2024-11-26 17:03:06 +00:00
5 changed files with 6 additions and 12 deletions
--- a/.github/workflows/test-integration.yaml
+++ b/.github/workflows/test-integration.yaml
@ -30,7 +30,8 @@ jobs:
          - TestPreAuthKeyCorrectUserLoggedInCommand
          - TestApiKeyCommand
          - TestNodeTagCommand
-          - TestNodeAdvertiseTagCommand
+          - TestNodeAdvertiseTagNoACLCommand
          - TestNodeAdvertiseTagWithACLCommand
          - TestNodeCommand
          - TestNodeExpireCommand
          - TestNodeRenameCommand
--- a/hscontrol/app.go
+++ b/hscontrol/app.go
@ -478,8 +478,6 @@ func (h *Headscale) createRouter(grpcMux *grpcRuntime.ServeMux) *mux.Router {
 	return router
 }
 // TODO(kradalby): Do a variant of this, and polman which only updates the node that has changed.
 // Maybe we should attempt a new in memory state and not go via the DB?
 func usersChangedHook(db *db.HSDatabase, polMan policy.PolicyManager, notif *notifier.Notifier) error {
 	users, err := db.ListUsers()
 	if err != nil {
@ -501,8 +499,6 @@ func usersChangedHook(db *db.HSDatabase, polMan policy.PolicyManager, notif *not
 	return nil
 }
 // TODO(kradalby): Do a variant of this, and polman which only updates the node that has changed.
 // Maybe we should attempt a new in memory state and not go via the DB?
 func nodesChangedHook(db *db.HSDatabase, polMan policy.PolicyManager, notif *notifier.Notifier) error {
 	nodes, err := db.ListNodes()
 	if err != nil {
--- a/hscontrol/db/routes.go
+++ b/hscontrol/db/routes.go
@ -644,7 +644,7 @@ func EnableAutoApprovedRoutes(
 				approvedRoutes = append(approvedRoutes, advertisedRoute)
 			} else {
 				// TODO(kradalby): figure out how to get this to depend on less stuff
-				approvedIps, err := polMan.ExpandAlias(approvedAlias)
+				approvedIps, err := polMan.IPsForUser(approvedAlias)
 				if err != nil {
 					return fmt.Errorf("expanding alias %q for autoApprovers: %w", approvedAlias, err)
 				}
--- a/hscontrol/policy/pm.go
+++ b/hscontrol/policy/pm.go
@ -18,7 +18,7 @@ type PolicyManager interface {
 	SSHPolicy(*types.Node) (*tailcfg.SSHPolicy, error)
 	Tags(*types.Node) []string
 	ApproversForRoute(netip.Prefix) []string
-	ExpandAlias(string) (*netipx.IPSet, error)
+	IPsForUser(string) (*netipx.IPSet, error)
 	SetPolicy([]byte) (bool, error)
 	SetUsers(users []types.User) (bool, error)
 	SetNodes(nodes types.Nodes) (bool, error)
@ -172,8 +172,8 @@ func (pm *PolicyManagerV1) ApproversForRoute(route netip.Prefix) []string {
 	return approvers
 }
-func (pm *PolicyManagerV1) ExpandAlias(alias string) (*netipx.IPSet, error) {
+func (pm *PolicyManagerV1) IPsForUser(user string) (*netipx.IPSet, error) {
-	ips, err := pm.pol.ExpandAlias(pm.nodes, pm.users, alias)
+	ips, err := pm.pol.ExpandAlias(pm.nodes, pm.users, user)
 	if err != nil {
 		return nil, err
 	}
--- a/hscontrol/poll.go
+++ b/hscontrol/poll.go
@ -488,9 +488,6 @@ func (m *mapSession) handleEndpointUpdate() {
 			return
 		}
 		// TODO(kradalby): Only update the node that has actually changed
 		nodesChangedHook(m.h.db, m.h.polMan, m.h.nodeNotifier)
 		if m.h.polMan != nil {
 			// update routes with peer information
 			err := m.h.db.EnableAutoApprovedRoutes(m.h.polMan, m.node)