util/syspolicy/source: put EnvPolicyStore env keys in their own namespace

... all prefixed with TS_DEBUGSYSPOLICY_*.

Updates #13193
Updates #12687
Updates #13855

Change-Id: Ia8024946f53e2b3afda4456a7bb85bbcf6d12bfc
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2024-10-30 09:48:12 -07:00 committed by Brad Fitzpatrick
parent 540e4c83d0
commit f81348a16b
2 changed files with 46 additions and 41 deletions

View File

@ -114,7 +114,7 @@ func keyToEnvVarName(key setting.Key) (string, error) {
isDigit := func(c byte) bool { return '0' <= c && c <= '9' } isDigit := func(c byte) bool { return '0' <= c && c <= '9' }
words := make([]string, 0, 8) words := make([]string, 0, 8)
words = append(words, "TS") words = append(words, "TS_DEBUGSYSPOLICY")
var currentWord strings.Builder var currentWord strings.Builder
for i := 0; i < len(key); i++ { for i := 0; i < len(key); i++ {
c := key[i] c := key[i]

View File

@ -14,11 +14,11 @@
"tailscale.com/util/syspolicy/setting" "tailscale.com/util/syspolicy/setting"
) )
func TestKeyToVariableName(t *testing.T) { func TestKeyToEnvVarName(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
key setting.Key key setting.Key
want string want string // suffix after "TS_DEBUGSYSPOLICY_"
wantErr error wantErr error
}{ }{
{ {
@ -29,87 +29,87 @@ func TestKeyToVariableName(t *testing.T) {
{ {
name: "lowercase", name: "lowercase",
key: "tailnet", key: "tailnet",
want: "TS_TAILNET", want: "TAILNET",
}, },
{ {
name: "CamelCase", name: "CamelCase",
key: "AuthKey", key: "AuthKey",
want: "TS_AUTH_KEY", want: "AUTH_KEY",
}, },
{ {
name: "LongerCamelCase", name: "LongerCamelCase",
key: "ManagedByOrganizationName", key: "ManagedByOrganizationName",
want: "TS_MANAGED_BY_ORGANIZATION_NAME", want: "MANAGED_BY_ORGANIZATION_NAME",
}, },
{ {
name: "UPPERCASE", name: "UPPERCASE",
key: "UPPERCASE", key: "UPPERCASE",
want: "TS_UPPERCASE", want: "UPPERCASE",
}, },
{ {
name: "WithAbbrev/Front", name: "WithAbbrev/Front",
key: "DNSServer", key: "DNSServer",
want: "TS_DNS_SERVER", want: "DNS_SERVER",
}, },
{ {
name: "WithAbbrev/Middle", name: "WithAbbrev/Middle",
key: "ExitNodeAllowLANAccess", key: "ExitNodeAllowLANAccess",
want: "TS_EXIT_NODE_ALLOW_LAN_ACCESS", want: "EXIT_NODE_ALLOW_LAN_ACCESS",
}, },
{ {
name: "WithAbbrev/Back", name: "WithAbbrev/Back",
key: "ExitNodeID", key: "ExitNodeID",
want: "TS_EXIT_NODE_ID", want: "EXIT_NODE_ID",
}, },
{ {
name: "WithDigits/Single/Front", name: "WithDigits/Single/Front",
key: "0TestKey", key: "0TestKey",
want: "TS_0_TEST_KEY", want: "0_TEST_KEY",
}, },
{ {
name: "WithDigits/Multi/Front", name: "WithDigits/Multi/Front",
key: "64TestKey", key: "64TestKey",
want: "TS_64_TEST_KEY", want: "64_TEST_KEY",
}, },
{ {
name: "WithDigits/Single/Middle", name: "WithDigits/Single/Middle",
key: "Test0Key", key: "Test0Key",
want: "TS_TEST_0_KEY", want: "TEST_0_KEY",
}, },
{ {
name: "WithDigits/Multi/Middle", name: "WithDigits/Multi/Middle",
key: "Test64Key", key: "Test64Key",
want: "TS_TEST_64_KEY", want: "TEST_64_KEY",
}, },
{ {
name: "WithDigits/Single/Back", name: "WithDigits/Single/Back",
key: "TestKey0", key: "TestKey0",
want: "TS_TEST_KEY_0", want: "TEST_KEY_0",
}, },
{ {
name: "WithDigits/Multi/Back", name: "WithDigits/Multi/Back",
key: "TestKey64", key: "TestKey64",
want: "TS_TEST_KEY_64", want: "TEST_KEY_64",
}, },
{ {
name: "WithDigits/Multi/Back", name: "WithDigits/Multi/Back",
key: "TestKey64", key: "TestKey64",
want: "TS_TEST_KEY_64", want: "TEST_KEY_64",
}, },
{ {
name: "WithPathSeparators/Single", name: "WithPathSeparators/Single",
key: "Key/Subkey", key: "Key/Subkey",
want: "TS_KEY_SUBKEY", want: "KEY_SUBKEY",
