chop chop

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-10-28 10:51:44 +01:00 · 2025-02-13 15:38:25 +01:00 · 2025-02-13 15:38:25 +01:00 · fe9557a729
commit fe9557a729
parent 45566cc11d
7 changed files with 169 additions and 177 deletions
--- a/hscontrol/auth.go
+++ b/hscontrol/auth.go
@ -87,16 +87,13 @@ func (h *Headscale) handleExistingNode(
 		// If the request expiry is in the past, we consider it a logout.
 		if requestExpiry.Before(time.Now()) {
 			if node.IsEphemeral() {
-				changedNodes, err := h.db.DeleteNode(node, h.nodeNotifier.LikelyConnectedMap())
+				err := h.db.DeleteNode(node)
 				if err != nil {
 					return nil, fmt.Errorf("deleting ephemeral node: %w", err)
 				}

 				ctx := types.NotifyCtx(context.Background(), "logout-ephemeral", "na")
 				h.nodeNotifier.NotifyAll(ctx, types.UpdatePeerRemoved(node.ID))
-				if changedNodes != nil {
-					h.nodeNotifier.NotifyAll(ctx, types.UpdatePeerChanged(changedNodes...))
-				}
 			}

 			expired = true
--- a/hscontrol/db/db_test.go
+++ b/hscontrol/db/db_test.go
@ -454,3 +454,32 @@ func TestMigrationsPostgres(t *testing.T) {
 		})
 	}
 }
+
+func dbForTest(t *testing.T, testName string) *HSDatabase {
+	t.Helper()
+
+	tmpDir, err := os.MkdirTemp("", testName)
+	if err != nil {
+		t.Fatalf("creating tempdir: %s", err)
+	}
+
+	dbPath := tmpDir + "/headscale_test.db"
+
+	db, err = NewHeadscaleDatabase(
+		types.DatabaseConfig{
+			Type: "sqlite3",
+			Sqlite: types.SqliteConfig{
+				Path: dbPath,
+			},
+		},
+		"",
+		emptyCache(),
+	)
+	if err != nil {
+		t.Fatalf("setting up database: %s", err)
+	}
+
+	t.Logf("database set up at: %s", dbPath)
+
+	return db
+}
--- a/hscontrol/db/node_test.go
+++ b/hscontrol/db/node_test.go
@ -19,8 +19,6 @@ import (
 	"github.com/stretchr/testify/require"
 	"gopkg.in/check.v1"
 	"gorm.io/gorm"
-	"tailscale.com/net/tsaddr"
-	"tailscale.com/tailcfg"
 	"tailscale.com/types/key"
 	"tailscale.com/types/ptr"
 )
@ -457,142 +455,143 @@ func TestHeadscale_generateGivenName(t *testing.T) {
 	}
 }

-func TestAutoApproveRoutes(t *testing.T) {
-	tests := []struct {
-		name   string
-		acl    string
-		routes []netip.Prefix
-		want   []netip.Prefix
-	}{
-		{
-			name: "2068-approve-issue-sub",
-			acl: `
-{
-	"groups": {
-		"group:k8s": ["test"]
-	},
+// TODO(kradalby): replace this test
+// func TestAutoApproveRoutes(t *testing.T) {
+// 	tests := []struct {
+// 		name   string
+// 		acl    string
+// 		routes []netip.Prefix
+// 		want   []netip.Prefix
+// 	}{
+// 		{
+// 			name: "2068-approve-issue-sub",
+// 			acl: `
+// {
+// 	"groups": {
+// 		"group:k8s": ["test"]
+// 	},

-	"acls": [
-		{"action": "accept", "users": ["*"], "ports": ["*:*"]},
-	],
+// 	"acls": [
+// 		{"action": "accept", "users": ["*"], "ports": ["*:*"]},
+// 	],

-	"autoApprovers": {
-		"routes": {
-			"10.42.0.0/16": ["test"],
-		}
-	}
-}`,
-			routes: []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
-			want:   []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
-		},
-		{
-			name: "2068-approve-issue-sub",
-			acl: `
-{
-	"tagOwners": {
-		"tag:exit": ["test"],
-	},
+// 	"autoApprovers": {
+// 		"routes": {
+// 			"10.42.0.0/16": ["test"],
+// 		}
+// 	}
+// }`,
+// 			routes: []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
+// 			want:   []netip.Prefix{netip.MustParsePrefix("10.42.7.0/24")},
+// 		},
+// 		{
+// 			name: "2068-approve-issue-sub",
+// 			acl: `
+// {
+// 	"tagOwners": {
+// 		"tag:exit": ["test"],
+// 	},

-	"groups": {
-		"group:test": ["test"]
-	},
+// 	"groups": {
+// 		"group:test": ["test"]
+// 	},

-	"acls": [
-		{"action": "accept", "users": ["*"], "ports": ["*:*"]},
-	],
+// 	"acls": [
+// 		{"action": "accept", "users": ["*"], "ports": ["*:*"]},
+// 	],

-	"autoApprovers": {
-		"exitNode": ["tag:exit"],
-		"routes": {
-			"10.10.0.0/16": ["group:test"],
-			"10.11.0.0/16": ["test"],
-		}
-	}
-}`,
-			routes: []netip.Prefix{
-				tsaddr.AllIPv4(),
-				tsaddr.AllIPv6(),
-				netip.MustParsePrefix("10.10.0.0/16"),
-				netip.MustParsePrefix("10.11.0.0/24"),
-			},
-			want: []netip.Prefix{
-				tsaddr.AllIPv4(),
-				netip.MustParsePrefix("10.10.0.0/16"),
-				netip.MustParsePrefix("10.11.0.0/24"),
-				tsaddr.AllIPv6(),
-			},
-		},
-	}
+// 	"autoApprovers": {
+// 		"exitNode": ["tag:exit"],
+// 		"routes": {
+// 			"10.10.0.0/16": ["group:test"],
+// 			"10.11.0.0/16": ["test"],
+// 		}
+// 	}
+// }`,
+// 			routes: []netip.Prefix{
+// 				tsaddr.AllIPv4(),
+// 				tsaddr.AllIPv6(),
+// 				netip.MustParsePrefix("10.10.0.0/16"),
+// 				netip.MustParsePrefix("10.11.0.0/24"),
+// 			},
+// 			want: []netip.Prefix{
+// 				tsaddr.AllIPv4(),
+// 				netip.MustParsePrefix("10.10.0.0/16"),
+// 				netip.MustParsePrefix("10.11.0.0/24"),
+// 				tsaddr.AllIPv6(),
+// 			},
+// 		},
+// 	}

-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			adb, err := newSQLiteTestDB()
-			require.NoError(t, err)
-			pol, err := policy.LoadACLPolicyFromBytes([]byte(tt.acl))
+// 	for _, tt := range tests {
+// 		t.Run(tt.name, func(t *testing.T) {
+// 			adb, err := newSQLiteTestDB()
+// 			require.NoError(t, err)
+// 			pol, err := policy.LoadACLPolicyFromBytes([]byte(tt.acl))

-			require.NoError(t, err)
-			require.NotNil(t, pol)
+// 			require.NoError(t, err)
+// 			require.NotNil(t, pol)

-			user, err := adb.CreateUser(types.User{Name: "test"})
-			require.NoError(t, err)
+// 			user, err := adb.CreateUser(types.User{Name: "test"})
+// 			require.NoError(t, err)

-			pak, err := adb.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
-			require.NoError(t, err)
+// 			pak, err := adb.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
+// 			require.NoError(t, err)

-			nodeKey := key.NewNode()
-			machineKey := key.NewMachine()
+// 			nodeKey := key.NewNode()
+// 			machineKey := key.NewMachine()

-			v4 := netip.MustParseAddr("100.64.0.1")
-			node := types.Node{
-				ID:             0,
-				MachineKey:     machineKey.Public(),
-				NodeKey:        nodeKey.Public(),
-				Hostname:       "test",
-				UserID:         user.ID,
-				RegisterMethod: util.RegisterMethodAuthKey,
-				AuthKeyID:      ptr.To(pak.ID),
-				Hostinfo: &tailcfg.Hostinfo{
-					RequestTags: []string{"tag:exit"},
-					RoutableIPs: tt.routes,
-				},
-				IPv4: &v4,
-			}
+// 			v4 := netip.MustParseAddr("100.64.0.1")
+// 			node := types.Node{
+// 				ID:             0,
+// 				MachineKey:     machineKey.Public(),
+// 				NodeKey:        nodeKey.Public(),
+// 				Hostname:       "test",
+// 				UserID:         user.ID,
+// 				RegisterMethod: util.RegisterMethodAuthKey,
+// 				AuthKeyID:      ptr.To(pak.ID),
+// 				Hostinfo: &tailcfg.Hostinfo{
+// 					RequestTags: []string{"tag:exit"},
+// 					RoutableIPs: tt.routes,
+// 				},
+// 				IPv4: &v4,
+// 			}

-			trx := adb.DB.Save(&node)
-			require.NoError(t, trx.Error)
+// 			trx := adb.DB.Save(&node)
+// 			require.NoError(t, trx.Error)

-			sendUpdate, err := adb.SaveNodeRoutes(&node)
-			require.NoError(t, err)
-			assert.False(t, sendUpdate)
+// 			sendUpdate, err := adb.SaveNodeRoutes(&node)
+// 			require.NoError(t, err)
+// 			assert.False(t, sendUpdate)

-			node0ByID, err := adb.GetNodeByID(0)
-			require.NoError(t, err)
+// 			node0ByID, err := adb.GetNodeByID(0)
+// 			require.NoError(t, err)

-			users, err := adb.ListUsers()
-			assert.NoError(t, err)
+// 			users, err := adb.ListUsers()
+// 			assert.NoError(t, err)

-			nodes, err := adb.ListNodes()
-			assert.NoError(t, err)
+// 			nodes, err := adb.ListNodes()
+// 			assert.NoError(t, err)

-			pm, err := policy.NewPolicyManager([]byte(tt.acl), users, nodes)
-			assert.NoError(t, err)
+// 			pm, err := policy.NewPolicyManager([]byte(tt.acl), users, nodes)
+// 			assert.NoError(t, err)

-			// TODO(kradalby): Check state update
-			err = adb.EnableAutoApprovedRoutes(pm, node0ByID)
-			require.NoError(t, err)
+// 			// TODO(kradalby): Check state update
+// 			err = adb.EnableAutoApprovedRoutes(pm, node0ByID)
+// 			require.NoError(t, err)

-			enabledRoutes, err := adb.GetEnabledRoutes(node0ByID)
-			require.NoError(t, err)
-			assert.Len(t, enabledRoutes, len(tt.want))
+// 			enabledRoutes, err := adb.GetEnabledRoutes(node0ByID)
+// 			require.NoError(t, err)
+// 			assert.Len(t, enabledRoutes, len(tt.want))

-			tsaddr.SortPrefixes(enabledRoutes)
+// 			tsaddr.SortPrefixes(enabledRoutes)

-			if diff := cmp.Diff(tt.want, enabledRoutes, util.Comparers...); diff != "" {
-				t.Errorf("unexpected enabled routes (-want +got):\n%s", diff)
-			}
-		})
-	}
-}
+// 			if diff := cmp.Diff(tt.want, enabledRoutes, util.Comparers...); diff != "" {
+// 				t.Errorf("unexpected enabled routes (-want +got):\n%s", diff)
+// 			}
+// 		})
+// 	}
+// }

 func TestEphemeralGarbageCollectorOrder(t *testing.T) {
 	want := []types.NodeID{1, 3}
--- a/hscontrol/mapper/mapper_test.go
+++ b/hscontrol/mapper/mapper_test.go
@ -182,28 +182,15 @@ func Test_fullMapResponse(t *testing.T) {
 		AuthKey:    &types.PreAuthKey{},
 		LastSeen:   &lastSeen,
 		Expiry:     &expire,
-		Hostinfo:   &tailcfg.Hostinfo{},
-		Routes: []types.Route{
-			{
-				Prefix:     tsaddr.AllIPv4(),
-				Advertised: true,
-				Enabled:    true,
-				IsPrimary:  false,
-			},
-			{
-				Prefix:     netip.MustParsePrefix("192.168.0.0/24"),
-				Advertised: true,
-				Enabled:    true,
-				IsPrimary:  true,
-			},
-			{
-				Prefix:     netip.MustParsePrefix("172.0.0.0/10"),
-				Advertised: true,
-				Enabled:    false,
-				IsPrimary:  true,
+		Hostinfo: &tailcfg.Hostinfo{
+			RoutableIPs: []netip.Prefix{
+				tsaddr.AllIPv4(),
+				netip.MustParsePrefix("192.168.0.0/24"),
+				netip.MustParsePrefix("172.0.0.0/10"),
 			},
 		},
-		CreatedAt: created,
+		ApprovedRoutes: []netip.Prefix{tsaddr.AllIPv4(), netip.MustParsePrefix("192.168.0.0/24")},
+		CreatedAt:      created,
 	}

 	tailMini := &tailcfg.Node{
@ -263,7 +250,6 @@ func Test_fullMapResponse(t *testing.T) {
 		LastSeen:   &lastSeen,
 		Expiry:     &expire,
 		Hostinfo:   &tailcfg.Hostinfo{},
-		Routes:     []types.Route{},
 		CreatedAt:  created,
 	}

