Add GroupMinimum to the SetupKey response

.github/workflows/golang-test-darwin.yml

@@ -1,10 +1,5 @@
 name: Test Code Darwin
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
+on: [push,pull_request]
 
 jobs:
   test:

.github/workflows/golang-test-linux.yml

@@ -1,10 +1,5 @@
 name: Test Code Linux
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
+on: [push,pull_request]
 
 jobs:
   test:
@@ -38,55 +33,3 @@ jobs:
 
       - name: Test
         run: GOARCH=${{ matrix.arch }} go test -exec 'sudo --preserve-env=CI' -timeout 5m -p 1 ./...
-
-  test_client_on_docker:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.18.x
-
-
-      - name: Cache Go modules
-        uses: actions/cache@v2
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Install dependencies
-        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libappindicator3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev
-
-      - name: Install modules
-        run: go mod tidy
-
-      - name: Generate Iface Test bin
-        run: go test -c -o iface-testing.bin ./iface/...
-
-      - name: Generate RouteManager Test bin
-        run: go test -c -o routemanager-testing.bin ./client/internal/routemanager/...
-
-      - name: Generate Engine Test bin
-        run: go test -c -o engine-testing.bin ./client/internal/*.go
-
-      - name: Generate Peer Test bin
-        run: go test -c -o peer-testing.bin ./client/internal/peer/...
-
-      - run: chmod +x *testing.bin
-
-      - name: Run Iface tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/iface --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/iface-testing.bin -test.timeout 5m -test.parallel 1
-
-      - name: Run RouteManager tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/routemanager --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/routemanager-testing.bin  -test.timeout 5m -test.parallel 1
-
-      - name: Run Engine tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/engine-testing.bin  -test.timeout 5m -test.parallel 1
-
-      - name: Run Peer tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/peer  --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/peer-testing.bin  -test.timeout 5m -test.parallel 1

.github/workflows/golang-test-windows.yml

@@ -1,10 +1,5 @@
 name: Test Code Windows
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
+on: [push,pull_request]
 
 jobs:
   pre:

.github/workflows/release.yml

@@ -9,7 +9,7 @@ on:
   pull_request:
 
 env:
-  SIGN_PIPE_VER: "v0.0.4"
+  SIGN_PIPE_VER: "v0.0.3"
   GORELEASER_VER: "v1.6.3"
 
 jobs:

.github/workflows/test-docker-compose-linux.yml

@@ -1,10 +1,5 @@
 name: Test Docker Compose Linux
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
+on: [push,pull_request]
 
 jobs:
   test:
@@ -56,16 +51,13 @@ jobs:
           CI_NETBIRD_AUTH_JWT_CERTS: https://example.eu.auth0.com/.well-known/jwks.json
           CI_NETBIRD_AUTH_TOKEN_ENDPOINT: https://example.eu.auth0.com/oauth/token
           CI_NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT: https://example.eu.auth0.com/oauth/device/code
-          CI_NETBIRD_AUTH_REDIRECT_URI: "/peers"
         run: |
           grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
           grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
           grep AUTH_AUDIENCE docker-compose.yml | grep $CI_NETBIRD_AUTH_AUDIENCE
           grep AUTH_SUPPORTED_SCOPES docker-compose.yml | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
           grep USE_AUTH0 docker-compose.yml | grep $CI_NETBIRD_USE_AUTH0
-          grep NETBIRD_MGMT_API_ENDPOINT docker-compose.yml | grep "http://localhost:33073"
-          grep AUTH_REDIRECT_URI docker-compose.yml | grep $CI_NETBIRD_AUTH_REDIRECT_URI
-          grep AUTH_SILENT_REDIRECT_URI docker-compose.yml | egrep 'AUTH_SILENT_REDIRECT_URI=$'
+          grep NETBIRD_MGMT_API_ENDPOINT docker-compose.yml | grep "http://localhost:33073"  
 
       - name: run docker compose up
         working-directory: infrastructure_files

.goreleaser.yaml

@@ -41,7 +41,7 @@ builds:
       - arm64
       - arm
     ldflags:
-      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+      - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
     mod_timestamp: '{{ .CommitTimestamp }}'
 
   - id: netbird-signal

README.md

@@ -1,6 +1,6 @@
 <p align="center">
- <strong>:hatching_chick: New Release! User Invites.</strong>
-  <a href="https://github.com/netbirdio/netbird/releases">
+ <strong>:hatching_chick: New release! NetBird Easy SSH</strong>.
+  <a href="https://github.com/netbirdio/netbird/releases/tag/v0.8.0">
        Learn more
      </a>   
 </p>
@@ -62,8 +62,10 @@ NetBird creates an overlay peer-to-peer network connecting machines automaticall
 -  \[ ] Network Activity Monitoring.
 
 ### Secure peer-to-peer VPN with SSO and MFA in minutes
-
-https://user-images.githubusercontent.com/700848/197345890-2e2cded5-7b7a-436f-a444-94e80dd24f46.mov
+<p float="left" align="middle">
+  <img src="docs/media/peerA.gif" width="400"/> 
+  <img src="docs/media/peerB.gif" width="400"/>
+</p>
 
 **Note**: The `main` branch may be in an *unstable or even broken state* during development. 
 For stable versions, see [releases](https://github.com/netbirdio/netbird/releases).
@@ -103,5 +105,5 @@ See a complete [architecture overview](https://netbird.io/docs/overview/architec
 We use open-source technologies like [WireGuard®](https://www.wireguard.com/), [Pion ICE (WebRTC)](https://github.com/pion/ice), and [Coturn](https://github.com/coturn/coturn). We very much appreciate the work these guys are doing and we'd greatly appreciate if you could support them in any way (e.g. giving a star or a contribution).
 
 ### Legal
- _WireGuard_ and the _WireGuard_ logo are [registered trademarks](https://www.wireguard.com/trademark-policy/) of Jason A. Donenfeld.
+ [WireGuard](https://wireguard.com/) is a registered trademark of Jason A. Donenfeld.
 

client/cmd/status.go

@@ -11,7 +11,6 @@ import (
 	"github.com/netbirdio/netbird/util"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc/status"
-	"net"
 	"net/netip"
 	"sort"
 	"strings"
@@ -19,7 +18,6 @@ import (
 
 var (
 	detailFlag   bool
-	ipv4Flag     bool
 	ipsFilter    []string
 	statusFilter string
 	ipsFilterMap map[string]struct{}
@@ -75,7 +73,7 @@ var statusCmd = &cobra.Command{
 		pbFullStatus := resp.GetFullStatus()
 		fullStatus := fromProtoFullStatus(pbFullStatus)
 
-		cmd.Print(parseFullStatus(fullStatus, detailFlag, daemonStatus, resp.GetDaemonVersion(), ipv4Flag))
+		cmd.Print(parseFullStatus(fullStatus, detailFlag, daemonStatus, resp.GetDaemonVersion()))
 
 		return nil
 	},
@@ -84,9 +82,8 @@ var statusCmd = &cobra.Command{
 func init() {
 	ipsFilterMap = make(map[string]struct{})
 	statusCmd.PersistentFlags().BoolVarP(&detailFlag, "detail", "d", false, "display detailed status information")
-	statusCmd.PersistentFlags().BoolVar(&ipv4Flag, "ipv4", false, "display only NetBird IPv4 of this peer, e.g., --ipv4 will output 100.64.0.33")
-	statusCmd.PersistentFlags().StringSliceVar(&ipsFilter, "filter-by-ips", []string{}, "filters the detailed output by a list of one or more IPs, e.g., --filter-by-ips 100.64.0.100,100.64.0.200")
-	statusCmd.PersistentFlags().StringVar(&statusFilter, "filter-by-status", "", "filters the detailed output by connection status(connected|disconnected), e.g., --filter-by-status connected")
+	statusCmd.PersistentFlags().StringSliceVar(&ipsFilter, "filter-by-ips", []string{}, "filters the detailed output by a list of one or more IPs, e.g. --filter-by-ips 100.64.0.100,100.64.0.200")
+	statusCmd.PersistentFlags().StringVar(&statusFilter, "filter-by-status", "", "filters the detailed output by connection status(connected|disconnected), e.g. --filter-by-status connected")
 }
 
 func parseFilters() error {
@@ -145,19 +142,7 @@ func fromProtoFullStatus(pbFullStatus *proto.FullStatus) nbStatus.FullStatus {
 	return fullStatus
 }
 
-func parseFullStatus(fullStatus nbStatus.FullStatus, printDetail bool, daemonStatus string, daemonVersion string, flag bool) string {
-
-	interfaceIP := fullStatus.LocalPeerState.IP
-
-	ip, _, err := net.ParseCIDR(interfaceIP)
-	if err != nil {
-		return ""
-	}
-
-	if ipv4Flag {
-		return fmt.Sprintf("%s\n", ip)
-	}
-
+func parseFullStatus(fullStatus nbStatus.FullStatus, printDetail bool, daemonStatus string, daemonVersion string) string {
 	var (
 		managementStatusURL  = ""
 		signalStatusURL      = ""
@@ -179,6 +164,8 @@ func parseFullStatus(fullStatus nbStatus.FullStatus, printDetail bool, daemonSta
 		signalConnString = "Connected"
 	}
 
+	interfaceIP := fullStatus.LocalPeerState.IP
+
 	if fullStatus.LocalPeerState.KernelInterface {
 		interfaceTypeString = "Kernel"
 	} else if fullStatus.LocalPeerState.IP == "" {

client/cmd/testutil.go

@@ -68,12 +68,12 @@ func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Liste
 	}
 
 	peersUpdateManager := mgmt.NewPeersUpdateManager()
-	accountManager, err := mgmt.BuildManager(store, peersUpdateManager, nil, "")
+	accountManager, err := mgmt.BuildManager(store, peersUpdateManager, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
 	turnManager := mgmt.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig)
-	mgmtServer, err := mgmt.NewServer(config, accountManager, peersUpdateManager, turnManager, nil)
+	mgmtServer, err := mgmt.NewServer(config, accountManager, peersUpdateManager, turnManager)
 	if err != nil {
 		t.Fatal(err)
 	}

client/installer.nsis

@@ -101,7 +101,6 @@ done:
 Pop $2
 Exch $1
 FunctionEnd
-
 !macro GetAppFromCommand in out
 Push "${in}"
 Call GetAppFromCommand
@@ -118,7 +117,7 @@ Call GetAppFromCommand ; Remove quotes and parameters from UninstCommand
 Pop $0
 Pop $1
 GetFullPathName $2 "$0\.."
-ExecWait '"$0" /S $1 _?=$2'
+ExecWait '"$0" $1 _?=$2'
 Delete "$0" ; Extra cleanup because we used _?=
 RMDir "$2"
 Pop $2
@@ -127,27 +126,30 @@ Pop $0
 !macroend
 
 Function .onInit
-StrCpy $INSTDIR "${INSTALL_DIR}"
+
+ReadRegStr $R0 HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Wiretrustee" "UninstallString"
+${If} $R0 != ""
+    MessageBox MB_YESNO|MB_ICONQUESTION "Wiretrustee is installed. We must remove it before installing Netbird. Procced?" IDNO noWTUninstOld
+    !insertmacro UninstallPreviousNSIS $R0 "/NoMsgBox"
+    noWTUninstOld:
+${EndIf}
+
 ReadRegStr $R0 HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$(^NAME)" "UninstallString"
 ${If} $R0 != ""
-    # if silent install jump to uninstall step
-    IfSilent uninstall
-
-    MessageBox MB_YESNO|MB_ICONQUESTION "NetBird is already installed. We must remove it before installing upgrading NetBird. Proceed?" IDNO done IDYES uninstall
-
-    uninstall:
-      !insertmacro UninstallPreviousNSIS $R0 "/NoMsgBox"
-    done:
-
+    MessageBox MB_YESNO|MB_ICONQUESTION "$(^NAME) is already installed. Do you want to remove the previous version?" IDNO noUninstOld
+    !insertmacro UninstallPreviousNSIS $R0 "/NoMsgBox"
+    noUninstOld:
 ${EndIf}
 FunctionEnd
 ######################################################################
 Section -MainProgram
 	${INSTALL_TYPE}
-	# SetOverwrite ifnewer
+	SetOverwrite ifnewer
 	SetOutPath "$INSTDIR"
 	File /r "..\\dist\\netbird_windows_amd64\\"
+
 SectionEnd
+
 ######################################################################
 
 Section -Icons_Reg
@@ -170,29 +172,24 @@ SetShellVarContext current
 CreateShortCut "$SMPROGRAMS\${APP_NAME}.lnk" "$INSTDIR\${UI_APP_EXE}"
 CreateShortCut "$DESKTOP\${APP_NAME}.lnk" "$INSTDIR\${UI_APP_EXE}"
 SetShellVarContext all
-SectionEnd
 
-Section -Post
 ExecWait '"$INSTDIR\${MAIN_APP_EXE}" service install'
-ExecWait '"$INSTDIR\${MAIN_APP_EXE}" service start'
+Exec '"$INSTDIR\${MAIN_APP_EXE}" service start'
 # sleep a bit for visibility
 Sleep 1000
 SectionEnd
+
 ######################################################################
 
 Section Uninstall
 ${INSTALL_TYPE}
 
 ExecWait '"$INSTDIR\${MAIN_APP_EXE}" service stop'
-ExecWait '"$INSTDIR\${MAIN_APP_EXE}" service uninstall'
-
+Exec '"$INSTDIR\${MAIN_APP_EXE}" service uninstall'
 # kill ui client
 ExecWait `taskkill /im ${UI_APP_EXE}.exe`
-
 # wait the service uninstall take unblock the executable
 Sleep 3000
-Delete "$INSTDIR\${UI_APP_EXE}"
-Delete "$INSTDIR\${MAIN_APP_EXE}"
 RmDir /r "$INSTDIR"
 
 SetShellVarContext current
@@ -212,4 +209,4 @@ SetShellVarContext current
    SetOutPath $INSTDIR
    ShellExecAsUser::ShellExecAsUser "" "$DESKTOP\${APP_NAME}.lnk"
 SetShellVarContext all
-FunctionEnd
+FunctionEnd

client/internal/config.go

@@ -263,7 +263,7 @@ func GetDeviceAuthorizationFlowInfo(ctx context.Context, config *Config) (Device
 		}
 	}
 
-	deviceAuthorizationFlow := DeviceAuthorizationFlow{
+	return DeviceAuthorizationFlow{
 		Provider: protoDeviceAuthorizationFlow.Provider.String(),
 
 		ProviderConfig: ProviderConfig{
@@ -274,29 +274,5 @@ func GetDeviceAuthorizationFlowInfo(ctx context.Context, config *Config) (Device
 			TokenEndpoint:      protoDeviceAuthorizationFlow.GetProviderConfig().GetTokenEndpoint(),
 			DeviceAuthEndpoint: protoDeviceAuthorizationFlow.GetProviderConfig().GetDeviceAuthEndpoint(),
 		},
-	}
-
-	err = isProviderConfigValid(deviceAuthorizationFlow.ProviderConfig)
-	if err != nil {
-		return DeviceAuthorizationFlow{}, err
-	}
-
-	return deviceAuthorizationFlow, nil
-}
-
-func isProviderConfigValid(config ProviderConfig) error {
-	errorMSGFormat := "invalid provider configuration received from management: %s value is empty. Contact your NetBird administrator"
-	if config.Audience == "" {
-		return fmt.Errorf(errorMSGFormat, "Audience")
-	}
-	if config.ClientID == "" {
-		return fmt.Errorf(errorMSGFormat, "Client ID")
-	}
-	if config.TokenEndpoint == "" {
-		return fmt.Errorf(errorMSGFormat, "Token Endpoint")
-	}
-	if config.DeviceAuthEndpoint == "" {
-		return fmt.Errorf(errorMSGFormat, "Device Auth Endpoint")
-	}
-	return nil
+	}, nil
 }

client/internal/connect.go

@@ -107,7 +107,7 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *nbStatus.Sta
 		localPeerState := nbStatus.LocalPeerState{
 			IP:              loginResp.GetPeerConfig().GetAddress(),
 			PubKey:          myPrivateKey.PublicKey().String(),
-			KernelInterface: iface.WireguardModuleIsLoaded(),
+			KernelInterface: iface.WireguardModExists(),
 		}
 
 		statusRecorder.UpdateLocalPeerState(localPeerState)

client/internal/engine_test.go

@@ -761,12 +761,12 @@ func startManagement(port int, dataDir string) (*grpc.Server, error) {
 		log.Fatalf("failed creating a store: %s: %v", config.Datadir, err)
 	}
 	peersUpdateManager := server.NewPeersUpdateManager()
-	accountManager, err := server.BuildManager(store, peersUpdateManager, nil, "")
+	accountManager, err := server.BuildManager(store, peersUpdateManager, nil)
 	if err != nil {
 		return nil, err
 	}
 	turnManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig)
-	mgmtServer, err := server.NewServer(config, accountManager, peersUpdateManager, turnManager, nil)
+	mgmtServer, err := server.NewServer(config, accountManager, peersUpdateManager, turnManager)
 	if err != nil {
 		return nil, err
 	}

client/internal/routemanager/firewall_linux.go

@@ -9,16 +9,14 @@ import (
 import "github.com/google/nftables"
 
 const (
-	ipv6Forwarding     = "netbird-rt-ipv6-forwarding"
-	ipv4Forwarding     = "netbird-rt-ipv4-forwarding"
-	ipv6Nat            = "netbird-rt-ipv6-nat"
-	ipv4Nat            = "netbird-rt-ipv4-nat"
-	natFormat          = "netbird-nat-%s"
-	forwardingFormat   = "netbird-fwd-%s"
-	inNatFormat        = "netbird-nat-in-%s"
-	inForwardingFormat = "netbird-fwd-in-%s"
-	ipv6               = "ipv6"
-	ipv4               = "ipv4"
+	ipv6Forwarding   = "netbird-rt-ipv6-forwarding"
+	ipv4Forwarding   = "netbird-rt-ipv4-forwarding"
+	ipv6Nat          = "netbird-rt-ipv6-nat"
+	ipv4Nat          = "netbird-rt-ipv4-nat"
+	natFormat        = "netbird-nat-%s"
+	forwardingFormat = "netbird-fwd-%s"
+	ipv6             = "ipv6"
+	ipv4             = "ipv4"
 )
 
 func genKey(format string, input string) string {
@@ -55,13 +53,3 @@ func NewFirewall(parentCTX context.Context) firewallManager {
 
 	return manager
 }
-
-func getInPair(pair routerPair) routerPair {
-	return routerPair{
-		ID: pair.ID,
-		// invert source/destination
-		source:      pair.destination,
-		destination: pair.source,
-		masquerade:  pair.masquerade,
-	}
-}

client/internal/routemanager/iptables_linux.go

@@ -311,37 +311,7 @@ func (i *iptablesManager) InsertRoutingRules(pair routerPair) error {
 	i.mux.Lock()
 	defer i.mux.Unlock()
 
-	err := i.insertRoutingRule(forwardingFormat, iptablesFilterTable, iptablesRoutingForwardingChain, routingFinalForwardJump, pair)
-	if err != nil {
-		return err
-	}
-
-	err = i.insertRoutingRule(inForwardingFormat, iptablesFilterTable, iptablesRoutingForwardingChain, routingFinalForwardJump, getInPair(pair))
-	if err != nil {
-		return err
-	}
-
-	if !pair.masquerade {
-		return nil
-	}
-
-	err = i.insertRoutingRule(natFormat, iptablesNatTable, iptablesRoutingNatChain, routingFinalNatJump, pair)
-	if err != nil {
-		return err
-	}
-
-	err = i.insertRoutingRule(inNatFormat, iptablesNatTable, iptablesRoutingNatChain, routingFinalNatJump, getInPair(pair))
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// insertRoutingRule inserts an iptable rule
-func (i *iptablesManager) insertRoutingRule(keyFormat, table, chain, jump string, pair routerPair) error {
 	var err error
-
 	prefix := netip.MustParsePrefix(pair.source)
 	ipVersion := ipv4
 	iptablesClient := i.ipv4Client
@@ -350,22 +320,43 @@ func (i *iptablesManager) insertRoutingRule(keyFormat, table, chain, jump string
 		ipVersion = ipv6
 	}
 
-	ruleKey := genKey(keyFormat, pair.ID)
-	rule := genRuleSpec(jump, ruleKey, pair.source, pair.destination)
-	existingRule, found := i.rules[ipVersion][ruleKey]
+	forwardRuleKey := genKey(forwardingFormat, pair.ID)
+	forwardRule := genRuleSpec(routingFinalForwardJump, forwardRuleKey, pair.source, pair.destination)
+	existingRule, found := i.rules[ipVersion][forwardRuleKey]
 	if found {
-		err = iptablesClient.DeleteIfExists(table, chain, existingRule...)
+		err = iptablesClient.DeleteIfExists(iptablesFilterTable, iptablesRoutingForwardingChain, existingRule...)
 		if err != nil {
-			return fmt.Errorf("iptables: error while removing existing %s rule for %s: %v", getIptablesRuleType(table), pair.destination, err)
+			return fmt.Errorf("iptables: error while removing existing forwarding rule for %s: %v", pair.destination, err)
 		}
-		delete(i.rules[ipVersion], ruleKey)
+		delete(i.rules[ipVersion], forwardRuleKey)
 	}
-	err = iptablesClient.Insert(table, chain, 1, rule...)
+	err = iptablesClient.Insert(iptablesFilterTable, iptablesRoutingForwardingChain, 1, forwardRule...)
 	if err != nil {
-		return fmt.Errorf("iptables: error while adding new %s rule for %s: %v", getIptablesRuleType(table), pair.destination, err)
+		return fmt.Errorf("iptables: error while adding new forwarding rule for %s: %v", pair.destination, err)
 	}
 
-	i.rules[ipVersion][ruleKey] = rule
+	i.rules[ipVersion][forwardRuleKey] = forwardRule
+
+	if !pair.masquerade {
+		return nil
+	}
+
+	natRuleKey := genKey(natFormat, pair.ID)
+	natRule := genRuleSpec(routingFinalNatJump, natRuleKey, pair.source, pair.destination)
+	existingRule, found = i.rules[ipVersion][natRuleKey]
+	if found {
+		err = iptablesClient.DeleteIfExists(iptablesNatTable, iptablesRoutingNatChain, existingRule...)
+		if err != nil {
+			return fmt.Errorf("iptables: error while removing existing nat rulefor %s: %v", pair.destination, err)
+		}
+		delete(i.rules[ipVersion], natRuleKey)
+	}
+	err = iptablesClient.Insert(iptablesNatTable, iptablesRoutingNatChain, 1, natRule...)
+	if err != nil {
+		return fmt.Errorf("iptables: error while adding new nat rulefor %s: %v", pair.destination, err)
+	}
+
+	i.rules[ipVersion][natRuleKey] = natRule
 
 	return nil
 }
@@ -375,37 +366,7 @@ func (i *iptablesManager) RemoveRoutingRules(pair routerPair) error {
 	i.mux.Lock()
 	defer i.mux.Unlock()
 
-	err := i.removeRoutingRule(forwardingFormat, iptablesFilterTable, iptablesRoutingForwardingChain, pair)
-	if err != nil {
-		return err
-	}
-
-	err = i.removeRoutingRule(inForwardingFormat, iptablesFilterTable, iptablesRoutingForwardingChain, getInPair(pair))
-	if err != nil {
-		return err
-	}
-
-	if !pair.masquerade {
-		return nil
-	}
-
-	err = i.removeRoutingRule(natFormat, iptablesNatTable, iptablesRoutingNatChain, pair)
-	if err != nil {
-		return err
-	}
-
-	err = i.removeRoutingRule(inNatFormat, iptablesNatTable, iptablesRoutingNatChain, getInPair(pair))
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// removeRoutingRule removes an iptables rule
-func (i *iptablesManager) removeRoutingRule(keyFormat, table, chain string, pair routerPair) error {
 	var err error
-
 	prefix := netip.MustParsePrefix(pair.source)
 	ipVersion := ipv4
 	iptablesClient := i.ipv4Client
@@ -414,23 +375,29 @@ func (i *iptablesManager) removeRoutingRule(keyFormat, table, chain string, pair
 		ipVersion = ipv6
 	}
 
-	ruleKey := genKey(keyFormat, pair.ID)
-	existingRule, found := i.rules[ipVersion][ruleKey]
+	forwardRuleKey := genKey(forwardingFormat, pair.ID)
+	existingRule, found := i.rules[ipVersion][forwardRuleKey]
 	if found {
-		err = iptablesClient.DeleteIfExists(table, chain, existingRule...)
+		err = iptablesClient.DeleteIfExists(iptablesFilterTable, iptablesRoutingForwardingChain, existingRule...)
 		if err != nil {
-			return fmt.Errorf("iptables: error while removing existing %s rule for %s: %v", getIptablesRuleType(table), pair.destination, err)
+			return fmt.Errorf("iptables: error while removing existing forwarding rule for %s: %v", pair.destination, err)
 		}
 	}
-	delete(i.rules[ipVersion], ruleKey)
+	delete(i.rules[ipVersion], forwardRuleKey)
+
+	if !pair.masquerade {
+		return nil
+	}
+
+	natRuleKey := genKey(natFormat, pair.ID)
+	existingRule, found = i.rules[ipVersion][natRuleKey]
+	if found {
+		err = iptablesClient.DeleteIfExists(iptablesNatTable, iptablesRoutingNatChain, existingRule...)
+		if err != nil {
+			return fmt.Errorf("iptables: error while removing existing nat rule for %s: %v", pair.destination, err)
+		}
+	}
+	delete(i.rules[ipVersion], natRuleKey)
 
 	return nil
 }
-
-func getIptablesRuleType(table string) string {
-	ruleType := "forwarding"
-	if table == iptablesNatTable {
-		ruleType = "nat"
-	}
-	return ruleType
-}

client/internal/routemanager/iptables_linux_test.go

@@ -159,17 +159,6 @@ func TestIptablesManager_InsertRoutingRules(t *testing.T) {
 			require.True(t, found, "forwarding rule should exist in the manager map")
 			require.Equal(t, forwardRule[:4], foundRule[:4], "stored forwarding rule should match")
 
-			inForwardRuleKey := genKey(inForwardingFormat, testCase.inputPair.ID)
-			inForwardRule := genRuleSpec(routingFinalForwardJump, inForwardRuleKey, getInPair(testCase.inputPair).source, getInPair(testCase.inputPair).destination)
-
-			exists, err = iptablesClient.Exists(iptablesFilterTable, iptablesRoutingForwardingChain, inForwardRule...)
-			require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", testCase.ipVersion, iptablesFilterTable, iptablesRoutingForwardingChain)
-			require.True(t, exists, "income forwarding rule should exist")
-
-			foundRule, found = manager.rules[testCase.ipVersion][inForwardRuleKey]
-			require.True(t, found, "income forwarding rule should exist in the manager map")
-			require.Equal(t, inForwardRule[:4], foundRule[:4], "stored income forwarding rule should match")
-
 			natRuleKey := genKey(natFormat, testCase.inputPair.ID)
 			natRule := genRuleSpec(routingFinalNatJump, natRuleKey, testCase.inputPair.source, testCase.inputPair.destination)
 
@@ -183,23 +172,7 @@ func TestIptablesManager_InsertRoutingRules(t *testing.T) {
 			} else {
 				require.False(t, exists, "nat rule should not be created")
 				_, foundNat := manager.rules[testCase.ipVersion][natRuleKey]
-				require.False(t, foundNat, "nat rule should not exist in the map")
-			}
-
-			inNatRuleKey := genKey(inNatFormat, testCase.inputPair.ID)
-			inNatRule := genRuleSpec(routingFinalNatJump, inNatRuleKey, getInPair(testCase.inputPair).source, getInPair(testCase.inputPair).destination)
-
-			exists, err = iptablesClient.Exists(iptablesNatTable, iptablesRoutingNatChain, inNatRule...)
-			require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", testCase.ipVersion, iptablesNatTable, iptablesRoutingNatChain)
-			if testCase.inputPair.masquerade {
-				require.True(t, exists, "income nat rule should be created")
-				foundNatRule, foundNat := manager.rules[testCase.ipVersion][inNatRuleKey]
-				require.True(t, foundNat, "income nat rule should exist in the map")
-				require.Equal(t, inNatRule[:4], foundNatRule[:4], "stored income nat rule should match")
-			} else {
-				require.False(t, exists, "nat rule should not be created")
-				_, foundNat := manager.rules[testCase.ipVersion][inNatRuleKey]
-				require.False(t, foundNat, "income nat rule should not exist in the map")
+				require.False(t, foundNat, "nat rule should exist in the map")
 			}
 		})
 	}
@@ -240,24 +213,12 @@ func TestIptablesManager_RemoveRoutingRules(t *testing.T) {
 			err = iptablesClient.Insert(iptablesFilterTable, iptablesRoutingForwardingChain, 1, forwardRule...)
 			require.NoError(t, err, "inserting rule should not return error")
 
-			inForwardRuleKey := genKey(inForwardingFormat, testCase.inputPair.ID)
-			inForwardRule := genRuleSpec(routingFinalForwardJump, inForwardRuleKey, getInPair(testCase.inputPair).source, getInPair(testCase.inputPair).destination)
-
-			err = iptablesClient.Insert(iptablesFilterTable, iptablesRoutingForwardingChain, 1, inForwardRule...)
-			require.NoError(t, err, "inserting rule should not return error")
-
 			natRuleKey := genKey(natFormat, testCase.inputPair.ID)
 			natRule := genRuleSpec(routingFinalNatJump, natRuleKey, testCase.inputPair.source, testCase.inputPair.destination)
 
 			err = iptablesClient.Insert(iptablesNatTable, iptablesRoutingNatChain, 1, natRule...)
 			require.NoError(t, err, "inserting rule should not return error")
 
-			inNatRuleKey := genKey(inNatFormat, testCase.inputPair.ID)
-			inNatRule := genRuleSpec(routingFinalNatJump, inNatRuleKey, getInPair(testCase.inputPair).source, getInPair(testCase.inputPair).destination)
-
-			err = iptablesClient.Insert(iptablesNatTable, iptablesRoutingNatChain, 1, inNatRule...)
-			require.NoError(t, err, "inserting rule should not return error")
-
 			delete(manager.rules, ipv4)
 			delete(manager.rules, ipv6)
 
@@ -274,26 +235,12 @@ func TestIptablesManager_RemoveRoutingRules(t *testing.T) {
 			_, found := manager.rules[testCase.ipVersion][forwardRuleKey]
 			require.False(t, found, "forwarding rule should exist in the manager map")
 
-			exists, err = iptablesClient.Exists(iptablesFilterTable, iptablesRoutingForwardingChain, inForwardRule...)
-			require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", testCase.ipVersion, iptablesFilterTable, iptablesRoutingForwardingChain)
-			require.False(t, exists, "income forwarding rule should not exist")
-
-			_, found = manager.rules[testCase.ipVersion][inForwardRuleKey]
-			require.False(t, found, "income forwarding rule should exist in the manager map")
-
 			exists, err = iptablesClient.Exists(iptablesNatTable, iptablesRoutingNatChain, natRule...)
 			require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", testCase.ipVersion, iptablesNatTable, iptablesRoutingNatChain)
 			require.False(t, exists, "nat rule should not exist")
 
 			_, found = manager.rules[testCase.ipVersion][natRuleKey]
-			require.False(t, found, "nat rule should exist in the manager map")
-
-			exists, err = iptablesClient.Exists(iptablesNatTable, iptablesRoutingNatChain, inNatRule...)
-			require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", testCase.ipVersion, iptablesNatTable, iptablesRoutingNatChain)
-			require.False(t, exists, "income nat rule should not exist")
-
-			_, found = manager.rules[testCase.ipVersion][inNatRuleKey]
-			require.False(t, found, "income nat rule should exist in the manager map")
+			require.False(t, found, "forwarding rule should exist in the manager map")
 
 		})
 	}

client/internal/routemanager/nftables_linux.go

@@ -12,6 +12,7 @@ import (
 )
 import "github.com/google/nftables"
 
+//
 const (
 	nftablesTable                  = "netbird-rt"
 	nftablesRoutingForwardingChain = "netbird-rt-fwd"
@@ -83,10 +84,8 @@ func (n *nftablesManager) CleanRoutingRules() {
 	n.mux.Lock()
 	defer n.mux.Unlock()
 	log.Debug("flushing tables")
-	if n.tableIPv4 != nil && n.tableIPv6 != nil {
-		n.conn.FlushTable(n.tableIPv6)
-		n.conn.FlushTable(n.tableIPv4)
-	}
+	n.conn.FlushTable(n.tableIPv6)
+	n.conn.FlushTable(n.tableIPv4)
 	log.Debugf("flushing tables result in: %v error", n.conn.Flush())
 }
 
@@ -247,77 +246,53 @@ func (n *nftablesManager) InsertRoutingRules(pair routerPair) error {
 	n.mux.Lock()
 	defer n.mux.Unlock()
 
-	err := n.refreshRulesMap()
-	if err != nil {
-		return err
-	}
-
-	err = n.insertRoutingRule(forwardingFormat, nftablesRoutingForwardingChain, pair, false)
-	if err != nil {
-		return err
-	}
-	err = n.insertRoutingRule(inForwardingFormat, nftablesRoutingForwardingChain, getInPair(pair), false)
-	if err != nil {
-		return err
-	}
-
-	if pair.masquerade {
-		err = n.insertRoutingRule(natFormat, nftablesRoutingNatChain, pair, true)
-		if err != nil {
-			return err
-		}
-		err = n.insertRoutingRule(inNatFormat, nftablesRoutingNatChain, getInPair(pair), true)
-		if err != nil {
-			return err
-		}
-	}
-
-	err = n.conn.Flush()
-	if err != nil {
-		return fmt.Errorf("nftables: unable to insert rules for %s: %v", pair.destination, err)
-	}
-	return nil
-}
-
-// insertRoutingRule inserts a nftable rule to the conn client flush queue
-func (n *nftablesManager) insertRoutingRule(format, chain string, pair routerPair, isNat bool) error {
-
 	prefix := netip.MustParsePrefix(pair.source)
 
 	sourceExp := generateCIDRMatcherExpressions("source", pair.source)
 	destExp := generateCIDRMatcherExpressions("destination", pair.destination)
 
-	var expression []expr.Any
-	if isNat {
-		expression = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
+	forwardExp := append(sourceExp, append(destExp, exprCounterAccept...)...)
+	fwdKey := genKey(forwardingFormat, pair.ID)
+	if prefix.Addr().Unmap().Is4() {
+		n.rules[fwdKey] = n.conn.InsertRule(&nftables.Rule{
+			Table:    n.tableIPv4,
+			Chain:    n.chains[ipv4][nftablesRoutingForwardingChain],
+			Exprs:    forwardExp,
+			UserData: []byte(fwdKey),
+		})
 	} else {
-		expression = append(sourceExp, append(destExp, exprCounterAccept...)...)
+		n.rules[fwdKey] = n.conn.InsertRule(&nftables.Rule{
+			Table:    n.tableIPv6,
+			Chain:    n.chains[ipv6][nftablesRoutingForwardingChain],
+			Exprs:    forwardExp,
+			UserData: []byte(fwdKey),
+		})
 	}
 
-	ruleKey := genKey(format, pair.ID)
+	if pair.masquerade {
+		natExp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
+		natKey := genKey(natFormat, pair.ID)
 
-	_, exists := n.rules[ruleKey]
-	if exists {
-		err := n.removeRoutingRule(format, pair)
-		if err != nil {
-			return err
+		if prefix.Addr().Unmap().Is4() {
+			n.rules[natKey] = n.conn.InsertRule(&nftables.Rule{
+				Table:    n.tableIPv4,
+				Chain:    n.chains[ipv4][nftablesRoutingNatChain],
+				Exprs:    natExp,
+				UserData: []byte(natKey),
+			})
+		} else {
+			n.rules[natKey] = n.conn.InsertRule(&nftables.Rule{
+				Table:    n.tableIPv6,
+				Chain:    n.chains[ipv6][nftablesRoutingNatChain],
+				Exprs:    natExp,
+				UserData: []byte(natKey),
+			})
 		}
 	}
 
-	if prefix.Addr().Unmap().Is4() {
-		n.rules[ruleKey] = n.conn.InsertRule(&nftables.Rule{
-			Table:    n.tableIPv4,
-			Chain:    n.chains[ipv4][chain],
-			Exprs:    expression,
-			UserData: []byte(ruleKey),
-		})
-	} else {
-		n.rules[ruleKey] = n.conn.InsertRule(&nftables.Rule{
-			Table:    n.tableIPv6,
-			Chain:    n.chains[ipv6][chain],
-			Exprs:    expression,
-			UserData: []byte(ruleKey),
-		})
+	err := n.conn.Flush()
+	if err != nil {
+		return fmt.Errorf("nftables: unable to insert rules for %s: %v", pair.destination, err)
 	}
 	return nil
 }
@@ -332,26 +307,26 @@ func (n *nftablesManager) RemoveRoutingRules(pair routerPair) error {
 		return err
 	}
 
-	err = n.removeRoutingRule(forwardingFormat, pair)
-	if err != nil {
-		return err
+	fwdKey := genKey(forwardingFormat, pair.ID)
+	natKey := genKey(natFormat, pair.ID)
+	fwdRule, found := n.rules[fwdKey]
+	if found {
+		err = n.conn.DelRule(fwdRule)
+		if err != nil {
+			return fmt.Errorf("nftables: unable to remove forwarding rule for %s: %v", pair.destination, err)
+		}
+		log.Debugf("nftables: removing forwarding rule for %s", pair.destination)
+		delete(n.rules, fwdKey)
 	}
-
-	err = n.removeRoutingRule(inForwardingFormat, getInPair(pair))
-	if err != nil {
-		return err
+	natRule, found := n.rules[natKey]
+	if found {
+		err = n.conn.DelRule(natRule)
+		if err != nil {
+			return fmt.Errorf("nftables: unable to remove nat rule for %s: %v", pair.destination, err)
+		}
+		log.Debugf("nftables: removing nat rule for %s", pair.destination)
+		delete(n.rules, natKey)
 	}
-
-	err = n.removeRoutingRule(natFormat, pair)
-	if err != nil {
-		return err
-	}
-
-	err = n.removeRoutingRule(inNatFormat, getInPair(pair))
-	if err != nil {
-		return err
-	}
-
 	err = n.conn.Flush()
 	if err != nil {
 		return fmt.Errorf("nftables: received error while applying rule removal for %s: %v", pair.destination, err)
@@ -360,29 +335,6 @@ func (n *nftablesManager) RemoveRoutingRules(pair routerPair) error {
 	return nil
 }
 
-// removeRoutingRule add a nftable rule to the removal queue and delete from rules map
-func (n *nftablesManager) removeRoutingRule(format string, pair routerPair) error {
-	ruleKey := genKey(format, pair.ID)
-
-	rule, found := n.rules[ruleKey]
-	if found {
-		ruleType := "forwarding"
-		if rule.Chain.Type == nftables.ChainTypeNAT {
-			ruleType = "nat"
-		}
-
-		err := n.conn.DelRule(rule)
-		if err != nil {
-			return fmt.Errorf("nftables: unable to remove %s rule for %s: %v", ruleType, pair.destination, err)
-		}
-
-		log.Debugf("nftables: removing %s rule for %s", ruleType, pair.destination)
-
-		delete(n.rules, ruleKey)
-	}
-	return nil
-}
-
 // getPayloadDirectives get expression directives based on ip version and direction
 func getPayloadDirectives(direction string, isIPv4 bool, isIPv6 bool) (uint32, uint32, []byte) {
 	switch {

client/internal/routemanager/nftables_linux_test.go

@@ -189,45 +189,6 @@ func TestNftablesManager_InsertRoutingRules(t *testing.T) {
 				}
 				require.Equal(t, 1, found, "should find at least 1 rule to test")
 			}
-
-			sourceExp = generateCIDRMatcherExpressions("source", getInPair(testCase.inputPair).source)
-			destExp = generateCIDRMatcherExpressions("destination", getInPair(testCase.inputPair).destination)
-			testingExpression = append(sourceExp, destExp...)
-			inFwdRuleKey := genKey(inForwardingFormat, testCase.inputPair.ID)
-
-			found = 0
-			for _, registeredChains := range manager.chains {
-				for _, chain := range registeredChains {
-					rules, err := nftablesTestingClient.GetRules(chain.Table, chain)
-					require.NoError(t, err, "should list rules for %s table and %s chain", chain.Table.Name, chain.Name)
-					for _, rule := range rules {
-						if len(rule.UserData) > 0 && string(rule.UserData) == inFwdRuleKey {
-							require.ElementsMatchf(t, rule.Exprs[:len(testingExpression)], testingExpression, "income forwarding rule elements should match")
-							found = 1
-						}
-					}
-				}
-			}
-
-			require.Equal(t, 1, found, "should find at least 1 rule to test")
-
-			if testCase.inputPair.masquerade {
-				inNatRuleKey := genKey(inNatFormat, testCase.inputPair.ID)
-				found := 0
-				for _, registeredChains := range manager.chains {
-					for _, chain := range registeredChains {
-						rules, err := nftablesTestingClient.GetRules(chain.Table, chain)
-						require.NoError(t, err, "should list rules for %s table and %s chain", chain.Table.Name, chain.Name)
-						for _, rule := range rules {
-							if len(rule.UserData) > 0 && string(rule.UserData) == inNatRuleKey {
-								require.ElementsMatchf(t, rule.Exprs[:len(testingExpression)], testingExpression, "income nat rule elements should match")
-								found = 1
-							}
-						}
-					}
-				}
-				require.Equal(t, 1, found, "should find at least 1 rule to test")
-			}
 		})
 	}
 }
@@ -280,28 +241,6 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 				UserData: []byte(natRuleKey),
 			})
 
-			sourceExp = generateCIDRMatcherExpressions("source", getInPair(testCase.inputPair).source)
-			destExp = generateCIDRMatcherExpressions("destination", getInPair(testCase.inputPair).destination)
-
-			forwardExp = append(sourceExp, append(destExp, exprCounterAccept...)...)
-			inForwardRuleKey := genKey(inForwardingFormat, testCase.inputPair.ID)
-			insertedInForwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
-				Table:    table,
-				Chain:    manager.chains[testCase.ipVersion][nftablesRoutingForwardingChain],
-				Exprs:    forwardExp,
-				UserData: []byte(inForwardRuleKey),
-			})
-
-			natExp = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
-			inNatRuleKey := genKey(inNatFormat, testCase.inputPair.ID)
-
-			insertedInNat := nftablesTestingClient.InsertRule(&nftables.Rule{
-				Table:    table,
-				Chain:    manager.chains[testCase.ipVersion][nftablesRoutingNatChain],
-				Exprs:    natExp,
-				UserData: []byte(inNatRuleKey),
-			})
-
 			err = nftablesTestingClient.Flush()
 			require.NoError(t, err, "shouldn't return error")
 
@@ -320,10 +259,8 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 					require.NoError(t, err, "should list rules for %s table and %s chain", chain.Table.Name, chain.Name)
 					for _, rule := range rules {
 						if len(rule.UserData) > 0 {
-							require.NotEqual(t, insertedForwarding.UserData, rule.UserData, "forwarding rule should not exist")
-							require.NotEqual(t, insertedNat.UserData, rule.UserData, "nat rule should not exist")
-							require.NotEqual(t, insertedInForwarding.UserData, rule.UserData, "income forwarding rule should not exist")
-							require.NotEqual(t, insertedInNat.UserData, rule.UserData, "income nat rule should not exist")
+							require.NotEqual(t, insertedForwarding.UserData, rule.UserData, "forwarding rule should exist")
+							require.NotEqual(t, insertedNat.UserData, rule.UserData, "nat rule should exist")
 						}
 					}
 				}

client/internal/routemanager/systemops.go

@@ -21,7 +21,7 @@ func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
 	}
 
 	if prefixGateway != nil && !prefixGateway.Equal(gateway) {
-		log.Warnf("skipping adding a new route for network %s because it already exists and is pointing to the non default gateway: %s", prefix, prefixGateway)
+		log.Warnf("route for network %s already exist and is pointing to the gateway: %s, won't add another one", prefix, prefixGateway)
 		return nil
 	}
 	return addToRouteTable(prefix, addr)
@@ -45,14 +45,11 @@ func getExistingRIBRouteGateway(prefix netip.Prefix) (net.IP, error) {
 	if err != nil {
 		return nil, err
 	}
-	_, gateway, preferredSrc, err := r.Route(prefix.Addr().AsSlice())
+	_, _, localGatewayAddress, err := r.Route(prefix.Addr().AsSlice())
 	if err != nil {
 		log.Errorf("getting routes returned an error: %v", err)
 		return nil, errRouteNotFound
 	}
-	if gateway == nil {
-		return preferredSrc, nil
-	}
 
