines)
	SetupKeyReusable SetupKeyType = "reusable"
	// SetupKeyOneOff is a single use key (can be used only once)
	SetupKeyOneOff SetupKeyType = "one-off"
	// DefaultSetupKeyDuration = 1 month
	DefaultSetupKeyDuration = 24 * 30 * time.Hour
	// DefaultSetupKeyName is a default name of the default setup key
	DefaultSetupKeyName = "Default key"
	// SetupKeyUnlimitedUsage indicates an unlimited usage of a setup key
	SetupKeyUnlimitedUsage = 0
)
View Source 
const (
	UserRoleOwner        UserRole = "owner"
	UserRoleAdmin        UserRole = "admin"
	UserRoleUser         UserRole = "user"
	UserRoleUnknown      UserRole = "unknown"
	UserRoleBillingAdmin UserRole = "billing_admin"

	UserStatusActive   UserStatus = "active"
	UserStatusDisabled UserStatus = "disabled"
	UserStatusInvited  UserStatus = "invited"

	UserIssuedAPI         = "api"
	UserIssuedIntegration = "integration"
)

Variables

This section is empty.

Functions

func AddPeerLabelsToAccount 

func AddPeerLabelsToAccount(ctx context.Context, account *Account, peerLabels LookupMap)

func AllocatePeerIP 

func AllocatePeerIP(ipNet net.IPNet, takenIps []net.IP) (net.IP, error)

AllocatePeerIP pics an available IP from an net.IPNet. This method considers already taken IPs and reuses IPs if there are gaps in takenIps E.g. if ipNet=100.30.0.0/16 and takenIps=[100.30.0.1, 100.30.0.4] then the result would be 100.30.0.2 or 100.30.0.3

func GetPeerHostLabel 

func GetPeerHostLabel(name string, peerLabels LookupMap) (string, error)

func Hash 

func Hash(s string) uint32

func HiddenKey 

func HiddenKey(key string, length int) string

HiddenKey returns the Key value hidden with "*" and a 5 character prefix. E.g., "831F6*******************************"

Types

type Account 

type Account struct {
	// we have to name column to aid as it collides with Network.Id when work with associations
	Id string `gorm:"primaryKey"`

	// User.Id it was created by
	CreatedBy              string
	CreatedAt              time.Time
	Domain                 string `gorm:"index"`
	DomainCategory         string
	IsDomainPrimaryAccount bool
	SetupKeys              map[string]*SetupKey              `gorm:"-"`
	SetupKeysG             []SetupKey                        `json:"-" gorm:"foreignKey:AccountID;references:id"`
	Network                *Network                          `gorm:"embedded;embeddedPrefix:network_"`
	Peers                  map[string]*nbpeer.Peer           `gorm:"-"`
	PeersG                 []nbpeer.Peer                     `json:"-" gorm:"foreignKey:AccountID;references:id"`
	Users                  map[string]*User                  `gorm:"-"`
	UsersG                 []User                            `json:"-" gorm:"foreignKey:AccountID;references:id"`
	Groups                 map[string]*Group                 `gorm:"-"`
	GroupsG                []Group                           `json:"-" gorm:"foreignKey:AccountID;references:id"`
	Policies               []*Policy                         `gorm:"foreignKey:AccountID;references:id"`
	Routes                 map[route.ID]*route.Route         `gorm:"-"`
	RoutesG                []route.Route                     `json:"-" gorm:"foreignKey:AccountID;references:id"`
	NameServerGroups       map[string]*nbdns.NameServerGroup `gorm:"-"`
	NameServerGroupsG      []nbdns.NameServerGroup           `json:"-" gorm:"foreignKey:AccountID;references:id"`
	DNSSettings            DNSSettings                       `gorm:"embedded;embeddedPrefix:dns_settings_"`
	PostureChecks          []*posture.Checks                 `gorm:"foreignKey:AccountID;references:id"`
	// Settings is a dictionary of Account settings
	Settings *Settings `gorm:"embedded;embeddedPrefix:settings_"`

