[client] Include MTU and SSH auth config in debug bundle

[lixmal]

Describe your changes

Include MTU, DisableSSHAuth, and SSHJWTCacheTTL in the debug bundle's config.txt. They were settable via CLI/SetConfig but never dumped, so they were invisible when triaging from a bundle.

• Render the missing fields in addCommonConfigFields
• Add a reflection-based test that walks profilemanager.Config and fails if a new field is added without either rendering it or marking it excluded (sensitive keys, parsed cert pair)

Issue ticket number and link

Stack

Checklist

• Is it a bug fix
• Is a typo/documentation fix
• Is a feature enhancement
• It is a refactor
• Created tests that fail without the change (if possible)

By submitting this pull request, you confirm that you have read and agree to the terms of the Contributor License Agreement.

Documentation

Select exactly one:

• I added/updated documentation for this change
• Documentation is not needed for this change (explain why)

Internal debug-bundle contents, no user-facing surface.

Docs PR URL (required if "docs added" is checked)

Paste the PR link from https://github.com/netbirdio/docs here:

https://github.com/netbirdio/docs/pull/__

Summary by CodeRabbit

• New Features

  • Expanded debug configuration output to include additional client configuration fields: SSH authentication settings, JWT cache time-to-live values, and MTU information for improved visibility into client configuration.

• Tests

  • Added comprehensive test coverage to verify all configuration fields are properly included in debug bundles across both standard and anonymized output modes.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request extends the debug bundle configuration output to include two SSH-related fields (DisableSSHAuth, SSHJWTCacheTTL) and network MTU value, and adds comprehensive test coverage using reflection to verify all non-excluded configuration fields are rendered in the debug output.

Changes

Debug Bundle Configuration Expansion

Layer / File(s)	Summary
Core Configuration Fields client/internal/debug/debug.go	addCommonConfigFields appends DisableSSHAuth, SSHJWTCacheTTL (when non-nil), and MTU value to the debug bundle config output.
Test Coverage & Validation client/internal/debug/debug_test.go	Added TestAddConfig_AllFieldsCovered using reflection to verify all non-excluded fields from profilemanager.Config appear in rendered output for both anonymized and non-anonymized modes. Added helper functions renderAddConfigSpecific and newAnonymizerForTest to support multi-mode coverage testing. Updated imports to include net/url, reflect, time, and domain packages.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested reviewers

• pappz

Poem

🐰 A config bundle, once sparse and lean,
Now captures secrets rarely seen—
SSH keys and networks bright,
All verified by tests so tight!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding MTU and SSH authentication configuration fields to the debug bundle output.
Description check	✅ Passed	The description follows the template structure, explains the changes clearly, marks appropriate checklist items, and addresses documentation requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/debug-bundle-config-flags

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

🧹 Nitpick comments (1)

client/internal/debug/debug_test.go (1)

838-841: ⚡ Quick win

Avoid test-side duplication of addConfig rendering logic.

Line 867 introduces a parallel renderer (renderAddConfigSpecific) that can drift from addConfig() and hide regressions. Prefer rendering config.txt by calling addConfig() and asserting against the produced archive content.

♻️ Proposed refactor

-			var sb strings.Builder
-			g.addCommonConfigFields(&sb)
-			rendered := sb.String() + renderAddConfigSpecific(g)
+			rendered := renderConfigTxtViaAddConfig(t, g)
@@
-func renderAddConfigSpecific(g *BundleGenerator) string {
-	var sb strings.Builder
-	if g.anonymize {
-		if g.internalConfig.ManagementURL != nil {
-			sb.WriteString("ManagementURL: " + g.anonymizer.AnonymizeURI(g.internalConfig.ManagementURL.String()) + "\n")
-		}
-		if g.internalConfig.AdminURL != nil {
-			sb.WriteString("AdminURL: " + g.anonymizer.AnonymizeURI(g.internalConfig.AdminURL.String()) + "\n")
-		}
-		sb.WriteString("NATExternalIPs: x\n")
-		if g.internalConfig.CustomDNSAddress != "" {
-			sb.WriteString("CustomDNSAddress: " + g.anonymizer.AnonymizeString(g.internalConfig.CustomDNSAddress) + "\n")
-		}
-	} else {
-		if g.internalConfig.ManagementURL != nil {
-			sb.WriteString("ManagementURL: " + g.internalConfig.ManagementURL.String() + "\n")
-		}
-		if g.internalConfig.AdminURL != nil {
-			sb.WriteString("AdminURL: " + g.internalConfig.AdminURL.String() + "\n")
-		}
-		sb.WriteString("NATExternalIPs: x\n")
-		if g.internalConfig.CustomDNSAddress != "" {
-			sb.WriteString("CustomDNSAddress: " + g.internalConfig.CustomDNSAddress + "\n")
-		}
-	}
-	return sb.String()
-}
+func renderConfigTxtViaAddConfig(t *testing.T, g *BundleGenerator) string {
+	t.Helper()
+
+	var buf bytes.Buffer
+	zw := zip.NewWriter(&buf)
+	g.archive = zw
+	require.NoError(t, g.addConfig())
+	require.NoError(t, zw.Close())
+
+	zr, err := zip.NewReader(bytes.NewReader(buf.Bytes()), int64(buf.Len()))
+	require.NoError(t, err)
+	for _, f := range zr.File {
+		if f.Name != "config.txt" {
+			continue
+		}
+		rc, err := f.Open()
+		require.NoError(t, err)
+		defer rc.Close()
+		b, err := io.ReadAll(rc)
+		require.NoError(t, err)
+		return string(b)
+	}
+	t.Fatal("config.txt not found in archive")
+	return ""
+}

Also applies to: 867-893

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@client/internal/debug/debug_test.go` around lines 838 - 841, The test
duplicates addConfig rendering via renderAddConfigSpecific; instead, call the
real addConfig() path and assert the produced archive content to avoid drift:
remove or stop using renderAddConfigSpecific and have the test invoke addConfig
(or the public function that writes config.txt) after addCommonConfigFields (or
pass the same inputs used by addConfig), then read the produced config.txt from
the generated archive and assert equality against the expected string; update
tests referencing renderAddConfigSpecific (and any helper that builds rendered)
to use addConfig/addCommonConfigFields and archive inspection so the test
exercises the real implementation.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@client/internal/debug/debug_test.go`:
- Around line 838-841: The test duplicates addConfig rendering via
renderAddConfigSpecific; instead, call the real addConfig() path and assert the
produced archive content to avoid drift: remove or stop using
renderAddConfigSpecific and have the test invoke addConfig (or the public
function that writes config.txt) after addCommonConfigFields (or pass the same
inputs used by addConfig), then read the produced config.txt from the generated
archive and assert equality against the expected string; update tests
referencing renderAddConfigSpecific (and any helper that builds rendered) to use
addConfig/addCommonConfigFields and archive inspection so the test exercises the
real implementation.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4e95271a-8f59-4365-845c-3714c8857cc7

📥 Commits

Reviewing files that changed from the base of the PR and between 97db824 and 6cb25de.

📒 Files selected for processing (2)

• client/internal/debug/debug.go
• client/internal/debug/debug_test.go

[github-actions]

Release artifacts

Built for PR head 6cb25de in workflow run #14876.

Artifact	Link
All release artifacts	Download
Linux packages	Download
Windows packages	Download
macOS packages	Download
UI artifacts	Download
UI macOS artifacts	Download

GHCR images (amd64)

• ghcr.io/netbirdio/management:pr-6071
• ghcr.io/netbirdio/netbird-server:pr-6071
• ghcr.io/netbirdio/netbird:pr-6071
• ghcr.io/netbirdio/relay:pr-6071
• ghcr.io/netbirdio/reverse-proxy:pr-6071
• ghcr.io/netbirdio/signal:pr-6071
• ghcr.io/netbirdio/upload:pr-6071

This comment is updated by the Release workflow. Artifact links expire according to the workflow retention policy.