-	return gateway, nil
+	return localGatewayAddress, nil
 }

client/internal/routemanager/systemops_test.go

@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"github.com/netbirdio/netbird/iface"
 	"github.com/stretchr/testify/require"
-	"net"
 	"net/netip"
 	"testing"
 )
@@ -67,45 +66,3 @@ func TestAddRemoveRoutes(t *testing.T) {
 		})
 	}
 }
-
-func TestGetExistingRIBRouteGateway(t *testing.T) {
-	gateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
-	if err != nil {
-		t.Fatal("shouldn't return error when fetching the gateway: ", err)
-	}
-	if gateway == nil {
-		t.Fatal("should return a gateway")
-	}
-	addresses, err := net.InterfaceAddrs()
-	if err != nil {
-		t.Fatal("shouldn't return error when fetching interface addresses: ", err)
-	}
-
-	var testingIP string
-	var testingPrefix netip.Prefix
-	for _, address := range addresses {
-		if address.Network() != "ip+net" {
-			continue
-		}
-		prefix := netip.MustParsePrefix(address.String())
-		if !prefix.Addr().IsLoopback() && prefix.Addr().Is4() {
-			testingIP = prefix.Addr().String()
-			testingPrefix = prefix.Masked()
-			break
-		}
-	}
-
-	localIP, err := getExistingRIBRouteGateway(testingPrefix)
-	if err != nil {
-		t.Fatal("shouldn't return error: ", err)
-	}
-	if localIP == nil {
-		t.Fatal("should return a gateway for local network")
-	}
-	if localIP.String() == gateway.String() {
-		t.Fatal("local ip should not match with gateway IP")
-	}
-	if localIP.String() != testingIP {
-		t.Fatalf("local ip should match with testing IP: want %s got %s", testingIP, localIP.String())
-	}
-}

client/system/info_windows.go

@@ -1,17 +1,36 @@
 package system
 
 import (
+	"bytes"
 	"context"
-	"fmt"
-	log "github.com/sirupsen/logrus"
-	"golang.org/x/sys/windows/registry"
 	"os"
+	"os/exec"
 	"runtime"
+	"strings"
 )
 
 // GetInfo retrieves and parses the system information
 func GetInfo(ctx context.Context) *Info {
-	ver := getOSVersion()
+	cmd := exec.Command("cmd", "ver")
+	cmd.Stdin = strings.NewReader("some")
+	var out bytes.Buffer
+	var stderr bytes.Buffer
+	cmd.Stdout = &out
+	cmd.Stderr = &stderr
+	err := cmd.Run()
+	if err != nil {
+		panic(err)
+	}
+	osStr := strings.Replace(out.String(), "\n", "", -1)
+	osStr = strings.Replace(osStr, "\r\n", "", -1)
+	tmp1 := strings.Index(osStr, "[Version")
+	tmp2 := strings.Index(osStr, "]")
+	var ver string
+	if tmp1 == -1 || tmp2 == -1 {
+		ver = "unknown"
+	} else {
+		ver = osStr[tmp1+9 : tmp2]
+	}
 	gio := &Info{Kernel: "windows", OSVersion: ver, Core: ver, Platform: "unknown", OS: "windows", GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	gio.Hostname, _ = os.Hostname()
 	gio.WiretrusteeVersion = NetbirdVersion()
@@ -19,37 +38,3 @@ func GetInfo(ctx context.Context) *Info {
 
 	return gio
 }
-
-func getOSVersion() string {
-	k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
-	if err != nil {
-		log.Error(err)
-		return "0.0.0.0"
-	}
-	defer func() {
-		deferErr := k.Close()
-		if deferErr != nil {
-			log.Error(deferErr)
-		}
-	}()
-	
-	major, _, err := k.GetIntegerValue("CurrentMajorVersionNumber")
-	if err != nil {
-		log.Error(err)
-	}
-	minor, _, err := k.GetIntegerValue("CurrentMinorVersionNumber")
-	if err != nil {
-		log.Error(err)
-	}
-	build, _, err := k.GetStringValue("CurrentBuildNumber")
-	if err != nil {
-		log.Error(err)
-	}
-	// Update Build Revision
-	ubr, _, err := k.GetIntegerValue("UBR")
-	if err != nil {
-		log.Error(err)
-	}
-	ver := fmt.Sprintf("%d.%d.%s.%d", major, minor, build, ubr)
-	return ver
-}

client/ui/client_ui.go

@@ -8,6 +8,7 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"github.com/netbirdio/netbird/client/system"
 	"os"
 	"os/exec"
 	"path"
@@ -17,8 +18,6 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/netbirdio/netbird/client/system"
-
 	"github.com/cenkalti/backoff/v4"
 
 	_ "embed"
@@ -62,8 +61,6 @@ func main() {
 	flag.Parse()
 
 	a := app.New()
-	a.SetIcon(fyne.NewStaticResource("netbird", iconDisconnectedPNG))
-
 	client := newServiceClient(daemonAddr, a, showSettings)
 	if showSettings {
 		a.Run()
@@ -116,7 +113,7 @@ type serviceClient struct {
 	iLogFile      *widget.Entry
 	iPreSharedKey *widget.Entry
 
-	// observable settings over corresponding iMngURL and iPreSharedKey values.
+	// observable settings over correspondign iMngURL and iPreSharedKey values.
 	managementURL string
 	preSharedKey  string
 	adminURL      string
@@ -124,7 +121,7 @@ type serviceClient struct {
 
 // newServiceClient instance constructor
 //
-// This constructor also builds the UI elements for the settings window.
+// This constructor olso build UI elements for settings window.
 func newServiceClient(addr string, a fyne.App, showSettings bool) *serviceClient {
 	s := &serviceClient{
 		ctx:  context.Background(),
@@ -152,7 +149,7 @@ func newServiceClient(addr string, a fyne.App, showSettings bool) *serviceClient
 
 func (s *serviceClient) showUIElements() {
 	// add settings window UI elements.
-	s.wSettings = s.app.NewWindow("NetBird Settings")
+	s.wSettings = s.app.NewWindow("Settings")
 	s.iMngURL = widget.NewEntry()
 	s.iAdminURL = widget.NewEntry()
 	s.iConfigFile = widget.NewEntry()
@@ -327,15 +324,13 @@ func (s *serviceClient) updateStatus() error {
 			return err
 		}
 
-		if status.Status == string(internal.StatusConnected) && !s.mUp.Disabled() {
+		if status.Status == string(internal.StatusConnected) {
 			systray.SetIcon(s.icConnected)
-			systray.SetTooltip("NetBird (Connected)")
 			s.mStatus.SetTitle("Connected")
 			s.mUp.Disable()
 			s.mDown.Enable()
-		} else if status.Status != string(internal.StatusConnected) && s.mUp.Disabled() {
+		} else {
 			systray.SetIcon(s.icDisconnected)
-			systray.SetTooltip("NetBird (Disconnected)")
 			s.mStatus.SetTitle("Disconnected")
 			s.mDown.Disable()
 			s.mUp.Enable()
@@ -360,7 +355,6 @@ func (s *serviceClient) updateStatus() error {
 
 func (s *serviceClient) onTrayReady() {
 	systray.SetIcon(s.icDisconnected)
-	systray.SetTooltip("NetBird")
 
 	// setup systray menu items
 	s.mStatus = systray.AddMenuItem("Disconnected", "Disconnected")

dns/dns.go

@@ -1,6 +0,0 @@
-// Package dns implement dns types and standard methods and functions
-// to parse and normalize dns records and configuration
-package dns
-
-// DefaultDNSPort well-known port number
-const DefaultDNSPort = 53

dns/nameserver.go

@@ -1,184 +0,0 @@
-package dns
-
-import (
-	"fmt"
-	"net/netip"
-	"net/url"
-	"strconv"
-	"strings"
-)
-
-const (
-	// MaxGroupNameChar maximum group name size
-	MaxGroupNameChar = 40
-	// InvalidNameServerType invalid nameserver type
-	InvalidNameServerType NameServerType = iota
-	// UDPNameServerType udp nameserver type
-	UDPNameServerType
-)
-
-const (
-	// InvalidNameServerTypeString invalid nameserver type as string
-	InvalidNameServerTypeString = "invalid"
-	// UDPNameServerTypeString udp nameserver type as string
-	UDPNameServerTypeString = "udp"
-)
-
-// NameServerType nameserver type
-type NameServerType int
-
-// String returns nameserver type string
-func (n NameServerType) String() string {
-	switch n {
-	case UDPNameServerType:
-		return UDPNameServerTypeString
-	default:
-		return InvalidNameServerTypeString
-	}
-}
-
-// ToNameServerType returns a nameserver type
-func ToNameServerType(typeString string) NameServerType {
-	switch typeString {
-	case UDPNameServerTypeString:
-		return UDPNameServerType
-	default:
-		return InvalidNameServerType
-	}
-}
-
-// NameServerGroup group of nameservers and with group ids
-type NameServerGroup struct {
-	// ID identifier of group
-	ID string
-	// Name group name
-	Name string
-	// Description group description
-	Description string
-	// NameServers list of nameservers
-	NameServers []NameServer
-	// Groups list of peer group IDs to distribute the nameservers information
-	Groups []string
-	// Enabled group status
-	Enabled bool
-}
-
-// NameServer represents a DNS nameserver
-type NameServer struct {
-	// IP address of nameserver
-	IP netip.Addr
-	// NSType nameserver type
-	NSType NameServerType
-	// Port nameserver listening port
-	Port int
-}
-
-// Copy copies a nameserver object
-func (n *NameServer) Copy() *NameServer {
-	return &NameServer{
-		IP:     n.IP,
-		NSType: n.NSType,
-		Port:   n.Port,
-	}
-}
-
-// IsEqual compares one nameserver with the other
-func (n *NameServer) IsEqual(other *NameServer) bool {
-	return other.IP == n.IP &&
-		other.NSType == n.NSType &&
-		other.Port == n.Port
-}
-
-// ParseNameServerURL parses a nameserver url in the format <type>://<ip>:<port>, e.g., udp://1.1.1.1:53
-func ParseNameServerURL(nsURL string) (NameServer, error) {
-	parsedURL, err := url.Parse(nsURL)
-	if err != nil {
-		return NameServer{}, err
-	}
-	var ns NameServer
-	parsedScheme := strings.ToLower(parsedURL.Scheme)
-	nsType := ToNameServerType(parsedScheme)
-	if nsType == InvalidNameServerType {
-		return NameServer{}, fmt.Errorf("invalid nameserver url schema type, got %s", parsedScheme)
-	}
-	ns.NSType = nsType
-
-	parsedPort, err := strconv.Atoi(parsedURL.Port())
-	if err != nil {
-		return NameServer{}, fmt.Errorf("invalid nameserver url port, got %s", parsedURL.Port())
-	}
-	ns.Port = parsedPort
-
-	parsedAddr, err := netip.ParseAddr(parsedURL.Hostname())
-	if err != nil {
-		return NameServer{}, fmt.Errorf("invalid nameserver url IP, got %s", parsedURL.Hostname())
-	}
-
-	ns.IP = parsedAddr
-
-	return ns, nil
-}
-
-// Copy copies a nameserver group object
-func (g *NameServerGroup) Copy() *NameServerGroup {
-	return &NameServerGroup{
-		ID:          g.ID,
-		Name:        g.Name,
-		Description: g.Description,
-		NameServers: g.NameServers,
-		Groups:      g.Groups,
-		Enabled:     g.Enabled,
-	}
-}
-
-// IsEqual compares one nameserver group with the other
-func (g *NameServerGroup) IsEqual(other *NameServerGroup) bool {
-	return other.ID == g.ID &&
-		other.Name == g.Name &&
-		other.Description == g.Description &&
-		compareNameServerList(g.NameServers, other.NameServers) &&
-		compareGroupsList(g.Groups, other.Groups)
-}
-
-func compareNameServerList(list, other []NameServer) bool {
-	if len(list) != len(other) {
-		return false
-	}
-
-	for _, ns := range list {
-		if !containsNameServer(ns, other) {
-			return false
-		}
-	}
-
-	return true
-}
-
-func containsNameServer(element NameServer, list []NameServer) bool {
-	for _, ns := range list {
-		if ns.IsEqual(&element) {
-			return true
-		}
-	}
-	return false
-}
-
-func compareGroupsList(list, other []string) bool {
-	if len(list) != len(other) {
-		return false
-	}
-	for _, id := range list {
-		match := false
-		for _, otherID := range other {
-			if id == otherID {
-				match = true
-				break
-			}
-		}
-		if !match {
-			return false
-		}
-	}
-
-	return true
-}

go.mod

@@ -11,19 +11,19 @@ require (
 	github.com/kardianos/service v1.2.1-0.20210728001519-a323c3813bc7 //keep this version otherwise wiretrustee up command breaks
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.18.1
-	github.com/pion/ice/v2 v2.2.7
+	github.com/pion/ice/v2 v2.1.17
 	github.com/rs/cors v1.8.0
 	github.com/sirupsen/logrus v1.8.1
 	github.com/spf13/cobra v1.3.0
 	github.com/spf13/pflag v1.0.5
 	github.com/vishvananda/netlink v1.1.0
 	golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9
-	golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8
+	golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664
 	golang.zx2c4.com/wireguard v0.0.0-20211209221555-9c9e7e272434
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20211215182854-7a385b3431de
 	golang.zx2c4.com/wireguard/windows v0.5.1
 	google.golang.org/grpc v1.43.0
-	google.golang.org/protobuf v1.28.1
+	google.golang.org/protobuf v1.28.0
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 )
 
@@ -32,21 +32,17 @@ require (
 	github.com/c-robinson/iplib v1.0.3
 	github.com/coreos/go-iptables v0.6.0
 	github.com/creack/pty v1.1.18
-	github.com/eko/gocache/v3 v3.1.1
+	github.com/eko/gocache/v2 v2.3.1
 	github.com/getlantern/systray v1.2.1
 	github.com/gliderlabs/ssh v0.3.4
 	github.com/google/nftables v0.0.0-20220808154552-2eca00135732
 	github.com/libp2p/go-netroute v0.2.0
 	github.com/magiconair/properties v1.8.5
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/prometheus/client_golang v1.13.0
 	github.com/rs/xid v1.3.0
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
-	github.com/stretchr/testify v1.8.0
-	go.opentelemetry.io/otel/exporters/prometheus v0.33.0
-	go.opentelemetry.io/otel/metric v0.33.0
-	go.opentelemetry.io/otel/sdk/metric v0.33.0
-	golang.org/x/net v0.0.0-20220630215102-69896b714898
+	github.com/stretchr/testify v1.7.1
+	golang.org/x/net v0.0.0-20220513224357-95641704303c
 	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
 )
 
@@ -69,13 +65,11 @@ require (
 	github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f // indirect
 	github.com/go-gl/gl v0.0.0-20210813123233-e4099ee2221f // indirect
 	github.com/go-gl/glfw/v3.3/glfw v0.0.0-20211024062804-40e447a793be // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
-	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-redis/redis/v8 v8.11.5 // indirect
 	github.com/go-stack/stack v1.8.0 // indirect
 	github.com/godbus/dbus/v5 v5.0.4 // indirect
 	github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.5.7 // indirect
 	github.com/google/gopacket v1.1.19 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 // indirect
@@ -86,31 +80,28 @@ require (
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect
 	github.com/pegasus-kv/thrift v0.13.0 // indirect
-	github.com/pion/dtls/v2 v2.1.5 // indirect
+	github.com/pion/dtls/v2 v2.1.2 // indirect
 	github.com/pion/logging v0.2.2 // indirect
 	github.com/pion/mdns v0.0.5 // indirect
 	github.com/pion/randutil v0.1.0 // indirect
 	github.com/pion/stun v0.3.5 // indirect
-	github.com/pion/transport v0.13.1 // indirect
-	github.com/pion/turn/v2 v2.0.8 // indirect
+	github.com/pion/transport v0.13.0 // indirect
+	github.com/pion/turn/v2 v2.0.7 // indirect
 	github.com/pion/udp v0.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_golang v1.12.2 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/prometheus/common v0.33.0 // indirect
+	github.com/prometheus/procfs v0.7.3 // indirect
 	github.com/rogpeppe/go-internal v1.8.0 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/srwiley/oksvg v0.0.0-20200311192757-870daf9aa564 // indirect
 	github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9 // indirect
 	github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect
 	github.com/yuin/goldmark v1.4.1 // indirect
-	go.opentelemetry.io/otel v1.11.1 // indirect
-	go.opentelemetry.io/otel/sdk v1.11.1 // indirect
-	go.opentelemetry.io/otel/trace v1.11.1 // indirect
-	golang.org/x/exp v0.0.0-20220518171630-0b5c67f07fdf // indirect
 	golang.org/x/image v0.0.0-20200430140353-33d19683fad8 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
-	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/text v0.3.8-0.20211105212822-18b340fc7af2 // indirect
 	golang.org/x/tools v0.1.10 // indirect
 	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
@@ -121,11 +112,11 @@ require (
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	honnef.co/go/tools v0.2.2 // indirect
 	k8s.io/apimachinery v0.23.5 // indirect
 )
 
-replace github.com/kardianos/service => github.com/netbirdio/service v0.0.0-20220905002524-6ac14ad5ea84
+replace github.com/pion/ice/v2 => github.com/wiretrustee/ice/v2 v2.1.21-0.20220218121004-dc81faead4bb
 
-replace github.com/getlantern/systray => github.com/netbirdio/systray v0.0.0-20221012095658-dc8eda872c0c
+replace github.com/kardianos/service => github.com/netbirdio/service v0.0.0-20220905002524-6ac14ad5ea84

go.sum

@@ -134,8 +134,8 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cu
 github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
-github.com/eko/gocache/v3 v3.1.1 h1:r3CBwLnqPkcK56h9Do2CWw1kZ4TeKK0wDE1Oo/YZnhs=
-github.com/eko/gocache/v3 v3.1.1/go.mod h1:UpP/LyHAioP/a/dizgl0MpgZ3A3CkS4NbG/mWkGTQ9M=
+github.com/eko/gocache/v2 v2.3.1 h1:8MMkfqGJ0KIA9OXT0rXevcEIrU16oghrGDiIDJDFCa0=
+github.com/eko/gocache/v2 v2.3.1/go.mod h1:l2z8OmpZHL0CpuzDJtxm267eF3mZW1NqUsMj+sKrbUs=
 github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
@@ -178,6 +178,8 @@ github.com/getlantern/hidden v0.0.0-20190325191715-f02dbb02be55 h1:XYzSdCbkzOC0F
 github.com/getlantern/hidden v0.0.0-20190325191715-f02dbb02be55/go.mod h1:6mmzY2kW1TOOrVy+r41Za2MxXM+hhqTtY3oBKd2AgFA=
 github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f h1:wrYrQttPS8FHIRSlsrcuKazukx/xqO/PpLZzZXsF+EA=
 github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f/go.mod h1:D5ao98qkA6pxftxoqzibIBBrLSUli+kYnJqrgBf9cIA=
+github.com/getlantern/systray v1.2.1 h1:udsC2k98v2hN359VTFShuQW6GGprRprw6kD6539JikI=
+github.com/getlantern/systray v1.2.1/go.mod h1:AecygODWIsBquJCJFop8MEQcJbWFfw/1yWbVabNgpCM=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
@@ -202,11 +204,6 @@ github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KE
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
-github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
@@ -283,8 +280,8 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
+github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -477,8 +474,6 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRW
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/netbirdio/service v0.0.0-20220905002524-6ac14ad5ea84 h1:u8kpzR9ld1uAeH/BAXsS0SfcnhooLWeO7UgHSBVPD9I=
 github.com/netbirdio/service v0.0.0-20220905002524-6ac14ad5ea84/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
-github.com/netbirdio/systray v0.0.0-20221012095658-dc8eda872c0c h1:wK/s4nyZj/GF/kFJQjX6nqNfE0G3gcqd6hhnPCyp4sw=
-github.com/netbirdio/systray v0.0.0-20221012095658-dc8eda872c0c/go.mod h1:AecygODWIsBquJCJFop8MEQcJbWFfw/1yWbVabNgpCM=
 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
@@ -510,10 +505,8 @@ github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTK
 github.com/pegasus-kv/thrift v0.13.0 h1:4ESwaNoHImfbHa9RUGJiJZ4hrxorihZHk5aarYwY8d4=
 github.com/pegasus-kv/thrift v0.13.0/go.mod h1:Gl9NT/WHG6ABm6NsrbfE8LiJN0sAyneCrvB4qN4NPqQ=
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pion/dtls/v2 v2.1.5 h1:jlh2vtIyUBShchoTDqpCCqiYCyRFJ/lvf/gQ8TALs+c=
-github.com/pion/dtls/v2 v2.1.5/go.mod h1:BqCE7xPZbPSubGasRoDFJeTsyJtdD1FanJYL0JGheqY=
-github.com/pion/ice/v2 v2.2.7 h1:kG9tux3WdYUSqqqnf+O5zKlpy41PdlvLUBlYJeV2emQ=
-github.com/pion/ice/v2 v2.2.7/go.mod h1:Ckj7cWZ717rtU01YoDQA9ntGWCk95D42uVZ8sI0EL+8=
+github.com/pion/dtls/v2 v2.1.2 h1:22Q1Jk9L++Yo7BIf9130MonNPfPVb+YgdYLeyQotuAA=
+github.com/pion/dtls/v2 v2.1.2/go.mod h1:o6+WvyLDAlXF7YiPB/RlskRoeK+/JtuaZa5emwQcWus=
 github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
 github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
 github.com/pion/mdns v0.0.5 h1:Q2oj/JB3NqfzY9xGZ1fPzZzK7sDSD8rZPOvcIQ10BCw=
@@ -523,11 +516,10 @@ github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TB
 github.com/pion/stun v0.3.5 h1:uLUCBCkQby4S1cf6CGuR9QrVOKcvUwFeemaC865QHDg=
 github.com/pion/stun v0.3.5/go.mod h1:gDMim+47EeEtfWogA37n6qXZS88L5V6LqFcf+DZA2UA=
 github.com/pion/transport v0.12.2/go.mod h1:N3+vZQD9HlDP5GWkZ85LohxNsDcNgofQmyL6ojX5d8Q=
+github.com/pion/transport v0.13.0 h1:KWTA5ZrQogizzYwPEciGtHPLwpAjE91FgXnyu+Hv2uY=
 github.com/pion/transport v0.13.0/go.mod h1:yxm9uXpK9bpBBWkITk13cLo1y5/ur5VQpG22ny6EP7g=
-github.com/pion/transport v0.13.1 h1:/UH5yLeQtwm2VZIPjxwnNFxjS4DFhyLfS4GlfuKUzfA=
-github.com/pion/transport v0.13.1/go.mod h1:EBxbqzyv+ZrmDb82XswEE0BjfQFtuw1Nu6sjnjWCsGg=
-github.com/pion/turn/v2 v2.0.8 h1:KEstL92OUN3k5k8qxsXHpr7WWfrdp7iJZHx99ud8muw=
-github.com/pion/turn/v2 v2.0.8/go.mod h1:+y7xl719J8bAEVpSXBXvTxStjJv3hbz9YFflvkpcGPw=
+github.com/pion/turn/v2 v2.0.7 h1:SZhc00WDovK6czaN1RSiHqbwANtIO6wfZQsU0m0KNE8=
+github.com/pion/turn/v2 v2.0.7/go.mod h1:+y7xl719J8bAEVpSXBXvTxStjJv3hbz9YFflvkpcGPw=
 github.com/pion/udp v0.1.1 h1:8UAPvyqmsxK8oOjloDk4wUt63TzFe9WEJkg5lChlj7o=
 github.com/pion/udp v0.1.1/go.mod h1:6AFo+CMdKQm7UiA0eUPA8/eVCTx8jBIITLZHc9DWX5M=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -547,8 +539,8 @@ github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3O
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU=
-github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
+github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34=
+github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -559,16 +551,15 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
-github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
+github.com/prometheus/common v0.33.0 h1:rHgav/0a6+uYgGdNt3jwz8FNSesO/Hsang3O0T9A5SE=
+github.com/prometheus/common v0.33.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
@@ -615,7 +606,6 @@ github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9/go.mod h1:mvWM0+15
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
@@ -623,9 +613,8 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
@@ -635,6 +624,8 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
+github.com/wiretrustee/ice/v2 v2.1.21-0.20220218121004-dc81faead4bb h1:CU1/+CEeCPvYXgfAyqTJXSQSf6hW3wsWM6Dfz6HkHEQ=
+github.com/wiretrustee/ice/v2 v2.1.21-0.20220218121004-dc81faead4bb/go.mod h1:XT1Nrb4OxbVFPffbQMbq4PaeEkpRLVzdphh3fjrw7DY=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -654,18 +645,6 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opentelemetry.io/otel v1.11.1 h1:4WLLAmcfkmDk2ukNXJyq3/kiz/3UzCaYq6PskJsaou4=
-go.opentelemetry.io/otel v1.11.1/go.mod h1:1nNhXBbWSD0nsL38H6btgnFN2k4i0sNLHNNMZMSbUGE=
-go.opentelemetry.io/otel/exporters/prometheus v0.33.0 h1:xXhPj7SLKWU5/Zd4Hxmd+X1C4jdmvc0Xy+kvjFx2z60=
-go.opentelemetry.io/otel/exporters/prometheus v0.33.0/go.mod h1:ZSmYfKdYWEdSDBB4njLBIwTf4AU2JNsH3n2quVQDebI=
-go.opentelemetry.io/otel/metric v0.33.0 h1:xQAyl7uGEYvrLAiV/09iTJlp1pZnQ9Wl793qbVvED1E=
-go.opentelemetry.io/otel/metric v0.33.0/go.mod h1:QlTYc+EnYNq/M2mNk1qDDMRLpqCOj2f/r5c7Fd5FYaI=
-go.opentelemetry.io/otel/sdk v1.11.1 h1:F7KmQgoHljhUuJyA+9BiU+EkJfyX5nVVF4wyzWZpKxs=
-go.opentelemetry.io/otel/sdk v1.11.1/go.mod h1:/l3FE4SupHJ12TduVjUkZtlfFqDCQJlOlithYrdktys=
-go.opentelemetry.io/otel/sdk/metric v0.33.0 h1:oTqyWfksgKoJmbrs2q7O7ahkJzt+Ipekihf8vhpa9qo=
-go.opentelemetry.io/otel/sdk/metric v0.33.0/go.mod h1:xdypMeA21JBOvjjzDUtD0kzIcHO/SPez+a8HOzJPGp0=
-go.opentelemetry.io/otel/trace v1.11.1 h1:ofxdnzsNrGBYXbP7t7zpUK281+go5rF7dvdIZXF8gdQ=
-go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
@@ -683,7 +662,7 @@ golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9 h1:NUzdAbFtCJSXU20AOXgeqaUwg8Ypg4MPYmL+d+rsB5c=
 golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -696,8 +675,6 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20220518171630-0b5c67f07fdf h1:oXVg4h2qJDd9htKxb5SCpFBHLipW6hXmL3qpUixS2jw=
-golang.org/x/exp v0.0.0-20220518171630-0b5c67f07fdf/go.mod h1:yh0Ynu2b5ZUe3MQfp2nM0ecK7wsgouWTDN0FNeJuIys=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20200430140353-33d19683fad8 h1:6WW6V3x1P/jokJBpRQYUJnMHRP6isStQwCozxnU7XQw=
@@ -795,10 +772,8 @@ golang.org/x/net v0.0.0-20211208012354-db4efeb81f4b/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220531201128-c960675eff93/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220630215102-69896b714898 h1:K7wO6V1IrczY9QOQ2WkVpw4JQSwCd52UsxVEirZUfiw=
-golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220513224357-95641704303c h1:nF9mHSvoKBLkQNQhJZNsc66z2UzAMUbLGjC95CF3pU0=
+golang.org/x/net v0.0.0-20220513224357-95641704303c/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -827,9 +802,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -932,10 +906,8 @@ golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211214234402-4825e8c3871d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220608164250-635b8c9b7f68/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 h1:h+EGohizhe9XlX18rfpa8k8RAc5XyaeamM+0VHRd4lc=
-golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664 h1:wEZYwx+kK+KlZ0hpvP2Ls1Xr4+RWnlzGFwPP0aiDjIU=
+golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 h1:CBpWXWQpIRjzmkkA+M7q9Fqnwd2mZr3AFqexg8YTfoM=
@@ -1181,8 +1153,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1213,9 +1185,8 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

iface/iface_darwin.go

@@ -34,7 +34,7 @@ func (w *WGIface) assignAddr() error {
 	return nil
 }
 
-// WireguardModuleIsLoaded check if we can load wireguard mod (linux only)
-func WireguardModuleIsLoaded() bool {
+// WireguardModExists check if we can load wireguard mod (linux only)
+func WireguardModExists() bool {
 	return false
 }

iface/iface_linux.go

@@ -1,29 +1,48 @@
 package iface
 
 import (
-	"fmt"
+	"errors"
+	"math"
+	"os"
+	"syscall"
+
 	log "github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
-	"os"
 )
 
 type NativeLink struct {
 	Link *netlink.Link
 }
 
+// WireguardModExists check if we can load wireguard mod (linux only)
+func WireguardModExists() bool {
+	link := newWGLink("mustnotexist")
+
+	// We willingly try to create a device with an invalid
+	// MTU here as the validation of the MTU will be performed after
+	// the validation of the link kind and hence allows us to check
+	// for the existance of the wireguard module without actually
+	// creating a link.
+	//
+	// As a side-effect, this will also let the kernel lazy-load
+	// the wireguard module.
+	link.attrs.MTU = math.MaxInt
+
+	err := netlink.LinkAdd(link)
+
+	return errors.Is(err, syscall.EINVAL)
+}
+
 // Create creates a new Wireguard interface, sets a given IP and brings it up.
 // Will reuse an existing one.
 func (w *WGIface) Create() error {
 	w.mu.Lock()
 	defer w.mu.Unlock()
 
-	if WireguardModuleIsLoaded() {
+	if WireguardModExists() {
 		log.Info("using kernel WireGuard")
 		return w.createWithKernel()
 	} else {
-		if !tunModuleIsLoaded() {
-			return fmt.Errorf("couldn't check or load tun module")
-		}
 		log.Info("using userspace WireGuard")
 		return w.createWithUserspace()
 	}

iface/iface_test.go

@@ -89,6 +89,7 @@ func getIfaceAddrs(ifaceName string) ([]net.Addr, error) {
 	return addrs, nil
 }
 
+//
 func Test_CreateInterface(t *testing.T) {
 	ifaceName := fmt.Sprintf("utun%d", WgIntNumber+1)
 	wgIP := "10.99.99.1/32"
@@ -368,8 +369,8 @@ func Test_ConnectPeers(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	// todo: investigate why in some tests execution we need 30s
-	timeout := 30 * time.Second
+
+	timeout := 10 * time.Second
 	timeoutChannel := time.After(timeout)
 	for {
 		select {

iface/iface_windows.go

@@ -58,7 +58,7 @@ func (w *WGIface) UpdateAddr(newAddr string) error {
 	return w.assignAddr(luid)
 }
 
-// WireguardModuleIsLoaded check if we can load wireguard mod (linux only)
-func WireguardModuleIsLoaded() bool {
+// WireguardModExists check if we can load wireguard mod (linux only)
+func WireguardModExists() bool {
 	return false
 }

iface/module_linux.go

@@ -1,350 +0,0 @@
-// Package iface provides wireguard network interface creation and management
-package iface
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	log "github.com/sirupsen/logrus"
-	"github.com/vishvananda/netlink"
-	"golang.org/x/sys/unix"
-	"io/fs"
-	"io/ioutil"
-	"math"
-	"os"
-	"path/filepath"
-	"strings"
-	"syscall"
-)
-
-// Holds logic to check existence of kernel modules used by wireguard interfaces
-// Copied from https://github.com/paultag/go-modprobe and
-// https://github.com/pmorjan/kmod
-
-type status int
-
-const (
-	defaultModuleDir        = "/lib/modules"
-	unknown          status = iota
-	unloaded
-	unloading
-	loading
-	live
-	inuse
-)
-
-type module struct {
-	name string
-	path string
-}
-
-var (
-	// ErrModuleNotFound is the error resulting if a module can't be found.
-	ErrModuleNotFound = errors.New("module not found")
-	moduleLibDir      = defaultModuleDir
-	// get the root directory for the kernel modules. If this line panics,
-	// it's because getModuleRoot has failed to get the uname of the running
-	// kernel (likely a non-POSIX system, but maybe a broken kernel?)
-	moduleRoot = getModuleRoot()
-)
-
-// Get the module root (/lib/modules/$(uname -r)/)
-func getModuleRoot() string {
-	uname := unix.Utsname{}
-	if err := unix.Uname(&uname); err != nil {
-		panic(err)
-	}
-
-	i := 0
-	for ; uname.Release[i] != 0; i++ {
-	}
-
-	return filepath.Join(moduleLibDir, string(uname.Release[:i]))
-}
-
-// tunModuleIsLoaded check if tun module exist, if is not attempt to load it
-func tunModuleIsLoaded() bool {
-	_, err := os.Stat("/dev/net/tun")
-	if err == nil {
-		return true
-	}
-
-	log.Infof("couldn't access device /dev/net/tun, go error %v, "+
-		"will attempt to load tun module, if running on container add flag --cap-add=NET_ADMIN", err)
-
-	tunLoaded, err := tryToLoadModule("tun")
-	if err != nil {
-		log.Errorf("unable to find or load tun module, got error: %v", err)
-	}
-	return tunLoaded
-}
-
-// WireguardModuleIsLoaded check if we can load wireguard mod (linux only)
-func WireguardModuleIsLoaded() bool {
-	if canCreateFakeWireguardInterface() {
-		return true
-	}
-
-	loaded, err := tryToLoadModule("wireguard")
-	if err != nil {
-		log.Info(err)
-		return false
-	}
-
-	return loaded
-}
-
-func canCreateFakeWireguardInterface() bool {
-	link := newWGLink("mustnotexist")
-
-	// We willingly try to create a device with an invalid
-	// MTU here as the validation of the MTU will be performed after
-	// the validation of the link kind and hence allows us to check
-	// for the existance of the wireguard module without actually
-	// creating a link.
-	//
-	// As a side-effect, this will also let the kernel lazy-load
-	// the wireguard module.
-	link.attrs.MTU = math.MaxInt
-
-	err := netlink.LinkAdd(link)
-
-	return errors.Is(err, syscall.EINVAL)
-}
-
-func tryToLoadModule(moduleName string) (bool, error) {
-	if isModuleEnabled(moduleName) {
-		return true, nil
-	}
-	modulePath, err := getModulePath(moduleName)
-	if err != nil {
-		return false, fmt.Errorf("couldn't find module path for %s, error: %v", moduleName, err)
-	}
-	if modulePath == "" {
-		return false, nil
-	}
-
-	log.Infof("trying to load %s module", moduleName)
-
-	err = loadModuleWithDependencies(moduleName, modulePath)
-	if err != nil {
-		return false, fmt.Errorf("couldn't load %s module, error: %v", moduleName, err)
-	}
-	return true, nil
-}
-
-func isModuleEnabled(name string) bool {
-	builtin, builtinErr := isBuiltinModule(name)
-	state, statusErr := moduleStatus(name)
-	return (builtinErr == nil && builtin) || (statusErr == nil && state >= loading)
-}
-
-func getModulePath(name string) (string, error) {
-	var foundPath string
-	skipRemainingDirs := false
-
-	err := filepath.WalkDir(
-		moduleRoot,
-		func(path string, info fs.DirEntry, err error) error {
-			if skipRemainingDirs {
-				return fs.SkipDir
-			}
-			if err != nil {
-				// skip broken files
-				return nil
-			}
-
-			if !info.Type().IsRegular() {
-				return nil
-			}
-
-			nameFromPath := pathToName(path)
-			if nameFromPath == name {
-				foundPath = path
-				skipRemainingDirs = true
-			}
-
-			return nil
-		})
-
-	if err != nil {
-		return "", err
-	}
-
-	return foundPath, nil
-}
-
-func pathToName(s string) string {
-	s = filepath.Base(s)
-	for ext := filepath.Ext(s); ext != ""; ext = filepath.Ext(s) {
-		s = strings.TrimSuffix(s, ext)
-	}
-	return cleanName(s)
-}
-
-func cleanName(s string) string {
-	return strings.ReplaceAll(strings.TrimSpace(s), "-", "_")
-}
-
-func isBuiltinModule(name string) (bool, error) {
-	f, err := os.Open(filepath.Join(moduleRoot, "/modules.builtin"))
-	if err != nil {
-		return false, err
-	}
-	defer func() {
-		err := f.Close()
-		if err != nil {
-			log.Errorf("failed closing modules.builtin file, %v", err)
-		}
-	}()
-
-	var found bool
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		line := scanner.Text()
-		if pathToName(line) == name {
-			found = true
-			break
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return false, err
-	}
-	return found, nil
-}
-
-// /proc/modules
-//
-//	     name | memory size | reference count | references | state: <Live|Loading|Unloading>
-//			macvlan 28672 1 macvtap, Live 0x0000000000000000
-func moduleStatus(name string) (status, error) {
-	state := unknown
-	f, err := os.Open("/proc/modules")
-	if err != nil {
-		return state, err
-	}
-	defer func() {
-		err := f.Close()
-		if err != nil {
-			log.Errorf("failed closing /proc/modules file, %v", err)
-		}
-	}()
-
-	state = unloaded
-
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		fields := strings.Fields(scanner.Text())
-		if fields[0] == name {
-			if fields[2] != "0" {
-				state = inuse
-				break
-			}
-			switch fields[4] {
-			case "Live":
-				state = live
-			case "Loading":
-				state = loading
-			case "Unloading":
-				state = unloading
-			}
-			break
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return state, err
-	}
-
-	return state, nil
-}
-
-func loadModuleWithDependencies(name, path string) error {
-	deps, err := getModuleDependencies(name)
-	if err != nil {
-		return fmt.Errorf("couldn't load list of module %s dependecies", name)
-	}
-	for _, dep := range deps {
-		err = loadModule(dep.name, dep.path)
-		if err != nil {
-			return fmt.Errorf("couldn't load dependecy module %s for %s", dep.name, name)
-		}
-	}
-	return loadModule(name, path)
-}
-
-func loadModule(name, path string) error {
-	state, err := moduleStatus(name)
-	if err != nil {
-		return err
-	}
-	if state >= loading {
-		return nil
-	}
-
-	f, err := os.Open(path)
-	if err != nil {
-		return err
-	}
-	defer func() {
-		err := f.Close()
-		if err != nil {
-			log.Errorf("failed closing %s file, %v", path, err)
-		}
-	}()
-
-	// first try finit_module(2), then init_module(2)
-	err = unix.FinitModule(int(f.Fd()), "", 0)
-	if errors.Is(err, unix.ENOSYS) {
-		buf, err := ioutil.ReadAll(f)
-		if err != nil {
-			return err
-		}
-		return unix.InitModule(buf, "")
-	}
-	return err
-}
-
-// getModuleDependencies returns a module dependencies
-func getModuleDependencies(name string) ([]module, error) {
-	f, err := os.Open(filepath.Join(moduleRoot, "/modules.dep"))
-	if err != nil {
-		return nil, err
-	}
-	defer func() {
-		err := f.Close()
-		if err != nil {
-			log.Errorf("failed closing modules.dep file, %v", err)
-		}
-	}()
-
-	var deps []string
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		line := scanner.Text()
-		fields := strings.Fields(line)
-		if pathToName(strings.TrimSuffix(fields[0], ":")) == name {
-			deps = fields
-			break
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return nil, err
-	}
-
-	if len(deps) == 0 {
-		return nil, ErrModuleNotFound
-	}
-	deps[0] = strings.TrimSuffix(deps[0], ":")
-
-	var modules []module
-	for _, v := range deps {
-		if pathToName(v) != name {
-			modules = append(modules, module{
-				name: pathToName(v),
-				path: filepath.Join(moduleRoot, v),
-			})
-		}
-	}
-
-	return modules, nil
-}

iface/module_linux_test.go

@@ -1,221 +0,0 @@
-package iface
-
-import (
-	"bufio"
-	"bytes"
-	"github.com/stretchr/testify/require"
-	"golang.org/x/sys/unix"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-	"testing"
-)
-
-func TestGetModuleDependencies(t *testing.T) {
-	testCases := []struct {
-		name     string
-		module   string
-		expected []module
-	}{
-		{
-			name:   "Get Single Dependency",
-			module: "bar",
-			expected: []module{
-				{name: "foo", path: "kernel/a/foo.ko"},
-			},
-		},
-		{
-			name:   "Get Multiple Dependencies",
-			module: "baz",
-			expected: []module{
-				{name: "foo", path: "kernel/a/foo.ko"},
-				{name: "bar", path: "kernel/a/bar.ko"},
-			},
-		},
-		{
-			name:     "Get No Dependencies",
-			module:   "foo",
-			expected: []module{},
-		},
-	}
-
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			defer resetGlobals()
-			_, _ = createFiles(t)
-			modules, err := getModuleDependencies(testCase.module)
-			require.NoError(t, err)
-
-			expected := testCase.expected
-			for i := range expected {
-				expected[i].path = moduleRoot + "/" + expected[i].path
-			}
-
-			require.ElementsMatchf(t, modules, expected, "returned modules should match")
-		})
-	}
-}
-
-func TestIsBuiltinModule(t *testing.T) {
-	testCases := []struct {
-		name     string
-		module   string
-		expected bool
-	}{
-		{
-			name:     "Built In Should Return True",
-			module:   "foo_bi",
-			expected: true,
-		},
-		{
-			name:     "Not Built In Should Return False",
-			module:   "not_built_in",
-			expected: false,
-		},
-	}
-
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			defer resetGlobals()
-			_, _ = createFiles(t)
-
-			isBuiltIn, err := isBuiltinModule(testCase.module)
-			require.NoError(t, err)
-			require.Equal(t, testCase.expected, isBuiltIn)
-		})
-	}
-}
-
-func TestModuleStatus(t *testing.T) {
-	random, err := getRandomLoadedModule(t)
-	if err != nil {
-		t.Fatal("should be able to get random module")
-	}
-	testCases := []struct {
-		name           string
-		module         string
-		shouldBeLoaded bool
-	}{
-		{
-			name:           "Should Return Module Loading Or Greater Status",
-			module:         random,
-			shouldBeLoaded: true,
-		},
-		{
-			name:           "Should Return Module Unloaded Or Lower Status",
-			module:         "not_loaded_module",
-			shouldBeLoaded: false,
-		},
-	}
-
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			defer resetGlobals()
-			_, _ = createFiles(t)
-
-			state, err := moduleStatus(testCase.module)
-			require.NoError(t, err)
-			if testCase.shouldBeLoaded {
-				require.GreaterOrEqual(t, loading, state, "moduleStatus for %s should return state loading", testCase.module)
-			} else {
-				require.Less(t, state, loading, "module should return state unloading or lower")
-			}
-		})
-	}
-}
-
-func resetGlobals() {
-	moduleLibDir = defaultModuleDir
-	moduleRoot = getModuleRoot()
-}
-
-func createFiles(t *testing.T) (string, []module) {
-	writeFile := func(path, text string) {
-		if err := ioutil.WriteFile(path, []byte(text), 0644); err != nil {
-			t.Fatal(err)
-		}
-	}
-	var u unix.Utsname
-	if err := unix.Uname(&u); err != nil {
-		t.Fatal(err)
-	}
-
-	moduleLibDir = t.TempDir()
-
-	moduleRoot = getModuleRoot()
-	if err := os.Mkdir(moduleRoot, 0755); err != nil {
-		t.Fatal(err)
-	}
-
-	text := "kernel/a/foo.ko:\n"
-	text += "kernel/a/bar.ko: kernel/a/foo.ko\n"
-	text += "kernel/a/baz.ko: kernel/a/bar.ko kernel/a/foo.ko\n"
-	writeFile(filepath.Join(moduleRoot, "/modules.dep"), text)
-
-	text = "kernel/a/foo_bi.ko\n"
-	text += "kernel/a/bar-bi.ko.gz\n"
-	writeFile(filepath.Join(moduleRoot, "/modules.builtin"), text)
-
-	modules := []module{
-		{name: "foo", path: "kernel/a/foo.ko"},
-		{name: "bar", path: "kernel/a/bar.ko"},
-		{name: "baz", path: "kernel/a/baz.ko"},
-	}
-	return moduleLibDir, modules
-}
-
-func getRandomLoadedModule(t *testing.T) (string, error) {
-	f, err := os.Open("/proc/modules")
-	if err != nil {
-		return "", err
-	}
-	defer func() {
-		err := f.Close()
-		if err != nil {
-			t.Logf("failed closing /proc/modules file, %v", err)
-		}
-	}()
-	lines, err := lineCounter(f)
-	if err != nil {
-		return "", err
-	}
-	counter := 1
-	midLine := lines / 2
-	modName := ""
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		fields := strings.Fields(scanner.Text())
-		if counter == midLine {
-			if fields[4] == "Unloading" {
-				continue
-			}
-			modName = fields[0]
-			break
-		}
-		counter++
-	}
-	if scanner.Err() != nil {
-		return "", scanner.Err()
-	}
-	return modName, nil
-}
-func lineCounter(r io.Reader) (int, error) {
-	buf := make([]byte, 32*1024)
-	count := 0
-	lineSep := []byte{'\n'}
-
-	for {
-		c, err := r.Read(buf)
-		count += bytes.Count(buf[:c], lineSep)
-
-		switch {
-		case err == io.EOF:
-			return count, nil
-
-		case err != nil:
-			return count, err
-		}
-	}
-}

infrastructure_files/base.setup.env

@@ -10,8 +10,6 @@ NETBIRD_MGMT_API_ENDPOINT=https://$NETBIRD_DOMAIN:$NETBIRD_MGMT_API_PORT
 NETBIRD_MGMT_API_CERT_FILE="/etc/letsencrypt/live/$NETBIRD_DOMAIN/fullchain.pem"
 # Management Certficate key file path.
 NETBIRD_MGMT_API_CERT_KEY_FILE="/etc/letsencrypt/live/$NETBIRD_DOMAIN/privkey.pem"
-# By default Management single account mode is enabled and domain set to $NETBIRD_DOMAIN, you may want to set this to your user's email domain
-NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN=$NETBIRD_DOMAIN
 
