diff --git a/acls.go b/acls.go index 43d43fb..86239d4 100644 --- a/acls.go +++ b/acls.go @@ -150,7 +150,11 @@ func (h *Headscale) UpdateACLRules() error { return nil } -func generateACLRules(machines []Machine, aclPolicy ACLPolicy, stripEmaildomain bool) ([]tailcfg.FilterRule, error) { +func generateACLRules( + machines []Machine, + aclPolicy ACLPolicy, + stripEmaildomain bool, +) ([]tailcfg.FilterRule, error) { rules := []tailcfg.FilterRule{} for index, acl := range aclPolicy.ACLs { @@ -160,7 +164,7 @@ func generateACLRules(machines []Machine, aclPolicy ACLPolicy, stripEmaildomain srcIPs := []string{} for innerIndex, src := range acl.Sources { - srcs, err := generateACLPolicySrcIP(machines, aclPolicy, src, stripEmaildomain) + srcs, err := generateACLPolicySrc(machines, aclPolicy, src, stripEmaildomain) if err != nil { log.Error(). Msgf("Error parsing ACL %d, Source %d", index, innerIndex) @@ -311,7 +315,7 @@ func sshCheckAction(duration string) (*tailcfg.SSHAction, error) { }, nil } -func generateACLPolicySrcIP( +func generateACLPolicySrc( machines []Machine, aclPolicy ACLPolicy, src string, @@ -427,6 +431,7 @@ func parseProtocol(protocol string) ([]int, bool, error) { // - a user // - a group // - a tag +// - a host // and transform these in IPAddresses. func expandAlias( machines []Machine, diff --git a/acls_test.go b/acls_test.go index c664bce..8bd8585 100644 --- a/acls_test.go +++ b/acls_test.go @@ -1041,7 +1041,7 @@ func Test_expandAlias(t *testing.T) { wantErr: false, }, { - name: "simple host", + name: "simple host by ip", args: args{ alias: "10.0.0.1", machines: []Machine{}, @@ -1051,6 +1051,21 @@ func Test_expandAlias(t *testing.T) { want: []string{"10.0.0.1"}, wantErr: false, }, + { + name: "simple host by hostname alias", + args: args{ + alias: "testy", + machines: []Machine{}, + aclPolicy: ACLPolicy{ + Hosts: Hosts{ + "testy": netip.MustParsePrefix("10.0.0.132/32"), + }, + }, + stripEmailDomain: true, + }, + want: []string{"10.0.0.132/32"}, + wantErr: false, + }, { name: "simple CIDR", args: args{