From 0363e58467eafd067c705b1fa617186df3256381 Mon Sep 17 00:00:00 2001 From: Jiang Zhu Date: Sun, 5 Jun 2022 17:55:27 +0800 Subject: [PATCH 1/6] cli.LoadConfig accepts config file now --- cmd/headscale/cli/utils.go | 20 ++++++++----- cmd/headscale/headscale.go | 2 +- cmd/headscale/headscale_test.go | 53 ++++++++++++++++++++++++++++++--- 3 files changed, 62 insertions(+), 13 deletions(-) diff --git a/cmd/headscale/cli/utils.go b/cmd/headscale/cli/utils.go index af4391a3..593fbd49 100644 --- a/cmd/headscale/cli/utils.go +++ b/cmd/headscale/cli/utils.go @@ -33,15 +33,19 @@ const ( HeadscaleDateTimeFormat = "2006-01-02 15:04:05" ) -func LoadConfig(path string) error { - viper.SetConfigName("config") - if path == "" { - viper.AddConfigPath("/etc/headscale/") - viper.AddConfigPath("$HOME/.headscale") - viper.AddConfigPath(".") +func LoadConfig(path string, isFile bool) error { + if isFile { + viper.SetConfigFile(path) } else { - // For testing - viper.AddConfigPath(path) + viper.SetConfigName("config") + if path == "" { + viper.AddConfigPath("/etc/headscale/") + viper.AddConfigPath("$HOME/.headscale") + viper.AddConfigPath(".") + } else { + // For testing + viper.AddConfigPath(path) + } } viper.SetEnvPrefix("headscale") diff --git a/cmd/headscale/headscale.go b/cmd/headscale/headscale.go index 600b186e..28b5f2ed 100644 --- a/cmd/headscale/headscale.go +++ b/cmd/headscale/headscale.go @@ -43,7 +43,7 @@ func main() { NoColor: !colors, }) - if err := cli.LoadConfig(""); err != nil { + if err := cli.LoadConfig("", false); err != nil { log.Fatal().Caller().Err(err) } diff --git a/cmd/headscale/headscale_test.go b/cmd/headscale/headscale_test.go index faf55f4c..92bba4b0 100644 --- a/cmd/headscale/headscale_test.go +++ b/cmd/headscale/headscale_test.go @@ -27,6 +27,51 @@ func (s *Suite) SetUpSuite(c *check.C) { func (s *Suite) TearDownSuite(c *check.C) { } +func (*Suite) TestConfigFileLoading(c *check.C) { + tmpDir, err := ioutil.TempDir("", "headscale") + if err != nil { + c.Fatal(err) + } + defer os.RemoveAll(tmpDir) + + path, err := os.Getwd() + if err != nil { + c.Fatal(err) + } + + cfgFile := filepath.Join(tmpDir, "config.yaml") + + // Symlink the example config file + err = os.Symlink( + filepath.Clean(path+"/../../config-example.yaml"), + cfgFile, + ) + if err != nil { + c.Fatal(err) + } + + // Load example config, it should load without validation errors + err = cli.LoadConfig(cfgFile, true) + c.Assert(err, check.IsNil) + + // Test that config file was interpreted correctly + c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080") + c.Assert(viper.GetString("listen_addr"), check.Equals, "0.0.0.0:8080") + c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090") + c.Assert(viper.GetString("db_type"), check.Equals, "sqlite3") + c.Assert(viper.GetString("db_path"), check.Equals, "/var/lib/headscale/db.sqlite") + c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "") + c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http") + c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01") + c.Assert(viper.GetStringSlice("dns_config.nameservers")[0], check.Equals, "1.1.1.1") + c.Assert( + cli.GetFileMode("unix_socket_permission"), + check.Equals, + fs.FileMode(0o770), + ) + c.Assert(viper.GetBool("logtail.enabled"), check.Equals, false) +} + func (*Suite) TestConfigLoading(c *check.C) { tmpDir, err := ioutil.TempDir("", "headscale") if err != nil { @@ -49,7 +94,7 @@ func (*Suite) TestConfigLoading(c *check.C) { } // Load example config, it should load without validation errors - err = cli.LoadConfig(tmpDir) + err = cli.LoadConfig(tmpDir, false) c.Assert(err, check.IsNil) // Test that config file was interpreted correctly @@ -92,7 +137,7 @@ func (*Suite) TestDNSConfigLoading(c *check.C) { } // Load example config, it should load without validation errors - err = cli.LoadConfig(tmpDir) + err = cli.LoadConfig(tmpDir, false) c.Assert(err, check.IsNil) dnsConfig, baseDomain := cli.GetDNSConfig() @@ -125,7 +170,7 @@ func (*Suite) TestTLSConfigValidation(c *check.C) { writeConfig(c, tmpDir, configYaml) // Check configuration validation errors (1) - err = cli.LoadConfig(tmpDir) + err = cli.LoadConfig(tmpDir, false) c.Assert(err, check.NotNil) // check.Matches can not handle multiline strings tmp := strings.ReplaceAll(err.Error(), "\n", "***") @@ -150,6 +195,6 @@ func (*Suite) TestTLSConfigValidation(c *check.C) { "---\nserver_url: \"http://127.0.0.1:8080\"\ntls_letsencrypt_hostname: \"example.com\"\ntls_letsencrypt_challenge_type: \"TLS-ALPN-01\"", ) writeConfig(c, tmpDir, configYaml) - err = cli.LoadConfig(tmpDir) + err = cli.LoadConfig(tmpDir, false) c.Assert(err, check.IsNil) } From 402a29e50cfe7203e51b5365fea2031528f13ba7 Mon Sep 17 00:00:00 2001 From: Jiang Zhu Date: Sun, 5 Jun 2022 18:25:09 +0800 Subject: [PATCH 2/6] impl heascale -c to specify config file --- cmd/headscale/cli/root.go | 57 ++++++++++++++++++++++++++++++++++++++ cmd/headscale/headscale.go | 43 ---------------------------- 2 files changed, 57 insertions(+), 43 deletions(-) diff --git a/cmd/headscale/cli/root.go b/cmd/headscale/cli/root.go index 99b15140..ab312c81 100644 --- a/cmd/headscale/cli/root.go +++ b/cmd/headscale/cli/root.go @@ -3,17 +3,74 @@ package cli import ( "fmt" "os" + "runtime" + "github.com/rs/zerolog" + "github.com/rs/zerolog/log" "github.com/spf13/cobra" + "github.com/spf13/viper" + "github.com/tcnksm/go-latest" ) +var cfgFile string = "" + func init() { + cobra.OnInitialize(initConfig) + rootCmd.PersistentFlags(). + StringVarP(&cfgFile, "config", "c", "", "config file (default is /etc/headscale/config.yaml)") rootCmd.PersistentFlags(). StringP("output", "o", "", "Output format. Empty for human-readable, 'json', 'json-line' or 'yaml'") rootCmd.PersistentFlags(). Bool("force", false, "Disable prompts and forces the execution") } +func initConfig() { + if cfgFile != "" { + if err := LoadConfig(cfgFile, true); err != nil { + log.Fatal().Caller().Err(err) + } + } else { + if err := LoadConfig("", false); err != nil { + log.Fatal().Caller().Err(err) + } + } + + machineOutput := HasMachineOutputFlag() + + logLevel := viper.GetString("log_level") + level, err := zerolog.ParseLevel(logLevel) + if err != nil { + zerolog.SetGlobalLevel(zerolog.DebugLevel) + } else { + zerolog.SetGlobalLevel(level) + } + + // If the user has requested a "machine" readable format, + // then disable login so the output remains valid. + if machineOutput { + zerolog.SetGlobalLevel(zerolog.Disabled) + } + + if !viper.GetBool("disable_check_updates") && !machineOutput { + if (runtime.GOOS == "linux" || runtime.GOOS == "darwin") && + Version != "dev" { + githubTag := &latest.GithubTag{ + Owner: "juanfont", + Repository: "headscale", + } + res, err := latest.Check(githubTag, Version) + if err == nil && res.Outdated { + //nolint + fmt.Printf( + "An updated version of Headscale has been found (%s vs. your current %s). Check it out https://github.com/juanfont/headscale/releases\n", + res.Current, + Version, + ) + } + } + } +} + var rootCmd = &cobra.Command{ Use: "headscale", Short: "headscale - a Tailscale control server", diff --git a/cmd/headscale/headscale.go b/cmd/headscale/headscale.go index 