[PR #2789] [MERGED] feat: add autogroup:self #2862

New Issue

adam · 2025-12-29T04:19:24+01:00

adam commented

2025-12-29 04:19:24 +01:00

📋 Pull Request Information

Original PR: https://github.com/juanfont/headscale/pull/2789
Author: @vdovhanych
Created: 9/30/2025
Status: ✅ Merged
Merged: 10/16/2025
Merged by: @kradalby

Base: main ← Head: group-self

📝 Commits (3)

de179be feat: add autogroup:self
df90368 chore: update docs for acl autogroups
a49a882 chore: add test for invalidateAutogroupSelfCache function

📊 Changes

15 files changed (+1448 additions, -26 deletions)

View changed files

📝 .github/workflows/test-integration.yaml (+2 -0)
📝 CHANGELOG.md (+3 -0)
📝 docs/about/features.md (+1 -1)
📝 docs/ref/acls.md (+87 -7)
📝 hscontrol/mapper/builder.go (+13 -2)
📝 hscontrol/policy/pm.go (+2 -0)
📝 hscontrol/policy/v2/filter.go (+209 -4)
📝 hscontrol/policy/v2/filter_test.go (+549 -0)
📝 hscontrol/policy/v2/policy.go (+173 -5)
📝 hscontrol/policy/v2/policy_test.go (+138 -0)
📝 hscontrol/policy/v2/types.go (+54 -6)
📝 hscontrol/policy/v2/types_test.go (+33 -1)
📝 hscontrol/state/state.go (+5 -0)
📝 integration/acl_test.go (+97 -0)
📝 integration/ssh_test.go (+82 -0)

📄 Description

have read the CONTRIBUTING.md file
raised a GitHub issue or discussed it on the projects chat beforehand
added unit tests
added integration tests
updated documentation if needed
updated CHANGELOG.md

This adds the autogroup:self feature and should close #2618

While the feature should now work, I still feel it needs a bit more work to be "production" ready. I am concerned about the headscale's performance when this autogroup is used in the ACL.

Update1:
I added and updated the documentation for the ACL rules, listing supported autogroups and providing some examples of usage.

Update2:
I was trying out the build on some test environments when I realized that SSH would not work with the autogroup:self and that it also needed special handling for filtering the nodes. I tried to address it with ddf4cc6a8d

Update3:
changed some stuff again for the SSH rules to work with autogroup:self (this was done after I tried to evaluate adding the feature with the AI agent, this was a suggestion, but it would not work without it) 80fba7a758

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/juanfont/headscale/pull/2789 **Author:** [@vdovhanych](https://github.com/vdovhanych) **Created:** 9/30/2025 **Status:** ✅ Merged **Merged:** 10/16/2025 **Merged by:** [@kradalby](https://github.com/kradalby) **Base:** `main` ← **Head:** `group-self` --- ### 📝 Commits (3) - [`de179be`](https://github.com/juanfont/headscale/commit/de179beea61e40d682705d249fcfd410ac833ae6) feat: add autogroup:self - [`df90368`](https://github.com/juanfont/headscale/commit/df903688bd1d2eeadc41638c668b2ee2c7cb5089) chore: update docs for acl autogroups - [`a49a882`](https://github.com/juanfont/headscale/commit/a49a88210e81f2f2ab00c5140ae529ebcf000c15) chore: add test for invalidateAutogroupSelfCache function ### 📊 Changes **15 files changed** (+1448 additions, -26 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/test-integration.yaml` (+2 -0) 📝 `CHANGELOG.md` (+3 -0) 📝 `docs/about/features.md` (+1 -1) 📝 `docs/ref/acls.md` (+87 -7) 📝 `hscontrol/mapper/builder.go` (+13 -2) 📝 `hscontrol/policy/pm.go` (+2 -0) 📝 `hscontrol/policy/v2/filter.go` (+209 -4) 📝 `hscontrol/policy/v2/filter_test.go` (+549 -0) 📝 `hscontrol/policy/v2/policy.go` (+173 -5) 📝 `hscontrol/policy/v2/policy_test.go` (+138 -0) 📝 `hscontrol/policy/v2/types.go` (+54 -6) 📝 `hscontrol/policy/v2/types_test.go` (+33 -1) 📝 `hscontrol/state/state.go` (+5 -0) 📝 `integration/acl_test.go` (+97 -0) 📝 `integration/ssh_test.go` (+82 -0) </details> ### 📄 Description   - [x] have read the [CONTRIBUTING.md](./CONTRIBUTING.md) file - [x] raised a GitHub issue or discussed it on the projects chat beforehand - [x] added unit tests - [x] added integration tests - [x] updated documentation if needed - [x] updated CHANGELOG.md  This adds the autogroup:self feature and should close #2618 While the feature should now work, I still feel it needs a bit more work to be "production" ready. I am concerned about the headscale's performance when this autogroup is used in the ACL. Update1: I added and updated the documentation for the ACL rules, listing supported autogroups and providing some examples of usage. Update2: I was trying out the build on some test environments when I realized that SSH would not work with the `autogroup:self` and that it also needed special handling for filtering the nodes. I tried to address it with https://github.com/juanfont/headscale/pull/2789/commits/ddf4cc6a8d1a76ac3bb2d804578e1eff74a93e7e Update3: changed some stuff again for the SSH rules to work with autogroup:self (this was done after I tried to evaluate adding the feature with the AI agent, this was a suggestion, but it would not work without it) https://github.com/juanfont/headscale/pull/2789/commits/80fba7a758c1b5dc27773e5565164c0b24be46ca --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

adam added the pull-request label 2025-12-29 04:19:24 +01:00

adam closed this issue

2025-12-29 04:19:24 +01:00

adam referenced this issue

2025-12-29 04:19:37 +01:00

[PR #2875] [MERGED] {state,db}: preserve node expiry on MapRequest updates #2910

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#2862