Merge branch 'feature/validate-group-association' into feature/validate-group-association-debug

.github/workflows/golangci-lint.yml

@@ -19,7 +19,7 @@ jobs:
       - name: codespell
         uses: codespell-project/actions-codespell@v2
         with:
-          ignore_words_list: erro,clienta,hastable,iif
+          ignore_words_list: erro,clienta,hastable,iif,groupD
           skip: go.mod,go.sum
           only_warn: 1
   golangci:

management/server/group.go

@@ -495,6 +495,9 @@ func anyGroupHasPeers(account *Account, groupIDs []string) bool {
 
 func areGroupChangesAffectPeers(account *Account, groupIDs []string) bool {
 	for _, groupID := range groupIDs {
+		if slices.Contains(account.DNSSettings.DisabledManagementGroups, groupID) {
+			return true
+		}
 		if linked, _ := isGroupLinkedToDns(account.NameServerGroups, groupID); linked {
 			return true
 		}

management/server/nameserver.go

@@ -108,7 +108,7 @@ func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accoun
 		return err
 	}
 
-	if anyGroupHasPeers(account, nsGroupToSave.Groups) || anyGroupHasPeers(account, oldNSGroup.Groups) {
+	if areNameServerGroupChangesAffectPeers(account, nsGroupToSave, oldNSGroup) {
 		am.updateAccountPeers(ctx, account)
 	} else {
 		log.WithContext(ctx).Tracef("Skipping account peers update for ns group: %s", nsGroupToSave.ID)
@@ -284,3 +284,11 @@ func validateDomain(domain string) error {
 
 	return nil
 }
+
+// areNameServerGroupChangesAffectPeers checks if the changes in the nameserver group affect the peers.
+func areNameServerGroupChangesAffectPeers(account *Account, newNSGroup, oldNSGroup *nbdns.NameServerGroup) bool {
+	if !newNSGroup.Enabled && !oldNSGroup.Enabled {
+		return false
+	}
+	return anyGroupHasPeers(account, newNSGroup.Groups) || anyGroupHasPeers(account, oldNSGroup.Groups)
+}

management/server/policy.go

@@ -463,6 +463,10 @@ func (am *DefaultAccountManager) savePolicy(account *Account, policyToSave *Poli
 		}
 
 		oldPolicy := account.Policies[policyIdx]
+		if !policyToSave.Enabled && !oldPolicy.Enabled {
+			return false, nil
+		}
+
 		updateAccountPeers := anyGroupHasPeers(account, oldPolicy.ruleGroups()) || anyGroupHasPeers(account, policyToSave.ruleGroups())
 
 		// Update the existing policy

management/server/posture_checks.go

@@ -69,8 +69,7 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI
 
 	am.StoreEvent(ctx, userID, postureChecks.ID, accountID, action, postureChecks.EventMeta())
 
-	isLinked, linkedPolicy := isPostureCheckLinkedToPolicy(account, postureChecks.ID)
+	if arePostureCheckChangesAffectingPeers(account, postureChecks.ID, exists) {
-	if exists && isLinked && anyGroupHasPeers(account, linkedPolicy.ruleGroups()) {
 		am.updateAccountPeers(ctx, account)
 	} else {
 		log.WithContext(ctx).Tracef("Skipping account peers update for posture checks: %s", postureChecks.ID)
@@ -227,3 +226,16 @@ func isPostureCheckLinkedToPolicy(account *Account, postureChecksID string) (boo
 	}
 	return false, nil
 }
+
+// arePostureCheckChangesAffectingPeers checks if the changes in posture checks are affecting peers.
+func arePostureCheckChangesAffectingPeers(account *Account, postureCheckID string, exists bool) bool {
+	if !exists {
+		return false
+	}
+
+	isLinked, linkedPolicy := isPostureCheckLinkedToPolicy(account, postureCheckID)
+	if !isLinked {
+		return false
+	}
+	return anyGroupHasPeers(account, linkedPolicy.ruleGroups())
+}