 # Turn credentials
 
@@ -31,8 +29,6 @@ LETSENCRYPT_VOLUMESUFFIX="letsencrypt"
 
 NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
 
-NETBIRD_DISABLE_ANONYMOUS_METRICS=${NETBIRD_DISABLE_ANONYMOUS_METRICS:-false}
-
 # exports
 export NETBIRD_DOMAIN
 export NETBIRD_AUTH_CLIENT_ID
@@ -49,8 +45,6 @@ export NETBIRD_MGMT_API_CERT_KEY_FILE
 export NETBIRD_AUTH_DEVICE_AUTH_PROVIDER
 export NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID
 export NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT
-export NETBIRD_AUTH_REDIRECT_URI
-export NETBIRD_AUTH_SILENT_REDIRECT_URI
 export TURN_USER
 export TURN_PASSWORD
 export TURN_MIN_PORT
@@ -59,4 +53,3 @@ export VOLUME_PREFIX
 export MGMT_VOLUMESUFFIX
 export SIGNAL_VOLUMESUFFIX
 export LETSENCRYPT_VOLUMESUFFIX
-export NETBIRD_DISABLE_ANONYMOUS_METRICS

infrastructure_files/docker-compose.yml.tmpl

@@ -18,8 +18,6 @@ services:
       - NGINX_SSL_PORT=443
       - LETSENCRYPT_DOMAIN=$NETBIRD_DOMAIN
       - LETSENCRYPT_EMAIL=$NETBIRD_LETSENCRYPT_EMAIL
-      - AUTH_REDIRECT_URI=$NETBIRD_AUTH_REDIRECT_URI
-      - AUTH_SILENT_REDIRECT_URI=$NETBIRD_AUTH_SILENT_REDIRECT_URI
     volumes:
       - $LETSENCRYPT_VOLUMENAME:/etc/letsencrypt/
   # Signal
@@ -48,7 +46,7 @@ services:
   #     # port and command for Let's Encrypt validation without dashboard container
   #   - 443:443
   #    command: ["--letsencrypt-domain", "$NETBIRD_DOMAIN", "--log-file", "console"]
-    command: ["--port", "443", "--log-file", "console", "--disable-anonymous-metrics=$NETBIRD_DISABLE_ANONYMOUS_METRICS", "--single-account-mode-domain=$NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN"]
+    command: ["--port", "443", "--log-file", "console"]
   # Coturn
   coturn:
     image: coturn/coturn

infrastructure_files/setup.env.example

@@ -12,11 +12,4 @@ NETBIRD_USE_AUTH0="false"
 NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
 NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=""
 # e.g. hello@mydomain.com
-NETBIRD_LETSENCRYPT_EMAIL=""
-# if your IDP provider doesn't support fragmented URIs, configure custom
-# redirect and silent redirect URIs, these will be concatenated into your NETBIRD_DOMAIN domain.
-# NETBIRD_AUTH_REDIRECT_URI="/peers"
-# NETBIRD_AUTH_SILENT_REDIRECT_URI="/add-peers"
-
-# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
-NETBIRD_DISABLE_ANONYMOUS_METRICS=false
+NETBIRD_LETSENCRYPT_EMAIL=""

infrastructure_files/tests/setup.env

@@ -10,5 +10,4 @@ NETBIRD_AUTH_CLIENT_ID=$CI_NETBIRD_AUTH_CLIENT_ID
 NETBIRD_USE_AUTH0=$CI_NETBIRD_USE_AUTH0
 NETBIRD_AUTH_AUDIENCE=$CI_NETBIRD_AUTH_AUDIENCE
 # e.g. hello@mydomain.com
-NETBIRD_LETSENCRYPT_EMAIL=""
-NETBIRD_AUTH_REDIRECT_URI="/peers"
+NETBIRD_LETSENCRYPT_EMAIL=""

management/client/client_test.go

@@ -55,12 +55,12 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
 	}
 
 	peersUpdateManager := mgmt.NewPeersUpdateManager()
-	accountManager, err := mgmt.BuildManager(store, peersUpdateManager, nil, "")
+	accountManager, err := mgmt.BuildManager(store, peersUpdateManager, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
 	turnManager := mgmt.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig)
-	mgmtServer, err := mgmt.NewServer(config, accountManager, peersUpdateManager, turnManager, nil)
+	mgmtServer, err := mgmt.NewServer(config, accountManager, peersUpdateManager, turnManager)
 	if err != nil {
 		t.Fatal(err)
 	}

management/client/grpc.go

@@ -109,9 +109,7 @@ func (c *GrpcClient) Sync(msgHandler func(msg *proto.SyncResponse) error) error
 			return err
 		}
 
-		ctx, cancelStream := context.WithCancel(c.ctx)
-		defer cancelStream()
-		stream, err := c.connectToStream(ctx, *serverPubKey)
+		stream, err := c.connectToStream(*serverPubKey)
 		if err != nil {
 			log.Debugf("failed to open Management Service stream: %s", err)
 			if s, ok := gstatus.FromError(err); ok && s.Code() == codes.PermissionDenied {
@@ -147,7 +145,7 @@ func (c *GrpcClient) Sync(msgHandler func(msg *proto.SyncResponse) error) error
 	return nil
 }
 
-func (c *GrpcClient) connectToStream(ctx context.Context, serverPubKey wgtypes.Key) (proto.ManagementService_SyncClient, error) {
+func (c *GrpcClient) connectToStream(serverPubKey wgtypes.Key) (proto.ManagementService_SyncClient, error) {
 	req := &proto.SyncRequest{}
 
 	myPrivateKey := c.key
@@ -158,12 +156,9 @@ func (c *GrpcClient) connectToStream(ctx context.Context, serverPubKey wgtypes.K
 		log.Errorf("failed encrypting message: %s", err)
 		return nil, err
 	}
+
 	syncReq := &proto.EncryptedMessage{WgPubKey: myPublicKey.String(), Body: encryptedReq}
-	sync, err := c.realClient.Sync(ctx, syncReq)
-	if err != nil {
-		return nil, err
-	}
-	return sync, nil
+	return c.realClient.Sync(c.ctx, syncReq)
 }
 
 func (c *GrpcClient) receiveEvents(stream proto.ManagementService_SyncClient, serverPubKey wgtypes.Key, msgHandler func(msg *proto.SyncResponse) error) error {

management/cmd/management.go

@@ -1,16 +1,12 @@
 package cmd
 
 import (
-	"context"
 	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"flag"
 	"fmt"
-	"github.com/google/uuid"
 	httpapi "github.com/netbirdio/netbird/management/server/http"
-	"github.com/netbirdio/netbird/management/server/metrics"
-	"github.com/netbirdio/netbird/management/server/telemetry"
 	"golang.org/x/crypto/acme/autocert"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/h2c"
@@ -42,13 +38,11 @@ import (
 const ManagementLegacyPort = 33073
 
 var (
-	mgmtPort                int
-	mgmtMetricsPort         int
-	mgmtLetsencryptDomain   string
-	mgmtSingleAccModeDomain string
-	certFile                string
-	certKey                 string
-	config                  *server.Config
+	mgmtPort              int
+	mgmtLetsencryptDomain string
+	certFile              string
+	certKey               string
+	config                *server.Config
 
 	kaep = keepalive.EnforcementPolicy{
 		MinTime:             15 * time.Second,
@@ -116,27 +110,15 @@ var (
 			}
 			peersUpdateManager := server.NewPeersUpdateManager()
 
-			appMetrics, err := telemetry.NewDefaultAppMetrics(cmd.Context())
-			if err != nil {
-				return err
-			}
-			err = appMetrics.Expose(mgmtMetricsPort, "/metrics")
-			if err != nil {
-				return err
-			}
-
 			var idpManager idp.Manager
 			if config.IdpManagerConfig != nil {
-				idpManager, err = idp.NewManager(*config.IdpManagerConfig, appMetrics)
+				idpManager, err = idp.NewManager(*config.IdpManagerConfig)
 				if err != nil {
 					return fmt.Errorf("failed retrieving a new idp manager with err: %v", err)
 				}
 			}
 
-			if disableSingleAccMode {
-				mgmtSingleAccModeDomain = ""
-			}
-			accountManager, err := server.BuildManager(store, peersUpdateManager, idpManager, mgmtSingleAccModeDomain)
+			accountManager, err := server.BuildManager(store, peersUpdateManager, idpManager)
 			if err != nil {
 				return fmt.Errorf("failed to build default manager: %v", err)
 			}
@@ -166,34 +148,19 @@ var (
 				tlsEnabled = true
 			}
 
-			httpAPIHandler, err := httpapi.APIHandler(accountManager, config.HttpConfig.AuthIssuer,
-				config.HttpConfig.AuthAudience, config.HttpConfig.AuthKeysLocation, appMetrics)
+			httpAPIHandler, err := httpapi.APIHandler(accountManager,
+				config.HttpConfig.AuthIssuer, config.HttpConfig.AuthAudience, config.HttpConfig.AuthKeysLocation)
 			if err != nil {
 				return fmt.Errorf("failed creating HTTP API handler: %v", err)
 			}
 
 			gRPCAPIHandler := grpc.NewServer(gRPCOpts...)
-			srv, err := server.NewServer(config, accountManager, peersUpdateManager, turnManager, appMetrics)
+			srv, err := server.NewServer(config, accountManager, peersUpdateManager, turnManager)
 			if err != nil {
 				return fmt.Errorf("failed creating gRPC API handler: %v", err)
 			}
 			mgmtProto.RegisterManagementServiceServer(gRPCAPIHandler, srv)
 
-			installationID, err := getInstallationID(store)
-			if err != nil {
-				log.Errorf("cannot load TLS credentials: %v", err)
-				return err
-			}
-
-			fmt.Println("metrics ", disableMetrics)
-
-			if !disableMetrics {
-				ctx, cancel := context.WithCancel(context.Background())
-				defer cancel()
-				metricsWorker := metrics.NewWorker(ctx, installationID, store, peersUpdateManager)
-				go metricsWorker.Run()
-			}
-
 			var compatListener net.Listener
 			if mgmtPort != ManagementLegacyPort {
 				// The Management gRPC server was running on port 33073 previously. Old agents that are already connected to it
@@ -240,7 +207,6 @@ var (
 			SetupCloseHandler()
 
 			<-stopCh
-			_ = appMetrics.Close()
 			_ = listener.Close()
 			if certManager != nil {
 				_ = certManager.Listener().Close()
@@ -262,20 +228,6 @@ func notifyStop(msg string) {
 	}
 }
 
-func getInstallationID(store server.Store) (string, error) {
-	installationID := store.GetInstallationID()
-	if installationID != "" {
-		return installationID, nil
-	}
-
-	installationID = strings.ToUpper(uuid.New().String())
-	err := store.SaveInstallationID(installationID)
-	if err != nil {
-		return "", err
-	}
-	return installationID, nil
-}
-
 func serveGRPC(grpcServer *grpc.Server, port int) (net.Listener, error) {
 	listener, err := net.Listen("tcp", fmt.Sprintf(":%d", port))
 	if err != nil {
@@ -443,7 +395,7 @@ func loadTLSConfig(certFile string, certKey string) (*tls.Config, error) {
 		return nil, err
 	}
 
-	// NewDefaultAppMetrics the credentials and return it
+	// Create the credentials and return it
 	config := &tls.Config{
 		Certificates: []tls.Certificate{serverCert},
 		ClientAuth:   tls.NoClientCert,

management/cmd/root.go

@@ -13,23 +13,20 @@ const (
 )
 
 var (
-	defaultMgmtConfigDir       string
-	defaultMgmtDataDir         string
-	defaultMgmtConfig          string
-	defaultSingleAccModeDomain string
-	defaultLogDir              string
-	defaultLogFile             string
-	oldDefaultMgmtConfigDir    string
-	oldDefaultMgmtDataDir      string
-	oldDefaultMgmtConfig       string
-	oldDefaultLogDir           string
-	oldDefaultLogFile          string
-	mgmtDataDir                string
-	mgmtConfig                 string
-	logLevel                   string
-	logFile                    string
-	disableMetrics             bool
-	disableSingleAccMode       bool
+	defaultMgmtConfigDir    string
+	defaultMgmtDataDir      string
+	defaultMgmtConfig       string
+	defaultLogDir           string
+	defaultLogFile          string
+	oldDefaultMgmtConfigDir string
+	oldDefaultMgmtDataDir   string
+	oldDefaultMgmtConfig    string
+	oldDefaultLogDir        string
+	oldDefaultLogFile       string
+	mgmtDataDir             string
+	mgmtConfig              string
+	logLevel                string
+	logFile                 string
 
 	rootCmd = &cobra.Command{
 		Use:   "netbird-mgmt",
@@ -50,7 +47,6 @@ func init() {
 	stopCh = make(chan int)
 
 	defaultMgmtDataDir = "/var/lib/netbird/"
-	defaultSingleAccModeDomain = "netbird.selfhosted"
 	defaultMgmtConfigDir = "/etc/netbird"
 	defaultLogDir = "/var/log/netbird"
 
@@ -65,15 +61,11 @@ func init() {
 	oldDefaultLogFile = oldDefaultLogDir + "/management.log"
 
 	mgmtCmd.Flags().IntVar(&mgmtPort, "port", 80, "server port to listen on (defaults to 443 if TLS is enabled, 80 otherwise")
-	mgmtCmd.Flags().IntVar(&mgmtMetricsPort, "metrics-port", 8081, "metrics endpoint http port. Metrics are accessible under host:metrics-port/metrics")
 	mgmtCmd.Flags().StringVar(&mgmtDataDir, "datadir", defaultMgmtDataDir, "server data directory location")
 	mgmtCmd.Flags().StringVar(&mgmtConfig, "config", defaultMgmtConfig, "Netbird config file location. Config params specified via command line (e.g. datadir) have a precedence over configuration from this file")
 	mgmtCmd.Flags().StringVar(&mgmtLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")
-	mgmtCmd.Flags().StringVar(&mgmtSingleAccModeDomain, "single-account-mode-domain", defaultSingleAccModeDomain, "Enables single account mode. This means that all the users will be under the same account grouped by the specified domain. If the installation has more than one account, the property is ineffective. Enabled by default with the default domain "+defaultSingleAccModeDomain)
-	mgmtCmd.Flags().BoolVar(&disableSingleAccMode, "disable-single-account-mode", false, "If set to true, disables single account mode. The --single-account-mode-domain property will be ignored and every new user will have a separate NetBird account.")
 	mgmtCmd.Flags().StringVar(&certFile, "cert-file", "", "Location of your SSL certificate. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect")
 	mgmtCmd.Flags().StringVar(&certKey, "cert-key", "", "Location of your SSL certificate private key. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect")
-	mgmtCmd.Flags().BoolVar(&disableMetrics, "disable-anonymous-metrics", false, "disables push of anonymous usage metrics to NetBird")
 	rootCmd.MarkFlagRequired("config") //nolint
 
 	rootCmd.PersistentFlags().StringVar(&logLevel, "log-level", "info", "")

management/proto/generate.sh

@@ -1,17 +1,4 @@
 #!/bin/bash
-set -e
-
-if ! which realpath > /dev/null 2>&1
-then
-  echo realpath is not installed
-  echo run: brew install coreutils
-  exit 1
-fi
-
-old_pwd=$(pwd)
-script_path=$(dirname $(realpath "$0"))
-cd "$script_path"
 go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26
 go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1
-protoc -I ./ ./management.proto --go_out=../ --go-grpc_out=../
-cd "$old_pwd"
+protoc -I proto/ proto/management.proto --go_out=. --go-grpc_out=.

management/server/account.go

@@ -3,9 +3,8 @@ package server
 import (
 	"context"
 	"fmt"
-	"github.com/eko/gocache/v3/cache"
-	cacheStore "github.com/eko/gocache/v3/store"
-	nbdns "github.com/netbirdio/netbird/dns"
+	"github.com/eko/gocache/v2/cache"
+	cacheStore "github.com/eko/gocache/v2/store"
 	"github.com/netbirdio/netbird/management/server/idp"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/route"
@@ -16,7 +15,6 @@ import (
 	"google.golang.org/grpc/status"
 	"math/rand"
 	"reflect"
-	"regexp"
 	"strings"
 	"sync"
 	"time"
@@ -30,11 +28,6 @@ const (
 	CacheExpirationMin = 3 * 24 * 3600 * time.Second // 3 days
 )
 
-func cacheEntryExpiration() time.Duration {
-	r := rand.Intn(int(CacheExpirationMax.Milliseconds()-CacheExpirationMin.Milliseconds())) + int(CacheExpirationMin.Milliseconds())
-	return time.Duration(r) * time.Millisecond
-}
-
 type AccountManager interface {
 	GetOrCreateAccountByUser(userId, domain string) (*Account, error)
 	GetAccountByUser(userId string) (*Account, error)
@@ -46,13 +39,10 @@ type AccountManager interface {
 		autoGroups []string,
 	) (*SetupKey, error)
 	SaveSetupKey(accountID string, key *SetupKey) (*SetupKey, error)
-	CreateUser(accountID string, key *UserInfo) (*UserInfo, error)
-	ListSetupKeys(accountID string) ([]*SetupKey, error)
-	SaveUser(accountID string, key *User) (*UserInfo, error)
 	GetSetupKey(accountID, keyID string) (*SetupKey, error)
 	GetAccountById(accountId string) (*Account, error)
 	GetAccountByUserOrAccountId(userId, accountId, domain string) (*Account, error)
-	GetAccountFromToken(claims jwtclaims.AuthorizationClaims) (*Account, error)
+	GetAccountWithAuthorizationClaims(claims jwtclaims.AuthorizationClaims) (*Account, error)
 	IsUserAdmin(claims jwtclaims.AuthorizationClaims) (bool, error)
 	AccountExists(accountId string) (*bool, error)
 	GetPeer(peerKey string) (*Peer, error)
@@ -86,33 +76,17 @@ type AccountManager interface {
 	UpdateRoute(accountID string, routeID string, operations []RouteUpdateOperation) (*route.Route, error)
 	DeleteRoute(accountID, routeID string) error
 	ListRoutes(accountID string) ([]*route.Route, error)
-	GetNameServerGroup(accountID, nsGroupID string) (*nbdns.NameServerGroup, error)
-	CreateNameServerGroup(accountID string, name, description string, nameServerList []nbdns.NameServer, groups []string, enabled bool) (*nbdns.NameServerGroup, error)
-	SaveNameServerGroup(accountID string, nsGroupToSave *nbdns.NameServerGroup) error
-	UpdateNameServerGroup(accountID, nsGroupID string, operations []NameServerGroupUpdateOperation) (*nbdns.NameServerGroup, error)
-	DeleteNameServerGroup(accountID, nsGroupID string) error
-	ListNameServerGroups(accountID string) ([]*nbdns.NameServerGroup, error)
+	ListSetupKeys(accountID string) ([]*SetupKey, error)
 }
 
 type DefaultAccountManager struct {
 	Store Store
-	// mux to synchronise account operations (e.g. generating Peer IP address inside the Network)
-	mux sync.Mutex
-	// cacheMux and cacheLoading helps to make sure that only a single cache reload runs at a time per accountID
-	cacheMux sync.Mutex
-	// cacheLoading keeps the accountIDs that are currently reloading. The accountID has to be removed once cache has been reloaded
-	cacheLoading       map[string]chan struct{}
+	// mutex to synchronise account operations (e.g. generating Peer IP address inside the Network)
+	mux                sync.Mutex
 	peersUpdateManager *PeersUpdateManager
 	idpManager         idp.Manager
-	cacheManager       cache.CacheInterface[[]*idp.UserData]
+	cacheManager       cache.CacheInterface
 	ctx                context.Context
-
-	// singleAccountMode indicates whether the instance has a single account.
-	// If true, then every new user will end up under the same account.
-	// This value will be set to false if management service has more than one account.
-	singleAccountMode bool
-	// singleAccountModeDomain is a domain to use in singleAccountMode setup
-	singleAccountModeDomain string
 }
 
 // Account represents a unique account of the system
@@ -130,16 +104,13 @@ type Account struct {
 	Groups                 map[string]*Group
 	Rules                  map[string]*Rule
 	Routes                 map[string]*route.Route
-	NameServerGroups       map[string]*nbdns.NameServerGroup
 }
 
 type UserInfo struct {
-	ID         string   `json:"id"`
-	Email      string   `json:"email"`
-	Name       string   `json:"name"`
-	Role       string   `json:"role"`
-	AutoGroups []string `json:"auto_groups"`
-	Status     string   `json:"-"`
+	ID    string `json:"id"`
+	Email string `json:"email"`
+	Name  string `json:"name"`
+	Role  string `json:"role"`
 }
 
 func (a *Account) Copy() *Account {
@@ -168,27 +139,15 @@ func (a *Account) Copy() *Account {
 		rules[id] = rule.Copy()
 	}
 
-	routes := map[string]*route.Route{}
-	for id, route := range a.Routes {
-		routes[id] = route.Copy()
-	}
-
-	nsGroups := map[string]*nbdns.NameServerGroup{}
-	for id, nsGroup := range a.NameServerGroups {
-		nsGroups[id] = nsGroup.Copy()
-	}
-
 	return &Account{
-		Id:               a.Id,
-		CreatedBy:        a.CreatedBy,
-		SetupKeys:        setupKeys,
-		Network:          a.Network.Copy(),
-		Peers:            peers,
-		Users:            users,
-		Groups:           groups,
-		Rules:            rules,
-		Routes:           routes,
-		NameServerGroups: nsGroups,
+		Id:        a.Id,
+		CreatedBy: a.CreatedBy,
+		SetupKeys: setupKeys,
+		Network:   a.Network.Copy(),
+		Peers:     peers,
+		Users:     users,
+		Groups:    groups,
+		Rules:     rules,
 	}
 }
 
@@ -202,31 +161,21 @@ func (a *Account) GetGroupAll() (*Group, error) {
 }
 
 // BuildManager creates a new DefaultAccountManager with a provided Store
-func BuildManager(store Store, peersUpdateManager *PeersUpdateManager, idpManager idp.Manager,
-	singleAccountModeDomain string) (*DefaultAccountManager, error) {
+func BuildManager(
+	store Store, peersUpdateManager *PeersUpdateManager, idpManager idp.Manager,
+) (*DefaultAccountManager, error) {
 	am := &DefaultAccountManager{
 		Store:              store,
 		mux:                sync.Mutex{},
 		peersUpdateManager: peersUpdateManager,
 		idpManager:         idpManager,
 		ctx:                context.Background(),
-		cacheMux:           sync.Mutex{},
-		cacheLoading:       map[string]chan struct{}{},
-	}
-	allAccounts := store.GetAllAccounts()
-	// enable single account mode only if configured by user and number of existing accounts is not grater than 1
-	am.singleAccountMode = singleAccountModeDomain != "" && len(allAccounts) <= 1
-	if am.singleAccountMode {
-		am.singleAccountModeDomain = singleAccountModeDomain
-		log.Infof("single account mode enabled, accounts number %d", len(allAccounts))
-	} else {
-		log.Infof("single account mode disabled, accounts number %d", len(allAccounts))
 	}
 
-	// if account doesn't have a default group
+	// if account has not default group
 	// we create 'all' group and add all peers into it
 	// also we create default rule with source as destination
-	for _, account := range allAccounts {
+	for _, account := range store.GetAllAccounts() {
 		_, err := account.GetGroupAll()
 		if err != nil {
 			addAllGroup(account)
@@ -236,10 +185,10 @@ func BuildManager(store Store, peersUpdateManager *PeersUpdateManager, idpManage
 		}
 	}
 
-	goCacheClient := gocache.New(CacheExpirationMax, 30*time.Minute)
-	goCacheStore := cacheStore.NewGoCache(goCacheClient)
+	gocacheClient := gocache.New(CacheExpirationMax, 30*time.Minute)
+	gocacheStore := cacheStore.NewGoCache(gocacheClient, nil)
 
-	am.cacheManager = cache.NewLoadable[[]*idp.UserData](am.loadAccount, cache.New[[]*idp.UserData](goCacheStore))
+	am.cacheManager = cache.NewLoadable(am.loadFromCache, cache.New(gocacheStore))
 
 	if !isNil(am.idpManager) {
 		go func() {
@@ -284,7 +233,11 @@ func (am *DefaultAccountManager) warmupIDPCache() error {
 	}
 
 	for accountID, users := range userData {
-		err = am.cacheManager.Set(am.ctx, accountID, users, cacheStore.WithExpiration(cacheEntryExpiration()))
+		rand.Seed(time.Now().UnixNano())
+
+		r := rand.Intn(int(CacheExpirationMax.Milliseconds()-CacheExpirationMin.Milliseconds())) + int(CacheExpirationMin.Milliseconds())
+		expiration := time.Duration(r) * time.Millisecond
+		err = am.cacheManager.Set(am.ctx, accountID, users, &cacheStore.Options{Expiration: expiration})
 		if err != nil {
 			return err
 		}
@@ -318,7 +271,7 @@ func (am *DefaultAccountManager) GetAccountByUserOrAccountId(
 		if err != nil {
 			return nil, status.Errorf(codes.NotFound, "account not found using user id: %s", userId)
 		}
-		err = am.addAccountIDToIDPAppMeta(userId, account)
+		err = am.updateIDPMetadata(userId, account.Id)
 		if err != nil {
 			return nil, err
 		}
@@ -332,28 +285,10 @@ func isNil(i idp.Manager) bool {
 	return i == nil || reflect.ValueOf(i).IsNil()
 }
 
-// addAccountIDToIDPAppMeta update user's  app metadata in idp manager
-func (am *DefaultAccountManager) addAccountIDToIDPAppMeta(userID string, account *Account) error {
+// updateIDPMetadata update user's  app metadata in idp manager
+func (am *DefaultAccountManager) updateIDPMetadata(userId, accountID string) error {
 	if !isNil(am.idpManager) {
-
-		// user can be nil if it wasn't found (e.g., just created)
-		user, err := am.lookupUserInCache(userID, account)
-		if err != nil {
-			return err
-		}
-
-		if user != nil && user.AppMetadata.WTAccountID == account.Id {
-			// it was already set, so we skip the unnecessary update
-			log.Debugf("skipping IDP App Meta update because accountID %s has been already set for user %s",
-				account.Id, userID)
-			return nil
-		}
-
-		err = am.idpManager.UpdateUserAppMetadata(userID, idp.AppMetadata{WTAccountID: account.Id})
-		if err != nil {
-			return err
-		}
-
+		err := am.idpManager.UpdateUserAppMetadata(userId, idp.AppMetadata{WTAccountId: accountID})
 		if err != nil {
 			return status.Errorf(
 				codes.Internal,
@@ -361,113 +296,39 @@ func (am *DefaultAccountManager) addAccountIDToIDPAppMeta(userID string, account
 				err,
 			)
 		}
-		// refresh cache to reflect the update
-		_, err = am.refreshCache(account.Id)
-		if err != nil {
-			return err
-		}
 	}
 	return nil
 }
 
-func (am *DefaultAccountManager) loadAccount(_ context.Context, accountID interface{}) ([]*idp.UserData, error) {
-	log.Debugf("account %s not found in cache, reloading", accountID)
+func mergeLocalAndQueryUser(queried idp.UserData, local User) *UserInfo {
+	return &UserInfo{
+		ID:    local.Id,
+		Email: queried.Email,
+		Name:  queried.Name,
+		Role:  string(local.Role),
+	}
+}
+
+func (am *DefaultAccountManager) loadFromCache(_ context.Context, accountID interface{}) (interface{}, error) {
 	return am.idpManager.GetAccount(fmt.Sprintf("%v", accountID))
 }
 
-func (am *DefaultAccountManager) lookupUserInCacheByEmail(email string, accountID string) (*idp.UserData, error) {
-	data, err := am.getAccountFromCache(accountID, false)
+func (am *DefaultAccountManager) lookupCache(accountUsers map[string]*User, accountID string) ([]*idp.UserData, error) {
+	data, err := am.cacheManager.Get(am.ctx, accountID)
 	if err != nil {
 		return nil, err
 	}
 
-	for _, datum := range data {
-		if datum.Email == email {
-			return datum, nil
-		}
-	}
-
-	return nil, nil
-
-}
-
-// lookupUserInCache looks up user in the IdP cache and returns it. If the user wasn't found, the function returns nil
-func (am *DefaultAccountManager) lookupUserInCache(userID string, account *Account) (*idp.UserData, error) {
-	users := make(map[string]struct{}, len(account.Users))
-	for _, user := range account.Users {
-		users[user.Id] = struct{}{}
-	}
-	log.Debugf("looking up user %s of account %s in cache", userID, account.Id)
-	userData, err := am.lookupCache(users, account.Id)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, datum := range userData {
-		if datum.ID == userID {
-			return datum, nil
-		}
-	}
-
-	return nil, nil
-}
-
-func (am *DefaultAccountManager) refreshCache(accountID string) ([]*idp.UserData, error) {
-	return am.getAccountFromCache(accountID, true)
-}
-
-// getAccountFromCache returns user data for a given account ensuring that cache load happens only once
-func (am *DefaultAccountManager) getAccountFromCache(accountID string, forceReload bool) ([]*idp.UserData, error) {
-	am.cacheMux.Lock()
-	loadingChan := am.cacheLoading[accountID]
-	if loadingChan == nil {
-		loadingChan = make(chan struct{})
-		am.cacheLoading[accountID] = loadingChan
-		am.cacheMux.Unlock()
-
-		defer func() {
-			am.cacheMux.Lock()
-			delete(am.cacheLoading, accountID)
-			close(loadingChan)
-			am.cacheMux.Unlock()
-		}()
-
-		if forceReload {
-			err := am.cacheManager.Delete(am.ctx, accountID)
-			if err != nil {
-				return nil, err
-			}
-		}
-
-		return am.cacheManager.Get(am.ctx, accountID)
-	}
-	am.cacheMux.Unlock()
-
-	log.Debugf("one request to get account %s is already running", accountID)
-
-	select {
-	case <-loadingChan:
-		// channel has been closed meaning cache was loaded => simply return from cache
-		return am.cacheManager.Get(am.ctx, accountID)
-	case <-time.After(5 * time.Second):
-		return nil, fmt.Errorf("timeout while waiting for account %s cache to reload", accountID)
-	}
-}
-
-func (am *DefaultAccountManager) lookupCache(accountUsers map[string]struct{}, accountID string) ([]*idp.UserData, error) {
-	data, err := am.getAccountFromCache(accountID, false)
-	if err != nil {
-		return nil, err
-	}
+	userData := data.([]*idp.UserData)
 
 	userDataMap := make(map[string]struct{})
-	for _, datum := range data {
+	for _, datum := range userData {
 		userDataMap[datum.ID] = struct{}{}
 	}
 
 	// check whether we need to reload the cache
 	// the accountUsers ID list is the source of truth and all the users should be in the cache
-	reload := len(accountUsers) != len(data)
+	reload := len(accountUsers) != len(userData)
 	for user := range accountUsers {
 		if _, ok := userDataMap[user]; !ok {
 			reload = true
@@ -476,13 +337,59 @@ func (am *DefaultAccountManager) lookupCache(accountUsers map[string]struct{}, a
 
 	if reload {
 		// reload cache once avoiding loops
-		data, err = am.refreshCache(accountID)
+		err := am.cacheManager.Delete(am.ctx, accountID)
+		if err != nil {
+			return nil, err
+		}
+		data, err = am.cacheManager.Get(am.ctx, accountID)
+		if err != nil {
+			return nil, err
+		}
+
+		userData = data.([]*idp.UserData)
+	}
+
+	return userData, err
+}
+
+// GetUsersFromAccount performs a batched request for users from IDP by account id
+func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserInfo, error) {
+	account, err := am.GetAccountById(accountID)
+	if err != nil {
+		return nil, err
+	}
+
+	queriedUsers := make([]*idp.UserData, 0)
+	if !isNil(am.idpManager) {
+		queriedUsers, err = am.lookupCache(account.Users, accountID)
 		if err != nil {
 			return nil, err
 		}
 	}
 
-	return data, err
+	userInfo := make([]*UserInfo, 0)
+
+	// in case of self-hosted, or IDP doesn't return anything, we will return the locally stored userInfo
+	if len(queriedUsers) == 0 {
+		for _, user := range account.Users {
+			userInfo = append(userInfo, &UserInfo{
+				ID:    user.Id,
+				Email: "",
+				Name:  "",
+				Role:  string(user.Role),
+			})
+		}
+		return userInfo, nil
+	}
+
+	for _, queriedUser := range queriedUsers {
+		if localUser, contains := account.Users[queriedUser.ID]; contains {
+			userInfo = append(userInfo, mergeLocalAndQueryUser(*queriedUser, *localUser))
+			log.Debugf("Merged userinfo to send back; %v", userInfo)
+		}
+	}
+
+	return userInfo, nil
 }
 
 // updateAccountDomainAttributes updates the account domain attributes and then, saves the account
@@ -537,7 +444,7 @@ func (am *DefaultAccountManager) handleExistingUserAccount(
 	}
 
 	// we should register the account ID to this user's metadata in our IDP manager
-	err = am.addAccountIDToIDPAppMeta(claims.UserId, existingAcc)
+	err = am.updateIDPMetadata(claims.UserId, existingAcc.Id)
 	if err != nil {
 		return err
 	}
@@ -575,7 +482,7 @@ func (am *DefaultAccountManager) handleNewUserAccount(
 		}
 	}
 
-	err = am.addAccountIDToIDPAppMeta(claims.UserId, account)
+	err = am.updateIDPMetadata(claims.UserId, account.Id)
 	if err != nil {
 		return nil, err
 	}
@@ -583,65 +490,7 @@ func (am *DefaultAccountManager) handleNewUserAccount(
 	return account, nil
 }
 
-// redeemInvite checks whether user has been invited and redeems the invite
-func (am *DefaultAccountManager) redeemInvite(account *Account, userID string) error {
-	// only possible with the enabled IdP manager
-	if am.idpManager == nil {
-		log.Warnf("invites only work with enabled IdP manager")
-		return nil
-	}
-
-	user, err := am.lookupUserInCache(userID, account)
-	if err != nil {
-		return err
-	}
-
-	if user == nil {
-		return status.Errorf(codes.NotFound, "user %s not found in the IdP", userID)
-	}
-
-	if user.AppMetadata.WTPendingInvite != nil && *user.AppMetadata.WTPendingInvite {
-		log.Infof("redeeming invite for user %s account %s", userID, account.Id)
-		// User has already logged in, meaning that IdP should have set wt_pending_invite to false.
-		// Our job is to just reload cache.
-		go func() {
-			_, err = am.refreshCache(account.Id)
-			if err != nil {
-				log.Warnf("failed reloading cache when redeeming user %s under account %s", userID, account.Id)
-				return
-			}
-			log.Debugf("user %s of account %s redeemed invite", user.ID, account.Id)
-		}()
-	}
-
-	return nil
-}
-
-// GetAccountFromToken returns an account associated with this token
-func (am *DefaultAccountManager) GetAccountFromToken(claims jwtclaims.AuthorizationClaims) (*Account, error) {
-
-	if am.singleAccountMode && am.singleAccountModeDomain != "" {
-		// This section is mostly related to self-hosted installations.
-		// We override incoming domain claims to group users under a single account.
-		claims.Domain = am.singleAccountModeDomain
-		claims.DomainCategory = PrivateCategory
-		log.Infof("overriding JWT Domain and DomainCategory claims since single account mode is enabled")
-	}
-
-	account, err := am.getAccountWithAuthorizationClaims(claims)
-	if err != nil {
-		return nil, err
-	}
-
-	err = am.redeemInvite(account, claims.UserId)
-	if err != nil {
-		return nil, err
-	}
-
-	return account, nil
-}
-
-// getAccountWithAuthorizationClaims retrievs an account using JWT Claims.
+// GetAccountWithAuthorizationClaims retrievs an account using JWT Claims.
 // if domain is of the PrivateCategory category, it will evaluate
 // if account is new, existing or if there is another account with the same domain
 //
@@ -658,12 +507,12 @@ func (am *DefaultAccountManager) GetAccountFromToken(claims jwtclaims.Authorizat
 // Existing user + Existing account + Existing Indexed Domain -> Nothing changes
 //
 // Existing user + Existing account + Existing domain reclassified Domain as private -> Nothing changes (index domain)
-func (am *DefaultAccountManager) getAccountWithAuthorizationClaims(
+func (am *DefaultAccountManager) GetAccountWithAuthorizationClaims(
 	claims jwtclaims.AuthorizationClaims,
 ) (*Account, error) {
 	// if Account ID is part of the claims
 	// it means that we've already classified the domain and user has an account
-	if claims.DomainCategory != PrivateCategory || !isDomainValid(claims.Domain) {
+	if claims.DomainCategory != PrivateCategory {
 		return am.GetAccountByUserOrAccountId(claims.UserId, claims.AccountId, claims.Domain)
 	} else if claims.AccountId != "" {
 		accountFromID, err := am.GetAccountById(claims.AccountId)
@@ -703,11 +552,6 @@ func (am *DefaultAccountManager) getAccountWithAuthorizationClaims(
 	}
 }
 
-func isDomainValid(domain string) bool {
-	re := regexp.MustCompile(`^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$`)
-	return re.Match([]byte(domain))
-}
-
 // AccountExists checks whether account exists (returns true) or not (returns false)
 func (am *DefaultAccountManager) AccountExists(accountId string) (*bool, error) {
 	am.mux.Lock()
@@ -765,20 +609,18 @@ func newAccountWithId(accountId, userId, domain string) *Account {
 	peers := make(map[string]*Peer)
 	users := make(map[string]*User)
 	routes := make(map[string]*route.Route)
-	nameServersGroups := make(map[string]*nbdns.NameServerGroup)
 	users[userId] = NewAdminUser(userId)
 	log.Debugf("created new account %s with setup key %s", accountId, defaultKey.Key)
 
 	acc := &Account{
-		Id:               accountId,
-		SetupKeys:        setupKeys,
-		Network:          network,
-		Peers:            peers,
-		Users:            users,
-		CreatedBy:        userId,
-		Domain:           domain,
-		Routes:           routes,
-		NameServerGroups: nameServersGroups,
+		Id:        accountId,
+		SetupKeys: setupKeys,
+		Network:   network,
+		Peers:     peers,
+		Users:     users,
+		CreatedBy: userId,
+		Domain:    domain,
+		Routes:    routes,
 	}
 
 	addAllGroup(acc)

management/server/account_test.go

@@ -127,7 +127,7 @@ func TestAccountManager_GetOrCreateAccountByUser(t *testing.T) {
 	}
 }
 
-func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
+func TestDefaultAccountManager_GetAccountWithAuthorizationClaims(t *testing.T) {
 	type initUserParams jwtclaims.AuthorizationClaims
 
 	type test struct {
@@ -140,7 +140,6 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		expectedMSG                 string
 		expectedUserRole            UserRole
 		expectedDomainCategory      string
-		expectedDomain              string
 		expectedPrimaryDomainStatus bool
 		expectedCreatedBy           string
 		expectedUsers               []string
@@ -169,7 +168,6 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		expectedMSG:                 "account IDs shouldn't match",
 		expectedUserRole:            UserRoleAdmin,
 		expectedDomainCategory:      "",
-		expectedDomain:              publicDomain,
 		expectedPrimaryDomainStatus: false,
 		expectedCreatedBy:           "pub-domain-user",
 		expectedUsers:               []string{"pub-domain-user"},
@@ -190,7 +188,6 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		testingFunc:                 require.NotEqual,
 		expectedMSG:                 "account IDs shouldn't match",
 		expectedUserRole:            UserRoleAdmin,
-		expectedDomain:              unknownDomain,
 		expectedDomainCategory:      "",
 		expectedPrimaryDomainStatus: false,
 		expectedCreatedBy:           "unknown-domain-user",
@@ -208,7 +205,6 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		testingFunc:                 require.NotEqual,
 		expectedMSG:                 "account IDs shouldn't match",
 		expectedUserRole:            UserRoleAdmin,
-		expectedDomain:              privateDomain,
 		expectedDomainCategory:      PrivateCategory,
 		expectedPrimaryDomainStatus: true,
 		expectedCreatedBy:           "pvt-domain-user",
@@ -231,7 +227,6 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		testingFunc:                 require.Equal,
 		expectedMSG:                 "account IDs should match",
 		expectedUserRole:            UserRoleUser,
-		expectedDomain:              privateDomain,
 		expectedDomainCategory:      PrivateCategory,
 		expectedPrimaryDomainStatus: true,
 		expectedCreatedBy:           defaultInitAccount.UserId,
@@ -249,7 +244,6 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		testingFunc:                 require.Equal,
 		expectedMSG:                 "account IDs should match",
 		expectedUserRole:            UserRoleAdmin,
-		expectedDomain:              defaultInitAccount.Domain,
 		expectedDomainCategory:      PrivateCategory,
 		expectedPrimaryDomainStatus: true,
 		expectedCreatedBy:           defaultInitAccount.UserId,
@@ -268,32 +262,12 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		testingFunc:                 require.Equal,
 		expectedMSG:                 "account IDs should match",
 		expectedUserRole:            UserRoleAdmin,
-		expectedDomain:              defaultInitAccount.Domain,
 		expectedDomainCategory:      PrivateCategory,
 		expectedPrimaryDomainStatus: true,
 		expectedCreatedBy:           defaultInitAccount.UserId,
 		expectedUsers:               []string{defaultInitAccount.UserId},
 	}
-
-	testCase7 := test{
-		name: "User With Private Category And Empty Domain",
-		inputClaims: jwtclaims.AuthorizationClaims{
-			Domain:         "",
-			UserId:         "pvt-domain-user",
-			DomainCategory: PrivateCategory,
-		},
-		inputInitUserParams:         defaultInitAccount,
-		testingFunc:                 require.NotEqual,
-		expectedMSG:                 "account IDs shouldn't match",
-		expectedUserRole:            UserRoleAdmin,
-		expectedDomain:              "",
-		expectedDomainCategory:      "",
-		expectedPrimaryDomainStatus: false,
-		expectedCreatedBy:           "pvt-domain-user",
-		expectedUsers:               []string{"pvt-domain-user"},
-	}
-
-	for _, testCase := range []test{testCase1, testCase2, testCase3, testCase4, testCase5, testCase6, testCase7} {
+	for _, testCase := range []test{testCase1, testCase2, testCase3, testCase4, testCase5, testCase6} {
 		t.Run(testCase.name, func(t *testing.T) {
 			manager, err := createManager(t)
 			require.NoError(t, err, "unable to create account manager")
@@ -310,7 +284,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 				testCase.inputClaims.AccountId = initAccount.Id
 			}
 
