juanfont/headscale
1
1
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2024-09-20 07:16:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

make acl_policy_path fatal if policy.path is not set (#2041)

Browse source
This commit is contained in:
Kristoffer Dalby 2024-08-19 13:03:01 +02:00 committed by GitHub
parent f99497340b
commit 84cb5d0aed
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 42 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config-example.yaml
View file

@ -241,8 +241,8 @@ policy:
# - https://tailscale.com/kb/1081/magicdns/ # - https://tailscale.com/kb/1081/magicdns/
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/ # - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
# #
# Please not that for the DNS configuration to have any effect, # Please note that for the DNS configuration to have any effect,
# clients must have the `--accept-ds=true` option enabled. This is the # clients must have the `--accept-dns=true` option enabled. This is the
# default for the Tailscale client. This option is enabled by default # default for the Tailscale client. This option is enabled by default
# in the Tailscale client. # in the Tailscale client.
# #

2
hscontrol/types/config.go
View file

@ -303,7 +303,7 @@ func LoadConfig(path string, isFile bool) error {
// https://github.com/spf13/viper/issues/560 // https://github.com/spf13/viper/issues/560
// Alias the old ACL Policy path with the new configuration option. // Alias the old ACL Policy path with the new configuration option.
depr.warnWithAlias("policy.path", "acl_policy_path") depr.fatalIfNewKeyIsNotUsed("policy.path", "acl_policy_path")
// Move dns_config -> dns // Move dns_config -> dns
depr.warn("dns_config.override_local_dns") depr.warn("dns_config.override_local_dns")

19
hscontrol/types/config_test.go
View file

@ -161,6 +161,25 @@ func TestReadConfig(t *testing.T) {
}, },
wantErr: "", wantErr: "",
}, },
{
name: "policy-path-is-loaded",
configPath: "testdata/policy-path-is-loaded.yaml",
setup: func(t *testing.T) (any, error) {
cfg, err := GetHeadscaleConfig()
if err != nil {
return nil, err
}
return map[string]string{
"policy.mode": string(cfg.Policy.Mode),
"policy.path": cfg.Policy.Path,
}, err
},
want: map[string]string{
"policy.mode": "file",
"policy.path": "/etc/policy.hujson",
},
},
} }
for _, tt := range tests { for _, tt := range tests {

18
hscontrol/types/testdata/policy-path-is-loaded.yaml vendored Normal file
View file

@ -0,0 +1,18 @@
noise:
private_key_path: "private_key.pem"
prefixes:
v6: fd7a:115c:a1e0::/48
v4: 100.64.0.0/10
database:
type: sqlite3
server_url: "https://derp.no"
acl_policy_path: "/etc/acl_policy.yaml"
policy:
type: file
path: "/etc/policy.hujson"
dns.magic_dns: false

2
integration/hsic/config.go
View file

@ -13,7 +13,7 @@ noise:
func DefaultConfigEnv() map[string]string { func DefaultConfigEnv() map[string]string {
return map[string]string{ return map[string]string{
"HEADSCALE_LOG_LEVEL": "trace", "HEADSCALE_LOG_LEVEL": "trace",
"HEADSCALE_ACL_POLICY_PATH": "", "HEADSCALE_POLICY_PATH": "",
"HEADSCALE_DATABASE_TYPE": "sqlite", "HEADSCALE_DATABASE_TYPE": "sqlite",
"HEADSCALE_DATABASE_SQLITE_PATH": "/tmp/integration_test_db.sqlite3", "HEADSCALE_DATABASE_SQLITE_PATH": "/tmp/integration_test_db.sqlite3",
"HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT": "30m", "HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT": "30m",

2
integration/hsic/hsic.go
View file

@ -82,7 +82,7 @@ type Option = func(c *HeadscaleInContainer)
func WithACLPolicy(acl *policy.ACLPolicy) Option { func WithACLPolicy(acl *policy.ACLPolicy) Option {
return func(hsic *HeadscaleInContainer) { return func(hsic *HeadscaleInContainer) {
// TODO(kradalby): Move somewhere appropriate // TODO(kradalby): Move somewhere appropriate
hsic.env["HEADSCALE_ACL_POLICY_PATH"] = aclPolicyPath hsic.env["HEADSCALE_POLICY_PATH"] = aclPolicyPath
hsic.aclPolicy = acl hsic.aclPolicy = acl
} }