TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-01-05 23:07:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

tailcfg: add AcceptEnv field to SSHRule (#13523)

Browse Source 
Add an `AcceptEnv` field to `SSHRule`. This will contain the collection
of environment variable names / patterns that are specified in the
`acceptEnv` block for the SSH rule within the policy file. This will be
used in the tailscale client to filter out unacceptable environment
variables.

Updates: https://github.com/tailscale/corp/issues/22775

Signed-off-by: Mario Minardi <mario@tailscale.com>
This commit is contained in:
Mario Minardi 2024-09-22 20:15:26 -06:00 committed by GitHub
parent dc86d3589c
commit 8d508712c9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tailcfg/tailcfg.go
View File

@ -2451,6 +2451,13 @@ type SSHRule struct {
// Action is the outcome to task.
// A nil or invalid action means to deny.
Action *SSHAction `json:"action"`
// AcceptEnv is a slice of environment variable names that are allowlisted
// for the SSH rule in the policy file.
//
// AcceptEnv values may contain * and ? wildcard characters which match against
// an arbitrary number of characters or a single character respectively.
AcceptEnv []string `json:"acceptEnv,omitempty"`
}
// SSHPrincipal is either a particular node or a user on any node.

2
tailcfg/tailcfg_clone.go
View File

@ -505,6 +505,7 @@ func (src *SSHRule) Clone() *SSHRule {
}
dst.SSHUsers = maps.Clone(src.SSHUsers)
dst.Action = src.Action.Clone()
dst.AcceptEnv = append(src.AcceptEnv[:0:0], src.AcceptEnv...)
return dst
}
@ -514,6 +515,7 @@ func (src *SSHRule) Clone() *SSHRule {
Principals []*SSHPrincipal
SSHUsers map[string]string
Action *SSHAction
AcceptEnv []string
}{})
// Clone makes a deep copy of SSHAction.

2
tailcfg/tailcfg_view.go
View File

@ -1126,6 +1126,7 @@ func (v SSHRuleView) Principals() views.SliceView[*SSHPrincipal, SSHPrincipalVie
func (v SSHRuleView) SSHUsers() views.Map[string, string] { return views.MapOf(v.ж.SSHUsers) }
func (v SSHRuleView) Action() SSHActionView { return v.ж.Action.View() }
func (v SSHRuleView) AcceptEnv() views.Slice[string] { return views.SliceOf(v.ж.AcceptEnv) }
// A compilation failure here means this code must be regenerated, with the command at the top of this file.
var _SSHRuleViewNeedsRegeneration = SSHRule(struct {
@ -1133,6 +1134,7 @@ func (v SSHRuleView) Action() SSHActionView { return v.ж.Action.V
Principals []*SSHPrincipal
SSHUsers map[string]string
Action *SSHAction
AcceptEnv []string
}{})
// View returns a readonly view of SSHAction.