Refactor group, ns group, policy and posture checks

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-13 10:21:10 +01:00 · 2024-10-21 17:12:19 +03:00 · 2024-10-21 17:12:19 +03:00 · 070e1dd890
commit 070e1dd890
parent 8b61ffa78f
4 changed files with 30 additions and 3 deletions
--- a/management/server/group.go
+++ b/management/server/group.go
@ -489,6 +489,9 @@ func anyGroupHasPeers(account *Account, groupIDs []string) bool {

 func areGroupChangesAffectPeers(account *Account, groupIDs []string) bool {
 	for _, groupID := range groupIDs {
+		if slices.Contains(account.DNSSettings.DisabledManagementGroups, groupID) {
+			return true
+		}
 		if linked, _ := isGroupLinkedToDns(account.NameServerGroups, groupID); linked {
 			return true
 		}
--- a/management/server/nameserver.go
+++ b/management/server/nameserver.go
@ -105,7 +105,7 @@ func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accoun
 		return err
 	}

-	if anyGroupHasPeers(account, nsGroupToSave.Groups) || anyGroupHasPeers(account, oldNSGroup.Groups) {
+	if areNameServerGroupChangesAffectPeers(account, nsGroupToSave, oldNSGroup) {
 		am.updateAccountPeers(ctx, account)
 	}
 	am.StoreEvent(ctx, userID, nsGroupToSave.ID, accountID, activity.NameserverGroupUpdated, nsGroupToSave.EventMeta())
@ -277,3 +277,11 @@ func validateDomain(domain string) error {

 	return nil
 }
+
+// areNameServerGroupChangesAffectPeers checks if the changes in the nameserver group affect the peers.
+func areNameServerGroupChangesAffectPeers(account *Account, newNSGroup, oldNSGroup *nbdns.NameServerGroup) bool {
+	if !newNSGroup.Enabled && !oldNSGroup.Enabled {
+		return false
+	}
+	return anyGroupHasPeers(account, newNSGroup.Groups) || anyGroupHasPeers(account, oldNSGroup.Groups)
+}
--- a/management/server/policy.go
+++ b/management/server/policy.go
@ -461,6 +461,10 @@ func (am *DefaultAccountManager) savePolicy(account *Account, policyToSave *Poli
 		}

 		oldPolicy := account.Policies[policyIdx]
+		if !policyToSave.Enabled && !oldPolicy.Enabled {
+			return false, nil
+		}
+
 		updateAccountPeers := anyGroupHasPeers(account, oldPolicy.ruleGroups()) || anyGroupHasPeers(account, policyToSave.ruleGroups())

 		// Update the existing policy
--- a/management/server/posture_checks.go
+++ b/management/server/posture_checks.go
@ -68,8 +68,7 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI

 	am.StoreEvent(ctx, userID, postureChecks.ID, accountID, action, postureChecks.EventMeta())

-	isLinked, linkedPolicy := isPostureCheckLinkedToPolicy(account, postureChecks.ID)
-	if exists && isLinked && anyGroupHasPeers(account, linkedPolicy.ruleGroups()) {
+	if arePostureCheckChangesAffectingPeers(account, postureChecks.ID, exists) {
 		am.updateAccountPeers(ctx, account)
 	}

@ -224,3 +223,16 @@ func isPostureCheckLinkedToPolicy(account *Account, postureChecksID string) (boo
 	}
 	return false, nil
 }
+
+// arePostureCheckChangesAffectingPeers checks if the changes in posture checks are affecting peers.
+func arePostureCheckChangesAffectingPeers(account *Account, postureCheckID string, exists bool) bool {
+	if !exists {
+		return false
+	}
+
+	isLinked, linkedPolicy := isPostureCheckLinkedToPolicy(account, postureCheckID)
+	if !isLinked {
+		return false
+	}
+	return anyGroupHasPeers(account, linkedPolicy.ruleGroups())
+}