diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 2d743f790..32a04d1ba 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -19,7 +19,7 @@ jobs: - name: codespell uses: codespell-project/actions-codespell@v2 with: - ignore_words_list: erro,clienta,hastable,iif + ignore_words_list: erro,clienta,hastable,iif,groupD skip: go.mod,go.sum only_warn: 1 golangci: diff --git a/management/server/group.go b/management/server/group.go index 7f3b441b3..8f55a5a9b 100644 --- a/management/server/group.go +++ b/management/server/group.go @@ -495,6 +495,9 @@ func anyGroupHasPeers(account *Account, groupIDs []string) bool { func areGroupChangesAffectPeers(account *Account, groupIDs []string) bool { for _, groupID := range groupIDs { + if slices.Contains(account.DNSSettings.DisabledManagementGroups, groupID) { + return true + } if linked, _ := isGroupLinkedToDns(account.NameServerGroups, groupID); linked { return true } diff --git a/management/server/nameserver.go b/management/server/nameserver.go index 7818b43ba..faaf1448f 100644 --- a/management/server/nameserver.go +++ b/management/server/nameserver.go @@ -108,7 +108,7 @@ func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accoun return err } - if anyGroupHasPeers(account, nsGroupToSave.Groups) || anyGroupHasPeers(account, oldNSGroup.Groups) { + if areNameServerGroupChangesAffectPeers(account, nsGroupToSave, oldNSGroup) { am.updateAccountPeers(ctx, account) } else { log.WithContext(ctx).Tracef("Skipping account peers update for ns group: %s", nsGroupToSave.ID) @@ -284,3 +284,11 @@ func validateDomain(domain string) error { return nil } + +// areNameServerGroupChangesAffectPeers checks if the changes in the nameserver group affect the peers. +func areNameServerGroupChangesAffectPeers(account *Account, newNSGroup, oldNSGroup *nbdns.NameServerGroup) bool { + if !newNSGroup.Enabled && !oldNSGroup.Enabled { + return false + } + return anyGroupHasPeers(account, newNSGroup.Groups) || anyGroupHasPeers(account, oldNSGroup.Groups) +} diff --git a/management/server/policy.go b/management/server/policy.go index 5ccc28847..9b5242b17 100644 --- a/management/server/policy.go +++ b/management/server/policy.go @@ -463,6 +463,10 @@ func (am *DefaultAccountManager) savePolicy(account *Account, policyToSave *Poli } oldPolicy := account.Policies[policyIdx] + if !policyToSave.Enabled && !oldPolicy.Enabled { + return false, nil + } + updateAccountPeers := anyGroupHasPeers(account, oldPolicy.ruleGroups()) || anyGroupHasPeers(account, policyToSave.ruleGroups()) // Update the existing policy diff --git a/management/server/posture_checks.go b/management/server/posture_checks.go index 49cfcc3ff..9ad557e55 100644 --- a/management/server/posture_checks.go +++ b/management/server/posture_checks.go @@ -69,8 +69,7 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI am.StoreEvent(ctx, userID, postureChecks.ID, accountID, action, postureChecks.EventMeta()) - isLinked, linkedPolicy := isPostureCheckLinkedToPolicy(account, postureChecks.ID) - if exists && isLinked && anyGroupHasPeers(account, linkedPolicy.ruleGroups()) { + if arePostureCheckChangesAffectingPeers(account, postureChecks.ID, exists) { am.updateAccountPeers(ctx, account) } else { log.WithContext(ctx).Tracef("Skipping account peers update for posture checks: %s", postureChecks.ID) @@ -227,3 +226,16 @@ func isPostureCheckLinkedToPolicy(account *Account, postureChecksID string) (boo } return false, nil } + +// arePostureCheckChangesAffectingPeers checks if the changes in posture checks are affecting peers. +func arePostureCheckChangesAffectingPeers(account *Account, postureCheckID string, exists bool) bool { + if !exists { + return false + } + + isLinked, linkedPolicy := isPostureCheckLinkedToPolicy(account, postureCheckID) + if !isLinked { + return false + } + return anyGroupHasPeers(account, linkedPolicy.ruleGroups()) +}