Commit Graph

56 Commits

Author SHA1 Message Date
Even Holthe 52a323b90d Add SSH capability advertisement
Advertises the SSH capability, and parses the SSH ACLs to pass to the
tailscale client. Doesn’t support ‘autogroup’ ACL functionality.

Co-authored-by: Daniel Brooks <db48x@headline.com>
2022-11-26 11:53:31 +01:00
Juan Font Alonso 198e92c08f Remove dependency on netaddr 2022-09-03 23:46:14 +02:00
Juan Font Alonso 1e7b57e513 Minor fix to linting issue introduced in #707 2022-08-11 14:12:45 +02:00
Adrien Raffin-Caboisse 79688e6187
chore(all): apply formater 2022-08-04 10:47:00 +02:00
Adrien Raffin-Caboisse babf9470c2
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes
This commit fix issue #563
2022-08-04 10:42:47 +02:00
Juan Font Alonso 10cd87e5a2 Lint fixes 1/n 2022-06-26 11:43:17 +02:00
Juan Font Alonso 735a6aaa39 Use const for IANA protcol numbers 2022-06-11 14:09:08 +02:00
Juan Font Alonso 8287ba24b9 Do not lint the protocol magic numbers
I happily use https://pkg.go.dev/golang.org/x/net/internal/iana, but it is internal
2022-06-08 17:55:32 +02:00
Juan Font Alonso ab1aac9f3e Improve ACLs by adding protocol parsing support 2022-06-08 17:43:59 +02:00
Juan Font Alonso 3e353004b8 Migrate ACLs syntax to new Tailscale format
Implements #617.

Tailscale has changed the format of their ACLs to use a more firewall-y terms ("users" & "ports" -> "src" & "dst"). They have also started using all-lowercase tags. This PR applies these changes.
2022-06-08 13:40:15 +02:00
Anton Schubert 6dccfee862 Fix forced Tags with legitimate tagOwners
Also replace loops contains
2022-06-01 15:43:32 +02:00
Adrien Raffin-Caboisse 4435a4f19d
chore: apply lint recommendations 2022-05-16 14:59:46 +02:00
Adrien Raffin-Caboisse 8061abe279 refact: use generics for contains functions 2022-04-25 22:17:23 +02:00
Adrien Raffin-Caboisse b9fee36f6e
fix: linting 2022-04-21 23:56:58 +02:00
Adrien Raffin-Caboisse 98f54c9f7f
chore: apply format and lint 2022-04-15 18:27:57 +02:00
Adrien Raffin-Caboisse cd1d10761f
feat(acls): add support for forced tags 2022-04-15 18:01:13 +02:00
Adrien Raffin-Caboisse 41efe98953
fix: apply fmt and fix missing name changes 2022-03-07 23:20:30 +01:00
Adrien Raffin-Caboisse 1114449601
change: update name of method to check and normalize Domain name 2022-03-06 20:46:17 +01:00
Adrien Raffin-Caboisse 6f172a6e4c
fix(acls): remove dead error code 2022-03-03 23:53:08 +01:00
Adrien Raffin-Caboisse 4a4952899b
feat(acls): add some logs and skip error
logs looks like the following
```
2022-03-02T20:43:08Z DBG Expanding alias=app-test
2022-03-02T20:43:08Z DBG Expanding alias=kube-test
2022-03-02T20:43:08Z DBG Expanding alias=test
2022-03-02T20:43:08Z WRN No IPs found with the alias test
2022-03-02T20:43:08Z DBG Expanding alias=prod
2022-03-02T20:43:08Z WRN No IPs found with the alias prod
2022-03-02T20:43:08Z DBG Expanding alias=prod
2022-03-02T20:43:08Z WRN No IPs found with the alias prod
```
2022-03-02 21:54:43 +01:00
Kristoffer Dalby c80e364f02 Remove always nil error 2022-03-02 08:15:14 +00:00
Kristoffer Dalby 5b169010be Resolve merge conflict 2022-03-02 08:11:50 +00:00
Adrien Raffin-Caboisse a455a874ad
feat(acls): normalize the group name 2022-03-01 21:10:52 +01:00
Kristoffer Dalby 6477e6a583 Use new machine types 2022-03-01 16:34:24 +00:00
Kristoffer Dalby 8a3a0b6403 Add YAML support to ACLs 2022-02-27 09:04:48 +01:00
Kristoffer Dalby e03b3d558f Remove boundries between namespaces 2022-02-25 10:26:34 +01:00
Adrien Raffin-Caboisse 50af44bc2f fix: add error checking in acl and poll
If aclPolicy is not defined, in updateAclPolicy, return an error.
2022-02-21 20:06:31 +01:00
Adrien Raffin-Caboisse d00251c63e fix(acls,machines): apply code review suggestions 2022-02-20 21:26:20 +01:00
Adrien Raffin-Caboisse d8c4c3163b
chore(fmt): apply make fmt command 2022-02-17 09:32:54 +01:00
Adrien Raffin-Caboisse 9cedbbafd4
chore(all): update some files for linter 2022-02-17 09:32:51 +01:00
Adrien Raffin de59946447
feat(acls): rewrite functions to be testable
Rewrite some function to get rid of the dependency on Headscale object. This allows us
to write succinct test that are more easy to review and implement.

The improvements of the tests allowed to write the removal of the tagged hosts
from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-17 09:30:09 +01:00
Adrien Raffin fb45138fc1
feat(acls): check acl owners and add bunch of tests 2022-02-17 09:30:08 +01:00
Adrien Raffin e9949b4c70
feat(acls): simplify updating rules 2022-02-17 09:30:08 +01:00
Kristoffer Dalby 6f6018bad5
Merge branch 'main' into ipv6 2022-01-30 08:21:11 +00:00
Kristoffer Dalby b4f8961e44 Make Unix socket permissions configurable 2022-01-28 18:58:22 +00:00
Csaba Sarkadi 1a6e5d8770 Add support for multiple IP prefixes 2022-01-16 14:18:22 +01:00
Eugen a6e99525ac Add log_level to config, more ACL debug log 2021-12-01 20:02:00 +01:00
Kristoffer Dalby 715542ac1c
Add and fix stylecheck (golint replacement) 2021-11-15 17:24:24 +00:00
Kristoffer Dalby 0c005a6b01
Add and fix errname 2021-11-15 16:33:16 +00:00
Kristoffer Dalby 471c0b4993
Initial work eliminating one/two letter variables 2021-11-14 20:32:03 +01:00
Kristoffer Dalby 53ed749f45
Start work on making gocritic pass 2021-11-14 18:44:37 +01:00
Kristoffer Dalby 85f28a3f4a
Remove all instances of undefined numbers (gonmd) 2021-11-14 18:31:51 +01:00
Kristoffer Dalby 89eb13c6cb
Add and fix nlreturn (new line return) 2021-11-14 16:46:09 +01:00
Kristoffer Dalby 2634215f12 golangci-lint --fix 2021-11-13 08:39:04 +00:00
Kristoffer Dalby 03b7ec62ca Go format with shorter lines 2021-11-13 08:36:45 +00:00
Kristoffer Dalby 3ad2350c79 Fix new version of hujson 2021-11-05 07:24:00 +00:00
Kristoffer Dalby 94dbaa6822 Clean up the return of "pointer list"
This commit is getting rid of a bunch of returned list pointers.
2021-11-04 22:16:56 +00:00
Kristoffer Dalby 42bf566fff
Convert acls.go 2021-08-05 18:18:18 +01:00
Juan Font Alonso ecf258f995 Use gorm connection pool 2021-07-04 21:56:13 +02:00
Juan Font 7590dee1f2 Removed unnecessary prints 2021-07-04 13:47:59 +02:00