mirror of
https://github.com/juanfont/headscale.git
synced 2024-12-24 05:05:53 -05:00
chore(format): run prettier on repo
This commit is contained in:
parent
4bbe0051f6
commit
25550f8866
@ -5,9 +5,9 @@
|
||||
**0.14.0 (2022-xx-xx):**
|
||||
|
||||
**UPCOMING BREAKING**:
|
||||
From the **next** version (`0.15.0`), all machines will be able to communicate regardless of
|
||||
if they are in the same namespace. This means that the behaviour currently limited to ACLs
|
||||
will become default. From version `0.15.0`, all limitation of communications must be done
|
||||
From the **next** version (`0.15.0`), all machines will be able to communicate regardless of
|
||||
if they are in the same namespace. This means that the behaviour currently limited to ACLs
|
||||
will become default. From version `0.15.0`, all limitation of communications must be done
|
||||
with ACLs.
|
||||
|
||||
This is a part of aligning `headscale`'s behaviour with Tailscale's upstream behaviour.
|
||||
@ -17,7 +17,7 @@ This is a part of aligning `headscale`'s behaviour with Tailscale's upstream beh
|
||||
- ACLs have been rewritten to align with the bevaviour Tailscale Control Panel provides. **NOTE:** This is only active if you use ACLs
|
||||
- Namespaces are now treated as Users
|
||||
- All machines can communicate with all machines by default
|
||||
- Tags should now work correctly and adding a host to Headscale should now reload the rules.
|
||||
- Tags should now work correctly and adding a host to Headscale should now reload the rules.
|
||||
- The documentation have a [fictional example](docs/acls.md) that should cover some use cases of the ACLs features
|
||||
|
||||
**0.13.0 (2022-02-18):**
|
||||
|
@ -919,8 +919,10 @@ func Test_expandAlias(t *testing.T) {
|
||||
},
|
||||
},
|
||||
aclPolicy: ACLPolicy{
|
||||
Groups: Groups{"group:accountant": []string{"joe", "marc"}},
|
||||
TagOwners: TagOwners{"tag:accountant-webserver": []string{"group:accountant"}},
|
||||
Groups: Groups{"group:accountant": []string{"joe", "marc"}},
|
||||
TagOwners: TagOwners{
|
||||
"tag:accountant-webserver": []string{"group:accountant"},
|
||||
},
|
||||
},
|
||||
},
|
||||
want: []string{},
|
||||
|
23
machine.go
23
machine.go
@ -143,12 +143,22 @@ func containsAddresses(inputs []string, addrs []string) bool {
|
||||
}
|
||||
|
||||
// matchSourceAndDestinationWithRule.
|
||||
func matchSourceAndDestinationWithRule(ruleSources []string, ruleDestinations []string, source []string, destination []string) bool {
|
||||
return containsAddresses(ruleSources, source) && containsAddresses(ruleDestinations, destination)
|
||||
func matchSourceAndDestinationWithRule(
|
||||
ruleSources []string,
|
||||
ruleDestinations []string,
|
||||
source []string,
|
||||
destination []string,
|
||||
) bool {
|
||||
return containsAddresses(ruleSources, source) &&
|
||||
containsAddresses(ruleDestinations, destination)
|
||||
}
|
||||
|
||||
// getFilteredByACLPeerss should return the list of peers authorized to be accessed from machine.
|
||||
func getFilteredByACLPeers(machines []Machine, rules []tailcfg.FilterRule, machine *Machine) Machines {
|
||||
func getFilteredByACLPeers(
|
||||
machines []Machine,
|
||||
rules []tailcfg.FilterRule,
|
||||
machine *Machine,
|
||||
) Machines {
|
||||
log.Trace().
|
||||
Caller().
|
||||
Str("machine", machine.Name).
|
||||
@ -181,7 +191,12 @@ func getFilteredByACLPeers(machines []Machine, rules []tailcfg.FilterRule, machi
|
||||
for _, d := range rule.DstPorts {
|
||||
dst = append(dst, d.IP)
|
||||
}
|
||||
if matchSourceAndDestinationWithRule(rule.SrcIPs, dst, machine.IPAddresses.ToStringSlice(), peer.IPAddresses.ToStringSlice()) || // match source and destination
|
||||
if matchSourceAndDestinationWithRule(
|
||||
rule.SrcIPs,
|
||||
dst,
|
||||
machine.IPAddresses.ToStringSlice(),
|
||||
peer.IPAddresses.ToStringSlice(),
|
||||
) || // match source and destination
|
||||
matchSourceAndDestinationWithRule(rule.SrcIPs, dst, machine.IPAddresses.ToStringSlice(), []string{"*"}) || // match source and all destination
|
||||
matchSourceAndDestinationWithRule(rule.SrcIPs, dst, peer.IPAddresses.ToStringSlice(), machine.IPAddresses.ToStringSlice()) { // match return path
|
||||
peers[peer.ID] = peer
|
||||
|
@ -312,19 +312,25 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||
args: args{
|
||||
machines: []Machine{ // list of all machines in the database
|
||||
{
|
||||
ID: 1,
|
||||
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.1")},
|
||||
Namespace: Namespace{Name: "joe"},
|
||||
ID: 1,
|
||||
IPAddresses: MachineAddresses{
|
||||
netaddr.MustParseIP("100.64.0.1"),
|
||||
},
|
||||
Namespace: Namespace{Name: "joe"},
|
||||
},
|
||||
{
|
||||
ID: 2,
|
||||
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.2")},
|
||||
Namespace: Namespace{Name: "marc"},
|
||||
ID: 2,
|
||||
IPAddresses: MachineAddresses{
|
||||
netaddr.MustParseIP("100.64.0.2"),
|
||||
},
|
||||
Namespace: Namespace{Name: "marc"},
|
||||
},
|
||||
{
|
||||
ID: 3,
|
||||
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.3")},
|
||||
Namespace: Namespace{Name: "mickael"},
|
||||
ID: 3,
|
||||
IPAddresses: MachineAddresses{
|
||||
netaddr.MustParseIP("100.64.0.3"),
|
||||
},
|
||||
Namespace: Namespace{Name: "mickael"},
|
||||
},
|
||||
},
|
||||
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
|
||||
@ -359,19 +365,25 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||
args: args{
|
||||
machines: []Machine{ // list of all machines in the database
|
||||
{
|
||||
ID: 1,
|
||||
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.1")},
|
||||
Namespace: Namespace{Name: "joe"},
|
||||
ID: 1,
|
||||
IPAddresses: MachineAddresses{
|
||||
netaddr.MustParseIP("100.64.0.1"),
|
||||
},
|
||||
Namespace: Namespace{Name: "joe"},
|
||||
},
|
||||
{
|
||||
ID: 2,
|
||||
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.2")},
|
||||
Namespace: Namespace{Name: "marc"},
|
||||
ID: 2,
|
||||
IPAddresses: MachineAddresses{
|
||||
netaddr.MustParseIP("100.64.0.2"),
|
||||
},
|
||||
Namespace: Namespace{Name: "marc"},
|
||||
},
|
||||
{
|
||||
ID: 3,
|
||||
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.3")},
|
||||
Namespace: Namespace{Name: "mickael"},
|
||||
ID: 3,
|
||||
IPAddresses: MachineAddresses{
|
||||
netaddr.MustParseIP("100.64.0.3"),
|
||||
},
|
||||
Namespace: Namespace{Name: "mickael"},
|
||||
},
|
||||
},
|
||||
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
|
||||
@ -401,19 +413,25 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||
args: args{
|
||||
machines: []Machine{ // list of all machines in the database
|
||||
{
|
||||
ID: 1,
|
||||
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.1")},
|
||||
Namespace: Namespace{Name: "joe"},
|
||||
ID: 1,
|
||||
IPAddresses: MachineAddresses{
|
||||
netaddr.MustParseIP("100.64.0.1"),
|
||||
},
|
||||
Namespace: Namespace{Name: "joe"},
|
||||
},
|
||||
{
|
||||
ID: 2,
|
||||
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.2")},
|
||||
Namespace: Namespace{Name: "marc"},
|
||||
ID: 2,
|
||||
IPAddresses: MachineAddresses{
|
||||
netaddr.MustParseIP("100.64.0.2"),
|
||||
},
|
||||
Namespace: Namespace{Name: "marc"},
|
||||
},
|
||||
{
|
||||
ID: 3,
|
||||
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.3")},
|
||||
Namespace: Namespace{Name: "mickael"},
|
||||
ID: 3,
|
||||
IPAddresses: MachineAddresses{
|
||||
netaddr.MustParseIP("100.64.0.3"),
|
||||
},
|
||||
Namespace: Namespace{Name: "mickael"},
|
||||
},
|
||||
},
|
||||
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
|
||||
@ -441,7 +459,11 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
got := getFilteredByACLPeers(tt.args.machines, tt.args.rules, tt.args.machine)
|
||||
got := getFilteredByACLPeers(
|
||||
tt.args.machines,
|
||||
tt.args.rules,
|
||||
tt.args.machine,
|
||||
)
|
||||
if !reflect.DeepEqual(got, tt.want) {
|
||||
t.Errorf("getFilteredByACLPeers() = %v, want %v", got, tt.want)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user