	Networks         []*networkTypes.Network          `gorm:"foreignKey:AccountID;references:id"`
	NetworkRouters   []*routerTypes.NetworkRouter     `gorm:"foreignKey:AccountID;references:id"`
	NetworkResources []*resourceTypes.NetworkResource `gorm:"foreignKey:AccountID;references:id"`
}

Account represents a unique account of the system

func (*Account) Copy 

func (a *Account) Copy() *Account

func (*Account) DeletePeer 

func (a *Account) DeletePeer(peerID string)

DeletePeer deletes peer from the account cleaning up all the references

func (*Account) DeleteResource 

func (a *Account) DeleteResource(resourceID string)

func (*Account) FindGroupByName 

func (a *Account) FindGroupByName(groupName string) (*Group, error)

FindGroupByName looks for a given group in the Account by name or returns error if the group wasn't found.

func (*Account) FindPeerByPubKey 

func (a *Account) FindPeerByPubKey(peerPubKey string) (*nbpeer.Peer, error)

FindPeerByPubKey looks for a Peer by provided WireGuard public key in the Account or returns error if it wasn't found. It will return an object copy of the peer.

func (*Account) FindSetupKey 

func (a *Account) FindSetupKey(setupKey string) (*SetupKey, error)

FindSetupKey looks for a given SetupKey in the Account or returns error if it wasn't found.

func (*Account) FindUser 

func (a *Account) FindUser(userID string) (*User, error)

FindUser looks for a given user in the Account or returns error if user wasn't found.

func (*Account) FindUserPeers 

func (a *Account) FindUserPeers(userID string) ([]*nbpeer.Peer, error)

FindUserPeers returns a list of peers that user owns (created)

func (*Account) GetExpiredPeers 

func (a *Account) GetExpiredPeers() []*nbpeer.Peer

GetExpiredPeers returns peers that have been expired

func (*Account) GetGroup 

func (a *Account) GetGroup(groupID string) *Group

GetGroup returns a group by ID if exists, nil otherwise

func (*Account) GetGroupAll 

func (a *Account) GetGroupAll() (*Group, error)

func (*Account) GetInactivePeers 

func (a *Account) GetInactivePeers() []*nbpeer.Peer

GetInactivePeers returns peers that have been expired by inactivity

func (*Account) GetNetworkResourcesRoutesToSync 

func (a *Account) GetNetworkResourcesRoutesToSync(ctx context.Context, peerID string, resourcePolicies map[string][]*Policy, routers map[string]map[string]*routerTypes.NetworkRouter) (bool, []*route.Route, []string)

GetNetworkResourcesRoutesToSync returns network routes for syncing with a specific peer and its ACL peers.

func (*Account) GetNextInactivePeerExpiration 

func (a *Account) GetNextInactivePeerExpiration() (time.Duration, bool)

GetNextInactivePeerExpiration returns the minimum duration in which the next peer of the account will expire if it was found. If there is no peer that expires this function returns false and a duration of 0. This function only considers peers that haven't been expired yet and that are not connected.

func (*Account) GetNextPeerExpiration 

func (a *Account) GetNextPeerExpiration() (time.Duration, bool)

GetNextPeerExpiration returns the minimum duration in which the next peer of the account will expire if it was found. If there is no peer that expires this function returns false and a duration of 0. This function only considers peers that haven't been expired yet and that are connected.

func (*Account) GetPeer 

func (a *Account) GetPeer(peerID string) *nbpeer.Peer

GetPeer looks up a Peer by ID

func (*Account) GetPeerConnectionResources 

func (a *Account) GetPeerConnectionResources(ctx context.Context, peerID string, validatedPeersMap map[string]struct{}) ([]*nbpeer.Peer, []*FirewallRule)

GetPeerConnectionResources for a given peer

This function returns the list of peers and firewall rules that are applicable to a given peer.

