From 54a39e332febd77a3e104eb270349661cfd1d45f Mon Sep 17 00:00:00 2001
From: Yury Gargay <yury.gargay@gmail.com>
Date: Wed, 17 Jan 2024 18:14:49 +0100
Subject: [PATCH] Add OSVersionCheck schema

---
 management/server/http/api/openapi.yml        | 44 ++++++++++++++-----
 management/server/http/api/types.gen.go       | 36 ++++++++++++---
 .../server/http/posture_checks_handler.go     | 21 ++++++++-
 management/server/posture/checks.go           |  8 +++-
 .../posture/{version.go => nb_version.go}     |  0
 .../{version_test.go => nb_version_test.go}   |  0
 management/server/posture/os_version.go       | 27 ++++++++++++
 7 files changed, 117 insertions(+), 19 deletions(-)
 rename management/server/posture/{version.go => nb_version.go} (100%)
 rename management/server/posture/{version_test.go => nb_version_test.go} (100%)
 create mode 100644 management/server/posture/os_version.go

diff --git a/management/server/http/api/openapi.yml b/management/server/http/api/openapi.yml
index e74e06919e0..555a49ee849 100644
--- a/management/server/http/api/openapi.yml
+++ b/management/server/http/api/openapi.yml
@@ -21,6 +21,8 @@ tags:
     description: Interact with and view information about rules.
   - name: Policies
     description: Interact with and view information about policies.
+  - name: Posture Checks
+    description: Interact with and view information about posture checks.
   - name: Routes
     description: Interact with and view information about routes.
   - name: DNS
@@ -838,14 +840,39 @@ components:
       properties:
         nb_version_check:
           $ref: '#/components/schemas/NBVersionCheck'
+        os_version_check:
+          $ref: '#/components/schemas/OSVersionCheck'
     NBVersionCheck:
       description: Posture check for the version of NetBird
       type: object
+      $ref: '#/components/schemas/CheckMinVersion'
+    OSVersionCheck:
+      description: Posture check for the version of operating system
+      type: object
+      properties:
+        android:
+          description: Minimum version of Android
+          $ref: '#/components/schemas/CheckMinVersion'
+        darwin:
+          description: Minimum version of Darwin
+          $ref: '#/components/schemas/CheckMinVersion'
+        ios:
+          description: Minimum version of iOS
+          $ref: '#/components/schemas/CheckMinVersion'
+        linux:
+          description: Minimum version of Linux
+          $ref: '#/components/schemas/CheckMinVersion'
+        windows:
+          description: Minimum version of Windows
+          $ref: '#/components/schemas/CheckMinVersion'
+    CheckMinVersion:
+      description: Posture check for the version of operating system
+      type: object
       properties:
         min_version:
-          description: Minimum acceptable NetBird version
+          description: Minimum acceptable version
           type: string
-          example: "0.25.0"
+          example: "23.2.0"
       required:
         - min_version
     PostureCheckUpdate:
@@ -2215,7 +2242,6 @@ paths:
           "$ref": "#/components/responses/forbidden"
         '500':
           "$ref": "#/components/responses/internal_error"
-
   /api/routes/{routeId}:
     get:
       summary: Retrieve a Route
@@ -2360,7 +2386,6 @@ paths:
           "$ref": "#/components/responses/forbidden"
         '500':
           "$ref": "#/components/responses/internal_error"
-
   /api/dns/nameservers/{nsgroupId}:
     get:
       summary: Retrieve a Nameserver Group
@@ -2452,7 +2477,6 @@ paths:
           "$ref": "#/components/responses/forbidden"
         '500':
           "$ref": "#/components/responses/internal_error"
-
   /api/dns/settings:
     get:
       summary: Retrieve DNS settings
@@ -2534,7 +2558,7 @@ paths:
     get:
       summary: List all Posture Checks
       description: Returns a list of all posture checks
-      tags: [ Posture Checks ]
+      tags: [ "Posture Checks" ]
       security:
         - BearerAuth: [ ]
         - TokenAuth: [ ]
@@ -2558,7 +2582,7 @@ paths:
     post:
       summary: Create a Posture Check
       description: Creates a posture check
-      tags: [ Posture Checks ]
+      tags: [ "Posture Checks" ]
       security:
         - BearerAuth: [ ]
         - TokenAuth: [ ]
@@ -2579,7 +2603,7 @@ paths:
     get:
       summary: Retrieve a Posture Check
       description: Get information about a posture check
-      tags: [ Posture Checks ]
+      tags: [ "Posture Checks" ]
       security:
         - BearerAuth: [ ]
         - TokenAuth: [ ]
@@ -2608,7 +2632,7 @@ paths:
     put:
       summary: Update a Posture Check
       description: Update/Replace a posture check
-      tags: [ Posture Checks ]
+      tags: [ "Posture Checks" ]
       security:
         - BearerAuth: [ ]
         - TokenAuth: [ ]
@@ -2643,7 +2667,7 @@ paths:
     delete:
       summary: Delete a Posture Check
       description: Delete a posture check
-      tags: [ Posture Checks ]
+      tags: [ "Posture Checks" ]
       security:
         - BearerAuth: [ ]
         - TokenAuth: [ ]
diff --git a/management/server/http/api/types.gen.go b/management/server/http/api/types.gen.go
index b6291c9f245..3e8e0c1bc3e 100644
--- a/management/server/http/api/types.gen.go
+++ b/management/server/http/api/types.gen.go
@@ -176,10 +176,19 @@ type AccountSettings struct {
 	PeerLoginExpirationEnabled bool `json:"peer_login_expiration_enabled"`
 }
 
