TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-12-24 01:26:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

util/syspolicy/*: move syspolicy keys to new const leaf "pkey" package

Browse Source 
This is step 1 of ~3, breaking up #14720 into reviewable chunks, with
the aim to make syspolicy be a build-time configurable feature.

In this first (very noisy) step, all the syspolicy string key
constants move to a new constant-only (code-free) package. This will
make future steps more reviewable, without this movement noise.

There are no code or behavior changes here.

The future steps of this series can be seen in #14720: removing global
funcs from syspolicy resolution and using an interface that's plumbed
around instead. Then adding build tags.

Updates #12614

Change-Id: If73bf2c28b9c9b1a408fe868b0b6a25b03eeabd1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2025-08-30 08:02:35 -07:00
committed by Brad Fitzpatrick
parent 6d45fcfc93
commit cc532efc20
48 changed files with 601 additions and 554 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
util/syspolicy/syspolicy_test.go
View File

@@ -12,6 +12,7 @@ import (
"tailscale.com/types/logger"
"tailscale.com/util/syspolicy/internal/loggerx"
"tailscale.com/util/syspolicy/internal/metrics"
"tailscale.com/util/syspolicy/pkey"
"tailscale.com/util/syspolicy/setting"
"tailscale.com/util/syspolicy/source"
"tailscale.com/util/testenv"
@@ -22,7 +23,7 @@ var someOtherError = errors.New("error other than not found")
func TestGetString(t *testing.T) {
tests := []struct {
name string
key Key
key pkey.Key
handlerValue string
handlerError error
defaultValue string
@@ -32,7 +33,7 @@ func TestGetString(t *testing.T) {
}{
{
name: "read existing value",
key: AdminConsoleVisibility,
key: pkey.AdminConsoleVisibility,
handlerValue: "hide",
wantValue: "hide",
wantMetrics: []metrics.TestState{
@@ -42,13 +43,13 @@ func TestGetString(t *testing.T) {
},
{
name: "read non-existing value",
key: EnableServerMode,
key: pkey.EnableServerMode,
handlerError: ErrNotConfigured,
wantError: nil,
},
{
name: "read non-existing value, non-blank default",
key: EnableServerMode,
key: pkey.EnableServerMode,
handlerError: ErrNotConfigured,
defaultValue: "test",
wantValue: "test",
@@ -56,7 +57,7 @@ func TestGetString(t *testing.T) {
},
{
name: "reading value returns other error",
key: NetworkDevicesVisibility,
key: pkey.NetworkDevicesVisibility,
handlerError: someOtherError,
wantError: someOtherError,
wantMetrics: []metrics.TestState{
@@ -103,7 +104,7 @@ func TestGetString(t *testing.T) {
func TestGetUint64(t *testing.T) {
tests := []struct {
name string
key Key
key pkey.Key
handlerValue uint64
handlerError error
defaultValue uint64
@@ -112,27 +113,27 @@ func TestGetUint64(t *testing.T) {
}{
{
name: "read existing value",
key: LogSCMInteractions,
key: pkey.LogSCMInteractions,
handlerValue: 1,
wantValue: 1,
},
{
name: "read non-existing value",
key: LogSCMInteractions,
key: pkey.LogSCMInteractions,
handlerValue: 0,
handlerError: ErrNotConfigured,
wantValue: 0,
},
{
name: "read non-existing value, non-zero default",
key: LogSCMInteractions,
key: pkey.LogSCMInteractions,
defaultValue: 2,
handlerError: ErrNotConfigured,
wantValue: 2,
},
{
name: "reading value returns other error",
key: FlushDNSOnSessionUnlock,
key: pkey.FlushDNSOnSessionUnlock,
handlerError: someOtherError,