func (*Account) GetPeerDNSLabels 

func (a *Account) GetPeerDNSLabels() LookupMap

func (*Account) GetPeerGroups 

func (a *Account) GetPeerGroups(peerID string) LookupMap

func (*Account) GetPeerGroupsList 

func (a *Account) GetPeerGroupsList(peerID string) []string

GetPeerGroupsList return with the list of groups ID.

func (*Account) GetPeerNetworkMap 

func (a *Account) GetPeerNetworkMap(
	ctx context.Context,
	peerID string,
	peersCustomZone nbdns.CustomZone,
	validatedPeersMap map[string]struct{},
	resourcePolicies map[string][]*Policy,
	routers map[string]map[string]*routerTypes.NetworkRouter,
	metrics *telemetry.AccountManagerMetrics,
) *NetworkMap

GetPeerNetworkMap returns the networkmap for the given peer ID.

func (*Account) GetPeerNetworkResourceFirewallRules 

func (a *Account) GetPeerNetworkResourceFirewallRules(ctx context.Context, peer *nbpeer.Peer, validatedPeersMap map[string]struct{}, routes []*route.Route, resourcePolicies map[string][]*Policy) []*RouteFirewallRule

GetPeerNetworkResourceFirewallRules gets the network resources firewall rules associated with a routing peer ID for the account.

func (*Account) GetPeerRoutesFirewallRules 

func (a *Account) GetPeerRoutesFirewallRules(ctx context.Context, peerID string, validatedPeersMap map[string]struct{}) []*RouteFirewallRule

GetPeerRoutesFirewallRules gets the routes firewall rules associated with a routing peer ID for the account.

func (*Account) GetPeers 

func (a *Account) GetPeers() []*nbpeer.Peer

GetPeers returns a list of all Account peers

func (*Account) GetPeersCustomZone 

func (a *Account) GetPeersCustomZone(ctx context.Context, dnsDomain string) nbdns.CustomZone

func (*Account) GetPeersWithExpiration 

func (a *Account) GetPeersWithExpiration() []*nbpeer.Peer

GetPeersWithExpiration returns a list of peers that have Peer.LoginExpirationEnabled set to true and that were added by a user

func (*Account) GetPeersWithInactivity 

func (a *Account) GetPeersWithInactivity() []*nbpeer.Peer

GetPeersWithInactivity eturns a list of peers that have Peer.InactivityExpirationEnabled set to true and that were added by a user

func (*Account) GetPoliciesAppliedInNetwork 

func (a *Account) GetPoliciesAppliedInNetwork(networkID string) []string

func (*Account) GetPoliciesForNetworkResource 

func (a *Account) GetPoliciesForNetworkResource(resourceId string) []*Policy

GetPoliciesForNetworkResource retrieves the list of policies that apply to a specific network resource. A policy is deemed applicable if its destination groups include any of the given network resource groups or if its destination resource explicitly matches the provided resource.

func (*Account) GetPostureChecks 

func (a *Account) GetPostureChecks(postureChecksID string) *posture.Checks

func (*Account) GetResourcePoliciesMap 

func (a *Account) GetResourcePoliciesMap() map[string][]*Policy

GetResourcePoliciesMap returns a map of networks resource IDs and their associated policies.

func (*Account) GetResourceRoutersMap 

func (a *Account) GetResourceRoutersMap() map[string]map[string]*routerTypes.NetworkRouter

func (*Account) GetRoutesByPrefixOrDomains 

func (a *Account) GetRoutesByPrefixOrDomains(prefix netip.Prefix, domains domain.List) []*route.Route

GetRoutesByPrefixOrDomains return list of routes by account and route prefix

func (*Account) GetRoutesToSync 

func (a *Account) GetRoutesToSync(ctx context.Context, peerID string, aclPeers []*nbpeer.Peer) []*route.Route

GetRoutesToSync returns the enabled routes for the peer ID and the routes from the ACL peers that have distribution groups associated with the peer ID. Please mind, that the returned route.Route objects will contain Peer.Key instead of Peer.ID.

