util/syspolicy: add rsop package that provides access to the resultant policy

In this PR we add syspolicy/rsop package that facilitates policy source registration and provides access to the resultant policy merged from all registered sources for a given scope. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>
2025-12-05 04:11:59 +00:00 · 2024-10-07 21:18:45 -05:00
parent 2aa9125ac4
commit ff5f233c3a
9 changed files with 1838 additions and 22 deletions
--- a/util/syspolicy/setting/policy_scope.go
+++ b/util/syspolicy/setting/policy_scope.go
@@ -8,6 +8,7 @@ import (
 	"strings"

 	"tailscale.com/types/lazy"
+	"tailscale.com/util/syspolicy/internal"
 )

 var (
@@ -35,6 +36,8 @@ type PolicyScope struct {
 // when querying policy settings.
 // It returns [DeviceScope], unless explicitly changed with [SetDefaultScope].
 func DefaultScope() PolicyScope {
+	// Allow deferred package init functions to override the default scope.
+	internal.Init.Do()
 	return lazyDefaultScope.Get(func() PolicyScope { return DeviceScope })
 }