-			account, err := manager.GetAccountFromToken(testCase.inputClaims)
+			account, err := manager.GetAccountWithAuthorizationClaims(testCase.inputClaims)
 			require.NoError(t, err, "support function failed")
 			verifyNewAccountHasDefaultFields(t, account, testCase.expectedCreatedBy, testCase.inputClaims.Domain, testCase.expectedUsers)
 			verifyCanAddPeerToAccount(t, manager, account, testCase.expectedCreatedBy)
@@ -320,7 +294,6 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 			require.EqualValues(t, testCase.expectedUserRole, account.Users[testCase.inputClaims.UserId].Role, "expected user role should match")
 			require.EqualValues(t, testCase.expectedDomainCategory, account.DomainCategory, "expected account domain category should match")
 			require.EqualValues(t, testCase.expectedPrimaryDomainStatus, account.IsDomainPrimaryAccount, "expected account primary status should match")
-			require.EqualValues(t, testCase.expectedDomain, account.Domain, "expected account domain should match")
 		})
 	}
 }
@@ -962,7 +935,7 @@ func createManager(t *testing.T) (*DefaultAccountManager, error) {
 	if err != nil {
 		return nil, err
 	}
-	return BuildManager(store, NewPeersUpdateManager(), nil, "")
+	return BuildManager(store, NewPeersUpdateManager(), nil)
 }
 
 func createStore(t *testing.T) (Store, error) {

management/server/error.go

@@ -1,52 +0,0 @@
-package server
-
-import (
-	"fmt"
-)
-
-const (
-	// UserAlreadyExists indicates that user already exists
-	UserAlreadyExists ErrorType = 1
-	// AccountNotFound indicates that specified account hasn't been found
-	AccountNotFound ErrorType = iota
-	// PreconditionFailed indicates that some pre-condition for the operation hasn't been fulfilled
-	PreconditionFailed ErrorType = iota
-)
-
-// ErrorType is a type of the Error
-type ErrorType int32
-
-// Error is an internal error
-type Error struct {
-	errorType ErrorType
-	message   string
-}
-
-// Type returns the Type of the error
-func (e *Error) Type() ErrorType {
-	return e.errorType
-}
-
-// Error is an error string
-func (e *Error) Error() string {
-	return e.message
-}
-
-// Errorf returns Error(errorType, fmt.Sprintf(format, a...)).
-func Errorf(errorType ErrorType, format string, a ...interface{}) error {
-	return &Error{
-		errorType: errorType,
-		message:   fmt.Sprintf(format, a...),
-	}
-}
-
-// FromError returns Error, true if the provided error is of type of Error. nil, false otherwise
-func FromError(err error) (s *Error, ok bool) {
-	if err == nil {
-		return nil, true
-	}
-	if e, ok := err.(*Error); ok {
-		return e, true
-	}
-	return nil, false
-}

management/server/file_store.go

@@ -29,7 +29,6 @@ type FileStore struct {
 	PeerKeyId2DstRulesId    map[string]map[string]struct{} `json:"-"`
 	PeerKeyID2RouteIDs      map[string]map[string]struct{} `json:"-"`
 	AccountPrefix2RouteIDs  map[string]map[string][]string `json:"-"`
-	InstallationID          string
 
 	// mutex to synchronise Store read/write operations
 	mux       sync.Mutex `json:"-"`
@@ -416,10 +415,8 @@ func (s *FileStore) GetAccountPeers(accountId string) ([]*Peer, error) {
 
 // GetAllAccounts returns all accounts
 func (s *FileStore) GetAllAccounts() (all []*Account) {
-	s.mux.Lock()
-	defer s.mux.Unlock()
 	for _, a := range s.Accounts {
-		all = append(all, a.Copy())
+		all = append(all, a)
 	}
 
 	return all
@@ -569,18 +566,3 @@ func (s *FileStore) GetRoutesByPrefix(accountID string, prefix netip.Prefix) ([]
 
 	return routes, nil
 }
-
-// GetInstallationID returns the installation ID from the store
-func (s *FileStore) GetInstallationID() string {
-	return s.InstallationID
-}
-
-// SaveInstallationID saves the installation ID
-func (s *FileStore) SaveInstallationID(id string) error {
-	s.mux.Lock()
-	defer s.mux.Unlock()
-
-	s.InstallationID = id
-
-	return s.persist(s.storeFile)
-}

management/server/grpcserver.go

@@ -3,7 +3,6 @@ package server
 import (
 	"context"
 	"fmt"
-	"github.com/netbirdio/netbird/management/server/telemetry"
 	"github.com/netbirdio/netbird/route"
 	gPeer "google.golang.org/grpc/peer"
 	"strings"
@@ -18,7 +17,6 @@ import (
 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"google.golang.org/grpc/codes"
-	gRPCPeer "google.golang.org/grpc/peer"
 	"google.golang.org/grpc/status"
 )
 
@@ -31,12 +29,10 @@ type GRPCServer struct {
 	config                 *Config
 	turnCredentialsManager TURNCredentialsManager
 	jwtMiddleware          *middleware.JWTMiddleware
-	appMetrics             telemetry.AppMetrics
 }
 
 // NewServer creates a new Management server
-func NewServer(config *Config, accountManager AccountManager, peersUpdateManager *PeersUpdateManager,
-	turnCredentialsManager TURNCredentialsManager, appMetrics telemetry.AppMetrics) (*GRPCServer, error) {
+func NewServer(config *Config, accountManager AccountManager, peersUpdateManager *PeersUpdateManager, turnCredentialsManager TURNCredentialsManager) (*GRPCServer, error) {
 	key, err := wgtypes.GeneratePrivateKey()
 	if err != nil {
 		return nil, err
@@ -56,16 +52,6 @@ func NewServer(config *Config, accountManager AccountManager, peersUpdateManager
 		log.Debug("unable to use http config to create new jwt middleware")
 	}
 
-	if appMetrics != nil {
-		// update gauge based on number of connected peers which is equal to open gRPC streams
-		err = appMetrics.GRPCMetrics().RegisterConnectedStreams(func() int64 {
-			return int64(len(peersUpdateManager.peerChannels))
-		})
-		if err != nil {
-			return nil, err
-		}
-	}
-
 	return &GRPCServer{
 		wgKey: key,
 		// peerKey -> event channel
@@ -74,15 +60,11 @@ func NewServer(config *Config, accountManager AccountManager, peersUpdateManager
 		config:                 config,
 		turnCredentialsManager: turnCredentialsManager,
 		jwtMiddleware:          jwtMiddleware,
-		appMetrics:             appMetrics,
 	}, nil
 }
 
 func (s *GRPCServer) GetServerKey(ctx context.Context, req *proto.Empty) (*proto.ServerKeyResponse, error) {
 	// todo introduce something more meaningful with the key expiration/rotation
-	if s.appMetrics != nil {
-		s.appMetrics.GRPCMetrics().CountGetKeyRequest()
-	}
 	now := time.Now().Add(24 * time.Hour)
 	secs := int64(now.Second())
 	nanos := int32(now.Nanosecond())
@@ -97,13 +79,7 @@ func (s *GRPCServer) GetServerKey(ctx context.Context, req *proto.Empty) (*proto
 // Sync validates the existence of a connecting peer, sends an initial state (all available for the connecting peers) and
 // notifies the connected peer of any updates (e.g. new peers under the same account)
 func (s *GRPCServer) Sync(req *proto.EncryptedMessage, srv proto.ManagementService_SyncServer) error {
-	if s.appMetrics != nil {
-		s.appMetrics.GRPCMetrics().CountSyncRequest()
-	}
-	p, ok := gRPCPeer.FromContext(srv.Context())
-	if ok {
-		log.Debugf("Sync request from peer [%s] [%s]", req.WgPubKey, p.Addr.String())
-	}
+	log.Debugf("Sync request from peer %s", req.WgPubKey)
 
 	peerKey, err := wgtypes.ParseKey(req.GetWgPubKey())
 	if err != nil {
@@ -201,7 +177,7 @@ func (s *GRPCServer) registerPeer(peerKey wgtypes.Key, req *proto.LoginRequest)
 			return nil, status.Errorf(codes.Internal, "invalid jwt token, err: %v", err)
 		}
 		claims := jwtclaims.ExtractClaimsWithToken(token, s.config.HttpConfig.AuthAudience)
-		_, err = s.accountManager.GetAccountFromToken(claims)
+		_, err = s.accountManager.GetAccountWithAuthorizationClaims(claims)
 		if err != nil {
 			return nil, status.Errorf(codes.Internal, "unable to fetch account with claims, err: %v", err)
 		}
@@ -279,13 +255,7 @@ func (s *GRPCServer) registerPeer(peerKey wgtypes.Key, req *proto.LoginRequest)
 // In case it isn't, the endpoint checks whether setup key is provided within the request and tries to register a peer.
 // In case of the successful registration login is also successful
 func (s *GRPCServer) Login(ctx context.Context, req *proto.EncryptedMessage) (*proto.EncryptedMessage, error) {
-	if s.appMetrics != nil {
-		s.appMetrics.GRPCMetrics().CountLoginRequest()
-	}
-	p, ok := gRPCPeer.FromContext(ctx)
-	if ok {
-		log.Debugf("Login request from peer [%s] [%s]", req.WgPubKey, p.Addr.String())
-	}
+	log.Debugf("Login request from peer %s", req.WgPubKey)
 
 	peerKey, err := wgtypes.ParseKey(req.GetWgPubKey())
 	if err != nil {

management/server/http/api/cfg.yaml

@@ -3,5 +3,3 @@ generate:
   models: true
   embedded-spec: false
 output: types.gen.go
-compatibility:
-  always-prefix-enum-values: true

management/server/http/api/generate.sh

@@ -11,6 +11,6 @@ fi
 old_pwd=$(pwd)
 script_path=$(dirname $(realpath "$0"))
 cd "$script_path"
-go install github.com/deepmap/oapi-codegen/cmd/oapi-codegen@4a1477f6a8ba6ca8115cc23bb2fb67f0b9fca18e
+go install github.com/deepmap/oapi-codegen/cmd/oapi-codegen@v1.11.0
 oapi-codegen --config cfg.yaml openapi.yml
 cd "$old_pwd"

management/server/http/api/openapi.yml

@@ -16,8 +16,6 @@ tags:
     description: Interact with and view information about rules.
   - name: Routes
     description: Interact with and view information about routes.
-  - name: DNS
-    description: Interact with and view information about DNS configuration.
 components:
   schemas:
     User:
@@ -33,59 +31,13 @@ components:
           description: User's name from idp provider
           type: string
         role:
-          description: User's NetBird account role
+          description: User's Netbird account role
           type: string
-        status:
-          description: User's status
-          type: string
-          enum: [ "active","invited","disabled" ]
-        auto_groups:
-          description: Groups to auto-assign to peers registered by this user
-          type: array
-          items:
-            type: string
       required:
       - id
       - email
       - name
       - role
-      - auto_groups
-      - status
-    UserRequest:
-      type: object
-      properties:
-        role:
-          description: User's NetBird account role
-          type: string
-        auto_groups:
-          description: Groups to auto-assign to peers registered by this user
-          type: array
-          items:
-            type: string
-      required:
-        - role
-        - auto_groups
-    UserCreateRequest:
-      type: object
-      properties:
-        role:
-          description: User's NetBird account role
-          type: string
-        email:
-          description: User's Email to send invite to
-          type: string
-        name:
-          description: User's full name
-          type: string
-        auto_groups:
-          description: Groups to auto-assign to peers registered by this user
-          type: array
-          items:
-            type: string
-      required:
-        - role
-        - auto_groups
-        - email
     PeerMinimum:
       type: object
       properties:
@@ -124,18 +76,20 @@ components:
               type: array
               items:
                 $ref: '#/components/schemas/GroupMinimum'
+            activated_by:
+              description: Provides information of who activated the Peer. User or Setup Key
+              type: object
+              properties:
+                type:
+                  type: string
+                value:
+                  type: string
+              required:
+              - type
+              - value
             ssh_enabled:
               description: Indicates whether SSH server is enabled on this peer
               type: boolean
-            user_id:
-              description: User ID of the user that enrolled this peer
-              type: string
-            hostname:
-              description: Hostname of the machine
-              type: string
-            ui_version:
-              description: Peer's desktop UI version
-              type: string
           required:
           - ip
           - connected
@@ -143,8 +97,8 @@ components:
           - os
           - version
           - groups
+          - activated_by
           - ssh_enabled
-          - hostname
     SetupKey:
       type: object
       properties:
@@ -184,7 +138,7 @@ components:
           description: Setup key groups to auto-assign to peers registered with this key
           type: array
           items:
-            type: string
+            $ref: '#/components/schemas/GroupMinimum'
         updated_at:
           description: Setup key last update date
           type: string
@@ -401,76 +355,6 @@ components:
               enum: [ "network","network_id","description","enabled","peer","metric","masquerade" ]
           required:
             - path
-    Nameserver:
-      type: object
-      properties:
-        ip:
-          description: Nameserver IP
-          type: string
-        ns_type:
-          description: Nameserver Type
-          type: string
-          enum: ["udp"]
-        port:
-          description: Nameserver Port
-          type: integer
-      required:
-        - ip
-        - ns_type
-        - port
-    NameserverGroupRequest:
-      type: object
-      properties:
-        name:
-          description: Nameserver group name
-          type: string
-          maxLength: 40
-          minLength: 1
-        description:
-          description: Nameserver group  description
-          type: string
-        nameservers:
-          description: Nameserver group
-          minLength: 1
-          maxLength: 2
-          type: array
-          items:
-            $ref: '#/components/schemas/Nameserver'
-        enabled:
-          description: Nameserver group status
-          type: boolean
-        groups:
-          description: Nameserver group tag groups
-          type: array
-          items:
-            type: string
-      required:
-        - name
-        - description
-        - nameservers
-        - enabled
-        - groups
-    NameserverGroup:
-      allOf:
-        - type: object
-          properties:
-            id:
-              description: Nameserver group ID
-              type: string
-          required:
-            - id
-        - $ref: '#/components/schemas/NameserverGroupRequest'
-    NameserverGroupPatchOperation:
-      allOf:
-        - $ref: '#/components/schemas/PatchMinimum'
-        - type: object
-          properties:
-            path:
-              description: Nameserver group field to update in form /<field>
-              type: string
-              enum: [ "name","description","enabled","groups","nameservers" ]
-          required:
-            - path
 
   responses:
     not_found:
@@ -525,67 +409,6 @@ paths:
           "$ref": "#/components/responses/forbidden"
         '500':
           "$ref": "#/components/responses/internal_error"
-  /api/users/:
-    post:
-      summary: Create a User (invite)
-      tags: [ Users]
-      security:
-        - BearerAuth: [ ]
-      requestBody:
-        description: User invite information
-        content:
-          'application/json':
-            schema:
-              $ref: '#/components/schemas/UserCreateRequest'
-      responses:
-        '200':
-          description: A User object
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/User'
-        '400':
-          "$ref": "#/components/responses/bad_request"
-        '401':
-          "$ref": "#/components/responses/requires_authentication"
-        '403':
-          "$ref": "#/components/responses/forbidden"
-        '500':
-          "$ref": "#/components/responses/internal_error"
-  /api/users/{id}:
-    put:
-      summary: Update information about a User
-      tags: [ Users]
-      security:
-        - BearerAuth: [ ]
-      parameters:
-        - in: path
-          name: id
-          required: true
-          schema:
-            type: string
-          description: The User ID
-      requestBody:
-        description: User update
-        content:
-          'application/json':
-            schema:
-              $ref: '#/components/schemas/UserRequest'
-      responses:
-        '200':
-          description: A User object
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/User'
-        '400':
-          "$ref": "#/components/responses/bad_request"
-        '401':
-          "$ref": "#/components/responses/requires_authentication"
-        '403':
-          "$ref": "#/components/responses/forbidden"
-        '500':
-          "$ref": "#/components/responses/internal_error"
   /api/peers:
     get:
       summary: Returns a list of all peers
@@ -1363,176 +1186,6 @@ paths:
           schema:
             type: string
           description: The Route ID
-      responses:
-        '200':
-          description: Delete status code
-          content: { }
-        '400':
-          "$ref": "#/components/responses/bad_request"
-        '401':
-          "$ref": "#/components/responses/requires_authentication"
-        '403':
-          "$ref": "#/components/responses/forbidden"
-        '500':
-          "$ref": "#/components/responses/internal_error"
-  /api/dns/nameservers:
-    get:
-      summary: Returns a list of all Nameserver Groups
-      tags: [ DNS ]
-      security:
-        - BearerAuth: [ ]
-      responses:
-        '200':
-          description: A JSON Array of Nameserver Groups
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/NameserverGroup'
-        '400':
-          "$ref": "#/components/responses/bad_request"
-        '401':
-          "$ref": "#/components/responses/requires_authentication"
-        '403':
-          "$ref": "#/components/responses/forbidden"
-        '500':
-          "$ref": "#/components/responses/internal_error"
-    post:
-      summary: Creates a Nameserver Group
-      tags: [ DNS ]
-      security:
-        - BearerAuth: [ ]
-      requestBody:
-        description: New Nameserver Groups request
-        content:
-          'application/json':
-            schema:
-              $ref: '#/components/schemas/NameserverGroupRequest'
-      responses:
-        '200':
-          description: A Nameserver Groups Object
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/NameserverGroup'
-        '400':
-          "$ref": "#/components/responses/bad_request"
-        '401':
-          "$ref": "#/components/responses/requires_authentication"
-        '403':
-          "$ref": "#/components/responses/forbidden"
-        '500':
-          "$ref": "#/components/responses/internal_error"
-
-  /api/dns/nameservers/{id}:
-    get:
-      summary: Get information about a Nameserver Groups
-      tags: [ DNS ]
-      security:
-        - BearerAuth: [ ]
-      parameters:
-        - in: path
-          name: id
-          required: true
-          schema:
-            type: string
-          description: The Nameserver Group ID
-      responses:
-        '200':
-          description: A Nameserver Group object
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/NameserverGroup'
-        '400':
-          "$ref": "#/components/responses/bad_request"
-        '401':
-          "$ref": "#/components/responses/requires_authentication"
-        '403':
-          "$ref": "#/components/responses/forbidden"
-        '500':
-          "$ref": "#/components/responses/internal_error"
-    put:
-      summary: Update/Replace a Nameserver Group
-      tags: [ DNS ]
-      security:
-        - BearerAuth: [ ]
-      parameters:
-        - in: path
-          name: id
-          required: true
-          schema:
-            type: string
-          description: The Nameserver Group ID
-      requestBody:
-        description: Update Nameserver Group request
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/NameserverGroupRequest'
-      responses:
-        '200':
-          description: A Nameserver Group object
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/NameserverGroup'
-        '400':
-          "$ref": "#/components/responses/bad_request"
-        '401':
-          "$ref": "#/components/responses/requires_authentication"
-        '403':
-          "$ref": "#/components/responses/forbidden"
-        '500':
-          "$ref": "#/components/responses/internal_error"
-    patch:
-      summary: Update information about a Nameserver Group
-      tags: [ DNS ]
-      security:
-        - BearerAuth: [ ]
-      parameters:
-        - in: path
-          name: id
-          required: true
-          schema:
-            type: string
-          description: The Nameserver Group ID
-      requestBody:
-        description: Update Nameserver Group request using a list of json patch objects
-        content:
-          'application/json':
-            schema:
-              type: array
-              items:
-                $ref: '#/components/schemas/NameserverGroupPatchOperation'
-      responses:
-        '200':
-          description: A Nameserver Group object
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/NameserverGroup'
-        '400':
-          "$ref": "#/components/responses/bad_request"
-        '401':
-          "$ref": "#/components/responses/requires_authentication"
-        '403':
-          "$ref": "#/components/responses/forbidden"
-        '500':
-          "$ref": "#/components/responses/internal_error"
-    delete:
-      summary: Delete a Nameserver Group
-      tags: [ DNS ]
-      security:
-        - BearerAuth: [ ]
-      parameters:
-        - in: path
-          name: id
-          required: true
-          schema:
-            type: string
-          description: The Nameserver Group ID
       responses:
         '200':
           description: Delete status code

management/server/http/api/types.gen.go

@@ -1,6 +1,6 @@
 // Package api provides primitives to interact with the openapi HTTP API.
 //
-// Code generated by github.com/deepmap/oapi-codegen version v1.11.1-0.20220912230023-4a1477f6a8ba DO NOT EDIT.
+// Code generated by github.com/deepmap/oapi-codegen version v1.11.0 DO NOT EDIT.
 package api
 
 import (
@@ -24,27 +24,6 @@ const (
 	GroupPatchOperationPathPeers GroupPatchOperationPath = "peers"
 )
 
-// Defines values for NameserverNsType.
-const (
-	NameserverNsTypeUdp NameserverNsType = "udp"
-)
-
-// Defines values for NameserverGroupPatchOperationOp.
-const (
-	NameserverGroupPatchOperationOpAdd     NameserverGroupPatchOperationOp = "add"
-	NameserverGroupPatchOperationOpRemove  NameserverGroupPatchOperationOp = "remove"
-	NameserverGroupPatchOperationOpReplace NameserverGroupPatchOperationOp = "replace"
-)
-
-// Defines values for NameserverGroupPatchOperationPath.
-const (
-	NameserverGroupPatchOperationPathDescription NameserverGroupPatchOperationPath = "description"
-	NameserverGroupPatchOperationPathEnabled     NameserverGroupPatchOperationPath = "enabled"
-	NameserverGroupPatchOperationPathGroups      NameserverGroupPatchOperationPath = "groups"
-	NameserverGroupPatchOperationPathName        NameserverGroupPatchOperationPath = "name"
-	NameserverGroupPatchOperationPathNameservers NameserverGroupPatchOperationPath = "nameservers"
-)
-
 // Defines values for PatchMinimumOp.
 const (
 	PatchMinimumOpAdd     PatchMinimumOp = "add"
@@ -87,427 +66,309 @@ const (
 	RulePatchOperationPathSources      RulePatchOperationPath = "sources"
 )
 
-// Defines values for UserStatus.
-const (
-	UserStatusActive   UserStatus = "active"
-	UserStatusDisabled UserStatus = "disabled"
-	UserStatusInvited  UserStatus = "invited"
-)
-
 // Group defines model for Group.
 type Group struct {
-	// Id Group ID
+	// Group ID
 	Id string `json:"id"`
 
-	// Name Group Name identifier
+	// Group Name identifier
 	Name string `json:"name"`
 
-	// Peers List of peers object
+	// List of peers object
 	Peers []PeerMinimum `json:"peers"`
 
-	// PeersCount Count of peers associated to the group
+	// Count of peers associated to the group
 	PeersCount int `json:"peers_count"`
 }
 
 // GroupMinimum defines model for GroupMinimum.
 type GroupMinimum struct {
-	// Id Group ID
+	// Group ID
 	Id string `json:"id"`
 
-	// Name Group Name identifier
+	// Group Name identifier
 	Name string `json:"name"`
 
-	// PeersCount Count of peers associated to the group
+	// Count of peers associated to the group
 	PeersCount int `json:"peers_count"`
 }
 
 // GroupPatchOperation defines model for GroupPatchOperation.
 type GroupPatchOperation struct {
-	// Op Patch operation type
+	// Patch operation type
 	Op GroupPatchOperationOp `json:"op"`
 
-	// Path Group field to update in form /<field>
+	// Group field to update in form /<field>
 	Path GroupPatchOperationPath `json:"path"`
 
-	// Value Values to be applied
+	// Values to be applied
 	Value []string `json:"value"`
 }
 
-// GroupPatchOperationOp Patch operation type
+// Patch operation type
 type GroupPatchOperationOp string
 
-// GroupPatchOperationPath Group field to update in form /<field>
+// Group field to update in form /<field>
 type GroupPatchOperationPath string
 
-// Nameserver defines model for Nameserver.
-type Nameserver struct {
-	// Ip Nameserver IP
-	Ip string `json:"ip"`
-
-	// NsType Nameserver Type
-	NsType NameserverNsType `json:"ns_type"`
-
-	// Port Nameserver Port
-	Port int `json:"port"`
-}
-
-// NameserverNsType Nameserver Type
-type NameserverNsType string
-
-// NameserverGroup defines model for NameserverGroup.
-type NameserverGroup struct {
-	// Description Nameserver group  description
-	Description string `json:"description"`
-
-	// Enabled Nameserver group status
-	Enabled bool `json:"enabled"`
-
-	// Groups Nameserver group tag groups
-	Groups []string `json:"groups"`
-
-	// Id Nameserver group ID
-	Id string `json:"id"`
-
-	// Name Nameserver group name
-	Name string `json:"name"`
-
-	// Nameservers Nameserver group
-	Nameservers []Nameserver `json:"nameservers"`
-}
-
-// NameserverGroupPatchOperation defines model for NameserverGroupPatchOperation.
-type NameserverGroupPatchOperation struct {
-	// Op Patch operation type
-	Op NameserverGroupPatchOperationOp `json:"op"`
-
-	// Path Nameserver group field to update in form /<field>
-	Path NameserverGroupPatchOperationPath `json:"path"`
-
-	// Value Values to be applied
-	Value []string `json:"value"`
-}
-
-// NameserverGroupPatchOperationOp Patch operation type
-type NameserverGroupPatchOperationOp string
-
-// NameserverGroupPatchOperationPath Nameserver group field to update in form /<field>
-type NameserverGroupPatchOperationPath string
-
-// NameserverGroupRequest defines model for NameserverGroupRequest.
-type NameserverGroupRequest struct {
-	// Description Nameserver group  description
-	Description string `json:"description"`
-
-	// Enabled Nameserver group status
-	Enabled bool `json:"enabled"`
-
-	// Groups Nameserver group tag groups
-	Groups []string `json:"groups"`
-
-	// Name Nameserver group name
-	Name string `json:"name"`
-
-	// Nameservers Nameserver group
-	Nameservers []Nameserver `json:"nameservers"`
-}
-
 // PatchMinimum defines model for PatchMinimum.
 type PatchMinimum struct {
-	// Op Patch operation type
+	// Patch operation type
 	Op PatchMinimumOp `json:"op"`
 
-	// Value Values to be applied
+	// Values to be applied
 	Value []string `json:"value"`
 }
 
-// PatchMinimumOp Patch operation type
+// Patch operation type
 type PatchMinimumOp string
 
 // Peer defines model for Peer.
 type Peer struct {
-	// Connected Peer to Management connection status
+	// Provides information of who activated the Peer. User or Setup Key
+	ActivatedBy struct {
+		Type  string `json:"type"`
+		Value string `json:"value"`
+	} `json:"activated_by"`
+
+	// Peer to Management connection status
 	Connected bool `json:"connected"`
 
-	// Groups Groups that the peer belongs to
+	// Groups that the peer belongs to
 	Groups []GroupMinimum `json:"groups"`
 
-	// Hostname Hostname of the machine
-	Hostname string `json:"hostname"`
-
-	// Id Peer ID
+	// Peer ID
 	Id string `json:"id"`
 
-	// Ip Peer's IP address
+	// Peer's IP address
 	Ip string `json:"ip"`
 
-	// LastSeen Last time peer connected to Netbird's management service
+	// Last time peer connected to Netbird's management service
 	LastSeen time.Time `json:"last_seen"`
 
-	// Name Peer's hostname
+	// Peer's hostname
 	Name string `json:"name"`
 
-	// Os Peer's operating system and version
+	// Peer's operating system and version
 	Os string `json:"os"`
 
-	// SshEnabled Indicates whether SSH server is enabled on this peer
+	// Indicates whether SSH server is enabled on this peer
 	SshEnabled bool `json:"ssh_enabled"`
 
-	// UiVersion Peer's desktop UI version
-	UiVersion *string `json:"ui_version,omitempty"`
-
-	// UserId User ID of the user that enrolled this peer
-	UserId *string `json:"user_id,omitempty"`
-
-	// Version Peer's daemon or cli version
+	// Peer's daemon or cli version
 	Version string `json:"version"`
 }
 
 // PeerMinimum defines model for PeerMinimum.
 type PeerMinimum struct {
-	// Id Peer ID
+	// Peer ID
 	Id string `json:"id"`
 
-	// Name Peer's hostname
+	// Peer's hostname
 	Name string `json:"name"`
 }
 
 // Route defines model for Route.
 type Route struct {
-	// Description Route description
+	// Route description
 	Description string `json:"description"`
 
-	// Enabled Route status
+	// Route status
 	Enabled bool `json:"enabled"`
 
-	// Id Route Id
+	// Route Id
 	Id string `json:"id"`
 
-	// Masquerade Indicate if peer should masquerade traffic to this route's prefix
+	// Indicate if peer should masquerade traffic to this route's prefix
 	Masquerade bool `json:"masquerade"`
 
-	// Metric Route metric number. Lowest number has higher priority
+	// Route metric number. Lowest number has higher priority
 	Metric int `json:"metric"`
 
-	// Network Network range in CIDR format
+	// Network range in CIDR format
 	Network string `json:"network"`
 
-	// NetworkId Route network identifier, to group HA routes
+	// Route network identifier, to group HA routes
 	NetworkId string `json:"network_id"`
 
-	// NetworkType Network type indicating if it is IPv4 or IPv6
+	// Network type indicating if it is IPv4 or IPv6
 	NetworkType string `json:"network_type"`
 
-	// Peer Peer Identifier associated with route
+	// Peer Identifier associated with route
 	Peer string `json:"peer"`
 }
 
 // RoutePatchOperation defines model for RoutePatchOperation.
 type RoutePatchOperation struct {
-	// Op Patch operation type
+	// Patch operation type
 	Op RoutePatchOperationOp `json:"op"`
 
-	// Path Route field to update in form /<field>
+	// Route field to update in form /<field>
 	Path RoutePatchOperationPath `json:"path"`
 
-	// Value Values to be applied
+	// Values to be applied
 	Value []string `json:"value"`
 }
 
-// RoutePatchOperationOp Patch operation type
+// Patch operation type
 type RoutePatchOperationOp string
 
-// RoutePatchOperationPath Route field to update in form /<field>
+// Route field to update in form /<field>
 type RoutePatchOperationPath string
 
 // RouteRequest defines model for RouteRequest.
 type RouteRequest struct {
-	// Description Route description
+	// Route description
 	Description string `json:"description"`
 
-	// Enabled Route status
+	// Route status
 	Enabled bool `json:"enabled"`
 
-	// Masquerade Indicate if peer should masquerade traffic to this route's prefix
+	// Indicate if peer should masquerade traffic to this route's prefix
 	Masquerade bool `json:"masquerade"`
 
-	// Metric Route metric number. Lowest number has higher priority
+	// Route metric number. Lowest number has higher priority
 	Metric int `json:"metric"`
 
-	// Network Network range in CIDR format
+	// Network range in CIDR format
 	Network string `json:"network"`
 
-	// NetworkId Route network identifier, to group HA routes
+	// Route network identifier, to group HA routes
 	NetworkId string `json:"network_id"`
 
-	// Peer Peer Identifier associated with route
+	// Peer Identifier associated with route
 	Peer string `json:"peer"`
 }
 
 // Rule defines model for Rule.
 type Rule struct {
-	// Description Rule friendly description
+	// Rule friendly description
 	Description string `json:"description"`
 
-	// Destinations Rule destination groups
+	// Rule destination groups
 	Destinations []GroupMinimum `json:"destinations"`
 
-	// Disabled Rules status
+	// Rules status
 	Disabled bool `json:"disabled"`
 
-	// Flow Rule flow, currently, only "bidirect" for bi-directional traffic is accepted
+	// Rule flow, currently, only "bidirect" for bi-directional traffic is accepted
 	Flow string `json:"flow"`
 
-	// Id Rule ID
+	// Rule ID
 	Id string `json:"id"`
 
-	// Name Rule name identifier
+	// Rule name identifier
 	Name string `json:"name"`
 
-	// Sources Rule source groups
+	// Rule source groups
 	Sources []GroupMinimum `json:"sources"`
 }
 
 // RuleMinimum defines model for RuleMinimum.
 type RuleMinimum struct {
-	// Description Rule friendly description
+	// Rule friendly description
 	Description string `json:"description"`
 
-	// Disabled Rules status
+	// Rules status
 	Disabled bool `json:"disabled"`
 
-	// Flow Rule flow, currently, only "bidirect" for bi-directional traffic is accepted
+	// Rule flow, currently, only "bidirect" for bi-directional traffic is accepted
 	Flow string `json:"flow"`
 
-	// Name Rule name identifier
+	// Rule name identifier
 	Name string `json:"name"`
 }
 
 // RulePatchOperation defines model for RulePatchOperation.
 type RulePatchOperation struct {
-	// Op Patch operation type
+	// Patch operation type
 	Op RulePatchOperationOp `json:"op"`
 
-	// Path Rule field to update in form /<field>
+	// Rule field to update in form /<field>
 	Path RulePatchOperationPath `json:"path"`
 
-	// Value Values to be applied
+	// Values to be applied
 	Value []string `json:"value"`
 }
 
-// RulePatchOperationOp Patch operation type
+// Patch operation type
 type RulePatchOperationOp string
 
-// RulePatchOperationPath Rule field to update in form /<field>
+// Rule field to update in form /<field>
 type RulePatchOperationPath string
 
 // SetupKey defines model for SetupKey.
 type SetupKey struct {
-	// AutoGroups Setup key groups to auto-assign to peers registered with this key
-	AutoGroups []string `json:"auto_groups"`
+	// Setup key groups to auto-assign to peers registered with this key
+	AutoGroups []GroupMinimum `json:"auto_groups"`
 
-	// Expires Setup Key expiration date
+	// Setup Key expiration date
 	Expires time.Time `json:"expires"`
 
-	// Id Setup Key ID
+	// Setup Key ID
 	Id string `json:"id"`
 
-	// Key Setup Key value
+	// Setup Key value
 	Key string `json:"key"`
 
-	// LastUsed Setup key last usage date
+	// Setup key last usage date
 	LastUsed time.Time `json:"last_used"`
 
-	// Name Setup key name identifier
+	// Setup key name identifier
 	Name string `json:"name"`
 
-	// Revoked Setup key revocation status
+	// Setup key revocation status
 	Revoked bool `json:"revoked"`
 
-	// State Setup key status, "valid", "overused","expired" or "revoked"
+	// Setup key status, "valid", "overused","expired" or "revoked"
 	State string `json:"state"`
 
-	// Type Setup key type, one-off for single time usage and reusable
+	// Setup key type, one-off for single time usage and reusable
 	Type string `json:"type"`
 
-	// UpdatedAt Setup key last update date
+	// Setup key last update date
 	UpdatedAt time.Time `json:"updated_at"`
 
-	// UsedTimes Usage count of setup key
+	// Usage count of setup key
 	UsedTimes int `json:"used_times"`
 
-	// Valid Setup key validity status
+	// Setup key validity status
 	Valid bool `json:"valid"`
 }
 
 // SetupKeyRequest defines model for SetupKeyRequest.
 type SetupKeyRequest struct {
-	// AutoGroups Setup key groups to auto-assign to peers registered with this key
+	// Setup key groups to auto-assign to peers registered with this key
 	AutoGroups []string `json:"auto_groups"`
 
-	// ExpiresIn Expiration time in seconds
+	// Expiration time in seconds
 	ExpiresIn int `json:"expires_in"`
 
-	// Name Setup Key name
+	// Setup Key name
 	Name string `json:"name"`
 
-	// Revoked Setup key revocation status
+	// Setup key revocation status
 	Revoked bool `json:"revoked"`
 
-	// Type Setup key type, one-off for single time usage and reusable
+	// Setup key type, one-off for single time usage and reusable
 	Type string `json:"type"`
 }
 
 // User defines model for User.
 type User struct {
-	// AutoGroups Groups to auto-assign to peers registered by this user
-	AutoGroups []string `json:"auto_groups"`
-
-	// Email User's email address
+	// User's email address
 	Email string `json:"email"`
 
-	// Id User ID
+	// User ID
 	Id string `json:"id"`
 
-	// Name User's name from idp provider
+	// User's name from idp provider
 	Name string `json:"name"`
 
-	// Role User's NetBird account role
-	Role string `json:"role"`
-
-	// Status User's status
-	Status UserStatus `json:"status"`
-}
-
-// UserStatus User's status
-type UserStatus string
-
-// UserCreateRequest defines model for UserCreateRequest.
-type UserCreateRequest struct {
-	// AutoGroups Groups to auto-assign to peers registered by this user
-	AutoGroups []string `json:"auto_groups"`
-
-	// Email User's Email to send invite to
-	Email string `json:"email"`
-
-	// Name User's full name
-	Name *string `json:"name,omitempty"`
-
-	// Role User's NetBird account role
+	// User's Netbird account role
 	Role string `json:"role"`
 }
 
-// UserRequest defines model for UserRequest.
-type UserRequest struct {
-	// AutoGroups Groups to auto-assign to peers registered by this user
-	AutoGroups []string `json:"auto_groups"`
-
-	// Role User's NetBird account role
-	Role string `json:"role"`
-}
-
-// PatchApiDnsNameserversIdJSONBody defines parameters for PatchApiDnsNameserversId.
-type PatchApiDnsNameserversIdJSONBody = []NameserverGroupPatchOperation
-
 // PostApiGroupsJSONBody defines parameters for PostApiGroups.
 type PostApiGroupsJSONBody struct {
 	Name  string    `json:"name"`
@@ -529,22 +390,28 @@ type PutApiPeersIdJSONBody struct {
 	SshEnabled bool   `json:"ssh_enabled"`
 }
 
+// PostApiRoutesJSONBody defines parameters for PostApiRoutes.
+type PostApiRoutesJSONBody = RouteRequest
+
 // PatchApiRoutesIdJSONBody defines parameters for PatchApiRoutesId.
 type PatchApiRoutesIdJSONBody = []RoutePatchOperation
 
+// PutApiRoutesIdJSONBody defines parameters for PutApiRoutesId.
+type PutApiRoutesIdJSONBody = RouteRequest
+
 // PostApiRulesJSONBody defines parameters for PostApiRules.
 type PostApiRulesJSONBody struct {
-	// Description Rule friendly description
+	// Rule friendly description
 	Description  string    `json:"description"`
 	Destinations *[]string `json:"destinations,omitempty"`
 
-	// Disabled Rules status
+	// Rules status
 	Disabled bool `json:"disabled"`
 
-	// Flow Rule flow, currently, only "bidirect" for bi-directional traffic is accepted
+	// Rule flow, currently, only "bidirect" for bi-directional traffic is accepted
 	Flow string `json:"flow"`
 
-	// Name Rule name identifier
+	// Rule name identifier
 	Name    string    `json:"name"`
 	Sources *[]string `json:"sources,omitempty"`
 }
@@ -554,29 +421,26 @@ type PatchApiRulesIdJSONBody = []RulePatchOperation
 
 // PutApiRulesIdJSONBody defines parameters for PutApiRulesId.
 type PutApiRulesIdJSONBody struct {
-	// Description Rule friendly description
+	// Rule friendly description
 	Description  string    `json:"description"`
 	Destinations *[]string `json:"destinations,omitempty"`
 
-	// Disabled Rules status
+	// Rules status
 	Disabled bool `json:"disabled"`
 
-	// Flow Rule flow, currently, only "bidirect" for bi-directional traffic is accepted
+	// Rule flow, currently, only "bidirect" for bi-directional traffic is accepted
 	Flow string `json:"flow"`
 
-	// Name Rule name identifier
+	// Rule name identifier
 	Name    string    `json:"name"`
 	Sources *[]string `json:"sources,omitempty"`
 }
 
-// PostApiDnsNameserversJSONRequestBody defines body for PostApiDnsNameservers for application/json ContentType.
-type PostApiDnsNameserversJSONRequestBody = NameserverGroupRequest
+// PostApiSetupKeysJSONBody defines parameters for PostApiSetupKeys.
+type PostApiSetupKeysJSONBody = SetupKeyRequest
 
-// PatchApiDnsNameserversIdJSONRequestBody defines body for PatchApiDnsNameserversId for application/json ContentType.
-type PatchApiDnsNameserversIdJSONRequestBody = PatchApiDnsNameserversIdJSONBody
-
-// PutApiDnsNameserversIdJSONRequestBody defines body for PutApiDnsNameserversId for application/json ContentType.
-type PutApiDnsNameserversIdJSONRequestBody = NameserverGroupRequest
+// PutApiSetupKeysIdJSONBody defines parameters for PutApiSetupKeysId.
+type PutApiSetupKeysIdJSONBody = SetupKeyRequest
 
 // PostApiGroupsJSONRequestBody defines body for PostApiGroups for application/json ContentType.
 type PostApiGroupsJSONRequestBody PostApiGroupsJSONBody
@@ -591,13 +455,13 @@ type PutApiGroupsIdJSONRequestBody PutApiGroupsIdJSONBody
 type PutApiPeersIdJSONRequestBody PutApiPeersIdJSONBody
 
 // PostApiRoutesJSONRequestBody defines body for PostApiRoutes for application/json ContentType.
-type PostApiRoutesJSONRequestBody = RouteRequest
+type PostApiRoutesJSONRequestBody = PostApiRoutesJSONBody
 
 // PatchApiRoutesIdJSONRequestBody defines body for PatchApiRoutesId for application/json ContentType.
 type PatchApiRoutesIdJSONRequestBody = PatchApiRoutesIdJSONBody
 
 // PutApiRoutesIdJSONRequestBody defines body for PutApiRoutesId for application/json ContentType.
-type PutApiRoutesIdJSONRequestBody = RouteRequest
+type PutApiRoutesIdJSONRequestBody = PutApiRoutesIdJSONBody
 
 // PostApiRulesJSONRequestBody defines body for PostApiRules for application/json ContentType.
 type PostApiRulesJSONRequestBody PostApiRulesJSONBody
@@ -609,13 +473,7 @@ type PatchApiRulesIdJSONRequestBody = PatchApiRulesIdJSONBody
 type PutApiRulesIdJSONRequestBody PutApiRulesIdJSONBody
 
