From 4c758c6e526a5ba8ee0088263d5883a2c817a190 Mon Sep 17 00:00:00 2001 From: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com> Date: Thu, 31 Oct 2024 19:24:15 +0100 Subject: [PATCH] [management] remove network map diff calculations (#2820) --- go.mod | 3 - go.sum | 6 - management/server/differs/netip.go | 82 --- management/server/dns_test.go | 97 ++-- management/server/group_test.go | 28 +- management/server/nameserver_test.go | 30 -- management/server/network.go | 4 +- management/server/peer/peer.go | 18 +- management/server/policy.go | 4 +- management/server/policy_test.go | 62 +-- management/server/posture_checks_test.go | 65 +-- management/server/route_test.go | 20 - .../server/telemetry/updatechannel_metrics.go | 12 - management/server/updatechannel.go | 110 +--- management/server/updatechannel_test.go | 482 ------------------ 15 files changed, 94 insertions(+), 929 deletions(-) delete mode 100644 management/server/differs/netip.go diff --git a/go.mod b/go.mod index 7223a446b..571b41abf 100644 --- a/go.mod +++ b/go.mod @@ -71,7 +71,6 @@ require ( github.com/pion/transport/v3 v3.0.1 github.com/pion/turn/v3 v3.0.1 github.com/prometheus/client_golang v1.19.1 - github.com/r3labs/diff/v3 v3.0.1 github.com/rs/xid v1.3.0 github.com/shirou/gopsutil/v3 v3.24.4 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 @@ -211,8 +210,6 @@ require ( github.com/tklauser/go-sysconf v0.3.14 // indirect github.com/tklauser/numcpus v0.8.0 // indirect github.com/vishvananda/netns v0.0.4 // indirect - github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect - github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/yuin/goldmark v1.7.1 // indirect github.com/zeebo/blake3 v0.2.3 // indirect go.opencensus.io v0.24.0 // indirect diff --git a/go.sum b/go.sum index 5cd703bc8..217d27e0a 100644 --- a/go.sum +++ b/go.sum @@ -605,8 +605,6 @@ github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+a github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= -github.com/r3labs/diff/v3 v3.0.1 h1:CBKqf3XmNRHXKmdU7mZP1w7TV0pDyVCis1AUHtA4Xtg= -github.com/r3labs/diff/v3 v3.0.1/go.mod h1:f1S9bourRbiM66NskseyUdo0fTmEE0qKrikYJX63dgo= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= @@ -699,10 +697,6 @@ github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhg github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU= -github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc= -github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= -github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/management/server/differs/netip.go b/management/server/differs/netip.go deleted file mode 100644 index de4aa334c..000000000 --- a/management/server/differs/netip.go +++ /dev/null @@ -1,82 +0,0 @@ -package differs - -import ( - "fmt" - "net/netip" - "reflect" - - "github.com/r3labs/diff/v3" -) - -// NetIPAddr is a custom differ for netip.Addr -type NetIPAddr struct { - DiffFunc func(path []string, a, b reflect.Value, p interface{}) error -} - -func (differ NetIPAddr) Match(a, b reflect.Value) bool { - return diff.AreType(a, b, reflect.TypeOf(netip.Addr{})) -} - -func (differ NetIPAddr) Diff(_ diff.DiffType, _ diff.DiffFunc, cl *diff.Changelog, path []string, a, b reflect.Value, _ interface{}) error { - if a.Kind() == reflect.Invalid { - cl.Add(diff.CREATE, path, nil, b.Interface()) - return nil - } - - if b.Kind() == reflect.Invalid { - cl.Add(diff.DELETE, path, a.Interface(), nil) - return nil - } - - fromAddr, ok1 := a.Interface().(netip.Addr) - toAddr, ok2 := b.Interface().(netip.Addr) - if !ok1 || !ok2 { - return fmt.Errorf("invalid type for netip.Addr") - } - - if fromAddr.String() != toAddr.String() { - cl.Add(diff.UPDATE, path, fromAddr.String(), toAddr.String()) - } - - return nil -} - -func (differ NetIPAddr) InsertParentDiffer(dfunc func(path []string, a, b reflect.Value, p interface{}) error) { - differ.DiffFunc = dfunc //nolint -} - -// NetIPPrefix is a custom differ for netip.Prefix -type NetIPPrefix struct { - DiffFunc func(path []string, a, b reflect.Value, p interface{}) error -} - -func (differ NetIPPrefix) Match(a, b reflect.Value) bool { - return diff.AreType(a, b, reflect.TypeOf(netip.Prefix{})) -} - -func (differ NetIPPrefix) Diff(_ diff.DiffType, _ diff.DiffFunc, cl *diff.Changelog, path []string, a, b reflect.Value, _ interface{}) error { - if a.Kind() == reflect.Invalid { - cl.Add(diff.CREATE, path, nil, b.Interface()) - return nil - } - if b.Kind() == reflect.Invalid { - cl.Add(diff.DELETE, path, a.Interface(), nil) - return nil - } - - fromPrefix, ok1 := a.Interface().(netip.Prefix) - toPrefix, ok2 := b.Interface().