Commit Graph

3236 Commits

Author SHA1 Message Date
Kristoffer Dalby
2b5e52b08b
validate policy against nodes, error if not valid (#2089)
* validate policy against nodes, error if not valid

this commit aims to improve the feedback of "runtime" policy
errors which would only manifest when the rules are compiled to
filter rules with nodes.

this change will in;

file-based mode load the nodes from the db and try to compile the rules on
start up and return an error if they would not work as intended.

database-based mode prevent a new ACL being written to the database if
it does not compile with the current set of node.

Fixes #2073
Fixes #2044

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* ensure stderr can be used in err checks

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* test policy set validation

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add new integration test to ghaction

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add back defer for cli tst

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-08-30 16:58:29 +02:00
Roman Zabaluev
fffd9d7ee9
Update ACLs file format docs (#2066) 2024-08-30 07:20:07 +00:00
Mike Poindexter
76515d12d6
Fix self notification on expiry update via oidc relogin (#2080) 2024-08-30 08:20:29 +02:00
Mike Poindexter
34361c6f82
Fix FKs on sqlite migrations (#2083) 2024-08-30 08:08:54 +02:00
Thomas Gautvedt
f4427dd29e
fix: correct a small spelling mistake (#2081) 2024-08-28 07:50:09 +00:00
Kristoffer Dalby
cf6a606d74
fix route table migration wiping routes 0.22 -> 0.23 (#2076) 2024-08-27 18:54:28 +02:00
dragon2611
827e3e83ae
Issue 2045, Feature Request (#2071)
Requiring someone to write a design doc/contribute to the feature shouldn't be a requirement for raising a feature request as users may lack the skills required to do this.
2024-08-27 11:03:51 +02:00
Kristoffer Dalby
9c4c286696
fix warning errs from beta2 (#2075)
* remove default false for use usernames causing warning

Fixes #2065

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Ensure DoH warnings are only emitted if err

Fixes #2064

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-08-23 17:17:37 +02:00
Kristoffer Dalby
a68854ac33
upgrade go (1.23) and tailscale (1.72.1) (#2077) 2024-08-23 15:28:54 +02:00
github-actions[bot]
9bed76d481
flake.lock: Update (#2059) 2024-08-19 11:05:43 +00:00
Kristoffer Dalby
84cb5d0aed
make acl_policy_path fatal if policy.path is not set (#2041) 2024-08-19 13:03:01 +02:00
Kristoffer Dalby
f99497340b
add coderabbit config (#2060)
Code Rabbit is one of these new fancy LLM code review tools. I am skeptical
but we can try it for free and it might provide us with some value to let
people get feedback while waiting for other people.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-08-19 10:06:55 +00:00
nadongjun
fdc034e8ae
Integrate GORM Logger with Zerolog and Add Configuration Options for Logging and Performance (#2040)
* Integrate GORM logger with zerolog and add custom GORM configuration options

* Add GormConfig struct to group GORM-related settings

* Update debug mode instruction in config-example.yaml

Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>

---------

Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
2024-08-19 11:47:52 +02:00
Kristoffer Dalby
ac8491efec
Redo DNS configuration (#2034)
this commit changes and streamlines the dns_config into a new
key, dns. It removes a combination of outdates and incompatible
configuration options that made it easy to confuse what headscale
could and could not do, or what to expect from ones configuration.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-08-19 11:41:05 +02:00
Chuangbo Li
022fb24cd9
Fix command get policy works with relative policy path (#2051) 2024-08-12 12:11:59 +02:00
github-actions[bot]
fcd1183805
flake.lock: Update (#2052) 2024-08-11 05:48:15 +00:00
Kristoffer Dalby
ece907d878
test embedded derp with derp updater, check client health (#2030) 2024-08-11 07:44:59 +02:00
github-actions[bot]
948d53f934
flake.lock: Update (#2042) 2024-08-04 06:35:46 +00:00
github-actions[bot]
06f07053eb
flake.lock: Update (#2035) 2024-07-28 08:42:38 +00:00
nadongjun
4ad3f3c484
Fix data race issues in EphemeralGarbageCollector tests (#2023)
* Fix data race issues in EphemeralGarbageCollector tests

* Add defer for mutex unlock in TestEphemeralGarbageCollectorOrder

* Fix mutex unlock order in closure by updating defer placement
2024-07-22 15:11:57 +00:00
Steven Honson
db7a4358e9
config-example.yaml: Remove reference to yaml for policy files (#2022) 2024-07-22 13:38:42 +00:00
github-actions[bot]
b799245f1e
flake.lock: Update (#2021) 2024-07-22 08:56:21 +02:00
greizgh
8571513e3c
reformat code (#2019)
* reformat code

This is mostly an automated change with `make lint`.
I had to manually please golangci-lint in routes_test because of a short
variable name.

