Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[management] Refactor peers to use store methods #2893

Merged
merged 132 commits into from
Jan 20, 2025
Merged

[management] Refactor peers to use store methods #2893

Show file tree
Hide file tree
Changes from 78 commits
Commits
Show all changes
132 commits
Select commit Hold shift + click to select a range
389c961
Refactor setup key handling to use store methods
bcmmbaga Nov 7, 2024
78044c2
add lock to get account groups
bcmmbaga Nov 7, 2024
1a5f3c6
add check for regular user
bcmmbaga Nov 7, 2024
931521d
get only required groups for auto-group validation
bcmmbaga Nov 7, 2024
f8b5eed
add account lock and return auto groups map on validation
bcmmbaga Nov 8, 2024
106fc75
refactor account peers update
bcmmbaga Nov 8, 2024
0a70e4c
Refactor groups to use store methods
bcmmbaga Nov 8, 2024
8126d95
refactor GetGroupByID and add NewGroupNotFoundError
bcmmbaga Nov 8, 2024
ac05f69
fix tests
bcmmbaga Nov 8, 2024
40af1a5
Merge branch 'feature/get-account-refactoring' into setupkey-get-acco…
bcmmbaga Nov 8, 2024
d58cf50
Merge branch 'setupkey-get-account-refactoring' into groups-get-accou…
bcmmbaga Nov 8, 2024
7100be8
Add AddPeer and RemovePeer methods to Group struct
bcmmbaga Nov 8, 2024
6dc185e
Preserve store engine in SqlStore transactions
bcmmbaga Nov 8, 2024
bdeb95c
Run groups ops in transaction
bcmmbaga Nov 8, 2024
3ed8b9c
fix missing group removed from setup key activity
bcmmbaga Nov 8, 2024
cc04aef
Merge branch 'setupkey-get-account-refactoring' into groups-get-accou…
bcmmbaga Nov 8, 2024
871500c
fix merge
bcmmbaga Nov 8, 2024
174e07f
Refactor posture checks to remove get and save account
bcmmbaga Nov 11, 2024
d54b696
fix refactor
bcmmbaga Nov 11, 2024
601d429
fix tests
bcmmbaga Nov 11, 2024
010a8bf
Merge branch 'main' into groups-get-account-refactoring
bcmmbaga Nov 11, 2024
664d138
fix merge
bcmmbaga Nov 11, 2024
ab00c41
fix sonar
bcmmbaga Nov 11, 2024
113c21b
Change setup key log level to debug for missing group
bcmmbaga Nov 11, 2024
d23b5c8
Retrieve modified peers once for group events
bcmmbaga Nov 11, 2024
ffce48c
Merge branch 'groups-get-account-refactoring' into policy-get-account…
bcmmbaga Nov 11, 2024
0c0fd38
Refactor policy get and save account to use store methods
bcmmbaga Nov 12, 2024
2d7f08c
Fix tests
bcmmbaga Nov 12, 2024
2806d73
Add tests
bcmmbaga Nov 12, 2024
00023bf
Merge branch 'groups-get-account-refactoring' into posturechecks-get-…
bcmmbaga Nov 12, 2024
a3abc21
Add tests
bcmmbaga Nov 12, 2024
ed259a6
Merge branch 'main' into groups-get-account-refactoring
bcmmbaga Nov 12, 2024
147971f
Merge branch 'groups-get-account-refactoring' into policy-get-account…
bcmmbaga Nov 12, 2024
446de5e
Merge branch 'groups-get-account-refactoring' into posturechecks-get-…
bcmmbaga Nov 12, 2024
2a59f04
Merge branch 'posturechecks-get-account-refactoring' into policy-get-…
bcmmbaga Nov 12, 2024
32d1b2d
Retrieve policy groups and posture checks once for validation
bcmmbaga Nov 12, 2024
bbaee18
Fix typo
bcmmbaga Nov 12, 2024
50e6389
Merge branch 'posturechecks-get-account-refactoring' into policy-get-…
bcmmbaga Nov 12, 2024
3a915de
Add policy tests
bcmmbaga Nov 12, 2024
9872bee
Refactor anyGroupHasPeers to retrieve all groups once
bcmmbaga Nov 12, 2024
9bc8e6e
Merge branch 'posturechecks-get-account-refactoring' into policy-get-…
bcmmbaga Nov 12, 2024
5601905
Refactor dns settings to use store methods
bcmmbaga Nov 13, 2024
4b943c3
Add tests
bcmmbaga Nov 13, 2024
ed047ec
Add account locking and merge group deletion methods
bcmmbaga Nov 13, 2024
a4d905f
Fix tests
bcmmbaga Nov 13, 2024
218345e
Refactor name server groups to use store methods
bcmmbaga Nov 13, 2024
ef55b9e
Add tests
bcmmbaga Nov 13, 2024
6315644
Add peer store methods
bcmmbaga Nov 14, 2024
8420a52
Refactor ephemeral peers
bcmmbaga Nov 14, 2024
f5e7449
Add lock for peer store methods
bcmmbaga Nov 14, 2024
7d849a9
Refactor peer handlers
bcmmbaga Nov 14, 2024
c557c98
Refactor peer to use store methods
bcmmbaga Nov 14, 2024
f6f7260
Fix tests
bcmmbaga Nov 14, 2024
92b9e11
Merge branch 'main' into groups-get-account-refactoring
bcmmbaga Nov 15, 2024
4ef3890
Fix typo
bcmmbaga Nov 15, 2024
51c1ec2
Add locks and remove log
bcmmbaga Nov 15, 2024
1ff8f61
Merge branch 'main' into groups-get-account-refactoring
bcmmbaga Nov 15, 2024
d4c7124
Merge branch 'groups-get-account-refactoring' into posturechecks-get-…
bcmmbaga Nov 15, 2024
a61e9da
run peer ops in transaction
bcmmbaga Nov 18, 2024
a2fb274
remove duplicate store method
bcmmbaga Nov 18, 2024
a2a49bd
fix peer fields updated after save
bcmmbaga Nov 18, 2024
48edfa6
add tests
bcmmbaga Nov 18, 2024
6dd56e3
Merge branch 'posturechecks-get-account-refactoring' into policy-get-…
bcmmbaga Nov 18, 2024
ec6438e
Use update strength and simplify check
bcmmbaga Nov 18, 2024
df98c67
prevent changing ruleID when not empty
bcmmbaga Nov 18, 2024
b60e2c3
prevent duplicate rules during updates
bcmmbaga Nov 18, 2024
20fc8e8
fix tests
bcmmbaga Nov 18, 2024
0ee56e1
fix lint
bcmmbaga Nov 19, 2024
82746d9
Use UTC time in test
bcmmbaga Nov 21, 2024
bdb2a76
Merge branch 'main' into policy-get-account-refactoring
bcmmbaga Nov 25, 2024
79822cd
Merge branch 'policy-get-account-refactoring' into dns-get-account-re…
bcmmbaga Nov 25, 2024
72bfc9d
Merge branch 'dns-get-account-refactoring' into nameserver-get-accoun…
bcmmbaga Nov 25, 2024
2e6bbac
Merge branch 'main' into nameserver-get-account-refactoring
bcmmbaga Nov 26, 2024
b213987
Merge branch 'nameserver-get-account-refactoring' into peers-get-acco…
bcmmbaga Nov 27, 2024
21561a2
Merge branch 'main' into peers-get-account-refactoring
bcmmbaga Nov 27, 2024
fde9f2f
Add store locks and prevent fetching setup keys peers when retrieving…
bcmmbaga Nov 28, 2024
a22d504
Add missing tests
bcmmbaga Nov 28, 2024
cde0e51
Refactor test names and remove duplicate TestPostgresql_SavePeerStatus
bcmmbaga Nov 28, 2024
f87bc60
Add account locks and remove redundant ephemeral check
bcmmbaga Nov 28, 2024
1ba6eb6
Retrieve all groups for peers and restrict groups for regular users
bcmmbaga Nov 28, 2024
dea6886
Merge branch 'main' into peers-get-account-refactoring
bcmmbaga Nov 28, 2024
d66140f
Fix merge
bcmmbaga Nov 28, 2024
8c4613b
Merge branch 'main' into peers-get-account-refactoring
bcmmbaga Nov 28, 2024
a3663fb
Merge branch 'main' into peers-get-account-refactoring
bcmmbaga Nov 29, 2024
a05bd46
Merge branch 'main' into peers-get-account-refactoring
bcmmbaga Dec 6, 2024
9a96b91
Fix merge
bcmmbaga Dec 9, 2024
9d86f76
