mirror of
https://github.com/juanfont/headscale.git
synced 2024-11-23 18:15:26 +00:00
Add feature flag for SSH, and warning
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
parent
91ed6e2197
commit
c6d31747f7
23
acls.go
23
acls.go
@ -15,6 +15,7 @@ import (
|
|||||||
"github.com/rs/zerolog/log"
|
"github.com/rs/zerolog/log"
|
||||||
"github.com/tailscale/hujson"
|
"github.com/tailscale/hujson"
|
||||||
"gopkg.in/yaml.v3"
|
"gopkg.in/yaml.v3"
|
||||||
|
"tailscale.com/envknob"
|
||||||
"tailscale.com/tailcfg"
|
"tailscale.com/tailcfg"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -55,6 +56,8 @@ const (
|
|||||||
ProtocolFC = 133 // Fibre Channel
|
ProtocolFC = 133 // Fibre Channel
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var featureEnableSSH = envknob.RegisterBool("HEADSCALE_FEATURE_SSH")
|
||||||
|
|
||||||
// LoadACLPolicy loads the ACL policy from the specify path, and generates the ACL rules.
|
// LoadACLPolicy loads the ACL policy from the specify path, and generates the ACL rules.
|
||||||
func (h *Headscale) LoadACLPolicy(path string) error {
|
func (h *Headscale) LoadACLPolicy(path string) error {
|
||||||
log.Debug().
|
log.Debug().
|
||||||
@ -121,15 +124,19 @@ func (h *Headscale) UpdateACLRules() error {
|
|||||||
log.Trace().Interface("ACL", rules).Msg("ACL rules generated")
|
log.Trace().Interface("ACL", rules).Msg("ACL rules generated")
|
||||||
h.aclRules = rules
|
h.aclRules = rules
|
||||||
|
|
||||||
sshRules, err := h.generateSSHRules()
|
if featureEnableSSH() {
|
||||||
if err != nil {
|
sshRules, err := h.generateSSHRules()
|
||||||
return err
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
log.Trace().Interface("SSH", sshRules).Msg("SSH rules generated")
|
||||||
|
if h.sshPolicy == nil {
|
||||||
|
h.sshPolicy = &tailcfg.SSHPolicy{}
|
||||||
|
}
|
||||||
|
h.sshPolicy.Rules = sshRules
|
||||||
|
} else if h.aclPolicy != nil && len(h.aclPolicy.SSHs) > 0 {
|
||||||
|
log.Info().Msg("SSH ACLs has been defined, but HEADSCALE_FEATURE_SSH is not enabled, this is a unstable feature, check docs before activating")
|
||||||
}
|
}
|
||||||
log.Trace().Interface("SSH", sshRules).Msg("SSH rules generated")
|
|
||||||
if h.sshPolicy == nil {
|
|
||||||
h.sshPolicy = &tailcfg.SSHPolicy{}
|
|
||||||
}
|
|
||||||
h.sshPolicy.Rules = sshRules
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user