make acl_policy_path fatal if policy.path is not set (#2041)
This commit is contained in:
parent
f99497340b
commit
84cb5d0aed
6 changed files with 42 additions and 5 deletions
|
@ -241,8 +241,8 @@ policy:
|
||||||
# - https://tailscale.com/kb/1081/magicdns/
|
# - https://tailscale.com/kb/1081/magicdns/
|
||||||
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
|
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
|
||||||
#
|
#
|
||||||
# Please not that for the DNS configuration to have any effect,
|
# Please note that for the DNS configuration to have any effect,
|
||||||
# clients must have the `--accept-ds=true` option enabled. This is the
|
# clients must have the `--accept-dns=true` option enabled. This is the
|
||||||
# default for the Tailscale client. This option is enabled by default
|
# default for the Tailscale client. This option is enabled by default
|
||||||
# in the Tailscale client.
|
# in the Tailscale client.
|
||||||
#
|
#
|
||||||
|
|
|
@ -303,7 +303,7 @@ func LoadConfig(path string, isFile bool) error {
|
||||||
// https://github.com/spf13/viper/issues/560
|
// https://github.com/spf13/viper/issues/560
|
||||||
|
|
||||||
// Alias the old ACL Policy path with the new configuration option.
|
// Alias the old ACL Policy path with the new configuration option.
|
||||||
depr.warnWithAlias("policy.path", "acl_policy_path")
|
depr.fatalIfNewKeyIsNotUsed("policy.path", "acl_policy_path")
|
||||||
|
|
||||||
// Move dns_config -> dns
|
// Move dns_config -> dns
|
||||||
depr.warn("dns_config.override_local_dns")
|
depr.warn("dns_config.override_local_dns")
|
||||||
|
|
|
@ -161,6 +161,25 @@ func TestReadConfig(t *testing.T) {
|
||||||
},
|
},
|
||||||
wantErr: "",
|
wantErr: "",
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "policy-path-is-loaded",
|
||||||
|
configPath: "testdata/policy-path-is-loaded.yaml",
|
||||||
|
setup: func(t *testing.T) (any, error) {
|
||||||
|
cfg, err := GetHeadscaleConfig()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return map[string]string{
|
||||||
|
"policy.mode": string(cfg.Policy.Mode),
|
||||||
|
"policy.path": cfg.Policy.Path,
|
||||||
|
}, err
|
||||||
|
},
|
||||||
|
want: map[string]string{
|
||||||
|
"policy.mode": "file",
|
||||||
|
"policy.path": "/etc/policy.hujson",
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
|
|
18
hscontrol/types/testdata/policy-path-is-loaded.yaml
vendored
Normal file
18
hscontrol/types/testdata/policy-path-is-loaded.yaml
vendored
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
noise:
|
||||||
|
private_key_path: "private_key.pem"
|
||||||
|
|
||||||
|
prefixes:
|
||||||
|
v6: fd7a:115c:a1e0::/48
|
||||||
|
v4: 100.64.0.0/10
|
||||||
|
|
||||||
|
database:
|
||||||
|
type: sqlite3
|
||||||
|
|
||||||
|
server_url: "https://derp.no"
|
||||||
|
|
||||||
|
acl_policy_path: "/etc/acl_policy.yaml"
|
||||||
|
policy:
|
||||||
|
type: file
|
||||||
|
path: "/etc/policy.hujson"
|
||||||
|
|
||||||
|
dns.magic_dns: false
|
|
@ -13,7 +13,7 @@ noise:
|
||||||
func DefaultConfigEnv() map[string]string {
|
func DefaultConfigEnv() map[string]string {
|
||||||
return map[string]string{
|
return map[string]string{
|
||||||
"HEADSCALE_LOG_LEVEL": "trace",
|
"HEADSCALE_LOG_LEVEL": "trace",
|
||||||
"HEADSCALE_ACL_POLICY_PATH": "",
|
"HEADSCALE_POLICY_PATH": "",
|
||||||
"HEADSCALE_DATABASE_TYPE": "sqlite",
|
"HEADSCALE_DATABASE_TYPE": "sqlite",
|
||||||
"HEADSCALE_DATABASE_SQLITE_PATH": "/tmp/integration_test_db.sqlite3",
|
"HEADSCALE_DATABASE_SQLITE_PATH": "/tmp/integration_test_db.sqlite3",
|
||||||
"HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT": "30m",
|
"HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT": "30m",
|
||||||
|
|
|
@ -82,7 +82,7 @@ type Option = func(c *HeadscaleInContainer)
|
||||||
func WithACLPolicy(acl *policy.ACLPolicy) Option {
|
func WithACLPolicy(acl *policy.ACLPolicy) Option {
|
||||||
return func(hsic *HeadscaleInContainer) {
|
return func(hsic *HeadscaleInContainer) {
|
||||||
// TODO(kradalby): Move somewhere appropriate
|
// TODO(kradalby): Move somewhere appropriate
|
||||||
hsic.env["HEADSCALE_ACL_POLICY_PATH"] = aclPolicyPath
|
hsic.env["HEADSCALE_POLICY_PATH"] = aclPolicyPath
|
||||||
|
|
||||||
hsic.aclPolicy = acl
|
hsic.aclPolicy = acl
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue