feat: Add DNS zones, identity providers, instance, and jobs commands#57
feat: Add DNS zones, identity providers, instance, and jobs commands#57
Conversation
Add support for four new NetBird API resource types: - DNS Zones: Full CRUD operations for DNS zones and records - Identity Providers: Manage OIDC/OAuth identity providers - Instance: Query instance information (no auth required) - Jobs: Monitor and manage background jobs Enhanced existing commands: - Accounts: Additional account management operations - Peers: Extended peer query and management capabilities - Users: Additional user management operations Documentation: - Added comprehensive docs for all new commands - Updated API reference with new endpoints - Updated README with new command examples This completes additional API coverage beyond the initial 14 resource types. Co-authored-by: Cursor <cursoragent@cursor.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| Permissions UserPermissions `json:"permissions"` | ||
| ID string `json:"id"` | ||
| Email string `json:"email"` | ||
| Password string `json:"password,omitempty"` |
There was a problem hiding this comment.
User model Password field may leak in JSON output
Medium Severity
The User response model now includes a Password field with json:"password,omitempty". When user --list --output json or user --me --output json is used, the full User struct is marshaled via json.MarshalIndent. If the API ever returns a password field in its response (e.g., for embedded IdP users), it would be silently included in the CLI's JSON output. The Password field belongs only in request models like UserPasswordChangeRequest, not in the response deserialization model.
Additional Locations (1)
| if account.Settings.Extra == nil { | ||
| account.Settings.Extra = &models.AccountSettingsExtra{} | ||
| } | ||
| account.Settings.Extra.PeerApprovalEnabled = enabled |
There was a problem hiding this comment.
Account update may reset Extra fields to zero values
Medium Severity
When --peer-approval-enabled or --traffic-logging is set on an account where Extra is nil in the API response, a new empty AccountSettingsExtra{} is created with only the one targeted field set. The entire Extra object — including UserApprovalRequired, NetworkTrafficLogsGroups, and NetworkTrafficPacketCounterEnabled — is then sent in the PUT request with zero values, potentially resetting server-side defaults or previously configured values that the GET response simply omitted.
Additional Locations (1)
1 participant
Add support for four new NetBird API resource types:
Enhanced existing commands:
Documentation:
This completes additional API coverage beyond the initial 14 resource types.
Testing:
go build ./cmd/netbird-managecompiles cleanlygo vet ./...passes with no issuesnetbird-manage peer --listshows new DNS Label and Country columnsnetbird-manage peer --inspect <id>shows new fields (connection IP, kernel, local flags, etc.)netbird-manage user --meshows new fields (is_current, pending_approval, etc.)netbird-manage account --list --output jsonreturns restructured settings with nestedextranetbird-manage user --approve <id>works correctlynetbird-manage user --reject <id>works correctlynetbird-manage user --change-password <id> --old-password <pw> --new-password <pw>worksnetbird-manage peer --temp-access <id> --temp-name test --wg-pub-key <key> --rules <ids>worksnetbird-manage dns-zone --listworksnetbird-manage dns-zone --create <name> --domain <domain> --groups <ids>worksnetbird-manage dns-zone --inspect <id>worksnetbird-manage dns-zone --delete <id>shows confirmation promptnetbird-manage dns-zone --add-record <zone-id> --name test --type A --content 10.0.0.1worksnetbird-manage dns-zone --list-records <zone-id>worksnetbird-manage dns-zone --delete-record --zone-id <id> --record-id <id>shows confirmationnetbird-manage idp --listworksnetbird-manage idp --create <name> --type oidc --issuer <url> --client-id <id> --client-secret <secret>worksnetbird-manage idp --inspect <id>worksnetbird-manage idp --delete <id>shows confirmation promptnetbird-manage instance --statusworks without authenticationnetbird-manage instance --setup --email <email> --password <pw> --name <name>worksnetbird-manage job --list <peer-id>worksnetbird-manage job --create <peer-id>worksnetbird-manage job --inspect --peer-id <id> --job-id <id>worksnetbird-manage --helplists all new commands--output jsonflags work for new commandsNote
Medium Risk
Adds multiple new management endpoints (including instance setup without auth) and broadens request/response models, which could impact API compatibility and operational safety if payload shapes or flags are incorrect.
Overview
Adds new CLI surface area for DNS zones/records (
dns-zone), identity provider CRUD (idp), instance status/setup without authentication (instance), and peer-scoped jobs/bundle collection (job), wiring them intomain.gorouting and--help/usage output.Extends existing commands and models:
peergains--temp-accessplus richer list/inspect fields;useradds approve/reject/password-change operations and prints additional fields;accountoutput/update handling is updated to match nestedsettings.extraand new settings/onboarding fields. The HTTP client now omits theAuthorizationheader when no token is set to support no-auth endpoints.Updates API/reference and docs (README + new
docs/*.mdpages andipa/*API guide/resources content) to reflect expanded coverage from 14 to 18 resource types.Written by Cursor Bugbot for commit 3a9b5e5. This will update automatically on new commits. Configure here.