diff --git a/cmd/headscale/cli/nodes.go b/cmd/headscale/cli/nodes.go index a3176de..6397c9d 100644 --- a/cmd/headscale/cli/nodes.go +++ b/cmd/headscale/cli/nodes.go @@ -68,7 +68,8 @@ func init() { if err != nil { log.Fatalf(err.Error()) } - tagCmd.Flags().StringSliceP("tags", "t", []string{}, "List of tags to add to the node") + tagCmd.Flags(). + StringSliceP("tags", "t", []string{}, "List of tags to add to the node") nodeCmd.AddCommand(tagCmd) } diff --git a/grpcv1.go b/grpcv1.go index 1bdba70..83cd5bf 100644 --- a/grpcv1.go +++ b/grpcv1.go @@ -268,7 +268,7 @@ func (api headscaleV1APIServer) ListMachines( for index, machine := range machines { m := machine.toProto() validTags, invalidTags := getTags( - *api.h.aclPolicy, + api.h.aclPolicy, machine, api.h.cfg.OIDC.StripEmaildomain, ) diff --git a/machine.go b/machine.go index 088eff8..73ab75b 100644 --- a/machine.go +++ b/machine.go @@ -659,14 +659,18 @@ func (machine *Machine) toProto() *v1.Machine { // getTags will return the tags of the current machine. func getTags( - aclPolicy ACLPolicy, + aclPolicy *ACLPolicy, machine Machine, stripEmailDomain bool, ) (validTags []string, invalidTags []string) { + if aclPolicy == nil { + return + } + fmt.Println(aclPolicy) validTagMap := make(map[string]bool) invalidTagMap := make(map[string]bool) for _, tag := range machine.HostInfo.RequestTags { - owners, err := expandTagOwners(aclPolicy, tag, stripEmailDomain) + owners, err := expandTagOwners(*aclPolicy, tag, stripEmailDomain) if errors.Is(err, errInvalidTag) { invalidTagMap[tag] = true diff --git a/machine_test.go b/machine_test.go index 988c7a5..b111c77 100644 --- a/machine_test.go +++ b/machine_test.go @@ -279,7 +279,7 @@ func (s *Suite) TestSerdeAddressStrignSlice(c *check.C) { func Test_getTags(t *testing.T) { type args struct { - aclPolicy ACLPolicy + aclPolicy *ACLPolicy machine Machine stripEmailDomain bool } @@ -292,7 +292,7 @@ func Test_getTags(t *testing.T) { { name: "valid tag one machine", args: args{ - aclPolicy: ACLPolicy{ + aclPolicy: &ACLPolicy{ TagOwners: TagOwners{ "tag:valid": []string{"joe"}, }, @@ -313,7 +313,7 @@ func Test_getTags(t *testing.T) { { name: "invalid tag and valid tag one machine", args: args{ - aclPolicy: ACLPolicy{ + aclPolicy: &ACLPolicy{ TagOwners: TagOwners{ "tag:valid": []string{"joe"}, }, @@ -334,7 +334,7 @@ func Test_getTags(t *testing.T) { { name: "multiple invalid and identical tags, should return only one invalid tag", args: args{ - aclPolicy: ACLPolicy{ + aclPolicy: &ACLPolicy{ TagOwners: TagOwners{ "tag:valid": []string{"joe"}, }, @@ -359,7 +359,7 @@ func Test_getTags(t *testing.T) { { name: "only invalid tags", args: args{ - aclPolicy: ACLPolicy{ + aclPolicy: &ACLPolicy{ TagOwners: TagOwners{ "tag:valid": []string{"joe"}, }, @@ -377,6 +377,23 @@ func Test_getTags(t *testing.T) { wantValid: nil, wantInvalid: []string{"tag:invalid", "very-invalid"}, }, + { + name: "empty ACLPolicy should return empty tags and should not panic", + args: args{ + aclPolicy: nil, + machine: Machine{ + Namespace: Namespace{ + Name: "joe", + }, + HostInfo: HostInfo{ + RequestTags: []string{"tag:invalid", "very-invalid"}, + }, + }, + stripEmailDomain: false, + }, + wantValid: nil, + wantInvalid: nil, + }, } for _, test := range tests { t.Run(test.name, func(t *testing.T) {