util/syspolicy/*: move syspolicy keys to new const leaf "pkey" package

This is step 1 of ~3, breaking up #14720 into reviewable chunks, with the aim to make syspolicy be a build-time configurable feature. In this first (very noisy) step, all the syspolicy string key constants move to a new constant-only (code-free) package. This will make future steps more reviewable, without this movement noise. There are no code or behavior changes here. The future steps of this series can be seen in #14720: removing global funcs from syspolicy resolution and using an interface that's plumbed around instead. Then adding build tags. Updates #12614 Change-Id: If73bf2c28b9c9b1a408fe868b0b6a25b03eeabd1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-11-01 22:22:12 +00:00 · 2025-08-30 08:02:35 -07:00
parent 6d45fcfc93
commit cc532efc20
48 changed files with 601 additions and 554 deletions
--- a/util/syspolicy/source/test_store.go
+++ b/util/syspolicy/source/test_store.go
@@ -12,6 +12,7 @@ import (
 	"tailscale.com/util/mak"
 	"tailscale.com/util/set"
 	"tailscale.com/util/slicesx"
+	"tailscale.com/util/syspolicy/pkey"
 	"tailscale.com/util/syspolicy/setting"
 	"tailscale.com/util/testenv"
 )
@@ -31,7 +32,7 @@ type TestValueType interface {
 // TestSetting is a policy setting in a [TestStore].
 type TestSetting[T TestValueType] struct {
 	// Key is the setting's unique identifier.
-	Key setting.Key
+	Key pkey.Key
 	// Error is the error to be returned by the [TestStore] when reading
 	// a policy setting with the specified key.
 	Error error
@@ -43,20 +44,20 @@ type TestSetting[T TestValueType] struct {

 // TestSettingOf returns a [TestSetting] representing a policy setting
 // configured with the specified key and value.
-func TestSettingOf[T TestValueType](key setting.Key, value T) TestSetting[T] {
+func TestSettingOf[T TestValueType](key pkey.Key, value T) TestSetting[T] {
 	return TestSetting[T]{Key: key, Value: value}
 }

 // TestSettingWithError returns a [TestSetting] representing a policy setting
 // with the specified key and error.
-func TestSettingWithError[T TestValueType](key setting.Key, err error) TestSetting[T] {
+func TestSettingWithError[T TestValueType](key pkey.Key, err error) TestSetting[T] {
 	return TestSetting[T]{Key: key, Error: err}
 }

 // testReadOperation describes a single policy setting read operation.
 type testReadOperation struct {
 	// Key is the setting's unique identifier.
-	Key setting.Key
+	Key pkey.Key
 	// Type is a value type of a read operation.
 	// [setting.BooleanValue], [setting.IntegerValue], [setting.StringValue] or [setting.StringListValue]
 	Type setting.Type
@@ -65,7 +66,7 @@ type testReadOperation struct {
 // TestExpectedReads is the number of read operations with the specified details.
 type TestExpectedReads struct {
 	// Key is the setting's unique identifier.
-	Key setting.Key
+	Key pkey.Key
 	// Type is a value type of a read operation.
 	// [setting.BooleanValue], [setting.IntegerValue], [setting.StringValue] or [setting.StringListValue]
 	Type setting.Type
@@ -87,8 +88,8 @@ type TestStore struct {
 	storeLockCount atomic.Int32

 	mu           sync.RWMutex
-	suspendCount int                 // change callback are suspended if > 0
-	mr, mw       map[setting.Key]any // maps for reading and writing; they're the same unless the store is suspended.
+	suspendCount int              // change callback are suspended if > 0
+	mr, mw       map[pkey.Key]any // maps for reading and writing; they're the same unless the store is suspended.
 	cbs          set.HandleSet[func()]
 	closed       bool

@@ -99,7 +100,7 @@ type TestStore struct {
 // NewTestStore returns a new [TestStore].
 // The tb will be used to report coding errors detected by the [TestStore].
 func NewTestStore(tb testenv.TB) *TestStore {
-	m := make(map[setting.Key]any)
+	m := make(map[pkey.Key]any)
 	store := &TestStore{
 		tb:   tb,
 		done: make(chan struct{}),
@@ -162,7 +163,7 @@ func (s *TestStore) IsEmpty() bool {
 }

 // ReadString implements [Store].
-func (s *TestStore) ReadString(key setting.Key) (string, error) {
+func (s *TestStore) ReadString(key pkey.Key) (string, error) {
 	defer s.recordRead(key, setting.StringValue)
 	s.mu.RLock()
 	defer s.mu.RUnlock()
@@ -181,7 +182,7 @@ func (s *TestStore) ReadString(key setting.Key) (string, error) {
 }

 // ReadUInt64 implements [Store].
-func (s *TestStore) ReadUInt64(key setting.Key) (uint64, error) {
+func (s *TestStore) ReadUInt64(key pkey.Key) (uint64, error) {
 	defer s.recordRead(key, setting.IntegerValue)
 	s.mu.RLock()
 	defer s.mu.RUnlock()
@@ -200,7 +201,7 @@ func (s *TestStore) ReadUInt64(key setting.Key) (uint64, error) {
 }

 // ReadBoolean implements [Store].
-func (s *TestStore) ReadBoolean(key setting.Key) (bool, error) {
+func (s *TestStore) ReadBoolean(key pkey.Key) (bool, error) {
 	defer s.recordRead(key, setting.BooleanValue)
 	s.mu.RLock()
 	defer s.mu.RUnlock()
@@ -219,7 +220,7 @@ func (s *TestStore) ReadBoolean(key setting.Key) (bool, error) {
 }

 // ReadStringArray implements [Store].
-func (s *TestStore) ReadStringArray(key setting.Key) ([]string, error) {
+func (s *TestStore) ReadStringArray(key pkey.Key) ([]string, error) {
 	defer s.recordRead(key, setting.StringListValue)
 	s.mu.RLock()
 	defer s.mu.RUnlock()
@@ -237,7 +238,7 @@ func (s *TestStore) ReadStringArray(key setting.Key) ([]string, error) {
 	return slice, nil
 }

-func (s *TestStore) recordRead(key setting.Key, typ setting.Type) {
+func (s *TestStore) recordRead(key pkey.Key, typ setting.Type) {
 	s.readsMu.Lock()
 	op := testReadOperation{key, typ}
 	num := s.reads[op]
@@ -399,7 +400,7 @@ func (s *TestStore) SetStringLists(settings ...TestSetting[[]string]) {
 }

 // Delete deletes the specified settings from s.
-func (s *TestStore) Delete(keys ...setting.Key) {
+func (s *TestStore) Delete(keys ...pkey.Key) {
 	s.storeLock.Lock()
 	for _, key := range keys {
 		s.mu.Lock()