eyjhb/headscale
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Make matchers part of the Policy interface (#2514)

Browse source 
* Make matchers part of the Policy interface

* Prevent race condition between rules and matchers

* Test also matchers in tests for Policy.Filter

* Compute `filterChanged` in v2 policy correctly

* Fix nil vs. empty list issue in v2 policy test

* policy/v2: always clear ssh map

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Co-authored-by: Aras Ergus <aras.ergus@tngtech.com>
Co-authored-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
aergus-tng 2025-05-01 07:06:30 +02:00 committed by GitHub
parent eb1ecefd9e
commit 4651d06fa8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 89 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hscontrol/policy/v1/policy.go
View file

@ -2,6 +2,7 @@ package v1
import (
"fmt"
"github.com/juanfont/headscale/hscontrol/policy/matcher"
"io"
"net/netip"
"os"
@ -88,10 +89,10 @@ func (pm *PolicyManager) updateLocked() (bool, error) {
return true, nil
}
func (pm *PolicyManager) Filter() []tailcfg.FilterRule {
func (pm *PolicyManager) Filter() ([]tailcfg.FilterRule, []matcher.Match) {
pm.mu.Lock()
defer pm.mu.Unlock()
return pm.filter
return pm.filter, matcher.MatchesFromFilterRules(pm.filter)
}
func (pm *PolicyManager) SSHPolicy(node *types.Node) (*tailcfg.SSHPolicy, error) {