introduce mapper package

The mapper package contains functions related to creating and marshalling reponses to machines. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-26 11:26:34 +01:00 · 2023-05-26 11:26:34 +01:00 · f7f472ae07
commit f7f472ae07
parent 699655a93f
18 changed files with 780 additions and 1063 deletions
--- a/hscontrol/db/machine.go
+++ b/hscontrol/db/machine.go
@ -39,15 +39,7 @@ var (
 	)
 )

-// filterMachinesByACL wrapper function to not have devs pass around locks and maps
-// related to the application outside of tests.
-func (hsdb *HSDatabase) filterMachinesByACL(
-	aclRules []tailcfg.FilterRule,
-	currentMachine *types.Machine, peers types.Machines,
-) types.Machines {
-	return policy.FilterMachinesByACL(currentMachine, peers, aclRules)
-}
-
+// ListPeers returns all peers of machine, regardless of any Policy.
 func (hsdb *HSDatabase) ListPeers(machine *types.Machine) (types.Machines, error) {
 	log.Trace().
 		Caller().
@ -72,67 +64,6 @@ func (hsdb *HSDatabase) ListPeers(machine *types.Machine) (types.Machines, error
 	return machines, nil
 }

-func (hsdb *HSDatabase) getPeers(
-	aclRules []tailcfg.FilterRule,
-	machine *types.Machine,
-) (types.Machines, error) {
-	var peers types.Machines
-	var err error
-
-	// If ACLs rules are defined, filter visible host list with the ACLs
-	// else use the classic user scope
-	if len(aclRules) > 0 {
-		var machines []types.Machine
-		machines, err = hsdb.ListMachines()
-		if err != nil {
-			log.Error().Err(err).Msg("Error retrieving list of machines")
-
-			return types.Machines{}, err
-		}
-		peers = hsdb.filterMachinesByACL(aclRules, machine, machines)
-	} else {
-		peers, err = hsdb.ListPeers(machine)
-		if err != nil {
-			log.Error().
-				Caller().
-				Err(err).
-				Msg("Cannot fetch peers")
-
-			return types.Machines{}, err
-		}
-	}
-
-	sort.Slice(peers, func(i, j int) bool { return peers[i].ID < peers[j].ID })
-
-	log.Trace().
-		Caller().
-		Str("self", machine.Hostname).
-		Str("peers", peers.String()).
-		Msg("Peers returned to caller")
-
-	return peers, nil
-}
-
-func (hsdb *HSDatabase) GetValidPeers(
-	aclRules []tailcfg.FilterRule,
-	machine *types.Machine,
-) (types.Machines, error) {
-	validPeers := make(types.Machines, 0)
-
-	peers, err := hsdb.getPeers(aclRules, machine)
-	if err != nil {
-		return types.Machines{}, err
-	}
-
-	for _, peer := range peers {
-		if !peer.IsExpired() {
-			validPeers = append(validPeers, peer)
-		}
-	}
-
-	return validPeers, nil
-}
-
 func (hsdb *HSDatabase) ListMachines() ([]types.Machine, error) {
 	machines := []types.Machine{}
 	if err := hsdb.db.Preload("AuthKey").Preload("AuthKey.User").Preload("User").Find(&machines).Error; err != nil {
--- a/hscontrol/db/machine_test.go
+++ b/hscontrol/db/machine_test.go
@ -293,8 +293,8 @@ func (s *Suite) TestGetACLFilteredPeers(c *check.C) {
 	aclRules, _, err := policy.GenerateFilterRules(aclPolicy, machines, false)
 	c.Assert(err, check.IsNil)

-	peersOfTestMachine := db.filterMachinesByACL(aclRules, testMachine, machines)
-	peersOfAdminMachine := db.filterMachinesByACL(aclRules, adminMachine, machines)
+	peersOfTestMachine := policy.FilterMachinesByACL(testMachine, machines, aclRules)
+	peersOfAdminMachine := policy.FilterMachinesByACL(adminMachine, machines, aclRules)

 	c.Log(peersOfTestMachine)
 	c.Assert(len(peersOfTestMachine), check.Equals, 9)
--- a/hscontrol/db/users.go
+++ b/hscontrol/db/users.go
@ -2,13 +2,11 @@ package db

 import (
 	"errors"
-	"fmt"

 	"github.com/juanfont/headscale/hscontrol/types"
 	"github.com/juanfont/headscale/hscontrol/util"
 	"github.com/rs/zerolog/log"
 	"gorm.io/gorm"
-	"tailscale.com/tailcfg"
 )

 var (
@ -163,32 +161,3 @@ func (hsdb *HSDatabase) SetMachineUser(machine *types.Machine, username string)

 	return nil
 }
-
-func (hsdb *HSDatabase) GetMapResponseUserProfiles(
-	machine types.Machine,
-	peers types.Machines,
-) []tailcfg.UserProfile {
-	userMap := make(map[string]types.User)
-	userMap[machine.User.Name] = machine.User
-	for _, peer := range peers {
-		userMap[peer.User.Name] = peer.User // not worth checking if already is there
-	}
-
-	profiles := []tailcfg.UserProfile{}
-	for _, user := range userMap {
-		displayName := user.Name
-
-		if hsdb.baseDomain != "" {
-			displayName = fmt.Sprintf("%s@%s", user.Name, hsdb.baseDomain)
-		}
-
-		profiles = append(profiles,
-			tailcfg.UserProfile{
-				ID:          tailcfg.UserID(user.ID),
-				LoginName:   user.Name,
-				DisplayName: displayName,
-			})
-	}
-
-	return profiles
-}
--- a/hscontrol/db/users_test.go
+++ b/hscontrol/db/users_test.go
@ -1,13 +1,10 @@
 package db

 import (
-	"net/netip"
-
 	"github.com/juanfont/headscale/hscontrol/types"
 	"github.com/juanfont/headscale/hscontrol/util"
 	"gopkg.in/check.v1"
 	"gorm.io/gorm"
-	"tailscale.com/tailcfg"
 )

 func (s *Suite) TestCreateAndDestroyUser(c *check.C) {
@ -94,151 +91,6 @@ func (s *Suite) TestRenameUser(c *check.C) {
 	c.Assert(err, check.Equals, ErrUserExists)
 }

