Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

make acl_policy_path fatal if policy.path is not set #2041

Merged
merged 1 commit into from
Aug 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions config-example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -224,8 +224,8 @@ policy:
# - https://tailscale.com/kb/1081/magicdns/
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
#
# Please not that for the DNS configuration to have any effect,
# clients must have the `--accept-ds=true` option enabled. This is the
# Please note that for the DNS configuration to have any effect,
# clients must have the `--accept-dns=true` option enabled. This is the
# default for the Tailscale client. This option is enabled by default
# in the Tailscale client.
#
Expand Down
2 changes: 1 addition & 1 deletion hscontrol/types/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,7 @@ func LoadConfig(path string, isFile bool) error {
// https://github.com/spf13/viper/issues/560

// Alias the old ACL Policy path with the new configuration option.
depr.warnWithAlias("policy.path", "acl_policy_path")
depr.fatalIfNewKeyIsNotUsed("policy.path", "acl_policy_path")

// Move dns_config -> dns
depr.warn("dns_config.override_local_dns")
Expand Down
19 changes: 19 additions & 0 deletions hscontrol/types/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,25 @@ func TestReadConfig(t *testing.T) {
},
wantErr: "",
},
{
name: "policy-path-is-loaded",
configPath: "testdata/policy-path-is-loaded.yaml",
setup: func(t *testing.T) (any, error) {
cfg, err := GetHeadscaleConfig()
if err != nil {
return nil, err
}

return map[string]string{
"policy.mode": string(cfg.Policy.Mode),
"policy.path": cfg.Policy.Path,
}, err
},
want: map[string]string{
"policy.mode": "file",
"policy.path": "/etc/policy.hujson",
},
},
}

for _, tt := range tests {
Expand Down
18 changes: 18 additions & 0 deletions hscontrol/types/testdata/policy-path-is-loaded.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
noise:
private_key_path: "private_key.pem"

prefixes:
v6: fd7a:115c:a1e0::/48
v4: 100.64.0.0/10

database:
type: sqlite3

server_url: "https://derp.no"

acl_policy_path: "/etc/acl_policy.yaml"
policy:
type: file
path: "/etc/policy.hujson"

dns.magic_dns: false
2 changes: 1 addition & 1 deletion integration/hsic/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ noise:
func DefaultConfigEnv() map[string]string {
return map[string]string{
"HEADSCALE_LOG_LEVEL": "trace",
"HEADSCALE_ACL_POLICY_PATH": "",
"HEADSCALE_POLICY_PATH": "",
"HEADSCALE_DATABASE_TYPE": "sqlite",
"HEADSCALE_DATABASE_SQLITE_PATH": "/tmp/integration_test_db.sqlite3",
"HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT": "30m",
Expand Down
2 changes: 1 addition & 1 deletion integration/hsic/hsic.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ type Option = func(c *HeadscaleInContainer)
func WithACLPolicy(acl *policy.ACLPolicy) Option {
return func(hsic *HeadscaleInContainer) {
// TODO(kradalby): Move somewhere appropriate
hsic.env["HEADSCALE_ACL_POLICY_PATH"] = aclPolicyPath
hsic.env["HEADSCALE_POLICY_PATH"] = aclPolicyPath

hsic.aclPolicy = acl
}
Expand Down
Loading