[management] Approve all pending peers when peer approval is disabled

[bcmmbaga]

Describe your changes

Issue ticket number and link

Stack

Checklist

• Is it a bug fix
• Is a typo/documentation fix
• Is a feature enhancement
• It is a refactor
• Created tests that fail without the change (if possible)

By submitting this pull request, you confirm that you have read and agree to the terms of the Contributor License Agreement.

Documentation

Select exactly one:

• I added/updated documentation for this change
• Documentation is not needed for this change (explain why)

Docs PR URL (required if "docs added" is checked)

Paste the PR link from https://github.com/netbirdio/docs here:

https://github.com/netbirdio/docs/pull/__

Summary by CodeRabbit

• New Features

  • Pending peer approvals are automatically approved when peer-approval is turned off in account settings.
  • Settings update flow now evaluates peer-approval changes earlier to ensure peer status updates occur reliably.

• Tests

  • Added tests covering the peer-approval workflow: enabling/disabling peer approval, approving pending peers, and no-op cases when none exist.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds a Store API and SQL implementation to approve pending peers, updates account settings flow to call it when Extra.PeerApprovalEnabled transitions true→false, changes integrated validator signature to remove peers map, and adds unit tests for store and account-manager behavior.

Changes

Cohort / File(s)	Summary
Store interface management/server/store/store.go	Added ApproveAccountPeers(ctx context.Context, accountID string) (int, error) to the Store interface.
Store SQL implementation management/server/store/sql_store.go	Implemented ApproveAccountPeers which UPDATEs peers for an account where peer_status_requires_approval/requires_approval is true and returns rows affected.
Store tests management/server/store/sql_store_test.go	Added TestSqlStore_ApproveAccountPeers covering mixed states, no-op, and non-existent account cases.
Account manager management/server/account.go	In UpdateAccountSettings, when Extra.PeerApprovalEnabled changes true→false, call ApproveAccountPeers, log approved count, and set peer-update flag; removed transaction parameter from validateSettingsUpdate and delegate to integrated validator.
Account tests management/server/account_test.go	Added TestDefaultAccountManager_UpdateAccountSettings_PeerApproval to exercise enable→disable workflow and peer state transitions.
Integrated validator interface & mock management/server/integrations/integrated_validator/interface.go, management/server/integrated_validator.go	Removed peers map parameter from ValidateExtraSettings signature and updated mock to match new signature.
Go module go.mod	Bumped github.com/netbirdio/management-integrations/integrations dependency version.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant AccountMgr as Account Manager
    participant Store
    participant DB

    Client->>AccountMgr: UpdateAccountSettings(accountID, newSettings)
    activate AccountMgr
    AccountMgr->>AccountMgr: validate newSettings (integrated validator)
    alt PeerApproval toggled true → false
        AccountMgr->>Store: ApproveAccountPeers(ctx, accountID)
        activate Store
        Store->>DB: UPDATE peers SET requires_approval = false WHERE account_id = ? AND requires_approval = true
        DB-->>Store: rowsAffected
        Store-->>AccountMgr: approvedCount, nil
        deactivate Store
        AccountMgr->>AccountMgr: log "approved X peers" and set updateAccountPeers flag
    end
    AccountMgr-->>Client: response (success or error)
    deactivate AccountMgr

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Inspect SQL UPDATE correctness, WHERE clause, and rowsAffected handling in ApproveAccountPeers.
• Verify UpdateAccountSettings transaction/consistency and proper use of the new validator signature.
• Confirm tests isolate DB state and cover edge cases (no peers, non-existent account).

Possibly related PRs

• [management] update management integrations #4895 — related dependency bump for management-integrations/integrations, closely connected to the integration version change in this PR.

Suggested reviewers

• crn4

Poem

🐇 I hopped through rows and nudged each flag,
Turned waiting marks into a lighter tag.
With tiny paws I cleared the queue,
Now every peer says “how do you do?”
✨

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is largely incomplete: the 'Describe your changes' and 'Issue ticket number and link' sections are empty, and no explanation is provided for why documentation is not needed.	Fill in the 'Describe your changes' section with details about the peer approval logic, add the issue ticket number and link, and provide a brief explanation for why documentation is not needed.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: approving pending peers when peer approval is disabled, which aligns with the core functionality added across the files.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/peer-approval-reset

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

management/server/store/store.go (1)

124-147: Interface extension for peer approval looks consistent

Adding ApproveAccountPeers(ctx context.Context, accountID string) (int, error) to the Store interface fits well alongside the existing peer operations and matches how the method is exercised from tests and the account manager. If you ever expect very large peer counts, you might consider switching the return type to int64 for closer alignment with DB row counts, but that’s a minor future improvement.

management/server/store/sql_store.go (1)

425-425: Add explicit type conversion for RowsAffected.

result.RowsAffected is int64 but the return type is int. While overflow is unlikely in practice, an explicit cast makes the conversion clear and prevents potential issues.

Apply this diff:

-	return int(result.RowsAffected), nil
+	return int(result.RowsAffected), nil

Note: The current code already performs an implicit conversion, but making it explicit with int(result.RowsAffected) is clearer. If the code doesn't already have the explicit cast, add it.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 60f4d5f and 2ef79ef.

📒 Files selected for processing (5)

• management/server/account.go (1 hunks)
• management/server/account_test.go (1 hunks)
• management/server/store/sql_store.go (1 hunks)
• management/server/store/sql_store_test.go (1 hunks)
• management/server/store/store.go (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (3)

management/server/store/sql_store.go (2)

management/server/peer/peer.go (1)

• Peer (16-58)

shared/management/status/error.go (3)

• Error (54-57)
• Errorf (70-75)
• Internal (24-24)

management/server/account_test.go (2)

management/server/types/settings.go (2)

• Settings (10-55)
• ExtraSettings (82-99)

management/server/store/store.go (2)

• Store (50-207)
• LockingStrengthNone (47-47)

management/server/store/sql_store_test.go (1)

management/server/peer/peer.go (2)

• Peer (16-58)
• PeerStatus (60-69)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: Management / Benchmark (API) (amd64, postgres)
• GitHub Check: Management / Benchmark (API) (amd64, sqlite)
• GitHub Check: Management / Benchmark (amd64, sqlite)
• GitHub Check: Management / Unit (amd64, postgres)
• GitHub Check: Management / Benchmark (amd64, postgres)
• GitHub Check: Management / Unit (amd64, mysql)
• GitHub Check: Relay / Unit (amd64, -race)
• GitHub Check: Relay / Unit (386)
• GitHub Check: Client / Unit (amd64)
• GitHub Check: Client (Docker) / Unit
• GitHub Check: Client / Unit (386)
• GitHub Check: JS / Lint
• GitHub Check: Client / Unit
• GitHub Check: release
• GitHub Check: Windows
• GitHub Check: Linux
• GitHub Check: Darwin
• GitHub Check: Client / Unit
• GitHub Check: Android / Build
• GitHub Check: Client / Unit

🔇 Additional comments (3)

management/server/store/sql_store_test.go (1)

3720-3796: Good coverage of ApproveAccountPeers semantics

The test nicely exercises the main behaviours: approving only pending peers, ensuring idempotency on subsequent calls, and treating non-existent accounts as a no-op without error. The use of runTestForAllEngines keeps engine coverage consistent with the rest of the suite.

management/server/account_test.go (1)

2058-2093: Peer-approval toggle flow is exercised correctly

This test cleanly models the enable → mark peers pending → disable path and verifies via GetAccountPeers that all RequiresApproval flags are cleared after disabling PeerApprovalEnabled. Using account.Settings.Copy() before each UpdateAccountSettings call keeps other settings intact while focusing on the Extra flag.

management/server/account.go (1)

308-317: LGTM! Correct implementation of auto-approval when peer approval is disabled.