Merge branch 'main' into peers-get-account-refactoring
bcmmbaga Jan 8, 2025
baf2112
fix merge
bcmmbaga Jan 8, 2025
fa1eaa0
fix store tests
bcmmbaga Jan 9, 2025
2e596fb
use account object to get validated peers
bcmmbaga Jan 10, 2025
b132526
Merge branch 'main' into peers-get-account-refactoring
bcmmbaga Jan 13, 2025
d1e5d58
Fix merge
bcmmbaga Jan 13, 2025
3cc6d38
Improve peer performance
bcmmbaga Jan 13, 2025
48af90c
Get account direct from store without buffer
bcmmbaga Jan 13, 2025
c603c40
Add get peer groups tests
bcmmbaga Jan 13, 2025
7a9c75d
Adjust benchmarks
bcmmbaga Jan 13, 2025
eb062c0
Adjust benchmarks
bcmmbaga Jan 14, 2025
aa0480c
[management] Update benchmark workflow (#3181)
pascal-fischer Jan 14, 2025
47a18db
update local benchmark expectations
pascal-fischer Jan 14, 2025
9ff56ea
update cloud expectations
pascal-fischer Jan 14, 2025
cd15c85
Add status error for generic result error
bcmmbaga Jan 14, 2025
ce73851
Use integrated validator direct
bcmmbaga Jan 14, 2025
3483139
update expectations
pascal-fischer Jan 14, 2025
2706ede
update expectations
pascal-fischer Jan 14, 2025
8b7766e
update expectations
pascal-fischer Jan 14, 2025
acb5340
Merge remote-tracking branch 'origin/peers-get-account-refactoring' i…
bcmmbaga Jan 14, 2025
84aea32
Refactor peer scheduler to retry every 3 seconds on errors
bcmmbaga Jan 14, 2025
29ea44b
update expectations
pascal-fischer Jan 14, 2025
61b38e5
fix validator
pascal-fischer Jan 14, 2025
a5731fe
fix validator
pascal-fischer Jan 14, 2025
44f69c7
fix validator
pascal-fischer Jan 14, 2025
b1e8ed8
update timeouts
pascal-fischer Jan 14, 2025
b15ee5c
Refactor ToGroupsInfo to process slices of groups
bcmmbaga Jan 14, 2025
7baef8c
Merge remote-tracking branch 'origin/peers-get-account-refactoring' i…
bcmmbaga Jan 14, 2025
30b023d
update expectations
pascal-fischer Jan 14, 2025
7241a16
Merge remote-tracking branch 'origin/peers-get-account-refactoring' i…
pascal-fischer Jan 14, 2025
167c80d
update expectations
pascal-fischer Jan 14, 2025
e27db94
update expectations
pascal-fischer Jan 14, 2025
6a81ca2
Bump integrations version
bcmmbaga Jan 15, 2025
2fb399a
Refactor GetValidatedPeers
bcmmbaga Jan 15, 2025
22798ad
Fix tests
bcmmbaga Jan 15, 2025
6367fe4
go mod tidy
bcmmbaga Jan 15, 2025
4afaabb
Use peers and groups map for peers validation
bcmmbaga Jan 15, 2025
aeb6e53
remove mysql from api benchmark tests
pascal-fischer Jan 15, 2025
30ae3aa
Skip user check for system initiated peer deletion
bcmmbaga Jan 16, 2025
d962f7f
Remove context in db calls
bcmmbaga Jan 16, 2025
97ff9a3
[management] Improve group peer/resource counting (#3192)
pascal-fischer Jan 16, 2025
93c8f94
add metrics
pascal-fischer Jan 17, 2025
232c978
revert: add some logs
pascal-fischer Jan 17, 2025
5acfe00
Merge branch 'main' into peers-get-account-refactoring
pascal-fischer Jan 17, 2025
f1ee844
fix import
pascal-fischer Jan 17, 2025
9af9573
[management] extract getSettings calls from transactions (#3206)
pascal-fischer Jan 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
114 changes: 46 additions & 68 deletions management/server/account.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ type AccountManager interface {
GetUser(ctx context.Context, claims jwtclaims.AuthorizationClaims) (*User, error)
