control/controlclient,posture,util/syspolicy: use predefined syspolicy keys instead of string literals

With the upcoming syspolicy changes, it's imperative that all syspolicy keys are defined in the syspolicy package for proper registration. Otherwise, the corresponding policy settings will not be read. This updates a couple of places where we still use string literals rather than syspolicy consts. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>
2025-10-08 23:49:56 +00:00 · 2024-09-04 12:01:55 -05:00
parent d060b3fa02
commit 11d205f6c4
3 changed files with 10 additions and 2 deletions
--- a/util/syspolicy/policy_keys.go
+++ b/util/syspolicy/policy_keys.go
@@ -98,6 +98,14 @@ const (
 	// automatically authenticate managed devices, without requiring user interaction.
 	AuthKey Key = "AuthKey"

+	// MachineCertificateSubject is the exact name of a Subject that needs
+	// to be present in an identity's certificate chain to sign a RegisterRequest,
+	// formatted as per pkix.Name.String(). The Subject may be that of the identity
+	// itself, an intermediate CA or the root CA.
+	//
+	// Example: "CN=Tailscale Inc Test Root CA,OU=Tailscale Inc Test Certificate Authority,O=Tailscale Inc,ST=ON,C=CA"
+	MachineCertificateSubject Key = "MachineCertificateSubject"
+
 	// Keys with a string array value.
 	// AllowedSuggestedExitNodes's string array value is a list of exit node IDs that restricts which exit nodes are considered when generating suggestions for exit nodes.
 	AllowedSuggestedExitNodes Key = "AllowedSuggestedExitNodes"