chore(all): update some files for linter
This commit is contained in:
parent
aceaba60f1
commit
9cedbbafd4
7 changed files with 118 additions and 73 deletions
31
acls.go
31
acls.go
|
@ -20,7 +20,6 @@ const (
|
||||||
errInvalidUserSection = Error("invalid user section")
|
errInvalidUserSection = Error("invalid user section")
|
||||||
errInvalidGroup = Error("invalid group")
|
errInvalidGroup = Error("invalid group")
|
||||||
errInvalidTag = Error("invalid tag")
|
errInvalidTag = Error("invalid tag")
|
||||||
errInvalidNamespace = Error("invalid namespace")
|
|
||||||
errInvalidPortFormat = Error("invalid port format")
|
errInvalidPortFormat = Error("invalid port format")
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -69,6 +68,7 @@ func (h *Headscale) LoadACLPolicy(path string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
h.aclPolicy = &policy
|
h.aclPolicy = &policy
|
||||||
|
|
||||||
return h.UpdateACLRules()
|
return h.UpdateACLRules()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -79,6 +79,7 @@ func (h *Headscale) UpdateACLRules() error {
|
||||||
}
|
}
|
||||||
log.Trace().Interface("ACL", rules).Msg("ACL rules generated")
|
log.Trace().Interface("ACL", rules).Msg("ACL rules generated")
|
||||||
h.aclRules = rules
|
h.aclRules = rules
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -182,7 +183,7 @@ func (h *Headscale) generateACLPolicyDestPorts(
|
||||||
// - a namespace
|
// - a namespace
|
||||||
// - a group
|
// - a group
|
||||||
// - a tag
|
// - a tag
|
||||||
// and transform these in IPAddresses
|
// and transform these in IPAddresses.
|
||||||
func expandAlias(machines []Machine, aclPolicy ACLPolicy, alias string) ([]string, error) {
|
func expandAlias(machines []Machine, aclPolicy ACLPolicy, alias string) ([]string, error) {
|
||||||
ips := []string{}
|
ips := []string{}
|
||||||
if alias == "*" {
|
if alias == "*" {
|
||||||
|
@ -200,6 +201,7 @@ func expandAlias(machines []Machine, aclPolicy ACLPolicy, alias string) ([]strin
|
||||||
ips = append(ips, node.IPAddresses.ToStringSlice()...)
|
ips = append(ips, node.IPAddresses.ToStringSlice()...)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return ips, nil
|
return ips, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -225,6 +227,7 @@ func expandAlias(machines []Machine, aclPolicy ACLPolicy, alias string) ([]strin
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return ips, nil
|
return ips, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -276,6 +279,7 @@ func excludeCorrectlyTaggedNodes(aclPolicy ACLPolicy, nodes []Machine, namespace
|
||||||
for _, machine := range nodes {
|
for _, machine := range nodes {
|
||||||
if len(machine.HostInfo) == 0 {
|
if len(machine.HostInfo) == 0 {
|
||||||
out = append(out, machine)
|
out = append(out, machine)
|
||||||
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
hi, err := machine.GetHostInfo()
|
hi, err := machine.GetHostInfo()
|
||||||
|
@ -286,6 +290,7 @@ func excludeCorrectlyTaggedNodes(aclPolicy ACLPolicy, nodes []Machine, namespace
|
||||||
for _, t := range hi.RequestTags {
|
for _, t := range hi.RequestTags {
|
||||||
if containsString(tags, t) {
|
if containsString(tags, t) {
|
||||||
found = true
|
found = true
|
||||||
|
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -293,6 +298,7 @@ func excludeCorrectlyTaggedNodes(aclPolicy ACLPolicy, nodes []Machine, namespace
|
||||||
out = append(out, machine)
|
out = append(out, machine)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return out, nil
|
return out, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -346,42 +352,45 @@ func listMachinesInNamespace(machines []Machine, namespace string) []Machine {
|
||||||
out = append(out, machine)
|
out = append(out, machine)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
// expandTagOwners will return a list of namespace. An owner can be either a namespace or a group
|
// expandTagOwners will return a list of namespace. An owner can be either a namespace or a group
|
||||||
// a group cannot be composed of groups
|
// a group cannot be composed of groups.
|
||||||
func expandTagOwners(aclPolicy ACLPolicy, tag string) ([]string, error) {
|
func expandTagOwners(aclPolicy ACLPolicy, tag string) ([]string, error) {
|
||||||
var owners []string
|
var owners []string
|
||||||
ows, ok := aclPolicy.TagOwners[tag]
|
ows, ok := aclPolicy.TagOwners[tag]
|
||||||
if !ok {
|
if !ok {
|
||||||
return []string{}, fmt.Errorf("%w. %v isn't owned by a TagOwner. Please add one first. https://tailscale.com/kb/1018/acls/#tag-owners", errInvalidTag, tag)
|
return []string{}, fmt.Errorf("%w. %v isn't owned by a TagOwner. Please add one first. https://tailscale.com/kb/1018/acls/#tag-owners", errInvalidTag, tag)
|
||||||
}
|
}
|
||||||
for _, ow := range ows {
|
for _, owner := range ows {
|
||||||
if strings.HasPrefix(ow, "group:") {
|
if strings.HasPrefix(owner, "group:") {
|
||||||
gs, err := expandGroup(aclPolicy, ow)
|
gs, err := expandGroup(aclPolicy, owner)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return []string{}, err
|
return []string{}, err
|
||||||
}
|
}
|
||||||
owners = append(owners, gs...)
|
owners = append(owners, gs...)
|
||||||
} else {
|
} else {
|
||||||
owners = append(owners, ow)
|
owners = append(owners, owner)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return owners, nil
|
return owners, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// expandGroup will return the list of namespace inside the group
|
// expandGroup will return the list of namespace inside the group
|
||||||
// after some validation
|
// after some validation.
|
||||||
func expandGroup(aclPolicy ACLPolicy, group string) ([]string, error) {
|
func expandGroup(aclPolicy ACLPolicy, group string) ([]string, error) {
|
||||||
gs, ok := aclPolicy.Groups[group]
|
groups, ok := aclPolicy.Groups[group]
|
||||||
if !ok {
|
if !ok {
|
||||||
return []string{}, fmt.Errorf("group %v isn't registered. %w", group, errInvalidGroup)
|
return []string{}, fmt.Errorf("group %v isn't registered. %w", group, errInvalidGroup)
|
||||||
}
|
}
|
||||||
for _, g := range gs {
|
for _, g := range groups {
|
||||||
if strings.HasPrefix(g, "group:") {
|
if strings.HasPrefix(g, "group:") {
|
||||||
return []string{}, fmt.Errorf("%w. A group cannot be composed of groups. https://tailscale.com/kb/1018/acls/#groups", errInvalidGroup)
|
return []string{}, fmt.Errorf("%w. A group cannot be composed of groups. https://tailscale.com/kb/1018/acls/#groups", errInvalidGroup)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return gs, nil
|
|
||||||
|
return groups, nil
|
||||||
}
|
}
|
||||||
|
|
101
acls_test.go
101
acls_test.go
|
@ -94,7 +94,7 @@ func (s *Suite) TestInvalidTagOwners(c *check.C) {
|
||||||
|
|
||||||
// this test should validate that we can expand a group in a TagOWner section and
|
// this test should validate that we can expand a group in a TagOWner section and
|
||||||
// match properly the IP's of the related hosts. The owner is valid and the tag is also valid.
|
// match properly the IP's of the related hosts. The owner is valid and the tag is also valid.
|
||||||
// the tag is matched in the Users section
|
// the tag is matched in the Users section.
|
||||||
func (s *Suite) TestValidExpandTagOwnersInUsers(c *check.C) {
|
func (s *Suite) TestValidExpandTagOwnersInUsers(c *check.C) {
|
||||||
namespace, err := app.CreateNamespace("foo")
|
namespace, err := app.CreateNamespace("foo")
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
@ -104,7 +104,7 @@ func (s *Suite) TestValidExpandTagOwnersInUsers(c *check.C) {
|
||||||
|
|
||||||
_, err = app.GetMachine("foo", "testmachine")
|
_, err = app.GetMachine("foo", "testmachine")
|
||||||
c.Assert(err, check.NotNil)
|
c.Assert(err, check.NotNil)
|
||||||
b := []byte("{\"OS\":\"centos\",\"Hostname\":\"foo\",\"RequestTags\":[\"tag:test\"]}")
|
hostInfo := []byte("{\"OS\":\"centos\",\"Hostname\":\"foo\",\"RequestTags\":[\"tag:test\"]}")
|
||||||
machine := Machine{
|
machine := Machine{
|
||||||
ID: 0,
|
ID: 0,
|
||||||
MachineKey: "foo",
|
MachineKey: "foo",
|
||||||
|
@ -116,7 +116,7 @@ func (s *Suite) TestValidExpandTagOwnersInUsers(c *check.C) {
|
||||||
Registered: true,
|
Registered: true,
|
||||||
RegisterMethod: RegisterMethodAuthKey,
|
RegisterMethod: RegisterMethodAuthKey,
|
||||||
AuthKeyID: uint(pak.ID),
|
AuthKeyID: uint(pak.ID),
|
||||||
HostInfo: datatypes.JSON(b),
|
HostInfo: datatypes.JSON(hostInfo),
|
||||||
}
|
}
|
||||||
app.db.Save(&machine)
|
app.db.Save(&machine)
|
||||||
|
|
||||||
|
@ -136,7 +136,7 @@ func (s *Suite) TestValidExpandTagOwnersInUsers(c *check.C) {
|
||||||
|
|
||||||
// this test should validate that we can expand a group in a TagOWner section and
|
// this test should validate that we can expand a group in a TagOWner section and
|
||||||
// match properly the IP's of the related hosts. The owner is valid and the tag is also valid.
|
// match properly the IP's of the related hosts. The owner is valid and the tag is also valid.
|
||||||
// the tag is matched in the Ports section
|
// the tag is matched in the Ports section.
|
||||||
func (s *Suite) TestValidExpandTagOwnersInPorts(c *check.C) {
|
func (s *Suite) TestValidExpandTagOwnersInPorts(c *check.C) {
|
||||||
namespace, err := app.CreateNamespace("foo")
|
namespace, err := app.CreateNamespace("foo")
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
@ -146,7 +146,7 @@ func (s *Suite) TestValidExpandTagOwnersInPorts(c *check.C) {
|
||||||
|
|
||||||
_, err = app.GetMachine("foo", "testmachine")
|
_, err = app.GetMachine("foo", "testmachine")
|
||||||
c.Assert(err, check.NotNil)
|
c.Assert(err, check.NotNil)
|
||||||
b := []byte("{\"OS\":\"centos\",\"Hostname\":\"foo\",\"RequestTags\":[\"tag:test\"]}")
|
hostInfo := []byte("{\"OS\":\"centos\",\"Hostname\":\"foo\",\"RequestTags\":[\"tag:test\"]}")
|
||||||
machine := Machine{
|
machine := Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
MachineKey: "foo",
|
MachineKey: "foo",
|
||||||
|
@ -158,7 +158,7 @@ func (s *Suite) TestValidExpandTagOwnersInPorts(c *check.C) {
|
||||||
Registered: true,
|
Registered: true,
|
||||||
RegisterMethod: RegisterMethodAuthKey,
|
RegisterMethod: RegisterMethodAuthKey,
|
||||||
AuthKeyID: uint(pak.ID),
|
AuthKeyID: uint(pak.ID),
|
||||||
HostInfo: datatypes.JSON(b),
|
HostInfo: datatypes.JSON(hostInfo),
|
||||||
}
|
}
|
||||||
app.db.Save(&machine)
|
app.db.Save(&machine)
|
||||||
|
|
||||||
|
@ -178,7 +178,7 @@ func (s *Suite) TestValidExpandTagOwnersInPorts(c *check.C) {
|
||||||
|
|
||||||
// need a test with:
|
// need a test with:
|
||||||
// tag on a host that isn't owned by a tag owners. So the namespace
|
// tag on a host that isn't owned by a tag owners. So the namespace
|
||||||
// of the host should be valid
|
// of the host should be valid.
|
||||||
func (s *Suite) TestInvalidTagValidNamespace(c *check.C) {
|
func (s *Suite) TestInvalidTagValidNamespace(c *check.C) {
|
||||||
namespace, err := app.CreateNamespace("foo")
|
namespace, err := app.CreateNamespace("foo")
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
@ -188,7 +188,7 @@ func (s *Suite) TestInvalidTagValidNamespace(c *check.C) {
|
||||||
|
|
||||||
_, err = app.GetMachine("foo", "testmachine")
|
_, err = app.GetMachine("foo", "testmachine")
|
||||||
c.Assert(err, check.NotNil)
|
c.Assert(err, check.NotNil)
|
||||||
b := []byte("{\"OS\":\"centos\",\"Hostname\":\"foo\",\"RequestTags\":[\"tag:foo\"]}")
|
hostInfo := []byte("{\"OS\":\"centos\",\"Hostname\":\"foo\",\"RequestTags\":[\"tag:foo\"]}")
|
||||||
machine := Machine{
|
machine := Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
MachineKey: "foo",
|
MachineKey: "foo",
|
||||||
|
@ -200,7 +200,7 @@ func (s *Suite) TestInvalidTagValidNamespace(c *check.C) {
|
||||||
Registered: true,
|
Registered: true,
|
||||||
RegisterMethod: RegisterMethodAuthKey,
|
RegisterMethod: RegisterMethodAuthKey,
|
||||||
AuthKeyID: uint(pak.ID),
|
AuthKeyID: uint(pak.ID),
|
||||||
HostInfo: datatypes.JSON(b),
|
HostInfo: datatypes.JSON(hostInfo),
|
||||||
}
|
}
|
||||||
app.db.Save(&machine)
|
app.db.Save(&machine)
|
||||||
|
|
||||||
|
@ -229,7 +229,7 @@ func (s *Suite) TestValidTagInvalidNamespace(c *check.C) {
|
||||||
|
|
||||||
_, err = app.GetMachine("foo", "webserver")
|
_, err = app.GetMachine("foo", "webserver")
|
||||||
c.Assert(err, check.NotNil)
|
c.Assert(err, check.NotNil)
|
||||||
b := []byte("{\"OS\":\"centos\",\"Hostname\":\"webserver\",\"RequestTags\":[\"tag:webapp\"]}")
|
hostInfo := []byte("{\"OS\":\"centos\",\"Hostname\":\"webserver\",\"RequestTags\":[\"tag:webapp\"]}")
|
||||||
machine := Machine{
|
machine := Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
MachineKey: "foo",
|
MachineKey: "foo",
|
||||||
|
@ -241,11 +241,11 @@ func (s *Suite) TestValidTagInvalidNamespace(c *check.C) {
|
||||||
Registered: true,
|
Registered: true,
|
||||||
RegisterMethod: RegisterMethodAuthKey,
|
RegisterMethod: RegisterMethodAuthKey,
|
||||||
AuthKeyID: uint(pak.ID),
|
AuthKeyID: uint(pak.ID),
|
||||||
HostInfo: datatypes.JSON(b),
|
HostInfo: datatypes.JSON(hostInfo),
|
||||||
}
|
}
|
||||||
app.db.Save(&machine)
|
app.db.Save(&machine)
|
||||||
_, err = app.GetMachine("foo", "user")
|
_, err = app.GetMachine("foo", "user")
|
||||||
b = []byte("{\"OS\":\"debian\",\"Hostname\":\"user\"}")
|
hostInfo = []byte("{\"OS\":\"debian\",\"Hostname\":\"user\"}")
|
||||||
c.Assert(err, check.NotNil)
|
c.Assert(err, check.NotNil)
|
||||||
machine = Machine{
|
machine = Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
|
@ -258,7 +258,7 @@ func (s *Suite) TestValidTagInvalidNamespace(c *check.C) {
|
||||||
Registered: true,
|
Registered: true,
|
||||||
RegisterMethod: RegisterMethodAuthKey,
|
RegisterMethod: RegisterMethodAuthKey,
|
||||||
AuthKeyID: uint(pak.ID),
|
AuthKeyID: uint(pak.ID),
|
||||||
HostInfo: datatypes.JSON(b),
|
HostInfo: datatypes.JSON(hostInfo),
|
||||||
}
|
}
|
||||||
app.db.Save(&machine)
|
app.db.Save(&machine)
|
||||||
|
|
||||||
|
@ -430,15 +430,16 @@ func Test_expandGroup(t *testing.T) {
|
||||||
wantErr: true,
|
wantErr: true,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, test := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(test.name, func(t *testing.T) {
|
||||||
got, err := expandGroup(tt.args.aclPolicy, tt.args.group)
|
got, err := expandGroup(test.args.aclPolicy, test.args.group)
|
||||||
if (err != nil) != tt.wantErr {
|
if (err != nil) != test.wantErr {
|
||||||
t.Errorf("expandGroup() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("expandGroup() error = %v, wantErr %v", err, test.wantErr)
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(got, tt.want) {
|
if !reflect.DeepEqual(got, test.want) {
|
||||||
t.Errorf("expandGroup() = %v, want %v", got, tt.want)
|
t.Errorf("expandGroup() = %v, want %v", got, test.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
@ -514,15 +515,16 @@ func Test_expandTagOwners(t *testing.T) {
|
||||||
wantErr: true,
|
wantErr: true,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, test := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(test.name, func(t *testing.T) {
|
||||||
got, err := expandTagOwners(tt.args.aclPolicy, tt.args.tag)
|
got, err := expandTagOwners(test.args.aclPolicy, test.args.tag)
|
||||||
if (err != nil) != tt.wantErr {
|
if (err != nil) != test.wantErr {
|
||||||
t.Errorf("expandTagOwners() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("expandTagOwners() error = %v, wantErr %v", err, test.wantErr)
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(got, tt.want) {
|
if !reflect.DeepEqual(got, test.want) {
|
||||||
t.Errorf("expandTagOwners() = %v, want %v", got, tt.want)
|
t.Errorf("expandTagOwners() = %v, want %v", got, test.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
@ -595,15 +597,16 @@ func Test_expandPorts(t *testing.T) {
|
||||||
wantErr: true,
|
wantErr: true,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, test := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(test.name, func(t *testing.T) {
|
||||||
got, err := expandPorts(tt.args.portsStr)
|
got, err := expandPorts(test.args.portsStr)
|
||||||
if (err != nil) != tt.wantErr {
|
if (err != nil) != test.wantErr {
|
||||||
t.Errorf("expandPorts() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("expandPorts() error = %v, wantErr %v", err, test.wantErr)
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(got, tt.want) {
|
if !reflect.DeepEqual(got, test.want) {
|
||||||
t.Errorf("expandPorts() = %v, want %v", got, tt.want)
|
t.Errorf("expandPorts() = %v, want %v", got, test.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
@ -824,15 +827,16 @@ func Test_expandAlias(t *testing.T) {
|
||||||
wantErr: false,
|
wantErr: false,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, test := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(test.name, func(t *testing.T) {
|
||||||
got, err := expandAlias(tt.args.machines, tt.args.aclPolicy, tt.args.alias)
|
got, err := expandAlias(test.args.machines, test.args.aclPolicy, test.args.alias)
|
||||||
if (err != nil) != tt.wantErr {
|
if (err != nil) != test.wantErr {
|
||||||
t.Errorf("expandAlias() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("expandAlias() error = %v, wantErr %v", err, test.wantErr)
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(got, tt.want) {
|
if !reflect.DeepEqual(got, test.want) {
|
||||||
t.Errorf("expandAlias() = %v, want %v", got, tt.want)
|
t.Errorf("expandAlias() = %v, want %v", got, test.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
@ -889,15 +893,16 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
wantErr: false,
|
wantErr: false,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, test := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(test.name, func(t *testing.T) {
|
||||||
got, err := excludeCorrectlyTaggedNodes(tt.args.aclPolicy, tt.args.nodes, tt.args.namespace)
|
got, err := excludeCorrectlyTaggedNodes(test.args.aclPolicy, test.args.nodes, test.args.namespace)
|
||||||
if (err != nil) != tt.wantErr {
|
if (err != nil) != test.wantErr {
|
||||||
t.Errorf("excludeCorrectlyTaggedNodes() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("excludeCorrectlyTaggedNodes() error = %v, wantErr %v", err, test.wantErr)
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(got, tt.want) {
|
if !reflect.DeepEqual(got, test.want) {
|
||||||
t.Errorf("excludeCorrectlyTaggedNodes() = %v, want %v", got, tt.want)
|
t.Errorf("excludeCorrectlyTaggedNodes() = %v, want %v", got, test.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
22
api.go
22
api.go
|
@ -261,7 +261,16 @@ func (h *Headscale) getMapResponse(
|
||||||
|
|
||||||
var respBody []byte
|
var respBody []byte
|
||||||
if req.Compress == "zstd" {
|
if req.Compress == "zstd" {
|
||||||
src, _ := json.Marshal(resp)
|
src, err := json.Marshal(resp)
|
||||||
|
if err != nil {
|
||||||
|
log.Error().
|
||||||
|
Caller().
|
||||||
|
Str("func", "getMapResponse").
