Merge branch 'main' into debug-google-workspace

* Make sure our iOS dialer does not get overwritten

* set dial timeout for both clients on ios

---------

Co-authored-by: Pascal Fischer <pascal@netbird.io>

client/internal/dns/upstream_ios.go

@@ -46,24 +46,32 @@ func (u *upstreamResolverIOS) exchange(ctx context.Context, upstream string, r *
 	if err != nil {
 		log.Errorf("error while parsing upstream host: %s", err)
 	}
+
+	timeout := upstreamTimeout
+	if deadline, ok := ctx.Deadline(); ok {
+		timeout = time.Until(deadline)
+	}
+	client.DialTimeout = timeout
+
 	upstreamIP := net.ParseIP(upstreamHost)
 	if u.lNet.Contains(upstreamIP) || net.IP.IsPrivate(upstreamIP) {
 		log.Debugf("using private client to query upstream: %s", upstream)
-		client = u.getClientPrivate()
+		client = u.getClientPrivate(timeout)
 	}
 
-	return client.ExchangeContext(ctx, r, upstream)
+	// Cannot use client.ExchangeContext because it overwrites our Dialer
+	return client.Exchange(r, upstream)
 }
 
 // getClientPrivate returns a new DNS client bound to the local IP address of the Netbird interface
 // This method is needed for iOS
-func (u *upstreamResolverIOS) getClientPrivate() *dns.Client {
+func (u *upstreamResolverIOS) getClientPrivate(dialTimeout time.Duration) *dns.Client {
 	dialer := &net.Dialer{
 		LocalAddr: &net.UDPAddr{
 			IP:   u.lIP,
 			Port: 0, // Let the OS pick a free port
 		},
-		Timeout: upstreamTimeout,
+		Timeout: dialTimeout,
 		Control: func(network, address string, c syscall.RawConn) error {
 			var operr error
 			fn := func(s uintptr) {

management/server/http/api/openapi.yml

@@ -904,7 +904,7 @@ components:
         nameservers:
           description: Nameserver list
           minLength: 1
-          maxLength: 2
+          maxLength: 3
           type: array
           items:
             $ref: '#/components/schemas/Nameserver'

management/server/idp/google_workspace.go

@@ -5,6 +5,8 @@ import (
 	"encoding/base64"
 	"fmt"
 	"net/http"
+	"os"
+	"strconv"
 	"time"
 
 	log "github.com/sirupsen/logrus"
@@ -150,19 +152,37 @@ func (gm *GoogleWorkspaceManager) GetAllAccounts() (map[string][]*UserData, erro
 
 // getAllUsers returns all users in a Google Workspace account filtered by customer ID.
 func (gm *GoogleWorkspaceManager) getAllUsers() ([]*UserData, error) {
+	var usersLimit int64 = 500
+	if maxUsersLimitEnv := os.Getenv("GOOGLE_WORKSPACE_USERS_LIMIT"); maxUsersLimitEnv != "" {
+		maxUsersLimit, err := strconv.Atoi(maxUsersLimitEnv)
+		if err == nil {
+			log.Debugf("GOOGLE_WORKSPACE_USERS_LIMIT env is set using %d  as users limit", maxUsersLimit)
+			usersLimit = int64(maxUsersLimit)
+		}
+	} else {
+		log.Debugf("GOOGLE_WORKSPACE_USERS_LIMIT env is not set using default users limit 500")
+	}
+
 	users := make([]*UserData, 0)
 	pageToken := ""
 	for {
-		call := gm.usersService.List().Customer(gm.CustomerID).MaxResults(500)
+		call := gm.usersService.List().Customer(gm.CustomerID).MaxResults(usersLimit)
 		if pageToken != "" {
 			call.PageToken(pageToken)
 		}
 
 		resp, err := call.Do()
 		if err != nil {
+			log.Debugf("failed to retrieve users from workspace error: %s, http status: %d, headers: %v",
+				err.Error(),
+				resp.HTTPStatusCode,
+				resp.Header,
+			)
 			return nil, err
 		}
 
+		log.Debugf("fetched %d users from workspace", len(resp.Users))
+
 		for _, user := range resp.Users {
 			users = append(users, parseGoogleWorkspaceUser(user))
 		}

management/server/nameserver.go

@@ -255,8 +255,8 @@ func validateNSGroupName(name, nsGroupID string, nsGroupMap map[string]*nbdns.Na
 
 func validateNSList(list []nbdns.NameServer) error {
 	nsListLenght := len(list)
-	if nsListLenght == 0 || nsListLenght > 2 {
+	if nsListLenght == 0 || nsListLenght > 3 {
-		return status.Errorf(status.InvalidArgument, "the list of nameservers should be 1 or 2, got %d", len(list))
+		return status.Errorf(status.InvalidArgument, "the list of nameservers should be 1 or 3, got %d", len(list))
 	}
 	return nil
 }

management/server/nameserver_test.go

@@ -216,7 +216,7 @@ func TestCreateNameServerGroup(t *testing.T) {
 			shouldCreate: false,
 		},
 		{
-			name: "Create A NS Group With More Than 2 Nameservers Should Fail",
+			name: "Create A NS Group With More Than 3 Nameservers Should Fail",
 			inputArgs: input{
 				name:        "super",
 				description: "super",
@@ -238,6 +238,11 @@ func TestCreateNameServerGroup(t *testing.T) {
 						NSType: nbdns.UDPNameServerType,
 						Port:   nbdns.DefaultDNSPort,
 					},
+					{
+						IP:     netip.MustParseAddr("1.1.4.4"),
+						NSType: nbdns.UDPNameServerType,
+						Port:   nbdns.DefaultDNSPort,
+					},
 				},
 				enabled: true,
 			},
@@ -457,6 +462,11 @@ func TestSaveNameServerGroup(t *testing.T) {
 			NSType: nbdns.UDPNameServerType,
 			Port:   nbdns.DefaultDNSPort,
 		},
+		{
+			IP:     netip.MustParseAddr("1.1.4.4"),
+			NSType: nbdns.UDPNameServerType,
+			Port:   nbdns.DefaultDNSPort,
+		},
 	}
 	invalidID := "doesntExist"
 	validName := "12345678901234567890qw"