diff --git a/management/server/account.go b/management/server/account.go index 27c21e402..b6daf7297 100644 --- a/management/server/account.go +++ b/management/server/account.go @@ -1726,6 +1726,7 @@ func (am *DefaultAccountManager) GetAccountFromToken(ctx context.Context, claims log.WithContext(ctx).Errorf("failed to save account: %v", err) } else { log.WithContext(ctx).Tracef("user %s: JWT group membership changed, updating account peers", claims.UserId) + // todo: optimize this as part of the group optimizations am.updateAccountPeers(ctx, account) unlock() alreadyUnlocked = true diff --git a/management/server/dns.go b/management/server/dns.go index 8a889df3f..0d6e61425 100644 --- a/management/server/dns.go +++ b/management/server/dns.go @@ -108,6 +108,7 @@ func (am *DefaultAccountManager) SaveDNSSettings(ctx context.Context, accountID am.StoreEvent(ctx, userID, accountID, accountID, activity.GroupRemovedFromDisabledManagementGroups, meta) } + // todo: check if before/after groups are in use by dns, acl, routes and if it has peers am.updateAccountPeers(ctx, account) return nil diff --git a/management/server/group.go b/management/server/group.go index ea512924b..8738dca75 100644 --- a/management/server/group.go +++ b/management/server/group.go @@ -155,6 +155,7 @@ func (am *DefaultAccountManager) SaveGroup(ctx context.Context, accountID, userI return err } + // todo: check if groups is in use by dns, acl, routes and before/after peers am.updateAccountPeers(ctx, account) // the following snippet tracks the activity and stores the group events in the event store. @@ -322,6 +323,7 @@ func (am *DefaultAccountManager) DeleteGroup(ctx context.Context, accountId, use am.StoreEvent(ctx, userId, groupID, accountId, activity.GroupDeleted, g.EventMeta()) + // todo: check if groups is in use by dns, acl, routes and if it has peers am.updateAccountPeers(ctx, account) return nil @@ -376,6 +378,7 @@ func (am *DefaultAccountManager) GroupAddPeer(ctx context.Context, accountID, gr return err } + // todo: check if groups is in use by dns, acl, routes am.updateAccountPeers(ctx, account) return nil @@ -406,6 +409,7 @@ func (am *DefaultAccountManager) GroupDeletePeer(ctx context.Context, accountID, } } + // todo: check if groups is in use by dns, acl, routes am.updateAccountPeers(ctx, account) return nil diff --git a/management/server/nameserver.go b/management/server/nameserver.go index f8d644ded..34726ffc4 100644 --- a/management/server/nameserver.go +++ b/management/server/nameserver.go @@ -85,6 +85,7 @@ func (am *DefaultAccountManager) CreateNameServerGroup(ctx context.Context, acco return nil, err } + // todo: check distribution groups if they have any peers am.updateAccountPeers(ctx, account) am.StoreEvent(ctx, userID, newNSGroup.ID, accountID, activity.NameserverGroupCreated, newNSGroup.EventMeta()) @@ -120,6 +121,7 @@ func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accoun return err } + // todo: check before and after distribution groups if they have any peers am.updateAccountPeers(ctx, account) am.StoreEvent(ctx, userID, nsGroupToSave.ID, accountID, activity.NameserverGroupUpdated, nsGroupToSave.EventMeta()) @@ -150,6 +152,7 @@ func (am *DefaultAccountManager) DeleteNameServerGroup(ctx context.Context, acco return err } + // todo: check distribution groups if they have any peers am.updateAccountPeers(ctx, account) am.StoreEvent(ctx, userID, nsGroup.ID, accountID, activity.NameserverGroupDeleted, nsGroup.EventMeta()) diff --git a/management/server/peer.go b/management/server/peer.go index b8605fbb7..829c433b9 100644 --- a/management/server/peer.go +++ b/management/server/peer.go @@ -7,10 +7,11 @@ import ( "strings" "time" - "github.com/netbirdio/netbird/management/server/posture" "github.com/rs/xid" log "github.com/sirupsen/logrus" + "github.com/netbirdio/netbird/management/server/posture" + "github.com/netbirdio/netbird/management/proto" "github.com/netbirdio/netbird/management/server/activity" nbpeer "github.com/netbirdio/netbird/management/server/peer" @@ -217,6 +218,7 @@ func (am *DefaultAccountManager) UpdatePeer(ctx context.Context, accountID, user return nil, err } + // todo: don't call it if peer is not expired and Peer.LoginExpirationEnabled was set to false am.updateAccountPeers(ctx, account) return peer, nil @@ -289,6 +291,7 @@ func (am *DefaultAccountManager) DeletePeer(ctx context.Context, accountID, peer return err } + // todo: evaluate if peer was part of a group that has is used in a active dns, route, acl am.updateAccountPeers(ctx, account) return nil @@ -509,6 +512,7 @@ func (am *DefaultAccountManager) AddPeer(ctx context.Context, setupKey, userID s am.StoreEvent(ctx, opEvent.InitiatorID, opEvent.TargetID, opEvent.AccountID, opEvent.Activity, opEvent.Meta) + // todo: evaluate if peer is part of a group that has is used in a active dns, route, acl am.updateAccountPeers(ctx, account) approvedPeersMap, err := am.GetValidatedPeers(account) @@ -544,6 +548,7 @@ func (am *DefaultAccountManager) SyncPeer(ctx context.Context, sync PeerSync, ac return nil, nil, nil, err } + // todo: review this logic if sync.UpdateAccountPeers { am.updateAccountPeers(ctx, account) } @@ -563,6 +568,7 @@ func (am *DefaultAccountManager) SyncPeer(ctx context.Context, sync PeerSync, ac return peer, emptyMap, postureChecks, nil } + // todo: review this logic and combine with the previous if isStatusChanged { am.updateAccountPeers(ctx, account) } @@ -802,11 +808,13 @@ func (am *DefaultAccountManager) checkAndUpdatePeerSSHKey(ctx context.Context, p } // trigger network map update + // todo: remove this since it is called by the caller function am.updateAccountPeers(ctx, account) return peer, nil } +// todo: not in use, remove it // UpdatePeerSSHKey updates peer's public SSH key func (am *DefaultAccountManager) UpdatePeerSSHKey(ctx context.Context, peerID string, sshKey string) error { if sshKey == "" { diff --git a/management/server/policy.go b/management/server/policy.go index a70d7f0ed..79b326755 100644 --- a/management/server/policy.go +++ b/management/server/policy.go @@ -364,6 +364,7 @@ func (am *DefaultAccountManager) SavePolicy(ctx context.Context, accountID, user } am.StoreEvent(ctx, userID, policy.ID, accountID, action, policy.EventMeta()) + // todo: call if before and after source and destination groups are not empty am.updateAccountPeers(ctx, account) return nil @@ -391,6 +392,7 @@ func (am *DefaultAccountManager) DeletePolicy(ctx context.Context, accountID, po am.StoreEvent(ctx, userID, policy.ID, accountID, activity.PolicyRemoved, policy.EventMeta()) + // todo: call if source and destination groups are not empty am.updateAccountPeers(ctx, account) return nil diff --git a/management/server/posture_checks.go b/management/server/posture_checks.go index 851d4d31f..3d576e440 100644 --- a/management/server/posture_checks.go +++ b/management/server/posture_checks.go @@ -82,6 +82,7 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI am.StoreEvent(ctx, userID, postureChecks.ID, accountID, action, postureChecks.EventMeta()) if exists { + // todo: check if posture check is linked to a policy am.updateAccountPeers(ctx, account) } diff --git a/management/server/route.go b/management/server/route.go index 6db00a255..4d869a7f5 100644 --- a/management/server/route.go +++ b/management/server/route.go @@ -204,7 +204,10 @@ func (am *DefaultAccountManager) CreateRoute(ctx context.Context, accountID stri if err = am.Store.SaveAccount(ctx, account); err != nil { return nil, err } - + // todo: call if one of the three is true: + // 1. distribution groups are not empty + // 2. routing groups are not empy + // 3. there is a routing peer am.updateAccountPeers(ctx, account) am.StoreEvent(ctx, userID, string(newRoute.ID), accountID, activity.RouteCreated, newRoute.EventMeta()) @@ -273,7 +276,10 @@ func (am *DefaultAccountManager) SaveRoute(ctx context.Context, accountID, userI if err = am.Store.SaveAccount(ctx, account); err != nil { return err } - + // todo: call if one of the three is true: + // 1. before and after distribution groups are not empty + // 2. before and after routing groups are not empy + // 3. there is a routing peer am.updateAccountPeers(ctx, account) am.StoreEvent(ctx, userID, string(routeToSave.ID), accountID, activity.RouteUpdated, routeToSave.EventMeta()) @@ -303,7 +309,10 @@ func (am *DefaultAccountManager) DeleteRoute(ctx context.Context, accountID stri } am.StoreEvent(ctx, userID, string(routy.ID), accountID, activity.RouteRemoved, routy.EventMeta()) - + // todo: call if one of the three is true: + // 1. distribution groups are not empty + // 2. routing groups are not empy + // 3. there is a routing peer am.updateAccountPeers(ctx, account) return nil diff --git a/management/server/setupkey.go b/management/server/setupkey.go index dcaee357c..488aecabc 100644 --- a/management/server/setupkey.go +++ b/management/server/setupkey.go @@ -320,7 +320,7 @@ func (am *DefaultAccountManager) SaveSetupKey(ctx context.Context, accountID str } } }() - + // todo: remove it, not needed here since we don't update anything else am.updateAccountPeers(ctx, account) return newKey, nil diff --git a/management/server/user.go b/management/server/user.go index 302cfccaa..2ac2a6330 100644 --- a/management/server/user.go +++ b/management/server/user.go @@ -517,6 +517,7 @@ func (am *DefaultAccountManager) deleteRegularUser(ctx context.Context, account meta := map[string]any{"name": tuName, "email": tuEmail, "created_at": tuCreatedAt} am.StoreEvent(ctx, initiatorUserID, targetUserID, account.Id, activity.UserDeleted, meta) + // todo: call only if user had a peer linked to it and peer propagation is enabled am.updateAccountPeers(ctx, account) return nil @@ -851,7 +852,8 @@ func (am *DefaultAccountManager) SaveOrAddUser(ctx context.Context, accountID, i if err = am.Store.SaveAccount(ctx, account); err != nil { return nil, err } - + // todo: call only if is existing user, it has a peer linked to it and peer propagation is enabled + // new users don't need to call this am.updateAccountPeers(ctx, account) } else { if err = am.Store.SaveAccount(ctx, account); err != nil {