CARL -> delete netbird default policy at startup

opendut-carl/src/startup/grpc.rs

@@ -27,7 +27,7 @@ impl GrpcFacades {
         settings: &Config,
     ) -> anyhow::Result<Self> {
 
-        let vpn = vpn::create(settings)
+        let vpn = vpn::create(settings).await
             .context("Error while parsing VPN configuration.")?;
 
         let resources_manager = {

opendut-carl/src/vpn/mod.rs

@@ -16,7 +16,7 @@ pub enum Vpn {
     Disabled,
 }
 
-pub fn create(settings: &Config) -> anyhow::Result<Vpn> {
+pub async fn create(settings: &Config) -> anyhow::Result<Vpn> {
 
     let vpn = settings.get::<bool>("vpn.enabled")?;
 
@@ -57,7 +57,7 @@ pub fn create(settings: &Config) -> anyhow::Result<Vpn> {
                     .ok_or_else(|| anyhow!("No configuration found for: vpn.netbird.setup.key.expiration.ms"))?;
 
                 debug!("Try to parse VPN configuration.");
-                let vpn_client = NetbirdManagementClient::create(
+                let vpn_client = NetbirdManagementClient::create_client_and_delete_default_policy(
                     NetbirdManagementClientConfiguration {
                         management_url: base_url,
                         authentication_token: Some(auth_token),
@@ -66,7 +66,7 @@ pub fn create(settings: &Config) -> anyhow::Result<Vpn> {
                         retries,
                         setup_key_expiration: Duration::from_millis(setup_key_expiration_ms),
                     }
-                )?;
+                ).await?;
                 Ok(Vpn::Enabled { vpn_client: Arc::new(vpn_client) })
             }
             "" => unknown_enum_variant(settings, vpn_kind_key),

opendut-vpn/opendut-vpn-netbird/Cargo.toml

@@ -28,6 +28,7 @@ uuid = { workspace = true, features = ["serde"] }
 googletest = { workspace = true }
 mockall = { workspace = true }
 rstest = { workspace = true }
+test-log = { workspace = true }
 test-with = { workspace = true }
 
 [lints]

opendut-vpn/opendut-vpn-netbird/src/client/integration_tests.rs

@@ -15,7 +15,7 @@ use crate::{netbird, NetbirdManagementClient, NetbirdManagementClientConfigurati
 use crate::client::{Client, DefaultClient};
 
 #[test_with::env(NETBIRD_INTEGRATION_API_TOKEN)]
-#[tokio::test]
+#[test_log::test(tokio::test)]
 async fn test_netbird_management_client() {
     /*
      * Designated to be run in the opendut-vm, requires netbird management service to be running.
@@ -26,7 +26,7 @@ async fn test_netbird_management_client() {
      */
     let Fixture { management_url, authentication_token, ca, timeout, retries, setup_key_expiration } = Fixture::default();
 
-    let netbird_management_client = NetbirdManagementClient::create(
+    let netbird_management_client = NetbirdManagementClient::create_client_and_delete_default_policy(
         NetbirdManagementClientConfiguration {
             management_url: management_url,
             authentication_token: Some(authentication_token),
@@ -35,7 +35,7 @@ async fn test_netbird_management_client() {
             retries,
             setup_key_expiration,
         }
-    ).expect("Netbird management client could not be created!");
+    ).await.expect("Netbird management client could not be created!");
 
     let peer_id = PeerId::random();
     netbird_management_client.create_peer(peer_id).await.expect("Could not create NetBird peer");

opendut-vpn/opendut-vpn-netbird/src/lib.rs

@@ -16,7 +16,7 @@ use opendut_vpn::{CreateClusterError, CreatePeerError, CreateVpnPeerConfiguratio
 
 use crate::client::{Client, DefaultClient};
 use crate::netbird::error::{CreateClientError, CreateSetupKeyError, GetGroupError, GetPoliciesError, RequestError};
-use crate::netbird::GroupName;
+use crate::netbird::{GroupName, PolicyName};
 
 mod client;
 mod routes;
@@ -40,7 +40,15 @@ pub struct NetbirdManagementClient {
 
 impl NetbirdManagementClient {
 
-    pub fn create(configuration: NetbirdManagementClientConfiguration) -> Result<Self, CreateClientError> {
+
+    pub async fn create_client_and_delete_default_policy(configuration: NetbirdManagementClientConfiguration) -> Result<Self, CreateClientError> {
+        let client = NetbirdManagementClient::create(configuration)?;
+        client.delete_default_policy_if_exists().await
+            .map_err(CreateClientError::DeleteDefaultPolicy)?;
+        Ok(client)
+    }
+
+    fn create(configuration: NetbirdManagementClientConfiguration) -> Result<Self, CreateClientError> {
         let management_url = configuration.management_url;
         let management_ca_path = configuration.ca
             .ok_or_else(|| CreateClientError::InstantiationFailure { cause: String::from("No ca certificate provided.") })?;
@@ -66,6 +74,22 @@ impl NetbirdManagementClient {
             inner,
         })
     }
+
+    /// NetBird has a default policy in place that allows connections between all peers.
+    /// We want to control when this happens therefore this policy is not desirable for us.
+    async fn delete_default_policy_if_exists(&self) -> Result<(), RequestError> {
+        let default_policy_name = PolicyName::Other(String::from("Default"));
+        let policy_result = self.inner.get_netbird_policy(&default_policy_name).await;
+        match policy_result {
+            Ok(policy) => {
+                self.inner.delete_netbird_policy(&policy.id).await?;
+            }
+            Err(_) => {
+                trace!("NetBird default policy not found. Skipping deletion of NetBird default policy.")
+            }
+        }
+        Ok(())
+    }
 }
 
 #[async_trait]

opendut-vpn/opendut-vpn-netbird/src/netbird/error.rs

@@ -67,4 +67,6 @@ pub enum CreateClientError {
     InstantiationFailure {
         cause: String
     },
+    #[error("Failed to delete default policy.")]
+    DeleteDefaultPolicy(#[source] RequestError),
 }