@ -319,7 +305,6 @@ func Test_fullMapResponse(t *testing.T) {
 		LastSeen:   &lastSeen,
 		Expiry:     &expire,
 		Hostinfo:   &tailcfg.Hostinfo{},
-		Routes:     []types.Route{},
 		CreatedAt:  created,
 	}

--- a/hscontrol/mapper/tail_test.go
+++ b/hscontrol/mapper/tail_test.go
@ -107,28 +107,15 @@ func TestTailNode(t *testing.T) {
 				AuthKey:    &types.PreAuthKey{},
 				LastSeen:   &lastSeen,
 				Expiry:     &expire,
-				Hostinfo:   &tailcfg.Hostinfo{},
-				Routes: []types.Route{
-					{
-						Prefix:     tsaddr.AllIPv4(),
-						Advertised: true,
-						Enabled:    true,
-						IsPrimary:  false,
-					},
-					{
-						Prefix:     netip.MustParsePrefix("192.168.0.0/24"),
-						Advertised: true,
-						Enabled:    true,
-						IsPrimary:  true,
-					},
-					{
-						Prefix:     netip.MustParsePrefix("172.0.0.0/10"),
-						Advertised: true,
-						Enabled:    false,
-						IsPrimary:  true,
+				Hostinfo: &tailcfg.Hostinfo{
+					RoutableIPs: []netip.Prefix{
+						tsaddr.AllIPv4(),
+						netip.MustParsePrefix("192.168.0.0/24"),
+						netip.MustParsePrefix("172.0.0.0/10"),
 					},
 				},
-				CreatedAt: created,
+				ApprovedRoutes: []netip.Prefix{tsaddr.AllIPv4(), netip.MustParsePrefix("192.168.0.0/24")},
+				CreatedAt:      created,
 			},
 			pol:        &policy.ACLPolicy{},
 			dnsConfig:  &tailcfg.DNSConfig{},
--- a/hscontrol/policy/acls_test.go
+++ b/hscontrol/policy/acls_test.go
@ -3475,14 +3475,10 @@ func Test_getFilteredByACLPeers(t *testing.T) {
 						IPv4:     iap("100.64.0.2"),
 						Hostname: "router",
 						User:     types.User{Name: "router"},
-						Routes: types.Routes{
-							types.Route{
-								NodeID:    2,
-								Prefix:    netip.MustParsePrefix("10.33.0.0/16"),
-								IsPrimary: true,
-								Enabled:   true,
-							},
+						Hostinfo: &tailcfg.Hostinfo{
+							RoutableIPs: []netip.Prefix{netip.MustParsePrefix("10.33.0.0/16")},
 						},
+						ApprovedRoutes: []netip.Prefix{netip.MustParsePrefix("10.33.0.0/16")},
 					},
 				},
 				rules: []tailcfg.FilterRule{
@ -3508,14 +3504,10 @@ func Test_getFilteredByACLPeers(t *testing.T) {
 					IPv4:     iap("100.64.0.2"),
 					Hostname: "router",
 					User:     types.User{Name: "router"},
-					Routes: types.Routes{
-						types.Route{
-							NodeID:    2,
-							Prefix:    netip.MustParsePrefix("10.33.0.0/16"),
-							IsPrimary: true,
-							Enabled:   true,
-						},
+					Hostinfo: &tailcfg.Hostinfo{
+						RoutableIPs: []netip.Prefix{netip.MustParsePrefix("10.33.0.0/16")},
 					},
+					ApprovedRoutes: []netip.Prefix{netip.MustParsePrefix("10.33.0.0/16")},
 				},
 			},
 		},
--- a/hscontrol/types/routes.go
+++ b/hscontrol/types/routes.go
@ -26,3 +26,6 @@ type Route struct {
 	// when the server is up.
 	IsPrimary bool
 }
+
+// DEPRECATED: Approval of routes is denormalised onto the relevant node.
+type Routes []Route