[management] Add static connectors to combined server

[jnfrati]

Describe your changes

With the release of #5586 we now allow users to setup static connectors through management.json, which allows them to provision OIDC entries directly through config, this PR introduces the same capability for the combined server.

Example config.yaml:

server:
  listenAddress: ":80"
  exposedAddress: "https://example.com:443"
  stunPorts:
    - 3478
  metricsPort: 9090
  healthcheckAddress: ":9000"
  logLevel: "info"
  logFile: "console"

  authSecret: "secret"
  dataDir: "/var/lib/netbird"

  auth:
    localAuthDisabled: true
    issuer: "https://example.com/oauth2"
    signKeyRefreshEnabled: true
    dashboardRedirectURIs:
      - "https://example.com/nb-auth"
      - "https://example.com/nb-silent-auth"
    cliRedirectURIs:
      - "http://localhost:53000/"
    staticConnectors:
      - type: keycloak
        name: keycloak
        id: keycloak
        config:
          issuer: "https://keycloak.domain.com/realms/netbird"
          clientID: clientId
          clientSecret: secret
          redirectURI: https://example.com/oauth2/callback


      - type: authentik
        name: authentik
        id: authentik
        config:
          issuer: https://authentik.domain.com/application/o/netbird/
          clientID: clientId
          clientSecret: secret
          redirectURI: https://example.com/oauth2/callback

  reverseProxy:
    trustedHTTPProxies:
      - "172.30.0.10/32"

  store:
    engine: "sqlite"
    encryptionKey: secretKey

Caveats

• config.yaml parameters will override any "dashboard" change if the management server restarts
• first user to log-in is the owner, no way to change this programatically

Checklist

• Is it a bug fix
• Is a typo/documentation fix
• Is a feature enhancement
• It is a refactor
• Created tests that fail without the change (if possible)

By submitting this pull request, you confirm that you have read and agree to the terms of the Contributor License Agreement.

Documentation

Select exactly one:

• I added/updated documentation for this change
• Documentation is not needed for this change (explain why)

Docs PR URL (required if "docs added" is checked)

Paste the PR link from https://github.com/netbirdio/docs here:

https://github.com/netbirdio/docs/pull/__

Summary by CodeRabbit

• New Features

  • Added support for configuring static connectors in authentication settings.

• Refactor

  • Updated internal data type definitions for improved code maintainability.

[coderabbitai]

📝 Walkthrough

Walkthrough

This change introduces support for static Dex connectors in the authentication configuration system. A new StaticConnectors field is added to the authentication config, allowing static connector definitions to be passed through to the embedded IdP. Additionally, the Dex connector configuration type is modernized from map[string]interface{} to map[string]any.

Changes

Cohort / File(s)	Summary
Authentication Configuration combined/cmd/config.go	Added StaticConnectors []dex.Connector field to AuthConfig and extended buildEmbeddedIdPConfig to populate StaticConnectors in the embedded IdP configuration.
Dex Connector Type Modernization idp/dex/config.go	Updated Connector struct field Config from map[string]interface{} to map[string]any.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• Local user password change (embedded IdP) #5132: Introduces or modifies Dex static connector functionality at the type and configuration level.

Suggested reviewers

• bcmmbaga

Poem

🐰 Static connectors, now configurable and bright,
Through IdP they flow, structured just right,
any replaces interface{} with grace,
NetBird's auth takes a modernized place! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding support for static connectors in the combined server configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description includes all required template sections: detailed change description with example config, feature enhancement checkbox, CLA confirmation, and documentation claim.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/static-connectors-combined-server

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud