mirror of
https://github.com/juanfont/headscale.git
synced 2024-12-25 01:07:52 +00:00
linting again
This commit is contained in:
parent
9de5c7f8b8
commit
da5250ea32
39
app.go
39
app.go
@ -657,11 +657,10 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
|
|||||||
log.Warn().Msg("Listening with TLS but ServerURL does not start with https://")
|
log.Warn().Msg("Listening with TLS but ServerURL does not start with https://")
|
||||||
}
|
}
|
||||||
|
|
||||||
clientAuthMode, err := h.GetClientAuthMode()
|
clientAuthMode, err := h.GetClientAuthMode()
|
||||||
|
if err != nil {
|
||||||
if err != nil {
|
return nil, err
|
||||||
return nil, err
|
}
|
||||||
}
|
|
||||||
|
|
||||||
log.Info().Msg(fmt.Sprintf(
|
log.Info().Msg(fmt.Sprintf(
|
||||||
"Client authentication (mTLS) is \"%s\". See the docs to learn about configuring this setting.",
|
"Client authentication (mTLS) is \"%s\". See the docs to learn about configuring this setting.",
|
||||||
@ -683,22 +682,20 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
|
|||||||
// Look up the TLS constant relative to user-supplied TLS client
|
// Look up the TLS constant relative to user-supplied TLS client
|
||||||
// authentication mode.
|
// authentication mode.
|
||||||
func (h *Headscale) GetClientAuthMode() (tls.ClientAuthType, error) {
|
func (h *Headscale) GetClientAuthMode() (tls.ClientAuthType, error) {
|
||||||
|
switch h.cfg.TLSClientAuthMode {
|
||||||
switch h.cfg.TLSClientAuthMode {
|
case DisabledClientAuth:
|
||||||
case DisabledClientAuth:
|
// Client cert is _not_ required.
|
||||||
// Client cert is _not_ required.
|
return tls.NoClientCert, nil
|
||||||
return tls.NoClientCert, nil
|
case RelaxedClientAuth:
|
||||||
case RelaxedClientAuth:
|
// Client cert required, but _not verified_.
|
||||||
// Client cert required, but _not verified_.
|
return tls.RequireAnyClientCert, nil
|
||||||
return tls.RequireAnyClientCert, nil
|
case EnforcedClientAuth:
|
||||||
case EnforcedClientAuth:
|
// Client cert is _required and verified_.
|
||||||
// Client cert is _required and verified_.
|
return tls.RequireAndVerifyClientCert, nil
|
||||||
return tls.RequireAndVerifyClientCert, nil
|
default:
|
||||||
default:
|
return tls.NoClientCert, Error("Invalid tls_client_auth_mode provided: " +
|
||||||
return tls.NoClientCert, Error("Invalid tls_client_auth_mode provided: " +
|
h.cfg.TLSClientAuthMode)
|
||||||
h.cfg.TLSClientAuthMode)
|
}
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *Headscale) setLastStateChangeToNow(namespace string) {
|
func (h *Headscale) setLastStateChangeToNow(namespace string) {
|
||||||
|
27
app_test.go
27
app_test.go
@ -66,22 +66,19 @@ func (s *Suite) ResetDB(c *check.C) {
|
|||||||
|
|
||||||
// Enusre an error is returned when an invalid auth mode
|
// Enusre an error is returned when an invalid auth mode
|
||||||
// is supplied.
|
// is supplied.
|
||||||
func (s *Suite) TestInvalidClientAuthMode(c *check.C){
|
func (s *Suite) TestInvalidClientAuthMode(c *check.C) {
|
||||||
app.cfg.TLSClientAuthMode = "invalid"
|
app.cfg.TLSClientAuthMode = "invalid"
|
||||||
_, err := app.GetClientAuthMode()
|
_, err := app.GetClientAuthMode()
|
||||||
c.Assert(err, check.NotNil)
|
c.Assert(err, check.NotNil)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ensure that all client auth modes return a nil error
|
// Ensure that all client auth modes return a nil error.
|
||||||
func (s *Suite) TestAuthModes(c *check.C){
|
func (s *Suite) TestAuthModes(c *check.C) {
|
||||||
|
modes := []string{"disabled", "relaxed", "enforced"}
|
||||||
var modes = []string{"disabled", "relaxed", "enforced"}
|
|
||||||
|
|
||||||
for _, v := range modes {
|
|
||||||
app.cfg.TLSClientAuthMode = v
|
|
||||||
_, err := app.GetClientAuthMode()
|
|
||||||
c.Assert(err, check.IsNil)
|
|
||||||
}
|
|
||||||
|
|
||||||
|
for _, v := range modes {
|
||||||
|
app.cfg.TLSClientAuthMode = v
|
||||||
|
_, err := app.GetClientAuthMode()
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user