From 236ad30d61216c3034d7f21f2d00f8e6ab7f3ee5 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Wed, 26 Feb 2025 19:28:39 +0100 Subject: [PATCH] use policy manager tag handling Signed-off-by: Kristoffer Dalby --- hscontrol/grpcv1.go | 7 +++- hscontrol/mapper/tail.go | 7 +++- hscontrol/types/node.go | 70 ++++++++++++++++++++++++++++++++++++---- 3 files changed, 76 insertions(+), 8 deletions(-) diff --git a/hscontrol/grpcv1.go b/hscontrol/grpcv1.go index afe916db..66f2b02f 100644 --- a/hscontrol/grpcv1.go +++ b/hscontrol/grpcv1.go @@ -525,7 +525,12 @@ func nodesToProto(polMan policy.PolicyManager, isLikelyConnected *xsync.MapOf[ty resp.Online = true } - tags := polMan.Tags(node) + var tags []string + for _, tag := range node.RequestTags() { + if polMan.NodeCanHaveTag(node, tag) { + tags = append(tags, tag) + } + } resp.ValidTags = lo.Uniq(append(tags, node.ForcedTags...)) response[index] = resp } diff --git a/hscontrol/mapper/tail.go b/hscontrol/mapper/tail.go index 4a285290..9e3ff4cf 100644 --- a/hscontrol/mapper/tail.go +++ b/hscontrol/mapper/tail.go @@ -81,7 +81,12 @@ func tailNode( return nil, fmt.Errorf("tailNode, failed to create FQDN: %s", err) } - tags := polMan.Tags(node) + var tags []string + for _, tag := range node.RequestTags() { + if polMan.NodeCanHaveTag(node, tag) { + tags = append(tags, tag) + } + } tags = lo.Uniq(append(tags, node.ForcedTags...)) tNode := tailcfg.Node{ diff --git a/hscontrol/types/node.go b/hscontrol/types/node.go index 7f63d74f..e506a2c5 100644 --- a/hscontrol/types/node.go +++ b/hscontrol/types/node.go @@ -150,6 +150,68 @@ func (node *Node) IPs() []netip.Addr { return ret } +// HasIP reports if a node has a given IP address. +func (node *Node) HasIP(i netip.Addr) bool { + for _, ip := range node.IPs() { + if ip.Compare(i) == 0 { + return true + } + } + return false +} + +// IsTagged reports if a device is tagged +// and therefore should not be treated as a +// user owned device. +// Currently, this function only handles tags set +// via CLI ("forced tags" and preauthkeys) +func (node *Node) IsTagged() bool { + if len(node.ForcedTags) > 0 { + return true + } + + if node.AuthKey != nil && len(node.AuthKey.Tags) > 0 { + return true + } + + if node.Hostinfo == nil { + return false + } + + // TODO(kradalby): Figure out how tagging should work + // and hostinfo.requestedtags. + // Do this in other work. + + return false +} + +// HasTag reports if a node has a given tag. +// Currently, this function only handles tags set +// via CLI ("forced tags" and preauthkeys) +func (node *Node) HasTag(tag string) bool { + if slices.Contains(node.ForcedTags, tag) { + return true + } + + if node.AuthKey != nil && slices.Contains(node.AuthKey.Tags, tag) { + return true + } + + // TODO(kradalby): Figure out how tagging should work + // and hostinfo.requestedtags. + // Do this in other work. + + return false +} + +func (node *Node) RequestTags() []string { + if node.Hostinfo == nil { + return []string{} + } + + return node.Hostinfo.RequestTags +} + func (node *Node) Prefixes() []netip.Prefix { addrs := []netip.Prefix{} for _, nodeAddress := range node.IPs() { @@ -163,12 +225,8 @@ func (node *Node) Prefixes() []netip.Prefix { func (node *Node) IPsAsString() []string { var ret []string - if node.IPv4 != nil { - ret = append(ret, node.IPv4.String()) - } - - if node.IPv6 != nil { - ret = append(ret, node.IPv6.String()) + for _, ip := range node.IPs() { + ret = append(ret, ip.String()) } return ret