* fix start -> strategy which was wrongly corrected by linter
2024-07-22 08:56:00 +02:00
Kristoffer Dalby
ca47d6f353
small cleanups (#2017) 2024-07-19 09:21:14 +02:00
Kristoffer Dalby
11fde62b8c
remove custom contains funcs for slices.Contains (#2015)
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-07-19 09:04:04 +02:00
Kristoffer Dalby
9e523d4687
move userprofiles into method on user struct (#2014)
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-07-19 09:03:18 +02:00
Kristoffer Dalby
7e62031444
replace ephemeral deletion logic (#2008)
* replace ephemeral deletion logic

this commit replaces the way we remove ephemeral nodes,
currently they are deleted in a loop and we look at last seen
time. This time is now only set when a node disconnects and
there was a bug (#2006) where nodes that had never disconnected
was deleted since they did not have a last seen.

The new logic will start an expiry timer when the node disconnects
and delete the node from the database when the timer is up.

If the node reconnects within the expiry, the timer is cancelled.

Fixes #2006

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* use uint64 as authekyid and ptr helper in tests

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add test db helper

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add list ephemeral node func

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* schedule ephemeral nodes for removal on startup

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* fix gorm query for postgres

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add godoc

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-07-18 10:01:59 +02:00
Pallab Pain
58bd38a609
feat: implements apis for managing headscale policy (#1792) 2024-07-18 07:38:25 +02:00
Rubens Peculis
00ff288f0c
fix(1996): Implement register method enum converter (#2013)
Added a new function `RegisterMethodToV1Enum()` to Node, converting the internal register method string to the corresponding V1 Enum value. Included corresponding unit test in `node_test.go` to ensure correct conversion for various register methods.
2024-07-17 13:12:16 +02:00
greizgh
8823778d05
Add gofumpt to dev dependencies (#2010) 2024-07-17 13:12:02 +02:00
greizgh
74d27ee5fa
Remove deprecated linters from golangci-lint (#2009)
When running lints, golangci-lint complained about removed
linters (which were already disabled).
This removes the relevant warnings.
2024-07-17 10:08:41 +02:00
github-actions[bot]
3f60ab23a6
Update flake.lock (#2011)
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/4284c2b73c8bce4b46a6adf23e16d9e2ec8da4bb?narHash=sha256-i4vJL12/AdyuQuviMMd1Hk2tsGt02hDNhA0Zj1m16N8%3D' (2024-07-05)
  → 'github:NixOS/nixpkgs/8b5a3d5a1d951344d683b442c0739010b80039db?narHash=sha256-po3TZO9kcZwzvkyMJKb0WCzzDtiHWD34XeRaX1lWXp0%3D' (2024-07-12)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2024-07-14 06:20:22 +00:00
github-actions[bot]
eb1591df35
flake.lock: Update (#2000) 2024-07-07 06:16:36 +00:00
github-actions[bot]
89ada557bc
flake.lock: Update (#1991) 2024-07-01 05:46:33 +00:00
Kristoffer Dalby
14a3f94f0c
fix search domains and remove username from magicdns (#1987) 2024-06-26 13:44:40 +02:00
Kristoffer Dalby
4a34cfc4a6
Make write-ahead-log default and configurable for sqlite (#1985)
* correctly enable WAL log for sqlite

this commit makes headscale correctly enable write-ahead-log for
sqlite and adds an option to turn it on and off.

WAL is enabled by default and should make sqlite perform a lot better,
even further eliminating the need to use postgres.

It also adds a couple of other useful defaults.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-06-23 22:06:59 +02:00
Kristoffer Dalby
8f8f469c0a
Remove allocations of lists before use (#1989)
* policy: remove allocs before appends in acls

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* notifier: make batcher tests stable/non-flaky

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* {db,derp,mapper}: dont allocate until append

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-06-23 22:06:50 +02:00
Lars Kiesow
69c33658f6
Fix android docs (#1976)
The current Tailscale app for Android looks and behaves differently.
This patch updates the documentation for that.
2024-06-23 00:52:23 +02:00
Kyhwana Pardus
99e91a9d8a
Update reverse-proxy.md (#1986)
Add blurb about how cloudflare proxy/tunnels is not supported/will not work
2024-06-23 00:47:26 +02:00
github-actions[bot]
dfc089ed6a
flake.lock: Update (#1979) 2024-06-16 20:24:08 +00:00
Lars Kiesow
51676c668b
Make registration screen easier to use (#1975) 2024-06-15 09:40:49 +02:00
github-actions[bot]
1f4b59566a
flake.lock: Update (#1958) 2024-06-09 07:23:16 +00:00
Dongjun Na
5f9c26930c
fixed typo and path (#1960) 2024-05-28 16:11:39 +00:00
Kristoffer Dalby
5a4e52b727
remove last_successful_update error check (#1959)
most of the time we dont even check this error and checking
the string for particular errors is very flake as different
databases (sqlite and psql) use different error messages, and
some users might have it in other languages.

Fixes #1956

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-05-27 11:53:37 +01:00
github-actions[bot]
51b56ba447
Update flake.lock (#1952)
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/b3fcfcfabd01b947a1e4f36622bbffa3985bdac6?narHash=sha256-iJYnKMtLi5u6hZhJm94cRNSDG5Rz6ZzIkGbhPFtDRm0%3D' (2024-05-15)
  → 'github:NixOS/nixpkgs/02923630b89aa1ab36ef8e422501a6f4fd4b2016?narHash=sha256-OhysviwHQz4p2HZL4g7XGMLoUbWMjkMr/ogaR3VUYNA%3D' (2024-05-18)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2024-05-24 10:30:11 +01:00
Kristoffer Dalby
c8ebbede54
Simplify map session management (#1931)
This PR removes the complicated session management introduced in https://github.com/juanfont/headscale/pull/1791 which kept track of the sessions in a map, in addition to the channel already kept track of in the notifier.

Instead of trying to close the mapsession, it will now be replaced by the new one and closed after so all new updates goes to the right place.

The map session serve function is also split into a streaming and a non-streaming version for better readability.

RemoveNode in the notifier will not remove a node if the channel is not matching the one that has been passed (e.g. it has been replaced with a new one).

A new tuning parameter has been added to added to set timeout before the notifier gives up to send an update to a node.

Add a keep alive resetter so we wait with sending keep alives if a node has just received an update.

In addition it adds a bunch of env debug flags that can be set:

- `HEADSCALE_DEBUG_HIGH_CARDINALITY_METRICS`: make certain metrics include per node.id, not recommended to use in prod. 
- `HEADSCALE_DEBUG_PROFILING_ENABLED`: activate tracing 
- `HEADSCALE_DEBUG_PROFILING_PATH`: where to store traces 
- `HEADSCALE_DEBUG_DUMP_CONFIG`: calls `spew.Dump` on the config object startup
- `HEADSCALE_DEBUG_DEADLOCK`: enable go-deadlock to dump goroutines if it looks like a deadlock has occured, enabled in integration tests.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-05-24 10:15:34 +02:00
Stefan Majer
8185a70dc7
Fix typos (#1860)
* Fix typos

* trigger GitHub actions

* remove kdiff3 orig files

* fix unicode

* remove unnecessary function call

* remove unnecessary comment

* remove unnecessary comment

---------

Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
2024-05-19 23:49:27 +02:00
ohdearaugustin
2dc62e981e
move debug image to distroless (#1950) 2024-05-19 11:17:37 +02:00
Kristoffer Dalby
5ad0aa44cb
update tailscale go dep (#1948)
* update tailscale go dep

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update gorm go dep

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update grpc go dep

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update golang.org go dep

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update rest of go dep

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-05-17 08:58:33 -04:00
github-actions[bot]
723a0408a3
flake.lock: Update (#1897) 2024-05-16 14:01:34 +00:00