 // PostApiSetupKeysJSONRequestBody defines body for PostApiSetupKeys for application/json ContentType.
-type PostApiSetupKeysJSONRequestBody = SetupKeyRequest
+type PostApiSetupKeysJSONRequestBody = PostApiSetupKeysJSONBody
 
 // PutApiSetupKeysIdJSONRequestBody defines body for PutApiSetupKeysId for application/json ContentType.
-type PutApiSetupKeysIdJSONRequestBody = SetupKeyRequest
-
-// PostApiUsersJSONRequestBody defines body for PostApiUsers for application/json ContentType.
-type PostApiUsersJSONRequestBody = UserCreateRequest
-
-// PutApiUsersIdJSONRequestBody defines body for PutApiUsersId for application/json ContentType.
-type PutApiUsersIdJSONRequestBody = UserRequest
+type PutApiSetupKeysIdJSONRequestBody = PutApiSetupKeysIdJSONBody

management/server/http/groups.go

@@ -344,6 +344,14 @@ func peerIPsToKeys(account *server.Account, peerIPs *[]string) []string {
 	return mappedPeerKeys
 }
 
+func toGroupMinimumResponse(group *server.Group) *api.GroupMinimum {
+	return &api.GroupMinimum{
+		Id:         group.ID,
+		Name:       group.Name,
+		PeersCount: len(group.Peers),
+	}
+}
+
 func toGroupResponse(account *server.Account, group *server.Group) *api.Group {
 	cache := make(map[string]api.PeerMinimum)
 	gr := api.Group{

management/server/http/groups_test.go

@@ -67,14 +67,14 @@ func initGroupTestData(groups ...*server.Group) *Groups {
 				}
 				return nil, fmt.Errorf("peer not found")
 			},
-			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
+			GetAccountWithAuthorizationClaimsFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
 				return &server.Account{
 					Id:     claims.AccountId,
 					Domain: "hotmail.com",
 					Peers:  TestPeers,
 					Groups: map[string]*server.Group{
-						"id-existed": {ID: "id-existed", Peers: []string{"A", "B"}},
-						"id-all":     {ID: "id-all", Name: "All"}},
+						"id-existed": &server.Group{ID: "id-existed", Peers: []string{"A", "B"}},
+						"id-all":     &server.Group{ID: "id-all", Name: "All"}},
 				}, nil
 			},
 		},

management/server/http/handler.go

@@ -4,14 +4,12 @@ import (
 	"github.com/gorilla/mux"
 	s "github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/middleware"
-	"github.com/netbirdio/netbird/management/server/telemetry"
 	"github.com/rs/cors"
 	"net/http"
 )
 
 // APIHandler creates the Management service HTTP API handler registering all the available endpoints.
-func APIHandler(accountManager s.AccountManager, authIssuer string, authAudience string, authKeysLocation string,
-	appMetrics telemetry.AppMetrics) (http.Handler, error) {
+func APIHandler(accountManager s.AccountManager, authIssuer string, authAudience string, authKeysLocation string) (http.Handler, error) {
 	jwtMiddleware, err := middleware.NewJwtMiddleware(
 		authIssuer,
 		authAudience,
@@ -23,15 +21,12 @@ func APIHandler(accountManager s.AccountManager, authIssuer string, authAudience
 
 	corsMiddleware := cors.AllowAll()
 
-	acMiddleware := middleware.NewAccessControl(
+	acMiddleware := middleware.NewAccessControll(
 		authAudience,
 		accountManager.IsUserAdmin)
 
-	rootRouter := mux.NewRouter()
-	metricsMiddleware := appMetrics.HTTPMiddleware()
-
-	apiHandler := rootRouter.PathPrefix("/api").Subrouter()
-	apiHandler.Use(metricsMiddleware.Handler, corsMiddleware.Handler, jwtMiddleware.Handler, acMiddleware.Handler)
+	apiHandler := mux.NewRouter()
+	apiHandler.Use(corsMiddleware.Handler, jwtMiddleware.Handler, acMiddleware.Handler)
 
 	groupsHandler := NewGroups(accountManager, authAudience)
 	rulesHandler := NewRules(accountManager, authAudience)
@@ -39,69 +34,38 @@ func APIHandler(accountManager s.AccountManager, authIssuer string, authAudience
 	keysHandler := NewSetupKeysHandler(accountManager, authAudience)
 	userHandler := NewUserHandler(accountManager, authAudience)
 	routesHandler := NewRoutes(accountManager, authAudience)
-	nameserversHandler := NewNameservers(accountManager, authAudience)
 
-	apiHandler.HandleFunc("/peers", peersHandler.GetPeers).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/peers/{id}", peersHandler.HandlePeer).
+	apiHandler.HandleFunc("/api/peers", peersHandler.GetPeers).Methods("GET", "OPTIONS")
+	apiHandler.HandleFunc("/api/peers/{id}", peersHandler.HandlePeer).
 		Methods("GET", "PUT", "DELETE", "OPTIONS")
-	apiHandler.HandleFunc("/users", userHandler.GetUsers).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/users/{id}", userHandler.UpdateUser).Methods("PUT", "OPTIONS")
-	apiHandler.HandleFunc("/users", userHandler.CreateUserHandler).Methods("POST", "OPTIONS")
+	apiHandler.HandleFunc("/api/users", userHandler.GetUsers).Methods("GET", "OPTIONS")
 
-	apiHandler.HandleFunc("/setup-keys", keysHandler.GetAllSetupKeysHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/setup-keys", keysHandler.CreateSetupKeyHandler).Methods("POST", "OPTIONS")
-	apiHandler.HandleFunc("/setup-keys/{id}", keysHandler.GetSetupKeyHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/setup-keys/{id}", keysHandler.UpdateSetupKeyHandler).Methods("PUT", "OPTIONS")
+	apiHandler.HandleFunc("/api/setup-keys", keysHandler.GetAllSetupKeysHandler).Methods("GET", "OPTIONS")
+	apiHandler.HandleFunc("/api/setup-keys", keysHandler.CreateSetupKeyHandler).Methods("POST", "OPTIONS")
+	apiHandler.HandleFunc("/api/setup-keys/{id}", keysHandler.GetSetupKeyHandler).Methods("GET", "OPTIONS")
+	apiHandler.HandleFunc("/api/setup-keys/{id}", keysHandler.UpdateSetupKeyHandler).Methods("PUT", "OPTIONS")
 
-	apiHandler.HandleFunc("/rules", rulesHandler.GetAllRulesHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/rules", rulesHandler.CreateRuleHandler).Methods("POST", "OPTIONS")
-	apiHandler.HandleFunc("/rules/{id}", rulesHandler.UpdateRuleHandler).Methods("PUT", "OPTIONS")
-	apiHandler.HandleFunc("/rules/{id}", rulesHandler.PatchRuleHandler).Methods("PATCH", "OPTIONS")
-	apiHandler.HandleFunc("/rules/{id}", rulesHandler.GetRuleHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/rules/{id}", rulesHandler.DeleteRuleHandler).Methods("DELETE", "OPTIONS")
+	apiHandler.HandleFunc("/api/rules", rulesHandler.GetAllRulesHandler).Methods("GET", "OPTIONS")
+	apiHandler.HandleFunc("/api/rules", rulesHandler.CreateRuleHandler).Methods("POST", "OPTIONS")
+	apiHandler.HandleFunc("/api/rules/{id}", rulesHandler.UpdateRuleHandler).Methods("PUT", "OPTIONS")
+	apiHandler.HandleFunc("/api/rules/{id}", rulesHandler.PatchRuleHandler).Methods("PATCH", "OPTIONS")
+	apiHandler.HandleFunc("/api/rules/{id}", rulesHandler.GetRuleHandler).Methods("GET", "OPTIONS")
+	apiHandler.HandleFunc("/api/rules/{id}", rulesHandler.DeleteRuleHandler).Methods("DELETE", "OPTIONS")
 
-	apiHandler.HandleFunc("/groups", groupsHandler.GetAllGroupsHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/groups", groupsHandler.CreateGroupHandler).Methods("POST", "OPTIONS")
-	apiHandler.HandleFunc("/groups/{id}", groupsHandler.UpdateGroupHandler).Methods("PUT", "OPTIONS")
-	apiHandler.HandleFunc("/groups/{id}", groupsHandler.PatchGroupHandler).Methods("PATCH", "OPTIONS")
-	apiHandler.HandleFunc("/groups/{id}", groupsHandler.GetGroupHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/groups/{id}", groupsHandler.DeleteGroupHandler).Methods("DELETE", "OPTIONS")
+	apiHandler.HandleFunc("/api/groups", groupsHandler.GetAllGroupsHandler).Methods("GET", "OPTIONS")
+	apiHandler.HandleFunc("/api/groups", groupsHandler.CreateGroupHandler).Methods("POST", "OPTIONS")
+	apiHandler.HandleFunc("/api/groups/{id}", groupsHandler.UpdateGroupHandler).Methods("PUT", "OPTIONS")
+	apiHandler.HandleFunc("/api/groups/{id}", groupsHandler.PatchGroupHandler).Methods("PATCH", "OPTIONS")
+	apiHandler.HandleFunc("/api/groups/{id}", groupsHandler.GetGroupHandler).Methods("GET", "OPTIONS")
+	apiHandler.HandleFunc("/api/groups/{id}", groupsHandler.DeleteGroupHandler).Methods("DELETE", "OPTIONS")
 
-	apiHandler.HandleFunc("/routes", routesHandler.GetAllRoutesHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/routes", routesHandler.CreateRouteHandler).Methods("POST", "OPTIONS")
-	apiHandler.HandleFunc("/routes/{id}", routesHandler.UpdateRouteHandler).Methods("PUT", "OPTIONS")
-	apiHandler.HandleFunc("/routes/{id}", routesHandler.PatchRouteHandler).Methods("PATCH", "OPTIONS")
-	apiHandler.HandleFunc("/routes/{id}", routesHandler.GetRouteHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/routes/{id}", routesHandler.DeleteRouteHandler).Methods("DELETE", "OPTIONS")
+	apiHandler.HandleFunc("/api/routes", routesHandler.GetAllRoutesHandler).Methods("GET", "OPTIONS")
+	apiHandler.HandleFunc("/api/routes", routesHandler.CreateRouteHandler).Methods("POST", "OPTIONS")
+	apiHandler.HandleFunc("/api/routes/{id}", routesHandler.UpdateRouteHandler).Methods("PUT", "OPTIONS")
+	apiHandler.HandleFunc("/api/routes/{id}", routesHandler.PatchRouteHandler).Methods("PATCH", "OPTIONS")
+	apiHandler.HandleFunc("/api/routes/{id}", routesHandler.GetRouteHandler).Methods("GET", "OPTIONS")
+	apiHandler.HandleFunc("/api/routes/{id}", routesHandler.DeleteRouteHandler).Methods("DELETE", "OPTIONS")
 
-	apiHandler.HandleFunc("/dns/nameservers", nameserversHandler.GetAllNameserversHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/dns/nameservers", nameserversHandler.CreateNameserverGroupHandler).Methods("POST", "OPTIONS")
-	apiHandler.HandleFunc("/dns/nameservers/{id}", nameserversHandler.UpdateNameserverGroupHandler).Methods("PUT", "OPTIONS")
-	apiHandler.HandleFunc("/dns/nameservers/{id}", nameserversHandler.PatchNameserverGroupHandler).Methods("PATCH", "OPTIONS")
-	apiHandler.HandleFunc("/dns/nameservers/{id}", nameserversHandler.GetNameserverGroupHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/dns/nameservers/{id}", nameserversHandler.DeleteNameserverGroupHandler).Methods("DELETE", "OPTIONS")
-
-	err = apiHandler.Walk(func(route *mux.Route, router *mux.Router, ancestors []*mux.Route) error {
-		methods, err := route.GetMethods()
-		if err != nil {
-			return err
-		}
-		for _, method := range methods {
-			template, err := route.GetPathTemplate()
-			if err != nil {
-				return err
-			}
-			err = metricsMiddleware.AddHTTPRequestResponseCounter(template, method)
-			if err != nil {
-				return err
-			}
-		}
-		return nil
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	return rootRouter, nil
+	return apiHandler, nil
 
 }

management/server/http/middleware/access_control.go

@@ -1,38 +1,32 @@
 package middleware
 
 import (
-	"context"
 	"fmt"
 	"net/http"
 
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 )
 
-const (
-	IsUserAdminProperty = "isAdminUser"
-)
-
 type IsUserAdminFunc func(claims jwtclaims.AuthorizationClaims) (bool, error)
 
-// AccessControl middleware to restrict to make POST/PUT/DELETE requests by admin only
-type AccessControl struct {
+// AccessControll middleware to restrict to make POST/PUT/DELETE requests by admin only
+type AccessControll struct {
 	jwtExtractor jwtclaims.ClaimsExtractor
 	isUserAdmin  IsUserAdminFunc
 	audience     string
 }
 
-// NewAccessControl instance constructor
-func NewAccessControl(audience string, isUserAdmin IsUserAdminFunc) *AccessControl {
-	return &AccessControl{
+// NewAccessControll instance constructor
+func NewAccessControll(audience string, isUserAdmin IsUserAdminFunc) *AccessControll {
+	return &AccessControll{
 		isUserAdmin:  isUserAdmin,
 		audience:     audience,
 		jwtExtractor: *jwtclaims.NewClaimsExtractor(nil),
 	}
 }
 
-// Handler method of the middleware which forbids all modify requests for non admin users
-// It also adds
-func (a *AccessControl) Handler(h http.Handler) http.Handler {
+// Handler method of the middleware which forbinneds all modify requests for non admin users
+func (a *AccessControll) Handler(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		jwtClaims := a.jwtExtractor.ExtractClaimsFromRequestContext(r, a.audience)
 
@@ -40,6 +34,7 @@ func (a *AccessControl) Handler(h http.Handler) http.Handler {
 		if err != nil {
 			http.Error(w, fmt.Sprintf("error get user from JWT: %v", err), http.StatusUnauthorized)
 			return
+
 		}
 
 		if !ok {
@@ -50,10 +45,6 @@ func (a *AccessControl) Handler(h http.Handler) http.Handler {
 			}
 		}
 
-		newRequest := r.Clone(context.WithValue(r.Context(), IsUserAdminProperty, ok)) //nolint
-		// Update the current request with the new context information.
-		*r = *newRequest
-
 		h.ServeHTTP(w, r)
 	})
 }

management/server/http/middleware/jwtmiddleware.go

@@ -186,7 +186,7 @@ func (m *JWTMiddleware) CheckJWTFromRequest(w http.ResponseWriter, r *http.Reque
 
 	validatedToken, err := m.ValidateAndParse(token)
 	if err != nil {
-		m.Options.ErrorHandler(w, r, err.Error())
+		m.Options.ErrorHandler(w, r, "The token isn't valid")
 		return err
 	}
 

management/server/http/nameservers.go

@@ -1,286 +0,0 @@
-package http
-
-import (
-	"encoding/json"
-	"fmt"
-	"github.com/gorilla/mux"
-	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/netbirdio/netbird/management/server"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/jwtclaims"
-	log "github.com/sirupsen/logrus"
-	"net/http"
-)
-
-// Nameservers is the nameserver group handler of the account
-type Nameservers struct {
-	jwtExtractor   jwtclaims.ClaimsExtractor
-	accountManager server.AccountManager
-	authAudience   string
-}
-
-// NewNameservers returns a new instance of Nameservers handler
-func NewNameservers(accountManager server.AccountManager, authAudience string) *Nameservers {
-	return &Nameservers{
-		accountManager: accountManager,
-		authAudience:   authAudience,
-		jwtExtractor:   *jwtclaims.NewClaimsExtractor(nil),
-	}
-}
-
-// GetAllNameserversHandler returns the list of nameserver groups for the account
-func (h *Nameservers) GetAllNameserversHandler(w http.ResponseWriter, r *http.Request) {
-	account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
-	if err != nil {
-		log.Error(err)
-		http.Redirect(w, r, "/", http.StatusInternalServerError)
-		return
-	}
-
-	nsGroups, err := h.accountManager.ListNameServerGroups(account.Id)
-	if err != nil {
-		toHTTPError(err, w)
-		return
-	}
-
-	apiNameservers := make([]*api.NameserverGroup, 0)
-	for _, r := range nsGroups {
-		apiNameservers = append(apiNameservers, toNameserverGroupResponse(r))
-	}
-
-	writeJSONObject(w, apiNameservers)
-}
-
-// CreateNameserverGroupHandler handles nameserver group creation request
-func (h *Nameservers) CreateNameserverGroupHandler(w http.ResponseWriter, r *http.Request) {
-	account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
-	if err != nil {
-		log.Error(err)
-		http.Redirect(w, r, "/", http.StatusInternalServerError)
-		return
-	}
-	var req api.PostApiDnsNameserversJSONRequestBody
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		http.Error(w, err.Error(), http.StatusBadRequest)
-		return
-	}
-
-	nsList, err := toServerNSList(req.Nameservers)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusBadRequest)
-		return
-	}
-
-	nsGroup, err := h.accountManager.CreateNameServerGroup(account.Id, req.Name, req.Description, nsList, req.Groups, req.Enabled)
-	if err != nil {
-		toHTTPError(err, w)
-		return
-	}
-
-	resp := toNameserverGroupResponse(nsGroup)
-
-	writeJSONObject(w, &resp)
-}
-
-// UpdateNameserverGroupHandler handles update to a nameserver group identified by a given ID
-func (h *Nameservers) UpdateNameserverGroupHandler(w http.ResponseWriter, r *http.Request) {
-	account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
-	if err != nil {
-		log.Error(err)
-		http.Redirect(w, r, "/", http.StatusInternalServerError)
-		return
-	}
-
-	nsGroupID := mux.Vars(r)["id"]
-	if len(nsGroupID) == 0 {
-		http.Error(w, "invalid nameserver group ID", http.StatusBadRequest)
-		return
-	}
-
-	var req api.PutApiDnsNameserversIdJSONRequestBody
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		http.Error(w, err.Error(), http.StatusBadRequest)
-		return
-	}
-
-	nsList, err := toServerNSList(req.Nameservers)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusBadRequest)
-		return
-	}
-
-	updatedNSGroup := &nbdns.NameServerGroup{
-		ID:          nsGroupID,
-		Name:        req.Name,
-		Description: req.Description,
-		NameServers: nsList,
-		Groups:      req.Groups,
-		Enabled:     req.Enabled,
-	}
-
-	err = h.accountManager.SaveNameServerGroup(account.Id, updatedNSGroup)
-	if err != nil {
-		toHTTPError(err, w)
-		return
-	}
-
-	resp := toNameserverGroupResponse(updatedNSGroup)
-
-	writeJSONObject(w, &resp)
-}
-
-// PatchNameserverGroupHandler handles patch updates to a nameserver group identified by a given ID
-func (h *Nameservers) PatchNameserverGroupHandler(w http.ResponseWriter, r *http.Request) {
-	account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
-	if err != nil {
-		log.Error(err)
-		http.Redirect(w, r, "/", http.StatusInternalServerError)
-		return
-	}
-
-	nsGroupID := mux.Vars(r)["id"]
-	if len(nsGroupID) == 0 {
-		http.Error(w, "invalid nameserver group ID", http.StatusBadRequest)
-		return
-	}
-
-	var req api.PatchApiDnsNameserversIdJSONRequestBody
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		http.Error(w, err.Error(), http.StatusBadRequest)
-		return
-	}
-
-	var operations []server.NameServerGroupUpdateOperation
-	for _, patch := range req {
-		if patch.Op != api.NameserverGroupPatchOperationOpReplace {
-			http.Error(w, fmt.Sprintf("nameserver groups only accepts replace operations, got %s", patch.Op),
-				http.StatusBadRequest)
-			return
-		}
-		switch patch.Path {
-		case api.NameserverGroupPatchOperationPathName:
-			operations = append(operations, server.NameServerGroupUpdateOperation{
-				Type:   server.UpdateNameServerGroupName,
-				Values: patch.Value,
-			})
-		case api.NameserverGroupPatchOperationPathDescription:
-			operations = append(operations, server.NameServerGroupUpdateOperation{
-				Type:   server.UpdateNameServerGroupDescription,
-				Values: patch.Value,
-			})
-		case api.NameserverGroupPatchOperationPathNameservers:
-			operations = append(operations, server.NameServerGroupUpdateOperation{
-				Type:   server.UpdateNameServerGroupNameServers,
-				Values: patch.Value,
-			})
-		case api.NameserverGroupPatchOperationPathGroups:
-			operations = append(operations, server.NameServerGroupUpdateOperation{
-				Type:   server.UpdateNameServerGroupGroups,
-				Values: patch.Value,
-			})
-		case api.NameserverGroupPatchOperationPathEnabled:
-			operations = append(operations, server.NameServerGroupUpdateOperation{
-				Type:   server.UpdateNameServerGroupEnabled,
-				Values: patch.Value,
-			})
-		default:
-			http.Error(w, "invalid patch path", http.StatusBadRequest)
-			return
-		}
-	}
-
-	updatedNSGroup, err := h.accountManager.UpdateNameServerGroup(account.Id, nsGroupID, operations)
-	if err != nil {
-		toHTTPError(err, w)
-		return
-	}
-
-	resp := toNameserverGroupResponse(updatedNSGroup)
-
-	writeJSONObject(w, &resp)
-}
-
-// DeleteNameserverGroupHandler handles nameserver group deletion request
-func (h *Nameservers) DeleteNameserverGroupHandler(w http.ResponseWriter, r *http.Request) {
-	account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
-	if err != nil {
-		log.Error(err)
-		http.Redirect(w, r, "/", http.StatusInternalServerError)
-		return
-	}
-
-	nsGroupID := mux.Vars(r)["id"]
-	if len(nsGroupID) == 0 {
-		http.Error(w, "invalid nameserver group ID", http.StatusBadRequest)
-		return
-	}
-
-	err = h.accountManager.DeleteNameServerGroup(account.Id, nsGroupID)
-	if err != nil {
-		toHTTPError(err, w)
-		return
-	}
-
-	writeJSONObject(w, "")
-}
-
-// GetNameserverGroupHandler handles a nameserver group Get request identified by ID
-func (h *Nameservers) GetNameserverGroupHandler(w http.ResponseWriter, r *http.Request) {
-	account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
-	if err != nil {
-		log.Error(err)
-		http.Redirect(w, r, "/", http.StatusInternalServerError)
-		return
-	}
-
-	nsGroupID := mux.Vars(r)["id"]
-	if len(nsGroupID) == 0 {
-		http.Error(w, "invalid nameserver group ID", http.StatusBadRequest)
-		return
-	}
-
-	nsGroup, err := h.accountManager.GetNameServerGroup(account.Id, nsGroupID)
-	if err != nil {
-		toHTTPError(err, w)
-		return
-	}
-
-	resp := toNameserverGroupResponse(nsGroup)
-
-	writeJSONObject(w, &resp)
-
-}
-
-func toServerNSList(apiNSList []api.Nameserver) ([]nbdns.NameServer, error) {
-	var nsList []nbdns.NameServer
-	for _, apiNS := range apiNSList {
-		parsed, err := nbdns.ParseNameServerURL(fmt.Sprintf("%s://%s:%d", apiNS.NsType, apiNS.Ip, apiNS.Port))
-		if err != nil {
-			return nil, err
-		}
-		nsList = append(nsList, parsed)
-	}
-
-	return nsList, nil
-}
-
-func toNameserverGroupResponse(serverNSGroup *nbdns.NameServerGroup) *api.NameserverGroup {
-	var nsList []api.Nameserver
-	for _, ns := range serverNSGroup.NameServers {
-		apiNS := api.Nameserver{
-			Ip:     ns.IP.String(),
-			NsType: api.NameserverNsType(ns.NSType.String()),
-			Port:   ns.Port,
-		}
-		nsList = append(nsList, apiNS)
-	}
-
-	return &api.NameserverGroup{
-		Id:          serverNSGroup.ID,
-		Name:        serverNSGroup.Name,
-		Description: serverNSGroup.Description,
-		Groups:      serverNSGroup.Groups,
-		Nameservers: nsList,
-		Enabled:     serverNSGroup.Enabled,
-	}
-}

management/server/http/nameservers_test.go

@@ -1,287 +0,0 @@
-package http
-
-import (
-	"bytes"
-	"encoding/json"
-	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/stretchr/testify/assert"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"io"
-	"net/http"
-	"net/http/httptest"
-	"net/netip"
-	"testing"
-
-	"github.com/gorilla/mux"
-	"github.com/netbirdio/netbird/management/server"
-	"github.com/netbirdio/netbird/management/server/jwtclaims"
-	"github.com/netbirdio/netbird/management/server/mock_server"
-)
-
-const (
-	existingNSGroupID    = "existingNSGroupID"
-	notFoundNSGroupID    = "notFoundNSGroupID"
-	testNSGroupAccountID = "test_id"
-)
-
-var testingNSAccount = &server.Account{
-	Id:     testNSGroupAccountID,
-	Domain: "hotmail.com",
-}
-
-var baseExistingNSGroup = &nbdns.NameServerGroup{
-	ID:          existingNSGroupID,
-	Name:        "super",
-	Description: "super",
-	NameServers: []nbdns.NameServer{
-		{
-			IP:     netip.MustParseAddr("1.1.1.1"),
-			NSType: nbdns.UDPNameServerType,
-			Port:   nbdns.DefaultDNSPort,
-		},
-		{
-			IP:     netip.MustParseAddr("1.1.2.2"),
-			NSType: nbdns.UDPNameServerType,
-			Port:   nbdns.DefaultDNSPort,
-		},
-	},
-	Groups:  []string{"testing"},
-	Enabled: true,
-}
-
-func initNameserversTestData() *Nameservers {
-	return &Nameservers{
-		accountManager: &mock_server.MockAccountManager{
-			GetNameServerGroupFunc: func(accountID, nsGroupID string) (*nbdns.NameServerGroup, error) {
-				if nsGroupID == existingNSGroupID {
-					return baseExistingNSGroup.Copy(), nil
-				}
-				return nil, status.Errorf(codes.NotFound, "nameserver group with ID %s not found", nsGroupID)
-			},
-			CreateNameServerGroupFunc: func(accountID string, name, description string, nameServerList []nbdns.NameServer, groups []string, enabled bool) (*nbdns.NameServerGroup, error) {
-				return &nbdns.NameServerGroup{
-					ID:          existingNSGroupID,
-					Name:        name,
-					Description: description,
-					NameServers: nameServerList,
-					Groups:      groups,
-					Enabled:     enabled,
-				}, nil
-			},
-			DeleteNameServerGroupFunc: func(accountID, nsGroupID string) error {
-				return nil
-			},
-			SaveNameServerGroupFunc: func(accountID string, nsGroupToSave *nbdns.NameServerGroup) error {
-				if nsGroupToSave.ID == existingNSGroupID {
-					return nil
-				}
-				return status.Errorf(codes.NotFound, "nameserver group with ID %s was not found", nsGroupToSave.ID)
-			},
-			UpdateNameServerGroupFunc: func(accountID, nsGroupID string, operations []server.NameServerGroupUpdateOperation) (*nbdns.NameServerGroup, error) {
-				nsGroupToUpdate := baseExistingNSGroup.Copy()
-				if nsGroupID != nsGroupToUpdate.ID {
-					return nil, status.Errorf(codes.NotFound, "nameserver group ID %s no longer exists", nsGroupID)
-				}
-				for _, operation := range operations {
-					switch operation.Type {
-					case server.UpdateNameServerGroupName:
-						nsGroupToUpdate.Name = operation.Values[0]
-					case server.UpdateNameServerGroupDescription:
-						nsGroupToUpdate.Description = operation.Values[0]
-					case server.UpdateNameServerGroupNameServers:
-						var parsedNSList []nbdns.NameServer
-						for _, nsURL := range operation.Values {
-							parsed, err := nbdns.ParseNameServerURL(nsURL)
-							if err != nil {
-								return nil, err
-							}
-							parsedNSList = append(parsedNSList, parsed)
-						}
-						nsGroupToUpdate.NameServers = parsedNSList
-					}
-				}
-				return nsGroupToUpdate, nil
-			},
-			GetAccountFromTokenFunc: func(_ jwtclaims.AuthorizationClaims) (*server.Account, error) {
-				return testingNSAccount, nil
-			},
-		},
-		authAudience: "",
-		jwtExtractor: jwtclaims.ClaimsExtractor{
-			ExtractClaimsFromRequestContext: func(r *http.Request, authAudiance string) jwtclaims.AuthorizationClaims {
-				return jwtclaims.AuthorizationClaims{
-					UserId:    "test_user",
-					Domain:    "hotmail.com",
-					AccountId: testNSGroupAccountID,
-				}
-			},
-		},
-	}
-}
-
-func TestNameserversHandlers(t *testing.T) {
-	tt := []struct {
-		name            string
-		expectedStatus  int
-		expectedBody    bool
-		expectedNSGroup *api.NameserverGroup
-		requestType     string
-		requestPath     string
-		requestBody     io.Reader
-	}{
-		{
-			name:            "Get Existing Nameserver Group",
-			requestType:     http.MethodGet,
-			requestPath:     "/api/dns/nameservers/" + existingNSGroupID,
-			expectedStatus:  http.StatusOK,
-			expectedBody:    true,
-			expectedNSGroup: toNameserverGroupResponse(baseExistingNSGroup),
-		},
-		{
-			name:           "Get Not Existing Nameserver Group",
-			requestType:    http.MethodGet,
-			requestPath:    "/api/dns/nameservers/" + notFoundNSGroupID,
-			expectedStatus: http.StatusNotFound,
-		},
-		{
-			name:        "POST OK",
-			requestType: http.MethodPost,
-			requestPath: "/api/dns/nameservers",
-			requestBody: bytes.NewBuffer(
-				[]byte("{\"name\":\"name\",\"Description\":\"Post\",\"nameservers\":[{\"ip\":\"1.1.1.1\",\"ns_type\":\"udp\",\"port\":53}],\"groups\":[\"group\"],\"enabled\":true}")),
-			expectedStatus: http.StatusOK,
-			expectedBody:   true,
-			expectedNSGroup: &api.NameserverGroup{
-				Id:          existingNSGroupID,
-				Name:        "name",
-				Description: "Post",
-				Nameservers: []api.Nameserver{
-					{
-						Ip:     "1.1.1.1",
-						NsType: "udp",
-						Port:   53,
-					},
-				},
-				Groups:  []string{"group"},
-				Enabled: true,
-			},
-		},
-		{
-			name:        "POST Invalid Nameserver",
-			requestType: http.MethodPost,
-			requestPath: "/api/dns/nameservers",
-			requestBody: bytes.NewBuffer(
-				[]byte("{\"name\":\"name\",\"Description\":\"Post\",\"nameservers\":[{\"ip\":\"1000\",\"ns_type\":\"udp\",\"port\":53}],\"groups\":[\"group\"],\"enabled\":true}")),
-			expectedStatus: http.StatusBadRequest,
-			expectedBody:   false,
-		},
-		{
-			name:        "PUT OK",
-			requestType: http.MethodPut,
-			requestPath: "/api/dns/nameservers/" + existingNSGroupID,
-			requestBody: bytes.NewBuffer(
-				[]byte("{\"name\":\"name\",\"Description\":\"Post\",\"nameservers\":[{\"ip\":\"1.1.1.1\",\"ns_type\":\"udp\",\"port\":53}],\"groups\":[\"group\"],\"enabled\":true}")),
-			expectedStatus: http.StatusOK,
-			expectedBody:   true,
-			expectedNSGroup: &api.NameserverGroup{
-				Id:          existingNSGroupID,
-				Name:        "name",
-				Description: "Post",
-				Nameservers: []api.Nameserver{
-					{
-						Ip:     "1.1.1.1",
-						NsType: "udp",
-						Port:   53,
-					},
-				},
-				Groups:  []string{"group"},
-				Enabled: true,
-			},
-		},
-		{
-			name:        "PUT Not Existing Nameserver Group",
-			requestType: http.MethodPut,
-			requestPath: "/api/dns/nameservers/" + notFoundNSGroupID,
-			requestBody: bytes.NewBuffer(
-				[]byte("{\"name\":\"name\",\"Description\":\"Post\",\"nameservers\":[{\"ip\":\"1.1.1.1\",\"ns_type\":\"udp\",\"port\":53}],\"groups\":[\"group\"],\"enabled\":true}")),
-			expectedStatus: http.StatusNotFound,
-			expectedBody:   false,
-		},
-		{
-			name:        "PUT Invalid Nameserver",
-			requestType: http.MethodPut,
-			requestPath: "/api/dns/nameservers/" + notFoundNSGroupID,
-			requestBody: bytes.NewBuffer(
-				[]byte("{\"name\":\"name\",\"Description\":\"Post\",\"nameservers\":[{\"ip\":\"100\",\"ns_type\":\"udp\",\"port\":53}],\"groups\":[\"group\"],\"enabled\":true}")),
-			expectedStatus: http.StatusBadRequest,
-			expectedBody:   false,
-		},
-		{
-			name:           "PATCH OK",
-			requestType:    http.MethodPatch,
-			requestPath:    "/api/dns/nameservers/" + existingNSGroupID,
-			requestBody:    bytes.NewBufferString("[{\"op\":\"replace\",\"path\":\"description\",\"value\":[\"NewDesc\"]}]"),
-			expectedStatus: http.StatusOK,
-			expectedBody:   true,
-			expectedNSGroup: &api.NameserverGroup{
-				Id:          existingNSGroupID,
-				Name:        baseExistingNSGroup.Name,
-				Description: "NewDesc",
-				Nameservers: toNameserverGroupResponse(baseExistingNSGroup).Nameservers,
-				Groups:      baseExistingNSGroup.Groups,
-				Enabled:     baseExistingNSGroup.Enabled,
-			},
-		},
-		{
-			name:           "PATCH Invalid Nameserver Group OK",
-			requestType:    http.MethodPatch,
-			requestPath:    "/api/dns/nameservers/" + notFoundRouteID,
-			requestBody:    bytes.NewBufferString("[{\"op\":\"replace\",\"path\":\"description\",\"value\":[\"NewDesc\"]}]"),
-			expectedStatus: http.StatusNotFound,
-			expectedBody:   false,
-		},
-	}
-
-	p := initNameserversTestData()
-
-	for _, tc := range tt {
-		t.Run(tc.name, func(t *testing.T) {
-			recorder := httptest.NewRecorder()
-			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
-
-			router := mux.NewRouter()
-			router.HandleFunc("/api/dns/nameservers/{id}", p.GetNameserverGroupHandler).Methods("GET")
-			router.HandleFunc("/api/dns/nameservers", p.CreateNameserverGroupHandler).Methods("POST")
-			router.HandleFunc("/api/dns/nameservers/{id}", p.DeleteNameserverGroupHandler).Methods("DELETE")
-			router.HandleFunc("/api/dns/nameservers/{id}", p.UpdateNameserverGroupHandler).Methods("PUT")
-			router.HandleFunc("/api/dns/nameservers/{id}", p.PatchNameserverGroupHandler).Methods("PATCH")
-			router.ServeHTTP(recorder, req)
-
-			res := recorder.Result()
-			defer res.Body.Close()
-
-			content, err := io.ReadAll(res.Body)
-			if err != nil {
-				t.Fatalf("I don't know what I expected; %v", err)
-			}
-
-			if status := recorder.Code; status != tc.expectedStatus {
-				t.Errorf("handler returned wrong status code: got %v want %v, content: %s",
-					status, tc.expectedStatus, string(content))
-				return
-			}
-
-			if !tc.expectedBody {
-				return
-			}
-
-			got := &api.NameserverGroup{}
-			if err = json.Unmarshal(content, &got); err != nil {
-				t.Fatalf("Sent content is not in correct json format; %v", err)
-			}
-			assert.Equal(t, tc.expectedNSGroup, got)
-		})
-	}
-}

management/server/http/peers.go

@@ -11,7 +11,7 @@ import (
 	"net/http"
 )
 
-// Peers is a handler that returns peers of the account
+//Peers is a handler that returns peers of the account
 type Peers struct {
 	accountManager server.AccountManager
 	authAudience   string
@@ -144,8 +144,5 @@ func toPeerResponse(peer *server.Peer, account *server.Account) *api.Peer {
 		Version:    peer.Meta.WtVersion,
 		Groups:     groupsInfo,
 		SshEnabled: peer.SSHEnabled,
-		Hostname:   peer.Meta.Hostname,
-		UserId:     &peer.UserID,
-		UiVersion:  &peer.Meta.UIVersion,
 	}
 }

management/server/http/peers_test.go

@@ -19,7 +19,7 @@ import (
 func initTestMetaData(peer ...*server.Peer) *Peers {
 	return &Peers{
 		accountManager: &mock_server.MockAccountManager{
-			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
+			GetAccountWithAuthorizationClaimsFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
 				return &server.Account{
 					Id:     claims.AccountId,
 					Domain: "hotmail.com",

management/server/http/routes.go

@@ -123,7 +123,7 @@ func (h *Routes) UpdateRouteHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var req api.PutApiRoutesIdJSONRequestBody
+	var req api.PutApiRoutesIdJSONBody
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return

management/server/http/routes_test.go

@@ -120,7 +120,7 @@ func initRoutesTestData() *Routes {
 				}
 				return routeToUpdate, nil
 			},
-			GetAccountFromTokenFunc: func(_ jwtclaims.AuthorizationClaims) (*server.Account, error) {
+			GetAccountWithAuthorizationClaimsFunc: func(_ jwtclaims.AuthorizationClaims) (*server.Account, error) {
 				return testingAccount, nil
 			},
 		},

management/server/http/rules_test.go

@@ -66,14 +66,14 @@ func initRulesTestData(rules ...*server.Rule) *Rules {
 				}
 				return &rule, nil
 			},
-			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
+			GetAccountWithAuthorizationClaimsFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
 				return &server.Account{
 					Id:     claims.AccountId,
 					Domain: "hotmail.com",
 					Rules:  map[string]*server.Rule{"id-existed": &server.Rule{ID: "id-existed"}},
 					Groups: map[string]*server.Group{
-						"F": {ID: "F"},
-						"G": {ID: "G"},
+						"F": &server.Group{ID: "F"},
+						"G": &server.Group{ID: "G"},
 					},
 				}, nil
 			},

management/server/http/setupkeys.go

@@ -6,15 +6,12 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/http/middleware"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"net/http"
-	"strings"
 	"time"
-	"unicode/utf8"
 )
 
 // SetupKeys is a handler that returns a list of setup keys of the account
@@ -110,11 +107,6 @@ func (h *SetupKeys) GetSetupKeyHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	isUserAdmin, ok := r.Context().Value(middleware.IsUserAdminProperty).(bool)
-	if !ok || !isUserAdmin {
-		key = hideKey(key)
-	}
-
 	writeSuccess(w, key)
 }
 
@@ -183,47 +175,40 @@ func (h *SetupKeys) GetAllSetupKeysHandler(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	isUserAdmin, ok := r.Context().Value(middleware.IsUserAdminProperty).(bool)
-	if !ok {
-		isUserAdmin = false
-	}
-
 	setupKeys, err := h.accountManager.ListSetupKeys(account.Id)
 	if err != nil {
 		log.Error(err)
 		http.Redirect(w, r, "/", http.StatusInternalServerError)
 		return
 	}
+
+	groups, err := h.accountManager.ListGroups(account.Id)
+	if err != nil {
+		log.Error(err)
+		http.Redirect(w, r, "/", http.StatusInternalServerError)
+		return
+	}
+
 	apiSetupKeys := make([]*api.SetupKey, 0)
 	for _, key := range setupKeys {
-		k := key.Copy()
-		if !isUserAdmin {
-			k = hideKey(key)
-		}
-		apiSetupKeys = append(apiSetupKeys, toResponseBody(k))
+		apiSetupKeys = append(apiSetupKeys, toResponseBody(groups, key))
 	}
 
 	writeJSONObject(w, apiSetupKeys)
 }
 
-func hideKey(key *server.SetupKey) *server.SetupKey {
-	k := key.Copy()
-	prefix := k.Key[0:5]
-	k.Key = prefix + strings.Repeat("*", utf8.RuneCountInString(key.Key)-len(prefix))
-	return k
-}
-
 func writeSuccess(w http.ResponseWriter, key *server.SetupKey) {
 	w.WriteHeader(200)
 	w.Header().Set("Content-Type", "application/json")
-	err := json.NewEncoder(w).Encode(toResponseBody(key))
+	err := json.NewEncoder(w).Encode(toResponseBody(nil, key))
 	if err != nil {
 		http.Error(w, "failed handling request", http.StatusInternalServerError)
 		return
 	}
 }
 
-func toResponseBody(key *server.SetupKey) *api.SetupKey {
+// toResponseBody takes a list of all groups, a key, finds groups that belong to the key and add them to the response
+func toResponseBody(groups []*server.Group, key *server.SetupKey) *api.SetupKey {
 	var state string
 	if key.IsExpired() {
 		state = "expired"
@@ -235,6 +220,17 @@ func toResponseBody(key *server.SetupKey) *api.SetupKey {
 		state = "valid"
 	}
 
+	// should be instantiated like that to ensure if empty, we return an empty array to the client
+	autoGroups := []api.GroupMinimum{}
+	for _, group := range groups {
+		for _, keyGroup := range key.AutoGroups {
+			if group.ID == keyGroup {
+				autoGroups = append(autoGroups, *toGroupMinimumResponse(group))
+				break
+			}
+		}
+	}
+
 	return &api.SetupKey{
 		Id:         key.Id,
 		Key:        key.Key,
@@ -246,7 +242,7 @@ func toResponseBody(key *server.SetupKey) *api.SetupKey {
 		UsedTimes:  key.UsedTimes,
 		LastUsed:   key.LastUsed,
 		State:      state,
-		AutoGroups: key.AutoGroups,
+		AutoGroups: autoGroups,
 		UpdatedAt:  key.UpdatedAt,
 	}
 }

management/server/http/setupkeys_test.go

@@ -2,7 +2,6 @@ package http
 
 import (
 	"bytes"
-	"context"
 	"encoding/json"
 	"fmt"
 	"github.com/gorilla/mux"
@@ -32,7 +31,7 @@ const (
 func initSetupKeysTestMetaData(defaultKey *server.SetupKey, newKey *server.SetupKey, updatedSetupKey *server.SetupKey) *SetupKeys {
 	return &SetupKeys{
 		accountManager: &mock_server.MockAccountManager{
-			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
+			GetAccountWithAuthorizationClaimsFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
 				return &server.Account{
 					Id:     testAccountID,
 					Domain: "hotmail.com",
@@ -111,7 +110,7 @@ func TestSetupKeysHandlers(t *testing.T) {
 			requestPath:       "/api/setup-keys",
 			expectedStatus:    http.StatusOK,
 			expectedBody:      true,
-			expectedSetupKeys: []*api.SetupKey{toResponseBody(defaultSetupKey)},
+			expectedSetupKeys: []*api.SetupKey{toResponseBody(nil, defaultSetupKey)},
 		},
 		{
 			name:             "Get Existing Setup Key",
@@ -119,7 +118,7 @@ func TestSetupKeysHandlers(t *testing.T) {
 			requestPath:      "/api/setup-keys/" + existingSetupKeyID,
 			expectedStatus:   http.StatusOK,
 			expectedBody:     true,
-			expectedSetupKey: toResponseBody(defaultSetupKey),
+			expectedSetupKey: toResponseBody(nil, defaultSetupKey),
 		},
 		{
 			name:           "Get Not Existing Setup Key",
@@ -136,7 +135,7 @@ func TestSetupKeysHandlers(t *testing.T) {
 				[]byte(fmt.Sprintf("{\"name\":\"%s\",\"type\":\"%s\"}", newSetupKey.Name, newSetupKey.Type))),
 			expectedStatus:   http.StatusOK,
 			expectedBody:     true,
-			expectedSetupKey: toResponseBody(newSetupKey),
+			expectedSetupKey: toResponseBody(nil, newSetupKey),
 		},
 		{
 			name:        "Update Setup Key",
@@ -150,7 +149,7 @@ func TestSetupKeysHandlers(t *testing.T) {
 				))),
 			expectedStatus:   http.StatusOK,
 			expectedBody:     true,
-			expectedSetupKey: toResponseBody(updatedDefaultSetupKey),
+			expectedSetupKey: toResponseBody(nil, updatedDefaultSetupKey),
 		},
 	}
 