}, },
{ {
name: "WithPathSeparators/Multi", name: "WithPathSeparators/Multi",
key: "Root/Level1/Level2", key: "Root/Level1/Level2",
want: "TS_ROOT_LEVEL_1_LEVEL_2", want: "ROOT_LEVEL_1_LEVEL_2",
}, },
{ {
name: "Mixed", name: "Mixed",
key: "Network/DNSServer/IPAddress", key: "Network/DNSServer/IPAddress",
want: "TS_NETWORK_DNS_SERVER_IP_ADDRESS", want: "NETWORK_DNS_SERVER_IP_ADDRESS",
}, },
{ {
name: "Non-Alphanumeric/NonASCII/1", name: "Non-Alphanumeric/NonASCII/1",
@ -142,8 +142,12 @@ func TestKeyToVariableName(t *testing.T) {
got, err := keyToEnvVarName(tt.key) got, err := keyToEnvVarName(tt.key)
checkError(t, err, tt.wantErr, true) checkError(t, err, tt.wantErr, true)
if got != tt.want { want := tt.want
t.Fatalf("got %q; want %q", got, tt.want) if want != "" {
want = "TS_DEBUGSYSPOLICY_" + want
}
if got != want {
t.Fatalf("got %q; want %q", got, want)
} }
}) })
} }
@ -152,6 +156,7 @@ func TestKeyToVariableName(t *testing.T) {
func TestEnvPolicyStore(t *testing.T) { func TestEnvPolicyStore(t *testing.T) {
blankEnv := func(string) (string, bool) { return "", false } blankEnv := func(string) (string, bool) { return "", false }
makeEnv := func(wantName, value string) func(string) (string, bool) { makeEnv := func(wantName, value string) func(string) (string, bool) {
wantName = "TS_DEBUGSYSPOLICY_" + wantName
return func(gotName string) (string, bool) { return func(gotName string) (string, bool) {
if gotName != wantName { if gotName != wantName {
return "", false return "", false
@ -176,13 +181,13 @@ func TestEnvPolicyStore(t *testing.T) {
{ {
name: "Configured/String/Empty", name: "Configured/String/Empty",
key: "AuthKey", key: "AuthKey",
lookup: makeEnv("TS_AUTH_KEY", ""), lookup: makeEnv("AUTH_KEY", ""),
want: "", want: "",
}, },
{ {
name: "Configured/String/NonEmpty", name: "Configured/String/NonEmpty",
key: "AuthKey", key: "AuthKey",
lookup: makeEnv("TS_AUTH_KEY", "ABC123"), lookup: makeEnv("AUTH_KEY", "ABC123"),
want: "ABC123", want: "ABC123",
}, },
{ {
@ -195,39 +200,39 @@ func TestEnvPolicyStore(t *testing.T) {
{ {
name: "Configured/UInt64/Empty", name: "Configured/UInt64/Empty",
key: "IntegerSetting", key: "IntegerSetting",
lookup: makeEnv("TS_INTEGER_SETTING", ""), lookup: makeEnv("INTEGER_SETTING", ""),
wantErr: setting.ErrNotConfigured, wantErr: setting.ErrNotConfigured,
want: uint64(0), want: uint64(0),
}, },
{ {
name: "Configured/UInt64/Zero", name: "Configured/UInt64/Zero",
key: "IntegerSetting", key: "IntegerSetting",
lookup: makeEnv("TS_INTEGER_SETTING", "0"), lookup: makeEnv("INTEGER_SETTING", "0"),
want: uint64(0), want: uint64(0),
}, },
{ {
name: "Configured/UInt64/NonZero", name: "Configured/UInt64/NonZero",
key: "IntegerSetting", key: "IntegerSetting",
lookup: makeEnv("TS_INTEGER_SETTING", "12345"), lookup: makeEnv("INTEGER_SETTING", "12345"),
want: uint64(12345), want: uint64(12345),
}, },
{ {
name: "Configured/UInt64/MaxUInt64", name: "Configured/UInt64/MaxUInt64",
key: "IntegerSetting", key: "IntegerSetting",
lookup: makeEnv("TS_INTEGER_SETTING", strconv.FormatUint(math.MaxUint64, 10)), lookup: makeEnv("INTEGER_SETTING", strconv.FormatUint(math.MaxUint64, 10)),
want: uint64(math.MaxUint64), want: uint64(math.MaxUint64),
}, },
{ {
name: "Configured/UInt64/Negative", name: "Configured/UInt64/Negative",
key: "IntegerSetting", key: "IntegerSetting",
lookup: makeEnv("TS_INTEGER_SETTING", "-1"), lookup: makeEnv("INTEGER_SETTING", "-1"),
wantErr: setting.ErrTypeMismatch, wantErr: setting.ErrTypeMismatch,
want: uint64(0), want: uint64(0),
}, },
{ {
name: "Configured/UInt64/Hex", name: "Configured/UInt64/Hex",
key: "IntegerSetting", key: "IntegerSetting",
