[PR #2310] [management] Skip account peers update if no changes affect peers #3350

Open
opened 2025-11-20 08:05:45 -05:00 by saavagebueno · 0 comments
Owner

Original Pull Request: https://github.com/netbirdio/netbird/pull/2310

State: closed
Merged: Yes


Describe your changes

This PR optimizes account peer updates to trigger only when necessary, reducing unnecessary network map processing and updates. These changes improve efficiency by avoiding redundant updates while ensuring all necessary updates are still performed.

Note: Network map updates are sent only if the new network map differs from the last one sent, except for TURN credential refresh updates. This occurs when the network map has been updated and has a higher serial number than the previous one.

Changes:

  1. Posture Checks:

    • Creating new posture checks no longer triggers account peer updates or sends network map updates.
    • Updating posture checks only triggers account peer updates when they are attached to a policy.
    • Delete posture check is allowed only if it is not linked to a policy.
  2. Policies:

    • Saving a policy with empty rules (no source or destination groups) does not trigger account peer updates.
    • Updating a policy triggers account peer updates and sends network maps to peers, but only if the new network map differs from the last sent one.
    • Deleting a policy always triggers peer updates and sends the updated network map to peers. (not changed)
  3. Setup Keys:

    • Saving a setup key does not trigger account peer updates.
  4. Groups:

    • Saving a group not used in nameserver groups, policies, or routes does not trigger account peer updates.
    • Adding or removing a peer to a group triggers account peer updates if the group is in use with DNS, policies, or routes.
    • Deleting a group does not trigger account peer updates. This is true because a group can only be deleted when it is not linked to any resource.
  5. DNS Settings:

    • Saving DNS settings triggers account peer updates when before/after groups has peers. Updates will be checked against the sent map and skipped if they are the same.
  6. NameServer Groups:

    • Creating a new nameserver group triggers account peer updates when distribution groups have peers.
    • Updating a nameserver group triggers account peer updates when the before or after state of distribution groups have peers.
    • Deleting a nameserver group triggers account peer updates when distribution groups have peers.
  7. Routes:

    • Creating a route triggers account peer updates when distribution groups or routing groups are not empty or there is a routing peer.
    • Saving (updating) a route triggers account peer updates when before and after distribution groups or routing groups are not empty or there is a routing peer.
    • Deleting a route triggers account peer updates when distribution groups or routing groups are not empty or there is a routing peer.
  8. Users:

    • Creating new users no longer triggers account peer updates.
    • Updating existing users triggers account peer updates if the user has a linked peer and groups propagation is enabled.
    • Deleting a regular user triggers account peer updates if there is a peer linked to the user
  9. Peers:

    • Adding a peer triggers account peer updates if the peer is part of a group used in active DNS, routes, or ACL.
    • Updating a peer does not trigger account peer updates if the peer is not expired and peer login expiration is not enabled.
    • Deleting a peer triggers account peer updates if the peer was part of a group used in active DNS, routes, or policies.
  10. Removed unused UpdatePeerSSHKey method.

Checklist

  • Is it a bug fix
  • Is a typo/documentation fix
  • Is a feature enhancement
  • It is a refactor
  • Created tests that fail without the change (if possible)
  • Extended the README / documentation, if necessary
**Original Pull Request:** https://github.com/netbirdio/netbird/pull/2310 **State:** closed **Merged:** Yes --- ## Describe your changes This PR optimizes account peer updates to trigger only when necessary, reducing unnecessary network map processing and updates. These changes improve efficiency by avoiding redundant updates while ensuring all necessary updates are still performed. **Note**: Network map updates are sent only if the new network map differs from the last one sent, except for TURN credential refresh updates. This occurs when the network map has been updated and has a higher serial number than the previous one. Changes: 1. Posture Checks: - Creating new posture checks no longer triggers account peer updates or sends network map updates. - Updating posture checks only triggers account peer updates when they are attached to a policy. - Delete posture check is allowed only if it is not linked to a policy. 2. Policies: - Saving a policy with empty rules (no source or destination groups) does not trigger account peer updates. - Updating a policy triggers account peer updates and sends network maps to peers, but only if the new network map differs from the last sent one. - Deleting a policy always triggers peer updates and sends the updated network map to peers. (not changed) 3. Setup Keys: - Saving a setup key does not trigger account peer updates. 4. Groups: - Saving a group not used in nameserver groups, policies, or routes does not trigger account peer updates. - Adding or removing a peer to a group triggers account peer updates if the group is in use with DNS, policies, or routes. - Deleting a group does not trigger account peer updates. This is true because a group can only be deleted when it is not linked to any resource. 5. DNS Settings: - Saving DNS settings triggers account peer updates when before/after groups has peers. Updates will be checked against the sent map and skipped if they are the same. 6. NameServer Groups: - Creating a new nameserver group triggers account peer updates when distribution groups have peers. - Updating a nameserver group triggers account peer updates when the before or after state of distribution groups have peers. - Deleting a nameserver group triggers account peer updates when distribution groups have peers. 7. Routes: - Creating a route triggers account peer updates when distribution groups or routing groups are not empty or there is a routing peer. - Saving (updating) a route triggers account peer updates when before and after distribution groups or routing groups are not empty or there is a routing peer. - Deleting a route triggers account peer updates when distribution groups or routing groups are not empty or there is a routing peer. 8. Users: - Creating new users no longer triggers account peer updates. - Updating existing users triggers account peer updates if the user has a linked peer and groups propagation is enabled. - Deleting a regular user triggers account peer updates if there is a peer linked to the user 9. Peers: - Adding a peer triggers account peer updates if the peer is part of a group used in active DNS, routes, or ACL. - Updating a peer does not trigger account peer updates if the peer is not expired and peer login expiration is not enabled. - Deleting a peer triggers account peer updates if the peer was part of a group used in active DNS, routes, or policies. 10. Removed unused `UpdatePeerSSHKey` method. ## Issue ticket number and link ### Checklist - [ ] Is it a bug fix - [ ] Is a typo/documentation fix - [x] Is a feature enhancement - [ ] It is a refactor - [ ] Created tests that fail without the change (if possible) - [ ] Extended the README / documentation, if necessary
saavagebueno added the pull-request label 2025-11-20 08:05:45 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#3350