make acl_policy_path fatal if policy.path is not set (#2041)
This commit is contained in:
parent
f99497340b
commit
84cb5d0aed
6 changed files with 42 additions and 5 deletions
|
@ -241,8 +241,8 @@ policy:
|
|||
# - https://tailscale.com/kb/1081/magicdns/
|
||||
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
|
||||
#
|
||||
# Please not that for the DNS configuration to have any effect,
|
||||
# clients must have the `--accept-ds=true` option enabled. This is the
|
||||
# Please note that for the DNS configuration to have any effect,
|
||||
# clients must have the `--accept-dns=true` option enabled. This is the
|
||||
# default for the Tailscale client. This option is enabled by default
|
||||
# in the Tailscale client.
|
||||
#
|
||||
|
|
|
@ -303,7 +303,7 @@ func LoadConfig(path string, isFile bool) error {
|
|||
// https://github.com/spf13/viper/issues/560
|
||||
|
||||
// Alias the old ACL Policy path with the new configuration option.
|
||||
depr.warnWithAlias("policy.path", "acl_policy_path")
|
||||
depr.fatalIfNewKeyIsNotUsed("policy.path", "acl_policy_path")
|
||||
|
||||
// Move dns_config -> dns
|
||||
depr.warn("dns_config.override_local_dns")
|
||||
|
|
|
@ -161,6 +161,25 @@ func TestReadConfig(t *testing.T) {
|
|||
},
|
||||
wantErr: "",
|
||||
},
|
||||
{
|
||||
name: "policy-path-is-loaded",
|
||||
configPath: "testdata/policy-path-is-loaded.yaml",
|
||||
setup: func(t *testing.T) (any, error) {
|
||||
cfg, err := GetHeadscaleConfig()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return map[string]string{
|
||||
"policy.mode": string(cfg.Policy.Mode),
|
||||
"policy.path": cfg.Policy.Path,
|
||||
}, err
|
||||
},
|
||||
want: map[string]string{
|
||||
"policy.mode": "file",
|
||||
"policy.path": "/etc/policy.hujson",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
|
|
18
hscontrol/types/testdata/policy-path-is-loaded.yaml
vendored
Normal file
18
hscontrol/types/testdata/policy-path-is-loaded.yaml
vendored
Normal file
|
@ -0,0 +1,18 @@
|
|||
noise:
|
||||
private_key_path: "private_key.pem"
|
||||
|
||||
prefixes:
|
||||
v6: fd7a:115c:a1e0::/48
|
||||
v4: 100.64.0.0/10
|
||||
|
||||
database:
|
||||
type: sqlite3
|
||||
|
||||
server_url: "https://derp.no"
|
||||
|
||||
acl_policy_path: "/etc/acl_policy.yaml"
|
||||
policy:
|
||||
type: file
|
||||
path: "/etc/policy.hujson"
|
||||
|
||||
dns.magic_dns: false
|
|
@ -13,7 +13,7 @@ noise:
|
|||
func DefaultConfigEnv() map[string]string {
|
||||
return map[string]string{
|
||||
"HEADSCALE_LOG_LEVEL": "trace",
|
||||
"HEADSCALE_ACL_POLICY_PATH": "",
|
||||
"HEADSCALE_POLICY_PATH": "",
|
||||
"HEADSCALE_DATABASE_TYPE": "sqlite",
|
||||
"HEADSCALE_DATABASE_SQLITE_PATH": "/tmp/integration_test_db.sqlite3",
|
||||
"HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT": "30m",
|
||||
|
|
|
@ -82,7 +82,7 @@ type Option = func(c *HeadscaleInContainer)
|
|||
func WithACLPolicy(acl *policy.ACLPolicy) Option {
|
||||
return func(hsic *HeadscaleInContainer) {
|
||||
// TODO(kradalby): Move somewhere appropriate
|
||||
hsic.env["HEADSCALE_ACL_POLICY_PATH"] = aclPolicyPath
|
||||
hsic.env["HEADSCALE_POLICY_PATH"] = aclPolicyPath
|
||||
|
||||
hsic.aclPolicy = acl
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue