mirror of
https://github.com/juanfont/headscale.git
synced 2024-11-30 02:43:05 +00:00
Compare commits
No commits in common. "014ee87066198460fcd8b99b31427ae2322e38b8" and "24f3895b2bd6446c9451efd9a01368979248eadf" have entirely different histories.
014ee87066
...
24f3895b2b
5 changed files with 6 additions and 12 deletions
3
.github/workflows/test-integration.yaml
vendored
3
.github/workflows/test-integration.yaml
vendored
|
@ -30,7 +30,8 @@ jobs:
|
||||||
- TestPreAuthKeyCorrectUserLoggedInCommand
|
- TestPreAuthKeyCorrectUserLoggedInCommand
|
||||||
- TestApiKeyCommand
|
- TestApiKeyCommand
|
||||||
- TestNodeTagCommand
|
- TestNodeTagCommand
|
||||||
- TestNodeAdvertiseTagCommand
|
- TestNodeAdvertiseTagNoACLCommand
|
||||||
|
- TestNodeAdvertiseTagWithACLCommand
|
||||||
- TestNodeCommand
|
- TestNodeCommand
|
||||||
- TestNodeExpireCommand
|
- TestNodeExpireCommand
|
||||||
- TestNodeRenameCommand
|
- TestNodeRenameCommand
|
||||||
|
|
|
@ -478,8 +478,6 @@ func (h *Headscale) createRouter(grpcMux *grpcRuntime.ServeMux) *mux.Router {
|
||||||
return router
|
return router
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(kradalby): Do a variant of this, and polman which only updates the node that has changed.
|
|
||||||
// Maybe we should attempt a new in memory state and not go via the DB?
|
|
||||||
func usersChangedHook(db *db.HSDatabase, polMan policy.PolicyManager, notif *notifier.Notifier) error {
|
func usersChangedHook(db *db.HSDatabase, polMan policy.PolicyManager, notif *notifier.Notifier) error {
|
||||||
users, err := db.ListUsers()
|
users, err := db.ListUsers()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -501,8 +499,6 @@ func usersChangedHook(db *db.HSDatabase, polMan policy.PolicyManager, notif *not
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(kradalby): Do a variant of this, and polman which only updates the node that has changed.
|
|
||||||
// Maybe we should attempt a new in memory state and not go via the DB?
|
|
||||||
func nodesChangedHook(db *db.HSDatabase, polMan policy.PolicyManager, notif *notifier.Notifier) error {
|
func nodesChangedHook(db *db.HSDatabase, polMan policy.PolicyManager, notif *notifier.Notifier) error {
|
||||||
nodes, err := db.ListNodes()
|
nodes, err := db.ListNodes()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -644,7 +644,7 @@ func EnableAutoApprovedRoutes(
|
||||||
approvedRoutes = append(approvedRoutes, advertisedRoute)
|
approvedRoutes = append(approvedRoutes, advertisedRoute)
|
||||||
} else {
|
} else {
|
||||||
// TODO(kradalby): figure out how to get this to depend on less stuff
|
// TODO(kradalby): figure out how to get this to depend on less stuff
|
||||||
approvedIps, err := polMan.ExpandAlias(approvedAlias)
|
approvedIps, err := polMan.IPsForUser(approvedAlias)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("expanding alias %q for autoApprovers: %w", approvedAlias, err)
|
return fmt.Errorf("expanding alias %q for autoApprovers: %w", approvedAlias, err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,7 +18,7 @@ type PolicyManager interface {
|
||||||
SSHPolicy(*types.Node) (*tailcfg.SSHPolicy, error)
|
SSHPolicy(*types.Node) (*tailcfg.SSHPolicy, error)
|
||||||
Tags(*types.Node) []string
|
Tags(*types.Node) []string
|
||||||
ApproversForRoute(netip.Prefix) []string
|
ApproversForRoute(netip.Prefix) []string
|
||||||
ExpandAlias(string) (*netipx.IPSet, error)
|
IPsForUser(string) (*netipx.IPSet, error)
|
||||||
SetPolicy([]byte) (bool, error)
|
SetPolicy([]byte) (bool, error)
|
||||||
SetUsers(users []types.User) (bool, error)
|
SetUsers(users []types.User) (bool, error)
|
||||||
SetNodes(nodes types.Nodes) (bool, error)
|
SetNodes(nodes types.Nodes) (bool, error)
|
||||||
|
@ -172,8 +172,8 @@ func (pm *PolicyManagerV1) ApproversForRoute(route netip.Prefix) []string {
|
||||||
return approvers
|
return approvers
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pm *PolicyManagerV1) ExpandAlias(alias string) (*netipx.IPSet, error) {
|
func (pm *PolicyManagerV1) IPsForUser(user string) (*netipx.IPSet, error) {
|
||||||
ips, err := pm.pol.ExpandAlias(pm.nodes, pm.users, alias)
|
ips, err := pm.pol.ExpandAlias(pm.nodes, pm.users, user)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -488,9 +488,6 @@ func (m *mapSession) handleEndpointUpdate() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(kradalby): Only update the node that has actually changed
|
|
||||||
nodesChangedHook(m.h.db, m.h.polMan, m.h.nodeNotifier)
|
|
||||||
|
|
||||||
if m.h.polMan != nil {
|
if m.h.polMan != nil {
|
||||||
// update routes with peer information
|
// update routes with peer information
|
||||||
err := m.h.db.EnableAutoApprovedRoutes(m.h.polMan, m.node)
|
err := m.h.db.EnableAutoApprovedRoutes(m.h.polMan, m.node)
|
||||||
|
|
Loading…
Reference in a new issue