Fix typos (#1860)
* Fix typos * trigger GitHub actions * remove kdiff3 orig files * fix unicode * remove unnecessary function call * remove unnecessary comment * remove unnecessary comment --------- Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
This commit is contained in:
parent
2dc62e981e
commit
8185a70dc7
19 changed files with 43 additions and 43 deletions
14
CHANGELOG.md
14
CHANGELOG.md
|
@ -26,7 +26,7 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
- Code reorganisation, a lot of code has moved, please review the following PRs accordingly [#1473](https://github.com/juanfont/headscale/pull/1473)
|
- Code reorganisation, a lot of code has moved, please review the following PRs accordingly [#1473](https://github.com/juanfont/headscale/pull/1473)
|
||||||
- Change the structure of database configuration, see [config-example.yaml](./config-example.yaml) for the new structure. [#1700](https://github.com/juanfont/headscale/pull/1700)
|
- Change the structure of database configuration, see [config-example.yaml](./config-example.yaml) for the new structure. [#1700](https://github.com/juanfont/headscale/pull/1700)
|
||||||
- Old structure has been remove and the configuration _must_ be converted.
|
- Old structure has been remove and the configuration _must_ be converted.
|
||||||
- Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
|
- Adds additional configuration for PostgreSQL for setting max open, idle connection and idle connection lifetime.
|
||||||
- API: Machine is now Node [#1553](https://github.com/juanfont/headscale/pull/1553)
|
- API: Machine is now Node [#1553](https://github.com/juanfont/headscale/pull/1553)
|
||||||
- Remove support for older Tailscale clients [#1611](https://github.com/juanfont/headscale/pull/1611)
|
- Remove support for older Tailscale clients [#1611](https://github.com/juanfont/headscale/pull/1611)
|
||||||
- The latest supported client is 1.38
|
- The latest supported client is 1.38
|
||||||
|
@ -70,7 +70,7 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
### Changes
|
### Changes
|
||||||
|
|
||||||
- Add environment flags to enable pprof (profiling) [#1382](https://github.com/juanfont/headscale/pull/1382)
|
- Add environment flags to enable pprof (profiling) [#1382](https://github.com/juanfont/headscale/pull/1382)
|
||||||
- Profiles are continously generated in our integration tests.
|
- Profiles are continuously generated in our integration tests.
|
||||||
- Fix systemd service file location in `.deb` packages [#1391](https://github.com/juanfont/headscale/pull/1391)
|
- Fix systemd service file location in `.deb` packages [#1391](https://github.com/juanfont/headscale/pull/1391)
|
||||||
- Improvements on Noise implementation [#1379](https://github.com/juanfont/headscale/pull/1379)
|
- Improvements on Noise implementation [#1379](https://github.com/juanfont/headscale/pull/1379)
|
||||||
- Replace node filter logic, ensuring nodes with access can see eachother [#1381](https://github.com/juanfont/headscale/pull/1381)
|
- Replace node filter logic, ensuring nodes with access can see eachother [#1381](https://github.com/juanfont/headscale/pull/1381)
|
||||||
|
@ -161,7 +161,7 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
- SSH ACLs status:
|
- SSH ACLs status:
|
||||||
- Support `accept` and `check` (SSH can be enabled and used for connecting and authentication)
|
- Support `accept` and `check` (SSH can be enabled and used for connecting and authentication)
|
||||||
- Rejecting connections **are not supported**, meaning that if you enable SSH, then assume that _all_ `ssh` connections **will be allowed**.
|
- Rejecting connections **are not supported**, meaning that if you enable SSH, then assume that _all_ `ssh` connections **will be allowed**.
|
||||||
- If you decied to try this feature, please carefully managed permissions by blocking port `22` with regular ACLs or do _not_ set `--ssh` on your clients.
|
- If you decided to try this feature, please carefully managed permissions by blocking port `22` with regular ACLs or do _not_ set `--ssh` on your clients.
