linting again

This commit is contained in:
Justin Angel 2022-01-31 10:27:43 -05:00
parent 9de5c7f8b8
commit da5250ea32
2 changed files with 30 additions and 36 deletions

39
app.go
View File

@ -657,11 +657,10 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
log.Warn().Msg("Listening with TLS but ServerURL does not start with https://") log.Warn().Msg("Listening with TLS but ServerURL does not start with https://")
} }
clientAuthMode, err := h.GetClientAuthMode() clientAuthMode, err := h.GetClientAuthMode()
if err != nil {
if err != nil { return nil, err
return nil, err }
}
log.Info().Msg(fmt.Sprintf( log.Info().Msg(fmt.Sprintf(
"Client authentication (mTLS) is \"%s\". See the docs to learn about configuring this setting.", "Client authentication (mTLS) is \"%s\". See the docs to learn about configuring this setting.",
@ -683,22 +682,20 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
// Look up the TLS constant relative to user-supplied TLS client // Look up the TLS constant relative to user-supplied TLS client
// authentication mode. // authentication mode.
func (h *Headscale) GetClientAuthMode() (tls.ClientAuthType, error) { func (h *Headscale) GetClientAuthMode() (tls.ClientAuthType, error) {
switch h.cfg.TLSClientAuthMode {
switch h.cfg.TLSClientAuthMode { case DisabledClientAuth:
case DisabledClientAuth: // Client cert is _not_ required.
// Client cert is _not_ required. return tls.NoClientCert, nil
return tls.NoClientCert, nil case RelaxedClientAuth:
case RelaxedClientAuth: // Client cert required, but _not verified_.
// Client cert required, but _not verified_. return tls.RequireAnyClientCert, nil
return tls.RequireAnyClientCert, nil case EnforcedClientAuth:
case EnforcedClientAuth: // Client cert is _required and verified_.
// Client cert is _required and verified_. return tls.RequireAndVerifyClientCert, nil
return tls.RequireAndVerifyClientCert, nil default:
default: return tls.NoClientCert, Error("Invalid tls_client_auth_mode provided: " +
return tls.NoClientCert, Error("Invalid tls_client_auth_mode provided: " + h.cfg.TLSClientAuthMode)
h.cfg.TLSClientAuthMode) }
}
} }
func (h *Headscale) setLastStateChangeToNow(namespace string) { func (h *Headscale) setLastStateChangeToNow(namespace string) {

View File

@ -66,22 +66,19 @@ func (s *Suite) ResetDB(c *check.C) {
// Enusre an error is returned when an invalid auth mode // Enusre an error is returned when an invalid auth mode
// is supplied. // is supplied.
func (s *Suite) TestInvalidClientAuthMode(c *check.C){ func (s *Suite) TestInvalidClientAuthMode(c *check.C) {
app.cfg.TLSClientAuthMode = "invalid" app.cfg.TLSClientAuthMode = "invalid"
_, err := app.GetClientAuthMode() _, err := app.GetClientAuthMode()
c.Assert(err, check.NotNil) c.Assert(err, check.NotNil)
} }
// Ensure that all client auth modes return a nil error // Ensure that all client auth modes return a nil error.
func (s *Suite) TestAuthModes(c *check.C){ func (s *Suite) TestAuthModes(c *check.C) {
modes := []string{"disabled", "relaxed", "enforced"}
var modes = []string{"disabled", "relaxed", "enforced"}
for _, v := range modes {
app.cfg.TLSClientAuthMode = v
_, err := app.GetClientAuthMode()
c.Assert(err, check.IsNil)
}
for _, v := range modes {
app.cfg.TLSClientAuthMode = v
_, err := app.GetClientAuthMode()
c.Assert(err, check.IsNil)
}
} }