-
Notifications
You must be signed in to change notification settings - Fork 134
feat: Device Security — certificate management UI (CA settings, enrollment approval, revocation) #612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
dexion
wants to merge
37
commits into
netbirdio:main
Choose a base branch
from
dexion:feature/tpm-cert-auth
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
feat: Device Security — certificate management UI (CA settings, enrollment approval, revocation) #612
Changes from all commits
Commits
Show all changes
37 commits
Select commit
Hold shift + click to select a range
b122eb2
feat(device-security): add TypeScript interfaces and DeviceSecurityPr…
b69c6ef
feat: add device security settings page
eeed710
feat: add device security enrollments page
5e51fb1
feat: add device security trusted CAs page
dd937de
fix: add type guards, inventory_type passthrough, error handling in d…
4d5c329
fix: add error handling for renewDevice in DevicesTable
860c7ce
feat: add device security navigation and layout
d177e04
fix: gate device security navigation by isRestricted permission
81fda0d
fix: add error state, extend cert-and-sso lockout warning, clamp vali…
5932bff
fix: add PEM END certificate marker validation in AddTrustedCAModal
32e7cb9
fix: fix empty state text, add reason column, add error feedback in e…
af9c7f3
fix: move DeviceSecurityProvider to layout, add /device-security redi…
f89fe65
fix: remove unsupported title prop from Callout in settings error state
9f57b51
fix: align CAType values with backend (builtin/vault/smallstep/scep, …
44f0037
feat(device-security): add CA config and inventory types and provider…
f046ee4
feat(device-security): add Inventory nav item and update Trusted CAs …
285a409
feat(device-security): redesign settings page with CA config, enrollm…
69dc5e0
fix: spec compliance corrections for settings page
976eaad
fix: improve accessibility in CA test panel and settings
5af0b2a
feat: add inventory configuration page
329940e
fix: add validation and accessibility improvements to inventory page
81f4f38
fix: remove OCSP fields, fix handleSave error handling, fix handleTes…
50c7516
feat: inventory page - two-tab static list, status callout, coming-so…
e43239f
fix: prevent race in inventory save, guard disabled provider types
7d0bb31
fix: update Dockerfile to nginx:alpine, fix stand for reviewers
a6dab03
fix: remove duplicate daemon directive in nginx.conf
6471257
feat: multi-source inventory, fix defaults and styling
79577bd
fix: prevent Bearer undefined requests when OIDC token not yet loaded
b003023
feat: add require_inventory_check toggle and cert_approver role
daed654
chore: update package-lock.json
99b82b2
feat: add Beta badge to Device Security nav item
4b61a08
fix: sync caType into localCAConfig so Test Connection sends correct …
578c243
feat: show peer name as link in enrollments table
193ce1a
feat: show peer name as link in device certificates table
c95455d
feat: add serial numbers CRUD in inventory static allow-list
b00c705
feat: expandable certificate PEM viewer in trusted CAs table
0cc8df8
security: confirmation dialogs for enrollment actions, strip inactive…
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,24 +1,16 @@ | ||
| FROM alpine:3.14 | ||
| FROM nginx:alpine | ||
|
|
||
| RUN apk add --no-cache bash curl less ca-certificates git tzdata zip gettext \ | ||
| nginx curl supervisor certbot-nginx && \ | ||
| rm -rf /var/cache/apk/* && mkdir -p /run/nginx | ||
|
|
||
| STOPSIGNAL SIGINT | ||
| EXPOSE 80 | ||
| EXPOSE 443 | ||
| ENTRYPOINT ["/usr/bin/supervisord","-c","/etc/supervisord.conf"] | ||
|
|
||
| WORKDIR /usr/share/nginx/html | ||
| # copy configuration files | ||
| COPY docker/default.conf /etc/nginx/http.d/default.conf | ||
|
|
||
| # Copy nginx configs | ||
| COPY docker/nginx.conf /etc/nginx/nginx.conf | ||
| COPY docker/init_cert.sh /usr/local/init_cert.sh | ||
| COPY docker/init_react_envs.sh /usr/local/init_react_envs.sh | ||
| RUN chmod +x /usr/local/init_cert.sh && rm /etc/crontabs/root | ||
| RUN chmod +x /usr/local/init_react_envs.sh | ||
| COPY docker/default.conf /etc/nginx/conf.d/default.conf | ||
|
|
||
| # Copy init script as an entrypoint hook (runs before nginx starts) | ||
| COPY docker/init_react_envs.sh /docker-entrypoint.d/40-init-react-envs.sh | ||
| RUN chmod +x /docker-entrypoint.d/40-init-react-envs.sh | ||
|
|
||
| # configure supervisor | ||
| COPY docker/supervisord.conf /etc/supervisord.conf | ||
| # copy build files | ||
| COPY out/ /usr/share/nginx/html/ | ||
| # Copy static build output | ||
| COPY out/ /usr/share/nginx/html/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| "use client"; | ||
|
|
||
| import Breadcrumbs from "@components/Breadcrumbs"; | ||
| import Paragraph from "@components/Paragraph"; | ||
| import SkeletonTable from "@components/skeletons/SkeletonTable"; | ||
| import { ShieldCheckIcon } from "lucide-react"; | ||
| import React, { lazy, Suspense } from "react"; | ||
| import PageContainer from "@/layouts/PageContainer"; | ||
|
|
||
| const DevicesTable = lazy( | ||
| () => import("@/modules/device-security/DevicesTable"), | ||
| ); | ||
|
|
||
| export default function DevicesPage() { | ||
| return ( | ||
| <PageContainer> | ||
| <div className={"p-default py-6"}> | ||
| <Breadcrumbs> | ||
| <Breadcrumbs.Item | ||
| href={"/device-security/devices"} | ||
| label={"Device Security"} | ||
| icon={<ShieldCheckIcon size={13} />} | ||
| /> | ||
| <Breadcrumbs.Item | ||
| href={"/device-security/devices"} | ||
| label={"Devices"} | ||
| active | ||
| /> | ||
| </Breadcrumbs> | ||
| <h1>Device Certificates</h1> | ||
| <Paragraph> | ||
| Certificates issued to devices in your network. Renew or revoke | ||
| certificates to control device access. | ||
| </Paragraph> | ||
| </div> | ||
| <Suspense fallback={<SkeletonTable />}> | ||
| <DevicesTable /> | ||
| </Suspense> | ||
| </PageContainer> | ||
| ); | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| "use client"; | ||
|
|
||
| import Breadcrumbs from "@components/Breadcrumbs"; | ||
| import Paragraph from "@components/Paragraph"; | ||
| import SkeletonTable from "@components/skeletons/SkeletonTable"; | ||
| import { ShieldCheckIcon } from "lucide-react"; | ||
| import React, { lazy, Suspense } from "react"; | ||
| import PageContainer from "@/layouts/PageContainer"; | ||
|
|
||
| const EnrollmentsTable = lazy( | ||
| () => import("@/modules/device-security/EnrollmentsTable"), | ||
| ); | ||
|
|
||
| export default function EnrollmentsPage() { | ||
| return ( | ||
| <PageContainer> | ||
| <div className="p-default py-6"> | ||
| <Breadcrumbs> | ||
| <Breadcrumbs.Item | ||
| href="/device-security/enrollments" | ||
| label="Device Security" | ||
| icon={<ShieldCheckIcon size={13} />} | ||
| /> | ||
| <Breadcrumbs.Item | ||
| href="/device-security/enrollments" | ||
| label="Enrollments" | ||
| active | ||
| /> | ||
| </Breadcrumbs> | ||
| <h1>Device Enrollments</h1> | ||
| <Paragraph> | ||
| Review and manage device enrollment requests. Approve or reject | ||
| pending requests to control which devices can connect to your | ||
| network. | ||
| </Paragraph> | ||
| </div> | ||
| <Suspense fallback={<SkeletonTable />}> | ||
| <EnrollmentsTable /> | ||
| </Suspense> | ||
| </PageContainer> | ||
| ); | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| import InventoryPage from "@/modules/device-security/InventoryPage"; | ||
| export default InventoryPage; |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Breadcrumb hierarchy is duplicated; parent and current item point to the same URL.
Line 20 and Line 25 both target
/device-security/devices, so users can’t navigate “up” from the first crumb.🧭 Suggested fix
📝 Committable suggestion
🤖 Prompt for AI Agents