(netip.Prefix) - if !ok1 || !ok2 { - return fmt.Errorf("invalid type for netip.Addr") - } - - if fromPrefix.String() != toPrefix.String() { - cl.Add(diff.UPDATE, path, fromPrefix.String(), toPrefix.String()) - } - - return nil -} - -func (differ NetIPPrefix) InsertParentDiffer(dfunc func(path []string, a, b reflect.Value, p interface{}) error) { - differ.DiffFunc = dfunc //nolint -} diff --git a/management/server/dns_test.go b/management/server/dns_test.go index c675fc12c..8a66da96c 100644 --- a/management/server/dns_test.go +++ b/management/server/dns_test.go @@ -8,9 +8,10 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" + nbdns "github.com/netbirdio/netbird/dns" "github.com/netbirdio/netbird/management/server/telemetry" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -521,23 +522,64 @@ func TestDNSAccountPeersUpdate(t *testing.T) { } }) - err = manager.SaveGroup(context.Background(), account.Id, userID, &group.Group{ - ID: "groupA", - Name: "GroupA", - Peers: []string{peer1.ID, peer2.ID, peer3.ID}, - }) - assert.NoError(t, err) + // Creating DNS settings with groups that have no peers should not update account peers or send peer update + t.Run("creating dns setting with unused groups", func(t *testing.T) { + done := make(chan struct{}) + go func() { + peerShouldNotReceiveUpdate(t, updMsg) + close(done) + }() - _, err = manager.CreateNameServerGroup( - context.Background(), account.Id, "ns-group-1", "ns-group-1", []dns.NameServer{{ - IP: netip.MustParseAddr(peer1.IP.String()), - NSType: dns.UDPNameServerType, - Port: dns.DefaultDNSPort, - }}, - []string{"groupA"}, - true, []string{}, true, userID, false, - ) - assert.NoError(t, err) + _, err = manager.CreateNameServerGroup( + context.Background(), account.Id, "ns-group", "ns-group", []dns.NameServer{{ + IP: netip.MustParseAddr(peer1.IP.String()), + NSType: dns.UDPNameServerType, + Port: dns.DefaultDNSPort, + }}, + []string{"groupB"}, + true, []string{}, true, userID, false, + ) + assert.NoError(t, err) + + select { + case <-done: + case <-time.After(time.Second): + t.Error("timeout waiting for peerShouldNotReceiveUpdate") + } + }) + + // Creating DNS settings with groups that have peers should update account peers and send peer update + t.Run("creating dns setting with used groups", func(t *testing.T) { + err = manager.SaveGroup(context.Background(), account.Id, userID, &group.Group{ + ID: "groupA", + Name: "GroupA", + Peers: []string{peer1.ID, peer2.ID, peer3.ID}, + }) + assert.NoError(t, err) + + done := make(chan struct{}) + go func() { + peerShouldReceiveUpdate(t, updMsg) + close(done) + }() + + _, err = manager.CreateNameServerGroup( + context.Background(), account.Id, "ns-group-1", "ns-group-1", []dns.NameServer{{ + IP: netip.MustParseAddr(peer1.IP.String()), + NSType: dns.UDPNameServerType, + Port: dns.DefaultDNSPort, + }}, + []string{"groupA"}, + true, []string{}, true, userID, false, + ) + assert.NoError(t, err) + + select { + case <-done: + case <-time.After(time.Second): + t.Error("timeout waiting for peerShouldReceiveUpdate") + } + }) // Saving DNS settings with groups that have peers should update account peers and send peer update t.Run("saving dns setting with used groups", func(t *testing.T) { @@ -559,27 +601,6 @@ func TestDNSAccountPeersUpdate(t *testing.T) { } }) - // Saving unchanged DNS settings with used groups should update account peers and not send peer update - // since there is no change in the network map - t.Run("saving unchanged dns setting with used groups", func(t *testing.T) { - done := make(chan struct{}) - go func() { - peerShouldNotReceiveUpdate(t, updMsg) - close(done) - }() - - err := manager.SaveDNSSettings(context.Background(), account.Id, userID, &DNSSettings{ - DisabledManagementGroups: []string{"groupA", "groupB"}, - }) - assert.NoError(t, err) - - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) - // Removing group with no peers from DNS settings should not trigger updates to account peers or send peer updates t.Run("removing group with no peers from dns settings", func(t *testing.T) { done := make(chan struct{}) diff --git a/management/server/group_test.go b/management/server/group_test.go index 1e59b74ef..89184e819 100644 --- a/management/server/group_test.go +++ b/management/server/group_test.go @@ -8,12 +8,13 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + nbdns "github.com/netbirdio/netbird/dns" nbgroup "github.com/netbirdio/netbird/management/server/group" "github.com/netbirdio/netbird/management/server/status" "github.com/netbirdio/netbird/route" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) const ( @@ -536,29 +537,6 @@ func TestGroupAccountPeersUpdate(t *testing.T) { } }) - // Saving an unchanged group should trigger account peers update and not send peer update - // since there is no change in the network map - t.Run("saving unchanged group", func(t *testing.T) { - done := make(chan struct{}) - go func() { - peerShouldNotReceiveUpdate(t, updMsg) - close(done) - }() - - err := manager.SaveGroup(context.Background(), account.Id, userID, &nbgroup.Group{ - ID: "groupA", - Name: "GroupA", - Peers: []string{peer1.ID, peer2.ID}, - }) - assert.NoError(t, err) - - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) - // adding peer to a used group should update account peers and send peer update t.Run("adding peer to linked group", func(t *testing.T) { done := make(chan struct{}) diff --git a/management/server/nameserver_test.go b/management/server/nameserver_test.go index 96637cd39..846dbf023 100644 --- a/management/server/nameserver_test.go +++ b/management/server/nameserver_test.go @@ -1065,36 +1065,6 @@ func TestNameServerAccountPeersUpdate(t *testing.T) { } }) - // saving unchanged nameserver group should update account peers and not send peer update - t.Run("saving unchanged nameserver group", func(t *testing.T) { - done := make(chan struct{}) - go func() { - peerShouldNotReceiveUpdate(t, updMsg) - close(done) - }() - - newNameServerGroupB.NameServers = []nbdns.NameServer{ - { - IP: netip.MustParseAddr("1.1.1.2"), - NSType: nbdns.UDPNameServerType, - Port: nbdns.DefaultDNSPort, - }, - { - IP: netip.MustParseAddr("8.8.8.8"), - NSType: nbdns.UDPNameServerType, - Port: nbdns.DefaultDNSPort, - }, - } - err = manager.SaveNameServerGroup(context.Background(), account.Id, userID, newNameServerGroupB) - assert.NoError(t, err) - - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) - // Deleting a nameserver group should update account peers and send peer update t.Run("deleting nameserver group", func(t *testing.T) { done := make(chan struct{}) diff --git a/management/server/network.go b/management/server/network.go index 8fb6a8b3c..a5b188b46 100644 --- a/management/server/network.go +++ b/management/server/network.go @@ -41,9 +41,9 @@ type Network struct { Dns string // Serial is an ID that increments by 1 when any change to the network happened (e.g. new peer has been added). // Used to synchronize state to the client apps. - Serial uint64 `diff:"-"` + Serial uint64 - mu sync.Mutex `json:"-" gorm:"-" diff:"-"` + mu sync.Mutex `json:"-" gorm:"-"` } // NewNetwork creates a new Network initializing it with a Serial=0 diff --git a/management/server/peer/peer.go b/management/server/peer/peer.go index 82e0acf3a..34d791844 100644 --- a/management/server/peer/peer.go +++ b/management/server/peer/peer.go @@ -20,33 +20,33 @@ type Peer struct { // IP address of the Peer IP net.IP `gorm:"serializer:json"` // Meta is a Peer system meta data - Meta PeerSystemMeta `gorm:"embedded;embeddedPrefix:meta_" diff:"-"` + Meta PeerSystemMeta `gorm:"embedded;embeddedPrefix:meta_"` // Name is peer's name (machine name) Name string // DNSLabel is the parsed peer name for domain resolution. It is used to form an FQDN by appending the account's // domain to the peer label. e.g. peer-dns-label.netbird.cloud DNSLabel string // Status peer's management connection status - Status *PeerStatus `gorm:"embedded;embeddedPrefix:peer_status_" diff:"-"` + Status *PeerStatus `gorm:"embedded;embeddedPrefix:peer_status_"` // The user ID that registered the peer - UserID string `diff:"-"` + UserID string // SSHKey is a public SSH key of the peer SSHKey string // SSHEnabled indicates whether SSH server is enabled on the peer SSHEnabled bool // LoginExpirationEnabled indicates whether peer's login expiration is enabled and once expired the peer has to re-login. // Works with LastLogin - LoginExpirationEnabled bool `diff:"-"` + LoginExpirationEnabled bool - InactivityExpirationEnabled bool `diff:"-"` + InactivityExpirationEnabled bool // LastLogin the time when peer performed last login operation - LastLogin time.Time `diff:"-"` + LastLogin time.Time // CreatedAt records the time the peer was created - CreatedAt time.Time `diff:"-"` + CreatedAt time.Time // Indicate ephemeral peer attribute - Ephemeral bool `diff:"-"` + Ephemeral bool // Geo location based on connection IP - Location Location `gorm:"embedded;embeddedPrefix:location_" diff:"-"` + Location Location `gorm:"embedded;embeddedPrefix:location_"` } type PeerStatus struct { //nolint:revive diff --git a/management/server/policy.go b/management/server/policy.go index 055542430..43a925f88 100644 --- a/management/server/policy.go +++ b/management/server/policy.go @@ -405,7 +405,9 @@ func (am *DefaultAccountManager) DeletePolicy(ctx context.Context, accountID, po am.StoreEvent(ctx, userID, policy.ID, accountID, activity.PolicyRemoved, policy.EventMeta()) - am.updateAccountPeers(ctx, account) + if anyGroupHasPeers(account, policy.ruleGroups()) { + am.updateAccountPeers(ctx, account) + } return nil } diff --git a/management/server/policy_test.go b/management/server/policy_test.go index 5b1411702..e7f0f9cd2 100644 --- a/management/server/policy_test.go +++ b/management/server/policy_test.go @@ -854,16 +854,11 @@ func TestPolicyAccountPeersUpdate(t *testing.T) { }) assert.NoError(t, err) - updMsg1 := manager.peersUpdateManager.CreateChannel(context.Background(), peer1.ID) + updMsg := manager.peersUpdateManager.CreateChannel(context.Background(), peer1.ID) t.Cleanup(func() { manager.peersUpdateManager.CloseChannel(context.Background(), peer1.ID) }) - updMsg2 := manager.peersUpdateManager.CreateChannel(context.Background(), peer2.ID) - t.Cleanup(func() { - manager.peersUpdateManager.CloseChannel(context.Background(), peer2.ID) - }) - // Saving policy with rule groups with no peers should not update account's peers and not send peer update t.Run("saving policy with rule groups with no peers", func(t *testing.T) { policy := Policy{ @@ -883,7 +878,7 @@ func TestPolicyAccountPeersUpdate(t *testing.T) { done := make(chan struct{}) go func() { - peerShouldNotReceiveUpdate(t, updMsg1) + peerShouldNotReceiveUpdate(t, updMsg) close(done) }() @@ -918,7 +913,7 @@ func TestPolicyAccountPeersUpdate(t *testing.T) { done := make(chan struct{}) go func() { - peerShouldReceiveUpdate(t, updMsg1) + peerShouldReceiveUpdate(t, updMsg) close(done) }() @@ -953,7 +948,7 @@ func TestPolicyAccountPeersUpdate(t *testing.T) { done := make(chan struct{}) go func() { - peerShouldReceiveUpdate(t, updMsg2) + peerShouldReceiveUpdate(t, updMsg) close(done) }() @@ -987,7 +982,7 @@ func TestPolicyAccountPeersUpdate(t *testing.T) { done := make(chan struct{}) go func() { - peerShouldReceiveUpdate(t, updMsg1) + peerShouldReceiveUpdate(t, updMsg) close(done) }() @@ -1021,7 +1016,7 @@ func TestPolicyAccountPeersUpdate(t *testing.T) { done := make(chan struct{}) go func() { - peerShouldReceiveUpdate(t, updMsg1) + peerShouldReceiveUpdate(t, updMsg) close(done) }() @@ -1056,7 +1051,7 @@ func TestPolicyAccountPeersUpdate(t *testing.T) { done := make(chan struct{}) go func() { - peerShouldNotReceiveUpdate(t, updMsg1) + peerShouldNotReceiveUpdate(t, updMsg) close(done) }() @@ -1090,7 +1085,7 @@ func TestPolicyAccountPeersUpdate(t *testing.T) { done := make(chan struct{}) go func() { - peerShouldReceiveUpdate(t, updMsg1) + peerShouldReceiveUpdate(t, updMsg) close(done) }() @@ -1104,46 +1099,13 @@ func TestPolicyAccountPeersUpdate(t *testing.T) { } }) - // Saving unchanged policy should trigger account peers update but not send peer update - t.Run("saving unchanged policy", func(t *testing.T) { - policy := Policy{ - ID: "policy-source-destination-peers", - Enabled: true, - Rules: []*PolicyRule{ - { - ID: xid.New().String(), - Enabled: true, - Sources: []string{"groupA"}, - Destinations: []string{"groupD"}, - Bidirectional: true, - Action: PolicyTrafficActionAccept, - }, - }, - } - - done := make(chan struct{}) - go func() { - peerShouldNotReceiveUpdate(t, updMsg1) - close(done) - }() - - err := manager.SavePolicy(context.Background(), account.Id, userID, &policy, true) - assert.NoError(t, err) - - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) - // Deleting policy should trigger account peers update and send peer update t.Run("deleting policy with source and destination groups with peers", func(t *testing.T) { policyID := "policy-source-destination-peers" done := make(chan struct{}) go func() { - peerShouldReceiveUpdate(t, updMsg1) + peerShouldReceiveUpdate(t, updMsg) close(done) }() @@ -1164,7 +1126,7 @@ func TestPolicyAccountPeersUpdate(t *testing.T) { policyID := "policy-destination-has-peers-source-none" done := make(chan struct{}) go func() { - peerShouldReceiveUpdate(t, updMsg2) + peerShouldReceiveUpdate(t, updMsg) close(done) }() @@ -1180,10 +1142,10 @@ func TestPolicyAccountPeersUpdate(t *testing.T) { // Deleting policy with no peers in groups should not update account's peers and not send peer update t.Run("deleting policy with no peers in groups", func(t *testing.T) { - policyID := "policy-rule-groups-no-peers" // Deleting the policy created in Case 2 + policyID := "policy-rule-groups-no-peers" done := make(chan struct{}) go func() { - peerShouldNotReceiveUpdate(t, updMsg1) + peerShouldNotReceiveUpdate(t, updMsg) close(done) }() diff --git a/management/server/posture_checks_test.go b/management/server/posture_checks_test.go index 7d31956f9..c63538b9d 100644 --- a/management/server/posture_checks_test.go +++ b/management/server/posture_checks_test.go @@ -5,10 +5,11 @@ import ( "testing" "time" - "github.com/netbirdio/netbird/management/server/group" "github.com/rs/xid" "github.com/stretchr/testify/assert" + "github.com/netbirdio/netbird/management/server/group" + "github.com/netbirdio/netbird/management/server/posture" ) @@ -264,25 +265,6 @@ func TestPostureCheckAccountPeersUpdate(t *testing.T) { } }) - // Saving unchanged posture check should not trigger account peers update and not send peer update - // since there is no change in the network map - t.Run("saving unchanged posture check", func(t *testing.T) { - done := make(chan struct{}) - go func() { - peerShouldNotReceiveUpdate(t, updMsg) - close(done) - }() - - err := manager.SavePostureChecks(context.Background(), account.Id, userID, &postureCheck) - assert.NoError(t, err) - - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) - // Removing posture check from policy should trigger account peers update and send peer update t.Run("removing posture check from policy", func(t *testing.T) { done := make(chan struct{}) @@ -412,50 +394,9 @@ func TestPostureCheckAccountPeersUpdate(t *testing.T) { } }) - // Updating linked posture check to policy where source has peers but destination does not, - // should not trigger account peers update or send peer update - t.Run("updating linked posture check to policy where source has peers but destination does not", func(t *testing.T) { - policy = Policy{ - ID: "policyB", - Enabled: true, - Rules: []*PolicyRule{ - { - Enabled: true, - Sources: []string{"groupA"}, - Destinations: []string{"groupB"}, - Bidirectional: true, - Action: PolicyTrafficActionAccept, - }, - }, - SourcePostureChecks: []string{postureCheck.ID}, - } - err = manager.SavePolicy(context.Background(), account.Id, userID, &policy, true) - assert.NoError(t, err) - - done := make(chan struct{}) - go func() { - peerShouldNotReceiveUpdate(t, updMsg) - close(done) - }() - - postureCheck.Checks = posture.ChecksDefinition{ - NBVersionCheck: &posture.NBVersionCheck{ - MinVersion: "0.29.0", - }, - } - err := manager.SavePostureChecks(context.Background(), account.Id, userID, &postureCheck) - assert.NoError(t, err) - - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) - // Updating linked client posture check to policy where source has peers but destination does not, // should trigger account peers update and send peer update - t.Run("updating linked client posture check to policy where source has peers but destination does not", func(t *testing.T) { + t.Run("updating linked posture check to policy where source has peers but destination does not", func(t *testing.T) { policy = Policy{ ID: "policyB", Enabled: true, diff --git a/management/server/route_test.go b/management/server/route_test.go index a4b320c7e..4893e19b9 100644 --- a/management/server/route_test.go +++ b/management/server/route_test.go @@ -1938,26 +1938,6 @@ func TestRouteAccountPeersUpdate(t *testing.T) { } }) - // Updating unchanged route should update account peers and not send peer update - t.Run("updating unchanged route", func(t *testing.T) { - baseRoute.Groups = []string{routeGroup1, routeGroup2} - - done := make(chan struct{}) - go func() { - peerShouldNotReceiveUpdate(t, updMsg) - close(done) - }() - - err := manager.SaveRoute(context.Background(), account.Id, userID, &baseRoute) - require.NoError(t, err) - - select { - case <-done: - case <-time.After(time.Second): - t.Error("timeout waiting for peerShouldNotReceiveUpdate") - } - }) - // Deleting the route should update account peers and send peer update t.Run("deleting route", func(t *testing.T) { done := make(chan struct{}) diff --git a/management/server/telemetry/updatechannel_metrics.go b/management/server/telemetry/updatechannel_metrics.go index fb33b663c..2582006e5 100644 --- a/management/server/telemetry/updatechannel_metrics.go +++ b/management/server/telemetry/updatechannel_metrics.go @@ -18,7 +18,6 @@ type UpdateChannelMetrics struct { getAllConnectedPeersDurationMicro metric.Int64Histogram getAllConnectedPeers metric.Int64Histogram hasChannelDurationMicro metric.Int64Histogram - networkMapDiffDurationMicro metric.Int64Histogram ctx context.Context } @@ -64,11 +63,6 @@ func NewUpdateChannelMetrics(ctx context.Context, meter metric.Meter) (*UpdateCh return nil, err } - networkMapDiffDurationMicro, err := meter.Int64Histogram("management.updatechannel.networkmap.diff.duration.micro") - if err != nil { - return nil, err - } - return &UpdateChannelMetrics{ createChannelDurationMicro: createChannelDurationMicro, closeChannelDurationMicro: closeChannelDurationMicro, @@ -78,7 +72,6 @@ func NewUpdateChannelMetrics(ctx context.Context, meter metric.Meter) (*UpdateCh getAllConnectedPeersDurationMicro: getAllConnectedPeersDurationMicro, getAllConnectedPeers: getAllConnectedPeers, hasChannelDurationMicro: hasChannelDurationMicro, - networkMapDiffDurationMicro: networkMapDiffDurationMicro, ctx: ctx, }, nil } @@ -118,8 +111,3 @@ func (metrics *UpdateChannelMetrics) CountGetAllConnectedPeersDuration(duration func (metrics *UpdateChannelMetrics) CountHasChannelDuration(duration time.Duration) { metrics.hasChannelDurationMicro.Record(metrics.ctx, duration.Microseconds()) } - -// CountNetworkMapDiffDurationMicro counts the duration of the NetworkMapDiff method -func (metrics *UpdateChannelMetrics) CountNetworkMapDiffDurationMicro(duration time.Duration) { - metrics.networkMapDiffDurationMicro.Record(metrics.ctx, duration.Microseconds()) -} diff --git a/management/server/updatechannel.go b/management/server/updatechannel.go index 7c7300222..59b6fd094 100644 --- a/management/server/updatechannel.go +++ b/management/server/updatechannel.go @@ -2,16 +2,12 @@ package server import ( "context" - "fmt" - "runtime/debug" "sync" "time" - "github.com/r3labs/diff/v3" log "github.com/sirupsen/logrus" "github.com/netbirdio/netbird/management/proto" - "github.com/netbirdio/netbird/management/server/differs" "github.com/netbirdio/netbird/management/server/telemetry" ) @@ -25,8 +21,6 @@ type UpdateMessage struct { type PeersUpdateManager struct { // peerChannels is an update channel indexed by Peer.ID peerChannels map[string]chan *UpdateMessage - // peerNetworkMaps is the UpdateMessage indexed by Peer.ID. - peerUpdateMessage map[string]*UpdateMessage // channelsMux keeps the mutex to access peerChannels channelsMux *sync.RWMutex // metrics provides method to collect application metrics @@ -36,10 +30,9 @@ type PeersUpdateManager struct { // NewPeersUpdateManager returns a new instance of PeersUpdateManager func NewPeersUpdateManager(metrics telemetry.AppMetrics) *PeersUpdateManager { return &PeersUpdateManager{ - peerChannels: make(map[string]chan *UpdateMessage), - peerUpdateMessage: make(map[string]*UpdateMessage), - channelsMux: &sync.RWMutex{}, - metrics: metrics, + peerChannels: make(map[string]chan *UpdateMessage), + channelsMux: &sync.RWMutex{}, + metrics: metrics, } } @@ -48,15 +41,6 @@ func (p *PeersUpdateManager) SendUpdate(ctx context.Context, peerID string, upda start := time.Now() var found, dropped bool - // skip sending sync update to the peer if there is no change in update message, - // it will not check on turn credential refresh as we do not send network map or client posture checks - if update.NetworkMap != nil { - updated := p.handlePeerMessageUpdate(ctx, peerID, update) - if !updated { - return - } - } - p.channelsMux.Lock() defer func() { @@ -66,16 +50,6 @@ func (p *PeersUpdateManager) SendUpdate(ctx context.Context, peerID string, upda } }() - if update.NetworkMap != nil { - lastSentUpdate := p.peerUpdateMessage[peerID] - if lastSentUpdate != nil && lastSentUpdate.Update.NetworkMap.GetSerial() > update.Update.NetworkMap.GetSerial() { - log.WithContext(ctx).Debugf("peer %s new network map serial: %d not greater than last sent: %d, skip sending update", - peerID, update.Update.NetworkMap.GetSerial(), lastSentUpdate.Update.NetworkMap.GetSerial()) - return - } - p.peerUpdateMessage[peerID] = update - } - if channel, ok := p.peerChannels[peerID]; ok { found = true select { @@ -108,7 +82,6 @@ func (p *PeersUpdateManager) CreateChannel(ctx context.Context, peerID string) c closed = true delete(p.peerChannels, peerID) close(channel) - delete(p.peerUpdateMessage, peerID) } // mbragin: todo shouldn't it be more? or configurable? channel := make(chan *UpdateMessage, channelBufferSize) @@ -123,7 +96,6 @@ func (p *PeersUpdateManager) closeChannel(ctx context.Context, peerID string) { if channel, ok := p.peerChannels[peerID]; ok { delete(p.peerChannels, peerID) close(channel) - delete(p.peerUpdateMessage, peerID) } log.WithContext(ctx).Debugf("closed updates channel of a peer %s", peerID) @@ -200,79 +172,3 @@ func (p *PeersUpdateManager) HasChannel(peerID string) bool { return ok } - -// handlePeerMessageUpdate checks if the update message for a peer is new and should be sent. -func (p *PeersUpdateManager) handlePeerMessageUpdate(ctx context.Context, peerID string, update *UpdateMessage) bool { - p.channelsMux.RLock() - lastSentUpdate := p.peerUpdateMessage[peerID] - p.channelsMux.RUnlock() - - if lastSentUpdate != nil { - updated, err := isNewPeerUpdateMessage(ctx, lastSentUpdate, update, p.metrics) - if err != nil { - log.WithContext(ctx).Errorf("error checking for SyncResponse updates: %v", err) - return true - } - if !updated { - log.WithContext(ctx).Debugf("peer %s network map is not updated, skip sending update", peerID) - return false - } - } - - return true -} - -// isNewPeerUpdateMessage checks if the given current update message is a new update that should be sent. -func isNewPeerUpdateMessage(ctx context.Context, lastSentUpdate, currUpdateToSend *UpdateMessage, metric telemetry.AppMetrics) (isNew bool, err error) { - startTime := time.Now() - - defer func() { - if r := recover(); r != nil { - log.WithContext(ctx).Panicf("comparing peer update messages. Trace: %s", debug.Stack()) - isNew, err = true, nil - } - }() - - if lastSentUpdate.Update.NetworkMap.GetSerial() > currUpdateToSend.Update.NetworkMap.GetSerial() { - return false, nil - } - - differ, err := diff.NewDiffer( - diff.CustomValueDiffers(&differs.NetIPAddr{}), - diff.CustomValueDiffers(&differs.NetIPPrefix{}), - ) - if err != nil { - return false, fmt.Errorf("failed to create differ: %v", err) - } - - lastSentFiles := getChecksFiles(lastSentUpdate.Update.Checks) - currFiles := getChecksFiles(currUpdateToSend.Update.Checks) - - changelog, err := differ.Diff(lastSentFiles, currFiles) - if err != nil { - return false, fmt.Errorf("failed to diff checks: %v", err) - } - if len(changelog) > 0 { - return true, nil - } - - changelog, err = differ.Diff(lastSentUpdate.NetworkMap, currUpdateToSend.NetworkMap) - if err != nil { - return false, fmt.Errorf("failed to diff network map: %v", err) - } - - if metric != nil { - metric.UpdateChannelMetrics().CountNetworkMapDiffDurationMicro(time.Since(startTime)) - } - - return len(changelog) > 0, nil -} - -// getChecksFiles returns a list of files from the given checks. -func getChecksFiles(checks []*proto.Checks) []string { - files := make([]string, 0, len(checks)) - for _, check := range checks { - files = append(files, check.GetFiles()...) - } - return files -} diff --git a/management/server/updatechannel_test.go b/management/server/updatechannel_test.go index b8a0ce45f..69f5b895c 100644 --- a/management/server/updatechannel_test.go +++ b/management/server/updatechannel_test.go @@ -2,21 +2,10 @@ package server import ( "context" - "net" - "net/netip" "testing" "time" - "github.com/stretchr/testify/assert" - - nbdns "github.com/netbirdio/netbird/dns" - "github.com/netbirdio/netbird/management/domain" "github.com/netbirdio/netbird/management/proto" - nbpeer "github.com/netbirdio/netbird/management/server/peer" - "github.com/netbirdio/netbird/management/server/posture" - "github.com/netbirdio/netbird/management/server/telemetry" - nbroute "github.com/netbirdio/netbird/route" - "github.com/netbirdio/netbird/util" ) // var peersUpdater *PeersUpdateManager @@ -88,474 +77,3 @@ func TestCloseChannel(t *testing.T) { t.Error("Error closing the channel") } } - -func TestHandlePeerMessageUpdate(t *testing.T) { - tests := []struct { - name string - peerID string - existingUpdate *UpdateMessage - newUpdate *UpdateMessage - expectedResult bool - }{ - { - name: "update message with turn credentials update", - peerID: "peer", - newUpdate: &UpdateMessage{ - Update: &proto.SyncResponse{ - WiretrusteeConfig: &proto.WiretrusteeConfig{}, - }, - }, - expectedResult: true, - }, - { - name: "update message for peer without existing update", - peerID: "peer1", - newUpdate: &UpdateMessage{ - Update: &proto.SyncResponse{ - NetworkMap: &proto.NetworkMap{Serial: 1}, - }, - NetworkMap: &NetworkMap{Network: &Network{Serial: 2}}, - }, - expectedResult: true, - }, - { - name: "update message with no changes in update", - peerID: "peer2", - existingUpdate: &UpdateMessage{ - Update: &proto.SyncResponse{ - NetworkMap: &proto.NetworkMap{Serial: 1}, - }, - NetworkMap: &NetworkMap{Network: &Network{Serial: 1}}, - }, - newUpdate: &UpdateMessage{ - Update: &proto.SyncResponse{ - NetworkMap: &proto.NetworkMap{Serial: 1}, - }, - NetworkMap: &NetworkMap{Network: &Network{Serial: 1}}, - }, - expectedResult: false, - }, - { - name: "update message with changes in checks", - peerID: "peer3", - existingUpdate: &UpdateMessage{ - Update: &proto.SyncResponse{ - NetworkMap: &proto.NetworkMap{Serial: 1}, - }, - NetworkMap: &NetworkMap{Network: &Network{Serial: 1}}, - }, - newUpdate: &UpdateMessage{ - Update: &proto.SyncResponse{ - NetworkMap: &proto.NetworkMap{Serial: 2}, - Checks: []*proto.Checks{ - { - Files: []string{"/usr/bin/netbird"}, - }, - }, - }, - NetworkMap: &NetworkMap{Network: &Network{Serial: 2}}, - }, - expectedResult: true, - }, - { - name: "update message with lower serial number", - peerID: "peer4", - existingUpdate: &UpdateMessage{ - Update: &proto.SyncResponse{ - NetworkMap: &proto.NetworkMap{Serial: 2}, - }, - NetworkMap: &NetworkMap{Network: &Network{Serial: 2}}, - }, - newUpdate: &UpdateMessage{ - Update: &proto.SyncResponse{ - NetworkMap: &proto.NetworkMap{Serial: 1}, - }, - NetworkMap: &NetworkMap{Network: &Network{Serial: 1}}, - }, - expectedResult: false, - }, - } - - for _, tt := range tests { - metrics, err := telemetry.NewDefaultAppMetrics(context.Background()) - if err != nil { - t.Fatal(err) - } - t.Run(tt.name, func(t *testing.T) { - p := NewPeersUpdateManager(metrics) - ctx := context.Background() - - if tt.existingUpdate != nil { - p.peerUpdateMessage[tt.peerID] = tt.existingUpdate - } - - result := p.handlePeerMessageUpdate(ctx, tt.peerID, tt.newUpdate) - assert.Equal(t, tt.expectedResult, result) - }) - } -} - -func TestIsNewPeerUpdateMessage(t *testing.T) { - t.Run("Unchanged value", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.False(t, message) - }) - - t.Run("Unchanged value with serial incremented", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - newUpdateMessage2.Update.NetworkMap.Serial++ - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.False(t, message) - }) - - t.Run("Updating routes network", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - newUpdateMessage2.NetworkMap.Routes[0].Network = netip.MustParsePrefix("1.1.1.1/32") - newUpdateMessage2.Update.NetworkMap.Serial++ - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.True(t, message) - - }) - - t.Run("Updating routes groups", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - newUpdateMessage2.NetworkMap.Routes[0].Groups = []string{"randomGroup1"} - newUpdateMessage2.Update.NetworkMap.Serial++ - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.True(t, message) - }) - - t.Run("Updating network map peers", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - newPeer := &nbpeer.Peer{ - IP: net.ParseIP("192.168.1.4"), - SSHEnabled: true, - Key: "peer4-key", - DNSLabel: "peer4", - SSHKey: "peer4-ssh-key", - } - newUpdateMessage2.NetworkMap.Peers = append(newUpdateMessage2.NetworkMap.Peers, newPeer) - newUpdateMessage2.Update.NetworkMap.Serial++ - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.True(t, message) - }) - - t.Run("Updating process check", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - - newUpdateMessage2 := createMockUpdateMessage(t) - newUpdateMessage2.Update.NetworkMap.Serial++ - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.False(t, message) - - newUpdateMessage3 := createMockUpdateMessage(t) - newUpdateMessage3.Update.Checks = []*proto.Checks{} - newUpdateMessage3.Update.NetworkMap.Serial++ - message, err = isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage3, nil) - assert.NoError(t, err) - assert.True(t, message) - - newUpdateMessage4 := createMockUpdateMessage(t) - check := &posture.Checks{ - Checks: posture.ChecksDefinition{ - ProcessCheck: &posture.ProcessCheck{ - Processes: []posture.Process{ - { - LinuxPath: "/usr/local/netbird", - MacPath: "/usr/bin/netbird", - }, - }, - }, - }, - } - newUpdateMessage4.Update.Checks = []*proto.Checks{toProtocolCheck(check)} - newUpdateMessage4.Update.NetworkMap.Serial++ - message, err = isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage4, nil) - assert.NoError(t, err) - assert.True(t, message) - - newUpdateMessage5 := createMockUpdateMessage(t) - check = &posture.Checks{ - Checks: posture.ChecksDefinition{ - ProcessCheck: &posture.ProcessCheck{ - Processes: []posture.Process{ - { - LinuxPath: "/usr/bin/netbird", - WindowsPath: "C:\\Program Files\\netbird\\netbird.exe", - MacPath: "/usr/local/netbird", - }, - }, - }, - }, - } - newUpdateMessage5.Update.Checks = []*proto.Checks{toProtocolCheck(check)} - newUpdateMessage5.Update.NetworkMap.Serial++ - message, err = isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage5, nil) - assert.NoError(t, err) - assert.True(t, message) - }) - - t.Run("Updating DNS configuration", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - newDomain := "newexample.com" - newUpdateMessage2.NetworkMap.DNSConfig.NameServerGroups[0].Domains = append( - newUpdateMessage2.NetworkMap.DNSConfig.NameServerGroups[0].Domains, - newDomain, - ) - newUpdateMessage2.Update.NetworkMap.Serial++ - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.True(t, message) - }) - - t.Run("Updating peer IP", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - newUpdateMessage2.NetworkMap.Peers[0].IP = net.ParseIP("192.168.1.10") - newUpdateMessage2.Update.NetworkMap.Serial++ - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.True(t, message) - }) - - t.Run("Updating firewall rule", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - newUpdateMessage2.NetworkMap.FirewallRules[0].Port = "443" - newUpdateMessage2.Update.NetworkMap.Serial++ - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.True(t, message) - }) - - t.Run("Add new firewall rule", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - newRule := &FirewallRule{ - PeerIP: "192.168.1.3", - Direction: firewallRuleDirectionOUT, - Action: string(PolicyTrafficActionDrop), - Protocol: string(PolicyRuleProtocolUDP), - Port: "53", - } - newUpdateMessage2.NetworkMap.FirewallRules = append(newUpdateMessage2.NetworkMap.FirewallRules, newRule) - newUpdateMessage2.Update.NetworkMap.Serial++ - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.True(t, message) - }) - - t.Run("Removing nameserver", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - newUpdateMessage2.NetworkMap.DNSConfig.NameServerGroups[0].NameServers = make([]nbdns.NameServer, 0) - newUpdateMessage2.Update.NetworkMap.Serial++ - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.True(t, message) - }) - - t.Run("Updating name server IP", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - newUpdateMessage2.NetworkMap.DNSConfig.NameServerGroups[0].NameServers[0].IP = netip.MustParseAddr("8.8.4.4") - newUpdateMessage2.Update.NetworkMap.Serial++ - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.True(t, message) - }) - - t.Run("Updating custom DNS zone", func(t *testing.T) { - newUpdateMessage1 := createMockUpdateMessage(t) - newUpdateMessage2 := createMockUpdateMessage(t) - - newUpdateMessage2.NetworkMap.DNSConfig.CustomZones[0].Records[0].RData = "100.64.0.2" - newUpdateMessage2.Update.NetworkMap.Serial++ - - message, err := isNewPeerUpdateMessage(context.Background(), newUpdateMessage1, newUpdateMessage2, nil) - assert.NoError(t, err) - assert.True(t, message) - }) - -} - -func createMockUpdateMessage(t *testing.T) *UpdateMessage { - t.Helper() - - _, ipNet, err := net.ParseCIDR("192.168.1.0/24") - if err != nil { - t.Fatal(err) - } - domainList, err := domain.FromStringList([]string{"example.com"}) - if err != nil { - t.Fatal(err) - } - - config := &Config{ - Signal: &Host{ - Proto: "https", - URI: "signal.uri", - Username: "", - Password: "", - }, - Stuns: []*Host{{URI: "stun.uri", Proto: UDP}}, - TURNConfig: &TURNConfig{ - Turns: []*Host{{URI: "turn.uri", Proto: UDP, Username: "turn-user", Password: "turn-pass"}}, - }, - } - peer := &nbpeer.Peer{ - IP: net.ParseIP("192.168.1.1"), - SSHEnabled: true, - Key: "peer-key", - DNSLabel: "peer1", - SSHKey: "peer1-ssh-key", - } - - secretManager := NewTimeBasedAuthSecretsManager( - NewPeersUpdateManager(nil), - &TURNConfig{ - TimeBasedCredentials: false, - CredentialsTTL: util.Duration{ - Duration: defaultDuration, - }, - Secret: "secret", - Turns: []*Host{TurnTestHost}, - }, - &Relay{ - Addresses: []string{"localhost:0"}, - CredentialsTTL: util.Duration{Duration: time.Hour}, - Secret: "secret", - }, - ) - - networkMap := &NetworkMap{ - Network: &Network{Net: *ipNet, Serial: 1000}, - Peers: []*nbpeer.Peer{{IP: net.ParseIP("192.168.1.2"), Key: "peer2-key", DNSLabel: "peer2", SSHEnabled: true, SSHKey: "peer2-ssh-key"}}, - OfflinePeers: []*nbpeer.Peer{{IP: net.ParseIP("192.168.1.3"), Key: "peer3-key", DNSLabel: "peer3", SSHEnabled: true, SSHKey: "peer3-ssh-key"}}, - Routes: []*nbroute.Route{ - { - ID: "route1", - Network: netip.MustParsePrefix("10.0.0.0/24"), - KeepRoute: true, - NetID: "route1", - Peer: "peer1", - NetworkType: 1, - Masquerade: true, - Metric: 9999, - Enabled: true, - Groups: []string{"test1", "test2"}, - }, - { - ID: "route2", - Domains: domainList, - KeepRoute: true, - NetID: "route2", - Peer: "peer1", - NetworkType: 1, - Masquerade: true, - Metric: 9999, - Enabled: true, - Groups: []string{"test1", "test2"}, - }, - }, - DNSConfig: nbdns.Config{ - ServiceEnable: true, - NameServerGroups: []*nbdns.NameServerGroup{ - { - NameServers: []nbdns.NameServer{{ - IP: netip.MustParseAddr("8.8.8.8"), - NSType: nbdns.UDPNameServerType, - Port: nbdns.DefaultDNSPort, - }}, - Primary: true, - Domains: []string{"example.com"}, - Enabled: true, - SearchDomainsEnabled: true, - }, - { - ID: "ns1", - NameServers: []nbdns.NameServer{{ - IP: netip.MustParseAddr("1.1.1.1"), - NSType: nbdns.UDPNameServerType, - Port: nbdns.DefaultDNSPort, - }}, - Groups: []string{"group1"}, - Primary: true, - Domains: []string{"example.com"}, - Enabled: true, - SearchDomainsEnabled: true, - }, - }, - CustomZones: []nbdns.CustomZone{{Domain: "example.com", Records: []nbdns.SimpleRecord{{Name: "example.com", Type: 1, Class: "IN", TTL: 60, RData: "100.64.0.1"}}}}, - }, - FirewallRules: []*FirewallRule{ - {PeerIP: "192.168.1.2", Direction: firewallRuleDirectionIN, Action: string(PolicyTrafficActionAccept), Protocol: string(PolicyRuleProtocolTCP), Port: "80"}, - }, - } - dnsName := "example.com" - checks := []*posture.Checks{ - { - Checks: posture.ChecksDefinition{ - ProcessCheck: &posture.ProcessCheck{ - Processes: []posture.Process{ - { - LinuxPath: "/usr/bin/netbird", - WindowsPath: "C:\\Program Files\\netbird\\netbird.exe", - MacPath: "/usr/bin/netbird", - }, - }, - }, - }, - }, - } - dnsCache := &DNSConfigCache{} - - turnToken, err := secretManager.GenerateTurnToken() - if err != nil { - t.Fatal(err) - } - - relayToken, err := secretManager.GenerateRelayToken() - if err != nil { - t.Fatal(err) - } - - return &UpdateMessage{ - Update: toSyncResponse(context.Background(), config, peer, turnToken, relayToken, networkMap, dnsName, checks, dnsCache), - NetworkMap: networkMap, - } -}