wantError: someOtherError,
},
@@ -169,7 +170,7 @@ func TestGetUint64(t *testing.T) {
func TestGetBoolean(t *testing.T) {
tests := []struct {
name string
key Key
key pkey.Key
handlerValue bool
handlerError error
defaultValue bool
@@ -179,7 +180,7 @@ func TestGetBoolean(t *testing.T) {
}{
{
name: "read existing value",
key: FlushDNSOnSessionUnlock,
key: pkey.FlushDNSOnSessionUnlock,
handlerValue: true,
wantValue: true,
wantMetrics: []metrics.TestState{
@@ -189,14 +190,14 @@ func TestGetBoolean(t *testing.T) {
},
{
name: "read non-existing value",
key: LogSCMInteractions,
key: pkey.LogSCMInteractions,
handlerValue: false,
handlerError: ErrNotConfigured,
wantValue: false,
},
{
name: "reading value returns other error",
key: FlushDNSOnSessionUnlock,
key: pkey.FlushDNSOnSessionUnlock,
handlerError: someOtherError,
wantError: someOtherError, // expect error...
defaultValue: true,
@@ -245,7 +246,7 @@ func TestGetBoolean(t *testing.T) {
func TestGetPreferenceOption(t *testing.T) {
tests := []struct {
name string
key Key
key pkey.Key
handlerValue string
handlerError error
wantValue setting.PreferenceOption
@@ -254,7 +255,7 @@ func TestGetPreferenceOption(t *testing.T) {
}{
{
name: "always by policy",
key: EnableIncomingConnections,
key: pkey.EnableIncomingConnections,
handlerValue: "always",
wantValue: setting.AlwaysByPolicy,
wantMetrics: []metrics.TestState{
@@ -264,7 +265,7 @@ func TestGetPreferenceOption(t *testing.T) {
},
{
name: "never by policy",
key: EnableIncomingConnections,
key: pkey.EnableIncomingConnections,
handlerValue: "never",
wantValue: setting.NeverByPolicy,
wantMetrics: []metrics.TestState{
@@ -274,7 +275,7 @@ func TestGetPreferenceOption(t *testing.T) {
},
{
name: "use default",
key: EnableIncomingConnections,
key: pkey.EnableIncomingConnections,
handlerValue: "",
wantValue: setting.ShowChoiceByPolicy,
wantMetrics: []metrics.TestState{
@@ -284,13 +285,13 @@ func TestGetPreferenceOption(t *testing.T) {
},
{
name: "read non-existing value",
key: EnableIncomingConnections,
key: pkey.EnableIncomingConnections,
handlerError: ErrNotConfigured,
wantValue: setting.ShowChoiceByPolicy,
},
{
name: "other error is returned",
key: EnableIncomingConnections,
key: pkey.EnableIncomingConnections,
handlerError: someOtherError,
wantValue: setting.ShowChoiceByPolicy,
wantError: someOtherError,
@@ -338,7 +339,7 @@ func TestGetPreferenceOption(t *testing.T) {
func TestGetVisibility(t *testing.T) {
tests := []struct {
name string
key Key
key pkey.Key
handlerValue string
handlerError error
wantValue setting.Visibility
@@ -347,7 +348,7 @@ func TestGetVisibility(t *testing.T) {
}{
{
name: "hidden by policy",
key: AdminConsoleVisibility,
key: pkey.AdminConsoleVisibility,
handlerValue: "hide",
wantValue: setting.HiddenByPolicy,
wantMetrics: []metrics.TestState{
@@ -357,7 +358,7 @@ func TestGetVisibility(t *testing.T) {
},
{
name: "visibility default",
key: AdminConsoleVisibility,
key: pkey.AdminConsoleVisibility,
handlerValue: "show",
wantValue: setting.VisibleByPolicy,
wantMetrics: []metrics.TestState{
@@ -367,14 +368,14 @@ func TestGetVisibility(t *testing.T) {
},
{
name: "read non-existing value",
key: AdminConsoleVisibility,
key: pkey.AdminConsoleVisibility,
handlerValue: "show",
handlerError: ErrNotConfigured,
wantValue: setting.VisibleByPolicy,
},
{
name: "other error is returned",
