ensure renabled auto-approve routes works (#1670)

2024-01-18 16:36:47 +01:00 · 2024-01-18 16:36:47 +01:00 · 65376e2842
commit 65376e2842
parent 7e8bf4bfe5
4 changed files with 236 additions and 3 deletions
--- a/hscontrol/db/routes.go
+++ b/hscontrol/db/routes.go
@ -639,13 +639,19 @@ func (hsdb *HSDatabase) EnableAutoApprovedRoutes(
 	aclPolicy *policy.ACLPolicy,
 	node *types.Node,
 ) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
+	if len(aclPolicy.AutoApprovers.ExitNode) == 0 && len(aclPolicy.AutoApprovers.Routes) == 0 {
+		// No autoapprovers configured
+		return nil
+	}

 	if len(node.IPAddresses) == 0 {
-		return nil // This node has no IPAddresses, so can't possibly match any autoApprovers ACLs
+		// This node has no IPAddresses, so can't possibly match any autoApprovers ACLs
+		return nil
 	}

+	hsdb.mu.Lock()
+	defer hsdb.mu.Unlock()
+
 	routes, err := hsdb.getNodeAdvertisedRoutes(node)
 	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
 		log.Error().
@ -657,6 +663,8 @@ func (hsdb *HSDatabase) EnableAutoApprovedRoutes(
 		return err
 	}

+	log.Trace().Interface("routes", routes).Msg("routes for autoapproving")
+
 	approvedRoutes := types.Routes{}

 	for _, advertisedRoute := range routes {
@ -676,6 +684,13 @@ func (hsdb *HSDatabase) EnableAutoApprovedRoutes(
 			return err
 		}

+		log.Trace().
+			Str("node", node.Hostname).
+			Str("user", node.User.Name).
+			Strs("routeApprovers", routeApprovers).
+			Str("prefix", netip.Prefix(advertisedRoute.Prefix).String()).
+			Msg("looking up route for autoapproving")
+
 		for _, approvedAlias := range routeApprovers {
 			if approvedAlias == node.User.Name {
 				approvedRoutes = append(approvedRoutes, advertisedRoute)