func (*Account) GetTakenIPs 

func (a *Account) GetTakenIPs() []net.IP

func (*Account) UpdatePeer 

func (a *Account) UpdatePeer(update *nbpeer.Peer)

UpdatePeer saves new or replaces existing peer

func (*Account) UpdateSettings 

func (a *Account) UpdateSettings(update *Settings) *Account

UpdateSettings saves new account settings

func (*Account) UserGroupsAddToPeers 

func (a *Account) UserGroupsAddToPeers(userID string, groups ...string) map[string][]string

UserGroupsAddToPeers adds groups to all peers of user

func (*Account) UserGroupsRemoveFromPeers 

func (a *Account) UserGroupsRemoveFromPeers(userID string, groups ...string) map[string][]string

UserGroupsRemoveFromPeers removes groups from all peers of user

type AccountDNSSettings 

type AccountDNSSettings struct {
	DNSSettings DNSSettings `gorm:"embedded;embeddedPrefix:dns_settings_"`
}

AccountDNSSettings used in gorm to only load dns settings and not whole account

type AccountNetwork 

type AccountNetwork struct {
	Network *Network `gorm:"embedded;embeddedPrefix:network_"`
}

Subclass used in gorm to only load network and not whole account

type AccountSettings 

type AccountSettings struct {
	Settings *Settings `gorm:"embedded;embeddedPrefix:settings_"`
}

Subclass used in gorm to only load settings and not whole account

type DNSSettings 

type DNSSettings struct {
	// DisabledManagementGroups groups whose DNS management is disabled
	DisabledManagementGroups []string `gorm:"serializer:json"`
}

DNSSettings defines dns settings at the account level

func (DNSSettings) Copy 

func (d DNSSettings) Copy() DNSSettings

Copy returns a copy of the DNS settings

type FirewallRule 

type FirewallRule struct {
	// PeerIP of the peer
	PeerIP string

	// Direction of the traffic
	Direction int

	// Action of the traffic
	Action string

	// Protocol of the traffic
	Protocol string

	// Port of the traffic
	Port string
}

FirewallRule is a rule of the firewall.

type Group 

type Group struct {
	// ID of the group
	ID string

	// AccountID is a reference to Account that this object belongs
	AccountID string `json:"-" gorm:"index"`

	// Name visible in the UI
	Name string

	// Issued defines how this group was created (enum of "api", "integration" or "jwt")
	Issued string

	// Peers list of the group
	Peers []string `gorm:"serializer:json"`

	// Resources contains a list of resources in that group
	Resources []Resource `gorm:"serializer:json"`

	IntegrationReference integration_reference.IntegrationReference `gorm:"embedded;embeddedPrefix:integration_ref_"`
}

Group of the peers for ACL

func (*Group) AddPeer 

func (g *Group) AddPeer(peerID string) bool

AddPeer adds peerID to Peers if not present, returning true if added.

func (*Group) AddResource 

func (g *Group) AddResource(resource Resource) bool

AddResource adds resource to Resources if not present, returning true if added.

func (*Group) Copy 

func (g *Group) Copy() *Group

func (*Group) EventMeta 

func (g *Group) EventMeta() map[string]any

EventMeta returns activity event meta related to the group

func (*Group) EventMetaResource 

func (g *Group) EventMetaResource(resource *types.NetworkResource) map[string]any

func (*Group) HasPeers 

func (g *Group) HasPeers() bool

HasPeers checks if the group has any peers.

func (*Group) HasResources 

func (g *Group) HasResources() bool

HasResources checks if the group has any resources.

func (*Group) IsGroupAll 

func (g *Group) IsGroupAll() bool

IsGroupAll checks if the group is a default "All" group.

func (*Group) RemovePeer 

func (g *Group) RemovePeer(peerID string) bool

RemovePeer removes peerID from Peers if present, returning true if removed.

func (*Group) RemoveResource 

func (g *Group) RemoveResource(resource Resource) bool

RemoveResource removes resource from Resources if present, returning true if removed.

type LookupMap 

type LookupMap map[string]struct{}

type Network 

type Network struct {
	Identifier string    `json:"id"`
	Net        net.IPNet `gorm:"serializer:json"`
	Dns        string
	// Serial is an ID that increments by 1 when any change to the network happened (e.g. new peer has been added).
	// Used to synchronize state to the client apps.
	Serial uint64

	Mu sync.Mutex `json:"-" gorm:"-"`
}

func NewNetwork 

func NewNetwork() *Network

NewNetwork creates a new Network initializing it with a Serial=0 It takes a random /16 subnet from 100.64.0.0/10 (64 different subnets)

func (*Network) Copy 

func (n *Network) Copy() *Network

func (*Network) CurrentSerial 

func (n *Network) CurrentSerial() uint64

CurrentSerial returns the Network.Serial of the network (latest state id)

func (*Network) IncSerial 

func (n *Network) IncSerial()

IncSerial increments Serial by 1 reflecting that the network state has been changed

type NetworkMap 

type NetworkMap struct {
	Peers               []*nbpeer.Peer
	Network             *Network
	Routes              []*route.Route
	DNSConfig           nbdns.Config
	OfflinePeers        []*nbpeer.Peer
	FirewallRules       []*FirewallRule
	RoutesFirewallRules []*RouteFirewallRule
}

type PersonalAccessToken 

type PersonalAccessToken struct {
	ID string `gorm:"primaryKey"`
	// User is a reference to Account that this object belongs
	UserID         string `gorm:"index"`
	Name           string
	HashedToken    string
	ExpirationDate time.Time
	// scope could be added in future
	CreatedBy string
	CreatedAt time.Time
	LastUsed  time.Time
}

PersonalAccessToken holds all information about a PAT including a hashed version of it for verification

func (*PersonalAccessToken) Copy 

func (t *PersonalAccessToken) Copy() *PersonalAccessToken

type PersonalAccessTokenGenerated 

type PersonalAccessTokenGenerated struct {
	PlainToken string
	PersonalAccessToken
}

PersonalAccessTokenGenerated holds the new PersonalAccessToken and the plain text version of it

func CreateNewPAT 

func CreateNewPAT(name string, expirationInDays int, createdBy string) (*PersonalAccessTokenGenerated, error)

CreateNewPAT will generate a new PersonalAccessToken that can be assigned to a User. Additionally, it will return the token in plain text once, to give to the user and only save a hashed version

type Policy 

type Policy struct {
	// ID of the policy'
	ID string `gorm:"primaryKey"`

	// AccountID is a reference to Account that this object belongs
	AccountID string `json:"-" gorm:"index"`

	// Name of the Policy
	Name string

	// Description of the policy visible in the UI
	Description string

	// Enabled status of the policy
	Enabled bool

	// Rules of the policy
	Rules []*PolicyRule `gorm:"foreignKey:PolicyID;references:id;constraint:OnDelete:CASCADE;"`

	// SourcePostureChecks are ID references to Posture checks for policy source groups
	SourcePostureChecks []string `gorm:"serializer:json"`
}

Policy of the Rego query

func GetAllRoutePoliciesFromGroups 

func GetAllRoutePoliciesFromGroups(account *Account, accessControlGroups []string) []*Policy

GetAllRoutePoliciesFromGroups retrieves route policies associated with the specified access control groups and returns a list of policies that have rules with destinations matching the specified groups.

func (*Policy) Copy 

func (p *Policy) Copy() *Policy

Copy returns a copy of the policy.

func (*Policy) EventMeta 

func (p *Policy) EventMeta() map[string]any

EventMeta returns activity event meta related to this policy

func (*Policy) RuleGroups 

func (p *Policy) RuleGroups() []string

RuleGroups returns a list of all groups referenced in the policy's rules, including sources and destinations.

func (*Policy) SourceGroups 

func (p *Policy) SourceGroups() []string

SourceGroups returns a slice of all unique source groups referenced in the policy's rules.

func (*Policy) UpgradeAndFix 

func (p *Policy) UpgradeAndFix()

UpgradeAndFix different version of policies to latest version

type PolicyRule 

type PolicyRule struct {
	// ID of the policy rule
	ID string `gorm:"primaryKey"`

	// PolicyID is a reference to Policy that this object belongs
	PolicyID string `json:"-" gorm:"index"`

	// Name of the rule visible in the UI
	Name string

	// Description of the rule visible in the UI
	Description string

	// Enabled status of rule in the system
	Enabled bool

	// Action policy accept or drops packets
	Action PolicyTrafficActionType

	// Destinations policy destination groups
	Destinations []string `gorm:"serializer:json"`

	// DestinationResource policy destination resource that the rule is applied to
	DestinationResource Resource `gorm:"serializer:json"`

	// Sources policy source groups
	Sources []string `gorm:"serializer:json"`

	// SourceResource policy source resource that the rule is applied to
	SourceResource Resource `gorm:"serializer:json"`

	// Bidirectional define if the rule is applicable in both directions, sources, and destinations
	Bidirectional bool

	// Protocol type of the traffic
	Protocol PolicyRuleProtocolType

	// Ports or it ranges list
	Ports []string `gorm:"serializer:json"`

	// PortRanges a list of port ranges.
	PortRanges []RulePortRange `gorm:"serializer:json"`
}

PolicyRule is the metadata of the policy

func (*PolicyRule) Copy 

func (pm *PolicyRule) Copy() *PolicyRule

Copy returns a copy of a policy rule

type PolicyRuleDirection 

type PolicyRuleDirection string

PolicyRuleDirection direction of traffic

type PolicyRuleProtocolType 

type PolicyRuleProtocolType string

PolicyRuleProtocolType type of traffic

type PolicyTrafficActionType 

type PolicyTrafficActionType string

PolicyTrafficActionType action type for the firewall

type PolicyUpdateOperation 

type PolicyUpdateOperation struct {
	Type   PolicyUpdateOperationType
	Values []string
}

PolicyUpdateOperation operation object with type and values to be applied

type PolicyUpdateOperationType 

type PolicyUpdateOperationType int

PolicyUpdateOperationType operation type

type Resource 

type Resource struct {
	ID   string
	Type string
}

func (*Resource) FromAPIRequest 

func (r *Resource) FromAPIRequest(req *api.Resource)

func (*Resource) ToAPIResponse 

func (r *Resource) ToAPIResponse() *api.Resource

type RouteFirewallRule 

type RouteFirewallRule struct {
	// SourceRanges IP ranges of the routing peers.
	SourceRanges []string

	// Action of the traffic when the rule is applicable
	Action string

	// Destination a network prefix for the routed traffic
	Destination string

	// Protocol of the traffic
	Protocol string

	// Port of the traffic
	Port uint16

	// PortRange represents the range of ports for a firewall rule
	PortRange RulePortRange

	// Domains list of network domains for the routed traffic
	Domains domain.List

	// isDynamic indicates whether the rule is for DNS routing
	IsDynamic bool
}

RouteFirewallRule a firewall rule applicable for a routed network.

type RulePortRange 

type RulePortRange struct {
	Start uint16
	End   uint16
}

RulePortRange represents a range of ports for a firewall rule.

type Settings 

type Settings struct {
	// PeerLoginExpirationEnabled globally enables or disables peer login expiration
	PeerLoginExpirationEnabled bool

	// PeerLoginExpiration is a setting that indicates when peer login expires.
	// Applies to all peers that have Peer.LoginExpirationEnabled set to true.
	PeerLoginExpiration time.Duration

	// PeerInactivityExpirationEnabled globally enables or disables peer inactivity expiration
	PeerInactivityExpirationEnabled bool

	// PeerInactivityExpiration is a setting that indicates when peer inactivity expires.
	// Applies to all peers that have Peer.PeerInactivityExpirationEnabled set to true.
	PeerInactivityExpiration time.Duration

	// RegularUsersViewBlocked allows to block regular users from viewing even their own peers and some UI elements
	RegularUsersViewBlocked bool

	// GroupsPropagationEnabled allows to propagate auto groups from the user to the peer
	GroupsPropagationEnabled bool

	// JWTGroupsEnabled allows extract groups from JWT claim, which name defined in the JWTGroupsClaimName
	// and add it to account groups.
	JWTGroupsEnabled bool

	// JWTGroupsClaimName from which we extract groups name to add it to account groups
	JWTGroupsClaimName string

	// JWTAllowGroups list of groups to which users are allowed access
	JWTAllowGroups []string `gorm:"serializer:json"`

	// RoutingPeerDNSResolutionEnabled enabled the DNS resolution on the routing peers
	RoutingPeerDNSResolutionEnabled bool

	// Extra is a dictionary of Account settings
	Extra *account.ExtraSettings `gorm:"embedded;embeddedPrefix:extra_"`
}

Settings represents Account settings structure that can be modified via API and Dashboard

func (*Settings) Copy 

func (s *Settings) Copy() *Settings

Copy copies the Settings struct

type SetupKey 

type SetupKey struct {
	Id string
	// AccountID is a reference to Account that this object belongs
	AccountID string `json:"-" gorm:"index"`
	Key       string
	KeySecret string
	Name      string
	Type      SetupKeyType
	CreatedAt time.Time
	ExpiresAt time.Time
	UpdatedAt time.Time `gorm:"autoUpdateTime:false"`
	// Revoked indicates whether the key was revoked or not (we don't remove them for tracking purposes)
	Revoked bool
	// UsedTimes indicates how many times the key was used
	UsedTimes int
	// LastUsed last time the key was used for peer registration
	LastUsed time.Time
	// AutoGroups is a list of Group IDs that are auto assigned to a Peer when it uses this key to register
	AutoGroups []string `gorm:"serializer:json"`
	// UsageLimit indicates the number of times this key can be used to enroll a machine.
	// The value of 0 indicates the unlimited usage.
	UsageLimit int
	// Ephemeral indicate if the peers will be ephemeral or not
	Ephemeral bool
}

SetupKey represents a pre-authorized key used to register machines (peers)

func GenerateDefaultSetupKey 

func GenerateDefaultSetupKey() (*SetupKey, string)

GenerateDefaultSetupKey generates a default reusable setup key with an unlimited usage and 30 days expiration

func GenerateSetupKey 

func GenerateSetupKey(name string, t SetupKeyType, validFor time.Duration, autoGroups []string,
	usageLimit int, ephemeral bool) (*SetupKey, string)

GenerateSetupKey generates a new setup key

func (*SetupKey) Copy 

func (key *SetupKey) Copy() *SetupKey

Copy copies SetupKey to a new object

func (*SetupKey) EventMeta 

func (key *SetupKey) EventMeta() map[string]any

EventMeta returns activity event meta related to the setup key

func (*SetupKey) IncrementUsage 

func (key *SetupKey) IncrementUsage() *SetupKey

IncrementUsage makes a copy of a key, increments the UsedTimes by 1 and sets LastUsed to now

func (*SetupKey) IsExpired 

func (key *SetupKey) IsExpired() bool

IsExpired if key was expired

func (*SetupKey) IsOverUsed 

func (key *SetupKey) IsOverUsed() bool

IsOverUsed if the key was used too many times. SetupKey.UsageLimit == 0 indicates the unlimited usage.

func (*SetupKey) IsRevoked 

func (key *SetupKey) IsRevoked() bool

IsRevoked if key was revoked

func (*SetupKey) IsValid 

func (key *SetupKey) IsValid() bool

IsValid is true if the key was not revoked, is not expired and used not more than it was supposed to

type SetupKeyType 

type SetupKeyType string

SetupKeyType is the type of setup key

type User 

type User struct {
	Id string `gorm:"primaryKey"`
	// AccountID is a reference to Account that this object belongs
	AccountID     string `json:"-" gorm:"index"`
	Role          UserRole
	IsServiceUser bool
	// NonDeletable indicates whether the service user can be deleted
	NonDeletable bool
	// ServiceUserName is only set if IsServiceUser is true
	ServiceUserName string
	// AutoGroups is a list of Group IDs to auto-assign to peers registered by this user
	AutoGroups []string                        `gorm:"serializer:json"`
	PATs       map[string]*PersonalAccessToken `gorm:"-"`
	PATsG      []PersonalAccessToken           `json:"-" gorm:"foreignKey:UserID;references:id"`
	// Blocked indicates whether the user is blocked. Blocked users can't use the system.
	Blocked bool
	// LastLogin is the last time the user logged in to IdP
	LastLogin time.Time
	// CreatedAt records the time the user was created
	CreatedAt time.Time

	// Issued of the user
	Issued string `gorm:"default:api"`

	IntegrationReference integration_reference.IntegrationReference `gorm:"embedded;embeddedPrefix:integration_ref_"`
}

User represents a user of the system

func NewAdminUser 

func NewAdminUser(id string) *User

NewAdminUser creates a new user with role UserRoleAdmin

func NewOwnerUser 

func NewOwnerUser(id string) *User

NewOwnerUser creates a new user with role UserRoleOwner

func NewRegularUser 

func NewRegularUser(id string) *User

NewRegularUser creates a new user with role UserRoleUser

func NewUser 

func NewUser(id string, role UserRole, isServiceUser bool, nonDeletable bool, serviceUserName string, autoGroups []string, issued string) *User

NewUser creates a new user

func (*User) Copy 

func (u *User) Copy() *User

Copy the user

func (*User) HasAdminPower 

func (u *User) HasAdminPower() bool

HasAdminPower returns true if the user has admin or owner roles, false otherwise

func (*User) IsAdminOrServiceUser 

func (u *User) IsAdminOrServiceUser() bool

IsAdminOrServiceUser checks if the user has admin power or is a service user.

func (*User) IsBlocked 

func (u *User) IsBlocked() bool

IsBlocked returns true if the user is blocked, false otherwise

func (*User) IsRegularUser 

func (u *User) IsRegularUser() bool

IsRegularUser checks if the user is a regular user.

func (*User) LastDashboardLoginChanged 

func (u *User) LastDashboardLoginChanged(LastLogin time.Time) bool

func (*User) ToUserInfo 

func (u *User) ToUserInfo(userData *idp.UserData, settings *Settings) (*UserInfo, error)

ToUserInfo converts a User object to a UserInfo object.

type UserInfo 

type UserInfo struct {
	ID                   string                                     `json:"id"`
	Email                string                                     `json:"email"`
	Name                 string                                     `json:"name"`
	Role                 string                                     `json:"role"`
	AutoGroups           []string                                   `json:"auto_groups"`
	Status               string                                     `json:"-"`
	IsServiceUser        bool                                       `json:"is_service_user"`
	IsBlocked            bool                                       `json:"is_blocked"`
	NonDeletable         bool                                       `json:"non_deletable"`
	LastLogin            time.Time                                  `json:"last_login"`
	Issued               string                                     `json:"issued"`
	IntegrationReference integration_reference.IntegrationReference `json:"-"`
	Permissions          UserPermissions                            `json:"permissions"`
}

type UserPermissions 

type UserPermissions struct {
	DashboardView string `json:"dashboard_view"`
}

type UserRole 

type UserRole string

UserRole is the role of a User

func StrRoleToUserRole 

func StrRoleToUserRole(strRole string) UserRole

StrRoleToUserRole returns UserRole for a given strRole or UserRoleUnknown if the specified role is unknown

type UserStatus 

type UserStatus string

UserStatus is the status of a User

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.