@@ -160,7 +159,6 @@ func TestSetupKeysHandlers(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			recorder := httptest.NewRecorder()
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
-			req = req.Clone(context.WithValue(context.TODO(), "isAdminUser", true)) //nolint
 
 			router := mux.NewRouter()
 			router.HandleFunc("/api/setup-keys", handler.GetAllSetupKeysHandler).Methods("GET", "OPTIONS")

management/server/http/users.go

@@ -1,15 +1,11 @@
 package http
 
 import (
-	"encoding/json"
-	"fmt"
-	"github.com/gorilla/mux"
 	"github.com/netbirdio/netbird/management/server/http/api"
-	log "github.com/sirupsen/logrus"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 	"net/http"
 
+	log "github.com/sirupsen/logrus"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 )
@@ -28,103 +24,6 @@ func NewUserHandler(accountManager server.AccountManager, authAudience string) *
 	}
 }
 
-// UpdateUser is a PUT requests to update User data
-func (h *UserHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPut {
-		http.Error(w, "", http.StatusBadRequest)
-	}
-
-	account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
-	if err != nil {
-		log.Error(err)
-		http.Redirect(w, r, "/", http.StatusInternalServerError)
-		return
-	}
-
-	vars := mux.Vars(r)
-	userID := vars["id"]
-	if len(userID) == 0 {
-		http.Error(w, "invalid user ID", http.StatusBadRequest)
-		return
-	}
-
-	req := &api.PutApiUsersIdJSONRequestBody{}
-	err = json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusBadRequest)
-		return
-	}
-
-	userRole := server.StrRoleToUserRole(req.Role)
-	if userRole == server.UserRoleUnknown {
-		http.Error(w, "invalid user role", http.StatusBadRequest)
-		return
-	}
-
-	newUser, err := h.accountManager.SaveUser(account.Id, &server.User{
-		Id:         userID,
-		Role:       userRole,
-		AutoGroups: req.AutoGroups,
-	})
-	if err != nil {
-		if e, ok := status.FromError(err); ok {
-			switch e.Code() {
-			case codes.NotFound:
-				http.Error(w, fmt.Sprintf("couldn't find a user for ID %s", userID), http.StatusNotFound)
-			default:
-				http.Error(w, "failed to update user", http.StatusInternalServerError)
-			}
-		}
-		return
-	}
-	writeJSONObject(w, toUserResponse(newUser))
-
-}
-
-// CreateUserHandler creates a User in the system with a status "invited" (effectively this is a user invite).
-func (h *UserHandler) CreateUserHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPost {
-		http.Error(w, "", http.StatusNotFound)
-	}
-
-	account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
-	if err != nil {
-		log.Error(err)
-	}
-
-	req := &api.PostApiUsersJSONRequestBody{}
-	err = json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusBadRequest)
-		return
-	}
-
-	if server.StrRoleToUserRole(req.Role) == server.UserRoleUnknown {
-		http.Error(w, "unknown user role "+req.Role, http.StatusBadRequest)
-		return
-	}
-
-	newUser, err := h.accountManager.CreateUser(account.Id, &server.UserInfo{
-		Email:      req.Email,
-		Name:       *req.Name,
-		Role:       req.Role,
-		AutoGroups: req.AutoGroups,
-	})
-	if err != nil {
-		if e, ok := server.FromError(err); ok {
-			switch e.Type() {
-			case server.UserAlreadyExists:
-				http.Error(w, "You can't invite users with an existing NetBird account.", http.StatusPreconditionFailed)
-				return
-			default:
-			}
-		}
-		http.Error(w, "failed to invite", http.StatusInternalServerError)
-		return
-	}
-	writeJSONObject(w, toUserResponse(newUser))
-}
-
 // GetUsers returns a list of users of the account this user belongs to.
 // It also gathers additional user data (like email and name) from the IDP manager.
 func (h *UserHandler) GetUsers(w http.ResponseWriter, r *http.Request) {
@@ -144,7 +43,7 @@ func (h *UserHandler) GetUsers(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	users := make([]*api.User, 0)
+	users := []*api.User{}
 	for _, r := range data {
 		users = append(users, toUserResponse(r))
 	}
@@ -153,28 +52,10 @@ func (h *UserHandler) GetUsers(w http.ResponseWriter, r *http.Request) {
 }
 
 func toUserResponse(user *server.UserInfo) *api.User {
-
-	autoGroups := user.AutoGroups
-	if autoGroups == nil {
-		autoGroups = []string{}
-	}
-
-	var userStatus api.UserStatus
-	switch user.Status {
-	case "active":
-		userStatus = api.UserStatusActive
-	case "invited":
-		userStatus = api.UserStatusInvited
-	default:
-		userStatus = api.UserStatusDisabled
-	}
-
 	return &api.User{
-		Id:         user.ID,
-		Name:       user.Name,
-		Email:      user.Email,
-		Role:       user.Role,
-		AutoGroups: autoGroups,
-		Status:     userStatus,
+		Id:    user.ID,
+		Name:  user.Name,
+		Email: user.Email,
+		Role:  user.Role,
 	}
 }

management/server/http/users_test.go

@@ -16,7 +16,7 @@ import (
 func initUsers(user ...*server.User) *UserHandler {
 	return &UserHandler{
 		accountManager: &mock_server.MockAccountManager{
-			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
+			GetAccountWithAuthorizationClaimsFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
 				users := make(map[string]*server.User, 0)
 				for _, u := range user {
 					users[u.Id] = u

management/server/http/util.go

@@ -6,14 +6,11 @@ import (
 	"fmt"
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
-	log "github.com/sirupsen/logrus"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 	"net/http"
 	"time"
 )
 
-// writeJSONObject simply writes object to the HTTP reponse in JSON format
+//writeJSONObject simply writes object to the HTTP reponse in JSON format
 func writeJSONObject(w http.ResponseWriter, obj interface{}) {
 	w.WriteHeader(http.StatusOK)
 	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
@@ -24,7 +21,7 @@ func writeJSONObject(w http.ResponseWriter, obj interface{}) {
 	}
 }
 
-// Duration is used strictly for JSON requests/responses due to duration marshalling issues
+//Duration is used strictly for JSON requests/responses due to duration marshalling issues
 type Duration struct {
 	time.Duration
 }
@@ -60,32 +57,10 @@ func getJWTAccount(accountManager server.AccountManager,
 
 	jwtClaims := jwtExtractor.ExtractClaimsFromRequestContext(r, authAudience)
 
-	account, err := accountManager.GetAccountFromToken(jwtClaims)
+	account, err := accountManager.GetAccountWithAuthorizationClaims(jwtClaims)
 	if err != nil {
 		return nil, fmt.Errorf("failed getting account of a user %s: %v", jwtClaims.UserId, err)
 	}
 
 	return account, nil
 }
-
-func toHTTPError(err error, w http.ResponseWriter) {
-	errStatus, ok := status.FromError(err)
-	if ok && errStatus.Code() == codes.Internal {
-		http.Error(w, errStatus.String(), http.StatusInternalServerError)
-		return
-	}
-
-	if ok && errStatus.Code() == codes.NotFound {
-		http.Error(w, errStatus.String(), http.StatusNotFound)
-		return
-	}
-
-	if ok && errStatus.Code() == codes.InvalidArgument {
-		http.Error(w, errStatus.String(), http.StatusBadRequest)
-		return
-	}
-
-	unhandledMSG := fmt.Sprintf("got unhandled error code, error: %s", errStatus.String())
-	log.Error(unhandledMSG)
-	http.Error(w, unhandledMSG, http.StatusInternalServerError)
-}

management/server/idp/auth0.go

@@ -6,8 +6,8 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/netbirdio/netbird/management/server/telemetry"
 	"io"
+	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -25,7 +25,6 @@ type Auth0Manager struct {
 	httpClient  ManagerHTTPClient
 	credentials ManagerCredentials
 	helper      ManagerHelper
-	appMetrics  telemetry.AppMetrics
 }
 
 // Auth0ClientConfig auth0 manager client configurations
@@ -53,17 +52,6 @@ type Auth0Credentials struct {
 	httpClient   ManagerHTTPClient
 	jwtToken     JWTToken
 	mux          sync.Mutex
-	appMetrics   telemetry.AppMetrics
-}
-
-// createUserRequest is a user create request
-type createUserRequest struct {
-	Email       string      `json:"email"`
-	Name        string      `json:"name"`
-	AppMeta     AppMetadata `json:"app_metadata"`
-	Connection  string      `json:"connection"`
-	Password    string      `json:"password"`
-	VerifyEmail bool        `json:"verify_email"`
 }
 
 // userExportJobRequest is a user export request struct
@@ -99,17 +87,16 @@ type userExportJobStatusResponse struct {
 
 // auth0Profile represents an Auth0 user profile response
 type auth0Profile struct {
-	AccountID     string `json:"wt_account_id"`
-	PendingInvite bool   `json:"wt_pending_invite"`
-	UserID        string `json:"user_id"`
-	Name          string `json:"name"`
-	Email         string `json:"email"`
-	CreatedAt     string `json:"created_at"`
-	LastLogin     string `json:"last_login"`
+	AccountID string `json:"wt_account_id"`
+	UserID    string `json:"user_id"`
+	Name      string `json:"name"`
+	Email     string `json:"email"`
+	CreatedAt string `json:"created_at"`
+	LastLogin string `json:"last_login"`
 }
 
 // NewAuth0Manager creates a new instance of the Auth0Manager
-func NewAuth0Manager(config Auth0ClientConfig, appMetrics telemetry.AppMetrics) (*Auth0Manager, error) {
+func NewAuth0Manager(config Auth0ClientConfig) (*Auth0Manager, error) {
 
 	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
 	httpTransport.MaxIdleConns = 5
@@ -137,15 +124,12 @@ func NewAuth0Manager(config Auth0ClientConfig, appMetrics telemetry.AppMetrics)
 		clientConfig: config,
 		httpClient:   httpClient,
 		helper:       helper,
-		appMetrics:   appMetrics,
 	}
-
 	return &Auth0Manager{
 		authIssuer:  config.AuthIssuer,
 		credentials: credentials,
 		httpClient:  httpClient,
 		helper:      helper,
-		appMetrics:  appMetrics,
 	}, nil
 }
 
@@ -176,9 +160,6 @@ func (c *Auth0Credentials) requestJWTToken() (*http.Response, error) {
 
 	res, err = c.httpClient.Do(req)
 	if err != nil {
-		if c.appMetrics != nil {
-			c.appMetrics.IDPMetrics().CountRequestError()
-		}
 		return res, err
 	}
 
@@ -191,7 +172,7 @@ func (c *Auth0Credentials) requestJWTToken() (*http.Response, error) {
 // parseRequestJWTResponse parses jwt raw response body and extracts token and expires in seconds
 func (c *Auth0Credentials) parseRequestJWTResponse(rawBody io.ReadCloser) (JWTToken, error) {
 	jwtToken := JWTToken{}
-	body, err := io.ReadAll(rawBody)
+	body, err := ioutil.ReadAll(rawBody)
 	if err != nil {
 		return jwtToken, err
 	}
@@ -223,10 +204,6 @@ func (c *Auth0Credentials) Authenticate() (JWTToken, error) {
 	c.mux.Lock()
 	defer c.mux.Unlock()
 
-	if c.appMetrics != nil {
-		c.appMetrics.IDPMetrics().CountAuthenticate()
-	}
-
 	// If jwtToken has an expires time and we have enough time to do a request return immediately
 	if c.jwtStillValid() {
 		return c.jwtToken, nil
@@ -253,7 +230,7 @@ func (c *Auth0Credentials) Authenticate() (JWTToken, error) {
 	return c.jwtToken, nil
 }
 
-func batchRequestUsersURL(authIssuer, accountID string, page int, perPage int) (string, url.Values, error) {
+func batchRequestUsersURL(authIssuer, accountID string, page int) (string, url.Values, error) {
 	u, err := url.Parse(authIssuer + "/api/v2/users")
 	if err != nil {
 		return "", nil, err
@@ -261,7 +238,6 @@ func batchRequestUsersURL(authIssuer, accountID string, page int, perPage int) (
 	q := u.Query()
 	q.Set("page", strconv.Itoa(page))
 	q.Set("search_engine", "v3")
-	q.Set("per_page", strconv.Itoa(perPage))
 	q.Set("q", "app_metadata.wt_account_id:"+accountID)
 	u.RawQuery = q.Encode()
 
@@ -283,9 +259,8 @@ func (am *Auth0Manager) GetAccount(accountID string) ([]*UserData, error) {
 
 	// https://auth0.com/docs/manage-users/user-search/retrieve-users-with-get-users-endpoint#limitations
 	// auth0 limitation of 1000 users via this endpoint
-	resultsPerPage := 50
 	for page := 0; page < 20; page++ {
-		reqURL, query, err := batchRequestUsersURL(am.authIssuer, accountID, page, resultsPerPage)
+		reqURL, query, err := batchRequestUsersURL(am.authIssuer, accountID, page)
 		if err != nil {
 			return nil, err
 		}
@@ -300,46 +275,38 @@ func (am *Auth0Manager) GetAccount(accountID string) ([]*UserData, error) {
 
 		res, err := am.httpClient.Do(req)
 		if err != nil {
-			if am.appMetrics != nil {
-				am.appMetrics.IDPMetrics().CountRequestError()
-			}
 			return nil, err
 		}
 
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountGetAccount()
-		}
-
 		body, err := io.ReadAll(res.Body)
 		if err != nil {
 			return nil, err
 		}
 
-		if res.StatusCode != 200 {
-			return nil, fmt.Errorf("failed requesting user data from IdP %s", string(body))
-		}
-
 		var batch []UserData
 		err = json.Unmarshal(body, &batch)
 		if err != nil {
 			return nil, err
 		}
 
-		log.Debugf("returned user batch for accountID %s on page %d, %v", accountID, page, batch)
+		log.Debugf("requested batch; %v", batch)
 
 		err = res.Body.Close()
 		if err != nil {
 			return nil, err
 		}
 
-		for user := range batch {
-			list = append(list, &batch[user])
+		if res.StatusCode != 200 {
+			return nil, fmt.Errorf("unable to request UserData from auth0, statusCode %d", res.StatusCode)
 		}
 
-		if len(batch) == 0 || len(batch) < resultsPerPage {
-			log.Debugf("finished loading users for accountID %s", accountID)
+		if len(batch) == 0 {
 			return list, nil
 		}
+
+		for user := range batch {
+			list = append(list, &batch[user])
+		}
 	}
 
 	return list, nil
@@ -362,16 +329,9 @@ func (am *Auth0Manager) GetUserDataByID(userID string, appMetadata AppMetadata)
 
 	res, err := am.httpClient.Do(req)
 	if err != nil {
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestError()
-		}
 		return nil, err
 	}
 
-	if am.appMetrics != nil {
-		am.appMetrics.IDPMetrics().CountGetUserDataByID()
-	}
-
 	body, err := io.ReadAll(res.Body)
 	if err != nil {
 		return nil, err
@@ -407,12 +367,14 @@ func (am *Auth0Manager) UpdateUserAppMetadata(userID string, appMetadata AppMeta
 
 	reqURL := am.authIssuer + "/api/v2/users/" + userID
 
-	data, err := am.helper.Marshal(map[string]any{"app_metadata": appMetadata})
+	data, err := am.helper.Marshal(appMetadata)
 	if err != nil {
 		return err
 	}
 
-	payload := strings.NewReader(string(data))
+	payloadString := fmt.Sprintf("{\"app_metadata\": %s}", string(data))
+
+	payload := strings.NewReader(payloadString)
 
 	req, err := http.NewRequest("PATCH", reqURL, payload)
 	if err != nil {
@@ -421,20 +383,13 @@ func (am *Auth0Manager) UpdateUserAppMetadata(userID string, appMetadata AppMeta
 	req.Header.Add("authorization", "Bearer "+jwtToken.AccessToken)
 	req.Header.Add("content-type", "application/json")
 
-	log.Debugf("updating IdP metadata for user %s", userID)
+	log.Debugf("updating metadata for user %s", userID)
 
 	res, err := am.httpClient.Do(req)
 	if err != nil {
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestError()
-		}
 		return err
 	}
 
-	if am.appMetrics != nil {
-		am.appMetrics.IDPMetrics().CountUpdateUserAppMetadata()
-	}
-
 	defer func() {
 		err = res.Body.Close()
 		if err != nil {
@@ -449,28 +404,6 @@ func (am *Auth0Manager) UpdateUserAppMetadata(userID string, appMetadata AppMeta
 	return nil
 }
 
-func buildCreateUserRequestPayload(email string, name string, accountID string) (string, error) {
-	invite := true
-	req := &createUserRequest{
-		Email: email,
-		Name:  name,
-		AppMeta: AppMetadata{
-			WTAccountID:     accountID,
-			WTPendingInvite: &invite,
-		},
-		Connection:  "Username-Password-Authentication",
-		Password:    GeneratePassword(8, 1, 1, 1),
-		VerifyEmail: true,
-	}
-
-	str, err := json.Marshal(req)
-	if err != nil {
-		return "", err
-	}
-
-	return string(str), nil
-}
-
 func buildUserExportRequest() (string, error) {
 	req := &userExportJobRequest{}
 	fields := make([]map[string]string, 0)
@@ -484,11 +417,6 @@ func buildUserExportRequest() (string, error) {
 		"export_as": "wt_account_id",
 	})
 
-	fields = append(fields, map[string]string{
-		"name":      "app_metadata.wt_pending_invite",
-		"export_as": "wt_pending_invite",
-	})
-
 	req.Format = "json"
 	req.Fields = fields
 
@@ -500,46 +428,32 @@ func buildUserExportRequest() (string, error) {
 	return string(str), nil
 }
 
-func (am *Auth0Manager) createPostRequest(endpoint string, payloadStr string) (*http.Request, error) {
+// GetAllAccounts gets all registered accounts with corresponding user data.
+// It returns a list of users indexed by accountID.
+func (am *Auth0Manager) GetAllAccounts() (map[string][]*UserData, error) {
 	jwtToken, err := am.credentials.Authenticate()
 	if err != nil {
 		return nil, err
 	}
 
-	reqURL := am.authIssuer + endpoint
+	reqURL := am.authIssuer + "/api/v2/jobs/users-exports"
 
-	payload := strings.NewReader(payloadStr)
-
-	req, err := http.NewRequest("POST", reqURL, payload)
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Add("authorization", "Bearer "+jwtToken.AccessToken)
-	req.Header.Add("content-type", "application/json")
-
-	return req, nil
-
-}
-
-// GetAllAccounts gets all registered accounts with corresponding user data.
-// It returns a list of users indexed by accountID.
-func (am *Auth0Manager) GetAllAccounts() (map[string][]*UserData, error) {
 	payloadString, err := buildUserExportRequest()
 	if err != nil {
 		return nil, err
 	}
+	payload := strings.NewReader(payloadString)
 
-	exportJobReq, err := am.createPostRequest("/api/v2/jobs/users-exports", payloadString)
+	exportJobReq, err := http.NewRequest("POST", reqURL, payload)
 	if err != nil {
 		return nil, err
 	}
+	exportJobReq.Header.Add("authorization", "Bearer "+jwtToken.AccessToken)
+	exportJobReq.Header.Add("content-type", "application/json")
 
 	jobResp, err := am.httpClient.Do(exportJobReq)
 	if err != nil {
 		log.Debugf("Couldn't get job response %v", err)
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestError()
-		}
 		return nil, err
 	}
 
@@ -550,15 +464,12 @@ func (am *Auth0Manager) GetAllAccounts() (map[string][]*UserData, error) {
 		}
 	}()
 	if jobResp.StatusCode != 200 {
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestStatusError()
-		}
 		return nil, fmt.Errorf("unable to update the appMetadata, statusCode %d", jobResp.StatusCode)
 	}
 
 	var exportJobResp userExportJobResponse
 
-	body, err := io.ReadAll(jobResp.Body)
+	body, err := ioutil.ReadAll(jobResp.Body)
 	if err != nil {
 		log.Debugf("Coudln't read export job response; %v", err)
 		return nil, err
@@ -571,9 +482,6 @@ func (am *Auth0Manager) GetAllAccounts() (map[string][]*UserData, error) {
 	}
 
 	if exportJobResp.ID == "" {
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestStatusError()
-		}
 		return nil, fmt.Errorf("couldn't get an batch id status %d, %s, response body: %v", jobResp.StatusCode, jobResp.Status, exportJobResp)
 	}
 
@@ -592,96 +500,6 @@ func (am *Auth0Manager) GetAllAccounts() (map[string][]*UserData, error) {
 	return nil, fmt.Errorf("failed extracting user profiles from auth0")
 }
 
-// GetUserByEmail searches users with a given email. If no users have been found, this function returns an empty list.
-// This function can return multiple users. This is due to the Auth0 internals - there could be multiple users with
-// the same email but different connections that are considered as separate accounts (e.g., Google and username/password).
-func (am *Auth0Manager) GetUserByEmail(email string) ([]*UserData, error) {
-	jwtToken, err := am.credentials.Authenticate()
-	if err != nil {
-		return nil, err
-	}
-	reqURL := am.authIssuer + "/api/v2/users-by-email?email=" + url.QueryEscape(email)
-	body, err := doGetReq(am.httpClient, reqURL, jwtToken.AccessToken)
-	if err != nil {
-		return nil, err
-	}
-
-	if am.appMetrics != nil {
-		am.appMetrics.IDPMetrics().CountGetUserByEmail()
-	}
-
-	userResp := []*UserData{}
-
-	err = am.helper.Unmarshal(body, &userResp)
-	if err != nil {
-		log.Debugf("Coudln't unmarshal export job response; %v", err)
-		return nil, err
-	}
-
-	return userResp, nil
-}
-
-// CreateUser creates a new user in Auth0 Idp and sends an invite
-func (am *Auth0Manager) CreateUser(email string, name string, accountID string) (*UserData, error) {
-
-	payloadString, err := buildCreateUserRequestPayload(email, name, accountID)
-	if err != nil {
-		return nil, err
-	}
-	req, err := am.createPostRequest("/api/v2/users", payloadString)
-	if err != nil {
-		return nil, err
-	}
-
-	if am.appMetrics != nil {
-		am.appMetrics.IDPMetrics().CountCreateUser()
-	}
-
-	resp, err := am.httpClient.Do(req)
-	if err != nil {
-		log.Debugf("Couldn't get job response %v", err)
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestError()
-		}
-		return nil, err
-	}
-
-	defer func() {
-		err = resp.Body.Close()
-		if err != nil {
-			log.Errorf("error while closing create user response body: %v", err)
-		}
-	}()
-	if !(resp.StatusCode == 200 || resp.StatusCode == 201) {
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestStatusError()
-		}
-		return nil, fmt.Errorf("unable to create user, statusCode %d", resp.StatusCode)
-	}
-
-	var createResp UserData
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		log.Debugf("Coudln't read export job response; %v", err)
-		return nil, err
-	}
-
-	err = am.helper.Unmarshal(body, &createResp)
-	if err != nil {
-		log.Debugf("Coudln't unmarshal export job response; %v", err)
-		return nil, err
-	}
-
-	if createResp.ID == "" {
-		return nil, fmt.Errorf("couldn't create user: response %v", resp)
-	}
-
-	log.Debugf("created user %s in account %s", createResp.ID, accountID)
-
-	return &createResp, nil
-}
-
 // checkExportJobStatus checks the status of the job created at CreateExportUsersJob.
 // If the status is "completed", then return the downloadLink
 func (am *Auth0Manager) checkExportJobStatus(jobID string) (bool, string, error) {
@@ -754,10 +572,6 @@ func (am *Auth0Manager) downloadProfileExport(location string) (map[string][]*Us
 					ID:    profile.UserID,
 					Name:  profile.Name,
 					Email: profile.Email,
-					AppMetadata: AppMetadata{
-						WTAccountID:     profile.AccountID,
-						WTPendingInvite: &profile.PendingInvite,
-					},
 				})
 		}
 	}
@@ -787,12 +601,13 @@ func doGetReq(client ManagerHTTPClient, url, accessToken string) ([]byte, error)
 			log.Errorf("error while closing body for url %s: %v", url, err)
 		}
 	}()
-	body, err := io.ReadAll(res.Body)
-	if err != nil {
-		return nil, err
-	}
 	if res.StatusCode != 200 {
 		return nil, fmt.Errorf("unable to get %s, statusCode %d", url, res.StatusCode)
 	}
+
+	body, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return nil, err
+	}
 	return body, nil
 }

management/server/idp/auth0_test.go

@@ -3,9 +3,8 @@ package idp
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/netbirdio/netbird/management/server/telemetry"
 	"github.com/stretchr/testify/require"
-	"io"
+	"io/ioutil"
 	"net/http"
 	"strings"
 	"testing"
@@ -23,13 +22,13 @@ type mockHTTPClient struct {
 }
 
 func (c *mockHTTPClient) Do(req *http.Request) (*http.Response, error) {
-	body, err := io.ReadAll(req.Body)
+	body, err := ioutil.ReadAll(req.Body)
 	if err == nil {
 		c.reqBody = string(body)
 	}
 	return &http.Response{
 		StatusCode: c.code,
-		Body:       io.NopCloser(strings.NewReader(c.resBody)),
+		Body:       ioutil.NopCloser(strings.NewReader(c.resBody)),
 	}, c.err
 }
 
@@ -131,7 +130,7 @@ func TestAuth0_RequestJWTToken(t *testing.T) {
 					t.Fatal(err)
 				}
 			}
-			body, err := io.ReadAll(res.Body)
+			body, err := ioutil.ReadAll(res.Body)
 			assert.NoError(t, err, "unable to read the response body")
 
 			jwtToken := JWTToken{}
@@ -179,7 +178,7 @@ func TestAuth0_ParseRequestJWTResponse(t *testing.T) {
 	for _, testCase := range []parseRequestJWTResponseTest{parseRequestJWTResponseTestCase1, parseRequestJWTResponseTestCase2} {
 		t.Run(testCase.name, func(t *testing.T) {
 
-			rawBody := io.NopCloser(strings.NewReader(testCase.inputResBody))
+			rawBody := ioutil.NopCloser(strings.NewReader(testCase.inputResBody))
 
 			config := Auth0ClientConfig{}
 
@@ -321,7 +320,7 @@ func TestAuth0_UpdateUserAppMetadata(t *testing.T) {
 
 	exp := 15
 	token := newTestJWT(t, exp)
-	appMetadata := AppMetadata{WTAccountID: "ok"}
+	appMetadata := AppMetadata{WTAccountId: "ok"}
 
 	updateUserAppMetadataTestCase1 := updateUserAppMetadataTest{
 		name:            "Bad Authentication",
@@ -341,7 +340,7 @@ func TestAuth0_UpdateUserAppMetadata(t *testing.T) {
 	updateUserAppMetadataTestCase2 := updateUserAppMetadataTest{
 		name:            "Bad Status Code",
 		inputReqBody:    fmt.Sprintf("{\"access_token\":\"%s\",\"scope\":\"read:users\",\"expires_in\":%d,\"token_type\":\"Bearer\"}", token, exp),
-		expectedReqBody: fmt.Sprintf("{\"app_metadata\":{\"wt_account_id\":\"%s\",\"wt_pending_invite\":null}}", appMetadata.WTAccountID),
+		expectedReqBody: fmt.Sprintf("{\"app_metadata\": {\"wt_account_id\":\"%s\"}}", appMetadata.WTAccountId),
 		appMetadata:     appMetadata,
 		statusCode:      400,
 		helper:          JsonParser{},
@@ -364,7 +363,7 @@ func TestAuth0_UpdateUserAppMetadata(t *testing.T) {
 	updateUserAppMetadataTestCase4 := updateUserAppMetadataTest{
 		name:                 "Good request",
 		inputReqBody:         fmt.Sprintf("{\"access_token\":\"%s\",\"scope\":\"read:users\",\"expires_in\":%d,\"token_type\":\"Bearer\"}", token, exp),
-		expectedReqBody:      fmt.Sprintf("{\"app_metadata\":{\"wt_account_id\":\"%s\",\"wt_pending_invite\":null}}", appMetadata.WTAccountID),
+		expectedReqBody:      fmt.Sprintf("{\"app_metadata\": {\"wt_account_id\":\"%s\"}}", appMetadata.WTAccountId),
 		appMetadata:          appMetadata,
 		statusCode:           200,
 		helper:               JsonParser{},
@@ -372,23 +371,7 @@ func TestAuth0_UpdateUserAppMetadata(t *testing.T) {
 		assertErrFuncMessage: "shouldn't return error",
 	}
 
-	invite := true
-	updateUserAppMetadataTestCase5 := updateUserAppMetadataTest{
-		name:            "Update Pending Invite",
-		inputReqBody:    fmt.Sprintf("{\"access_token\":\"%s\",\"scope\":\"read:users\",\"expires_in\":%d,\"token_type\":\"Bearer\"}", token, exp),
-		expectedReqBody: fmt.Sprintf("{\"app_metadata\":{\"wt_account_id\":\"%s\",\"wt_pending_invite\":true}}", appMetadata.WTAccountID),
-		appMetadata: AppMetadata{
-			WTAccountID:     "ok",
-			WTPendingInvite: &invite,
-		},
-		statusCode:           200,
-		helper:               JsonParser{},
-		assertErrFunc:        assert.NoError,
-		assertErrFuncMessage: "shouldn't return error",
-	}
-
-	for _, testCase := range []updateUserAppMetadataTest{updateUserAppMetadataTestCase1, updateUserAppMetadataTestCase2,
-		updateUserAppMetadataTestCase3, updateUserAppMetadataTestCase4, updateUserAppMetadataTestCase5} {
+	for _, testCase := range []updateUserAppMetadataTest{updateUserAppMetadataTestCase1, updateUserAppMetadataTestCase2, updateUserAppMetadataTestCase3, updateUserAppMetadataTestCase4} {
 		t.Run(testCase.name, func(t *testing.T) {
 			jwtReqClient := mockHTTPClient{
 				resBody: testCase.inputReqBody,
@@ -476,7 +459,7 @@ func TestNewAuth0Manager(t *testing.T) {
 
 	for _, testCase := range []test{testCase1, testCase2, testCase3, testCase4} {
 		t.Run(testCase.name, func(t *testing.T) {
-			_, err := NewAuth0Manager(testCase.inputConfig, &telemetry.MockAppMetrics{})
+			_, err := NewAuth0Manager(testCase.inputConfig)
 			testCase.assertErrFunc(t, err, testCase.assertErrFuncMessage)
 		})
 	}

management/server/idp/idp.go

@@ -2,7 +2,6 @@ package idp
 
 import (
 	"fmt"
-	"github.com/netbirdio/netbird/management/server/telemetry"
 	"net/http"
 	"strings"
 	"time"
@@ -14,8 +13,6 @@ type Manager interface {
 	GetUserDataByID(userId string, appMetadata AppMetadata) (*UserData, error)
 	GetAccount(accountId string) ([]*UserData, error)
 	GetAllAccounts() (map[string][]*UserData, error)
-	CreateUser(email string, name string, accountID string) (*UserData, error)
-	GetUserByEmail(email string) ([]*UserData, error)
 }
 
 // Config an idp configuration struct to be loaded from management server's config file
@@ -41,18 +38,16 @@ type ManagerHelper interface {
 }
 
 type UserData struct {
-	Email       string      `json:"email"`
-	Name        string      `json:"name"`
-	ID          string      `json:"user_id"`
-	AppMetadata AppMetadata `json:"app_metadata"`
+	Email string `json:"email"`
+	Name  string `json:"name"`
+	ID    string `json:"user_id"`
 }
 
 // AppMetadata user app metadata to associate with a profile
 type AppMetadata struct {
-	// WTAccountID is a NetBird (previously Wiretrustee) account id to update in the IDP
+	// Wiretrustee account id to update in the IDP
 	// maps to wt_account_id when json.marshal
-	WTAccountID     string `json:"wt_account_id,omitempty"`
-	WTPendingInvite *bool  `json:"wt_pending_invite"`
+	WTAccountId string `json:"wt_account_id"`
 }
 
 // JWTToken a JWT object that holds information of a token
@@ -65,12 +60,12 @@ type JWTToken struct {
 }
 
 // NewManager returns a new idp manager based on the configuration that it receives
-func NewManager(config Config, appMetrics telemetry.AppMetrics) (Manager, error) {
+func NewManager(config Config) (Manager, error) {
 	switch strings.ToLower(config.ManagerType) {
 	case "none", "":
 		return nil, nil
 	case "auth0":
-		return NewAuth0Manager(config.Auth0ClientCredentials, appMetrics)
+		return NewAuth0Manager(config.Auth0ClientCredentials)
 	default:
 		return nil, fmt.Errorf("invalid manager type: %s", config.ManagerType)
 	}

management/server/idp/util.go

@@ -1,18 +1,6 @@
 package idp
 
-import (
-	"encoding/json"
-	"math/rand"
-	"strings"
-)
-
-var (
-	lowerCharSet   = "abcdedfghijklmnopqrst"
-	upperCharSet   = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-	specialCharSet = "!@#$%&*"
-	numberSet      = "0123456789"
-	allCharSet     = lowerCharSet + upperCharSet + specialCharSet + numberSet
-)
+import "encoding/json"
 
 type JsonParser struct{}
 
@@ -23,37 +11,3 @@ func (JsonParser) Marshal(v interface{}) ([]byte, error) {
 func (JsonParser) Unmarshal(data []byte, v interface{}) error {
 	return json.Unmarshal(data, v)
 }
-
-// GeneratePassword generates user password
-func GeneratePassword(passwordLength, minSpecialChar, minNum, minUpperCase int) string {
-	var password strings.Builder
-
-	//Set special character
-	for i := 0; i < minSpecialChar; i++ {
-		random := rand.Intn(len(specialCharSet))
-		password.WriteString(string(specialCharSet[random]))
-	}
-
-	//Set numeric
-	for i := 0; i < minNum; i++ {
-		random := rand.Intn(len(numberSet))
-		password.WriteString(string(numberSet[random]))
-	}
-
-	//Set uppercase
-	for i := 0; i < minUpperCase; i++ {
-		random := rand.Intn(len(upperCharSet))
-		password.WriteString(string(upperCharSet[random]))
-	}
-
-	remainingLength := passwordLength - minSpecialChar - minNum - minUpperCase
-	for i := 0; i < remainingLength; i++ {
-		random := rand.Intn(len(allCharSet))
-		password.WriteString(string(allCharSet[random]))
-	}
-	inRune := []rune(password.String())
-	rand.Shuffle(len(inRune), func(i, j int) {
-		inRune[i], inRune[j] = inRune[j], inRune[i]
-	})
-	return string(inRune)
-}

management/server/management_proto_test.go

@@ -403,12 +403,12 @@ func startManagement(t *testing.T, port int, config *Config) (*grpc.Server, erro
 		return nil, err
 	}
 	peersUpdateManager := NewPeersUpdateManager()
-	accountManager, err := BuildManager(store, peersUpdateManager, nil, "")
+	accountManager, err := BuildManager(store, peersUpdateManager, nil)
 	if err != nil {
 		return nil, err
 	}
 	turnManager := NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig)
-	mgmtServer, err := NewServer(config, accountManager, peersUpdateManager, turnManager, nil)
+	mgmtServer, err := NewServer(config, accountManager, peersUpdateManager, turnManager)
 	if err != nil {
 		return nil, err
 	}

management/server/management_test.go

@@ -2,6 +2,7 @@ package server_test
 
 import (
 	"context"
+	"io/ioutil"
 	"math/rand"
 	"net"
 	"os"
@@ -44,7 +45,7 @@ var _ = Describe("Management service", func() {
 		level, _ := log.ParseLevel("Debug")
 		log.SetLevel(level)
 		var err error
-		dataDir, err = os.MkdirTemp("", "wiretrustee_mgmt_test_tmp_*")
+		dataDir, err = ioutil.TempDir("", "wiretrustee_mgmt_test_tmp_*")
 		Expect(err).NotTo(HaveOccurred())
 
 		err = util.CopyFileContents("testdata/store.json", filepath.Join(dataDir, "store.json"))
@@ -493,12 +494,12 @@ func startServer(config *server.Config) (*grpc.Server, net.Listener) {
 		log.Fatalf("failed creating a store: %s: %v", config.Datadir, err)
 	}
 	peersUpdateManager := server.NewPeersUpdateManager()
-	accountManager, err := server.BuildManager(store, peersUpdateManager, nil, "")
+	accountManager, err := server.BuildManager(store, peersUpdateManager, nil)
 	if err != nil {
 		log.Fatalf("failed creating a manager: %v", err)
 	}
 	turnManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig)
-	mgmtServer, err := server.NewServer(config, accountManager, peersUpdateManager, turnManager, nil)
+	mgmtServer, err := server.NewServer(config, accountManager, peersUpdateManager, turnManager)
 	Expect(err).NotTo(HaveOccurred())
 	mgmtProto.RegisterManagementServiceServer(s, mgmtServer)
 	go func() {

management/server/metrics/selfhosted.go

@@ -1,286 +0,0 @@
-// Package metrics gather anonymous information about the usage of NetBird management
-package metrics
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"github.com/netbirdio/netbird/client/system"
-	"github.com/netbirdio/netbird/management/server"
-	log "github.com/sirupsen/logrus"
-	"io"
-	"net/http"
-	"strings"
-	"time"
-)
-
-const (
-	// PayloadEvent identifies an event type
-	PayloadEvent = "self-hosted stats"
-	// payloadEndpoint metrics defaultEndpoint to send anonymous data
-	payloadEndpoint = "https://metrics.netbird.io"
-	// defaultPushInterval default interval to push metrics
-	defaultPushInterval = 24 * time.Hour
-	// requestTimeout http request timeout
-	requestTimeout = 30 * time.Second
-)
-
-type getTokenResponse struct {
-	PublicAPIToken string `json:"public_api_token"`
-}
-
-type pushPayload struct {
-	APIKey     string     `json:"api_key"`
-	DistinctID string     `json:"distinct_id"`
-	Event      string     `json:"event"`
-	Properties properties `json:"properties"`
-	Timestamp  time.Time  `json:"timestamp"`
-}
-
-// properties metrics to push
-type properties map[string]interface{}
-
-// DataSource metric data source
-type DataSource interface {
-	GetAllAccounts() []*server.Account
-}
-
-// ConnManager peer connection manager that holds state for current active connections
-type ConnManager interface {
-	GetAllConnectedPeers() map[string]struct{}
-}
-
-// Worker metrics collector and pusher
-type Worker struct {
-	ctx         context.Context
-	id          string
-	dataSource  DataSource
-	connManager ConnManager
-	startupTime time.Time
-	lastRun     time.Time
-}
-
-// NewWorker returns a metrics worker
-func NewWorker(ctx context.Context, id string, dataSource DataSource, connManager ConnManager) *Worker {
-	currentTime := time.Now()
-	return &Worker{
-		ctx:         ctx,
-		id:          id,
-		dataSource:  dataSource,
-		connManager: connManager,
-		startupTime: currentTime,
-		lastRun:     currentTime,
-	}
-}
-
-// Run runs the metrics worker
-func (w *Worker) Run() {
-	pushTicker := time.NewTicker(defaultPushInterval)
-	for {
-		select {
-		case <-w.ctx.Done():
-			return
-		case <-pushTicker.C:
-			err := w.sendMetrics()
-			if err != nil {
-				log.Error(err)
-			}
-		}
-	}
-}
-
-func (w *Worker) sendMetrics() error {
-	ctx, cancel := context.WithTimeout(w.ctx, requestTimeout)
-	defer cancel()
-
-	apiKey, err := getAPIKey(ctx)
-	if err != nil {
-		return err
-	}
-
-	payload := w.generatePayload(apiKey)
-
-	payloadString, err := buildMetricsPayload(payload)
-	if err != nil {
-		return err
-	}
-
-	httpClient := http.Client{}
-
-	exportJobReq, err := createPostRequest(ctx, payloadEndpoint+"/capture/", payloadString)
-	if err != nil {
-		return fmt.Errorf("unable to create metrics post request %v", err)
-	}
-
-	jobResp, err := httpClient.Do(exportJobReq)
-	if err != nil {
-		return fmt.Errorf("unable to push metrics %v", err)
-	}
-
-	defer func() {
-		err = jobResp.Body.Close()
-		if err != nil {
-			log.Errorf("error while closing update metrics response body: %v", err)
-		}
-	}()
-
-	if jobResp.StatusCode != 200 {
-		return fmt.Errorf("unable to push anonymous metrics, got statusCode %d", jobResp.StatusCode)
-	}
-
-	log.Infof("sent anonymous metrics, next push will happen in %s. "+
-		"You can disable these metrics by running with flag --disable-anonymous-metrics,"+
-		" see more information at https://netbird.io/docs/FAQ/metrics-collection", defaultPushInterval)
-
-	return nil
-}
-
-func (w *Worker) generatePayload(apiKey string) pushPayload {
-	properties := w.generateProperties()
-
-	return pushPayload{
-		APIKey:     apiKey,
-		DistinctID: w.id,
-		Event:      PayloadEvent,
-		Properties: properties,
-		Timestamp:  time.Now(),
-	}
-}
-
-func (w *Worker) generateProperties() properties {
-	var (
-		uptime             float64
-		accounts           int
-		users              int
-		peers              int
-		setupKeysUsage     int
-		activePeersLastDay int
-		osPeers            map[string]int
-		userPeers          int
-		rules              int
-		groups             int
-		routes             int
-		nameservers        int
-		version            string
-	)
-	start := time.Now()
-	metricsProperties := make(properties)
-	osPeers = make(map[string]int)
-	uptime = time.Since(w.startupTime).Seconds()
-	connections := w.connManager.GetAllConnectedPeers()
-	version = system.NetbirdVersion()
-
-	for _, account := range w.dataSource.GetAllAccounts() {
-		accounts++
-		users = users + len(account.Users)
-		rules = rules + len(account.Rules)
-		groups = groups + len(account.Groups)
-		routes = routes + len(account.Routes)
-		nameservers = nameservers + len(account.NameServerGroups)
-
-		for _, key := range account.SetupKeys {
-			setupKeysUsage = setupKeysUsage + key.UsedTimes
-		}
-
-		for _, peer := range account.Peers {
-			peers++
-			if peer.SetupKey != "" {
-				userPeers++
-			}
-
-			osKey := strings.ToLower(fmt.Sprintf("peer_os_%s", peer.Meta.GoOS))
-			osCount := osPeers[osKey]
-			osPeers[osKey] = osCount + 1
-
-			_, connected := connections[peer.Key]
-			if connected || peer.Status.LastSeen.After(w.lastRun) {
-				activePeersLastDay++
-				osActiveKey := osKey + "_active"
-				osActiveCount := osPeers[osActiveKey]
-				osPeers[osActiveKey] = osActiveCount + 1
-			}
-		}
-	}
-
-	metricsProperties["uptime"] = uptime
-	metricsProperties["accounts"] = accounts
-	metricsProperties["users"] = users
-	metricsProperties["peers"] = peers
-	metricsProperties["setup_keys_usage"] = setupKeysUsage
-	metricsProperties["active_peers_last_day"] = activePeersLastDay
-	metricsProperties["user_peers"] = userPeers
-	metricsProperties["rules"] = rules
-	metricsProperties["groups"] = groups
-	metricsProperties["routes"] = routes
-	metricsProperties["nameservers"] = nameservers
-	metricsProperties["version"] = version
-
-	for os, count := range osPeers {
-		metricsProperties[os] = count
-	}
-
-	metricsProperties["metric_generation_time"] = time.Since(start).Milliseconds()
-
-	return metricsProperties
-}
-
-func getAPIKey(ctx context.Context) (string, error) {
-
-	httpClient := http.Client{}
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, payloadEndpoint+"/GetToken", nil)
-	if err != nil {
-		return "", fmt.Errorf("unable to create request for metrics public api token %v", err)
-	}
-	response, err := httpClient.Do(req)
-	if err != nil {
-		return "", fmt.Errorf("unable to request metrics public api token %v", err)
-	}
-
-	defer func() {
-		err = response.Body.Close()
-		if err != nil {
-			log.Errorf("error while closing metrics token response body: %v", err)
-		}
-	}()
-
-	if response.StatusCode != 200 {
-		return "", fmt.Errorf("unable to retrieve metrics token, statusCode %d", response.StatusCode)
-	}
-
-	body, err := io.ReadAll(response.Body)
-	if err != nil {
-		return "", fmt.Errorf("coudln't get metrics token response; %v", err)
-	}
-
-	var tokenResponse getTokenResponse
-
-	err = json.Unmarshal(body, &tokenResponse)
-	if err != nil {
-		return "", fmt.Errorf("coudln't parse metrics public api token; %v", err)
-	}
-
-	return tokenResponse.PublicAPIToken, nil
-}
-
-func buildMetricsPayload(payload pushPayload) (string, error) {
-	str, err := json.Marshal(payload)
-	if err != nil {
-		return "", fmt.Errorf("unable to marshal metrics payload, got err: %v", err)
-	}
-	return string(str), nil
-}
-
-func createPostRequest(ctx context.Context, endpoint string, payloadStr string) (*http.Request, error) {
-	reqURL := endpoint
-
-	payload := strings.NewReader(payloadStr)
-
-	req, err := http.NewRequestWithContext(ctx, "POST", reqURL, payload)
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Add("content-type", "application/json")
-
-	return req, nil
-}

management/server/mock_server/account_mock.go

@@ -1,7 +1,6 @@
 package mock_server
 
 import (
-	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/route"
@@ -11,56 +10,48 @@ import (
 )
 
 type MockAccountManager struct {
-	GetOrCreateAccountByUserFunc    func(userId, domain string) (*server.Account, error)
-	GetAccountByUserFunc            func(userId string) (*server.Account, error)
-	CreateSetupKeyFunc              func(accountId string, keyName string, keyType server.SetupKeyType, expiresIn time.Duration, autoGroups []string) (*server.SetupKey, error)
-	GetSetupKeyFunc                 func(accountID string, keyID string) (*server.SetupKey, error)
-	GetAccountByIdFunc              func(accountId string) (*server.Account, error)
-	GetAccountByUserOrAccountIdFunc func(userId, accountId, domain string) (*server.Account, error)
-	IsUserAdminFunc                 func(claims jwtclaims.AuthorizationClaims) (bool, error)
-	AccountExistsFunc               func(accountId string) (*bool, error)
-	GetPeerFunc                     func(peerKey string) (*server.Peer, error)
-	MarkPeerConnectedFunc           func(peerKey string, connected bool) error
-	RenamePeerFunc                  func(accountId string, peerKey string, newName string) (*server.Peer, error)
-	DeletePeerFunc                  func(accountId string, peerKey string) (*server.Peer, error)
-	GetPeerByIPFunc                 func(accountId string, peerIP string) (*server.Peer, error)
-	GetNetworkMapFunc               func(peerKey string) (*server.NetworkMap, error)
-	GetPeerNetworkFunc              func(peerKey string) (*server.Network, error)
-	AddPeerFunc                     func(setupKey string, userId string, peer *server.Peer) (*server.Peer, error)
-	GetGroupFunc                    func(accountID, groupID string) (*server.Group, error)
-	SaveGroupFunc                   func(accountID string, group *server.Group) error
-	UpdateGroupFunc                 func(accountID string, groupID string, operations []server.GroupUpdateOperation) (*server.Group, error)
-	DeleteGroupFunc                 func(accountID, groupID string) error
-	ListGroupsFunc                  func(accountID string) ([]*server.Group, error)
-	GroupAddPeerFunc                func(accountID, groupID, peerKey string) error
-	GroupDeletePeerFunc             func(accountID, groupID, peerKey string) error
-	GroupListPeersFunc              func(accountID, groupID string) ([]*server.Peer, error)
-	GetRuleFunc                     func(accountID, ruleID string) (*server.Rule, error)
-	SaveRuleFunc                    func(accountID string, rule *server.Rule) error
-	UpdateRuleFunc                  func(accountID string, ruleID string, operations []server.RuleUpdateOperation) (*server.Rule, error)
-	DeleteRuleFunc                  func(accountID, ruleID string) error
-	ListRulesFunc                   func(accountID string) ([]*server.Rule, error)
-	GetUsersFromAccountFunc         func(accountID string) ([]*server.UserInfo, error)
-	UpdatePeerMetaFunc              func(peerKey string, meta server.PeerSystemMeta) error
-	UpdatePeerSSHKeyFunc            func(peerKey string, sshKey string) error
-	UpdatePeerFunc                  func(accountID string, peer *server.Peer) (*server.Peer, error)
-	CreateRouteFunc                 func(accountID string, prefix, peer, description, netID string, masquerade bool, metric int, enabled bool) (*route.Route, error)
-	GetRouteFunc                    func(accountID, routeID string) (*route.Route, error)
-	SaveRouteFunc                   func(accountID string, route *route.Route) error
-	UpdateRouteFunc                 func(accountID string, routeID string, operations []server.RouteUpdateOperation) (*route.Route, error)
-	DeleteRouteFunc                 func(accountID, routeID string) error
-	ListRoutesFunc                  func(accountID string) ([]*route.Route, error)
-	SaveSetupKeyFunc                func(accountID string, key *server.SetupKey) (*server.SetupKey, error)
-	ListSetupKeysFunc               func(accountID string) ([]*server.SetupKey, error)
-	SaveUserFunc                    func(accountID string, user *server.User) (*server.UserInfo, error)
-	GetNameServerGroupFunc          func(accountID, nsGroupID string) (*nbdns.NameServerGroup, error)
-	CreateNameServerGroupFunc       func(accountID string, name, description string, nameServerList []nbdns.NameServer, groups []string, enabled bool) (*nbdns.NameServerGroup, error)
-	SaveNameServerGroupFunc         func(accountID string, nsGroupToSave *nbdns.NameServerGroup) error
-	UpdateNameServerGroupFunc       func(accountID, nsGroupID string, operations []server.NameServerGroupUpdateOperation) (*nbdns.NameServerGroup, error)
-	DeleteNameServerGroupFunc       func(accountID, nsGroupID string) error
-	ListNameServerGroupsFunc        func(accountID string) ([]*nbdns.NameServerGroup, error)
-	CreateUserFunc                  func(accountID string, key *server.UserInfo) (*server.UserInfo, error)
-	GetAccountFromTokenFunc         func(claims jwtclaims.AuthorizationClaims) (*server.Account, error)
+	GetOrCreateAccountByUserFunc          func(userId, domain string) (*server.Account, error)
+	GetAccountByUserFunc                  func(userId string) (*server.Account, error)
+	CreateSetupKeyFunc                    func(accountId string, keyName string, keyType server.SetupKeyType, expiresIn time.Duration, autoGroups []string) (*server.SetupKey, error)
+	GetSetupKeyFunc                       func(accountID string, keyID string) (*server.SetupKey, error)
+	GetAccountByIdFunc                    func(accountId string) (*server.Account, error)
+	GetAccountByUserOrAccountIdFunc       func(userId, accountId, domain string) (*server.Account, error)
+	GetAccountWithAuthorizationClaimsFunc func(claims jwtclaims.AuthorizationClaims) (*server.Account, error)
+	IsUserAdminFunc                       func(claims jwtclaims.AuthorizationClaims) (bool, error)
+	AccountExistsFunc                     func(accountId string) (*bool, error)
+	GetPeerFunc                           func(peerKey string) (*server.Peer, error)
+	MarkPeerConnectedFunc                 func(peerKey string, connected bool) error
+	RenamePeerFunc                        func(accountId string, peerKey string, newName string) (*server.Peer, error)
+	DeletePeerFunc                        func(accountId string, peerKey string) (*server.Peer, error)
+	GetPeerByIPFunc                       func(accountId string, peerIP string) (*server.Peer, error)
+	GetNetworkMapFunc                     func(peerKey string) (*server.NetworkMap, error)
+	GetPeerNetworkFunc                    func(peerKey string) (*server.Network, error)
+	AddPeerFunc                           func(setupKey string, userId string, peer *server.Peer) (*server.Peer, error)
+	GetGroupFunc                          func(accountID, groupID string) (*server.Group, error)
+	SaveGroupFunc                         func(accountID string, group *server.Group) error
+	UpdateGroupFunc                       func(accountID string, groupID string, operations []server.GroupUpdateOperation) (*server.Group, error)
+	DeleteGroupFunc                       func(accountID, groupID string) error
+	ListGroupsFunc                        func(accountID string) ([]*server.Group, error)
+	GroupAddPeerFunc                      func(accountID, groupID, peerKey string) error
+	GroupDeletePeerFunc                   func(accountID, groupID, peerKey string) error
+	GroupListPeersFunc                    func(accountID, groupID string) ([]*server.Peer, error)
+	GetRuleFunc                           func(accountID, ruleID string) (*server.Rule, error)
+	SaveRuleFunc                          func(accountID string, rule *server.Rule) error
+	UpdateRuleFunc                        func(accountID string, ruleID string, operations []server.RuleUpdateOperation) (*server.Rule, error)
+	DeleteRuleFunc                        func(accountID, ruleID string) error
+	ListRulesFunc                         func(accountID string) ([]*server.Rule, error)
+	GetUsersFromAccountFunc               func(accountID string) ([]*server.UserInfo, error)
+	UpdatePeerMetaFunc                    func(peerKey string, meta server.PeerSystemMeta) error
+	UpdatePeerSSHKeyFunc                  func(peerKey string, sshKey string) error
+	UpdatePeerFunc                        func(accountID string, peer *server.Peer) (*server.Peer, error)
+	CreateRouteFunc                       func(accountID string, prefix, peer, description, netID string, masquerade bool, metric int, enabled bool) (*route.Route, error)
+	GetRouteFunc                          func(accountID, routeID string) (*route.Route, error)
+	SaveRouteFunc                         func(accountID string, route *route.Route) error
+	UpdateRouteFunc                       func(accountID string, routeID string, operations []server.RouteUpdateOperation) (*route.Route, error)
+	DeleteRouteFunc                       func(accountID, routeID string) error
+	ListRoutesFunc                        func(accountID string) ([]*route.Route, error)
+	SaveSetupKeyFunc                      func(accountID string, key *server.SetupKey) (*server.SetupKey, error)
+	ListSetupKeysFunc                     func(accountID string) ([]*server.SetupKey, error)
 }
 
 // GetUsersFromAccount mock implementation of GetUsersFromAccount from server.AccountManager interface
@@ -127,6 +118,19 @@ func (am *MockAccountManager) GetAccountByUserOrAccountId(
 	)
 }
 
+// GetAccountWithAuthorizationClaims mock implementation of GetAccountWithAuthorizationClaims from server.AccountManager interface
+func (am *MockAccountManager) GetAccountWithAuthorizationClaims(
+	claims jwtclaims.AuthorizationClaims,
+) (*server.Account, error) {
+	if am.GetAccountWithAuthorizationClaimsFunc != nil {
+		return am.GetAccountWithAuthorizationClaimsFunc(claims)
+	}
+	return nil, status.Errorf(
+		codes.Unimplemented,
+		"method GetAccountWithAuthorizationClaims is not implemented",
+	)
+}
+
 // AccountExists mock implementation of AccountExists from server.AccountManager interface
 func (am *MockAccountManager) AccountExists(accountId string) (*bool, error) {
 	if am.AccountExistsFunc != nil {
@@ -417,75 +421,3 @@ func (am *MockAccountManager) ListSetupKeys(accountID string) ([]*server.SetupKe
 
 	return nil, status.Errorf(codes.Unimplemented, "method ListSetupKeys is not implemented")
 }
-
-// SaveUser mocks SaveUser of the AccountManager interface
-func (am *MockAccountManager) SaveUser(accountID string, user *server.User) (*server.UserInfo, error) {
-	if am.SaveUserFunc != nil {
-		return am.SaveUserFunc(accountID, user)
-	}
-	return nil, status.Errorf(codes.Unimplemented, "method SaveUser is not implemented")
-}
-
-// GetNameServerGroup mocks GetNameServerGroup of the AccountManager interface
-func (am *MockAccountManager) GetNameServerGroup(accountID, nsGroupID string) (*nbdns.NameServerGroup, error) {
-	if am.GetNameServerGroupFunc != nil {
-		return am.GetNameServerGroupFunc(accountID, nsGroupID)
-	}
-	return nil, nil
-}
-
-// CreateNameServerGroup mocks CreateNameServerGroup of the AccountManager interface
-func (am *MockAccountManager) CreateNameServerGroup(accountID string, name, description string, nameServerList []nbdns.NameServer, groups []string, enabled bool) (*nbdns.NameServerGroup, error) {
-	if am.CreateNameServerGroupFunc != nil {
-		return am.CreateNameServerGroupFunc(accountID, name, description, nameServerList, groups, enabled)
-	}
-	return nil, nil
-}
-
-// SaveNameServerGroup mocks SaveNameServerGroup of the AccountManager interface
-func (am *MockAccountManager) SaveNameServerGroup(accountID string, nsGroupToSave *nbdns.NameServerGroup) error {
-	if am.SaveNameServerGroupFunc != nil {
-		return am.SaveNameServerGroupFunc(accountID, nsGroupToSave)
-	}
-	return nil
-}
-
-// UpdateNameServerGroup mocks UpdateNameServerGroup of the AccountManager interface
-func (am *MockAccountManager) UpdateNameServerGroup(accountID, nsGroupID string, operations []server.NameServerGroupUpdateOperation) (*nbdns.NameServerGroup, error) {
-	if am.UpdateNameServerGroupFunc != nil {
-		return am.UpdateNameServerGroupFunc(accountID, nsGroupID, operations)
-	}
-	return nil, nil
-}
-
-// DeleteNameServerGroup mocks DeleteNameServerGroup of the AccountManager interface
-func (am *MockAccountManager) DeleteNameServerGroup(accountID, nsGroupID string) error {
-	if am.DeleteNameServerGroupFunc != nil {
-		return am.DeleteNameServerGroupFunc(accountID, nsGroupID)
-	}
-	return nil
-}
-
-// ListNameServerGroups mocks ListNameServerGroups of the AccountManager interface
-func (am *MockAccountManager) ListNameServerGroups(accountID string) ([]*nbdns.NameServerGroup, error) {
-	if am.ListNameServerGroupsFunc != nil {
-		return am.ListNameServerGroupsFunc(accountID)
-	}
-	return nil, nil
-}
-
-// CreateUser mocks CreateUser of the AccountManager interface
-func (am *MockAccountManager) CreateUser(accountID string, invite *server.UserInfo) (*server.UserInfo, error) {
-	if am.CreateUserFunc != nil {
-		return am.CreateUserFunc(accountID, invite)
-	}
-	return nil, status.Errorf(codes.Unimplemented, "method CreateUser is not implemented")
-}
-
-// GetAccountFromToken mocks GetAccountFromToken of the AccountManager interface
-func (am *MockAccountManager) GetAccountFromToken(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
-	if am.GetAccountFromTokenFunc != nil {
-		return am.GetAccountFromTokenFunc(claims)
-	}
-	return nil, status.Errorf(codes.Unimplemented, "method GetAccountFromToken is not implemented")
-}

management/server/nameserver.go

@@ -1,333 +0,0 @@
-package server
-
-import (
-	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/rs/xid"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"strconv"
-	"unicode/utf8"
-)
-
-const (
-	// UpdateNameServerGroupName indicates a nameserver group name update operation
-	UpdateNameServerGroupName NameServerGroupUpdateOperationType = iota
-	// UpdateNameServerGroupDescription indicates a nameserver group description update operation
-	UpdateNameServerGroupDescription
-	// UpdateNameServerGroupNameServers indicates a nameserver group nameservers list update operation
-	UpdateNameServerGroupNameServers
-	// UpdateNameServerGroupGroups indicates a nameserver group' groups update operation
-	UpdateNameServerGroupGroups
-	// UpdateNameServerGroupEnabled indicates a nameserver group status update operation
-	UpdateNameServerGroupEnabled
-)
-
-// NameServerGroupUpdateOperationType operation type
-type NameServerGroupUpdateOperationType int
-
-func (t NameServerGroupUpdateOperationType) String() string {
-	switch t {
-	case UpdateNameServerGroupDescription:
-		return "UpdateNameServerGroupDescription"
-	case UpdateNameServerGroupName:
-		return "UpdateNameServerGroupName"
-	case UpdateNameServerGroupNameServers:
-		return "UpdateNameServerGroupNameServers"
-	case UpdateNameServerGroupGroups:
-		return "UpdateNameServerGroupGroups"
-	case UpdateNameServerGroupEnabled:
-		return "UpdateNameServerGroupEnabled"
-	default:
-		return "InvalidOperation"
-	}
-}
-
-// NameServerGroupUpdateOperation operation object with type and values to be applied
-type NameServerGroupUpdateOperation struct {
-	Type   NameServerGroupUpdateOperationType
-	Values []string
-}
-
-// GetNameServerGroup gets a nameserver group object from account and nameserver group IDs
-func (am *DefaultAccountManager) GetNameServerGroup(accountID, nsGroupID string) (*nbdns.NameServerGroup, error) {
-	am.mux.Lock()
-	defer am.mux.Unlock()
-
-	account, err := am.Store.GetAccount(accountID)
-	if err != nil {
-		return nil, status.Errorf(codes.NotFound, "account not found")
-	}
-
-	nsGroup, found := account.NameServerGroups[nsGroupID]
-	if found {
-		return nsGroup.Copy(), nil
-	}
-
-	return nil, status.Errorf(codes.NotFound, "nameserver group with ID %s not found", nsGroupID)
-}
-
-// CreateNameServerGroup creates and saves a new nameserver group
-func (am *DefaultAccountManager) CreateNameServerGroup(accountID string, name, description string, nameServerList []nbdns.NameServer, groups []string, enabled bool) (*nbdns.NameServerGroup, error) {
-	am.mux.Lock()
-	defer am.mux.Unlock()
-
-	account, err := am.Store.GetAccount(accountID)
-	if err != nil {
-		return nil, status.Errorf(codes.NotFound, "account not found")
-	}
-
-	newNSGroup := &nbdns.NameServerGroup{
-		ID:          xid.New().String(),
-		Name:        name,
-		Description: description,
-		NameServers: nameServerList,
-		Groups:      groups,
-		Enabled:     enabled,
-	}
-
-	err = validateNameServerGroup(false, newNSGroup, account)
-	if err != nil {
-		return nil, err
-	}
-
-	if account.NameServerGroups == nil {
-		account.NameServerGroups = make(map[string]*nbdns.NameServerGroup)
-	}
-
-	account.NameServerGroups[newNSGroup.ID] = newNSGroup
-
-	account.Network.IncSerial()
-	err = am.Store.SaveAccount(account)
-	if err != nil {
-		return nil, err
-	}
-
-	return newNSGroup.Copy(), nil
-}
-
-// SaveNameServerGroup saves nameserver group
-func (am *DefaultAccountManager) SaveNameServerGroup(accountID string, nsGroupToSave *nbdns.NameServerGroup) error {
-	am.mux.Lock()
-	defer am.mux.Unlock()
-
-	if nsGroupToSave == nil {
-		return status.Errorf(codes.InvalidArgument, "nameserver group provided is nil")
-	}
-
-	account, err := am.Store.GetAccount(accountID)
-	if err != nil {
-		return status.Errorf(codes.NotFound, "account not found")
-	}
-
-	err = validateNameServerGroup(true, nsGroupToSave, account)
-	if err != nil {
-		return err
-	}
-
-	account.NameServerGroups[nsGroupToSave.ID] = nsGroupToSave
-
-	account.Network.IncSerial()
-	err = am.Store.SaveAccount(account)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// UpdateNameServerGroup updates existing nameserver group with set of operations
-func (am *DefaultAccountManager) UpdateNameServerGroup(accountID, nsGroupID string, operations []NameServerGroupUpdateOperation) (*nbdns.NameServerGroup, error) {
-	am.mux.Lock()
-	defer am.mux.Unlock()
-
-	account, err := am.Store.GetAccount(accountID)
-	if err != nil {
-		return nil, status.Errorf(codes.NotFound, "account not found")
-	}
-
-	if len(operations) == 0 {
-		return nil, status.Errorf(codes.InvalidArgument, "operations shouldn't be empty")
-	}
-
-	nsGroupToUpdate, ok := account.NameServerGroups[nsGroupID]
-	if !ok {
-		return nil, status.Errorf(codes.NotFound, "nameserver group ID %s no longer exists", nsGroupID)
-	}
-
-	newNSGroup := nsGroupToUpdate.Copy()
-
-	for _, operation := range operations {
-		valuesCount := len(operation.Values)
-		if valuesCount < 1 {
-			return nil, status.Errorf(codes.InvalidArgument, "operation %s contains invalid number of values, it should be at least 1", operation.Type.String())
-		}
-
-		for _, value := range operation.Values {
-			if value == "" {
-				return nil, status.Errorf(codes.InvalidArgument, "operation %s contains invalid empty string value", operation.Type.String())
-			}
-		}
-		switch operation.Type {
-		case UpdateNameServerGroupDescription:
-			newNSGroup.Description = operation.Values[0]
-		case UpdateNameServerGroupName:
-			if valuesCount > 1 {
-				return nil, status.Errorf(codes.InvalidArgument, "failed to parse name values, expected 1 value got %d", valuesCount)
-			}
-			err = validateNSGroupName(operation.Values[0], nsGroupID, account.NameServerGroups)
-			if err != nil {
-				return nil, err
-			}
-			newNSGroup.Name = operation.Values[0]
-		case UpdateNameServerGroupNameServers:
-			var nsList []nbdns.NameServer
-			for _, url := range operation.Values {
-				ns, err := nbdns.ParseNameServerURL(url)
-				if err != nil {
-					return nil, err
-				}
-				nsList = append(nsList, ns)
-			}
-			err = validateNSList(nsList)
-			if err != nil {
-				return nil, err
-			}
-			newNSGroup.NameServers = nsList
-		case UpdateNameServerGroupGroups:
-			err = validateGroups(operation.Values, account.Groups)
-			if err != nil {
-				return nil, err
-			}
-			newNSGroup.Groups = operation.Values
-		case UpdateNameServerGroupEnabled:
-			enabled, err := strconv.ParseBool(operation.Values[0])
-			if err != nil {
-				return nil, status.Errorf(codes.InvalidArgument, "failed to parse enabled %s, not boolean", operation.Values[0])
-			}
-			newNSGroup.Enabled = enabled
-		}
-	}
-
-	account.NameServerGroups[nsGroupID] = newNSGroup
-
-	account.Network.IncSerial()
-	err = am.Store.SaveAccount(account)
-	if err != nil {
-		return nil, err
-	}
-
-	return newNSGroup.Copy(), nil
-}
-
-// DeleteNameServerGroup deletes nameserver group with nsGroupID
-func (am *DefaultAccountManager) DeleteNameServerGroup(accountID, nsGroupID string) error {
-	am.mux.Lock()
-	defer am.mux.Unlock()
-
-	account, err := am.Store.GetAccount(accountID)
-	if err != nil {
-		return status.Errorf(codes.NotFound, "account not found")
-	}
-
-	delete(account.NameServerGroups, nsGroupID)
-
-	account.Network.IncSerial()
-	err = am.Store.SaveAccount(account)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// ListNameServerGroups returns a list of nameserver groups from account
-func (am *DefaultAccountManager) ListNameServerGroups(accountID string) ([]*nbdns.NameServerGroup, error) {
-	am.mux.Lock()
-	defer am.mux.Unlock()
-
-	account, err := am.Store.GetAccount(accountID)
-	if err != nil {
-		return nil, status.Errorf(codes.NotFound, "account not found")
-	}
-
-	nsGroups := make([]*nbdns.NameServerGroup, 0, len(account.NameServerGroups))
-	for _, item := range account.NameServerGroups {
-		nsGroups = append(nsGroups, item.Copy())
-	}
-
-	return nsGroups, nil
-}
-
-func validateNameServerGroup(existingGroup bool, nameserverGroup *nbdns.NameServerGroup, account *Account) error {
-	nsGroupID := ""
-	if existingGroup {
-		nsGroupID = nameserverGroup.ID
-		_, found := account.NameServerGroups[nsGroupID]
-		if !found {
-			return status.Errorf(codes.NotFound, "nameserver group with ID %s was not found", nsGroupID)
-		}
-	}
-
-	err := validateNSGroupName(nameserverGroup.Name, nsGroupID, account.NameServerGroups)
-	if err != nil {
-		return err
-	}
-
-	err = validateNSList(nameserverGroup.NameServers)
-	if err != nil {
-		return err
-	}
-
-	err = validateGroups(nameserverGroup.Groups, account.Groups)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func validateNSGroupName(name, nsGroupID string, nsGroupMap map[string]*nbdns.NameServerGroup) error {
-	if utf8.RuneCountInString(name) > nbdns.MaxGroupNameChar || name == "" {
-		return status.Errorf(codes.InvalidArgument, "nameserver group name should be between 1 and %d", nbdns.MaxGroupNameChar)
-	}
-
-	for _, nsGroup := range nsGroupMap {
-		if name == nsGroup.Name && nsGroup.ID != nsGroupID {
-			return status.Errorf(codes.InvalidArgument, "a nameserver group with name %s already exist", name)
-		}
-	}
-
-	return nil
-}
-
-func validateNSList(list []nbdns.NameServer) error {
-	nsListLenght := len(list)
-	if nsListLenght == 0 || nsListLenght > 2 {
-		return status.Errorf(codes.InvalidArgument, "the list of nameservers should be 1 or 2, got %d", len(list))
-	}
-	return nil
-}
-
-func validateGroups(list []string, groups map[string]*Group) error {
-	if len(list) == 0 {
-		return status.Errorf(codes.InvalidArgument, "the list of group IDs should not be empty")
-	}
-
-	for _, id := range list {
-		if id == "" {
-			return status.Errorf(codes.InvalidArgument, "group ID should not be empty string")
-		}
-		found := false
-		for groupID := range groups {
-			if id == groupID {
-				found = true
-				break
-			}
-		}
-		if !found {
-			return status.Errorf(codes.InvalidArgument, "group id %s not found", id)
-		}
-	}
-
-	return nil
-}

management/server/nameserver_test.go

@@ -1,965 +0,0 @@
-package server
-
-import (
-	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/stretchr/testify/require"
-	"net/netip"
-	"testing"
-)
-
-const (
-	group1ID            = "group1"
-	group2ID            = "group2"
-	existingNSGroupName = "existing"
-	existingNSGroupID   = "existingNSGroup"
-	nsGroupPeer1Key     = "BhRPtynAAYRDy08+q4HTMsos8fs4plTP4NOSh7C1ry8="
-	nsGroupPeer2Key     = "/yF0+vCfv+mRR5k0dca0TrGdO/oiNeAI58gToZm5NyI="
-)
-
-func TestCreateNameServerGroup(t *testing.T) {
-	type input struct {
-		name        string
-		description string
-		enabled     bool
-		groups      []string
-		nameServers []nbdns.NameServer
-	}
-
-	testCases := []struct {
-		name            string
-		inputArgs       input
-		shouldCreate    bool
-		errFunc         require.ErrorAssertionFunc
-		expectedNSGroup *nbdns.NameServerGroup
-	}{
-		{
-			name: "Create A NS Group",
-			inputArgs: input{
-				name:        "super",
-				description: "super",
-				groups:      []string{group1ID},
-				nameServers: []nbdns.NameServer{
-					{
-						IP:     netip.MustParseAddr("1.1.1.1"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("1.1.2.2"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-				},
-				enabled: true,
-			},
-			errFunc:      require.NoError,
-			shouldCreate: true,
-			expectedNSGroup: &nbdns.NameServerGroup{
-				Name:        "super",
-				Description: "super",
-				Groups:      []string{group1ID},
-				NameServers: []nbdns.NameServer{
-					{
-						IP:     netip.MustParseAddr("1.1.1.1"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("1.1.2.2"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-				},
-				Enabled: true,
-			},
-		},
-		{
-			name: "Should Not Create If Name Exist",
-			inputArgs: input{
-				name:        existingNSGroupName,
-				description: "super",
-				groups:      []string{group1ID},
-				nameServers: []nbdns.NameServer{
-					{
-						IP:     netip.MustParseAddr("1.1.1.1"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("1.1.2.2"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-				},
-				enabled: true,
-			},
-			errFunc:      require.Error,
-			shouldCreate: false,
-		},
-		{
-			name: "Should Not Create If Name Is Small",
-			inputArgs: input{
-				name:        "",
-				description: "super",
-				groups:      []string{group1ID},
-				nameServers: []nbdns.NameServer{
-					{
-						IP:     netip.MustParseAddr("1.1.1.1"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("1.1.2.2"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-				},
-				enabled: true,
-			},
-			errFunc:      require.Error,
-			shouldCreate: false,
-		},
-		{
-			name: "Should Not Create If Name Is Large",
-			inputArgs: input{
-				name:        "1234567890123456789012345678901234567890extra",
-				description: "super",
-				groups:      []string{group1ID},
-				nameServers: []nbdns.NameServer{
-					{
-						IP:     netip.MustParseAddr("1.1.1.1"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("1.1.2.2"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-				},
-				enabled: true,
-			},
-			errFunc:      require.Error,
-			shouldCreate: false,
-		},
-		{
-			name: "Create A NS Group With No Nameservers Should Fail",
-			inputArgs: input{
-				name:        "super",
-				description: "super",
-				groups:      []string{group1ID},
-				nameServers: []nbdns.NameServer{},
-				enabled:     true,
-			},
-			errFunc:      require.Error,
-			shouldCreate: false,
-		},
-		{
-			name: "Create A NS Group With More Than 2 Nameservers Should Fail",
-			inputArgs: input{
-				name:        "super",
-				description: "super",
-				groups:      []string{group1ID},
-				nameServers: []nbdns.NameServer{
-					{
-						IP:     netip.MustParseAddr("1.1.1.1"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("1.1.2.2"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("1.1.3.3"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-				},
-				enabled: true,
-			},
-			errFunc:      require.Error,
-			shouldCreate: false,
-		},
-		{
-			name: "Should Not Create If Groups Is Empty",
-			inputArgs: input{
-				name:        "super",
-				description: "super",
-				groups:      []string{},
-				nameServers: []nbdns.NameServer{
-					{
-						IP:     netip.MustParseAddr("1.1.1.1"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("1.1.2.2"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-				},
-				enabled: true,
-			},
-			errFunc:      require.Error,
-			shouldCreate: false,
-		},
-		{
-			name: "Should Not Create If Group Doesn't Exist",
-			inputArgs: input{
-				name:        "super",
-				description: "super",
-				groups:      []string{"missingGroup"},
-				nameServers: []nbdns.NameServer{
-					{
-						IP:     netip.MustParseAddr("1.1.1.1"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("1.1.2.2"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-				},
-				enabled: true,
-			},
-			errFunc:      require.Error,
-			shouldCreate: false,
-		},
-		{
-			name: "Should Not Create If Group ID Is Invalid",
-			inputArgs: input{
-				name:        "super",
-				description: "super",
-				groups:      []string{""},
-				nameServers: []nbdns.NameServer{
-					{
-						IP:     netip.MustParseAddr("1.1.1.1"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("1.1.2.2"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-				},
-				enabled: true,
-			},
-			errFunc:      require.Error,
-			shouldCreate: false,
-		},
-	}
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			am, err := createNSManager(t)
-			if err != nil {
-				t.Error("failed to create account manager")
-			}
-
-			account, err := initTestNSAccount(t, am)
-			if err != nil {
-				t.Error("failed to init testing account")
-			}
-
-			outNSGroup, err := am.CreateNameServerGroup(
-				account.Id,
-				testCase.inputArgs.name,
-				testCase.inputArgs.description,
-				testCase.inputArgs.nameServers,
-				testCase.inputArgs.groups,
-				testCase.inputArgs.enabled,
-			)
-
-			testCase.errFunc(t, err)
-
-			if !testCase.shouldCreate {
-				return
-			}
-
-			// assign generated ID
-			testCase.expectedNSGroup.ID = outNSGroup.ID
-
-			if !testCase.expectedNSGroup.IsEqual(outNSGroup) {
-				t.Errorf("new nameserver group didn't match expected ns group:\nGot %#v\nExpected:%#v\n", outNSGroup, testCase.expectedNSGroup)
-			}
-		})
-	}
-}
-
-func TestSaveNameServerGroup(t *testing.T) {
-
-	existingNSGroup := &nbdns.NameServerGroup{
-		ID:          "testingNSGroup",
-		Name:        "super",
-		Description: "super",
-		NameServers: []nbdns.NameServer{
-			{
-				IP:     netip.MustParseAddr("1.1.1.1"),
-				NSType: nbdns.UDPNameServerType,
-				Port:   nbdns.DefaultDNSPort,
-			},
-			{
-				IP:     netip.MustParseAddr("1.1.2.2"),
-				NSType: nbdns.UDPNameServerType,
-				Port:   nbdns.DefaultDNSPort,
-			},
-		},
-		Groups:  []string{group1ID},
-		Enabled: true,
-	}
-
-	validGroups := []string{group2ID}
-	invalidGroups := []string{"nonExisting"}
-	validNameServerList := []nbdns.NameServer{
-		{
-			IP:     netip.MustParseAddr("1.1.1.1"),
-			NSType: nbdns.UDPNameServerType,
-			Port:   nbdns.DefaultDNSPort,
-		},
-	}
-	invalidNameServerListLarge := []nbdns.NameServer{
-		{
-			IP:     netip.MustParseAddr("1.1.1.1"),
-			NSType: nbdns.UDPNameServerType,
-			Port:   nbdns.DefaultDNSPort,
-		},
-		{
-			IP:     netip.MustParseAddr("1.1.2.2"),
-			NSType: nbdns.UDPNameServerType,
-			Port:   nbdns.DefaultDNSPort,
-		},
-		{
-			IP:     netip.MustParseAddr("1.1.3.3"),
-			NSType: nbdns.UDPNameServerType,
-			Port:   nbdns.DefaultDNSPort,
-		},
-	}
-	invalidID := "doesntExist"
-	validName := "12345678901234567890qw"
-	invalidNameLarge := "12345678901234567890qwertyuiopqwertyuiop1"
-	invalidNameSmall := ""
-	invalidNameExisting := existingNSGroupName
-
-	testCases := []struct {
-		name            string
-		existingNSGroup *nbdns.NameServerGroup
-		newID           *string
-		newName         *string
-		newNSList       []nbdns.NameServer
-		newGroups       []string
-		skipCopying     bool
-		shouldCreate    bool
-		errFunc         require.ErrorAssertionFunc
-		expectedNSGroup *nbdns.NameServerGroup
-	}{
-		{
-			name:            "Should Update Name Server Group",
-			existingNSGroup: existingNSGroup,
-			newName:         &validName,
-			newGroups:       validGroups,
-			newNSList:       validNameServerList,
-			errFunc:         require.NoError,
-			shouldCreate:    true,
-			expectedNSGroup: &nbdns.NameServerGroup{
-				ID:          "testingNSGroup",
-				Name:        validName,
-				Description: "super",
-				NameServers: validNameServerList,
-				Groups:      validGroups,
-				Enabled:     true,
-			},
-		},
-		{
-			name:            "Should Not Update If Name Is Small",
-			existingNSGroup: existingNSGroup,
-			newName:         &invalidNameSmall,
-			errFunc:         require.Error,
-			shouldCreate:    false,
-		},
-		{
-			name:            "Should Not Update If Name Is Large",
-			existingNSGroup: existingNSGroup,
-			newName:         &invalidNameLarge,
-			errFunc:         require.Error,
-			shouldCreate:    false,
-		},
-		{
-			name:            "Should Not Update If Name Exists",
-			existingNSGroup: existingNSGroup,
-			newName:         &invalidNameExisting,
-			errFunc:         require.Error,
-			shouldCreate:    false,
-		},
-		{
-			name:            "Should Not Update If ID Don't Exist",
-			existingNSGroup: existingNSGroup,
-			newID:           &invalidID,
-			errFunc:         require.Error,
-			shouldCreate:    false,
-		},
-		{
-			name:            "Should Not Update If Nameserver List Is Small",
-			existingNSGroup: existingNSGroup,
-			newNSList:       []nbdns.NameServer{},
-			errFunc:         require.Error,
-			shouldCreate:    false,
-		},
-		{
-			name:            "Should Not Update If Nameserver List Is Large",
-			existingNSGroup: existingNSGroup,
-			newNSList:       invalidNameServerListLarge,
-			errFunc:         require.Error,
-			shouldCreate:    false,
-		},
-		{
-			name:            "Should Not Update If Groups List Is Empty",
-			existingNSGroup: existingNSGroup,
-			newGroups:       []string{},
-			errFunc:         require.Error,
-			shouldCreate:    false,
-		},
-		{
-			name:            "Should Not Update If Groups List Has Empty ID",
-			existingNSGroup: existingNSGroup,
-			newGroups:       []string{""},
-			errFunc:         require.Error,
-			shouldCreate:    false,
-		},
-		{
-			name:            "Should Not Update If Groups List Has Non Existing Group ID",
-			existingNSGroup: existingNSGroup,
-			newGroups:       invalidGroups,
-			errFunc:         require.Error,
-			shouldCreate:    false,
-		},
-	}
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			am, err := createNSManager(t)
-			if err != nil {
-				t.Error("failed to create account manager")
-			}
-
-			account, err := initTestNSAccount(t, am)
-			if err != nil {
-				t.Error("failed to init testing account")
-			}
-
-			account.NameServerGroups[testCase.existingNSGroup.ID] = testCase.existingNSGroup
-
-			err = am.Store.SaveAccount(account)
-			if err != nil {
-				t.Error("account should be saved")
-			}
-
-			var nsGroupToSave *nbdns.NameServerGroup
-
-			if !testCase.skipCopying {
-				nsGroupToSave = testCase.existingNSGroup.Copy()
-
-				if testCase.newID != nil {
-					nsGroupToSave.ID = *testCase.newID
-				}
-
-				if testCase.newName != nil {
-					nsGroupToSave.Name = *testCase.newName
-				}
-
-				if testCase.newGroups != nil {
-					nsGroupToSave.Groups = testCase.newGroups
-				}
-
-				if testCase.newNSList != nil {
-					nsGroupToSave.NameServers = testCase.newNSList
-				}
-			}
-
-			err = am.SaveNameServerGroup(account.Id, nsGroupToSave)
-
-			testCase.errFunc(t, err)
-
-			if !testCase.shouldCreate {
-				return
-			}
-
-			savedNSGroup, saved := account.NameServerGroups[testCase.expectedNSGroup.ID]
-			require.True(t, saved)
-
-			if !testCase.expectedNSGroup.IsEqual(savedNSGroup) {
-				t.Errorf("new nameserver group didn't match expected group:\nGot %#v\nExpected:%#v\n", savedNSGroup, testCase.expectedNSGroup)
-			}
-
-		})
-	}
-}
-
-func TestUpdateNameServerGroup(t *testing.T) {
-	nsGroupID := "testingNSGroup"
-
-	existingNSGroup := &nbdns.NameServerGroup{
-		ID:          nsGroupID,
-		Name:        "super",
-		Description: "super",
-		NameServers: []nbdns.NameServer{
-			{
-				IP:     netip.MustParseAddr("1.1.1.1"),
-				NSType: nbdns.UDPNameServerType,
-				Port:   nbdns.DefaultDNSPort,
-			},
-			{
-				IP:     netip.MustParseAddr("1.1.2.2"),
-				NSType: nbdns.UDPNameServerType,
-				Port:   nbdns.DefaultDNSPort,
-			},
-		},
-		Groups:  []string{group1ID},
-		Enabled: true,
-	}
-
-	testCases := []struct {
-		name            string
-		existingNSGroup *nbdns.NameServerGroup
-		nsGroupID       string
-		operations      []NameServerGroupUpdateOperation
-		shouldCreate    bool
-		errFunc         require.ErrorAssertionFunc
-		expectedNSGroup *nbdns.NameServerGroup
-	}{
-		{
-			name:            "Should Update Single Property",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupName,
-					Values: []string{"superNew"},
-				},
-			},
-			errFunc:      require.NoError,
-			shouldCreate: true,
-			expectedNSGroup: &nbdns.NameServerGroup{
-				ID:          nsGroupID,
-				Name:        "superNew",
-				Description: "super",
-				NameServers: []nbdns.NameServer{
-					{
-						IP:     netip.MustParseAddr("1.1.1.1"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("1.1.2.2"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-				},
-				Groups:  []string{group1ID},
-				Enabled: true,
-			},
-		},
-		{
-			name:            "Should Update Multiple Properties",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupName,
-					Values: []string{"superNew"},
-				},
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupDescription,
-					Values: []string{"superDescription"},
-				},
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupNameServers,
-					Values: []string{"udp://127.0.0.1:53", "udp://8.8.8.8:53"},
-				},
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupGroups,
-					Values: []string{group1ID, group2ID},
-				},
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupEnabled,
-					Values: []string{"false"},
-				},
-			},
-			errFunc:      require.NoError,
-			shouldCreate: true,
-			expectedNSGroup: &nbdns.NameServerGroup{
-				ID:          nsGroupID,
-				Name:        "superNew",
-				Description: "superDescription",
-				NameServers: []nbdns.NameServer{
-					{
-						IP:     netip.MustParseAddr("127.0.0.1"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-					{
-						IP:     netip.MustParseAddr("8.8.8.8"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   nbdns.DefaultDNSPort,
-					},
-				},
-				Groups:  []string{group1ID, group2ID},
-				Enabled: false,
-			},
-		},
-		{
-			name:            "Should Not Update On Invalid ID",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       "nonExistingNSGroup",
-			errFunc:         require.Error,
-		},
-		{
-			name:            "Should Not Update On Empty Operations",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations:      []NameServerGroupUpdateOperation{},
-			errFunc:         require.Error,
-		},
-		{
-			name:            "Should Not Update On Empty Values",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type: UpdateNameServerGroupName,
-				},
-			},
-			errFunc: require.Error,
-		},
-		{
-			name:            "Should Not Update On Empty String",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupName,
-					Values: []string{""},
-				},
-			},
-			errFunc: require.Error,
-		},
-		{
-			name:            "Should Not Update On Invalid Name Large String",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupName,
-					Values: []string{"12345678901234567890qwertyuiopqwertyuiop1"},
-				},
-			},
-			errFunc: require.Error,
-		},
-		{
-			name:            "Should Not Update On Invalid On Existing Name",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupName,
-					Values: []string{existingNSGroupName},
-				},
-			},
-			errFunc: require.Error,
-		},
-		{
-			name:            "Should Not Update On Invalid On Multiple Name Values",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupName,
-					Values: []string{"nameOne", "nameTwo"},
-				},
-			},
-			errFunc: require.Error,
-		},
-		{
-			name:            "Should Not Update On Invalid Boolean",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupEnabled,
-					Values: []string{"yes"},
-				},
-			},
-			errFunc: require.Error,
-		},
-		{
-			name:            "Should Not Update On Invalid Nameservers Wrong Schema",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupNameServers,
-					Values: []string{"https://127.0.0.1:53"},
-				},
-			},
-			errFunc: require.Error,
-		},
-		{
-			name:            "Should Not Update On Invalid Nameservers Wrong IP",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupNameServers,
-					Values: []string{"udp://8.8.8.300:53"},
-				},
-			},
-			errFunc: require.Error,
-		},
-		{
-			name:            "Should Not Update On Large Number Of Nameservers",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupNameServers,
-					Values: []string{"udp://127.0.0.1:53", "udp://8.8.8.8:53", "udp://8.8.4.4:53"},
-				},
-			},
-			errFunc: require.Error,
-		},
-		{
-			name:            "Should Not Update On Invalid GroupID",
-			existingNSGroup: existingNSGroup,
-			nsGroupID:       existingNSGroup.ID,
-			operations: []NameServerGroupUpdateOperation{
-				NameServerGroupUpdateOperation{
-					Type:   UpdateNameServerGroupGroups,
-					Values: []string{"nonExistingGroupID"},
-				},
-			},
-			errFunc: require.Error,
-		},
-	}
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			am, err := createNSManager(t)
-			if err != nil {
-				t.Error("failed to create account manager")
-			}
-
-			account, err := initTestNSAccount(t, am)
-			if err != nil {
-				t.Error("failed to init testing account")
-			}
-
-			account.NameServerGroups[testCase.existingNSGroup.ID] = testCase.existingNSGroup
-
-			err = am.Store.SaveAccount(account)
-			if err != nil {
-				t.Error("account should be saved")
-			}
-
-			updatedRoute, err := am.UpdateNameServerGroup(account.Id, testCase.nsGroupID, testCase.operations)
-			testCase.errFunc(t, err)
-
-			if !testCase.shouldCreate {
-				return
-			}
-
-			testCase.expectedNSGroup.ID = updatedRoute.ID
-
-			if !testCase.expectedNSGroup.IsEqual(updatedRoute) {
-				t.Errorf("new nameserver group didn't match expected group:\nGot %#v\nExpected:%#v\n", updatedRoute, testCase.expectedNSGroup)
-			}
-
-		})
-	}
-}
-
-func TestDeleteNameServerGroup(t *testing.T) {
-	nsGroupID := "testingNSGroup"
-
-	testingNSGroup := &nbdns.NameServerGroup{
-		ID:          nsGroupID,
-		Name:        "super",
-		Description: "super",
-		NameServers: []nbdns.NameServer{
-			{
-				IP:     netip.MustParseAddr("1.1.1.1"),
-				NSType: nbdns.UDPNameServerType,
-				Port:   nbdns.DefaultDNSPort,
-			},
-			{
-				IP:     netip.MustParseAddr("1.1.2.2"),
-				NSType: nbdns.UDPNameServerType,
-				Port:   nbdns.DefaultDNSPort,
-			},
-		},
-		Groups:  []string{group1ID},
-		Enabled: true,
-	}
-
-	am, err := createNSManager(t)
-	if err != nil {
-		t.Error("failed to create account manager")
-	}
-
-	account, err := initTestNSAccount(t, am)
-	if err != nil {
-		t.Error("failed to init testing account")
-	}
-
-	account.NameServerGroups[testingNSGroup.ID] = testingNSGroup
-
-	err = am.Store.SaveAccount(account)
-	if err != nil {
-		t.Error("failed to save account")
-	}
-
-	err = am.DeleteNameServerGroup(account.Id, testingNSGroup.ID)
-	if err != nil {
-		t.Error("deleting nameserver group failed with error: ", err)
-	}
-
-	savedAccount, err := am.Store.GetAccount(account.Id)
-	if err != nil {
-		t.Error("failed to retrieve saved account with error: ", err)
-	}
-
-	_, found := savedAccount.NameServerGroups[testingNSGroup.ID]
-	if found {
-		t.Error("nameserver group shouldn't be found after delete")
-	}
-}
-
-func TestGetNameServerGroup(t *testing.T) {
-
-	am, err := createNSManager(t)
-	if err != nil {
-		t.Error("failed to create account manager")
-	}
-
-	account, err := initTestNSAccount(t, am)
-	if err != nil {
-		t.Error("failed to init testing account")
-	}
-
-	foundGroup, err := am.GetNameServerGroup(account.Id, existingNSGroupID)
-	if err != nil {
-		t.Error("getting existing nameserver group failed with error: ", err)
-	}
-
-	if foundGroup == nil {
-		t.Error("got a nil group while getting nameserver group with ID")
-	}
-
-	_, err = am.GetNameServerGroup(account.Id, "not existing")
-	if err == nil {
-		t.Error("getting not existing nameserver group should return error, got nil")
-	}
-}
-
-func createNSManager(t *testing.T) (*DefaultAccountManager, error) {
-	store, err := createNSStore(t)
-	if err != nil {
-		return nil, err
-	}
-	return BuildManager(store, NewPeersUpdateManager(), nil, "")
-}
-
-func createNSStore(t *testing.T) (Store, error) {
-	dataDir := t.TempDir()
-	store, err := NewStore(dataDir)
-	if err != nil {
-		return nil, err
-	}
-
-	return store, nil
-}
-
-func initTestNSAccount(t *testing.T, am *DefaultAccountManager) (*Account, error) {
-	peer1 := &Peer{
-		Key:  nsGroupPeer1Key,
-		Name: "test-host1@netbird.io",
-		Meta: PeerSystemMeta{
-			Hostname:  "test-host1@netbird.io",
-			GoOS:      "linux",
-			Kernel:    "Linux",
-			Core:      "21.04",
-			Platform:  "x86_64",
-			OS:        "Ubuntu",
-			WtVersion: "development",
-			UIVersion: "development",
-		},
-	}
-	peer2 := &Peer{
-		Key:  nsGroupPeer2Key,
-		Name: "test-host2@netbird.io",
-		Meta: PeerSystemMeta{
-			Hostname:  "test-host2@netbird.io",
-			GoOS:      "linux",
-			Kernel:    "Linux",
-			Core:      "21.04",
-			Platform:  "x86_64",
-			OS:        "Ubuntu",
-			WtVersion: "development",
-			UIVersion: "development",
-		},
-	}
-	existingNSGroup := nbdns.NameServerGroup{
-		ID:          existingNSGroupID,
-		Name:        existingNSGroupName,
-		Description: "",
-		NameServers: []nbdns.NameServer{
-			{
-				IP:     netip.MustParseAddr("8.8.8.8"),
-				NSType: nbdns.UDPNameServerType,
-				Port:   nbdns.DefaultDNSPort,
-			},
-			{
-				IP:     netip.MustParseAddr("8.8.4.4"),
-				NSType: nbdns.UDPNameServerType,
-				Port:   nbdns.DefaultDNSPort,
-			},
-		},
-		Groups:  []string{group1ID},
-		Enabled: true,
-	}
-
-	accountID := "testingAcc"
-	userID := "testingUser"
-	domain := "example.com"
-
-	account := newAccountWithId(accountID, userID, domain)
-
-	account.NameServerGroups[existingNSGroup.ID] = &existingNSGroup
-
-	defaultGroup, err := account.GetGroupAll()
-	if err != nil {
-		return nil, err
-	}
-	newGroup1 := defaultGroup.Copy()
-	newGroup1.ID = group1ID
-	newGroup2 := defaultGroup.Copy()
-	newGroup2.ID = group2ID
-
-	account.Groups[newGroup1.ID] = newGroup1
-	account.Groups[newGroup2.ID] = newGroup2
-
-	err = am.Store.SaveAccount(account)
-	if err != nil {
-		return nil, err
-	}
-
-	_, err = am.AddPeer("", userID, peer1)
-	if err != nil {
-		return nil, err
-	}
-	_, err = am.AddPeer("", userID, peer2)
-	if err != nil {
-		return nil, err
-	}
-
-	return account, nil
-}

management/server/peer.go

@@ -294,8 +294,6 @@ func (am *DefaultAccountManager) AddPeer(
 	var account *Account
 	var err error
 	var sk *SetupKey
-	// auto-assign groups that are coming with a SetupKey or a User
-	var groupsToAdd []string
 	if len(upperKey) != 0 {
 		account, err = am.Store.GetAccountBySetupKey(upperKey)
 		if err != nil {
@@ -323,20 +321,11 @@ func (am *DefaultAccountManager) AddPeer(
 			)
 		}
 
-		groupsToAdd = sk.AutoGroups
-
 	} else if len(userID) != 0 {
 		account, err = am.Store.GetUserAccount(userID)
 		if err != nil {
 			return nil, status.Errorf(codes.NotFound, "unable to register peer, unknown user with ID: %s", userID)
 		}
-		user, ok := account.Users[userID]
-		if !ok {
-			return nil, status.Errorf(codes.NotFound, "unable to register peer, unknown user with ID: %s", userID)
-		}
-
-		groupsToAdd = user.AutoGroups
-
 	} else {
 		// Empty setup key and jwt fail
 		return nil, status.Errorf(codes.InvalidArgument, "no setup key or user id provided")
@@ -372,14 +361,6 @@ func (am *DefaultAccountManager) AddPeer(
 	}
 	group.Peers = append(group.Peers, newPeer.Key)
 
-	if len(groupsToAdd) > 0 {
-		for _, s := range groupsToAdd {
-			if g, ok := account.Groups[s]; ok && g.Name != "All" {
-				g.Peers = append(g.Peers, newPeer.Key)
-			}
-		}
-	}
-
 	account.Peers[newPeer.Key] = newPeer
 	if len(upperKey) != 0 {
 		account.SetupKeys[sk.Key] = sk.IncrementUsage()

management/server/route_test.go

@@ -778,7 +778,7 @@ func createRouterManager(t *testing.T) (*DefaultAccountManager, error) {
 	if err != nil {
 		return nil, err
 	}
-	return BuildManager(store, NewPeersUpdateManager(), nil, "")
+	return BuildManager(store, NewPeersUpdateManager(), nil)
 }
 
 func createRouterStore(t *testing.T) (Store, error) {

management/server/setupkey.go

@@ -80,8 +80,6 @@ type SetupKey struct {
 
 // Copy copies SetupKey to a new object
 func (key *SetupKey) Copy() *SetupKey {
-	autoGroups := make([]string, 0)
-	autoGroups = append(autoGroups, key.AutoGroups...)
 	if key.UpdatedAt.IsZero() {
 		key.UpdatedAt = key.CreatedAt
 	}
@@ -96,7 +94,7 @@ func (key *SetupKey) Copy() *SetupKey {
 		Revoked:    key.Revoked,
 		UsedTimes:  key.UsedTimes,
 		LastUsed:   key.LastUsed,
-		AutoGroups: autoGroups,
+		AutoGroups: key.AutoGroups,
 	}
 }
 

management/server/store.go

@@ -21,6 +21,4 @@ type Store interface {
 	SaveAccount(account *Account) error
 	GetPeerRoutes(peerKey string) ([]*route.Route, error)
 	GetRoutesByPrefix(accountID string, prefix netip.Prefix) ([]*route.Route, error)
-	GetInstallationID() string
-	SaveInstallationID(id string) error
 }

management/server/telemetry/app_metrics.go

@@ -1,181 +0,0 @@
-package telemetry
-
-import (
-	"context"
-	"fmt"
-	"github.com/gorilla/mux"
-	prometheus2 "github.com/prometheus/client_golang/prometheus"
-	"github.com/prometheus/client_golang/prometheus/promhttp"
-	log "github.com/sirupsen/logrus"
-	"go.opentelemetry.io/otel/exporters/prometheus"
-	metric2 "go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/sdk/metric"
-	"net"
-	"net/http"
-	"reflect"
-)
-
-const defaultEndpoint = "/metrics"
-
-// MockAppMetrics mocks the AppMetrics interface
-type MockAppMetrics struct {
-	GetMeterFunc       func() metric2.Meter
-	CloseFunc          func() error
-	ExposeFunc         func(port int, endpoint string) error
-	IDPMetricsFunc     func() *IDPMetrics
-	HTTPMiddlewareFunc func() *HTTPMiddleware
-	GRPCMetricsFunc    func() *GRPCMetrics
-}
-
-// GetMeter mocks the GetMeter function of the AppMetrics interface
-func (mock *MockAppMetrics) GetMeter() metric2.Meter {
-	if mock.GetMeterFunc != nil {
-		return mock.GetMeterFunc()
-	}
-	return nil
-}
-
-// Close mocks the Close function of the AppMetrics interface
-func (mock *MockAppMetrics) Close() error {
-	if mock.CloseFunc != nil {
-		return mock.CloseFunc()
-	}
-	return fmt.Errorf("unimplemented")
-}
-
-// Expose mocks the Expose function of the AppMetrics interface
-func (mock *MockAppMetrics) Expose(port int, endpoint string) error {
-	if mock.ExposeFunc != nil {
-		return mock.ExposeFunc(port, endpoint)
-	}
-	return fmt.Errorf("unimplemented")
-}
-
-// IDPMetrics mocks the IDPMetrics function of the IDPMetrics interface
-func (mock *MockAppMetrics) IDPMetrics() *IDPMetrics {
-	if mock.IDPMetricsFunc != nil {
-		return mock.IDPMetricsFunc()
-	}
-	return nil
-}
-
-// HTTPMiddleware mocks the HTTPMiddleware function of the IDPMetrics interface
-func (mock *MockAppMetrics) HTTPMiddleware() *HTTPMiddleware {
-	if mock.HTTPMiddlewareFunc != nil {
-		return mock.HTTPMiddlewareFunc()
-	}
-	return nil
-}
-
-// GRPCMetrics mocks the GRPCMetrics function of the IDPMetrics interface
-func (mock *MockAppMetrics) GRPCMetrics() *GRPCMetrics {
-	if mock.GRPCMetricsFunc != nil {
-		return mock.GRPCMetricsFunc()
-	}
-	return nil
-}
-
-// AppMetrics is metrics interface
-type AppMetrics interface {
-	GetMeter() metric2.Meter
-	Close() error
-	Expose(port int, endpoint string) error
-	IDPMetrics() *IDPMetrics
-	HTTPMiddleware() *HTTPMiddleware
-	GRPCMetrics() *GRPCMetrics
-}
-
-// defaultAppMetrics are core application metrics based on OpenTelemetry https://opentelemetry.io/
-type defaultAppMetrics struct {
-	// Meter can be used by different application parts to create counters and measure things
-	Meter          metric2.Meter
-	listener       net.Listener
-	ctx            context.Context
-	idpMetrics     *IDPMetrics
-	httpMiddleware *HTTPMiddleware
-	grpcMetrics    *GRPCMetrics
-}
-
-// IDPMetrics returns metrics for the idp package
-func (appMetrics *defaultAppMetrics) IDPMetrics() *IDPMetrics {
-	return appMetrics.idpMetrics
-}
-
-// HTTPMiddleware returns metrics for the http api package
-func (appMetrics *defaultAppMetrics) HTTPMiddleware() *HTTPMiddleware {
-	return appMetrics.httpMiddleware
-}
-
-// GRPCMetrics returns metrics for the gRPC api
-func (appMetrics *defaultAppMetrics) GRPCMetrics() *GRPCMetrics {
-	return appMetrics.grpcMetrics
-}
-
-// Close stop application metrics HTTP handler and closes listener.
-func (appMetrics *defaultAppMetrics) Close() error {
-	if appMetrics.listener == nil {
-		return nil
-	}
-	return appMetrics.listener.Close()
-}
-
-// Expose metrics on a given port and endpoint. If endpoint is empty a defaultEndpoint one will be used.
-// Exposes metrics in the Prometheus format https://prometheus.io/
-func (appMetrics *defaultAppMetrics) Expose(port int, endpoint string) error {
-	if endpoint == "" {
-		endpoint = defaultEndpoint
-	}
-	rootRouter := mux.NewRouter()
-	rootRouter.Handle(endpoint, promhttp.HandlerFor(
-		prometheus2.DefaultGatherer,
-		promhttp.HandlerOpts{EnableOpenMetrics: true}))
-	listener, err := net.Listen("tcp4", fmt.Sprintf(":%d", port))
-	if err != nil {
-		return err
-	}
-	appMetrics.listener = listener
-	go func() {
-		err := http.Serve(listener, rootRouter)
-		if err != nil {
-			return
-		}
-	}()
-
-	log.Infof("enabled application metrics and exposing on http://%s", listener.Addr().String())
-
-	return nil
-}
-
-// GetMeter returns metrics meter that can be used to add various counters
-func (appMetrics *defaultAppMetrics) GetMeter() metric2.Meter {
-	return appMetrics.Meter
-}
-
-// NewDefaultAppMetrics and expose them via defaultEndpoint on a given HTTP port
-func NewDefaultAppMetrics(ctx context.Context) (AppMetrics, error) {
-	exporter, err := prometheus.New()
-	if err != nil {
-		return nil, err
-	}
-
-	provider := metric.NewMeterProvider(metric.WithReader(exporter))
-	pkg := reflect.TypeOf(defaultEndpoint).PkgPath()
-	meter := provider.Meter(pkg)
-
-	idpMetrics, err := NewIDPMetrics(ctx, meter)
-	if err != nil {
-		return nil, err
-	}
-
-	middleware, err := NewMetricsMiddleware(ctx, meter)
-	if err != nil {
-		return nil, err
-	}
-	grpcMetrics, err := NewGRPCMetrics(ctx, meter)
-	if err != nil {
-		return nil, err
-	}
-
-	return &defaultAppMetrics{Meter: meter, ctx: ctx, idpMetrics: idpMetrics, httpMiddleware: middleware,
-		grpcMetrics: grpcMetrics}, nil
-}

management/server/telemetry/grpc_metrics.go

@@ -1,76 +0,0 @@
-package telemetry
-
-import (
-	"context"
-	"go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/metric/instrument"
-	"go.opentelemetry.io/otel/metric/instrument/asyncint64"
-	"go.opentelemetry.io/otel/metric/instrument/syncint64"
-)
-
-// GRPCMetrics are gRPC server metrics
-type GRPCMetrics struct {
-	meter                 metric.Meter
-	syncRequestsCounter   syncint64.Counter
-	loginRequestsCounter  syncint64.Counter
-	getKeyRequestsCounter syncint64.Counter
-	activeStreamsGauge    asyncint64.Gauge
-	ctx                   context.Context
-}
-
-// NewGRPCMetrics creates new GRPCMetrics struct and registers common metrics of the gRPC server
-func NewGRPCMetrics(ctx context.Context, meter metric.Meter) (*GRPCMetrics, error) {
-	syncRequestsCounter, err := meter.SyncInt64().Counter("management.grpc.sync.request.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	loginRequestsCounter, err := meter.SyncInt64().Counter("management.grpc.login.request.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	getKeyRequestsCounter, err := meter.SyncInt64().Counter("management.grpc.key.request.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-
-	activeStreamsGauge, err := meter.AsyncInt64().Gauge("management.grpc.connected.streams", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-
-	return &GRPCMetrics{
-		meter:                 meter,
-		syncRequestsCounter:   syncRequestsCounter,
-		loginRequestsCounter:  loginRequestsCounter,
-		getKeyRequestsCounter: getKeyRequestsCounter,
-		activeStreamsGauge:    activeStreamsGauge,
-		ctx:                   ctx,
-	}, err
-}
-
-// CountSyncRequest counts the number of gRPC sync requests coming to the gRPC API
-func (grpcMetrics *GRPCMetrics) CountSyncRequest() {
-	grpcMetrics.syncRequestsCounter.Add(grpcMetrics.ctx, 1)
-}
-
-// CountGetKeyRequest counts the number of gRPC get server key requests coming to the gRPC API
-func (grpcMetrics *GRPCMetrics) CountGetKeyRequest() {
-	grpcMetrics.getKeyRequestsCounter.Add(grpcMetrics.ctx, 1)
-}
-
-// CountLoginRequest counts the number of gRPC login requests coming to the gRPC API
-func (grpcMetrics *GRPCMetrics) CountLoginRequest() {
-	grpcMetrics.loginRequestsCounter.Add(grpcMetrics.ctx, 1)
-}
-
-// RegisterConnectedStreams registers a function that collects number of active streams and feeds it to the metrics gauge.
-func (grpcMetrics *GRPCMetrics) RegisterConnectedStreams(producer func() int64) error {
-	return grpcMetrics.meter.RegisterCallback(
-		[]instrument.Asynchronous{
-			grpcMetrics.activeStreamsGauge,
-		},
-		func(ctx context.Context) {
-			grpcMetrics.activeStreamsGauge.Observe(ctx, producer())
-		},
-	)
-}

management/server/telemetry/http_api_metrics.go

@@ -1,176 +0,0 @@
-package telemetry
-
-import (
-	"context"
-	"fmt"
-	log "github.com/sirupsen/logrus"
-	"go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/metric/instrument"
-	"go.opentelemetry.io/otel/metric/instrument/syncint64"
-	"hash/fnv"
-	"net/http"
-	"strings"
-)
-
-const (
-	httpRequestCounterPrefix  = "management.http.request.counter"
-	httpResponseCounterPrefix = "management.http.response.counter"
-)
-
-// WrappedResponseWriter is a wrapper for http.ResponseWriter that allows the
-// written HTTP status code to be captured for metrics reporting or logging purposes.
-type WrappedResponseWriter struct {
-	http.ResponseWriter
-	status      int
-	wroteHeader bool
-}
-
-// WrapResponseWriter wraps original http.ResponseWriter
-func WrapResponseWriter(w http.ResponseWriter) *WrappedResponseWriter {
-	return &WrappedResponseWriter{ResponseWriter: w}
-}
-
-// Status returns response status
-func (rw *WrappedResponseWriter) Status() int {
-	return rw.status
-}
-
-// WriteHeader wraps http.ResponseWriter.WriteHeader method
-func (rw *WrappedResponseWriter) WriteHeader(code int) {
-	if rw.wroteHeader {
-		return
-	}
-
-	rw.status = code
-	rw.ResponseWriter.WriteHeader(code)
-	rw.wroteHeader = true
-}
-
-// HTTPMiddleware handler used to collect metrics of every request/response coming to the API.
-// Also adds request tracing (logging).
-type HTTPMiddleware struct {
-	meter metric.Meter
-	ctx   context.Context
-	// defaultEndpoint & method
-	httpRequestCounters map[string]syncint64.Counter
-	// defaultEndpoint & method & status code
-	httpResponseCounters map[string]syncint64.Counter
-	// all HTTP requests
-	totalHTTPRequestsCounter syncint64.Counter
-	// all HTTP responses
-	totalHTTPResponseCounter syncint64.Counter
-	// all HTTP responses by status code
-	totalHTTPResponseCodeCounters map[int]syncint64.Counter
-}
-
-// AddHTTPRequestResponseCounter adds a new meter for an HTTP defaultEndpoint and Method (GET, POST, etc)
-// Creates one request counter and multiple response counters (one per http response status code).
-func (m *HTTPMiddleware) AddHTTPRequestResponseCounter(endpoint string, method string) error {
-	meterKey := getRequestCounterKey(endpoint, method)
-	httpReqCounter, err := m.meter.SyncInt64().Counter(meterKey, instrument.WithUnit("1"))
-	if err != nil {
-		return err
-	}
-	m.httpRequestCounters[meterKey] = httpReqCounter
-	respCodes := []int{200, 204, 400, 401, 403, 404, 500, 502, 503}
-	for _, code := range respCodes {
-		meterKey = getResponseCounterKey(endpoint, method, code)
-		httpRespCounter, err := m.meter.SyncInt64().Counter(meterKey, instrument.WithUnit("1"))
-		if err != nil {
-			return err
-		}
-		m.httpResponseCounters[meterKey] = httpRespCounter
-
-		meterKey = fmt.Sprintf("%s_%d_total", httpResponseCounterPrefix, code)
-		totalHTTPResponseCodeCounter, err := m.meter.SyncInt64().Counter(meterKey, instrument.WithUnit("1"))
-		if err != nil {
-			return err
-		}
-		m.totalHTTPResponseCodeCounters[code] = totalHTTPResponseCodeCounter
-	}
-
-	return nil
-}
-
-// NewMetricsMiddleware creates a new HTTPMiddleware
-func NewMetricsMiddleware(ctx context.Context, meter metric.Meter) (*HTTPMiddleware, error) {
-
-	totalHTTPRequestsCounter, err := meter.SyncInt64().Counter(
-		fmt.Sprintf("%s_total", httpRequestCounterPrefix),
-		instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	totalHTTPResponseCounter, err := meter.SyncInt64().Counter(
-		fmt.Sprintf("%s_total", httpResponseCounterPrefix),
-		instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	return &HTTPMiddleware{
-			ctx:                           ctx,
-			httpRequestCounters:           map[string]syncint64.Counter{},
-			httpResponseCounters:          map[string]syncint64.Counter{},
-			totalHTTPResponseCodeCounters: map[int]syncint64.Counter{},
-			meter:                         meter,
-			totalHTTPRequestsCounter:      totalHTTPRequestsCounter,
-			totalHTTPResponseCounter:      totalHTTPResponseCounter,
-		},
-		nil
-}
-
-func getRequestCounterKey(endpoint, method string) string {
-	return fmt.Sprintf("%s%s_%s", httpRequestCounterPrefix,
-		strings.ReplaceAll(endpoint, "/", "_"), method)
-}
-
-func getResponseCounterKey(endpoint, method string, status int) string {
-	return fmt.Sprintf("%s%s_%s_%d", httpResponseCounterPrefix,
-		strings.ReplaceAll(endpoint, "/", "_"), method, status)
-}
-
-// Handler logs every request and response and adds the, to metrics.
-func (m *HTTPMiddleware) Handler(h http.Handler) http.Handler {
-	fn := func(rw http.ResponseWriter, r *http.Request) {
-		traceID := hash(fmt.Sprintf("%v", r))
-		log.Tracef("HTTP request %v: %v %v", traceID, r.Method, r.URL)
-
-		metricKey := getRequestCounterKey(r.URL.Path, r.Method)
-
-		if c, ok := m.httpRequestCounters[metricKey]; ok {
-			c.Add(m.ctx, 1)
-		}
-		m.totalHTTPRequestsCounter.Add(m.ctx, 1)
-
-		w := WrapResponseWriter(rw)
-
-		h.ServeHTTP(w, r)
-
-		if w.Status() > 399 {
-			log.Errorf("HTTP response %v: %v %v status %v", traceID, r.Method, r.URL, w.Status())
-		} else {
-			log.Tracef("HTTP response %v: %v %v status %v", traceID, r.Method, r.URL, w.Status())
-		}
-
-		metricKey = getResponseCounterKey(r.URL.Path, r.Method, w.Status())
-		if c, ok := m.httpResponseCounters[metricKey]; ok {
-			c.Add(m.ctx, 1)
-		}
-
-		m.totalHTTPResponseCounter.Add(m.ctx, 1)
-		if c, ok := m.totalHTTPResponseCodeCounters[w.Status()]; ok {
-			c.Add(m.ctx, 1)
-		}
-	}
-
-	return http.HandlerFunc(fn)
-}
-
-func hash(s string) uint32 {
-	h := fnv.New32a()
-	_, err := h.Write([]byte(s))
-	if err != nil {
-		panic(err)
-	}
-	return h.Sum32()
-}

management/server/telemetry/idp_metrics.go

@@ -1,119 +0,0 @@
-package telemetry
-
-import (
-	"context"
-	"go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/metric/instrument"
-	"go.opentelemetry.io/otel/metric/instrument/syncint64"
-)
-
-// IDPMetrics is common IdP metrics
-type IDPMetrics struct {
-	metaUpdateCounter          syncint64.Counter
-	getUserByEmailCounter      syncint64.Counter
-	getAllAccountsCounter      syncint64.Counter
-	createUserCounter          syncint64.Counter
-	getAccountCounter          syncint64.Counter
-	getUserByIDCounter         syncint64.Counter
-	authenticateRequestCounter syncint64.Counter
-	requestErrorCounter        syncint64.Counter
-	requestStatusErrorCounter  syncint64.Counter
-	ctx                        context.Context
-}
-
-// NewIDPMetrics creates new IDPMetrics struct and registers common
-func NewIDPMetrics(ctx context.Context, meter metric.Meter) (*IDPMetrics, error) {
-	metaUpdateCounter, err := meter.SyncInt64().Counter("management.idp.update.user.meta.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	getUserByEmailCounter, err := meter.SyncInt64().Counter("management.idp.get.user.by.email.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	getAllAccountsCounter, err := meter.SyncInt64().Counter("management.idp.get.accounts.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	createUserCounter, err := meter.SyncInt64().Counter("management.idp.create.user.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	getAccountCounter, err := meter.SyncInt64().Counter("management.idp.get.account.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	getUserByIDCounter, err := meter.SyncInt64().Counter("management.idp.get.user.by.id.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	authenticateRequestCounter, err := meter.SyncInt64().Counter("management.idp.authenticate.request.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	requestErrorCounter, err := meter.SyncInt64().Counter("management.idp.request.error.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-	requestStatusErrorCounter, err := meter.SyncInt64().Counter("management.idp.request.status.error.counter", instrument.WithUnit("1"))
-	if err != nil {
-		return nil, err
-	}
-
-	return &IDPMetrics{
-		metaUpdateCounter:          metaUpdateCounter,
-		getUserByEmailCounter:      getUserByEmailCounter,
-		getAllAccountsCounter:      getAllAccountsCounter,
-		createUserCounter:          createUserCounter,
-		getAccountCounter:          getAccountCounter,
-		getUserByIDCounter:         getUserByIDCounter,
-		authenticateRequestCounter: authenticateRequestCounter,
-		requestErrorCounter:        requestErrorCounter,
-		requestStatusErrorCounter:  requestStatusErrorCounter,
-		ctx:                        ctx}, nil
-}
-
-// CountUpdateUserAppMetadata ...
-func (idpMetrics *IDPMetrics) CountUpdateUserAppMetadata() {
-	idpMetrics.metaUpdateCounter.Add(idpMetrics.ctx, 1)
-}
-
-// CountGetUserByEmail ...
-func (idpMetrics *IDPMetrics) CountGetUserByEmail() {
-	idpMetrics.getUserByEmailCounter.Add(idpMetrics.ctx, 1)
-}
-
-// CountCreateUser ...
-func (idpMetrics *IDPMetrics) CountCreateUser() {
-	idpMetrics.createUserCounter.Add(idpMetrics.ctx, 1)
-}
-
-// CountGetAllAccounts ...
-func (idpMetrics *IDPMetrics) CountGetAllAccounts() {
-	idpMetrics.getAllAccountsCounter.Add(idpMetrics.ctx, 1)
-}
-
-// CountGetAccount ...
-func (idpMetrics *IDPMetrics) CountGetAccount() {
-	idpMetrics.getAccountCounter.Add(idpMetrics.ctx, 1)
-}
-
-// CountGetUserDataByID ...
-func (idpMetrics *IDPMetrics) CountGetUserDataByID() {
-	idpMetrics.getUserByIDCounter.Add(idpMetrics.ctx, 1)
-}
-
-// CountAuthenticate ...
-func (idpMetrics *IDPMetrics) CountAuthenticate() {
-	idpMetrics.authenticateRequestCounter.Add(idpMetrics.ctx, 1)
-}
-
-// CountRequestError counts number of error that happened when doing http request (httpClient.Do)
-func (idpMetrics *IDPMetrics) CountRequestError() {
-	idpMetrics.requestErrorCounter.Add(idpMetrics.ctx, 1)
-}
-
-// CountRequestStatusError counts number of responses that came from IdP with non success status code
-func (idpMetrics *IDPMetrics) CountRequestStatusError() {
-	idpMetrics.requestStatusErrorCounter.Add(idpMetrics.ctx, 1)
-}

management/server/updatechannel.go

@@ -70,14 +70,3 @@ func (p *PeersUpdateManager) CloseChannel(peerKey string) {
 
 	log.Debugf("closed updates channel of a peer %s", peerKey)
 }
-
-// GetAllConnectedPeers returns a copy of the connected peers map
-func (p *PeersUpdateManager) GetAllConnectedPeers() map[string]struct{} {
-	p.channelsMux.Lock()
-	defer p.channelsMux.Unlock()
-	m := make(map[string]struct{})
-	for key := range p.peerChannels {
-		m[key] = struct{}{}
-	}
-	return m
-}

management/server/user.go

@@ -2,103 +2,40 @@ package server
 
 import (
 	"fmt"
-	"github.com/netbirdio/netbird/management/server/idp"
+	"strings"
+
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-	"strings"
 
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 )
 
 const (
-	UserRoleAdmin   UserRole = "admin"
-	UserRoleUser    UserRole = "user"
-	UserRoleUnknown UserRole = "unknown"
-
-	UserStatusActive   UserStatus = "active"
-	UserStatusDisabled UserStatus = "disabled"
-	UserStatusInvited  UserStatus = "invited"
+	UserRoleAdmin UserRole = "admin"
+	UserRoleUser  UserRole = "user"
 )
 
-// StrRoleToUserRole returns UserRole for a given strRole or UserRoleUnknown if the specified role is unknown
-func StrRoleToUserRole(strRole string) UserRole {
-	switch strings.ToLower(strRole) {
-	case "admin":
-		return UserRoleAdmin
-	case "user":
-		return UserRoleUser
-	default:
-		return UserRoleUnknown
-	}
-}
-
-// UserStatus is the status of a User
-type UserStatus string
-
-// UserRole is the role of a User
+// UserRole is the role of the User
 type UserRole string
 
 // User represents a user of the system
 type User struct {
 	Id   string
 	Role UserRole
-	// AutoGroups is a list of Group IDs to auto-assign to peers registered by this user
-	AutoGroups []string
 }
 
-// toUserInfo converts a User object to a UserInfo object.
-func (u *User) toUserInfo(userData *idp.UserData) (*UserInfo, error) {
-	autoGroups := u.AutoGroups
-	if autoGroups == nil {
-		autoGroups = []string{}
-	}
-
-	if userData == nil {
-		return &UserInfo{
-			ID:         u.Id,
-			Email:      "",
-			Name:       "",
-			Role:       string(u.Role),
-			AutoGroups: u.AutoGroups,
-			Status:     string(UserStatusActive),
-		}, nil
-	}
-	if userData.ID != u.Id {
-		return nil, fmt.Errorf("wrong UserData provided for user %s", u.Id)
-	}
-
-	userStatus := UserStatusActive
-	if userData.AppMetadata.WTPendingInvite != nil && *userData.AppMetadata.WTPendingInvite {
-		userStatus = UserStatusInvited
-	}
-
-	return &UserInfo{
-		ID:         u.Id,
-		Email:      userData.Email,
-		Name:       userData.Name,
-		Role:       string(u.Role),
-		AutoGroups: autoGroups,
-		Status:     string(userStatus),
-	}, nil
-}
-
-// Copy the user
 func (u *User) Copy() *User {
-	autoGroups := make([]string, 0)
-	autoGroups = append(autoGroups, u.AutoGroups...)
 	return &User{
-		Id:         u.Id,
-		Role:       u.Role,
-		AutoGroups: autoGroups,
+		Id:   u.Id,
+		Role: u.Role,
 	}
 }
 
 // NewUser creates a new user
 func NewUser(id string, role UserRole) *User {
 	return &User{
-		Id:         id,
-		Role:       role,
-		AutoGroups: []string{},
+		Id:   id,
+		Role: role,
 	}
 }
 
@@ -112,122 +49,6 @@ func NewAdminUser(id string) *User {
 	return NewUser(id, UserRoleAdmin)
 }
 
-// CreateUser creates a new user under the given account. Effectively this is a user invite.
-func (am *DefaultAccountManager) CreateUser(accountID string, invite *UserInfo) (*UserInfo, error) {
-	am.mux.Lock()
-	defer am.mux.Unlock()
-
-	if am.idpManager == nil {
-		return nil, Errorf(PreconditionFailed, "IdP manager must be enabled to send user invites")
-	}
-
-	if invite == nil {
-		return nil, fmt.Errorf("provided user update is nil")
-	}
-
-	account, err := am.Store.GetAccount(accountID)
-	if err != nil {
-		return nil, Errorf(AccountNotFound, "account %s doesn't exist", accountID)
-	}
-
-	// check if the user is already registered with this email => reject
-	user, err := am.lookupUserInCacheByEmail(invite.Email, accountID)
-	if err != nil {
-		return nil, err
-	}
-
-	if user != nil {
-		return nil, Errorf(UserAlreadyExists, "user has an existing account")
-	}
-
-	users, err := am.idpManager.GetUserByEmail(invite.Email)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(users) > 0 {
-		return nil, Errorf(UserAlreadyExists, "user has an existing account")
-	}
-
-	idpUser, err := am.idpManager.CreateUser(invite.Email, invite.Name, accountID)
-	if err != nil {
-		return nil, err
-	}
-
-	role := StrRoleToUserRole(invite.Role)
-	newUser := &User{
-		Id:         idpUser.ID,
-		Role:       role,
-		AutoGroups: invite.AutoGroups,
-	}
-	account.Users[idpUser.ID] = newUser
-
-	err = am.Store.SaveAccount(account)
-	if err != nil {
-		return nil, err
-	}
-
-	_, err = am.refreshCache(account.Id)
-	if err != nil {
-		return nil, err
-	}
-
-	return newUser.toUserInfo(idpUser)
-
-}
-
-// SaveUser saves updates a given user. If the user doesn't exit it will throw status.NotFound error.
-// Only User.AutoGroups field is allowed to be updated for now.
-func (am *DefaultAccountManager) SaveUser(accountID string, update *User) (*UserInfo, error) {
-	am.mux.Lock()
-	defer am.mux.Unlock()
-
-	if update == nil {
-		return nil, status.Errorf(codes.InvalidArgument, "provided user update is nil")
-	}
-
-	account, err := am.Store.GetAccount(accountID)
-	if err != nil {
-		return nil, status.Errorf(codes.NotFound, "account not found")
-	}
-
-	for _, newGroupID := range update.AutoGroups {
-		if _, ok := account.Groups[newGroupID]; !ok {
-			return nil,
-				status.Errorf(codes.InvalidArgument, "provided group ID %s in the user %s update doesn't exist",
-					newGroupID, update.Id)
-		}
-	}
-
-	oldUser := account.Users[update.Id]
-	if oldUser == nil {
-		return nil, status.Errorf(codes.NotFound, "update not found")
-	}
-
-	// only auto groups, revoked status, and name can be updated for now
-	newUser := oldUser.Copy()
-	newUser.AutoGroups = update.AutoGroups
-	newUser.Role = update.Role
-
-	account.Users[newUser.Id] = newUser
-
-	if err = am.Store.SaveAccount(account); err != nil {
-		return nil, err
-	}
-
-	if !isNil(am.idpManager) {
-		userData, err := am.lookupUserInCache(newUser.Id, account)
-		if err != nil {
-			return nil, err
-		}
-		if userData == nil {
-			return nil, status.Errorf(codes.NotFound, "user %s not found in the IdP", newUser.Id)
-		}
-		return newUser.toUserInfo(userData)
-	}
-	return newUser.toUserInfo(nil)
-}
-
 // GetOrCreateAccountByUser returns an existing account for a given user id or creates a new one if doesn't exist
 func (am *DefaultAccountManager) GetOrCreateAccountByUser(userId, domain string) (*Account, error) {
 	am.mux.Lock()
@@ -275,7 +96,7 @@ func (am *DefaultAccountManager) GetAccountByUser(userId string) (*Account, erro
 
 // IsUserAdmin flag for current user authenticated by JWT token
 func (am *DefaultAccountManager) IsUserAdmin(claims jwtclaims.AuthorizationClaims) (bool, error) {
-	account, err := am.GetAccountFromToken(claims)
+	account, err := am.GetAccountWithAuthorizationClaims(claims)
 	if err != nil {
 		return false, fmt.Errorf("get account: %v", err)
 	}
@@ -287,50 +108,3 @@ func (am *DefaultAccountManager) IsUserAdmin(claims jwtclaims.AuthorizationClaim
 
 	return user.Role == UserRoleAdmin, nil
 }
-
-// GetUsersFromAccount performs a batched request for users from IDP by account ID
-func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserInfo, error) {
-	account, err := am.GetAccountById(accountID)
-	if err != nil {
-		return nil, err
-	}
-
-	queriedUsers := make([]*idp.UserData, 0)
-	if !isNil(am.idpManager) {
-		users := make(map[string]struct{}, len(account.Users))
-		for _, user := range account.Users {
-			users[user.Id] = struct{}{}
-		}
-		queriedUsers, err = am.lookupCache(users, accountID)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	userInfos := make([]*UserInfo, 0)
-
-	// in case of self-hosted, or IDP doesn't return anything, we will return the locally stored userInfo
-	if len(queriedUsers) == 0 {
-		for _, user := range account.Users {
-			info, err := user.toUserInfo(nil)
-			if err != nil {
-				return nil, err
-			}
-			userInfos = append(userInfos, info)
-		}
-		return userInfos, nil
-	}
-
-	for _, queriedUser := range queriedUsers {
-		if localUser, contains := account.Users[queriedUser.ID]; contains {
-
-			info, err := localUser.toUserInfo(queriedUser)
-			if err != nil {
-				return nil, err
-			}
-			userInfos = append(userInfos, info)
-		}
-	}
-
-	return userInfos, nil
-}

signal/client/grpc.go

@@ -87,7 +87,7 @@ func NewClient(ctx context.Context, addr string, key wgtypes.Key, tlsEnabled boo
 	}, nil
 }
 
-// defaultBackoff is a basic backoff mechanism for general issues
+//defaultBackoff is a basic backoff mechanism for general issues
 func defaultBackoff(ctx context.Context) backoff.BackOff {
 	return backoff.WithContext(&backoff.ExponentialBackOff{
 		InitialInterval:     800 * time.Millisecond,
@@ -121,11 +121,9 @@ func (c *GrpcClient) Receive(msgHandler func(msg *proto.Message) error) error {
 			return fmt.Errorf("connection to signal is not ready and in %s state", connState)
 		}
 
-		// connect to Signal stream identifying ourselves with a public WireGuard key
+		// connect to Signal stream identifying ourselves with a public Wireguard key
 		// todo once the key rotation logic has been implemented, consider changing to some other identifier (received from management)
-		ctx, cancelStream := context.WithCancel(c.ctx)
-		defer cancelStream()
-		stream, err := c.connect(ctx, c.key.PublicKey().String())
+		stream, err := c.connect(c.key.PublicKey().String())
 		if err != nil {
 			log.Warnf("disconnected from the Signal Exchange due to an error: %v", err)
 			return err
@@ -182,13 +180,15 @@ func (c *GrpcClient) getStreamStatusChan() <-chan struct{} {
 	return c.connectedCh
 }
 
-func (c *GrpcClient) connect(ctx context.Context, key string) (proto.SignalExchange_ConnectStreamClient, error) {
+func (c *GrpcClient) connect(key string) (proto.SignalExchange_ConnectStreamClient, error) {
 	c.stream = nil
 
 	// add key fingerprint to the request header to be identified on the server side
 	md := metadata.New(map[string]string{proto.HeaderId: key})
-	metaCtx := metadata.NewOutgoingContext(ctx, md)
-	stream, err := c.realClient.ConnectStream(metaCtx, grpc.WaitForReady(true))
+	ctx := metadata.NewOutgoingContext(c.ctx, md)
+
+	stream, err := c.realClient.ConnectStream(ctx, grpc.WaitForReady(true))
+
 	c.stream = stream
 	if err != nil {
 		return nil, err

util/file.go

@@ -3,6 +3,7 @@ package util
 import (
 	"encoding/json"
 	"io"
+	"io/ioutil"
 	"os"
 	"path/filepath"
 )
@@ -23,7 +24,7 @@ func WriteJson(file string, obj interface{}) error {
 		return err
 	}
 
-	tempFile, err := os.CreateTemp(configDir, ".*"+configFileName)
+	tempFile, err := ioutil.TempFile(configDir, ".*"+configFileName)
 	if err != nil {
 		return err
 	}
@@ -42,7 +43,7 @@ func WriteJson(file string, obj interface{}) error {
 		}
 	}()
 
-	err = os.WriteFile(tempFileName, bs, 0600)
+	err = ioutil.WriteFile(tempFileName, bs, 0600)
 	if err != nil {
 		return err
 	}
@@ -64,7 +65,7 @@ func ReadJson(file string, res interface{}) (interface{}, error) {
 	}
 	defer f.Close()
 
-	bs, err := io.ReadAll(f)
+	bs, err := ioutil.ReadAll(f)
 	if err != nil {
 		return nil, err
 	}