-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[management] Skip account peers update if no changes affect peers #2310
base: feature/optimize-network-map-updates
Are you sure you want to change the base?
[management] Skip account peers update if no changes affect peers #2310
Conversation
…eature/validate-group-association
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Refactor the condition for updating account peers to remove redundant checks Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
beb8bbd
to
4e2cf9c
Compare
management/server/group_test.go
Outdated
// adding a group to policy | ||
err = manager.SavePolicy(context.Background(), account.Id, userID, &Policy{ | ||
ID: "policy", | ||
Enabled: true, | ||
Rules: []*PolicyRule{ | ||
{ | ||
Enabled: true, | ||
Sources: []string{"groupA"}, | ||
Destinations: []string{"groupA"}, | ||
Bidirectional: true, | ||
Action: PolicyTrafficActionAccept, | ||
}, | ||
}, | ||
}) | ||
assert.NoError(t, err) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is ugly but I think we should copy the group chnaged tests for each resource type?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also for policy we should copy the tests for all 3 cases, source and dest group have peers and sorce has peers but not dest and dest has peers but not source
management/server/nameserver_test.go
Outdated
t.Run("creating nameserver group with distribution group no peers", func(t *testing.T) { | ||
done := make(chan struct{}) | ||
go func() { | ||
peerShouldNotReceiveUpdate(t, updMsg) | ||
close(done) | ||
}() | ||
|
||
newNameServerGroup, err = manager.CreateNameServerGroup( | ||
context.Background(), account.Id, "ns-group-1", "ns-group-1", []nbdns.NameServer{{ | ||
IP: netip.MustParseAddr(peer1.IP.String()), | ||
NSType: nbdns.UDPNameServerType, | ||
Port: nbdns.DefaultDNSPort, | ||
}}, | ||
[]string{"group-id"}, | ||
true, []string{}, true, userID, false, | ||
) | ||
assert.NoError(t, err) | ||
|
||
select { | ||
case <-done: | ||
case <-time.After(time.Second): | ||
t.Error("timeout waiting for peerShouldNotReceiveUpdate") | ||
} | ||
}) | ||
|
||
err = manager.GroupAddPeer(context.Background(), account.Id, "group-id", peer1.ID) | ||
assert.NoError(t, err) | ||
|
||
// saving a nameserver group with a distribution group with peers should update account peers and send peer update | ||
t.Run("saving nameserver group with distribution group has peers", func(t *testing.T) { | ||
done := make(chan struct{}) | ||
go func() { | ||
peerShouldReceiveUpdate(t, updMsg) | ||
close(done) | ||
}() | ||
|
||
err = manager.SaveNameServerGroup(context.Background(), account.Id, userID, newNameServerGroup) | ||
assert.NoError(t, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should redo both tests for creating nameserver with group that has peers and saving nameserver with group that has no peers
management/server/peer_test.go
Outdated
// use the group-id in policy | ||
err = manager.SavePolicy(context.Background(), account.Id, userID, &Policy{ | ||
ID: "policy", | ||
Enabled: true, | ||
Rules: []*PolicyRule{ | ||
{ | ||
Enabled: true, | ||
Sources: []string{"group-id"}, | ||
Destinations: []string{"group-id"}, | ||
Bidirectional: true, | ||
Action: PolicyTrafficActionAccept, | ||
}, | ||
}, | ||
}) | ||
require.NoError(t, err) | ||
|
||
// Adding peer with a used group in active dns, route or policy should update account peers and send peer update | ||
t.Run("adding peer with used group", func(t *testing.T) { | ||
done := make(chan struct{}) | ||
go func() { | ||
peerShouldReceiveUpdate(t, updMsg) | ||
close(done) | ||
}() | ||
|
||
key, err := wgtypes.GeneratePrivateKey() | ||
require.NoError(t, err) | ||
|
||
expectedPeerKey := key.PublicKey().String() | ||
peer4, _, _, err = manager.AddPeer(context.Background(), "", "regularUser1", &nbpeer.Peer{ | ||
Key: expectedPeerKey, | ||
LoginExpirationEnabled: true, | ||
Meta: nbpeer.PeerSystemMeta{Hostname: expectedPeerKey}, | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here we should also copy the tests for all resource types
t.Run("updating not expired peer and peer expiration is enabled", func(t *testing.T) { | ||
done := make(chan struct{}) | ||
go func() { | ||
peerShouldNotReceiveUpdate(t, updMsg) | ||
close(done) | ||
}() | ||
|
||
_, err := manager.UpdatePeer(context.Background(), account.Id, userID, peer2) | ||
require.NoError(t, err) | ||
|
||
select { | ||
case <-done: | ||
case <-time.After(time.Second): | ||
t.Error("timeout waiting for peerShouldNotReceiveUpdate") | ||
} | ||
}) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here we need more tests. E.g. peer label chnaged and login expired and the related ones with expiration disabled maybe
management/server/user_test.go
Outdated
require.NoError(t, err) | ||
|
||
// updating user with linked peers should update account peers and send peer update | ||
t.Run("updating user with no linked peers", func(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
t.Run("updating user with no linked peers", func(t *testing.T) { | |
t.Run("updating user with linked peers", func(t *testing.T) { |
management/server/user_test.go
Outdated
} | ||
}) | ||
|
||
_ = peer4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what does this do?
management/server/user_test.go
Outdated
manager.peersUpdateManager.CloseChannel(context.Background(), peer4.ID) | ||
}) | ||
|
||
// deleting user with linked peers should update account peers and no send peer update |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// deleting user with linked peers should update account peers and no send peer update | |
// deleting user with linked peers should update account peers and send peer update |
t.Run("Updating firewall rule", func(t *testing.T) { | ||
newUpdateMessage1 := createMockUpdateMessage(t) | ||
newUpdateMessage2 := createMockUpdateMessage(t) | ||
|
||
newUpdateMessage2.NetworkMap.FirewallRules[0].Port = "443" | ||
newUpdateMessage2.Update.NetworkMap.Serial++ | ||
|
||
message, err := isNewPeerUpdateMessage(newUpdateMessage1, newUpdateMessage2) | ||
assert.NoError(t, err) | ||
assert.True(t, message) | ||
}) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Either we need to check each single field for changes in the test or preferably add tests for the diff classes. We need to test for diff in each possible field while making sure that if we add a field that the test is not covering we need to notice. Or we are able to do the diffs generic whitout the need of checking each field separately
d37e482
to
4e2cf9c
Compare
…date-group-association # Conflicts: # management/server/account.go # management/server/peer.go # management/server/peer_test.go # management/server/policy.go # management/server/route.go # management/server/route_test.go
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Signed-off-by: bcmmbaga <[email protected]>
Quality Gate passedIssues Measures |
Describe your changes
This PR optimizes account peer updates to trigger only when necessary, reducing unnecessary network map processing and updates. These changes improve efficiency by avoiding redundant updates while ensuring all necessary updates are still performed.
Note: Network map updates are sent only if the new network map differs from the last one sent, except for TURN credential refresh updates. This occurs when the network map has been updated and has a higher serial number than the previous one.
Changes:
Posture Checks:
Policies:
Setup Keys:
Groups:
DNS Settings:
NameServer Groups:
Routes:
Users:
Peers:
Removed unused
UpdatePeerSSHKey
method.Issue ticket number and link
Checklist