Documentation ¶
Index ¶
- Constants
- func AddPeerLabelsToAccount(ctx context.Context, account *Account, peerLabels LookupMap)
- func AllocatePeerIP(ipNet net.IPNet, takenIps []net.IP) (net.IP, error)
- func GetPeerHostLabel(name string, peerLabels LookupMap) (string, error)
- func Hash(s string) uint32
- func HiddenKey(key string, length int) string
- type Account
- func (a *Account) Copy() *Account
- func (a *Account) DeletePeer(peerID string)
- func (a *Account) DeleteResource(resourceID string)
- func (a *Account) FindGroupByName(groupName string) (*Group, error)
- func (a *Account) FindPeerByPubKey(peerPubKey string) (*nbpeer.Peer, error)
- func (a *Account) FindSetupKey(setupKey string) (*SetupKey, error)
- func (a *Account) FindUser(userID string) (*User, error)
- func (a *Account) FindUserPeers(userID string) ([]*nbpeer.Peer, error)
- func (a *Account) GetExpiredPeers() []*nbpeer.Peer
- func (a *Account) GetGroup(groupID string) *Group
- func (a *Account) GetGroupAll() (*Group, error)
- func (a *Account) GetInactivePeers() []*nbpeer.Peer
- func (a *Account) GetNetworkResourcesRoutesToSync(ctx context.Context, peerID string, resourcePolicies map[string][]*Policy, ...) (bool, []*route.Route, map[string]struct{})
- func (a *Account) GetNextInactivePeerExpiration() (time.Duration, bool)
- func (a *Account) GetNextPeerExpiration() (time.Duration, bool)
- func (a *Account) GetPeer(peerID string) *nbpeer.Peer
- func (a *Account) GetPeerConnectionResources(ctx context.Context, peerID string, validatedPeersMap map[string]struct{}) ([]*nbpeer.Peer, []*FirewallRule)
- func (a *Account) GetPeerDNSLabels() LookupMap
- func (a *Account) GetPeerGroups(peerID string) LookupMap
- func (a *Account) GetPeerGroupsList(peerID string) []string
- func (a *Account) GetPeerNetworkMap(ctx context.Context, peerID string, peersCustomZone nbdns.CustomZone, ...) *NetworkMap
- func (a *Account) GetPeerNetworkResourceFirewallRules(ctx context.Context, peer *nbpeer.Peer, validatedPeersMap map[string]struct{}, ...) []*RouteFirewallRule
- func (a *Account) GetPeerRoutesFirewallRules(ctx context.Context, peerID string, validatedPeersMap map[string]struct{}) []*RouteFirewallRule
- func (a *Account) GetPeers() []*nbpeer.Peer
- func (a *Account) GetPeersCustomZone(ctx context.Context, dnsDomain string) nbdns.CustomZone
- func (a *Account) GetPeersWithExpiration() []*nbpeer.Peer
- func (a *Account) GetPeersWithInactivity() []*nbpeer.Peer
- func (a *Account) GetPoliciesAppliedInNetwork(networkID string) []string
- func (a *Account) GetPoliciesForNetworkResource(resourceId string) []*Policy
- func (a *Account) GetPostureChecks(postureChecksID string) *posture.Checks
- func (a *Account) GetResourcePoliciesMap() map[string][]*Policy
- func (a *Account) GetResourceRoutersMap() map[string]map[string]*routerTypes.NetworkRouter
- func (a *Account) GetRoutesByPrefixOrDomains(prefix netip.Prefix, domains domain.List) []*route.Route
- func (a *Account) GetRoutesToSync(ctx context.Context, peerID string, aclPeers []*nbpeer.Peer) []*route.Route
- func (a *Account) GetTakenIPs() []net.IP
- func (a *Account) UpdatePeer(update *nbpeer.Peer)
- func (a *Account) UpdateSettings(update *Settings) *Account
- func (a *Account) UserGroupsAddToPeers(userID string, groups ...string) map[string][]string
- func (a *Account) UserGroupsRemoveFromPeers(userID string, groups ...string) map[string][]string
- type AccountDNSSettings
- type AccountNetwork
- type AccountSettings
- type DNSSettings
- type FirewallRule
- type Group
- func (g *Group) AddPeer(peerID string) bool
- func (g *Group) AddResource(resource Resource) bool
- func (g *Group) Copy() *Group
- func (g *Group) EventMeta() map[string]any
