diff --git a/management/server/peer.go b/management/server/peer.go index a301544d5c3..474c2d6652e 100644 --- a/management/server/peer.go +++ b/management/server/peer.go @@ -678,10 +678,6 @@ func (am *DefaultAccountManager) SyncPeer(ctx context.Context, sync PeerSync, ac if err != nil { return nil, nil, nil, fmt.Errorf("failed to save peer: %w", err) } - - if sync.UpdateAccountPeers { - am.updateAccountPeers(ctx, account.Id) - } } peerNotValid, isStatusChanged, err := am.integratedPeerValidator.IsNotValidPeer(ctx, account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra) @@ -689,17 +685,20 @@ func (am *DefaultAccountManager) SyncPeer(ctx context.Context, sync PeerSync, ac return nil, nil, nil, fmt.Errorf("failed to validate peer: %w", err) } - var postureChecks []*posture.Checks + postureChecks, err := am.getPeerPostureChecks(account, peer.ID) + if err != nil { + return nil, nil, nil, err + } + + if isStatusChanged || sync.UpdateAccountPeers || (updated && len(postureChecks) > 0) { + am.updateAccountPeers(ctx, account.Id) + } if peerNotValid { emptyMap := &NetworkMap{ Network: account.Network.Copy(), } - return peer, emptyMap, postureChecks, nil - } - - if isStatusChanged { - am.updateAccountPeers(ctx, account.Id) + return peer, emptyMap, []*posture.Checks{}, nil } validPeersMap, err := am.GetValidatedPeers(account) @@ -707,11 +706,6 @@ func (am *DefaultAccountManager) SyncPeer(ctx context.Context, sync PeerSync, ac return nil, nil, nil, fmt.Errorf("failed to get validated peers: %w", err) } - postureChecks, err = am.getPeerPostureChecks(account, peer.ID) - if err != nil { - return nil, nil, nil, err - } - customZone := account.GetPeersCustomZone(ctx, am.dnsDomain) return peer, account.GetPeerNetworkMap(ctx, peer.ID, customZone, validPeersMap, am.metrics.AccountManagerMetrics()), postureChecks, nil }