ListUsers(ctx context.Context, accountID string) ([]*User, error)
GetPeers(ctx context.Context, accountID, userID string) ([]*nbpeer.Peer, error)
MarkPeerConnected(ctx context.Context, peerKey string, connected bool, realIP net.IP, account *Account) error
MarkPeerConnected(ctx context.Context, peerKey string, connected bool, realIP net.IP, accountID string) error
DeletePeer(ctx context.Context, accountID, peerID, userID string) error
UpdatePeer(ctx context.Context, accountID, userID string, peer *nbpeer.Peer) (*nbpeer.Peer, error)
GetNetworkMap(ctx context.Context, peerID string) (*NetworkMap, error)
Expand All @@ -112,6 +112,7 @@ type AccountManager interface {
DeleteGroups(ctx context.Context, accountId, userId string, groupIDs []string) error
GroupAddPeer(ctx context.Context, accountId, groupID, peerID string) error
GroupDeletePeer(ctx context.Context, accountId, groupID, peerID string) error
GetPeerGroups(ctx context.Context, accountID, peerID string) ([]*nbgroup.Group, error)
GetPolicy(ctx context.Context, accountID, policyID, userID string) (*Policy, error)
SavePolicy(ctx context.Context, accountID, userID string, policy *Policy) (*Policy, error)
DeletePolicy(ctx context.Context, accountID, policyID, userID string) error
Expand All @@ -134,7 +135,7 @@ type AccountManager interface {
GetPeer(ctx context.Context, accountID, peerID, userID string) (*nbpeer.Peer, error)
UpdateAccountSettings(ctx context.Context, accountID, userID string, newSettings *Settings) (*Account, error)
LoginPeer(ctx context.Context, login PeerLogin) (*nbpeer.Peer, *NetworkMap, []*posture.Checks, error) // used by peer gRPC API
SyncPeer(ctx context.Context, sync PeerSync, account *Account) (*nbpeer.Peer, *NetworkMap, []*posture.Checks, error) // used by peer gRPC API
SyncPeer(ctx context.Context, sync PeerSync, accountID string) (*nbpeer.Peer, *NetworkMap, []*posture.Checks, error) // used by peer gRPC API
GetAllConnectedPeers() (map[string]struct{}, error)
HasConnectedChannel(peerID string) bool
GetExternalCacheManager() ExternalCacheManager
Expand All @@ -145,7 +146,7 @@ type AccountManager interface {
GetIdpManager() idp.Manager
UpdateIntegratedValidatorGroups(ctx context.Context, accountID string, userID string, groups []string) error
GroupValidation(ctx context.Context, accountId string, groups []string) (bool, error)
GetValidatedPeers(account *Account) (map[string]struct{}, error)
GetValidatedPeers(ctx context.Context, accountID string) (map[string]struct{}, error)
SyncAndMarkPeer(ctx context.Context, accountID string, peerPubKey string, meta nbpeer.PeerSystemMeta, realIP net.IP) (*nbpeer.Peer, *NetworkMap, []*posture.Checks, error)
OnPeerDisconnected(ctx context.Context, accountID string, peerPubKey string) error
SyncPeerMeta(ctx context.Context, peerPubKey string, meta nbpeer.PeerSystemMeta) error
Expand Down Expand Up @@ -1176,17 +1177,17 @@ func (am *DefaultAccountManager) UpdateAccountSettings(ctx context.Context, acco
event = activity.AccountPeerLoginExpirationDisabled
am.peerLoginExpiry.Cancel(ctx, []string{accountID})
} else {
am.checkAndSchedulePeerLoginExpiration(ctx, account)
am.checkAndSchedulePeerLoginExpiration(ctx, accountID)
}
am.StoreEvent(ctx, userID, accountID, accountID, event, nil)
}

