Merge branch 'main' into debug-google-workspace

Allow adding 3 nameserver addresses (#1588 )
Make sure the iOS dialer does not get overwritten (#1585 )
2026-04-18 07:26:14 -04:00 · 2024-02-19 15:26:58 +01:00 · 2024-02-19 14:29:20 +01:00 · 2024-02-16 14:37:47 +01:00 · 2024-02-16 13:10:37 +03:00
5 changed files with 47 additions and 9 deletions
--- a/client/internal/dns/upstream_ios.go
+++ b/client/internal/dns/upstream_ios.go
@@ -46,24 +46,32 @@ func (u *upstreamResolverIOS) exchange(ctx context.Context, upstream string, r *
 	if err != nil {
 		log.Errorf("error while parsing upstream host: %s", err)
 	}
+
+	timeout := upstreamTimeout
+	if deadline, ok := ctx.Deadline(); ok {
+		timeout = time.Until(deadline)
+	}
+	client.DialTimeout = timeout
+
 	upstreamIP := net.ParseIP(upstreamHost)
 	if u.lNet.Contains(upstreamIP) || net.IP.IsPrivate(upstreamIP) {
 		log.Debugf("using private client to query upstream: %s", upstream)
-		client = u.getClientPrivate()
+		client = u.getClientPrivate(timeout)
 	}

-	return client.ExchangeContext(ctx, r, upstream)
+	// Cannot use client.ExchangeContext because it overwrites our Dialer
+	return client.Exchange(r, upstream)
 }

 // getClientPrivate returns a new DNS client bound to the local IP address of the Netbird interface
 // This method is needed for iOS
-func (u *upstreamResolverIOS) getClientPrivate() *dns.Client {
+func (u *upstreamResolverIOS) getClientPrivate(dialTimeout time.Duration) *dns.Client {
 	dialer := &net.Dialer{
 		LocalAddr: &net.UDPAddr{
 			IP:   u.lIP,
 			Port: 0, // Let the OS pick a free port
 		},
-		Timeout: upstreamTimeout,
+		Timeout: dialTimeout,
 		Control: func(network, address string, c syscall.RawConn) error {
 			var operr error
 			fn := func(s uintptr) {
--- a/management/server/http/api/openapi.yml
+++ b/management/server/http/api/openapi.yml
@@ -904,7 +904,7 @@ components:
        nameservers:
          description: Nameserver list
          minLength: 1
-          maxLength: 2
+          maxLength: 3
          type: array
          items:
            $ref: '#/components/schemas/Nameserver'
--- a/management/server/idp/google_workspace.go
+++ b/management/server/idp/google_workspace.go
@@ -5,6 +5,8 @@ import (
 	"encoding/base64"
 	"fmt"
 	"net/http"
+	"os"
+	"strconv"
 	"time"

 	log "github.com/sirupsen/logrus"
@@ -150,19 +152,37 @@ func (gm *GoogleWorkspaceManager) GetAllAccounts() (map[string][]*UserData, erro

 // getAllUsers returns all users in a Google Workspace account filtered by customer ID.
 func (gm *GoogleWorkspaceManager) getAllUsers() ([]*UserData, error) {
+	var usersLimit int64 = 500
+	if maxUsersLimitEnv := os.Getenv("GOOGLE_WORKSPACE_USERS_LIMIT"); maxUsersLimitEnv != "" {
+		maxUsersLimit, err := strconv.Atoi(maxUsersLimitEnv)
+		if err == nil {
+			log.Debugf("GOOGLE_WORKSPACE_USERS_LIMIT env is set using %d  as users limit", maxUsersLimit)
+			usersLimit = int64(maxUsersLimit)
+		}
+	} else {
+		log.Debugf("GOOGLE_WORKSPACE_USERS_LIMIT env is not set using default users limit 500")
+	}
+
 	users := make([]*UserData, 0)
 	pageToken := ""
 	for {
-		call := gm.usersService.List().Customer(gm.CustomerID).MaxResults(500)
+		call := gm.usersService.List().Customer(gm.CustomerID).MaxResults(usersLimit)
 		if pageToken != "" {
 			call.PageToken(pageToken)
 		}

 		resp, err := call.Do()
 		if err != nil {
+			log.Debugf("failed to retrieve users from workspace error: %s, http status: %d, headers: %v",
+				err.Error(),
+				resp.HTTPStatusCode,
+				resp.Header,
+			)
 			return nil, err
 		}

+		log.Debugf("fetched %d users from workspace", len(resp.Users))
+
 		for _, user := range resp.Users {
 			users = append(users, parseGoogleWorkspaceUser(user))
 		}
--- a/management/server/nameserver.go
+++ b/management/server/nameserver.go
@@ -255,8 +255,8 @@ func validateNSGroupName(name, nsGroupID string, nsGroupMap map[string]*nbdns.Na

 func validateNSList(list []nbdns.NameServer) error {
 	nsListLenght := len(list)
-	if nsListLenght == 0 || nsListLenght > 2 {
-		return status.Errorf(status.InvalidArgument, "the list of nameservers should be 1 or 2, got %d", len(list))
+	if nsListLenght == 0 || nsListLenght > 3 {
+		return status.Errorf(status.InvalidArgument, "the list of nameservers should be 1 or 3, got %d", len(list))
 	}
 	return nil
 }
--- a/management/server/nameserver_test.go
+++ b/management/server/nameserver_test.go
@@ -216,7 +216,7 @@ func TestCreateNameServerGroup(t *testing.T) {
 			shouldCreate: false,
 		},
 		{
-			name: "Create A NS Group With More Than 2 Nameservers Should Fail",
+			name: "Create A NS Group With More Than 3 Nameservers Should Fail",
 			inputArgs: input{
 				name:        "super",
 				description: "super",
@@ -238,6 +238,11 @@ func TestCreateNameServerGroup(t *testing.T) {
 						NSType: nbdns.UDPNameServerType,
 						Port:   nbdns.DefaultDNSPort,
 					},
+					{
+						IP:     netip.MustParseAddr("1.1.4.4"),
+						NSType: nbdns.UDPNameServerType,
+						Port:   nbdns.DefaultDNSPort,
+					},
 				},
 				enabled: true,
 			},
@@ -457,6 +462,11 @@ func TestSaveNameServerGroup(t *testing.T) {
 			NSType: nbdns.UDPNameServerType,
 			Port:   nbdns.DefaultDNSPort,
 		},
+		{
+			IP:     netip.MustParseAddr("1.1.4.4"),
+			NSType: nbdns.UDPNameServerType,
+			Port:   nbdns.DefaultDNSPort,
+		},
 	}
 	invalidID := "doesntExist"
 	validName := "12345678901234567890qw"
Author	SHA1	Message	Date
Maycon Santos	5f41e2bd13	Merge branch 'main' into debug-google-workspace	2024-02-19 15:26:58 +01:00
Maycon Santos	cb3408a10b	Allow adding 3 nameserver addresses (#1588 )	2024-02-19 14:29:20 +01:00
Viktor Liu	0afd738509	Make sure the iOS dialer does not get overwritten (#1585 ) * Make sure our iOS dialer does not get overwritten * set dial timeout for both clients on ios --------- Co-authored-by: Pascal Fischer <pascal@netbird.io>	2024-02-16 14:37:47 +01:00
bcmmbaga	e3d038da8a	debug google workspace request	2024-02-16 13:10:37 +03:00