Extend API with minx kernel version

netbirdio · Jan 19, 2024 · 90db83e · 90db83e
1 parent c0908a5
commit 90db83e
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 17 deletions.
diff --git a/management/server/http/api/openapi.yml b/management/server/http/api/openapi.yml
@@ -854,27 +854,36 @@ components:
           description: Minimum version of Android
           $ref: '#/components/schemas/CheckMinVersion'
         darwin:
-          description: Minimum version of Darwin
           $ref: '#/components/schemas/CheckMinVersion'
         ios:
           description: Minimum version of iOS
           $ref: '#/components/schemas/CheckMinVersion'
         linux:
           description: Minimum version of Linux
-          $ref: '#/components/schemas/CheckMinVersion'
+          $ref: '#/components/schemas/CheckMinKernelVersion'
         windows:
           description: Minimum version of Windows
-          $ref: '#/components/schemas/CheckMinVersion'
+          $ref: '#/components/schemas/CheckMinKernelVersion'
     CheckMinVersion:
       description: Posture check for the version of operating system
       type: object
       properties:
         min_version:
           description: Minimum acceptable version
           type: string
-          example: "23.2.0"
+          example: "14.3"
       required:
         - min_version
+    CheckMinKernelVersion:
+      description: Posture check for the version of kernel
+      type: object
+      properties:
+        min_kernel_version:
+          description: Minimum acceptable version
+          type: string
+          example: "6.6.12"
+      required:
+        - min_kernel_version
     PostureCheckUpdate:
       type: object
       properties:

diff --git a/management/server/http/api/types.gen.go b/management/server/http/api/types.gen.go
diff --git a/management/server/http/posture_checks_handler.go b/management/server/http/posture_checks_handler.go
@@ -190,8 +190,8 @@ func (p *PostureChecksHandler) savePostureChecks(
 			Android: (*posture.MinVersionCheck)(osVersionCheck.Android),
 			Darwin:  (*posture.MinVersionCheck)(osVersionCheck.Darwin),
 			Ios:     (*posture.MinVersionCheck)(osVersionCheck.Ios),
-			Linux:   (*posture.MinVersionCheck)(osVersionCheck.Linux),
-			Windows: (*posture.MinVersionCheck)(osVersionCheck.Windows),
+			Linux:   (*posture.MinKernelVersionCheck)(osVersionCheck.Linux),
+			Windows: (*posture.MinKernelVersionCheck)(osVersionCheck.Windows),
 		})
 	}
 
@@ -234,8 +234,8 @@ func toPostureChecksResponse(postureChecks *posture.Checks) *api.PostureCheck {
 				Android: (*api.CheckMinVersion)(osCheck.Android),
 				Darwin:  (*api.CheckMinVersion)(osCheck.Darwin),
 				Ios:     (*api.CheckMinVersion)(osCheck.Ios),
-				Linux:   (*api.CheckMinVersion)(osCheck.Linux),
-				Windows: (*api.CheckMinVersion)(osCheck.Windows),
+				Linux:   (*api.CheckMinKernelVersion)(osCheck.Linux),
+				Windows: (*api.CheckMinKernelVersion)(osCheck.Windows),
 			}
 		}
 	}

diff --git a/management/server/posture/os_version.go b/management/server/posture/os_version.go
@@ -11,12 +11,16 @@ type MinVersionCheck struct {
 	MinVersion string
 }
 
+type MinKernelVersionCheck struct {
+	MinKernelVersion string
+}
+
 type OSVersionCheck struct {
 	Android *MinVersionCheck
 	Darwin  *MinVersionCheck
 	Ios     *MinVersionCheck
-	Linux   *MinVersionCheck
-	Windows *MinVersionCheck
+	Linux   *MinKernelVersionCheck
+	Windows *MinKernelVersionCheck
 }
 
 var _ Check = (*OSVersionCheck)(nil)
@@ -31,9 +35,9 @@ func (c *OSVersionCheck) Check(peer nbpeer.Peer) error {
 	case "ios":
 		return checkMinVersion(peerGoOS, peer.Meta.Core, c.Ios)
 	case "linux":
-		return checkMinVersion(peerGoOS, peer.Meta.Core, c.Linux)
+		return checkMinKernelVersion(peerGoOS, peer.Meta.Core, c.Linux)
 	case "windows":
-		return checkMinVersion(peerGoOS, peer.Meta.Core, c.Windows)
+		return checkMinKernelVersion(peerGoOS, peer.Meta.Core, c.Windows)
 	}
 	return nil
 }
@@ -61,5 +65,27 @@ func checkMinVersion(peerGoOS, peerVersion string, check *MinVersionCheck) error
 		return nil
 	}
 
-	return fmt.Errorf("peer %s version %s is older than minimum allowed version %s", peerGoOS, peerVersion, check.MinVersion)
+	return fmt.Errorf("peer %s OS version %s is older than minimum allowed version %s", peerGoOS, peerVersion, check.MinVersion)
+}
+
+func checkMinKernelVersion(peerGoOS, peerVersion string, check *MinKernelVersionCheck) error {
+	if check == nil {
+		return nil
+	}
+
+	peerNBVersion, err := version.NewVersion(peerVersion)
+	if err != nil {
+		return err
+	}
+
+	constraints, err := version.NewConstraint(">= " + check.MinKernelVersion)
+	if err != nil {
+		return err
+	}
+
+	if constraints.Check(peerNBVersion) {
+		return nil
+	}
+
+	return fmt.Errorf("peer %s kernel version %s is older than minimum allowed version %s", peerGoOS, peerVersion, check.MinKernelVersion)
 }