if oldSettings.PeerLoginExpiration != newSettings.PeerLoginExpiration {
am.StoreEvent(ctx, userID, accountID, accountID, activity.AccountPeerLoginExpirationDurationUpdated, nil)
am.checkAndSchedulePeerLoginExpiration(ctx, account)
am.checkAndSchedulePeerLoginExpiration(ctx, accountID)
}

err = am.handleInactivityExpirationSettings(ctx, account, oldSettings, newSettings, userID, accountID)
err = am.handleInactivityExpirationSettings(ctx, oldSettings, newSettings, userID, accountID)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -1219,14 +1220,13 @@ func (am *DefaultAccountManager) handleGroupsPropagationSettings(ctx context.Con
return nil
}

func (am *DefaultAccountManager) handleInactivityExpirationSettings(ctx context.Context, account *Account, oldSettings, newSettings *Settings, userID, accountID string) error {

func (am *DefaultAccountManager) handleInactivityExpirationSettings(ctx context.Context, oldSettings, newSettings *Settings, userID, accountID string) error {
if newSettings.PeerInactivityExpirationEnabled {
if oldSettings.PeerInactivityExpiration != newSettings.PeerInactivityExpiration {
oldSettings.PeerInactivityExpiration = newSettings.PeerInactivityExpiration

am.StoreEvent(ctx, userID, accountID, accountID, activity.AccountPeerInactivityExpirationDurationUpdated, nil)
am.checkAndSchedulePeerInactivityExpiration(ctx, account)
am.checkAndSchedulePeerInactivityExpiration(ctx, accountID)
}
} else {
if oldSettings.PeerInactivityExpirationEnabled != newSettings.PeerInactivityExpirationEnabled {
Expand All @@ -1235,7 +1235,7 @@ func (am *DefaultAccountManager) handleInactivityExpirationSettings(ctx context.
event = activity.AccountPeerInactivityExpirationDisabled
am.peerInactivityExpiry.Cancel(ctx, []string{accountID})
} else {
am.checkAndSchedulePeerInactivityExpiration(ctx, account)
am.checkAndSchedulePeerInactivityExpiration(ctx, accountID)
}
am.StoreEvent(ctx, userID, accountID, accountID, event, nil)
}
Expand All @@ -1244,75 +1244,68 @@ func (am *DefaultAccountManager) handleInactivityExpirationSettings(ctx context.
return nil
}



func (am *DefaultAccountManager) peerLoginExpirationJob(ctx context.Context, accountID string) func() (time.Duration, bool) {
return func() (time.Duration, bool) {
unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
defer unlock()

account, err := am.Store.GetAccount(ctx, accountID)
expiredPeers, err := am.getExpiredPeers(ctx, accountID)
if err != nil {
log.WithContext(ctx).Errorf("failed getting account %s expiring peers", accountID)
return account.GetNextPeerExpiration()
return 0, false
pascal-fischer marked this conversation as resolved.
Show resolved Hide resolved
}

expiredPeers := account.GetExpiredPeers()
var peerIDs []string
for _, peer := range expiredPeers {
peerIDs = append(peerIDs, peer.ID)
}

log.WithContext(ctx).Debugf("discovered %d peers to expire for account %s", len(peerIDs), account.Id)
log.WithContext(ctx).Debugf("discovered %d peers to expire for account %s", len(peerIDs), accountID)

if err := am.expireAndUpdatePeers(ctx, account, expiredPeers); err != nil {
log.WithContext(ctx).Errorf("failed updating account peers while expiring peers for account %s", account.Id)
return account.GetNextPeerExpiration()
if err := am.expireAndUpdatePeers(ctx, accountID, expiredPeers); err != nil {
log.WithContext(ctx).Errorf("failed updating account peers while expiring peers for account %s", accountID)
return 0, false
pascal-fischer marked this conversation as resolved.
Show resolved Hide resolved
}

return account.GetNextPeerExpiration()
return am.getNextPeerExpiration(ctx, accountID)
}
}

func (am *DefaultAccountManager) checkAndSchedulePeerLoginExpiration(ctx context.Context, account *Account) {
am.peerLoginExpiry.Cancel(ctx, []string{account.Id})
if nextRun, ok := account.GetNextPeerExpiration(); ok {
go am.peerLoginExpiry.Schedule(ctx, nextRun, account.Id, am.peerLoginExpirationJob(ctx, account.Id))
func (am *DefaultAccountManager) checkAndSchedulePeerLoginExpiration(ctx context.Context, accountID string) {
am.peerLoginExpiry.Cancel(ctx, []string{accountID})
if nextRun, ok := am.getNextPeerExpiration(ctx, accountID); ok {
go am.peerLoginExpiry.Schedule(ctx, nextRun, accountID, am.peerLoginExpirationJob(ctx, accountID))
}
}

// peerInactivityExpirationJob marks login expired for all inactive peers and returns the minimum duration in which the next peer of the account will expire by inactivity if found
func (am *DefaultAccountManager) peerInactivityExpirationJob(ctx context.Context, accountID string) func() (time.Duration, bool) {
return func() (time.Duration, bool) {
unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
defer unlock()
pascal-fischer marked this conversation as resolved.
Show resolved Hide resolved

account, err := am.Store.GetAccount(ctx, accountID)
inactivePeers, err := am.getInactivePeers(ctx, accountID)
if err != nil {
log.Errorf("failed getting account %s expiring peers", accountID)
return account.GetNextInactivePeerExpiration()
log.WithContext(ctx).Errorf("failed getting inactive peers for account %s", accountID)
return 0, false
pascal-fischer marked this conversation as resolved.
Show resolved Hide resolved
}

expiredPeers := account.GetInactivePeers()
var peerIDs []string
for _, peer := range expiredPeers {
for _, peer := range inactivePeers {
peerIDs = append(peerIDs, peer.ID)
}

log.Debugf("discovered %d peers to expire for account %s", len(peerIDs), account.Id)
log.Debugf("discovered %d peers to expire for account %s", len(peerIDs), accountID)

if err := am.expireAndUpdatePeers(ctx, account, expiredPeers); err != nil {
log.Errorf("failed updating account peers while expiring peers for account %s", account.Id)
return account.GetNextInactivePeerExpiration()
if err := am.expireAndUpdatePeers(ctx, accountID, inactivePeers); err != nil {
log.Errorf("failed updating account peers while expiring peers for account %s", accountID)
return 0, false
pascal-fischer marked this conversation as resolved.
Show resolved Hide resolved
}

return account.GetNextInactivePeerExpiration()
return am.getNextInactivePeerExpiration(ctx, accountID)
}
}

// checkAndSchedulePeerInactivityExpiration periodically checks for inactive peers to end their sessions
func (am *DefaultAccountManager) checkAndSchedulePeerInactivityExpiration(ctx context.Context, account *Account) {
am.peerInactivityExpiry.Cancel(ctx, []string{account.Id})
if nextRun, ok := account.GetNextInactivePeerExpiration(); ok {
go am.peerInactivityExpiry.Schedule(ctx, nextRun, account.Id, am.peerInactivityExpirationJob(ctx, account.Id))
func (am *DefaultAccountManager) checkAndSchedulePeerInactivityExpiration(ctx context.Context, accountID string) {
am.peerInactivityExpiry.Cancel(ctx, []string{accountID})
if nextRun, ok := am.getNextInactivePeerExpiration(ctx, accountID); ok {
go am.peerInactivityExpiry.Schedule(ctx, nextRun, accountID, am.peerInactivityExpirationJob(ctx, accountID))
}
}

Expand Down Expand Up @@ -1448,7 +1441,7 @@ func (am *DefaultAccountManager) GetAccountIDByUserID(ctx context.Context, userI
return "", status.Errorf(status.NotFound, "no valid userID provided")
}

accountID, err := am.Store.GetAccountIDByUserID(userID)
accountID, err := am.Store.GetAccountIDByUserID(ctx, LockingStrengthShare, userID)
if err != nil {
if s, ok := status.FromError(err); ok && s.Type() == status.NotFound {
account, err := am.GetOrCreateAccountByUser(ctx, userID, domain)
Expand Down Expand Up @@ -2227,7 +2220,7 @@ func (am *DefaultAccountManager) getAccountIDWithAuthorizationClaims(ctx context
return "", err
}