key: AdminConsoleVisibility,
key: pkey.AdminConsoleVisibility,
handlerValue: "show",
handlerError: someOtherError,
wantValue: setting.VisibleByPolicy,
@@ -423,7 +424,7 @@ func TestGetVisibility(t *testing.T) {
func TestGetDuration(t *testing.T) {
tests := []struct {
name string
key Key
key pkey.Key
handlerValue string
handlerError error
defaultValue time.Duration
@@ -433,7 +434,7 @@ func TestGetDuration(t *testing.T) {
}{
{
name: "read existing value",
key: KeyExpirationNoticeTime,
key: pkey.KeyExpirationNoticeTime,
handlerValue: "2h",
wantValue: 2 * time.Hour,
defaultValue: 24 * time.Hour,
@@ -444,7 +445,7 @@ func TestGetDuration(t *testing.T) {
},
{
name: "invalid duration value",
key: KeyExpirationNoticeTime,
key: pkey.KeyExpirationNoticeTime,
handlerValue: "-20",
wantValue: 24 * time.Hour,
wantError: errors.New(`time: missing unit in duration "-20"`),
@@ -456,21 +457,21 @@ func TestGetDuration(t *testing.T) {
},
{
name: "read non-existing value",
key: KeyExpirationNoticeTime,
key: pkey.KeyExpirationNoticeTime,
handlerError: ErrNotConfigured,
wantValue: 24 * time.Hour,
defaultValue: 24 * time.Hour,
},
{
name: "read non-existing value different default",
key: KeyExpirationNoticeTime,
key: pkey.KeyExpirationNoticeTime,
handlerError: ErrNotConfigured,
wantValue: 0 * time.Second,
defaultValue: 0 * time.Second,
},
{
name: "other error is returned",
key: KeyExpirationNoticeTime,
key: pkey.KeyExpirationNoticeTime,
handlerError: someOtherError,
wantValue: 24 * time.Hour,
wantError: someOtherError,
@@ -519,7 +520,7 @@ func TestGetDuration(t *testing.T) {
func TestGetStringArray(t *testing.T) {
tests := []struct {
name string
key Key
key pkey.Key
handlerValue []string
handlerError error
defaultValue []string
@@ -529,7 +530,7 @@ func TestGetStringArray(t *testing.T) {
}{
{
name: "read existing value",
key: AllowedSuggestedExitNodes,
key: pkey.AllowedSuggestedExitNodes,
handlerValue: []string{"foo", "bar"},
wantValue: []string{"foo", "bar"},
wantMetrics: []metrics.TestState{
@@ -539,13 +540,13 @@ func TestGetStringArray(t *testing.T) {
},
{
name: "read non-existing value",
key: AllowedSuggestedExitNodes,
key: pkey.AllowedSuggestedExitNodes,
handlerError: ErrNotConfigured,
wantError: nil,
},
{
name: "read non-existing value, non nil default",
key: AllowedSuggestedExitNodes,
key: pkey.AllowedSuggestedExitNodes,
handlerError: ErrNotConfigured,
defaultValue: []string{"foo", "bar"},
wantValue: []string{"foo", "bar"},
@@ -553,7 +554,7 @@ func TestGetStringArray(t *testing.T) {
},
{
name: "reading value returns other error",
key: AllowedSuggestedExitNodes,
key: pkey.AllowedSuggestedExitNodes,
handlerError: someOtherError,
wantError: someOtherError,
wantMetrics: []metrics.TestState{
@@ -607,11 +608,11 @@ func BenchmarkGetString(b *testing.B) {
RegisterWellKnownSettingsForTest(b)
wantControlURL := "https://login.tailscale.com"
registerSingleSettingStoreForTest(b, source.TestSettingOf(ControlURL, wantControlURL))
registerSingleSettingStoreForTest(b, source.TestSettingOf(pkey.ControlURL, wantControlURL))
b.ResetTimer()
for i := 0; i < b.N; i++ {
gotControlURL, _ := GetString(ControlURL, "https://controlplane.tailscale.com")
gotControlURL, _ := GetString(pkey.ControlURL, "https://controlplane.tailscale.com")
if gotControlURL != wantControlURL {
b.Fatalf("got %v; want %v", gotControlURL, wantControlURL)
}