|
||||||
- We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
|
- We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
|
||||||
- This feature should be considered dangerous and it is disabled by default. Enable by setting `HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1`.
|
- This feature should be considered dangerous and it is disabled by default. Enable by setting `HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1`.
|
||||||
|
|
||||||
|
@ -211,7 +211,7 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
### Changes
|
### Changes
|
||||||
|
|
||||||
- Updated dependencies (including the library that lacked armhf support) [#722](https://github.com/juanfont/headscale/pull/722)
|
- Updated dependencies (including the library that lacked armhf support) [#722](https://github.com/juanfont/headscale/pull/722)
|
||||||
- Fix missing group expansion in function `excludeCorretlyTaggedNodes` [#563](https://github.com/juanfont/headscale/issues/563)
|
- Fix missing group expansion in function `excludeCorrectlyTaggedNodes` [#563](https://github.com/juanfont/headscale/issues/563)
|
||||||
- Improve registration protocol implementation and switch to NodeKey as main identifier [#725](https://github.com/juanfont/headscale/pull/725)
|
- Improve registration protocol implementation and switch to NodeKey as main identifier [#725](https://github.com/juanfont/headscale/pull/725)
|
||||||
- Add ability to connect to PostgreSQL via unix socket [#734](https://github.com/juanfont/headscale/pull/734)
|
- Add ability to connect to PostgreSQL via unix socket [#734](https://github.com/juanfont/headscale/pull/734)
|
||||||
|
|
||||||
|
@ -231,7 +231,7 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
- Fix send on closed channel crash in polling [#542](https://github.com/juanfont/headscale/pull/542)
|
- Fix send on closed channel crash in polling [#542](https://github.com/juanfont/headscale/pull/542)
|
||||||
- Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes [#566](https://github.com/juanfont/headscale/pull/566)
|
- Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes [#566](https://github.com/juanfont/headscale/pull/566)
|
||||||
- Add command for moving nodes between namespaces [#362](https://github.com/juanfont/headscale/issues/362)
|
- Add command for moving nodes between namespaces [#362](https://github.com/juanfont/headscale/issues/362)
|
||||||
- Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
|
- Added more configuration parameters for OpenID Connect (scopes, free-form parameters, domain and user allowlist)
|
||||||
- Add command to set tags on a node [#525](https://github.com/juanfont/headscale/issues/525)
|
- Add command to set tags on a node [#525](https://github.com/juanfont/headscale/issues/525)
|
||||||
- Add command to view tags of nodes [#356](https://github.com/juanfont/headscale/issues/356)
|
- Add command to view tags of nodes [#356](https://github.com/juanfont/headscale/issues/356)
|
||||||
- Add --all (-a) flag to enable routes command [#360](https://github.com/juanfont/headscale/issues/360)
|
- Add --all (-a) flag to enable routes command [#360](https://github.com/juanfont/headscale/issues/360)
|
||||||
|
@ -279,10 +279,10 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
|
|
||||||
- Fix a bug were the same IP could be assigned to multiple hosts if joined in quick succession [#346](https://github.com/juanfont/headscale/pull/346)
|
- Fix a bug were the same IP could be assigned to multiple hosts if joined in quick succession [#346](https://github.com/juanfont/headscale/pull/346)
|
||||||
- Simplify the code behind registration of machines [#366](https://github.com/juanfont/headscale/pull/366)
|
- Simplify the code behind registration of machines [#366](https://github.com/juanfont/headscale/pull/366)
|
||||||
- Nodes are now only written to database if they are registrated successfully
|
- Nodes are now only written to database if they are registered successfully
|
||||||
- Fix a limitation in the ACLs that prevented users to write rules with `*` as source [#374](https://github.com/juanfont/headscale/issues/374)
|
- Fix a limitation in the ACLs that prevented users to write rules with `*` as source [#374](https://github.com/juanfont/headscale/issues/374)
|
||||||
- Reduce the overhead of marshal/unmarshal for Hostinfo, routes and endpoints by using specific types in Machine [#371](https://github.com/juanfont/headscale/pull/371)
|
- Reduce the overhead of marshal/unmarshal for Hostinfo, routes and endpoints by using specific types in Machine [#371](https://github.com/juanfont/headscale/pull/371)
|
||||||
- Apply normalization function to FQDN on hostnames when hosts registers and retrieve informations [#363](https://github.com/juanfont/headscale/issues/363)
|
- Apply normalization function to FQDN on hostnames when hosts registers and retrieve information [#363](https://github.com/juanfont/headscale/issues/363)
|
||||||
- Fix a bug that prevented the use of `tailscale logout` with OIDC [#508](https://github.com/juanfont/headscale/issues/508)
|
- Fix a bug that prevented the use of `tailscale logout` with OIDC [#508](https://github.com/juanfont/headscale/issues/508)
|
||||||
- Added Tailscale repo HEAD and unstable releases channel to the integration tests targets [#513](https://github.com/juanfont/headscale/pull/513)
|
- Added Tailscale repo HEAD and unstable releases channel to the integration tests targets [#513](https://github.com/juanfont/headscale/pull/513)
|
||||||
|
|
||||||
|
|
|
@ -99,7 +99,7 @@ Please read the [CONTRIBUTING.md](./CONTRIBUTING.md) file.
|
||||||
|
|
||||||
### Requirements
|
### Requirements
|
||||||
|
|
||||||
To contribute to headscale you would need the lastest version of [Go](https://golang.org)
|
To contribute to headscale you would need the latest version of [Go](https://golang.org)
|
||||||
and [Buf](https://buf.build)(Protobuf generator).
|
and [Buf](https://buf.build)(Protobuf generator).
|
||||||
|
|
||||||
We recommend using [Nix](https://nixos.org/) to setup a development environment. This can
|
We recommend using [Nix](https://nixos.org/) to setup a development environment. This can
|
||||||
|
|
|
@ -105,7 +105,7 @@ derp:
|
||||||
automatically_add_embedded_derp_region: true
|
automatically_add_embedded_derp_region: true
|
||||||
|
|
||||||
# For better connection stability (especially when using an Exit-Node and DNS is not working),
|
# For better connection stability (especially when using an Exit-Node and DNS is not working),
|
||||||
# it is possible to optionall add the public IPv4 and IPv6 address to the Derp-Map using:
|
# it is possible to optionally add the public IPv4 and IPv6 address to the Derp-Map using:
|
||||||
ipv4: 1.2.3.4
|
ipv4: 1.2.3.4
|
||||||
ipv6: 2001:db8::1
|
ipv6: 2001:db8::1
|
||||||
|
|
||||||
|
@ -199,7 +199,7 @@ log:
|
||||||
format: text
|
format: text
|
||||||
level: info
|
level: info
|
||||||
|
|
||||||
# Path to a file containg ACL policies.
|
# Path to a file containing ACL policies.
|
||||||
# ACLs can be defined as YAML or HUJSON.
|
# ACLs can be defined as YAML or HUJSON.
|
||||||
# https://tailscale.com/kb/1018/acls/
|
# https://tailscale.com/kb/1018/acls/
|
||||||
acl_policy_path: ""
|
acl_policy_path: ""
|
||||||
|
|
|
@ -14,7 +14,7 @@ If the node is already registered, it can advertise exit capabilities like this:
|
||||||
$ sudo tailscale set --advertise-exit-node
|
$ sudo tailscale set --advertise-exit-node
|
||||||
```
|
```
|
||||||
|
|
||||||
To use a node as an exit node, IP forwarding must be enabled on the node. Check the official [Tailscale documentation](https://tailscale.com/kb/1019/subnets/?tab=linux#enable-ip-forwarding) for how to enable IP fowarding.
|
To use a node as an exit node, IP forwarding must be enabled on the node. Check the official [Tailscale documentation](https://tailscale.com/kb/1019/subnets/?tab=linux#enable-ip-forwarding) for how to enable IP forwarding.
|
||||||
|
|
||||||
## On the control server
|
## On the control server
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,7 @@ We don't know. We might be working on it. If you want to help, please send us a
|
||||||
Please be aware that there are a number of reasons why we might not accept specific contributions:
|
Please be aware that there are a number of reasons why we might not accept specific contributions:
|
||||||
|
|
||||||
- It is not possible to implement the feature in a way that makes sense in a self-hosted environment.
|
- It is not possible to implement the feature in a way that makes sense in a self-hosted environment.
|
||||||
- Given that we are reverse-engineering Tailscale to satify our own curiosity, we might be interested in implementing the feature ourselves.
|
- Given that we are reverse-engineering Tailscale to satisfy our own curiosity, we might be interested in implementing the feature ourselves.
|
||||||
- You are not sending unit and integration tests with it.
|
- You are not sending unit and integration tests with it.
|
||||||
|
|
||||||
## Do you support Y method of deploying Headscale?
|
## Do you support Y method of deploying Headscale?
|
||||||
|
|
|
@ -58,12 +58,12 @@ A solution could be to consider a headscale server (in it's entirety) as a
|
||||||
tailnet.
|
tailnet.
|
||||||
|
|
||||||
For personal users the default behavior could either allow all communications
|
For personal users the default behavior could either allow all communications
|
||||||
between all namespaces (like tailscale) or dissallow all communications between
|
between all namespaces (like tailscale) or disallow all communications between
|
||||||
namespaces (current behavior).
|
namespaces (current behavior).
|
||||||
|
|
||||||
For businesses and organisations, viewing a headscale instance a single tailnet
|
For businesses and organisations, viewing a headscale instance a single tailnet
|
||||||
would allow users (namespace) to talk to each other with the ACLs. As described
|
would allow users (namespace) to talk to each other with the ACLs. As described
|
||||||
in tailscale's documentation [[1]], a server should be tagged and personnal
|
in tailscale's documentation [[1]], a server should be tagged and personal
|
||||||
devices should be tied to a user. Translated in headscale's terms each user can
|
devices should be tied to a user. Translated in headscale's terms each user can
|
||||||
have multiple devices and all those devices should be in the same namespace.
|
have multiple devices and all those devices should be in the same namespace.
|
||||||
The servers should be tagged and used as such.
|
The servers should be tagged and used as such.
|
||||||
|
@ -88,7 +88,7 @@ the ability to rules in either format (HuJSON or YAML).
|
||||||
Let's build an example use case for a small business (It may be the place where
|
Let's build an example use case for a small business (It may be the place where
|
||||||
ACL's are the most useful).
|
ACL's are the most useful).
|
||||||
|
|
||||||
We have a small company with a boss, an admin, two developper and an intern.
|
We have a small company with a boss, an admin, two developer and an intern.
|
||||||
|
|
||||||
The boss should have access to all servers but not to the users hosts. Admin
|
The boss should have access to all servers but not to the users hosts. Admin
|
||||||
should also have access to all hosts except that their permissions should be
|
should also have access to all hosts except that their permissions should be
|
||||||
|
@ -173,7 +173,7 @@ need to add the following ACLs
|
||||||
"ports": ["prod:*", "dev:*", "internal:*"]
|
"ports": ["prod:*", "dev:*", "internal:*"]
|
||||||
},
|
},
|
||||||
|
|
||||||
// admin have access to adminstration port (lets only consider port 22 here)
|
// admin have access to administration port (lets only consider port 22 here)
|
||||||
{
|
{
|
||||||
"action": "accept",
|
"action": "accept",
|
||||||
"users": ["group:admin"],
|
"users": ["group:admin"],
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
# Controlling `headscale` with remote CLI
|
# Controlling `headscale` with remote CLI
|
||||||
|
|
||||||
## Prerequisit
|
## Prerequisite
|
||||||
|
|
||||||
- A workstation to run `headscale` (could be Linux, macOS, other supported platforms)
|
- A workstation to run `headscale` (could be Linux, macOS, other supported platforms)
|
||||||
- A `headscale` server (version `0.13.0` or newer)
|
- A `headscale` server (version `0.13.0` or newer)
|
||||||
- Access to create API keys (local access to the `headscale` server)
|
- Access to create API keys (local access to the `headscale` server)
|
||||||
- `headscale` _must_ be served over TLS/HTTPS
|
- `headscale` _must_ be served over TLS/HTTPS
|
||||||
- Remote access does _not_ support unencrypted traffic.