|
||||||
|
Err(err).
|
||||||
|
Msg("Failed to marshal response for the client")
|
||||||
|
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
encoder, _ := zstd.NewWriter(nil)
|
encoder, _ := zstd.NewWriter(nil)
|
||||||
srcCompressed := encoder.EncodeAll(src, nil)
|
srcCompressed := encoder.EncodeAll(src, nil)
|
||||||
|
@ -290,7 +299,16 @@ func (h *Headscale) getMapKeepAliveResponse(
|
||||||
var respBody []byte
|
var respBody []byte
|
||||||
var err error
|
var err error
|
||||||
if mapRequest.Compress == "zstd" {
|
if mapRequest.Compress == "zstd" {
|
||||||
src, _ := json.Marshal(mapResponse)
|
src, err := json.Marshal(mapResponse)
|
||||||
|
if err != nil {
|
||||||
|
log.Error().
|
||||||
|
Caller().
|
||||||
|
Str("func", "getMapKeepAliveResponse").
|
||||||
|
Err(err).
|
||||||
|
Msg("Failed to marshal keepalive response for the client")
|
||||||
|
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
encoder, _ := zstd.NewWriter(nil)
|
encoder, _ := zstd.NewWriter(nil)
|
||||||
srcCompressed := encoder.EncodeAll(src, nil)
|
srcCompressed := encoder.EncodeAll(src, nil)
|
||||||
respBody = h.privateKey.SealTo(machineKey, srcCompressed)
|
respBody = h.privateKey.SealTo(machineKey, srcCompressed)
|
||||||
|
|
4
dns.go
4
dns.go
|
@ -165,7 +165,7 @@ func getMapResponseDNSConfig(
|
||||||
dnsConfig.Domains,
|
dnsConfig.Domains,
|
||||||
fmt.Sprintf(
|
fmt.Sprintf(
|
||||||
"%s.%s",
|
"%s.%s",
|
||||||
strings.Replace(machine.Namespace.Name, "@", ".", -1), // Replace @ with . for valid domain for machine
|
strings.ReplaceAll(machine.Namespace.Name, "@", "."), // Replace @ with . for valid domain for machine
|
||||||
baseDomain,
|
baseDomain,
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
@ -176,7 +176,7 @@ func getMapResponseDNSConfig(
|
||||||
namespaceSet.Add(p.Namespace)
|
namespaceSet.Add(p.Namespace)
|
||||||
}
|
}
|
||||||
for _, namespace := range namespaceSet.List() {
|
for _, namespace := range namespaceSet.List() {
|
||||||
dnsRoute := fmt.Sprintf("%s.%s", namespace.(Namespace).Name, baseDomain)
|
var dnsRoute string = fmt.Sprintf("%v.%v", namespace.(Namespace).Name, baseDomain)
|
||||||
dnsConfig.Routes[dnsRoute] = nil
|
dnsConfig.Routes[dnsRoute] = nil
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
13
machine.go
13
machine.go
|
@ -138,6 +138,7 @@ func containsAddresses(inputs []string, addrs MachineAddresses) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -174,20 +175,20 @@ func (h *Headscale) getFilteredByACLPeers(machine *Machine) (Machines, error) {
|
||||||
// In order to do this we would need to be able to identify that node A want to talk to node B but that Node B doesn't know
|
// In order to do this we would need to be able to identify that node A want to talk to node B but that Node B doesn't know
|
||||||
// how to talk to node A and then add the peering resource.
|
// how to talk to node A and then add the peering resource.
