[management] set components network map by default and optimize memory usage

[crn4]

Describe your changes

Issue ticket number and link

Stack

Checklist

• Is it a bug fix
• Is a typo/documentation fix
• Is a feature enhancement
• It is a refactor
• Created tests that fail without the change (if possible)

By submitting this pull request, you confirm that you have read and agree to the terms of the Contributor License Agreement.

Documentation

Select exactly one:

• I added/updated documentation for this change
• Documentation is not needed for this change (explain why)

we just set a new components network map as default

Docs PR URL (required if "docs added" is checked)

Paste the PR link from https://github.com/netbirdio/docs here:

https://github.com/netbirdio/docs/pull/__

Summary by CodeRabbit

• Bug Fixes

  • Network map now defaults to compacted mode at startup; environment parsing issues yield clearer warnings and disabling compacted mode is logged.
  • DNS enablement and nameserver selection now correctly respect group membership, reducing incorrect DNS assignments.

• Refactor

  • Internal routing and firewall rule generation streamlined for more consistent rule IDs and safer peer handling.

• Performance

  • Minor memory and slice allocation improvements for peer/group processing.

[coderabbitai]

📝 Walkthrough

Walkthrough

Controller env parsing for EnvNewNetworkMapCompacted now defaults to true and updates logging; network map internals refactored to use peer-group-based DNS/NameServer lookups, precompute string fields for firewall rules, replace custom route copying with Route.Copy(), and adjust slice allocations and in-place route handling.

Changes

Cohort / File(s)	Summary
Network Map Controller Configuration management/internals/controllers/network_map/controller/controller.go	Default for EnvNewNetworkMapCompacted changed to true; env parsing now preserves true on parse errors unless value non-empty (logs warning); logs info when explicitly disabled.
Network map internals & DNS / NameServer logic management/server/types/networkmap_components.go	Replaced per-peer DNS/NS lookups with group-based variants (getPeerDNSManagementStatusFromGroups, getPeerNSGroupsFromGroups); nameserver membership check now takes peer IP string; added nil-safety around target peer lookups.
Firewall rules, rule IDs & route handling management/server/types/networkmap_components.go	Precompute protocol/action/direction/ports strings for FirewallRule fields and ruleID composition; reuse rule data paths for port expansion; switch from copyRoute helper to Route.Copy() and perform in-place route adjustments; removed copyRoute.
Account peers slice allocation tweak management/server/types/account_components.go	Adjusted filteredPeerIDs initialization and reset capacities to use group-derived lengths (avoid re-slicing the same backing array).
Module manifest go.mod	Minor manifest update recorded.

Sequence Diagram(s)

sequenceDiagram
    participant Controller as Controller
    participant Generator as NetworkMapGenerator
    participant Groups as PeerGroupsStore
    participant PeerStore as PeerInfoStore
    participant Firewall as FirewallRuleBuilder

    Controller->>Generator: request network map (compacted? default true)
    Generator->>Groups: fetch peerGroups for peers
    Groups-->>Generator: peerGroups
    Generator->>PeerStore: fetch target peer info (by ID/IP)
    PeerStore-->>Generator: peerInfo
    Generator->>Generator: determine DNS/NS groups using peerGroups + peerIP
    Generator->>Firewall: build firewall rules (use precomputed strings)
    Firewall-->>Generator: firewall rule entries
    Generator-->>Controller: return composed network map

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• [management] pass config to controller #4807 — modifies NewController and controller-related handling (overlaps controller env/config changes).
• [management] Add custom dns zones #4849 — updates DNS/zones and network map codepaths, including group-based DNS handling and GetPeerNetworkMap changes.
• [management] network map components assembling  #5193 — touches network-map assembly and controller compacted-network-map flag and related components.

Suggested reviewers

• pascal-fischer

Poem

"I hopped through groups and parsed a flag,
Defaulted compact with a cheerful wag,
I swapped old copies for a lighter hop,
Built rules from strings — a tidy stop,
🐇✨"

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is largely incomplete. The 'Describe your changes' section is empty, and no issue ticket or stack information is provided, leaving critical context missing.	Add a detailed explanation in 'Describe your changes' section describing what the components network map feature is, why it should be the default, and the implications of this change.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes: setting a components network map as default and optimizing memory usage, which aligns with the file-level summaries.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch nmap/components-by-default

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

management/internals/controllers/network_map/controller/controller.go (1)

84-94: Consider aligning default handling for both experimental feature flags.

There's now an inconsistency: EnvNewNetworkMapBuilder defaults to false on parse error (line 87), while EnvNewNetworkMapCompacted defaults to true (line 93). If this is intentional (i.e., compacted is production-ready while the builder is still experimental), the current state is fine. Otherwise, consider aligning them for consistency.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@management/internals/controllers/network_map/controller/controller.go` around
lines 84 - 94, The two experimental feature flags are handled inconsistently:
when strconv.ParseBool fails for EnvNewNetworkMapBuilder the code sets
newNetworkMapBuilder = false, but for EnvNewNetworkMapCompacted it sets
compactedNetworkMap = true; update the error handling so both flags use the same
default policy (e.g., set compactedNetworkMap = false on parse error to match
newNetworkMapBuilder or vice versa), and adjust the Warnf messages accordingly;
preferably extract a clear default (constant or inline) and apply it for both
EnvNewNetworkMapBuilder and EnvNewNetworkMapCompacted when ParseBool returns an
error to ensure consistent behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@management/internals/controllers/network_map/controller/controller.go`:
- Around line 90-94: Add unit tests for the EnvNewNetworkMapCompacted parsing
and default behavior: write tests in controller_test.go that set/unset
NB_NETWORK_MAP_COMPACTED and assert compactedNetworkMap results for unset
(should be true), invalid value (should be true), and valid "true"/"false"
values; use os.Setenv/Unset around invoking the parsing logic (the code that
sets compactedNetworkMap in controller.go) and restore env afterwards. Also
either document NB_NETWORK_MAP_COMPACTED and its default in the management
README/deployment guide, or align behavior with EnvNewNetworkMapBuilder (which
currently defaults to false on parse error) by updating the parsing/default
logic in controller.go to match the intended default and update/add tests
accordingly.

---

Nitpick comments:
In `@management/internals/controllers/network_map/controller/controller.go`:
- Around line 84-94: The two experimental feature flags are handled
inconsistently: when strconv.ParseBool fails for EnvNewNetworkMapBuilder the
code sets newNetworkMapBuilder = false, but for EnvNewNetworkMapCompacted it
sets compactedNetworkMap = true; update the error handling so both flags use the
same default policy (e.g., set compactedNetworkMap = false on parse error to
match newNetworkMapBuilder or vice versa), and adjust the Warnf messages
accordingly; preferably extract a clear default (constant or inline) and apply
it for both EnvNewNetworkMapBuilder and EnvNewNetworkMapCompacted when ParseBool
returns an error to ensure consistent behavior.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 16af4dce-ef55-45c5-ae28-b7e79e399143

📥 Commits

Reviewing files that changed from the base of the PR and between 11f8912 and 45bb7a0.

📒 Files selected for processing (1)

• management/internals/controllers/network_map/controller/controller.go

[Copilot]

Pull request overview

Updates the default behavior of the network map controller when NB_NETWORK_MAP_COMPACTED cannot be parsed, effectively changing which network map generation path is used by default in that scenario.

Changes:

• Switch default compactedNetworkMap fallback from false to true when NB_NETWORK_MAP_COMPACTED is not a valid boolean.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

🧹 Nitpick comments (1)

management/server/types/networkmap_components.go (1)

311-312: Delimiter the firewall-rule dedupe key.

This key is built as a raw concatenation, so different field combinations can theoretically collapse to the same string and suppress a distinct rule. A fixed separator keeps the allocation win and makes the key unambiguous.

♻️ Proposed tweak

-				ruleID := rule.ID + peerIP + dirStr +
-					protocolStr + actionStr + portsJoined
+				ruleID := strings.Join([]string{
+					rule.ID,
+					peerIP,
+					dirStr,
+					protocolStr,
+					actionStr,
+					portsJoined,
+				}, "|")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@management/server/types/networkmap_components.go` around lines 311 - 312, The
dedupe key for firewall rules is built by raw concatenation (ruleID := rule.ID +
peerIP + dirStr + protocolStr + actionStr + portsJoined) which can create
collisions; change the construction to join each component with a fixed
separator (e.g. "|") so use the same fields (rule.ID, peerIP, dirStr,
protocolStr, actionStr, portsJoined) but concatenate them with a delimiter
between each component to make the key unambiguous and stable.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@management/server/types/networkmap_components.go`:
- Around line 311-312: The dedupe key for firewall rules is built by raw
concatenation (ruleID := rule.ID + peerIP + dirStr + protocolStr + actionStr +
portsJoined) which can create collisions; change the construction to join each
component with a fixed separator (e.g. "|") so use the same fields (rule.ID,
peerIP, dirStr, protocolStr, actionStr, portsJoined) but concatenate them with a
delimiter between each component to make the key unambiguous and stable.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 52e85ef5-9459-4b71-aa95-862286cc3b33

📥 Commits

Reviewing files that changed from the base of the PR and between 274a5de and eadf37c.

📒 Files selected for processing (1)

• management/server/types/networkmap_components.go

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud