control/policy: make error strings staticcheck-compliant.

Signed-off-by: David Anderson <dave@natulte.net>
This commit is contained in:
David Anderson 2020-02-10 23:23:57 -08:00
parent 542f46ed4d
commit 1cd278aa0b

View File

@ -8,10 +8,11 @@
"bytes" "bytes"
"errors" "errors"
"fmt" "fmt"
"github.com/tailscale/hujson"
"net" "net"
"strconv" "strconv"
"strings" "strings"
"github.com/tailscale/hujson"
"tailscale.com/wgengine/filter" "tailscale.com/wgengine/filter"
) )
@ -149,7 +150,7 @@ func (p *Policy) Expand(usermap map[string][]IP) (filter.Matches, error) {
for k, userlist := range p.Groups { for k, userlist := range p.Groups {
k = strings.ToLower(k) k = strings.ToLower(k)
if !strings.HasPrefix(k, "group:") { if !strings.HasPrefix(k, "group:") {
return nil, fmt.Errorf("Group[%#v]: group names must start with 'group:'", k) return nil, fmt.Errorf("group[%#v]: group names must start with 'group:'", k)
} }
for _, u := range userlist { for _, u := range userlist {
uips := lcusermap[u] uips := lcusermap[u]
@ -162,7 +163,7 @@ func (p *Policy) Expand(usermap map[string][]IP) (filter.Matches, error) {
var out filter.Matches var out filter.Matches
for _, acl := range p.ACLs { for _, acl := range p.ACLs {
if acl.Action != "accept" { if acl.Action != "accept" {
return nil, fmt.Errorf("Action=%#v is not supported", acl.Action) return nil, fmt.Errorf("action=%#v is not supported", acl.Action)
} }
var srcs []IP var srcs []IP
@ -186,7 +187,7 @@ func (p *Policy) Expand(usermap map[string][]IP) (filter.Matches, error) {
} }
} }
} else { } else {
return nil, fmt.Errorf("wgengine/filter: invalid username: %q: needs @domain or group: or role:", user) return nil, fmt.Errorf("wgengine/filter: invalid username: %q: needs '@domain' or 'group:' or 'role:'", user)
} }
} }
@ -194,7 +195,7 @@ func (p *Policy) Expand(usermap map[string][]IP) (filter.Matches, error) {
for _, hostport := range acl.Ports { for _, hostport := range acl.Ports {
host, ports, err := parseHostPortRange(hostport) host, ports, err := parseHostPortRange(hostport)
if err != nil { if err != nil {
return nil, fmt.Errorf("Ports=%#v: %v", hostport, err) return nil, fmt.Errorf("ports=%#v: %v", hostport, err)
} }
ip := net.ParseIP(host) ip := net.ParseIP(host)
ipv, ok := hosts[host] ipv, ok := hosts[host]
@ -202,7 +203,7 @@ func (p *Policy) Expand(usermap map[string][]IP) (filter.Matches, error) {
// matches an alias; ipv is now valid // matches an alias; ipv is now valid
} else if ip != nil && ip.IsUnspecified() { } else if ip != nil && ip.IsUnspecified() {
// For clarity, reject 0.0.0.0 as an input // For clarity, reject 0.0.0.0 as an input
return nil, fmt.Errorf("Ports=%#v: to allow all IP addresses, use *:port, not 0.0.0.0:port", hostport) return nil, fmt.Errorf("ports=%#v: to allow all IP addresses, use *:port, not 0.0.0.0:port", hostport)
} else if ip == nil && host == "*" { } else if ip == nil && host == "*" {
// User explicitly requested wildcard dst ip // User explicitly requested wildcard dst ip
ipv = IPAny ipv = IPAny
@ -211,7 +212,7 @@ func (p *Policy) Expand(usermap map[string][]IP) (filter.Matches, error) {
ip = ip.To4() ip = ip.To4()
} }
if ip == nil || len(ip) != 4 { if ip == nil || len(ip) != 4 {
return nil, fmt.Errorf("Ports=%#v: %#v: invalid IPv4 address", hostport, host) return nil, fmt.Errorf("ports=%#v: %#v: invalid IPv4 address", hostport, host)
} }
ipv = filter.NewIP(ip) ipv = filter.NewIP(ip)
} }