Merge 014ee87066 into 0c98d09783

update integration test build
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-26 08:53:05 +00:00 · 2024-10-29 19:03:08 +00:00 · 2024-10-29 15:02:53 -04:00 · 2024-10-29 14:16:10 +00:00 · 2024-10-29 08:40:15 -04:00
6 changed files with 15 additions and 9 deletions
--- a/.github/workflows/test-integration.yaml
+++ b/.github/workflows/test-integration.yaml
@ -30,8 +30,7 @@ jobs:
          - TestPreAuthKeyCorrectUserLoggedInCommand
          - TestApiKeyCommand
          - TestNodeTagCommand
-          - TestNodeAdvertiseTagNoACLCommand
-          - TestNodeAdvertiseTagWithACLCommand
+          - TestNodeAdvertiseTagCommand
          - TestNodeCommand
          - TestNodeExpireCommand
          - TestNodeRenameCommand
--- a/flake.lock
+++ b/flake.lock
@ -20,11 +20,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1728093190,
-        "narHash": "sha256-CAZF2NRuHmqTtRTNAruWpHA43Gg2UvuCNEIzabP0l6M=",
+        "lastModified": 1729850857,
+        "narHash": "sha256-WvLXzNNnnw+qpFOmgaM3JUlNEH+T4s22b5i2oyyCpXE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da",
+        "rev": "41dea55321e5a999b17033296ac05fe8a8b5a257",
        "type": "github"
      },
      "original": {
--- a/hscontrol/app.go
+++ b/hscontrol/app.go
@ -478,6 +478,8 @@ func (h *Headscale) createRouter(grpcMux *grpcRuntime.ServeMux) *mux.Router {
 	return router
 }

+// TODO(kradalby): Do a variant of this, and polman which only updates the node that has changed.
+// Maybe we should attempt a new in memory state and not go via the DB?
 func usersChangedHook(db *db.HSDatabase, polMan policy.PolicyManager, notif *notifier.Notifier) error {
 	users, err := db.ListUsers()
 	if err != nil {
@ -499,6 +501,8 @@ func usersChangedHook(db *db.HSDatabase, polMan policy.PolicyManager, notif *not
 	return nil
 }

+// TODO(kradalby): Do a variant of this, and polman which only updates the node that has changed.
+// Maybe we should attempt a new in memory state and not go via the DB?
 func nodesChangedHook(db *db.HSDatabase, polMan policy.PolicyManager, notif *notifier.Notifier) error {
 	nodes, err := db.ListNodes()
 	if err != nil {
--- a/hscontrol/db/routes.go
+++ b/hscontrol/db/routes.go
@ -644,7 +644,7 @@ func EnableAutoApprovedRoutes(
 				approvedRoutes = append(approvedRoutes, advertisedRoute)
 			} else {
 				// TODO(kradalby): figure out how to get this to depend on less stuff
-				approvedIps, err := polMan.IPsForUser(approvedAlias)
+				approvedIps, err := polMan.ExpandAlias(approvedAlias)
 				if err != nil {
 					return fmt.Errorf("expanding alias %q for autoApprovers: %w", approvedAlias, err)
 				}
--- a/hscontrol/policy/pm.go
+++ b/hscontrol/policy/pm.go
@ -18,7 +18,7 @@ type PolicyManager interface {
 	SSHPolicy(*types.Node) (*tailcfg.SSHPolicy, error)
 	Tags(*types.Node) []string
 	ApproversForRoute(netip.Prefix) []string
-	IPsForUser(string) (*netipx.IPSet, error)
+	ExpandAlias(string) (*netipx.IPSet, error)
 	SetPolicy([]byte) (bool, error)
 	SetUsers(users []types.User) (bool, error)
 	SetNodes(nodes types.Nodes) (bool, error)
@ -172,8 +172,8 @@ func (pm *PolicyManagerV1) ApproversForRoute(route netip.Prefix) []string {
 	return approvers
 }

-func (pm *PolicyManagerV1) IPsForUser(user string) (*netipx.IPSet, error) {
-	ips, err := pm.pol.ExpandAlias(pm.nodes, pm.users, user)
+func (pm *PolicyManagerV1) ExpandAlias(alias string) (*netipx.IPSet, error) {
+	ips, err := pm.pol.ExpandAlias(pm.nodes, pm.users, alias)
 	if err != nil {
 		return nil, err
 	}
--- a/hscontrol/poll.go
+++ b/hscontrol/poll.go
@ -488,6 +488,9 @@ func (m *mapSession) handleEndpointUpdate() {
 			return
 		}

+		// TODO(kradalby): Only update the node that has actually changed
+		nodesChangedHook(m.h.db, m.h.polMan, m.h.nodeNotifier)
+
 		if m.h.polMan != nil {
 			// update routes with peer information
 			err := m.h.db.EnableAutoApprovedRoutes(m.h.polMan, m.node)
Author	SHA1	Message	Date
Kristoffer Dalby	0cca787dca	Merge `014ee87066` into `0c98d09783`	2024-10-29 19:03:08 +00:00
Kristoffer Dalby	014ee87066	update integration test build Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-10-29 15:02:53 -04:00
github-actions[bot]	0c98d09783	Update flake.lock (#2195 ) Some checks failed Build / build (push) Has been cancelled Details Build documentation / build (push) Has been cancelled Details Build documentation / deploy (push) Has been cancelled Details Tests / test (push) Has been cancelled Details Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da?narHash=sha256-CAZF2NRuHmqTtRTNAruWpHA43Gg2UvuCNEIzabP0l6M%3D' (2024-10-05) → 'github:NixOS/nixpkgs/41dea55321e5a999b17033296ac05fe8a8b5a257?narHash=sha256-WvLXzNNnnw%2BqpFOmgaM3JUlNEH%2BT4s22b5i2oyyCpXE%3D' (2024-10-25) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2024-10-29 14:16:10 +00:00
Kristoffer Dalby	a942fcf50a	fix autoapprove Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2024-10-29 08:40:15 -04:00