all: use immutable node view in read path

This commit changes most of our (*)types.Node to types.NodeView, which is a readonly version of the underlying node ensuring that there is no mutations happening in the read path. Based on the migration, there didnt seem to be any, but the idea here is to prevent it in the future and simplify other new implementations. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-08-12 03:37:39 +00:00 · 2025-07-05 23:31:13 +02:00
parent 5ba7120418
commit 73023c2ec3
24 changed files with 866 additions and 196 deletions
--- a/hscontrol/policy/pm.go
+++ b/hscontrol/policy/pm.go
@@ -8,27 +8,28 @@ import (
 	policyv2 "github.com/juanfont/headscale/hscontrol/policy/v2"
 	"github.com/juanfont/headscale/hscontrol/types"
 	"tailscale.com/tailcfg"
+	"tailscale.com/types/views"
 )

 type PolicyManager interface {
 	// Filter returns the current filter rules for the entire tailnet and the associated matchers.
 	Filter() ([]tailcfg.FilterRule, []matcher.Match)
-	SSHPolicy(*types.Node) (*tailcfg.SSHPolicy, error)
+	SSHPolicy(types.NodeView) (*tailcfg.SSHPolicy, error)
 	SetPolicy([]byte) (bool, error)
 	SetUsers(users []types.User) (bool, error)
-	SetNodes(nodes types.Nodes) (bool, error)
+	SetNodes(nodes views.Slice[types.NodeView]) (bool, error)
 	// NodeCanHaveTag reports whether the given node can have the given tag.
-	NodeCanHaveTag(*types.Node, string) bool
+	NodeCanHaveTag(types.NodeView, string) bool

 	// NodeCanApproveRoute reports whether the given node can approve the given route.
-	NodeCanApproveRoute(*types.Node, netip.Prefix) bool
+	NodeCanApproveRoute(types.NodeView, netip.Prefix) bool

 	Version() int
 	DebugString() string
 }

 // NewPolicyManager returns a new policy manager.
-func NewPolicyManager(pol []byte, users []types.User, nodes types.Nodes) (PolicyManager, error) {
+func NewPolicyManager(pol []byte, users []types.User, nodes views.Slice[types.NodeView]) (PolicyManager, error) {
 	var polMan PolicyManager
 	var err error
 	polMan, err = policyv2.NewPolicyManager(pol, users, nodes)
@@ -42,7 +43,7 @@ func NewPolicyManager(pol []byte, users []types.User, nodes types.Nodes) (Policy
 // PolicyManagersForTest returns all available PostureManagers to be used
 // in tests to validate them in tests that try to determine that they
 // behave the same.
-func PolicyManagersForTest(pol []byte, users []types.User, nodes types.Nodes) ([]PolicyManager, error) {
+func PolicyManagersForTest(pol []byte, users []types.User, nodes views.Slice[types.NodeView]) ([]PolicyManager, error) {
 	var polMans []PolicyManager

 	for _, pmf := range PolicyManagerFuncsForTest(pol) {
@@ -56,10 +57,10 @@ func PolicyManagersForTest(pol []byte, users []types.User, nodes types.Nodes) ([
 	return polMans, nil
 }

-func PolicyManagerFuncsForTest(pol []byte) []func([]types.User, types.Nodes) (PolicyManager, error) {
-	var polmanFuncs []func([]types.User, types.Nodes) (PolicyManager, error)
+func PolicyManagerFuncsForTest(pol []byte) []func([]types.User, views.Slice[types.NodeView]) (PolicyManager, error) {
+	var polmanFuncs []func([]types.User, views.Slice[types.NodeView]) (PolicyManager, error)

-	polmanFuncs = append(polmanFuncs, func(u []types.User, n types.Nodes) (PolicyManager, error) {
+	polmanFuncs = append(polmanFuncs, func(u []types.User, n views.Slice[types.NodeView]) (PolicyManager, error) {
 		return policyv2.NewPolicyManager(pol, u, n)
 	})