TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-25 11:05:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

control/controlclient,posture,util/syspolicy: use predefined syspolicy keys instead of string literals

Browse Source 
With the upcoming syspolicy changes, it's imperative that all syspolicy keys are defined in the syspolicy package
for proper registration. Otherwise, the corresponding policy settings will not be read.

This updates a couple of places where we still use string literals rather than syspolicy consts.

Updates #12687

Signed-off-by: Nick Khyl <nickk@tailscale.com>
This commit is contained in:
Nick Khyl 2024-09-04 12:01:55 -05:00 committed by Nick Khyl
parent d060b3fa02
commit 11d205f6c4
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
control/controlclient/sign_supported.go
View File

@ -38,7 +38,7 @@
// Example: "CN=Tailscale Inc Test Root CA,OU=Tailscale Inc Test Certificate Authority,O=Tailscale Inc,ST=ON,C=CA" // Example: "CN=Tailscale Inc Test Root CA,OU=Tailscale Inc Test Certificate Authority,O=Tailscale Inc,ST=ON,C=CA"
func getMachineCertificateSubject() string { func getMachineCertificateSubject() string {
getMachineCertificateSubjectOnce.Do(func() { getMachineCertificateSubjectOnce.Do(func() {
getMachineCertificateSubjectOnce.v, _ = syspolicy.GetString("MachineCertificateSubject", "") getMachineCertificateSubjectOnce.v, _ = syspolicy.GetString(syspolicy.MachineCertificateSubject, "")
}) })
return getMachineCertificateSubjectOnce.v return getMachineCertificateSubjectOnce.v

2
posture/serialnumber_ios.go
View File

@ -14,7 +14,7 @@
// MDM solution. It requires configuration via the DeviceSerialNumber system policy. // MDM solution. It requires configuration via the DeviceSerialNumber system policy.
// This is the only way to gather serial numbers on iOS and tvOS. // This is the only way to gather serial numbers on iOS and tvOS.
func GetSerialNumbers(_ logger.Logf) ([]string, error) { func GetSerialNumbers(_ logger.Logf) ([]string, error) {
s, err := syspolicy.GetString("DeviceSerialNumber", "") s, err := syspolicy.GetString(syspolicy.DeviceSerialNumber, "")
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to get serial number from MDM: %v", err) return nil, fmt.Errorf("failed to get serial number from MDM: %v", err)
} }

8
util/syspolicy/policy_keys.go
View File

@ -98,6 +98,14 @@
// automatically authenticate managed devices, without requiring user interaction. // automatically authenticate managed devices, without requiring user interaction.
AuthKey Key = "AuthKey" AuthKey Key = "AuthKey"
// MachineCertificateSubject is the exact name of a Subject that needs
// to be present in an identity's certificate chain to sign a RegisterRequest,
// formatted as per pkix.Name.String(). The Subject may be that of the identity
// itself, an intermediate CA or the root CA.
//
// Example: "CN=Tailscale Inc Test Root CA,OU=Tailscale Inc Test Certificate Authority,O=Tailscale Inc,ST=ON,C=CA"
MachineCertificateSubject Key = "MachineCertificateSubject"
// Keys with a string array value. // Keys with a string array value.
// AllowedSuggestedExitNodes's string array value is a list of exit node IDs that restricts which exit nodes are considered when generating suggestions for exit nodes. // AllowedSuggestedExitNodes's string array value is a list of exit node IDs that restricts which exit nodes are considered when generating suggestions for exit nodes.
AllowedSuggestedExitNodes Key = "AllowedSuggestedExitNodes" AllowedSuggestedExitNodes Key = "AllowedSuggestedExitNodes"