- func (g *Group) EventMetaResource(resource *types.NetworkResource) map[string]any
- func (g *Group) HasPeers() bool
- func (g *Group) HasResources() bool
- func (g *Group) IsGroupAll() bool
- func (g *Group) RemovePeer(peerID string) bool
- func (g *Group) RemoveResource(resource Resource) bool
- type LookupMap
- type Network
- type NetworkMap
- type PersonalAccessToken
- type PersonalAccessTokenGenerated
- type Policy
- type PolicyRule
- type PolicyRuleDirection
- type PolicyRuleProtocolType
- type PolicyTrafficActionType
- type PolicyUpdateOperation
- type PolicyUpdateOperationType
- type Resource
- type RouteFirewallRule
- type RulePortRange
- type Settings
- type SetupKey
- func (key *SetupKey) Copy() *SetupKey
- func (key *SetupKey) EventMeta() map[string]any
- func (key *SetupKey) GetExpiresAt() time.Time
- func (key *SetupKey) GetLastUsed() time.Time
- func (key *SetupKey) IncrementUsage() *SetupKey
- func (key *SetupKey) IsExpired() bool
- func (key *SetupKey) IsOverUsed() bool
- func (key *SetupKey) IsRevoked() bool
- func (key *SetupKey) IsValid() bool
- type SetupKeyType
- type User
- func (u *User) Copy() *User
- func (u *User) GetLastLogin() time.Time
- func (u *User) HasAdminPower() bool
- func (u *User) IsAdminOrServiceUser() bool
- func (u *User) IsBlocked() bool
- func (u *User) IsRegularUser() bool
- func (u *User) LastDashboardLoginChanged(lastLogin time.Time) bool
- func (u *User) ToUserInfo(userData *idp.UserData, settings *Settings) (*UserInfo, error)
- type UserInfo
- type UserPermissions
- type UserRole
- type UserStatus
Constants ¶
const ( DefaultPeerLoginExpiration = 24 * time.Hour DefaultPeerInactivityExpiration = 10 * time.Minute PublicCategory = "public" PrivateCategory = "private" UnknownCategory = "unknown" )
const ( FirewallRuleDirectionIN = 0 FirewallRuleDirectionOUT = 1 )
const ( GroupIssuedAPI = "api" GroupIssuedJWT = "jwt" GroupIssuedIntegration = "integration" )
const ( // SubnetSize is a size of the subnet of the global network, e.g. 100.77.0.0/16 SubnetSize = 16 // NetSize is a global network size 100.64.0.0/10 NetSize = 10 // AllowedIPsFormat generates Wireguard AllowedIPs format (e.g. 100.64.30.1/32) AllowedIPsFormat = "%s/32" )
const ( // PATPrefix is the globally used, 4 char prefix for personal access tokens PATPrefix = "nbp_" // PATSecretLength number of characters used for the secret inside the token PATSecretLength = 30 // PATChecksumLength number of characters used for the encoded checksum of the secret inside the token PATChecksumLength = 6 // PATLength total number of characters used for the token PATLength = 40 )
const ( // PolicyTrafficActionAccept indicates that the traffic is accepted PolicyTrafficActionAccept = PolicyTrafficActionType("accept") // PolicyTrafficActionDrop indicates that the traffic is dropped PolicyTrafficActionDrop = PolicyTrafficActionType("drop") )
const ( // PolicyRuleProtocolALL type of traffic PolicyRuleProtocolALL = PolicyRuleProtocolType("all") // PolicyRuleProtocolTCP type of traffic PolicyRuleProtocolTCP = PolicyRuleProtocolType("tcp") // PolicyRuleProtocolUDP type of traffic PolicyRuleProtocolUDP = PolicyRuleProtocolType("udp") // PolicyRuleProtocolICMP type of traffic PolicyRuleProtocolICMP = PolicyRuleProtocolType("icmp") )
const ( // PolicyRuleFlowDirect allows traffic from source to destination PolicyRuleFlowDirect = PolicyRuleDirection("direct") // PolicyRuleFlowBidirect allows traffic to both directions PolicyRuleFlowBidirect = PolicyRuleDirection("bidirect") )
