policy: calculate changed based on policy and filter

v1 is a bit simpler than v2, it does not pre calculate the auto approver map and we cannot tell if it is changed. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-05-23 01:15:27 +02:00 · 2025-03-31 08:32:44 +02:00 · 2025-03-31 08:32:44 +02:00 · 414fea91f0
commit 414fea91f0
parent e02987cfef
1 changed files with 8 additions and 4 deletions
--- a/hscontrol/policy/v1/policy.go
+++ b/hscontrol/policy/v1/policy.go
@ -53,14 +53,15 @@ func NewPolicyManager(polB []byte, users []types.User, nodes types.Nodes) (*Poli
 }

 type PolicyManager struct {
-	mu  sync.Mutex
-	pol *ACLPolicy
+	mu      sync.Mutex
+	pol     *ACLPolicy
+	polHash deephash.Sum

 	users []types.User
 	nodes types.Nodes

-	filterHash deephash.Sum
 	filter     []tailcfg.FilterRule
+	filterHash deephash.Sum
 }

 // updateLocked updates the filter rules based on the current policy and nodes.
@ -71,13 +72,16 @@ func (pm *PolicyManager) updateLocked() (bool, error) {
 		return false, fmt.Errorf("compiling filter rules: %w", err)
 	}

+	polHash := deephash.Hash(pm.pol)
 	filterHash := deephash.Hash(&filter)
-	if filterHash == pm.filterHash {
+
+	if polHash == pm.polHash && filterHash == pm.filterHash {
 		return false, nil
 	}

 	pm.filter = filter
 	pm.filterHash = filterHash
+	pm.polHash = polHash

 	return true, nil
 }