|
||||||
|
|
||||||
for _, m := range machines {
|
for _, mchn := range machines {
|
||||||
for _, rule := range h.aclRules {
|
for _, rule := range h.aclRules {
|
||||||
var dst []string
|
var dst []string
|
||||||
for _, d := range rule.DstPorts {
|
for _, d := range rule.DstPorts {
|
||||||
dst = append(dst, d.IP)
|
dst = append(dst, d.IP)
|
||||||
}
|
}
|
||||||
if (containsAddresses(rule.SrcIPs, machine.IPAddresses) && (containsAddresses(dst, m.IPAddresses) || containsString(dst, "*"))) ||
|
if (containsAddresses(rule.SrcIPs, machine.IPAddresses) && (containsAddresses(dst, mchn.IPAddresses) || containsString(dst, "*"))) ||
|
||||||
(containsAddresses(rule.SrcIPs, m.IPAddresses) && containsAddresses(dst, machine.IPAddresses)) {
|
(containsAddresses(rule.SrcIPs, mchn.IPAddresses) && containsAddresses(dst, machine.IPAddresses)) {
|
||||||
mMachines[m.ID] = m
|
mMachines[mchn.ID] = mchn
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var authorizedMachines Machines
|
authorizedMachines := make([]Machine, 0, len(mMachines))
|
||||||
for _, m := range mMachines {
|
for _, m := range mMachines {
|
||||||
authorizedMachines = append(authorizedMachines, m)
|
authorizedMachines = append(authorizedMachines, m)
|
||||||
}
|
}
|
||||||
|
@ -694,7 +695,7 @@ func (machine Machine) toNode(
|
||||||
hostname = fmt.Sprintf(
|
hostname = fmt.Sprintf(
|
||||||
"%s.%s.%s",
|
"%s.%s.%s",
|
||||||
machine.Name,
|
machine.Name,
|
||||||
strings.Replace(machine.Namespace.Name, "@", ".", -1), // Replace @ with . for valid domain for machine
|
strings.ReplaceAll(machine.Namespace.Name, "@", "."), // Replace @ with . for valid domain for machine
|
||||||
baseDomain,
|
baseDomain,
|
||||||
)
|
)
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -161,7 +161,7 @@ func (s *Suite) TestGetACLFilteredPeers(c *check.C) {
|
||||||
key *PreAuthKey
|
key *PreAuthKey
|
||||||
}
|
}
|
||||||
|
|
||||||
var stor []base
|
stor := make([]base, 0)
|
||||||
|
|
||||||
for _, name := range []string{"test", "admin"} {
|
for _, name := range []string{"test", "admin"} {
|
||||||
namespace, err := app.CreateNamespace(name)
|
namespace, err := app.CreateNamespace(name)
|
||||||
|
@ -169,7 +169,6 @@ func (s *Suite) TestGetACLFilteredPeers(c *check.C) {
|
||||||
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
|
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
stor = append(stor, base{namespace, pak})
|
stor = append(stor, base{namespace, pak})
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err := app.GetMachineByID(0)
|
_, err := app.GetMachineByID(0)
|
||||||
|
|
17
poll.go
17
poll.go
|
@ -85,7 +85,10 @@ func (h *Headscale) PollNetMapHandler(ctx *gin.Context) {
|
||||||
Str("machine", machine.Name).
|
Str("machine", machine.Name).
|
||||||
Msg("Found machine in database")
|
Msg("Found machine in database")
|
||||||
|
|
||||||
hostinfo, _ := json.Marshal(req.Hostinfo)
|
hostinfo, err := json.Marshal(req.Hostinfo)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
machine.Name = req.Hostinfo.Hostname
|
machine.Name = req.Hostinfo.Hostname
|
||||||
machine.HostInfo = datatypes.JSON(hostinfo)
|
machine.HostInfo = datatypes.JSON(hostinfo)
|
||||||
machine.DiscoKey = DiscoPublicKeyStripPrefix(req.DiscoKey)
|
machine.DiscoKey = DiscoPublicKeyStripPrefix(req.DiscoKey)
|
||||||
|
@ -106,7 +109,17 @@ func (h *Headscale) PollNetMapHandler(ctx *gin.Context) {
|
||||||
// The intended use is for clients to discover the DERP map at start-up
|
// The intended use is for clients to discover the DERP map at start-up
|
||||||
// before their first real endpoint update.
|
// before their first real endpoint update.
|
||||||
if !req.ReadOnly {
|
if !req.ReadOnly {
|
||||||
endpoints, _ := json.Marshal(req.Endpoints)
|
endpoints, err := json.Marshal(req.Endpoints)
|
||||||
|
if err != nil {
|
||||||
|
log.Error().
|
||||||
|
Caller().
|
||||||
|
Str("func", "PollNetMapHandler").
|
||||||
|
Err(err).
|
||||||
|
Msg("Failed to mashal requested endpoints for the client")
|
||||||
|
ctx.String(http.StatusInternalServerError, ":(")
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
machine.Endpoints = datatypes.JSON(endpoints)
|
machine.Endpoints = datatypes.JSON(endpoints)
|
||||||
machine.LastSeen = &now
|
machine.LastSeen = &now
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue