fix auto approver on register and new policy (#2506)

* fix issue auto approve route on register bug This commit fixes an issue where routes where not approved on a node during registration. This cause the auto approval to require the node to readvertise the routes. Fixes #2497 Fixes #2485 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * hsic: only set db policy if exist Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy: calculate changed based on policy and filter v1 is a bit simpler than v2, it does not pre calculate the auto approver map and we cannot tell if it is changed. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-03-31 15:55:07 +02:00 · 2025-03-31 15:55:07 +02:00 · 5a18e91317
commit 5a18e91317
parent e3521be705
10 changed files with 575 additions and 217 deletions
--- a/hscontrol/policy/v1/policy.go
+++ b/hscontrol/policy/v1/policy.go
@ -53,14 +53,15 @@ func NewPolicyManager(polB []byte, users []types.User, nodes types.Nodes) (*Poli
 }

 type PolicyManager struct {
-	mu  sync.Mutex
-	pol *ACLPolicy
+	mu      sync.Mutex
+	pol     *ACLPolicy
+	polHash deephash.Sum

 	users []types.User
 	nodes types.Nodes

-	filterHash deephash.Sum
 	filter     []tailcfg.FilterRule
+	filterHash deephash.Sum
 }

 // updateLocked updates the filter rules based on the current policy and nodes.
@ -71,13 +72,16 @@ func (pm *PolicyManager) updateLocked() (bool, error) {
 		return false, fmt.Errorf("compiling filter rules: %w", err)
 	}

+	polHash := deephash.Hash(pm.pol)
 	filterHash := deephash.Hash(&filter)
-	if filterHash == pm.filterHash {
+
+	if polHash == pm.polHash && filterHash == pm.filterHash {
 		return false, nil
 	}

 	pm.filter = filter
 	pm.filterHash = filterHash
+	pm.polHash = polHash

 	return true, nil
 }