userAccountID, err := am.Store.GetAccountIDByUserID(claims.UserId)
userAccountID, err := am.Store.GetAccountIDByUserID(ctx, LockingStrengthShare, claims.UserId)
if handleNotFound(err) != nil {
log.WithContext(ctx).Errorf("error getting account ID by user ID: %v", err)
return "", err
Expand Down Expand Up @@ -2274,7 +2267,7 @@ func (am *DefaultAccountManager) getPrivateDomainWithGlobalLock(ctx context.Cont
}

func (am *DefaultAccountManager) handlePrivateAccountWithIDFromClaim(ctx context.Context, claims jwtclaims.AuthorizationClaims) (string, error) {
userAccountID, err := am.Store.GetAccountIDByUserID(claims.UserId)
userAccountID, err := am.Store.GetAccountIDByUserID(ctx, LockingStrengthShare, claims.UserId)
if err != nil {
log.WithContext(ctx).Errorf("error getting account ID by user ID: %v", err)
return "", err
Expand Down Expand Up @@ -2331,17 +2324,12 @@ func (am *DefaultAccountManager) SyncAndMarkPeer(ctx context.Context, accountID
peerUnlock := am.Store.AcquireWriteLockByUID(ctx, peerPubKey)
defer peerUnlock()

account, err := am.Store.GetAccount(ctx, accountID)
if err != nil {
return nil, nil, nil, status.NewGetAccountError(err)
}

peer, netMap, postureChecks, err := am.SyncPeer(ctx, PeerSync{WireGuardPubKey: peerPubKey, Meta: meta}, account)
peer, netMap, postureChecks, err := am.SyncPeer(ctx, PeerSync{WireGuardPubKey: peerPubKey, Meta: meta}, accountID)
if err != nil {
return nil, nil, nil, fmt.Errorf("error syncing peer: %w", err)
}

err = am.MarkPeerConnected(ctx, peerPubKey, true, realIP, account)
err = am.MarkPeerConnected(ctx, peerPubKey, true, realIP, accountID)
if err != nil {
log.WithContext(ctx).Warnf("failed marking peer as connected %s %v", peerPubKey, err)
}
Expand All @@ -2355,12 +2343,7 @@ func (am *DefaultAccountManager) OnPeerDisconnected(ctx context.Context, account
peerUnlock := am.Store.AcquireWriteLockByUID(ctx, peerPubKey)
defer peerUnlock()

account, err := am.Store.GetAccount(ctx, accountID)
if err != nil {
return status.NewGetAccountError(err)
}

err = am.MarkPeerConnected(ctx, peerPubKey, false, nil, account)
err := am.MarkPeerConnected(ctx, peerPubKey, false, nil, accountID)
if err != nil {
log.WithContext(ctx).Warnf("failed marking peer as disconnected %s %v", peerPubKey, err)
}
Expand All @@ -2381,12 +2364,7 @@ func (am *DefaultAccountManager) SyncPeerMeta(ctx context.Context, peerPubKey st
unlockPeer := am.Store.AcquireWriteLockByUID(ctx, peerPubKey)
defer unlockPeer()

account, err := am.Store.GetAccount(ctx, accountID)
if err != nil {
return err
}

_, _, _, err = am.SyncPeer(ctx, PeerSync{WireGuardPubKey: peerPubKey, Meta: meta, UpdateAccountPeers: true}, account)
_, _, _, err = am.SyncPeer(ctx, PeerSync{WireGuardPubKey: peerPubKey, Meta: meta, UpdateAccountPeers: true}, accountID)
if err != nil {
return mapError(ctx, err)
}
Expand Down Expand Up @@ -2455,8 +2433,8 @@ func (am *DefaultAccountManager) GetAccountIDForPeerKey(ctx context.Context, pee
return am.Store.GetAccountIDByPeerPubKey(ctx, peerKey)
}