The logic correctly detects when PeerApprovalEnabled transitions from true to false, invokes the approval method within the transaction, handles errors appropriately, and logs the result. The conditional logging on approvedCount > 0 is a good practice.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

management/server/account.go (1)

302-312: LGTM! Auto-approval logic correctly implemented and triggers peer updates.

The implementation correctly:

• Detects the transition from PeerApprovalEnabled true to false
• Approves pending peers atomically within the transaction
• Handles errors appropriately with proper wrapping
• Triggers downstream peer updates by setting updateAccountPeers = true at line 310, which later invokes UpdateAccountPeers at lines 380-382

This addresses the past review comment from pascal-fischer about triggering update account peers.

Optional enhancements for auditability and visibility:

Consider adding an activity event to track the peer auto-approvals for better audit trails:

 		if approvedCount > 0 {
 			log.WithContext(ctx).Debugf("approved %d pending peers in account %s", approvedCount, accountID)
+			eventMeta := map[string]any{"approved_count": approvedCount}
+			am.StoreEvent(ctx, userID, accountID, accountID, activity.PeerApprovalDisabled, eventMeta)
 			updateAccountPeers = true
 		}

Additionally, consider using Info level instead of Debug for line 309, as auto-approving peers is a significant administrative action:

-			log.WithContext(ctx).Debugf("approved %d pending peers in account %s", approvedCount, accountID)
+			log.WithContext(ctx).Infof("approved %d pending peers in account %s", approvedCount, accountID)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2ef79ef and 7cabf95.

📒 Files selected for processing (2)

• management/server/account.go (1 hunks)
• management/server/account_test.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• management/server/account_test.go

🧰 Additional context used

🧬 Code graph analysis (1)

management/server/account.go (1)

shared/management/status/error.go (1)

• Errorf (70-75)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (24)

• GitHub Check: Management / Unit (amd64, postgres)
• GitHub Check: Management / Unit (amd64, mysql)
• GitHub Check: Management / Unit (amd64, sqlite)
• GitHub Check: Management / Benchmark (API) (amd64, sqlite)
• GitHub Check: Management / Benchmark (amd64, postgres)
• GitHub Check: Management / Benchmark (API) (amd64, postgres)
• GitHub Check: Management / Integration (amd64, postgres)
• GitHub Check: Management / Benchmark (amd64, sqlite)
• GitHub Check: Management / Integration (amd64, sqlite)
• GitHub Check: Relay / Unit (amd64, -race)
• GitHub Check: Client / Unit (amd64)
• GitHub Check: Client / Unit (386)
• GitHub Check: Relay / Unit (386)
• GitHub Check: Client (Docker) / Unit
• GitHub Check: Darwin
• GitHub Check: Windows
• GitHub Check: Linux
• GitHub Check: Client / Unit
• GitHub Check: release
• GitHub Check: release_ui_darwin
• GitHub Check: Client / Unit
• GitHub Check: JS / Lint
• GitHub Check: Android / Build
• GitHub Check: Client / Unit

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7cabf95 and 80c4d19.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (4)

• go.mod (1 hunks)
• management/server/account.go (3 hunks)
• management/server/integrated_validator.go (1 hunks)
• management/server/integrations/integrated_validator/interface.go (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (3)

management/server/integrations/integrated_validator/interface.go (1)

management/server/types/settings.go (1)

• ExtraSettings (82-99)

management/server/integrated_validator.go (1)

management/server/types/settings.go (1)

• ExtraSettings (82-99)

management/server/account.go (1)

management/server/types/settings.go (1)

• Settings (10-55)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)

• GitHub Check: Client / Unit
• GitHub Check: JS / Lint
• GitHub Check: Client / Unit
• GitHub Check: Darwin
• GitHub Check: Windows
• GitHub Check: Linux
• GitHub Check: release
• GitHub Check: Client / Unit
• GitHub Check: release_ui_darwin
• GitHub Check: Build Cache
• GitHub Check: Android / Build
• GitHub Check: Check External GPL/AGPL Licenses
• GitHub Check: iOS / Build

🔇 Additional comments (4)

management/server/integrations/integrated_validator/interface.go (1)

13-13: LGTM! Interface signature simplified.

The removal of the peers parameter from ValidateExtraSettings simplifies the validation interface. This change is consistent with the PR's goal to handle peer approval separately from settings validation.

management/server/integrated_validator.go (1)

130-132: LGTM! Mock correctly updated to match interface.

The mock implementation properly reflects the updated interface signature by removing the peers parameter while maintaining the no-op behavior.

management/server/account.go (1)

387-402: LGTM! Validation simplified appropriately.

The method signature has been correctly updated to remove the transaction parameter and no longer builds a peers map for validation. The validation logic now properly delegates to the integrated validator with the new signature.

Note: The method passes newSettings.Extra and oldSettings.Extra directly to the validator. Ensure the validator implementation handles nil Extra gracefully if needed.

go.mod (1)

67-67: Dependency version confirmed and compatible.

The commit d5400f03084766360f91d30c877c49f8b24ededb exists in the management-integrations repository (branch update-setting-validator, PR #41). The ValidateExtraSettings method signature in this version is ValidateExtraSettings(context.Context, *types.ExtraSettings, *types.ExtraSettings, string, string) error—the peers parameter has been removed, which aligns with the interface changes in this PR.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

management/server/account.go (2)

302-313: Peer-approval disable path correctly approves peers; consider adding an activity event.

The conditional around PeerApprovalEnabled and the call to ApproveAccountPeers inside the transaction look sound, and setting updateAccountPeers = true when approvedCount > 0 ensures peers and network maps are refreshed appropriately.

To make this change auditable in the same way as other settings toggles (e.g., login/inactivity expiration, DNS domain), consider also emitting an activity event when peer approval is disabled and pending peers are auto-approved, not just a debug log.

---

298-300: Keep validateSettingsUpdate / ValidateExtraSettings lightweight and read-only within the transaction.

UpdateAccountSettings still invokes validateSettingsUpdate inside ExecuteInTransaction, and that now delegates straight to integratedPeerValidator.ValidateExtraSettings (without a transactional store parameter). This is fine as long as ValidateExtraSettings remains an inexpensive, read-only validator and doesn’t perform long-running I/O or writes; otherwise we risk holding the DB transaction open longer than necessary or depending on state outside the transaction’s view.

If the validator needs heavier operations or its own store interactions, consider either:

• moving the call to validateSettingsUpdate before starting the transaction, or
• passing all necessary pre-fetched context into the validator so it can stay pure inside the transaction.

Also applies to: 388-403

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 80c4d19 and 0dc14dd.

📒 Files selected for processing (1)

• management/server/account.go (3 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

management/server/account.go (1)

management/server/types/settings.go (1)

• Settings (10-55)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (26)

• GitHub Check: Management / Integration (amd64, postgres)
• GitHub Check: Management / Integration (amd64, sqlite)
• GitHub Check: Management / Unit (amd64, mysql)
• GitHub Check: Management / Benchmark (API) (amd64, postgres)
• GitHub Check: Management / Benchmark (API) (amd64, sqlite)
• GitHub Check: Management / Benchmark (amd64, postgres)
• GitHub Check: Management / Unit (amd64, sqlite)
• GitHub Check: Management / Unit (amd64, postgres)
• GitHub Check: Management / Benchmark (amd64, sqlite)
• GitHub Check: Relay / Unit (amd64, -race)
• GitHub Check: Relay / Unit (386)
• GitHub Check: Client / Unit (386)
• GitHub Check: Client / Unit (amd64)
• GitHub Check: Client (Docker) / Unit
• GitHub Check: Client / Unit
• GitHub Check: Windows
• GitHub Check: Linux
• GitHub Check: Darwin
• GitHub Check: JS / Lint
• GitHub Check: release_ui_darwin
• GitHub Check: Client / Unit
• GitHub Check: release
• GitHub Check: release_ui
• GitHub Check: Android / Build
• GitHub Check: Client / Unit
• GitHub Check: iOS / Build