+// CheckMinVersion Posture check for the version of operating system
+type CheckMinVersion struct {
+	// MinVersion Minimum acceptable version
+	MinVersion string `json:"min_version"`
+}
+
 // Checks List of objects that perform the actual checks
 type Checks struct {
-	// NbVersionCheck Posture check for the version of NetBird
+	// NbVersionCheck Posture check for the version of operating system
 	NbVersionCheck *NBVersionCheck `json:"nb_version_check,omitempty"`
+
+	// OsVersionCheck Posture check for the version of operating system
+	OsVersionCheck *OSVersionCheck `json:"os_version_check,omitempty"`
 }
 
 // DNSSettings defines model for DNSSettings.
@@ -263,11 +272,8 @@ type GroupRequest struct {
 	Peers *[]string `json:"peers,omitempty"`
 }
 
-// NBVersionCheck Posture check for the version of NetBird
-type NBVersionCheck struct {
-	// MinVersion Minimum acceptable NetBird version
-	MinVersion string `json:"min_version"`
-}
+// NBVersionCheck Posture check for the version of operating system
+type NBVersionCheck = CheckMinVersion
 
 // Nameserver defines model for Nameserver.
 type Nameserver struct {
@@ -341,6 +347,24 @@ type NameserverGroupRequest struct {
 	SearchDomainsEnabled bool `json:"search_domains_enabled"`
 }
 
+// OSVersionCheck Posture check for the version of operating system
+type OSVersionCheck struct {
+	// Android Posture check for the version of operating system
+	Android *CheckMinVersion `json:"android,omitempty"`
+
+	// Darwin Posture check for the version of operating system
+	Darwin *CheckMinVersion `json:"darwin,omitempty"`
+
+	// Ios Posture check for the version of operating system
+	Ios *CheckMinVersion `json:"ios,omitempty"`
+
+	// Linux Posture check for the version of operating system
+	Linux *CheckMinVersion `json:"linux,omitempty"`
+
+	// Windows Posture check for the version of operating system
+	Windows *CheckMinVersion `json:"windows,omitempty"`
+}
+
 // Peer defines model for Peer.
 type Peer struct {
 	// AccessiblePeers List of accessible peers
diff --git a/management/server/http/posture_checks_handler.go b/management/server/http/posture_checks_handler.go
index e40f4a751ca..c1b1b163aeb 100644
--- a/management/server/http/posture_checks_handler.go
+++ b/management/server/http/posture_checks_handler.go
@@ -183,7 +183,16 @@ func (p *PostureChecksHandler) savePostureChecks(
 		postureChecks.Checks = append(postureChecks.Checks, &posture.NBVersionCheck{
 			MinVersion: nbVersionCheck.MinVersion,
 		})
+	}
 
+	if osVersionCheck := req.Checks.OsVersionCheck; osVersionCheck != nil {
+		postureChecks.Checks = append(postureChecks.Checks, &posture.OSVersionCheck{
+			Android: (*posture.MinVersionCheck)(osVersionCheck.Android),
+			Darwin:  (*posture.MinVersionCheck)(osVersionCheck.Darwin),
+			Ios:     (*posture.MinVersionCheck)(osVersionCheck.Ios),
+			Linux:   (*posture.MinVersionCheck)(osVersionCheck.Linux),
+			Windows: (*posture.MinVersionCheck)(osVersionCheck.Windows),
+		})
 	}
 
 	if err := p.accountManager.SavePostureChecks(account.Id, user.Id, &postureChecks); err != nil {
@@ -199,7 +208,7 @@ func validatePostureChecksUpdate(req api.PostureCheckUpdate) error {
 		return status.Errorf(status.InvalidArgument, "posture checks name shouldn't be empty")
 	}
 
