TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-25 19:15:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnlocal: change serial number policy to be PreferenceOption

Browse Source 
This commit changes the PostureChecking syspolicy key to be a
PreferenceOption(user-defined, always, never) instead of Bool.

This aligns better with the defaults implementation on macOS allowing
CLI arguments to be read when user-defined or no defaults is set.

Updates #tailscale/tailscale/5902

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2023-10-16 09:39:20 +02:00 committed by Kristoffer Dalby
parent 97ee3891f1
commit e06f2f1873
2 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ipn/ipnlocal/c2n.go
View File

@ -234,13 +234,16 @@ func (b *LocalBackend) handleC2NPostureIdentityGet(w http.ResponseWriter, r *htt
// this will first check syspolicy, MDM settings like Registry // this will first check syspolicy, MDM settings like Registry
// on Windows or defaults on macOS. If they are not set, it falls // on Windows or defaults on macOS. If they are not set, it falls
// back to the cli-flag, `--posture-checking`. // back to the cli-flag, `--posture-checking`.
enabled, err := syspolicy.GetBoolean(syspolicy.PostureChecking, b.Prefs().PostureChecking()) choice, err := syspolicy.GetPreferenceOption(syspolicy.PostureChecking)
if err != nil { if err != nil {
enabled = b.Prefs().PostureChecking() b.logf(
b.logf("c2n: failed to read PostureChecking from syspolicy, returning default from CLI: %s; got error: %s", enabled, err) "c2n: failed to read PostureChecking from syspolicy, returning default from CLI: %s; got error: %s",
b.Prefs().PostureChecking(),
err,
)
} }
if enabled { if choice.ShouldEnable(b.Prefs().PostureChecking()) {
sns, err := posture.GetSerialNumbers(b.logf) sns, err := posture.GetSerialNumbers(b.logf)
if err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)

5
util/syspolicy/policy_keys.go
View File

@ -33,7 +33,10 @@
// The default is 0 unless otherwise stated. // The default is 0 unless otherwise stated.
LogSCMInteractions Key = "LogSCMInteractions" LogSCMInteractions Key = "LogSCMInteractions"
FlushDNSOnSessionUnlock Key = "FlushDNSOnSessionUnlock" FlushDNSOnSessionUnlock Key = "FlushDNSOnSessionUnlock"
// Boolean key that indicates if posture checking is enabled and the client shall gather
// PostureChecking indicates if posture checking is enabled and the client shall gather
// posture data. // posture data.
// Key is a string value that specifies an option: "always", "never", "user-decides".
// The default is "user-decides" unless otherwise stated.
PostureChecking Key = "PostureChecking" PostureChecking Key = "PostureChecking"
) )