lookup: makeEnv("TS_INTEGER_SETTING", "0xDEADBEEF"), lookup: makeEnv("INTEGER_SETTING", "0xDEADBEEF"),
want: uint64(0xDEADBEEF), want: uint64(0xDEADBEEF),
}, },
{ {
@ -240,38 +245,38 @@ func TestEnvPolicyStore(t *testing.T) {
{ {
name: "Configured/Bool/Empty", name: "Configured/Bool/Empty",
key: "LogSCMInteractions", key: "LogSCMInteractions",
lookup: makeEnv("TS_LOG_SCM_INTERACTIONS", ""), lookup: makeEnv("LOG_SCM_INTERACTIONS", ""),
wantErr: setting.ErrNotConfigured, wantErr: setting.ErrNotConfigured,
want: false, want: false,
}, },
{ {
name: "Configured/Bool/True", name: "Configured/Bool/True",
key: "LogSCMInteractions", key: "LogSCMInteractions",
lookup: makeEnv("TS_LOG_SCM_INTERACTIONS", "true"), lookup: makeEnv("LOG_SCM_INTERACTIONS", "true"),
want: true, want: true,
}, },
{ {
name: "Configured/Bool/False", name: "Configured/Bool/False",
key: "LogSCMInteractions", key: "LogSCMInteractions",
lookup: makeEnv("TS_LOG_SCM_INTERACTIONS", "False"), lookup: makeEnv("LOG_SCM_INTERACTIONS", "False"),
want: false, want: false,
}, },
{ {
name: "Configured/Bool/1", name: "Configured/Bool/1",
key: "LogSCMInteractions", key: "LogSCMInteractions",
lookup: makeEnv("TS_LOG_SCM_INTERACTIONS", "1"), lookup: makeEnv("LOG_SCM_INTERACTIONS", "1"),
want: true, want: true,
}, },
{ {
name: "Configured/Bool/0", name: "Configured/Bool/0",
key: "LogSCMInteractions", key: "LogSCMInteractions",
lookup: makeEnv("TS_LOG_SCM_INTERACTIONS", "0"), lookup: makeEnv("LOG_SCM_INTERACTIONS", "0"),
want: false, want: false,
}, },
{ {
name: "Configured/Bool/Invalid", name: "Configured/Bool/Invalid",
key: "IntegerSetting", key: "IntegerSetting",
lookup: makeEnv("TS_INTEGER_SETTING", "NotABool"), lookup: makeEnv("INTEGER_SETTING", "NotABool"),
wantErr: setting.ErrTypeMismatch, wantErr: setting.ErrTypeMismatch,
want: false, want: false,
}, },
@ -285,31 +290,31 @@ func TestEnvPolicyStore(t *testing.T) {
{ {
name: "Configured/StringArray/Empty", name: "Configured/StringArray/Empty",
key: "AllowedSuggestedExitNodes", key: "AllowedSuggestedExitNodes",
lookup: makeEnv("TS_ALLOWED_SUGGESTED_EXIT_NODES", ""), lookup: makeEnv("ALLOWED_SUGGESTED_EXIT_NODES", ""),
want: []string(nil), want: []string(nil),
}, },
{ {
name: "Configured/StringArray/Spaces", name: "Configured/StringArray/Spaces",
key: "AllowedSuggestedExitNodes", key: "AllowedSuggestedExitNodes",
lookup: makeEnv("TS_ALLOWED_SUGGESTED_EXIT_NODES", " \t "), lookup: makeEnv("ALLOWED_SUGGESTED_EXIT_NODES", " \t "),
want: []string{}, want: []string{},
}, },
{ {
name: "Configured/StringArray/Single", name: "Configured/StringArray/Single",
key: "AllowedSuggestedExitNodes", key: "AllowedSuggestedExitNodes",
lookup: makeEnv("TS_ALLOWED_SUGGESTED_EXIT_NODES", "NodeA"), lookup: makeEnv("ALLOWED_SUGGESTED_EXIT_NODES", "NodeA"),
want: []string{"NodeA"}, want: []string{"NodeA"},
}, },
{ {
name: "Configured/StringArray/Multi", name: "Configured/StringArray/Multi",
key: "AllowedSuggestedExitNodes", key: "AllowedSuggestedExitNodes",
lookup: makeEnv("TS_ALLOWED_SUGGESTED_EXIT_NODES", "NodeA,NodeB,NodeC"), lookup: makeEnv("ALLOWED_SUGGESTED_EXIT_NODES", "NodeA,NodeB,NodeC"),
want: []string{"NodeA", "NodeB", "NodeC"}, want: []string{"NodeA", "NodeB", "NodeC"},
}, },
{ {
name: "Configured/StringArray/WithBlank", name: "Configured/StringArray/WithBlank",
key: "AllowedSuggestedExitNodes", key: "AllowedSuggestedExitNodes",
lookup: makeEnv("TS_ALLOWED_SUGGESTED_EXIT_NODES", "NodeA,\t,, ,NodeB"), lookup: makeEnv("ALLOWED_SUGGESTED_EXIT_NODES", "NodeA,\t,, ,NodeB"),
want: []string{"NodeA", "NodeB"}, want: []string{"NodeA", "NodeB"},
}, },
} }