-	if req.Checks == nil || req.Checks.NbVersionCheck == nil {
+	if req.Checks == nil || req.Checks.NbVersionCheck == nil || req.Checks.OsVersionCheck == nil {
 		return status.Errorf(status.InvalidArgument, "posture checks shouldn't be empty")
 	}
 
@@ -213,13 +222,21 @@ func validatePostureChecksUpdate(req api.PostureCheckUpdate) error {
 func toPostureChecksResponse(postureChecks *posture.Checks) *api.PostureCheck {
 	var checks api.Checks
 	for _, check := range postureChecks.Checks {
-		//nolint:gocritic
 		switch check.Name() {
 		case posture.NBVersionCheckName:
 			versionCheck := check.(*posture.NBVersionCheck)
 			checks.NbVersionCheck = &api.NBVersionCheck{
 				MinVersion: versionCheck.MinVersion,
 			}
+		case posture.OSVersionCheckName:
+			osCheck := check.(*posture.OSVersionCheck)
+			checks.OsVersionCheck = &api.OSVersionCheck{
+				Android: (*api.CheckMinVersion)(osCheck.Android),
+				Darwin:  (*api.CheckMinVersion)(osCheck.Darwin),
+				Ios:     (*api.CheckMinVersion)(osCheck.Ios),
+				Linux:   (*api.CheckMinVersion)(osCheck.Linux),
+				Windows: (*api.CheckMinVersion)(osCheck.Windows),
+			}
 		}
 	}
 
diff --git a/management/server/posture/checks.go b/management/server/posture/checks.go
index a585836d16b..7e86ad84c59 100644
--- a/management/server/posture/checks.go
+++ b/management/server/posture/checks.go
@@ -8,6 +8,7 @@ import (
 
 const (
 	NBVersionCheckName = "NBVersionCheck"
+	OSVersionCheckName = "OSVersionCheck"
 )
 
 // Check represents an interface for performing a check on a peer.
@@ -103,7 +104,6 @@ func (pc *Checks) unmarshalChecks(rawChecks map[string]json.RawMessage) error {
 	pc.Checks = make([]Check, 0, len(rawChecks))
 
 	for name, rawCheck := range rawChecks {
-		//nolint:gocritic
 		switch name {
 		case NBVersionCheckName:
 			check := &NBVersionCheck{}
@@ -111,6 +111,12 @@ func (pc *Checks) unmarshalChecks(rawChecks map[string]json.RawMessage) error {
 				return err
 			}
 			pc.Checks = append(pc.Checks, check)
+		case OSVersionCheckName:
+			check := &OSVersionCheck{}
+			if err := json.Unmarshal(rawCheck, check); err != nil {
+				return err
+			}
+			pc.Checks = append(pc.Checks, check)
 		}
 	}
 	return nil
diff --git a/management/server/posture/version.go b/management/server/posture/nb_version.go
similarity index 100%
rename from management/server/posture/version.go
rename to management/server/posture/nb_version.go
diff --git a/management/server/posture/version_test.go b/management/server/posture/nb_version_test.go
similarity index 100%
rename from management/server/posture/version_test.go
rename to management/server/posture/nb_version_test.go
diff --git a/management/server/posture/os_version.go b/management/server/posture/os_version.go
new file mode 100644
index 00000000000..1835a77abe2
--- /dev/null
+++ b/management/server/posture/os_version.go
@@ -0,0 +1,27 @@
+package posture
+
+import (
+	nbpeer "github.com/netbirdio/netbird/management/server/peer"
+)
+
+type MinVersionCheck struct {
+	MinVersion string
+}
+
+type OSVersionCheck struct {
+	Android *MinVersionCheck
+	Darwin  *MinVersionCheck
+	Ios     *MinVersionCheck
+	Linux   *MinVersionCheck
+	Windows *MinVersionCheck
+}
+
+var _ Check = (*OSVersionCheck)(nil)
+
+func (n *OSVersionCheck) Check(peer nbpeer.Peer) error {
+	return nil
+}
+
+func (n *OSVersionCheck) Name() string {
+	return OSVersionCheckName
+}