|
- Remote access does _not_ support unencrypted traffic.
|
||||||
- Port `50443` must be open in the firewall (or port overriden by `grpc_listen_addr` option)
|
- Port `50443` must be open in the firewall (or port overridden by `grpc_listen_addr` option)
|
||||||
|
|
||||||
## Goal
|
## Goal
|
||||||
|
|
||||||
|
@ -97,4 +97,4 @@ Checklist:
|
||||||
- Make sure you use version `0.13.0` or newer.
|
- Make sure you use version `0.13.0` or newer.
|
||||||
- Verify that your TLS certificate is valid and trusted
|
- Verify that your TLS certificate is valid and trusted
|
||||||
- If you do not have access to a trusted certificate (e.g. from Let's Encrypt), add your self signed certificate to the trust store of your OS or
|
- If you do not have access to a trusted certificate (e.g. from Let's Encrypt), add your self signed certificate to the trust store of your OS or
|
||||||
- Set `HEADSCALE_CLI_INSECURE` to 0 in your environement
|
- Set `HEADSCALE_CLI_INSECURE` to 0 in your environment
|
||||||
|
|
|
@ -115,7 +115,7 @@ The following Caddyfile is all that is necessary to use Caddy as a reverse proxy
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Caddy v2 will [automatically](https://caddyserver.com/docs/automatic-https) provision a certficate for your domain/subdomain, force HTTPS, and proxy websockets - no further configuration is necessary.
|
Caddy v2 will [automatically](https://caddyserver.com/docs/automatic-https) provision a certificate for your domain/subdomain, force HTTPS, and proxy websockets - no further configuration is necessary.
|
||||||
|
|
||||||
For a slightly more complex configuration which utilizes Docker containers to manage Caddy, Headscale, and Headscale-UI, [Guru Computing's guide](https://blog.gurucomputing.com.au/smart-vpns-with-headscale/) is an excellent reference.
|
For a slightly more complex configuration which utilizes Docker containers to manage Caddy, Headscale, and Headscale-UI, [Guru Computing's guide](https://blog.gurucomputing.com.au/smart-vpns-with-headscale/) is an excellent reference.
|
||||||
|
|
||||||
|
|
|
@ -30,7 +30,7 @@ describing how to make `headscale` run properly in a server environment.
|
||||||
cd headscale
|
cd headscale
|
||||||
|
|
||||||
# optionally checkout a release
|
# optionally checkout a release
|
||||||
# option a. you can find offical relase at https://github.com/juanfont/headscale/releases/latest
|
# option a. you can find official release at https://github.com/juanfont/headscale/releases/latest
|
||||||
# option b. get latest tag, this may be a beta release
|
# option b. get latest tag, this may be a beta release
|
||||||
latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
|
latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||||
|
|
||||||
|
@ -57,7 +57,7 @@ describing how to make `headscale` run properly in a server environment.
|
||||||
cd headscale
|
cd headscale
|
||||||
|
|
||||||
# optionally checkout a release
|
# optionally checkout a release
|
||||||
# option a. you can find offical relase at https://github.com/juanfont/headscale/releases/latest
|
# option a. you can find official release at https://github.com/juanfont/headscale/releases/latest
|
||||||
# option b. get latest tag, this may be a beta release
|
# option b. get latest tag, this may be a beta release
|
||||||
latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
|
latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||||
|
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
checkFlags = ["-short"];
|
checkFlags = ["-short"];
|
||||||
|
|
||||||
# When updating go.mod or go.sum, a new sha will need to be calculated,
|
# When updating go.mod or go.sum, a new sha will need to be calculated,
|
||||||
# update this if you have a mismatch after doing a change to thos files.
|
# update this if you have a mismatch after doing a change to those files.
|
||||||
vendorHash = "sha256-wXfKeiJaGe6ahOsONrQhvbuMN8flQ13b0ZjxdbFs1e8=";
|
vendorHash = "sha256-wXfKeiJaGe6ahOsONrQhvbuMN8flQ13b0ZjxdbFs1e8=";
|
||||||
|
|
||||||
subPackages = ["cmd/headscale"];
|
subPackages = ["cmd/headscale"];
|
||||||
|
|
|
@ -330,7 +330,7 @@ func (h *Headscale) grpcAuthenticationInterceptor(ctx context.Context,
|
||||||
// Check if the request is coming from the on-server client.
|
// Check if the request is coming from the on-server client.
|
||||||
// This is not secure, but it is to maintain maintainability
|
// This is not secure, but it is to maintain maintainability
|
||||||
// with the "legacy" database-based client
|
// with the "legacy" database-based client
|
||||||
// It is also neede for grpc-gateway to be able to connect to
|
// It is also needed for grpc-gateway to be able to connect to
|
||||||
// the server
|
// the server
|
||||||
client, _ := peer.FromContext(ctx)
|
client, _ := peer.FromContext(ctx)
|
||||||
|
|
||||||
|
|
|
@ -661,7 +661,7 @@ func GenerateGivenName(
|
||||||
}
|
}
|
||||||
|
|
||||||
func DeleteExpiredEphemeralNodes(tx *gorm.DB,
|
func DeleteExpiredEphemeralNodes(tx *gorm.DB,
|
||||||
inactivityThreshhold time.Duration,
|
inactivityThreshold time.Duration,
|
||||||
) ([]types.NodeID, []types.NodeID) {
|
) ([]types.NodeID, []types.NodeID) {
|
||||||
users, err := ListUsers(tx)
|
users, err := ListUsers(tx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -679,7 +679,7 @@ func DeleteExpiredEphemeralNodes(tx *gorm.DB,
|
||||||
for idx, node := range nodes {
|
for idx, node := range nodes {
|
||||||
if node.IsEphemeral() && node.LastSeen != nil &&
|
if node.IsEphemeral() && node.LastSeen != nil &&
|
||||||
time.Now().
|
time.Now().
|
||||||
After(node.LastSeen.Add(inactivityThreshhold)) {
|
After(node.LastSeen.Add(inactivityThreshold)) {
|
||||||
expired = append(expired, node.ID)
|
expired = append(expired, node.ID)
|
||||||
|
|
||||||
log.Info().
|
log.Info().
|
||||||
|
|
|
@ -393,7 +393,7 @@ func (s *Suite) TestSetTags(c *check.C) {
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
c.Assert(node.ForcedTags, check.DeepEquals, types.StringList(sTags))
|
c.Assert(node.ForcedTags, check.DeepEquals, types.StringList(sTags))
|
||||||
|
|
||||||
// assign duplicat tags, expect no errors but no doubles in DB
|
// assign duplicate tags, expect no errors but no doubles in DB
|
||||||
eTags := []string{"tag:bar", "tag:test", "tag:unknown", "tag:test"}
|
eTags := []string{"tag:bar", "tag:test", "tag:unknown", "tag:test"}
|
||||||
err = db.SetTags(node.ID, eTags)
|
err = db.SetTags(node.ID, eTags)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
|
@ -83,7 +83,7 @@ func CreatePreAuthKey(
|
||||||
if !seenTags[tag] {
|
if !seenTags[tag] {
|
||||||
if err := tx.Save(&types.PreAuthKeyACLTag{PreAuthKeyID: key.ID, Tag: tag}).Error; err != nil {
|
if err := tx.Save(&types.PreAuthKeyACLTag{PreAuthKeyID: key.ID, Tag: tag}).Error; err != nil {
|
||||||
return nil, fmt.Errorf(
|
return nil, fmt.Errorf(
|
||||||
"failed to ceate key tag in the database: %w",
|
"failed to create key tag in the database: %w",
|
||||||
err,
|
err,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
|
@ -204,7 +204,7 @@ func DERPProbeHandler(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// DERPBootstrapDNSHandler implements the /bootsrap-dns endpoint
|
// DERPBootstrapDNSHandler implements the /bootstrap-dns endpoint
|
||||||
// Described in https://github.com/tailscale/tailscale/issues/1405,
|
// Described in https://github.com/tailscale/tailscale/issues/1405,
|
||||||
// this endpoint provides a way to help a client when it fails to start up
|
// this endpoint provides a way to help a client when it fails to start up
|
||||||
// because its DNS are broken.
|
// because its DNS are broken.
|
||||||
|
|
|
@ -532,7 +532,7 @@ func (s *Suite) TestRuleInvalidGeneration(c *check.C) {
|
||||||
"example-host-2:80"
|
"example-host-2:80"
|
||||||
],
|
],
|
||||||
"deny": [
|
"deny": [
|
||||||
"exapmle-host-2:100"
|
"example-host-2:100"
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -635,7 +635,7 @@ func Test_expandGroup(t *testing.T) {
|
||||||
wantErr: false,
|
wantErr: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "InexistantGroup",
|
name: "InexistentGroup",
|
||||||
field: field{
|
field: field{
|
||||||
pol: ACLPolicy{
|
pol: ACLPolicy{
|
||||||
Groups: Groups{
|
Groups: Groups{
|
||||||
|
@ -2604,7 +2604,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "all hosts can talk to each other",
|
name: "all hosts can talk to each other",
|
||||||
args: args{
|
args: args{
|
||||||
nodes: types.Nodes{ // list of all nodess in the database
|
nodes: types.Nodes{ // list of all nodes in the database
|
||||||
&types.Node{
|
&types.Node{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPv4: iap("100.64.0.1"),
|
IPv4: iap("100.64.0.1"),
|
||||||
|
@ -2651,7 +2651,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "One host can talk to another, but not all hosts",
|
name: "One host can talk to another, but not all hosts",
|
||||||
args: args{
|
args: args{
|
||||||
nodes: types.Nodes{ // list of all nodess in the database
|
nodes: types.Nodes{ // list of all nodes in the database
|
||||||
&types.Node{
|
&types.Node{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPv4: iap("100.64.0.1"),
|
IPv4: iap("100.64.0.1"),
|
||||||
|
@ -2693,7 +2693,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "host cannot directly talk to destination, but return path is authorized",
|
name: "host cannot directly talk to destination, but return path is authorized",
|
||||||
args: args{
|
args: args{
|
||||||
nodes: types.Nodes{ // list of all nodess in the database
|
nodes: types.Nodes{ // list of all nodes in the database
|
||||||
&types.Node{
|
&types.Node{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPv4: iap("100.64.0.1"),
|
IPv4: iap("100.64.0.1"),
|
||||||
|
@ -2735,7 +2735,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "rules allows all hosts to reach one destination",
|
name: "rules allows all hosts to reach one destination",
|
||||||
args: args{
|
args: args{
|
||||||
nodes: types.Nodes{ // list of all nodess in the database
|
nodes: types.Nodes{ // list of all nodes in the database
|
||||||
&types.Node{
|
&types.Node{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPv4: iap("100.64.0.1"),
|
IPv4: iap("100.64.0.1"),
|
||||||
|
@ -2777,7 +2777,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "rules allows all hosts to reach one destination, destination can reach all hosts",
|
name: "rules allows all hosts to reach one destination, destination can reach all hosts",
|
||||||
args: args{
|
args: args{
|
||||||
nodes: types.Nodes{ // list of all nodess in the database
|
nodes: types.Nodes{ // list of all nodes in the database
|
||||||
&types.Node{
|
&types.Node{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPv4: iap("100.64.0.1"),
|
IPv4: iap("100.64.0.1"),
|
||||||
|
@ -2824,7 +2824,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "rule allows all hosts to reach all destinations",
|
name: "rule allows all hosts to reach all destinations",
|
||||||
args: args{
|
args: args{
|
||||||
nodes: types.Nodes{ // list of all nodess in the database
|
nodes: types.Nodes{ // list of all nodes in the database
|
||||||
&types.Node{
|
&types.Node{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPv4: iap("100.64.0.1"),
|
IPv4: iap("100.64.0.1"),
|
||||||
|
@ -2871,7 +2871,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "without rule all communications are forbidden",
|
name: "without rule all communications are forbidden",
|
||||||
args: args{
|
args: args{
|
||||||
nodes: types.Nodes{ // list of all nodess in the database
|
nodes: types.Nodes{ // list of all nodes in the database
|
||||||
&types.Node{
|
&types.Node{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPv4: iap("100.64.0.1"),
|
IPv4: iap("100.64.0.1"),
|
||||||
|
|
|
@ -335,14 +335,14 @@ func TestTaildrop(t *testing.T) {
|
||||||
IntegrationSkip(t)
|
IntegrationSkip(t)
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
retry := func(times int, sleepInverval time.Duration, doWork func() error) error {
|
retry := func(times int, sleepInterval time.Duration, doWork func() error) error {
|
||||||
var err error
|
var err error
|
||||||
for attempts := 0; attempts < times; attempts++ {
|
for attempts := 0; attempts < times; attempts++ {
|
||||||
err = doWork()
|
err = doWork()
|
||||||
if err == nil {
|
if err == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
time.Sleep(sleepInverval)
|
time.Sleep(sleepInterval)
|
||||||
}
|
}
|
||||||
|
|
||||||
return err
|
return err
|
||||||
|
@ -793,7 +793,7 @@ func TestNodeOnlineStatus(t *testing.T) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// All peers of this nodess are reporting to be
|
// All peers of this nodes are reporting to be
|
||||||
// connected to the control server
|
// connected to the control server
|
||||||
assert.Truef(
|
assert.Truef(
|
||||||
t,
|
t,
|
||||||
|
|
|
@ -450,7 +450,7 @@ func (s *Scenario) WaitForTailscaleSyncWithPeerCount(peerCount int) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateHeadscaleEnv is a conventient method returning a complete Headcale
|
// CreateHeadscaleEnv is a convenient method returning a complete Headcale
|
||||||
// test environment with nodes of all versions, joined to the server with X
|
// test environment with nodes of all versions, joined to the server with X
|
||||||
// users.
|
// users.
|
||||||
func (s *Scenario) CreateHeadscaleEnv(
|
func (s *Scenario) CreateHeadscaleEnv(
|
||||||
|
|
|
@ -331,7 +331,7 @@ func dockertestMaxWait() time.Duration {
|
||||||
// return timeout
|
// return timeout
|
||||||
// }
|
// }
|
||||||
|
|
||||||
// pingAllNegativeHelper is intended to have 1 or more nodes timeing out from the ping,
|
// pingAllNegativeHelper is intended to have 1 or more nodes timing out from the ping,
|
||||||
// it counts failures instead of successes.
|
// it counts failures instead of successes.
|
||||||
// func pingAllNegativeHelper(t *testing.T, clients []TailscaleClient, addrs []string) int {
|
// func pingAllNegativeHelper(t *testing.T, clients []TailscaleClient, addrs []string) int {
|
||||||
// t.Helper()
|
// t.Helper()
|
||||||
|
|
Loading…
Reference in a new issue