func (am *DefaultAccountManager) handleUserPeer(ctx context.Context, peer *nbpeer.Peer, settings *Settings) (bool, error) {
user, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, peer.UserID)
func (am *DefaultAccountManager) handleUserPeer(ctx context.Context, transaction Store, peer *nbpeer.Peer, settings *Settings) (bool, error) {
user, err := transaction.GetUserByUserID(ctx, LockingStrengthShare, peer.UserID)
if err != nil {
return false, err
}
Expand All @@ -2467,7 +2445,7 @@ func (am *DefaultAccountManager) handleUserPeer(ctx context.Context, peer *nbpee
}

if peerLoginExpired(ctx, peer, settings) {
err = am.handleExpiredPeer(ctx, user, peer)
err = am.handleExpiredPeer(ctx, transaction, user, peer)
if err != nil {
return false, err
}
Expand Down
19 changes: 6 additions & 13 deletions management/server/account_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1472,7 +1472,6 @@ func TestAccountManager_DeletePeer(t *testing.T) {
return
}

userID := "account_creator"
account, err := createAccount(manager, "test_account", userID, "netbird.cloud")
if err != nil {
t.Fatal(err)
Expand Down Expand Up @@ -1501,7 +1500,7 @@ func TestAccountManager_DeletePeer(t *testing.T) {
return
}

err = manager.DeletePeer(context.Background(), account.Id, peerKey, userID)
err = manager.DeletePeer(context.Background(), account.Id, peer.ID, userID)
if err != nil {
return
}
Expand All @@ -1523,7 +1522,7 @@ func TestAccountManager_DeletePeer(t *testing.T) {
assert.Equal(t, peer.Name, ev.Meta["name"])
assert.Equal(t, peer.FQDN(account.Domain), ev.Meta["fqdn"])
assert.Equal(t, userID, ev.InitiatorID)
assert.Equal(t, peer.IP.String(), ev.TargetID)
assert.Equal(t, peer.ID, ev.TargetID)
assert.Equal(t, peer.IP.String(), fmt.Sprint(ev.Meta["ip"]))
}

Expand Down Expand Up @@ -1853,13 +1852,10 @@ func TestDefaultAccountManager_UpdatePeer_PeerLoginExpiration(t *testing.T) {
accountID, err := manager.GetAccountIDByUserID(context.Background(), userID, "")
require.NoError(t, err, "unable to get the account")

account, err := manager.Store.GetAccount(context.Background(), accountID)
require.NoError(t, err, "unable to get the account")

err = manager.MarkPeerConnected(context.Background(), key.PublicKey().String(), true, nil, account)
err = manager.MarkPeerConnected(context.Background(), key.PublicKey().String(), true, nil, accountID)
require.NoError(t, err, "unable to mark peer connected")

account, err = manager.UpdateAccountSettings(context.Background(), accountID, userID, &Settings{
account, err := manager.UpdateAccountSettings(context.Background(), accountID, userID, &Settings{
PeerLoginExpiration: time.Hour,
PeerLoginExpirationEnabled: true,
})
Expand Down Expand Up @@ -1927,11 +1923,8 @@ func TestDefaultAccountManager_MarkPeerConnected_PeerLoginExpiration(t *testing.
accountID, err = manager.GetAccountIDByUserID(context.Background(), userID, "")
require.NoError(t, err, "unable to get the account")

account, err := manager.Store.GetAccount(context.Background(), accountID)
require.NoError(t, err, "unable to get the account")

// when we mark peer as connected, the peer login expiration routine should trigger
err = manager.MarkPeerConnected(context.Background(), key.PublicKey().String(), true, nil, account)
err = manager.MarkPeerConnected(context.Background(), key.PublicKey().String(), true, nil, accountID)
require.NoError(t, err, "unable to mark peer connected")

failed := waitTimeout(wg, time.Second)
Expand Down Expand Up @@ -1962,7 +1955,7 @@ func TestDefaultAccountManager_UpdateAccountSettings_PeerLoginExpiration(t *test
account, err := manager.Store.GetAccount(context.Background(), accountID)
require.NoError(t, err, "unable to get the account")

err = manager.MarkPeerConnected(context.Background(), key.PublicKey().String(), true, nil, account)
err = manager.MarkPeerConnected(context.Background(), key.PublicKey().String(), true, nil, accountID)
require.NoError(t, err, "unable to mark peer connected")

wg := &sync.WaitGroup{}
Expand Down
Loading
Loading