policy: more accurate node change

This commit changes so that node changes to the policy is calculated if any of the nodes has changed in a way that might affect the policy. Previously we just checked if the number of nodes had changed, which meant that if a node was added and removed, we would be in a bad state. Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>
2026-04-20 15:51:40 +02:00 · 2025-12-15 14:33:36 +00:00
parent daf9f36c78
commit 506bd8c8eb
4 changed files with 258 additions and 8 deletions
--- a/hscontrol/types/node.go
+++ b/hscontrol/types/node.go
@@ -973,6 +973,23 @@ func (nv NodeView) HasNetworkChanges(other NodeView) bool {
 	return false
 }

+// HasPolicyChange reports whether the node has changes that affect policy evaluation.
+func (nv NodeView) HasPolicyChange(other NodeView) bool {
+	if nv.UserID() != other.UserID() {
+		return true
+	}
+
+	if !views.SliceEqual(nv.Tags(), other.Tags()) {
+		return true
+	}
+
+	if !slices.Equal(nv.IPs(), other.IPs()) {
+		return true
+	}
+
+	return false
+}
+
 // TailNodes converts a slice of NodeViews into Tailscale tailcfg.Nodes.
 func TailNodes(
 	nodes views.Slice[NodeView],