Merge branch 'feature/domain-activity-events' into test/proxy-fixes

2026-04-16 07:16:38 +00:00 · 2026-03-09 17:23:54 +01:00
parent 14b0e9462b 7c3532d8e5
commit 2df3fb959b
5 changed files with 43 additions and 8 deletions
--- a/management/internals/modules/reverseproxy/domain/domain.go
+++ b/management/internals/modules/reverseproxy/domain/domain.go
@@ -15,3 +15,12 @@ type Domain struct {
 	Type          Type   `gorm:"-"`
 	Validated     bool
 }
+
+// EventMeta returns activity event metadata for a domain
+func (d *Domain) EventMeta() map[string]any {
+	return map[string]any{
+		"domain":         d.Domain,
+		"target_cluster": d.TargetCluster,
+		"validated":      d.Validated,
+	}
+}
--- a/management/internals/modules/reverseproxy/domain/manager/manager.go
+++ b/management/internals/modules/reverseproxy/domain/manager/manager.go
@@ -9,6 +9,8 @@ import (
 	log "github.com/sirupsen/logrus"

 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/domain"
+	"github.com/netbirdio/netbird/management/server/account"
+	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/permissions"
 	"github.com/netbirdio/netbird/management/server/permissions/modules"
 	"github.com/netbirdio/netbird/management/server/permissions/operations"
@@ -36,16 +38,16 @@ type Manager struct {
 	validator          domain.Validator
 	proxyManager       proxyManager
 	permissionsManager permissions.Manager
+	accountManager     account.Manager
 }

-func NewManager(store store, proxyMgr proxyManager, permissionsManager permissions.Manager) Manager {
+func NewManager(store store, proxyMgr proxyManager, permissionsManager permissions.Manager, accountManager account.Manager) Manager {
 	return Manager{
-		store:        store,
-		proxyManager: proxyMgr,
-		validator: domain.Validator{
-			Resolver: net.DefaultResolver,
-		},
+		store:              store,
+		proxyManager:       proxyMgr,
+		validator:          domain.Validator{Resolver: net.DefaultResolver},
 		permissionsManager: permissionsManager,
+		accountManager:     accountManager,
 	}
 }

@@ -136,6 +138,9 @@ func (m Manager) CreateDomain(ctx context.Context, accountID, userID, domainName
 	if err != nil {
 		return d, fmt.Errorf("create domain in store: %w", err)
 	}
+
+	m.accountManager.StoreEvent(ctx, userID, d.ID, accountID, activity.DomainAdded, d.EventMeta())
+
 	return d, nil
 }

@@ -148,10 +153,18 @@ func (m Manager) DeleteDomain(ctx context.Context, accountID, userID, domainID s
 		return status.NewPermissionDeniedError()
 	}

+	d, err := m.store.GetCustomDomain(ctx, accountID, domainID)
+	if err != nil {
+		return fmt.Errorf("get domain from store: %w", err)
+	}
+
 	if err := m.store.DeleteCustomDomain(ctx, accountID, domainID); err != nil {
 		// TODO: check for "no records" type error. Because that is a success condition.
 		return fmt.Errorf("delete domain from store: %w", err)
 	}
+
+	m.accountManager.StoreEvent(ctx, userID, domainID, accountID, activity.DomainDeleted, d.EventMeta())
+
 	return nil
 }

@@ -218,6 +231,8 @@ func (m Manager) ValidateDomain(ctx context.Context, accountID, userID, domainID
 			}).WithError(err).Error("update custom domain in store")
 			return
 		}
+
+		m.accountManager.StoreEvent(context.Background(), userID, domainID, accountID, activity.DomainValidated, d.EventMeta())
 	} else {
 		log.WithFields(log.Fields{
 			"accountID":     accountID,
--- a/management/internals/server/modules.go
+++ b/management/internals/server/modules.go
@@ -210,7 +210,7 @@ func (s *BaseServer) ProxyManager() proxy.Manager {

 func (s *BaseServer) ReverseProxyDomainManager() *manager.Manager {
 	return Create(s, func() *manager.Manager {
-		m := manager.NewManager(s.Store(), s.ProxyManager(), s.PermissionsManager())
+		m := manager.NewManager(s.Store(), s.ProxyManager(), s.PermissionsManager(), s.AccountManager())
 		return &m
 	})
 }
--- a/management/server/activity/codes.go
+++ b/management/server/activity/codes.go
@@ -220,6 +220,13 @@ const (
 	// AccountPeerExposeDisabled indicates that a user disabled peer expose for the account
 	AccountPeerExposeDisabled Activity = 115

+	// DomainAdded indicates that a user added a custom domain
+	DomainAdded Activity = 116
+	// DomainDeleted indicates that a user deleted a custom domain
+	DomainDeleted Activity = 117
+	// DomainValidated indicates that a custom domain was validated
+	DomainValidated Activity = 118
+
 	AccountDeleted Activity = 99999
 )

@@ -364,6 +371,10 @@ var activityMap = map[Activity]Code{

 	AccountPeerExposeEnabled:  {"Account peer expose enabled", "account.setting.peer.expose.enable"},
 	AccountPeerExposeDisabled: {"Account peer expose disabled", "account.setting.peer.expose.disable"},
+
+	DomainAdded:     {"Domain added", "domain.add"},
+	DomainDeleted:   {"Domain deleted", "domain.delete"},
+	DomainValidated: {"Domain validated", "domain.validate"},
 }

 // StringCode returns a string code of the activity
--- a/management/server/http/testing/testing_tools/channel/channel.go
+++ b/management/server/http/testing/testing_tools/channel/channel.go
@@ -108,7 +108,7 @@ func BuildApiBlackBoxWithDBState(t testing_tools.TB, sqlFile string, expectedPee
 		t.Fatalf("Failed to create proxy manager: %v", err)
 	}
 	proxyServiceServer := nbgrpc.NewProxyServiceServer(accessLogsManager, proxyTokenStore, pkceverifierStore, nbgrpc.ProxyOIDCConfig{}, peersManager, userManager, proxyMgr)
-	domainManager := manager.NewManager(store, proxyMgr, permissionsManager)
+	domainManager := manager.NewManager(store, proxyMgr, permissionsManager, am)
 	serviceProxyController, err := proxymanager.NewGRPCController(proxyServiceServer, noopMeter)
 	if err != nil {
 		t.Fatalf("Failed to create proxy controller: %v", err)