TheArchive/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-08-11 17:27:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make matchers part of the Policy interface (#2514)

Browse Source 
* Make matchers part of the Policy interface

* Prevent race condition between rules and matchers

* Test also matchers in tests for Policy.Filter

* Compute `filterChanged` in v2 policy correctly

* Fix nil vs. empty list issue in v2 policy test

* policy/v2: always clear ssh map

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Co-authored-by: Aras Ergus <aras.ergus@tngtech.com>
Co-authored-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
aergus-tng
2025-05-01 07:06:30 +02:00
committed by GitHub
parent eb1ecefd9e
commit 4651d06fa8
12 changed files with 89 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hscontrol/policy/policy.go
View File

@@ -1,6 +1,7 @@
package policy
import (
"github.com/juanfont/headscale/hscontrol/policy/matcher"
"net/netip"
"slices"
@@ -15,7 +16,7 @@ import (
func FilterNodesByACL(
node *types.Node,
nodes types.Nodes,
filter []tailcfg.FilterRule,
matchers []matcher.Match,
) types.Nodes {
var result types.Nodes
@@ -24,7 +25,7 @@ func FilterNodesByACL(
continue
}
if node.CanAccess(filter, nodes[index]) || peer.CanAccess(filter, node) {
if node.CanAccess(matchers, nodes[index]) || peer.CanAccess(matchers, node) {
result = append(result, peer)
}
}