Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[management] Refactor group to use store methods #2867

Merged
merged 27 commits into from
Nov 15, 2024
Merged
Show file tree
Hide file tree
Changes from 24 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
389c961
Refactor setup key handling to use store methods
bcmmbaga Nov 7, 2024
78044c2
add lock to get account groups
bcmmbaga Nov 7, 2024
1a5f3c6
add check for regular user
bcmmbaga Nov 7, 2024
931521d
get only required groups for auto-group validation
bcmmbaga Nov 7, 2024
f8b5eed
add account lock and return auto groups map on validation
bcmmbaga Nov 8, 2024
106fc75
refactor account peers update
bcmmbaga Nov 8, 2024
0a70e4c
Refactor groups to use store methods
bcmmbaga Nov 8, 2024
8126d95
refactor GetGroupByID and add NewGroupNotFoundError
bcmmbaga Nov 8, 2024
ac05f69
fix tests
bcmmbaga Nov 8, 2024
40af1a5
Merge branch 'feature/get-account-refactoring' into setupkey-get-acco…
bcmmbaga Nov 8, 2024
d58cf50
Merge branch 'setupkey-get-account-refactoring' into groups-get-accou…
bcmmbaga Nov 8, 2024
7100be8
Add AddPeer and RemovePeer methods to Group struct
bcmmbaga Nov 8, 2024
6dc185e
Preserve store engine in SqlStore transactions
bcmmbaga Nov 8, 2024
bdeb95c
Run groups ops in transaction
bcmmbaga Nov 8, 2024
3ed8b9c
fix missing group removed from setup key activity
bcmmbaga Nov 8, 2024
cc04aef
Merge branch 'setupkey-get-account-refactoring' into groups-get-accou…
bcmmbaga Nov 8, 2024
871500c
fix merge
bcmmbaga Nov 8, 2024
010a8bf
Merge branch 'main' into groups-get-account-refactoring
bcmmbaga Nov 11, 2024
664d138
fix merge
bcmmbaga Nov 11, 2024
ab00c41
fix sonar
bcmmbaga Nov 11, 2024
113c21b
Change setup key log level to debug for missing group
bcmmbaga Nov 11, 2024
d23b5c8
Retrieve modified peers once for group events
bcmmbaga Nov 11, 2024
2806d73
Add tests
bcmmbaga Nov 12, 2024
ed259a6
Merge branch 'main' into groups-get-account-refactoring
bcmmbaga Nov 12, 2024
ed047ec
Add account locking and merge group deletion methods
bcmmbaga Nov 13, 2024
a4d905f
Fix tests
bcmmbaga Nov 13, 2024
92b9e11
Merge branch 'main' into groups-get-account-refactoring
bcmmbaga Nov 15, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 14 additions & 15 deletions management/server/account.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,6 @@ type AccountManager interface {
SaveGroups(ctx context.Context, accountID, userID string, newGroups []*nbgroup.Group) error
DeleteGroup(ctx context.Context, accountId, userId, groupID string) error
DeleteGroups(ctx context.Context, accountId, userId string, groupIDs []string) error
ListGroups(ctx context.Context, accountId string) ([]*nbgroup.Group, error)
GroupAddPeer(ctx context.Context, accountId, groupID, peerID string) error
GroupDeletePeer(ctx context.Context, accountId, groupID, peerID string) error
GetPolicy(ctx context.Context, accountID, policyID, userID string) (*Policy, error)
Expand Down Expand Up @@ -1435,7 +1434,7 @@ func isNil(i idp.Manager) bool {
// addAccountIDToIDPAppMeta update user's app metadata in idp manager
func (am *DefaultAccountManager) addAccountIDToIDPAppMeta(ctx context.Context, userID string, accountID string) error {
if !isNil(am.idpManager) {
accountUsers, err := am.Store.GetAccountUsers(ctx, accountID)
accountUsers, err := am.Store.GetAccountUsers(ctx, LockingStrengthShare, accountID)
if err != nil {
return err
}
Expand Down Expand Up @@ -2083,7 +2082,7 @@ func (am *DefaultAccountManager) syncJWTGroups(ctx context.Context, accountID st
return fmt.Errorf("error saving groups: %w", err)
}

if err = transaction.IncrementNetworkSerial(ctx, accountID); err != nil {
if err = transaction.IncrementNetworkSerial(ctx, LockingStrengthUpdate, accountID); err != nil {
return fmt.Errorf("error incrementing network serial: %w", err)
}
}
Expand All @@ -2101,7 +2100,7 @@ func (am *DefaultAccountManager) syncJWTGroups(ctx context.Context, accountID st
}

for _, g := range addNewGroups {
group, err := am.Store.GetGroupByID(ctx, LockingStrengthShare, g, accountID)
group, err := am.Store.GetGroupByID(ctx, LockingStrengthShare, accountID, g)
if err != nil {
log.WithContext(ctx).Debugf("group %s not found while saving user activity event of account %s", g, accountID)
} else {
Expand All @@ -2114,7 +2113,7 @@ func (am *DefaultAccountManager) syncJWTGroups(ctx context.Context, accountID st
}

for _, g := range removeOldGroups {
group, err := am.Store.GetGroupByID(ctx, LockingStrengthShare, g, accountID)
group, err := am.Store.GetGroupByID(ctx, LockingStrengthShare, accountID, g)
if err != nil {
log.WithContext(ctx).Debugf("group %s not found while saving user activity event of account %s", g, accountID)
} else {
Expand All @@ -2127,14 +2126,19 @@ func (am *DefaultAccountManager) syncJWTGroups(ctx context.Context, accountID st
}

if settings.GroupsPropagationEnabled {
account, err := am.requestBuffer.GetAccountWithBackpressure(ctx, accountID)
removedGroupAffectsPeers, err := areGroupChangesAffectPeers(ctx, am.Store, accountID, removeOldGroups)
if err != nil {
return status.NewGetAccountError(err)
return err
}

if areGroupChangesAffectPeers(account, addNewGroups) || areGroupChangesAffectPeers(account, removeOldGroups) {
newGroupsAffectsPeers, err := areGroupChangesAffectPeers(ctx, am.Store, accountID, addNewGroups)
if err != nil {
return err
}

if removedGroupAffectsPeers || newGroupsAffectsPeers {
log.WithContext(ctx).Tracef("user %s: JWT group membership changed, updating account peers", claims.UserId)
am.updateAccountPeers(ctx, account)
am.updateAccountPeers(ctx, accountID)
}
}

Expand Down Expand Up @@ -2398,12 +2402,7 @@ func (am *DefaultAccountManager) CheckUserAccessByJWTGroups(ctx context.Context,

func (am *DefaultAccountManager) onPeersInvalidated(ctx context.Context, accountID string) {
log.WithContext(ctx).Debugf("validated peers has been invalidated for account %s", accountID)
updatedAccount, err := am.Store.GetAccount(ctx, accountID)
if err != nil {
log.WithContext(ctx).Errorf("failed to get account %s: %v", accountID, err)
return
}
am.updateAccountPeers(ctx, updatedAccount)
am.updateAccountPeers(ctx, accountID)
}

func (am *DefaultAccountManager) FindExistingPostureCheck(accountID string, checks *posture.ChecksDefinition) (*posture.Checks, error) {
Expand Down
12 changes: 7 additions & 5 deletions management/server/account_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1413,11 +1413,13 @@ func TestAccountManager_NetworkUpdates_DeleteGroup(t *testing.T) {
updMsg := manager.peersUpdateManager.CreateChannel(context.Background(), peer1.ID)
defer manager.peersUpdateManager.CloseChannel(context.Background(), peer1.ID)

group := group.Group{
err := manager.SaveGroup(context.Background(), account.Id, userID, &group.Group{
ID: "groupA",
Name: "GroupA",
Peers: []string{peer1.ID, peer2.ID, peer3.ID},
}
})

require.NoError(t, err, "failed to save group")

policy := Policy{
Enabled: true,
Expand Down Expand Up @@ -1460,7 +1462,7 @@ func TestAccountManager_NetworkUpdates_DeleteGroup(t *testing.T) {
return
}

if err := manager.DeleteGroup(context.Background(), account.Id, "", group.ID); err != nil {
if err := manager.DeleteGroup(context.Background(), account.Id, userID, "groupA"); err != nil {
t.Errorf("delete group: %v", err)
return
}
Expand Down Expand Up @@ -2714,7 +2716,7 @@ func TestAccount_SetJWTGroups(t *testing.T) {
assert.NoError(t, err, "unable to get user")
assert.Len(t, user.AutoGroups, 0)

group1, err := manager.Store.GetGroupByID(context.Background(), LockingStrengthShare, "group1", "accountID")
group1, err := manager.Store.GetGroupByID(context.Background(), LockingStrengthShare, "accountID", "group1")
assert.NoError(t, err, "unable to get group")
assert.Equal(t, group1.Issued, group.GroupIssuedAPI, "group should be api issued")
})
Expand All @@ -2734,7 +2736,7 @@ func TestAccount_SetJWTGroups(t *testing.T) {
assert.NoError(t, err, "unable to get user")
assert.Len(t, user.AutoGroups, 1)

group1, err := manager.Store.GetGroupByID(context.Background(), LockingStrengthShare, "group1", "accountID")
group1, err := manager.Store.GetGroupByID(context.Background(), LockingStrengthShare, "accountID", "group1")
assert.NoError(t, err, "unable to get group")
assert.Equal(t, group1.Issued, group.GroupIssuedAPI, "group should be api issued")
})
Expand Down
2 changes: 1 addition & 1 deletion management/server/dns.go
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ func (am *DefaultAccountManager) SaveDNSSettings(ctx context.Context, accountID
}

if anyGroupHasPeers(account, addedGroups) || anyGroupHasPeers(account, removedGroups) {
am.updateAccountPeers(ctx, account)
am.updateAccountPeers(ctx, accountID)
}

return nil
Expand Down
Loading
Loading