Merge branch 'feature/validate-group-association' into feature/validate-group-association-debug

2025-01-21 05:19:33 +01:00 · 2024-10-21 17:12:42 +03:00 · 2024-10-21 17:12:42 +03:00 · 86ce2ed72b
commit 86ce2ed72b
parent 5c0e4097d8 070e1dd890
5 changed files with 31 additions and 4 deletions
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@ -19,7 +19,7 @@ jobs:
      - name: codespell
        uses: codespell-project/actions-codespell@v2
        with:
-          ignore_words_list: erro,clienta,hastable,iif
+          ignore_words_list: erro,clienta,hastable,iif,groupD
          skip: go.mod,go.sum
          only_warn: 1
  golangci:
--- a/management/server/group.go
+++ b/management/server/group.go
@ -495,6 +495,9 @@ func anyGroupHasPeers(account *Account, groupIDs []string) bool {

 func areGroupChangesAffectPeers(account *Account, groupIDs []string) bool {
 	for _, groupID := range groupIDs {
+		if slices.Contains(account.DNSSettings.DisabledManagementGroups, groupID) {
+			return true
+		}
 		if linked, _ := isGroupLinkedToDns(account.NameServerGroups, groupID); linked {
 			return true
 		}
--- a/management/server/nameserver.go
+++ b/management/server/nameserver.go
@ -108,7 +108,7 @@ func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accoun
 		return err
 	}

-	if anyGroupHasPeers(account, nsGroupToSave.Groups) || anyGroupHasPeers(account, oldNSGroup.Groups) {
+	if areNameServerGroupChangesAffectPeers(account, nsGroupToSave, oldNSGroup) {
 		am.updateAccountPeers(ctx, account)
 	} else {
 		log.WithContext(ctx).Tracef("Skipping account peers update for ns group: %s", nsGroupToSave.ID)
@ -284,3 +284,11 @@ func validateDomain(domain string) error {

 	return nil
 }
+
+// areNameServerGroupChangesAffectPeers checks if the changes in the nameserver group affect the peers.
+func areNameServerGroupChangesAffectPeers(account *Account, newNSGroup, oldNSGroup *nbdns.NameServerGroup) bool {
+	if !newNSGroup.Enabled && !oldNSGroup.Enabled {
+		return false
+	}
+	return anyGroupHasPeers(account, newNSGroup.Groups) || anyGroupHasPeers(account, oldNSGroup.Groups)
+}
--- a/management/server/policy.go
+++ b/management/server/policy.go
@ -463,6 +463,10 @@ func (am *DefaultAccountManager) savePolicy(account *Account, policyToSave *Poli
 		}

 		oldPolicy := account.Policies[policyIdx]
+		if !policyToSave.Enabled && !oldPolicy.Enabled {
+			return false, nil
+		}
+
 		updateAccountPeers := anyGroupHasPeers(account, oldPolicy.ruleGroups()) || anyGroupHasPeers(account, policyToSave.ruleGroups())

 		// Update the existing policy
--- a/management/server/posture_checks.go
+++ b/management/server/posture_checks.go
@ -69,8 +69,7 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI

 	am.StoreEvent(ctx, userID, postureChecks.ID, accountID, action, postureChecks.EventMeta())

-	isLinked, linkedPolicy := isPostureCheckLinkedToPolicy(account, postureChecks.ID)
-	if exists && isLinked && anyGroupHasPeers(account, linkedPolicy.ruleGroups()) {
+	if arePostureCheckChangesAffectingPeers(account, postureChecks.ID, exists) {
 		am.updateAccountPeers(ctx, account)
 	} else {
 		log.WithContext(ctx).Tracef("Skipping account peers update for posture checks: %s", postureChecks.ID)
@ -227,3 +226,16 @@ func isPostureCheckLinkedToPolicy(account *Account, postureChecksID string) (boo
 	}
 	return false, nil
 }
+
+// arePostureCheckChangesAffectingPeers checks if the changes in posture checks are affecting peers.
+func arePostureCheckChangesAffectingPeers(account *Account, postureCheckID string, exists bool) bool {
+	if !exists {
+		return false
+	}
+
+	isLinked, linkedPolicy := isPostureCheckLinkedToPolicy(account, postureCheckID)
+	if !isLinked {
+		return false
+	}
+	return anyGroupHasPeers(account, linkedPolicy.ruleGroups())
+}