-func (s *Suite) TestGetMapResponseUserProfiles(c *check.C) {
-	userShared1, err := db.CreateUser("shared1")
-	c.Assert(err, check.IsNil)
-
-	userShared2, err := db.CreateUser("shared2")
-	c.Assert(err, check.IsNil)
-
-	userShared3, err := db.CreateUser("shared3")
-	c.Assert(err, check.IsNil)
-
-	preAuthKeyShared1, err := db.CreatePreAuthKey(
-		userShared1.Name,
-		false,
-		false,
-		nil,
-		nil,
-	)
-	c.Assert(err, check.IsNil)
-
-	preAuthKeyShared2, err := db.CreatePreAuthKey(
-		userShared2.Name,
-		false,
-		false,
-		nil,
-		nil,
-	)
-	c.Assert(err, check.IsNil)
-
-	preAuthKeyShared3, err := db.CreatePreAuthKey(
-		userShared3.Name,
-		false,
-		false,
-		nil,
-		nil,
-	)
-	c.Assert(err, check.IsNil)
-
-	preAuthKey2Shared1, err := db.CreatePreAuthKey(
-		userShared1.Name,
-		false,
-		false,
-		nil,
-		nil,
-	)
-	c.Assert(err, check.IsNil)
-
-	_, err = db.GetMachine(userShared1.Name, "test_get_shared_nodes_1")
-	c.Assert(err, check.NotNil)
-
-	machineInShared1 := &types.Machine{
-		ID:             1,
-		MachineKey:     "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		NodeKey:        "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		DiscoKey:       "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
-		Hostname:       "test_get_shared_nodes_1",
-		UserID:         userShared1.ID,
-		User:           *userShared1,
-		RegisterMethod: util.RegisterMethodAuthKey,
-		IPAddresses:    []netip.Addr{netip.MustParseAddr("100.64.0.1")},
-		AuthKeyID:      uint(preAuthKeyShared1.ID),
-	}
-	db.db.Save(machineInShared1)
-
-	_, err = db.GetMachine(userShared1.Name, machineInShared1.Hostname)
-	c.Assert(err, check.IsNil)
-
-	machineInShared2 := &types.Machine{
-		ID:             2,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		Hostname:       "test_get_shared_nodes_2",
-		UserID:         userShared2.ID,
-		User:           *userShared2,
-		RegisterMethod: util.RegisterMethodAuthKey,
-		IPAddresses:    []netip.Addr{netip.MustParseAddr("100.64.0.2")},
-		AuthKeyID:      uint(preAuthKeyShared2.ID),
-	}
-	db.db.Save(machineInShared2)
-
-	_, err = db.GetMachine(userShared2.Name, machineInShared2.Hostname)
-	c.Assert(err, check.IsNil)
-
-	machineInShared3 := &types.Machine{
-		ID:             3,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		Hostname:       "test_get_shared_nodes_3",
-		UserID:         userShared3.ID,
-		User:           *userShared3,
-		RegisterMethod: util.RegisterMethodAuthKey,
-		IPAddresses:    []netip.Addr{netip.MustParseAddr("100.64.0.3")},
-		AuthKeyID:      uint(preAuthKeyShared3.ID),
-	}
-	db.db.Save(machineInShared3)
-
-	_, err = db.GetMachine(userShared3.Name, machineInShared3.Hostname)
-	c.Assert(err, check.IsNil)
-
-	machine2InShared1 := &types.Machine{
-		ID:             4,
-		MachineKey:     "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		NodeKey:        "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		DiscoKey:       "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
-		Hostname:       "test_get_shared_nodes_4",
-		UserID:         userShared1.ID,
-		User:           *userShared1,
-		RegisterMethod: util.RegisterMethodAuthKey,
-		IPAddresses:    []netip.Addr{netip.MustParseAddr("100.64.0.4")},
-		AuthKeyID:      uint(preAuthKey2Shared1.ID),
-	}
-	db.db.Save(machine2InShared1)
-
-	peersOfMachine1InShared1, err := db.getPeers([]tailcfg.FilterRule{}, machineInShared1)
-	c.Assert(err, check.IsNil)
-
-	userProfiles := db.GetMapResponseUserProfiles(
-		*machineInShared1,
-		peersOfMachine1InShared1,
-	)
-
-	c.Assert(len(userProfiles), check.Equals, 3)
-
-	found := false
-	for _, userProfiles := range userProfiles {
-		if userProfiles.DisplayName == userShared1.Name {
-			found = true
-
-			break
-		}
-	}
-	c.Assert(found, check.Equals, true)
-
-	found = false
-	for _, userProfile := range userProfiles {
-		if userProfile.DisplayName == userShared2.Name {
-			found = true
-
-			break
-		}
-	}
-	c.Assert(found, check.Equals, true)
-}
-
 func (s *Suite) TestSetMachineUser(c *check.C) {
 	oldUser, err := db.CreateUser("old")
 	c.Assert(err, check.IsNil)