Integrate Endpoints for Posture Checks

go.sum

@@ -996,4 +996,4 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
+sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=

management/server/account.go

@@ -30,6 +30,7 @@ import (
  "github.com/netbirdio/netbird/management/server/idp"
  "github.com/netbirdio/netbird/management/server/jwtclaims"
  nbpeer "github.com/netbirdio/netbird/management/server/peer"
+ "github.com/netbirdio/netbird/management/server/posture"
  "github.com/netbirdio/netbird/management/server/status"
  "github.com/netbirdio/netbird/route"
 )
@@ -118,6 +119,10 @@ type AccountManager interface {
  GetAllConnectedPeers() (map[string]struct{}, error)
  HasConnectedChannel(peerID string) bool
  GetExternalCacheManager() ExternalCacheManager
+ GetPostureChecks(accountID, postureChecksID, userID string) (*posture.Checks, error)
+ SavePostureChecks(accountID, userID string, postureChecks *posture.Checks) error
+ DeletePostureChecks(accountID, postureChecksID, userID string) error
+ ListPostureChecks(accountID, userID string) ([]*posture.Checks, error)
 }
 
 type DefaultAccountManager struct {
@@ -216,6 +221,7 @@ type Account struct {
  NameServerGroups map[string]*nbdns.NameServerGroup `gorm:"-"`
  NameServerGroupsG []nbdns.NameServerGroup `json:"-" gorm:"foreignKey:AccountID;references:id"`
  DNSSettings DNSSettings `gorm:"embedded;embeddedPrefix:dns_settings_"`
+ PostureChecks []*posture.Checks `gorm:"foreignKey:AccountID;references:id"`
  // Settings is a dictionary of Account settings
  Settings *Settings `gorm:"embedded;embeddedPrefix:settings_"`
 }
@@ -661,6 +667,11 @@ func (a *Account) Copy() *Account {
  settings = a.Settings.Copy()
  }
 
+ postureChecks := []*posture.Checks{}
+ for _, postureCheck := range a.PostureChecks {
+ postureChecks = append(postureChecks, postureCheck.Copy())
+ }
+
  return &Account{
  Id: a.Id,
  CreatedBy: a.CreatedBy,
@@ -677,6 +688,7 @@ func (a *Account) Copy() *Account {
  Routes: routes,
  NameServerGroups: nsGroups,
  DNSSettings: dnsSettings,
+ PostureChecks: postureChecks,
  Settings: settings,
  }
 }

management/server/account_test.go

@@ -16,6 +16,7 @@ import (
  nbdns "github.com/netbirdio/netbird/dns"
  "github.com/netbirdio/netbird/management/server/activity"
  nbpeer "github.com/netbirdio/netbird/management/server/peer"
+ "github.com/netbirdio/netbird/management/server/posture"
  "github.com/netbirdio/netbird/route"
 
  "github.com/stretchr/testify/assert"
@@ -1537,9 +1538,10 @@ func TestAccount_Copy(t *testing.T) {
  },
  Policies: []*Policy{
  {
- ID: "policy1",
- Enabled: true,
- Rules: make([]*PolicyRule, 0),
+ ID: "policy1",
+ Enabled: true,
+ Rules: make([]*PolicyRule, 0),
+ SourcePostureChecks: make([]string, 0),
  },
  },
  Routes: map[string]*route.Route{
@@ -1558,7 +1560,13 @@ func TestAccount_Copy(t *testing.T) {
  },
  },
  DNSSettings: DNSSettings{DisabledManagementGroups: []string{}},
- Settings: &Settings{},
+ PostureChecks: []*posture.Checks{
+ {
+ ID: "posture Checks1",
+ Checks: make([]posture.Check, 0),
+ },
+ },
+ Settings: &Settings{},
  }
  err := hasNilField(account)
  if err != nil {

management/server/http/api/openapi.yml

@@ -779,6 +779,12 @@ components:
  - $ref: '#/components/schemas/PolicyMinimum'
  - type: object
  properties:
+ source_posture_checks:
+ description: Posture checks ID's applied to policy source groups
+ type: array
+ items:
+ type: string
+ example: "chacdk86lnnboviihd70"
  rules:
  description: Policy rule object for policy UI editor
  type: array
@@ -791,13 +797,73 @@ components:
  - $ref: '#/components/schemas/PolicyMinimum'
  - type: object
  properties:
+ source_posture_checks:
+ description: Posture checks ID's applied to policy source groups
+ type: array
+ items:
+ type: string
+ example: "chacdk86lnnboviihd70"
  rules:
  description: Policy rule object for policy UI editor
  type: array
  items:
  $ref: '#/components/schemas/PolicyRule'
  required:
  - rules
+ - source_posture_checks
+ PostureCheck:
+ type: object
+ properties:
+ id:
+ description: Posture check ID
+ type: string
+ example: ch8i4ug6lnn4g9hqv7mg
+ name:
+ description: Posture check name identifier
+ type: string
+ example: Default
+ description:
+ description: Posture check friendly description
+ type: string
+ example: This checks if the peer is running required NetBird's version
+ checks:
+ $ref: '#/components/schemas/Checks'
+ required:
+ - id
+ - name
+ - checks
+ Checks:
+ description: List of objects that perform the actual checks
+ type: object
+ properties:
+ nb_version_check:
+ $ref: '#/components/schemas/NBVersionCheck'
+ NBVersionCheck:
+ description: Posture check for the version of NetBird
+ type: object
+ properties:
+ min_version:
+ description: Minimum acceptable NetBird version
+ type: string
+ example: "0.25.0"
+ required:
+ - min_version
+ PostureCheckUpdate:
+ type: object
+ properties:
+ name:
+ description: Posture check name identifier
+ type: string
+ example: Default
+ description:
+ description: Posture check friendly description
+ type: string
+ example: This checks if the peer is running required NetBird's version
+ checks:
+ $ref: '#/components/schemas/Checks'
+ required:
+ - name
+ - description
  RouteRequest:
  type: object
  properties:
@@ -2464,3 +2530,139 @@ paths:
  "$ref": "#/components/responses/forbidden"
  '500':
  "$ref": "#/components/responses/internal_error"
+ /api/posture-checks:
+ get:
+ summary: List all Posture Checks
+ description: Returns a list of all posture checks
+ tags: [ Posture Checks ]
+ security:
+ - BearerAuth: [ ]
+ - TokenAuth: [ ]
+ responses:
+ '200':
+ description: A JSON Array of posture checks
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ $ref: '#/components/schemas/PostureCheck'
+ '400':
+ "$ref": "#/components/responses/bad_request"
+ '401':
+ "$ref": "#/components/responses/requires_authentication"
+ '403':
+ "$ref": "#/components/responses/forbidden"
+ '500':
+ "$ref": "#/components/responses/internal_error"
+ post:
+ summary: Create a Posture Check
+ description: Creates a posture check
+ tags: [ Posture Checks ]
+ security:
+ - BearerAuth: [ ]
+ - TokenAuth: [ ]
+ requestBody:
+ description: New posture check request
+ content:
+ 'application/json':
+ schema:
+ $ref: '#/components/schemas/PostureCheckUpdate'
+ responses:
+ '200':
+ description: A posture check Object
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PostureCheck'
+ /api/posture-checks/{postureCheckId}:
+ get:
+ summary: Retrieve a Posture Check
+ description: Get information about a posture check
+ tags: [ Posture Checks ]
+ security:
+ - BearerAuth: [ ]
+ - TokenAuth: [ ]
+ parameters:
+ - in: path
+ name: postureCheckId
+ required: true
+ schema:
+ type: string
+ description: The unique identifier of a posture check
+ responses:
+ '200':
+ description: A posture check object
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PostureCheck'
+ '400':
+ "$ref": "#/components/responses/bad_request"
+ '401':
+ "$ref": "#/components/responses/requires_authentication"
+ '403':
+ "$ref": "#/components/responses/forbidden"
+ '500':
+ "$ref": "#/components/responses/internal_error"
+ put:
+ summary: Update a Posture Check
+ description: Update/Replace a posture check
+ tags: [ Posture Checks ]
+ security:
+ - BearerAuth: [ ]
+ - TokenAuth: [ ]
+ parameters:
+ - in: path
+ name: postureCheckId
+ required: true
+ schema:
+ type: string
+ description: The unique identifier of a posture check
+ requestBody:
+ description: Update Rule request
+ content:
+ 'application/json':
+ schema:
+ $ref: '#/components/schemas/PostureCheckUpdate'
+ responses:
+ '200':
+ description: A posture check object
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PostureCheck'
+ '400':
+ "$ref": "#/components/responses/bad_request"
+ '401':
+ "$ref": "#/components/responses/requires_authentication"
+ '403':
+ "$ref": "#/components/responses/forbidden"
+ '500':
+ "$ref": "#/components/responses/internal_error"
+ delete:
+ summary: Delete a Posture Check
+ description: Delete a posture check
+ tags: [ Posture Checks ]
+ security:
+ - BearerAuth: [ ]
+ - TokenAuth: [ ]
+ parameters:
+ - in: path
+ name: postureCheckId
+ required: true
+ schema:
+ type: string
+ description: The unique identifier of a posture check
+ responses:
+ '200':
+ description: Delete status code
+ content: { }
+ '400':
+ "$ref": "#/components/responses/bad_request"
+ '401':
+ "$ref": "#/components/responses/requires_authentication"
+ '403':
+ "$ref": "#/components/responses/forbidden"
+ '500':
+ "$ref": "#/components/responses/internal_error"