28b5f2ed..40772a93 100644 --- a/cmd/headscale/headscale.go +++ b/cmd/headscale/headscale.go @@ -1,17 +1,13 @@ package main import ( - "fmt" "os" - "runtime" "time" "github.com/efekarakus/termcolor" "github.com/juanfont/headscale/cmd/headscale/cli" "github.com/rs/zerolog" "github.com/rs/zerolog/log" - "github.com/spf13/viper" - "github.com/tcnksm/go-latest" ) func main() { @@ -43,44 +39,5 @@ func main() { NoColor: !colors, }) - if err := cli.LoadConfig("", false); err != nil { - log.Fatal().Caller().Err(err) - } - - machineOutput := cli.HasMachineOutputFlag() - - logLevel := viper.GetString("log_level") - level, err := zerolog.ParseLevel(logLevel) - if err != nil { - zerolog.SetGlobalLevel(zerolog.DebugLevel) - } else { - zerolog.SetGlobalLevel(level) - } - - // If the user has requested a "machine" readable format, - // then disable login so the output remains valid. - if machineOutput { - zerolog.SetGlobalLevel(zerolog.Disabled) - } - - if !viper.GetBool("disable_check_updates") && !machineOutput { - if (runtime.GOOS == "linux" || runtime.GOOS == "darwin") && - cli.Version != "dev" { - githubTag := &latest.GithubTag{ - Owner: "juanfont", - Repository: "headscale", - } - res, err := latest.Check(githubTag, cli.Version) - if err == nil && res.Outdated { - //nolint - fmt.Printf( - "An updated version of Headscale has been found (%s vs. your current %s). Check it out https://github.com/juanfont/headscale/releases\n", - res.Current, - cli.Version, - ) - } - } - } - cli.Execute() } From ce13596077ff19233655efc79c4097d710382803 Mon Sep 17 00:00:00 2001 From: Jiang Zhu Date: Sun, 5 Jun 2022 19:29:42 +0800 Subject: [PATCH 3/6] add integration test for headscale -c --- cmd/headscale/cli/dump_config.go | 28 +++++++++++ integration_cli_test.go | 40 ++++++++++++++++ .../etc/alt-config.dump.gold.yaml | 46 +++++++++++++++++++ integration_test/etc/alt-config.yaml | 24 ++++++++++ integration_test/etc/config.dump.gold.yaml | 46 +++++++++++++++++++ 5 files changed, 184 insertions(+) create mode 100644 cmd/headscale/cli/dump_config.go create mode 100644 integration_test/etc/alt-config.dump.gold.yaml create mode 100644 integration_test/etc/alt-config.yaml create mode 100644 integration_test/etc/config.dump.gold.yaml diff --git a/cmd/headscale/cli/dump_config.go b/cmd/headscale/cli/dump_config.go new file mode 100644 index 00000000..374690ed --- /dev/null +++ b/cmd/headscale/cli/dump_config.go @@ -0,0 +1,28 @@ +package cli + +import ( + "fmt" + + "github.com/spf13/cobra" + "github.com/spf13/viper" +) + +func init() { + rootCmd.AddCommand(dumpConfigCmd) +} + +var dumpConfigCmd = &cobra.Command{ + Use: "dumpConfig", + Short: "dump current config to /etc/headscale/config.dump.yaml, integration test only", + Hidden: true, + Args: func(cmd *cobra.Command, args []string) error { + return nil + }, + Run: func(cmd *cobra.Command, args []string) { + err := viper.WriteConfigAs("/etc/headscale/config.dump.yaml") + if err != nil { + //nolint + fmt.Println("Failed to dump config") + } + }, +} diff --git a/integration_cli_test.go b/integration_cli_test.go index 075c38ac..8ac6ee4d 100644 --- a/integration_cli_test.go +++ b/integration_cli_test.go @@ -1721,3 +1721,43 @@ func (s *IntegrationCLITestSuite) TestNodeMoveCommand() { assert.Equal(s.T(), machine.Namespace, oldNamespace) } + +func (s *IntegrationCLITestSuite) TestLoadConfigFromCommand() { + // TODO: make sure defaultConfig is not same as altConfig + defaultConfig, err := os.ReadFile("integration_test/etc/config.dump.gold.yaml") + assert.Nil(s.T(), err) + altConfig, err := os.ReadFile("integration_test/etc/alt-config.dump.gold.yaml") + assert.Nil(s.T(), err) + + _, err = ExecuteCommand( + &s.headscale, + []string{ + "headscale", + "dumpConfig", + }, + []string{}, + ) + assert.Nil(s.T(), err) + + defaultDumpConfig, err := os.ReadFile("integration_test/etc/config.dump.yaml") + assert.Nil(s.T(), err) + + assert.YAMLEq(s.T(), string(defaultConfig), string(defaultDumpConfig)) + + _, err = ExecuteCommand( + &s.headscale, + []string{ + "headscale", + "-c", + "/etc/headscale/alt-config.yaml", + "dumpConfig", + }, + []string{}, + ) + assert.Nil(s.T(), err) + + altDumpConfig, err := os.ReadFile("integration_test/etc/config.dump.yaml") + assert.Nil(s.T(), err) + + assert.YAMLEq(s.T(), string(altConfig), string(altDumpConfig)) +} diff --git a/integration_test/etc/alt-config.dump.gold.yaml b/integration_test/etc/alt-config.dump.gold.yaml new file mode 100644 index 00000000..7b2fe6ab --- /dev/null +++ b/integration_test/etc/alt-config.dump.gold.yaml @@ -0,0 +1,46 @@ +acl_policy_path: "" +cli: + insecure: false + timeout: 5s +db_path: /tmp/integration_test_db.sqlite3 +db_type: sqlite3 +derp: + auto_update_enabled: false + server: + enabled: false + stun: + enabled: true + update_frequency: 1m + urls: + - https://controlplane.tailscale.com/derpmap/default +dns_config: + base_domain: headscale.net + domains: [] + magic_dns: true + nameservers: + - 1.1.1.1 +ephemeral_node_inactivity_timeout: 30m +grpc_allow_insecure: false +grpc_listen_addr: :50443 +ip_prefixes: + - fd7a:115c:a1e0::/48 + - 100.64.0.0/10 +listen_addr: 0.0.0.0:18080 +log_level: trace +logtail: + enabled: false +metrics_listen_addr: 127.0.0.1:19090 +oidc: + scope: + - openid + - profile + - email + strip_email_domain: true +private_key_path: private.key +server_url: http://headscale:18080 +tls_client_auth_mode: relaxed +tls_letsencrypt_cache_dir: /var/www/.cache +tls_letsencrypt_challenge_type: HTTP-01 +unix_socket: /var/run/headscale.sock +unix_socket_permission: "0o770" + diff --git a/integration_test/etc/alt-config.yaml b/integration_test/etc/alt-config.yaml new file mode 100644 index 00000000..8de9a828 --- /dev/null +++ b/integration_test/etc/alt-config.yaml @@ -0,0 +1,24 @@ +log_level: trace +acl_policy_path: "" +db_type: sqlite3 +ephemeral_node_inactivity_timeout: 30m +ip_prefixes: + - fd7a:115c:a1e0::/48 + - 100.64.0.0/10 +dns_config: + base_domain: headscale.net + magic_dns: true + domains: [] + nameservers: + - 1.1.1.1 +db_path: /tmp/integration_test_db.sqlite3 +private_key_path: private.key +listen_addr: 0.0.0.0:18080 +metrics_listen_addr: 127.0.0.1:19090 +server_url: http://headscale:18080 + +derp: + urls: + - https://controlplane.tailscale.com/derpmap/default + auto_update_enabled: false + update_frequency: 1m diff --git a/integration_test/etc/config.dump.gold.yaml b/integration_test/etc/config.dump.gold.yaml new file mode 100644 index 00000000..d33610d9 --- /dev/null +++ b/integration_test/etc/config.dump.gold.yaml @@ -0,0 +1,46 @@ +acl_policy_path: "" +cli: + insecure: false + timeout: 5s +db_path: /tmp/integration_test_db.sqlite3 +db_type: sqlite3 +derp: + auto_update_enabled: false + server: + enabled: false + stun: + enabled: true + update_frequency: 1m + urls: + - https://controlplane.tailscale.com/derpmap/default +dns_config: + base_domain: headscale.net + domains: [] + magic_dns: true + nameservers: + - 1.1.1.1 +ephemeral_node_inactivity_timeout: 30m +grpc_allow_insecure: false +grpc_listen_addr: :50443 +ip_prefixes: + - fd7a:115c:a1e0::/48 + - 100.64.0.0/10 +listen_addr: 0.0.0.0:8080 +log_level: trace +logtail: + enabled: false +metrics_listen_addr: 127.0.0.1:9090 +oidc: + scope: + - openid + - profile + - email + strip_email_domain: true +private_key_path: private.key +server_url: http://headscale:8080 +tls_client_auth_mode: relaxed +tls_letsencrypt_cache_dir: /var/www/.cache +tls_letsencrypt_challenge_type: HTTP-01 +unix_socket: /var/run/headscale.sock +unix_socket_permission: "0o770" + From 8744eeeb190ce1d91bd192f3224c997a47a386bb Mon Sep 17 00:00:00 2001 From: Jiang Zhu Date: Sun, 5 Jun 2022 23:14:49 +0800 Subject: [PATCH 4/6] ExecuteCommand set HEADSCALE_LOG_LEVEL to disabled --- integration_test/etc/alt-config.dump.gold.yaml | 2 +- integration_test/etc/config.dump.gold.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/integration_test/etc/alt-config.dump.gold.yaml b/integration_test/etc/alt-config.dump.gold.yaml index 7b2fe6ab..5cc025cc 100644 --- a/integration_test/etc/alt-config.dump.gold.yaml +++ b/integration_test/etc/alt-config.dump.gold.yaml @@ -26,7 +26,7 @@ ip_prefixes: - fd7a:115c:a1e0::/48 - 100.64.0.0/10 listen_addr: 0.0.0.0:18080 -log_level: trace +log_level: disabled logtail: enabled: false metrics_listen_addr: 127.0.0.1:19090 diff --git a/integration_test/etc/config.dump.gold.yaml b/integration_test/etc/config.dump.gold.yaml index d33610d9..0df651ed 100644 --- a/integration_test/etc/config.dump.gold.yaml +++ b/integration_test/etc/config.dump.gold.yaml @@ -26,7 +26,7 @@ ip_prefixes: - fd7a:115c:a1e0::/48 - 100.64.0.0/10 listen_addr: 0.0.0.0:8080 -log_level: trace +log_level: disabled logtail: enabled: false metrics_listen_addr: 127.0.0.1:9090 From 0c5a402206657797389afe7b67b9ae5bff535803 Mon Sep 17 00:00:00 2001 From: Jiang Zhu Date: Sun, 5 Jun 2022 23:15:21 +0800 Subject: [PATCH 5/6] add changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e991f139..dd25e317 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ - This change disables the logs by default - Use [Prometheus]'s duration parser, supporting days (`d`), weeks (`w`) and years (`y`) [#598](https://github.com/juanfont/headscale/pull/598) - Add support for reloading ACLs with SIGHUP [#601](https://github.com/juanfont/headscale/pull/601) +- Add -c option to specify config file from command line [#285](https://github.com/juanfont/headscale/issues/285) [#612](https://github.com/juanfont/headscale/pull/601) ## 0.15.0 (2022-03-20) From 86ce0e0c66ac7e6b57a8ee43aa151d759b1c01cb Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Wed, 8 Jun 2022 18:09:11 +0200 Subject: [PATCH 6/6] Use strings.Cut to simplify logic --- api_key.go | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/api_key.go b/api_key.go index 41c83857..c1bbce2d 100644 --- a/api_key.go +++ b/api_key.go @@ -13,7 +13,6 @@ import ( const ( apiPrefixLength = 7 apiKeyLength = 32 - apiKeyParts = 2 errAPIKeyFailedToParse = Error("Failed to parse ApiKey") ) @@ -115,9 +114,9 @@ func (h *Headscale) ExpireAPIKey(key *APIKey) error { } func (h *Headscale) ValidateAPIKey(keyStr string) (bool, error) { - prefix, hash, err := splitAPIKey(keyStr) - if err != nil { - return false, fmt.Errorf("failed to validate api key: %w", err) + prefix, hash, found := strings.Cut(keyStr, ".") + if !found { + return false, errAPIKeyFailedToParse } key, err := h.GetAPIKey(prefix) @@ -136,15 +135,6 @@ func (h *Headscale) ValidateAPIKey(keyStr string) (bool, error) { return true, nil } -func splitAPIKey(key string) (string, string, error) { - parts := strings.Split(key, ".") - if len(parts) != apiKeyParts { - return "", "", errAPIKeyFailedToParse - } - - return parts[0], parts[1], nil -} - func (key *APIKey) toProto() *v1.ApiKey { protoKey := v1.ApiKey{ Id: key.ID,