6de53e2f8d
simplify expandAlias function, move seperate logic out
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
d0113732fe
optimize generateACLPeerCacheMap ( #1377 )
2023-04-26 06:02:54 +02:00
5e74ca9414
Fix IPv6 in ACLs ( #1339 )
2023-04-16 12:26:35 +02:00
dfc5d861c7
Fix CIDR calculation in expandACLPeerAddr
2023-04-05 09:44:46 +02:00
ceeef40cdf
Add tests to verify "Hosts" aliases in ACL ( #1304 )
2023-04-03 10:08:48 +02:00
c7b459b615
Fix issue where ACL * would filter out returning connections ( #1279 )
2023-03-27 19:19:32 +02:00
a5562850a7
MapResponse optimalisations, peer list integration tests ( #1254 )
...
Co-authored-by: Allen <979347228@qq.com>
2023-03-06 17:50:26 +01:00
83a538cc95
Rename IP specific function, add missing test case
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 15:56:38 +01:00
e3a2593344
Rename [Nn]amespace -> [Uu]ser in go code
...
Use gopls, ag and perl to rename all occurances of Namespace
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
6c2d6fa302
Do not explicitly set the protocols when ommited in ACL
2022-12-05 21:45:18 +01:00
54f701ff92
generateACLPolicy() no longer a Headscale method
2022-12-03 15:43:40 +01:00
c02e105065
Mark the flag properly experimental
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
c6d31747f7
Add feature flag for SSH, and warning
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
52a323b90d
Add SSH capability advertisement
...
Advertises the SSH capability, and parses the SSH ACLs to pass to the
tailscale client. Doesn’t support ‘autogroup’ ACL functionality.
Co-authored-by: Daniel Brooks <db48x@headline.com>
2022-11-26 11:53:31 +01:00
198e92c08f
Remove dependency on netaddr
2022-09-03 23:46:14 +02:00
1e7b57e513
Minor fix to linting issue introduced in #707
2022-08-11 14:12:45 +02:00
79688e6187
chore(all): apply formater
2022-08-04 10:47:00 +02:00
babf9470c2
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes
...
This commit fix issue #563
2022-08-04 10:42:47 +02:00
10cd87e5a2
Lint fixes 1/n
2022-06-26 11:43:17 +02:00
735a6aaa39
Use const for IANA protcol numbers
2022-06-11 14:09:08 +02:00
8287ba24b9
Do not lint the protocol magic numbers
...
I happily use https://pkg.go.dev/golang.org/x/net/internal/iana , but it is internal
2022-06-08 17:55:32 +02:00
ab1aac9f3e
Improve ACLs by adding protocol parsing support
2022-06-08 17:43:59 +02:00
3e353004b8
Migrate ACLs syntax to new Tailscale format
...
Implements #617 .
Tailscale has changed the format of their ACLs to use a more firewall-y terms ("users" & "ports" -> "src" & "dst"). They have also started using all-lowercase tags. This PR applies these changes.
2022-06-08 13:40:15 +02:00
6dccfee862
Fix forced Tags with legitimate tagOwners
...
Also replace loops contains
2022-06-01 15:43:32 +02:00
4435a4f19d
chore: apply lint recommendations
2022-05-16 14:59:46 +02:00
8061abe279
refact: use generics for contains functions
2022-04-25 22:17:23 +02:00
b9fee36f6e
fix: linting
2022-04-21 23:56:58 +02:00
98f54c9f7f
chore: apply format and lint
2022-04-15 18:27:57 +02:00
cd1d10761f
feat(acls): add support for forced tags
2022-04-15 18:01:13 +02:00
41efe98953
fix: apply fmt and fix missing name changes
2022-03-07 23:20:30 +01:00
1114449601
change: update name of method to check and normalize Domain name
2022-03-06 20:46:17 +01:00
6f172a6e4c
fix(acls): remove dead error code
2022-03-03 23:53:08 +01:00
4a4952899b
feat(acls): add some logs and skip error
...
logs looks like the following
```
2022-03-02T20:43:08Z DBG Expanding alias=app-test
2022-03-02T20:43:08Z DBG Expanding alias=kube-test
2022-03-02T20:43:08Z DBG Expanding alias=test
2022-03-02T20:43:08Z WRN No IPs found with the alias test
2022-03-02T20:43:08Z DBG Expanding alias=prod
2022-03-02T20:43:08Z WRN No IPs found with the alias prod
2022-03-02T20:43:08Z DBG Expanding alias=prod
2022-03-02T20:43:08Z WRN No IPs found with the alias prod
```
2022-03-02 21:54:43 +01:00
c80e364f02
Remove always nil error
2022-03-02 08:15:14 +00:00
5b169010be
Resolve merge conflict
2022-03-02 08:11:50 +00:00
a455a874ad
feat(acls): normalize the group name
2022-03-01 21:10:52 +01:00
6477e6a583
Use new machine types
2022-03-01 16:34:24 +00:00
8a3a0b6403
Add YAML support to ACLs
2022-02-27 09:04:48 +01:00
e03b3d558f
Remove boundries between namespaces
2022-02-25 10:26:34 +01:00
50af44bc2f
fix: add error checking in acl and poll
...
If aclPolicy is not defined, in updateAclPolicy, return an error.
2022-02-21 20:06:31 +01:00
d00251c63e
fix(acls,machines): apply code review suggestions
2022-02-20 21:26:20 +01:00
d8c4c3163b
chore(fmt): apply make fmt command
2022-02-17 09:32:54 +01:00
9cedbbafd4
chore(all): update some files for linter
2022-02-17 09:32:51 +01:00
de59946447
feat(acls): rewrite functions to be testable
...
Rewrite some function to get rid of the dependency on Headscale object. This allows us
to write succinct test that are more easy to review and implement.
The improvements of the tests allowed to write the removal of the tagged hosts
from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-17 09:30:09 +01:00
fb45138fc1
feat(acls): check acl owners and add bunch of tests
2022-02-17 09:30:08 +01:00
e9949b4c70
feat(acls): simplify updating rules
2022-02-17 09:30:08 +01:00
6f6018bad5
Merge branch 'main' into ipv6
2022-01-30 08:21:11 +00:00
b4f8961e44
Make Unix socket permissions configurable
2022-01-28 18:58:22 +00:00
1a6e5d8770
Add support for multiple IP prefixes
2022-01-16 14:18:22 +01:00
a6e99525ac
Add log_level to config, more ACL debug log
2021-12-01 20:02:00 +01:00
Kristoffer Dalby
Philipp Krivanec
Kristoffer Dalby
Juan Font
Even Holthe
Adrien Raffin-Caboisse
Anton Schubert
Kristoffer Dalby
Adrien Raffin
Csaba Sarkadi
Eugen