Fixed linting issues

This commit is contained in:
Juan Font 2021-07-04 13:33:00 +02:00
parent d446e8a2fb
commit 19443669bf
4 changed files with 28 additions and 17 deletions

14
acls.go
View File

@ -22,7 +22,8 @@ const errorInvalidTag = Error("invalid tag")
const errorInvalidNamespace = Error("invalid namespace")
const errorInvalidPortFormat = Error("invalid port format")
func (h *Headscale) LoadAclPolicy(path string) error {
// LoadACLPolicy loads the ACL policy from the specify path, and generates the ACL rules
func (h *Headscale) LoadACLPolicy(path string) error {
policyFile, err := os.Open(path)
if err != nil {
return err
@ -35,6 +36,9 @@ func (h *Headscale) LoadAclPolicy(path string) error {
return err
}
err = hujson.Unmarshal(b, &policy)
if err != nil {
return err
}
if policy.IsZero() {
return errorEmptyPolicy
}
@ -61,7 +65,7 @@ func (h *Headscale) generateACLRules() (*[]tailcfg.FilterRule, error) {
srcIPs := []string{}
for j, u := range a.Users {
fmt.Printf("acl %d, user %d: ", i, j)
srcs, err := h.generateAclPolicySrcIP(u)
srcs, err := h.generateACLPolicySrcIP(u)
fmt.Printf(" -> %s\n", err)
if err != nil {
return nil, err
@ -73,7 +77,7 @@ func (h *Headscale) generateACLRules() (*[]tailcfg.FilterRule, error) {
destPorts := []tailcfg.NetPortRange{}
for j, d := range a.Ports {
fmt.Printf("acl %d, port %d: ", i, j)
dests, err := h.generateAclPolicyDestPorts(d)
dests, err := h.generateACLPolicyDestPorts(d)
fmt.Printf(" -> %s\n", err)
if err != nil {
return nil, err
@ -90,11 +94,11 @@ func (h *Headscale) generateACLRules() (*[]tailcfg.FilterRule, error) {
return &rules, nil
}
func (h *Headscale) generateAclPolicySrcIP(u string) (*[]string, error) {
func (h *Headscale) generateACLPolicySrcIP(u string) (*[]string, error) {
return h.expandAlias(u)
}
func (h *Headscale) generateAclPolicyDestPorts(d string) (*[]tailcfg.NetPortRange, error) {
func (h *Headscale) generateACLPolicyDestPorts(d string) (*[]tailcfg.NetPortRange, error) {
tokens := strings.Split(d, ":")
if len(tokens) < 2 || len(tokens) > 3 {
return nil, errorInvalidPortFormat

View File

@ -5,18 +5,18 @@ import (
)
func (s *Suite) TestWrongPath(c *check.C) {
err := h.LoadAclPolicy("asdfg")
err := h.LoadACLPolicy("asdfg")
c.Assert(err, check.NotNil)
}
func (s *Suite) TestBrokenHuJson(c *check.C) {
err := h.LoadAclPolicy("./tests/acls/broken.hujson")
err := h.LoadACLPolicy("./tests/acls/broken.hujson")
c.Assert(err, check.NotNil)
}
func (s *Suite) TestInvalidPolicyHuson(c *check.C) {
err := h.LoadAclPolicy("./tests/acls/invalid.hujson")
err := h.LoadACLPolicy("./tests/acls/invalid.hujson")
c.Assert(err, check.NotNil)
c.Assert(err, check.Equals, errorEmptyPolicy)
}
@ -36,13 +36,13 @@ func (s *Suite) TestParseInvalidCIDR(c *check.C) {
}
func (s *Suite) TestCheckLoaded(c *check.C) {
err := h.LoadAclPolicy("./tests/acls/acl_policy_1.hujson")
err := h.LoadACLPolicy("./tests/acls/acl_policy_1.hujson")
c.Assert(err, check.IsNil)
c.Assert(h.aclPolicy, check.NotNil)
}
func (s *Suite) TestValidCheckParsedHosts(c *check.C) {
err := h.LoadAclPolicy("./tests/acls/acl_policy_1.hujson")
err := h.LoadACLPolicy("./tests/acls/acl_policy_1.hujson")
c.Assert(err, check.IsNil)
c.Assert(h.aclPolicy, check.NotNil)
c.Assert(h.aclPolicy.IsZero(), check.Equals, false)
@ -50,7 +50,7 @@ func (s *Suite) TestValidCheckParsedHosts(c *check.C) {
}
func (s *Suite) TestRuleInvalidGeneration(c *check.C) {
err := h.LoadAclPolicy("./tests/acls/acl_policy_invalid.hujson")
err := h.LoadACLPolicy("./tests/acls/acl_policy_invalid.hujson")
c.Assert(err, check.IsNil)
rules, err := h.generateACLRules()
@ -59,7 +59,7 @@ func (s *Suite) TestRuleInvalidGeneration(c *check.C) {
}
func (s *Suite) TestBasicRule(c *check.C) {
err := h.LoadAclPolicy("./tests/acls/acl_policy_basic_1.hujson")
err := h.LoadACLPolicy("./tests/acls/acl_policy_basic_1.hujson")
c.Assert(err, check.IsNil)
rules, err := h.generateACLRules()
@ -68,7 +68,7 @@ func (s *Suite) TestBasicRule(c *check.C) {
}
func (s *Suite) TestPortRange(c *check.C) {
err := h.LoadAclPolicy("./tests/acls/acl_policy_basic_range.hujson")
err := h.LoadACLPolicy("./tests/acls/acl_policy_basic_range.hujson")
c.Assert(err, check.IsNil)
rules, err := h.generateACLRules()
@ -82,7 +82,7 @@ func (s *Suite) TestPortRange(c *check.C) {
}
func (s *Suite) TestPortWildcard(c *check.C) {
err := h.LoadAclPolicy("./tests/acls/acl_policy_basic_wildcards.hujson")
err := h.LoadACLPolicy("./tests/acls/acl_policy_basic_wildcards.hujson")
c.Assert(err, check.IsNil)
rules, err := h.generateACLRules()
@ -126,7 +126,7 @@ func (s *Suite) TestPortNamespace(c *check.C) {
}
db.Save(&m)
err = h.LoadAclPolicy("./tests/acls/acl_policy_basic_namespace_as_user.hujson")
err = h.LoadACLPolicy("./tests/acls/acl_policy_basic_namespace_as_user.hujson")
c.Assert(err, check.IsNil)
rules, err := h.generateACLRules()
@ -171,7 +171,7 @@ func (s *Suite) TestPortGroup(c *check.C) {
}
db.Save(&m)
err = h.LoadAclPolicy("./tests/acls/acl_policy_basic_groups.hujson")
err = h.LoadACLPolicy("./tests/acls/acl_policy_basic_groups.hujson")
c.Assert(err, check.IsNil)
rules, err := h.generateACLRules()

View File

@ -7,6 +7,7 @@ import (
"inet.af/netaddr"
)
// ACLPolicy represents a Tailscale ACL Policy
type ACLPolicy struct {
Groups Groups `json:"Groups"`
Hosts Hosts `json:"Hosts"`
@ -15,24 +16,30 @@ type ACLPolicy struct {
Tests []ACLTest `json:"Tests"`
}
// ACL is a basic rule for the ACL Policy
type ACL struct {
Action string `json:"Action"`
Users []string `json:"Users"`
Ports []string `json:"Ports"`
}
// Groups references a series of alias in the ACL rules
type Groups map[string][]string
// Hosts are alias for IP addresses or subnets
type Hosts map[string]netaddr.IPPrefix
// TagOwners specify what users (namespaces?) are allow to use certain tags
type TagOwners map[string][]string
// ACLTest is not implemented, but should be use to check if a certain rule is allowed
type ACLTest struct {
User string `json:"User"`
Allow []string `json:"Allow"`
Deny []string `json:"Deny,omitempty"`
}
// UnmarshalJSON allows to parse the Hosts directly into netaddr objects
func (h *Hosts) UnmarshalJSON(data []byte) error {
hosts := Hosts{}
hs := make(map[string]string)

View File

@ -121,7 +121,7 @@ func getHeadscaleApp() (*headscale.Headscale, error) {
}
// We are doing this here, as in the future could be cool to have it also hot-reload
err = h.LoadAclPolicy(absPath(viper.GetString("acl_policy_path")))
err = h.LoadACLPolicy(absPath(viper.GetString("acl_policy_path")))
if err != nil {
log.Printf("Could not load the ACL policy: %s", err)
}