Redo route code (#2422)

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-02-26 07:22:55 -08:00 · 2025-02-26 07:22:55 -08:00 · 7891378f57
commit 7891378f57
parent 16868190c8
53 changed files with 2977 additions and 6251 deletions
--- a/hscontrol/db/node_test.go
+++ b/hscontrol/db/node_test.go
@ -15,12 +15,10 @@ import (
 	"github.com/juanfont/headscale/hscontrol/policy"
 	"github.com/juanfont/headscale/hscontrol/types"
 	"github.com/juanfont/headscale/hscontrol/util"
-	"github.com/puzpuzpuz/xsync/v3"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"gopkg.in/check.v1"
 	"gorm.io/gorm"
-	"tailscale.com/net/tsaddr"
 	"tailscale.com/tailcfg"
 	"tailscale.com/types/key"
 	"tailscale.com/types/ptr"
@ -102,7 +100,7 @@ func (s *Suite) TestHardDeleteNode(c *check.C) {
 	trx := db.DB.Save(&node)
 	c.Assert(trx.Error, check.IsNil)

-	_, err = db.DeleteNode(&node, xsync.NewMapOf[types.NodeID, bool]())
+	err = db.DeleteNode(&node)
 	c.Assert(err, check.IsNil)

 	_, err = db.getNode(types.UserID(user.ID), "testnode3")
@ -458,142 +456,143 @@ func TestHeadscale_generateGivenName(t *testing.T) {
 	}
 }

-func TestAutoApproveRoutes(t *testing.T) {
-	tests := []struct {
-		name   string
-		acl    string
-		routes []netip.Prefix
-		want   []netip.Prefix
-	}{
-		{
-			name: "2068-approve-issue-sub",
-			acl: `
-{
-	"groups": {
-		"group:k8s": ["test"]
-	},
+// TODO(kradalby): replace this test
+// func TestAutoApproveRoutes(t *testing.T) {
+// 	tests := []struct {
+// 		name   string
+// 		acl    string
+// 		routes []netip.Prefix
+// 		want   []netip.Prefix
+// 	}{
+// 		{
+// 			name: "2068-approve-issue-sub",
+// 			acl: `
+// {
+// 	"groups": {
+// 		"group:k8s": ["test"]
+// 	},

-	"acls": [
-		{"action": "accept", "users": ["*"], "ports": ["*:*"]},
-	],
+// 	"acls": [
+// 		{"action": "accept", "users": ["*"], "ports": ["*:*"]},
+// 	],

-	"autoApprovers": {
-		"routes": {
-			"10.42.0.0/16": ["test"],
-		}
-	}
-}`,
-			routes: []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
-			want:   []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
-		},
-		{
-			name: "2068-approve-issue-sub",
-			acl: `
-{
-	"tagOwners": {
-		"tag:exit": ["test"],
-	},
+// 	"autoApprovers": {
+// 		"routes": {
+// 			"10.42.0.0/16": ["test"],
+// 		}
+// 	}
+// }`,
+// 			routes: []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
+// 			want:   []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
+// 		},
+// 		{
+// 			name: "2068-approve-issue-sub",
+// 			acl: `
+// {
+// 	"tagOwners": {
+// 		"tag:exit": ["test"],
+// 	},

-	"groups": {
-		"group:test": ["test"]
-	},
+// 	"groups": {
+// 		"group:test": ["test"]
+// 	},

-	"acls": [
-		{"action": "accept", "users": ["*"], "ports": ["*:*"]},
-	],
+// 	"acls": [
+// 		{"action": "accept", "users": ["*"], "ports": ["*:*"]},
+// 	],

-	"autoApprovers": {
-		"exitNode": ["tag:exit"],
-		"routes": {
-			"10.10.0.0/16": ["group:test"],
-			"10.11.0.0/16": ["test"],
-		}
-	}
-}`,
-			routes: []netip.Prefix{
-				tsaddr.AllIPv4(),
-				tsaddr.AllIPv6(),
-				netip.MustParsePrefix("10.10.0.0/16"),
-				netip.MustParsePrefix("10.11.0.0/24"),
-			},
-			want: []netip.Prefix{
-				tsaddr.AllIPv4(),
-				netip.MustParsePrefix("10.10.0.0/16"),
-				netip.MustParsePrefix("10.11.0.0/24"),
-				tsaddr.AllIPv6(),
-			},
-		},
-	}
+// 	"autoApprovers": {
+// 		"exitNode": ["tag:exit"],
+// 		"routes": {
+// 			"10.10.0.0/16": ["group:test"],
+// 			"10.11.0.0/16": ["test"],
+// 		}
+// 	}
+// }`,
+// 			routes: []netip.Prefix{
+// 				tsaddr.AllIPv4(),
+// 				tsaddr.AllIPv6(),
+// 				netip.MustParsePrefix("10.10.0.0/16"),
+// 				netip.MustParsePrefix("10.11.0.0/24"),
+// 			},
+// 			want: []netip.Prefix{
+// 				tsaddr.AllIPv4(),
+// 				netip.MustParsePrefix("10.10.0.0/16"),
+// 				netip.MustParsePrefix("10.11.0.0/24"),
+// 				tsaddr.AllIPv6(),
+// 			},
+// 		},
+// 	}

-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			adb, err := newSQLiteTestDB()
-			require.NoError(t, err)
-			pol, err := policy.LoadACLPolicyFromBytes([]byte(tt.acl))
+// 	for _, tt := range tests {
+// 		t.Run(tt.name, func(t *testing.T) {
+// 			adb, err := newSQLiteTestDB()
+// 			require.NoError(t, err)
+// 			pol, err := policy.LoadACLPolicyFromBytes([]byte(tt.acl))

-			require.NoError(t, err)
-			require.NotNil(t, pol)
+// 			require.NoError(t, err)
+// 			require.NotNil(t, pol)

-			user, err := adb.CreateUser(types.User{Name: "test"})
-			require.NoError(t, err)
+// 			user, err := adb.CreateUser(types.User{Name: "test"})
+// 			require.NoError(t, err)

-			pak, err := adb.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
-			require.NoError(t, err)
+// 			pak, err := adb.CreatePreAuthKey(types.UserID(user.ID), false, nil, nil)
+// 			require.NoError(t, err)

-			nodeKey := key.NewNode()
-			machineKey := key.NewMachine()
+// 			nodeKey := key.NewNode()
+// 			machineKey := key.NewMachine()

-			v4 := netip.MustParseAddr("100.64.0.1")
-			node := types.Node{
-				ID:             0,
-				MachineKey:     machineKey.Public(),
-				NodeKey:        nodeKey.Public(),
-				Hostname:       "test",
-				UserID:         user.ID,
-				RegisterMethod: util.RegisterMethodAuthKey,
-				AuthKeyID:      ptr.To(pak.ID),
-				Hostinfo: &tailcfg.Hostinfo{
-					RequestTags: []string{"tag:exit"},
-					RoutableIPs: tt.routes,
-				},
-				IPv4: &v4,
-			}
+// 			v4 := netip.MustParseAddr("100.64.0.1")
+// 			node := types.Node{
+// 				ID:             0,
+// 				MachineKey:     machineKey.Public(),
+// 				NodeKey:        nodeKey.Public(),
+// 				Hostname:       "test",
+// 				UserID:         user.ID,
+// 				RegisterMethod: util.RegisterMethodAuthKey,
+// 				AuthKeyID:      ptr.To(pak.ID),
+// 				Hostinfo: &tailcfg.Hostinfo{
+// 					RequestTags: []string{"tag:exit"},
+// 					RoutableIPs: tt.routes,
+// 				},
+// 				IPv4: &v4,
+// 			}

-			trx := adb.DB.Save(&node)
-			require.NoError(t, trx.Error)
+// 			trx := adb.DB.Save(&node)
+// 			require.NoError(t, trx.Error)

-			sendUpdate, err := adb.SaveNodeRoutes(&node)
-			require.NoError(t, err)
-			assert.False(t, sendUpdate)
+// 			sendUpdate, err := adb.SaveNodeRoutes(&node)
+// 			require.NoError(t, err)
+// 			assert.False(t, sendUpdate)

-			node0ByID, err := adb.GetNodeByID(0)
-			require.NoError(t, err)
+// 			node0ByID, err := adb.GetNodeByID(0)
+// 			require.NoError(t, err)

-			users, err := adb.ListUsers()
-			assert.NoError(t, err)
+// 			users, err := adb.ListUsers()
+// 			assert.NoError(t, err)

-			nodes, err := adb.ListNodes()
-			assert.NoError(t, err)
+// 			nodes, err := adb.ListNodes()
+// 			assert.NoError(t, err)

-			pm, err := policy.NewPolicyManager([]byte(tt.acl), users, nodes)
-			assert.NoError(t, err)
+// 			pm, err := policy.NewPolicyManager([]byte(tt.acl), users, nodes)
+// 			assert.NoError(t, err)

-			// TODO(kradalby): Check state update
-			err = adb.EnableAutoApprovedRoutes(pm, node0ByID)
-			require.NoError(t, err)
+// 			// TODO(kradalby): Check state update
+// 			err = adb.EnableAutoApprovedRoutes(pm, node0ByID)
+// 			require.NoError(t, err)

-			enabledRoutes, err := adb.GetEnabledRoutes(node0ByID)
-			require.NoError(t, err)
-			assert.Len(t, enabledRoutes, len(tt.want))
+// 			enabledRoutes, err := adb.GetEnabledRoutes(node0ByID)
+// 			require.NoError(t, err)
+// 			assert.Len(t, enabledRoutes, len(tt.want))

-			tsaddr.SortPrefixes(enabledRoutes)
+// 			tsaddr.SortPrefixes(enabledRoutes)

-			if diff := cmp.Diff(tt.want, enabledRoutes, util.Comparers...); diff != "" {
-				t.Errorf("unexpected enabled routes (-want +got):\n%s", diff)
-			}
-		})
-	}
-}
+// 			if diff := cmp.Diff(tt.want, enabledRoutes, util.Comparers...); diff != "" {
+// 				t.Errorf("unexpected enabled routes (-want +got):\n%s", diff)
+// 			}
+// 		})
+// 	}
+// }

 func TestEphemeralGarbageCollectorOrder(t *testing.T) {
 	want := []types.NodeID{1, 3}