const ( // DefaultRuleName is a name for the Default rule that is created for every account DefaultRuleName = "Default" // DefaultRuleDescription is a description for the Default rule that is created for every account DefaultRuleDescription = "This is a default rule that allows connections between all the resources" // DefaultPolicyName is a name for the Default policy that is created for every account DefaultPolicyName = "Default" // DefaultPolicyDescription is a description for the Default policy that is created for every account DefaultPolicyDescription = "This is a default policy that allows connections between all the resources" )
const ( // SetupKeyReusable is a multi-use key (can be used for multiple machines) SetupKeyReusable SetupKeyType = "reusable" // SetupKeyOneOff is a single use key (can be used only once) SetupKeyOneOff SetupKeyType = "one-off" // DefaultSetupKeyDuration = 1 month DefaultSetupKeyDuration = 24 * 30 * time.Hour // DefaultSetupKeyName is a default name of the default setup key DefaultSetupKeyName = "Default key" // SetupKeyUnlimitedUsage indicates an unlimited usage of a setup key SetupKeyUnlimitedUsage = 0 )
const ( UserRoleOwner UserRole = "owner" UserRoleAdmin UserRole = "admin" UserRoleUser UserRole = "user" UserRoleUnknown UserRole = "unknown" UserRoleBillingAdmin UserRole = "billing_admin" UserStatusActive UserStatus = "active" UserStatusDisabled UserStatus = "disabled" UserStatusInvited UserStatus = "invited" UserIssuedAPI = "api" UserIssuedIntegration = "integration" )
Variables ¶
This section is empty.
Functions ¶
func AddPeerLabelsToAccount ¶
func AllocatePeerIP ¶
AllocatePeerIP pics an available IP from an net.IPNet. This method considers already taken IPs and reuses IPs if there are gaps in takenIps E.g. if ipNet=100.30.0.0/16 and takenIps=[100.30.0.1, 100.30.0.4] then the result would be 100.30.0.2 or 100.30.0.3
Types ¶
type Account ¶
type Account struct { // we have to name column to aid as it collides with Network.Id when work with associations Id string `gorm:"primaryKey"` // User.Id it was created by CreatedBy string CreatedAt time.Time Domain string `gorm:"index"` DomainCategory string IsDomainPrimaryAccount bool SetupKeys map[string]*SetupKey `gorm:"-"` SetupKeysG []SetupKey `json:"-" gorm:"foreignKey:AccountID;references:id"` Network *Network `gorm:"embedded;embeddedPrefix:network_"` Peers map[string]*nbpeer.Peer `gorm:"-"` PeersG []nbpeer.Peer `json:"-" gorm:"foreignKey:AccountID;references:id"` Users map[string]*User `gorm:"-"` UsersG []User `json:"-" gorm:"foreignKey:AccountID;references:id"` Groups map[string]*Group `gorm:"-"` GroupsG []Group `json:"-" gorm:"foreignKey:AccountID;references:id"` Policies []*Policy `gorm:"foreignKey:AccountID;references:id"` Routes map[route.ID]*route.Route `gorm:"-"` RoutesG []route.Route `json:"-" gorm:"foreignKey:AccountID;references:id"` NameServerGroups map[string]*nbdns.NameServerGroup `gorm:"-"` NameServerGroupsG []nbdns.NameServerGroup `json:"-" gorm:"foreignKey:AccountID;references:id"` DNSSettings DNSSettings `gorm:"embedded;embeddedPrefix:dns_settings_"` PostureChecks []*posture.Checks `gorm:"foreignKey:AccountID;references:id"` // Settings is a dictionary of Account settings Settings *Settings `gorm:"embedded;embeddedPrefix:settings_"` Networks []*networkTypes.Network `gorm:"foreignKey:AccountID;references:id"` NetworkRouters []*routerTypes.NetworkRouter `gorm:"foreignKey:AccountID;references:id"` NetworkResources []*resourceTypes.NetworkResource `gorm:"foreignKey:AccountID;references:id"` }
Account represents a unique account of the system
func (*Account) DeletePeer ¶
DeletePeer deletes peer from the account cleaning up all the references
func (*Account) DeleteResource ¶
func (*Account) FindGroupByName ¶
FindGroupByName looks for a given group in the Account by name or returns error if the group wasn't found.
func (*Account) FindPeerByPubKey ¶
FindPeerByPubKey looks for a Peer by provided WireGuard public key in the Account or returns error if it wasn't found. It will return an object copy of the peer.
func (*Account) FindSetupKey ¶
FindSetupKey looks for a given SetupKey in the Account or returns error if it wasn't found.
func (*Account) FindUser ¶
FindUser looks for a given user in the Account or returns error if user wasn't found.
func (*Account) FindUserPeers ¶
FindUserPeers returns a list of peers that user owns (created)
func (*Account) GetExpiredPeers ¶
GetExpiredPeers returns peers that have been expired
func (*Account) GetGroupAll ¶
func (*Account) GetInactivePeers ¶
GetInactivePeers returns peers that have been expired by inactivity
func (*Account) GetNetworkResourcesRoutesToSync ¶
func (a *Account) GetNetworkResourcesRoutesToSync(ctx context.Context, peerID string, resourcePolicies map[string][]*Policy, routers map[string]map[string]*routerTypes.NetworkRouter) (bool, []*route.Route, map[string]struct{})
GetNetworkResourcesRoutesToSync returns network routes for syncing with a specific peer and its ACL peers.
func (*Account) GetNextInactivePeerExpiration ¶
GetNextInactivePeerExpiration returns the minimum duration in which the next peer of the account will expire if it was found. If there is no peer that expires this function returns false and a duration of 0. This function only considers peers that haven't been expired yet and that are not connected.
func (*Account) GetNextPeerExpiration ¶
GetNextPeerExpiration returns the minimum duration in which the next peer of the account will expire if it was found. If there is no peer that expires this function returns false and a duration of 0. This function only considers peers that haven't been expired yet and that are connected.
func (*Account) GetPeerConnectionResources ¶
func (a *Account) GetPeerConnectionResources(ctx context.Context, peerID string, validatedPeersMap map[string]struct{}) ([]*nbpeer.Peer, []*FirewallRule)
GetPeerConnectionResources for a given peer
This function returns the list of peers and firewall rules that are applicable to a given peer.
func (*Account) GetPeerDNSLabels ¶
func (*Account) GetPeerGroups ¶
func (*Account) GetPeerGroupsList ¶
GetPeerGroupsList return with the list of groups ID.
func (*Account) GetPeerNetworkMap ¶
func (a *Account) GetPeerNetworkMap( ctx context.Context, peerID string, peersCustomZone nbdns.CustomZone, validatedPeersMap map[string]struct{}, resourcePolicies map[string][]*Policy, routers map[string]map[string]*routerTypes.NetworkRouter, metrics *telemetry.AccountManagerMetrics, ) *NetworkMap
GetPeerNetworkMap returns the networkmap for the given peer ID.
func (*Account) GetPeerNetworkResourceFirewallRules ¶
func (a *Account) GetPeerNetworkResourceFirewallRules(ctx context.Context, peer *nbpeer.Peer, validatedPeersMap map[string]struct{}, routes []*route.Route, resourcePolicies map[string][]*Policy) []*RouteFirewallRule
GetPeerNetworkResourceFirewallRules gets the network resources firewall rules associated with a routing peer ID for the account.
func (*Account) GetPeerRoutesFirewallRules ¶
func (a *Account) GetPeerRoutesFirewallRules(ctx context.Context, peerID string, validatedPeersMap map[string]struct{}) []*RouteFirewallRule
GetPeerRoutesFirewallRules gets the routes firewall rules associated with a routing peer ID for the account.
func (*Account) GetPeersCustomZone ¶
func (*Account) GetPeersWithExpiration ¶
GetPeersWithExpiration returns a list of peers that have Peer.LoginExpirationEnabled set to true and that were added by a user
func (*Account) GetPeersWithInactivity ¶
GetPeersWithInactivity eturns a list of peers that have Peer.InactivityExpirationEnabled set to true and that were added by a user
func (*Account) GetPoliciesAppliedInNetwork ¶
func (*Account) GetPoliciesForNetworkResource ¶
GetPoliciesForNetworkResource retrieves the list of policies that apply to a specific network resource. A policy is deemed applicable if its destination groups include any of the given network resource groups or if its destination resource explicitly matches the provided resource.
func (*Account) GetPostureChecks ¶
func (*Account) GetResourcePoliciesMap ¶
GetResourcePoliciesMap returns a map of networks resource IDs and their associated policies.
func (*Account) GetResourceRoutersMap ¶
func (a *Account) GetResourceRoutersMap() map[string]map[string]*routerTypes.NetworkRouter
func (*Account) GetRoutesByPrefixOrDomains ¶
func (a *Account) GetRoutesByPrefixOrDomains(prefix netip.Prefix, domains domain.List) []*route.Route
GetRoutesByPrefixOrDomains return list of routes by account and route prefix
func (*Account) GetRoutesToSync ¶
func (a *Account) GetRoutesToSync(ctx context.Context, peerID string, aclPeers []*nbpeer.Peer) []*route.Route
GetRoutesToSync returns the enabled routes for the peer ID and the routes from the ACL peers that have distribution groups associated with the peer ID. Please mind, that the returned route.Route objects will contain Peer.Key instead of Peer.ID.
func (*Account) GetTakenIPs ¶
func (*Account) UpdatePeer ¶
UpdatePeer saves new or replaces existing peer
func (*Account) UpdateSettings ¶
UpdateSettings saves new account settings
func (*Account) UserGroupsAddToPeers ¶
UserGroupsAddToPeers adds groups to all peers of user
type AccountDNSSettings ¶
type AccountDNSSettings struct {
DNSSettings DNSSettings `gorm:"embedded;embeddedPrefix:dns_settings_"`
}
AccountDNSSettings used in gorm to only load dns settings and not whole account
type AccountNetwork ¶
type AccountNetwork struct {
Network *Network `gorm:"embedded;embeddedPrefix:network_"`
}
Subclass used in gorm to only load network and not whole account
type AccountSettings ¶
type AccountSettings struct {
Settings *Settings `gorm:"embedded;embeddedPrefix:settings_"`
}
Subclass used in gorm to only load settings and not whole account
type DNSSettings ¶
type DNSSettings struct { // DisabledManagementGroups groups whose DNS management is disabled DisabledManagementGroups []string `gorm:"serializer:json"` }
DNSSettings defines dns settings at the account level
func (DNSSettings) Copy ¶
func (d DNSSettings) Copy() DNSSettings
Copy returns a copy of the DNS settings
type FirewallRule ¶
type FirewallRule struct { // PeerIP of the peer PeerIP string // Direction of the traffic Direction int // Action of the traffic Action string // Protocol of the traffic Protocol string // Port of the traffic Port string }
FirewallRule is a rule of the firewall.
func (*FirewallRule) IsEqual ¶ added in v0.35.2
func (r *FirewallRule) IsEqual(other *FirewallRule) bool
IsEqual checks if two firewall rules are equal.
type Group ¶
type Group struct { // ID of the group ID string // AccountID is a reference to Account that this object belongs AccountID string `json:"-" gorm:"index"` // Name visible in the UI Name string // Issued defines how this group was created (enum of "api", "integration" or "jwt") Issued string // Peers list of the group Peers []string `gorm:"serializer:json"` // Resources contains a list of resources in that group Resources []Resource `gorm:"serializer:json"` IntegrationReference integration_reference.IntegrationReference `gorm:"embedded;embeddedPrefix:integration_ref_"` }
Group of the peers for ACL
func (*Group) AddResource ¶
AddResource adds resource to Resources if not present, returning true if added.
func (*Group) EventMetaResource ¶
func (g *Group) EventMetaResource(resource *types.NetworkResource) map[string]any
func (*Group) HasResources ¶
HasResources checks if the group has any resources.
func (*Group) IsGroupAll ¶
IsGroupAll checks if the group is a default "All" group.
func (*Group) RemovePeer ¶
RemovePeer removes peerID from Peers if present, returning true if removed.
func (*Group) RemoveResource ¶
RemoveResource removes resource from Resources if present, returning true if removed.
type Network ¶
type Network struct { Identifier string `json:"id"` Net net.IPNet `gorm:"serializer:json"` Dns string // Serial is an ID that increments by 1 when any change to the network happened (e.g. new peer has been added). // Used to synchronize state to the client apps. Serial uint64 Mu sync.Mutex `json:"-" gorm:"-"` }
func NewNetwork ¶
func NewNetwork() *Network
NewNetwork creates a new Network initializing it with a Serial=0 It takes a random /16 subnet from 100.64.0.0/10 (64 different subnets)
func (*Network) CurrentSerial ¶
CurrentSerial returns the Network.Serial of the network (latest state id)
type NetworkMap ¶
type PersonalAccessToken ¶
type PersonalAccessToken struct { ID string `gorm:"primaryKey"` // User is a reference to Account that this object belongs UserID string `gorm:"index"` Name string HashedToken string ExpirationDate *time.Time // scope could be added in future CreatedBy string CreatedAt time.Time LastUsed *time.Time }
PersonalAccessToken holds all information about a PAT including a hashed version of it for verification
func (*PersonalAccessToken) Copy ¶
func (t *PersonalAccessToken) Copy() *PersonalAccessToken
func (*PersonalAccessToken) GetExpirationDate ¶ added in v0.36.0
func (t *PersonalAccessToken) GetExpirationDate() time.Time
GetExpirationDate returns the expiration time of the token.
func (*PersonalAccessToken) GetLastUsed ¶ added in v0.36.0
func (t *PersonalAccessToken) GetLastUsed() time.Time
GetLastUsed returns the last time the token was used.
type PersonalAccessTokenGenerated ¶
type PersonalAccessTokenGenerated struct { PlainToken string PersonalAccessToken }
PersonalAccessTokenGenerated holds the new PersonalAccessToken and the plain text version of it
func CreateNewPAT ¶
func CreateNewPAT(name string, expirationInDays int, createdBy string) (*PersonalAccessTokenGenerated, error)
CreateNewPAT will generate a new PersonalAccessToken that can be assigned to a User. Additionally, it will return the token in plain text once, to give to the user and only save a hashed version
type Policy ¶
type Policy struct { // ID of the policy' ID string `gorm:"primaryKey"` // AccountID is a reference to Account that this object belongs AccountID string `json:"-" gorm:"index"` // Name of the Policy Name string // Description of the policy visible in the UI Description string // Enabled status of the policy Enabled bool // Rules of the policy Rules []*PolicyRule `gorm:"foreignKey:PolicyID;references:id;constraint:OnDelete:CASCADE;"` // SourcePostureChecks are ID references to Posture checks for policy source groups SourcePostureChecks []string `gorm:"serializer:json"` }
Policy of the Rego query
func GetAllRoutePoliciesFromGroups ¶
GetAllRoutePoliciesFromGroups retrieves route policies associated with the specified access control groups and returns a list of policies that have rules with destinations matching the specified groups.
func (*Policy) RuleGroups ¶
RuleGroups returns a list of all groups referenced in the policy's rules, including sources and destinations.
func (*Policy) SourceGroups ¶
SourceGroups returns a slice of all unique source groups referenced in the policy's rules.
func (*Policy) UpgradeAndFix ¶
func (p *Policy) UpgradeAndFix()
UpgradeAndFix different version of policies to latest version
type PolicyRule ¶
type PolicyRule struct { // ID of the policy rule ID string `gorm:"primaryKey"` // PolicyID is a reference to Policy that this object belongs PolicyID string `json:"-" gorm:"index"` // Name of the rule visible in the UI Name string // Description of the rule visible in the UI Description string // Enabled status of rule in the system Enabled bool // Action policy accept or drops packets Action PolicyTrafficActionType // Destinations policy destination groups Destinations []string `gorm:"serializer:json"` // DestinationResource policy destination resource that the rule is applied to DestinationResource Resource `gorm:"serializer:json"` // Sources policy source groups Sources []string `gorm:"serializer:json"` // SourceResource policy source resource that the rule is applied to SourceResource Resource `gorm:"serializer:json"` // Bidirectional define if the rule is applicable in both directions, sources, and destinations Bidirectional bool // Protocol type of the traffic Protocol PolicyRuleProtocolType // Ports or it ranges list Ports []string `gorm:"serializer:json"` // PortRanges a list of port ranges. PortRanges []RulePortRange `gorm:"serializer:json"` }
PolicyRule is the metadata of the policy
func (*PolicyRule) Copy ¶
func (pm *PolicyRule) Copy() *PolicyRule
Copy returns a copy of a policy rule
type PolicyRuleProtocolType ¶
type PolicyRuleProtocolType string
PolicyRuleProtocolType type of traffic
type PolicyTrafficActionType ¶
type PolicyTrafficActionType string
PolicyTrafficActionType action type for the firewall
type PolicyUpdateOperation ¶
type PolicyUpdateOperation struct { Type PolicyUpdateOperationType Values []string }
PolicyUpdateOperation operation object with type and values to be applied
type PolicyUpdateOperationType ¶
type PolicyUpdateOperationType int
PolicyUpdateOperationType operation type
type RouteFirewallRule ¶
type RouteFirewallRule struct { // SourceRanges IP ranges of the routing peers. SourceRanges []string // Action of the traffic when the rule is applicable Action string // Destination a network prefix for the routed traffic Destination string // Protocol of the traffic Protocol string // Port of the traffic Port uint16 // PortRange represents the range of ports for a firewall rule PortRange RulePortRange // Domains list of network domains for the routed traffic Domains domain.List // isDynamic indicates whether the rule is for DNS routing IsDynamic bool }
RouteFirewallRule a firewall rule applicable for a routed network.
type RulePortRange ¶
RulePortRange represents a range of ports for a firewall rule.
type Settings ¶
type Settings struct { // PeerLoginExpirationEnabled globally enables or disables peer login expiration PeerLoginExpirationEnabled bool // PeerLoginExpiration is a setting that indicates when peer login expires. // Applies to all peers that have Peer.LoginExpirationEnabled set to true. PeerLoginExpiration time.Duration // PeerInactivityExpirationEnabled globally enables or disables peer inactivity expiration PeerInactivityExpirationEnabled bool // PeerInactivityExpiration is a setting that indicates when peer inactivity expires. // Applies to all peers that have Peer.PeerInactivityExpirationEnabled set to true. PeerInactivityExpiration time.Duration // RegularUsersViewBlocked allows to block regular users from viewing even their own peers and some UI elements RegularUsersViewBlocked bool // GroupsPropagationEnabled allows to propagate auto groups from the user to the peer GroupsPropagationEnabled bool // JWTGroupsEnabled allows extract groups from JWT claim, which name defined in the JWTGroupsClaimName // and add it to account groups. JWTGroupsEnabled bool // JWTGroupsClaimName from which we extract groups name to add it to account groups JWTGroupsClaimName string // JWTAllowGroups list of groups to which users are allowed access JWTAllowGroups []string `gorm:"serializer:json"` // RoutingPeerDNSResolutionEnabled enabled the DNS resolution on the routing peers RoutingPeerDNSResolutionEnabled bool // Extra is a dictionary of Account settings Extra *account.ExtraSettings `gorm:"embedded;embeddedPrefix:extra_"` }
Settings represents Account settings structure that can be modified via API and Dashboard
type SetupKey ¶
type SetupKey struct { Id string // AccountID is a reference to Account that this object belongs AccountID string `json:"-" gorm:"index"` Key string KeySecret string Name string Type SetupKeyType CreatedAt time.Time ExpiresAt *time.Time UpdatedAt time.Time `gorm:"autoUpdateTime:false"` // Revoked indicates whether the key was revoked or not (we don't remove them for tracking purposes) Revoked bool // UsedTimes indicates how many times the key was used UsedTimes int // LastUsed last time the key was used for peer registration LastUsed *time.Time // AutoGroups is a list of Group IDs that are auto assigned to a Peer when it uses this key to register AutoGroups []string `gorm:"serializer:json"` // UsageLimit indicates the number of times this key can be used to enroll a machine. // The value of 0 indicates the unlimited usage. UsageLimit int // Ephemeral indicate if the peers will be ephemeral or not Ephemeral bool }
SetupKey represents a pre-authorized key used to register machines (peers)
func GenerateDefaultSetupKey ¶
GenerateDefaultSetupKey generates a default reusable setup key with an unlimited usage and 30 days expiration
func GenerateSetupKey ¶
func GenerateSetupKey(name string, t SetupKeyType, validFor time.Duration, autoGroups []string, usageLimit int, ephemeral bool) (*SetupKey, string)
GenerateSetupKey generates a new setup key
func (*SetupKey) GetExpiresAt ¶ added in v0.36.0
GetExpiresAt returns the expiration time of the setup key.
func (*SetupKey) GetLastUsed ¶ added in v0.36.0
GetLastUsed returns the last used time of the setup key.
func (*SetupKey) IncrementUsage ¶
IncrementUsage makes a copy of a key, increments the UsedTimes by 1 and sets LastUsed to now
func (*SetupKey) IsOverUsed ¶
IsOverUsed if the key was used too many times. SetupKey.UsageLimit == 0 indicates the unlimited usage.
type User ¶
type User struct { Id string `gorm:"primaryKey"` // AccountID is a reference to Account that this object belongs AccountID string `json:"-" gorm:"index"` Role UserRole IsServiceUser bool // NonDeletable indicates whether the service user can be deleted NonDeletable bool // ServiceUserName is only set if IsServiceUser is true ServiceUserName string // AutoGroups is a list of Group IDs to auto-assign to peers registered by this user AutoGroups []string `gorm:"serializer:json"` PATs map[string]*PersonalAccessToken `gorm:"-"` PATsG []PersonalAccessToken `json:"-" gorm:"foreignKey:UserID;references:id"` // Blocked indicates whether the user is blocked. Blocked users can't use the system. Blocked bool // LastLogin is the last time the user logged in to IdP LastLogin *time.Time // CreatedAt records the time the user was created CreatedAt time.Time // Issued of the user Issued string `gorm:"default:api"` IntegrationReference integration_reference.IntegrationReference `gorm:"embedded;embeddedPrefix:integration_ref_"` }
User represents a user of the system
func NewAdminUser ¶
NewAdminUser creates a new user with role UserRoleAdmin
func NewOwnerUser ¶
NewOwnerUser creates a new user with role UserRoleOwner
func NewRegularUser ¶
NewRegularUser creates a new user with role UserRoleUser
func NewUser ¶
func NewUser(id string, role UserRole, isServiceUser bool, nonDeletable bool, serviceUserName string, autoGroups []string, issued string) *User
NewUser creates a new user
func (*User) GetLastLogin ¶ added in v0.36.0
GetLastLogin returns the last login time of the user.
func (*User) HasAdminPower ¶
HasAdminPower returns true if the user has admin or owner roles, false otherwise
func (*User) IsAdminOrServiceUser ¶
IsAdminOrServiceUser checks if the user has admin power or is a service user.
func (*User) IsRegularUser ¶
IsRegularUser checks if the user is a regular user.
func (*User) LastDashboardLoginChanged ¶
type UserInfo ¶
type UserInfo struct { ID string `json:"id"` Email string `json:"email"` Name string `json:"name"` Role string `json:"role"` AutoGroups []string `json:"auto_groups"` Status string `json:"-"` IsServiceUser bool `json:"is_service_user"` IsBlocked bool `json:"is_blocked"` NonDeletable bool `json:"non_deletable"` LastLogin time.Time `json:"last_login"` Issued string `json:"issued"` IntegrationReference integration_reference.IntegrationReference `json:"-"` Permissions UserPermissions `json:"permissions"` }
type UserPermissions ¶
type UserPermissions struct {
DashboardView string `json:"dashboard_view"`
}
type UserRole ¶
type UserRole string
UserRole is the role of a User
func StrRoleToUserRole ¶
StrRoleToUserRole returns UserRole for a given strRole or UserRoleUnknown if the specified role is unknown