mirror of
				https://github.com/tailscale/tailscale.git
				synced 2025-10-25 10:09:17 +00:00 
			
		
		
		
	 898695e312
			
		
	
	898695e312
	
	
	
		
			
			This allows gitops-pusher to detect external ACL changes. I'm not sure what to call this problem, so I've been calling it the "three version problem" in my notes. The basic problem is that at any given time we only have two versions of the ACL file at any given point: the version in CONTROL and the one in the git repo. In order to check if there has been tampering of the ACL files in the admin panel, we need to have a _third_ version to compare against. In this case I am not storing the old ACL entirely (though that could be a reasonable thing to add in the future), but only its sha256sum. This allows us to detect if the shasum in control matches the shasum we expect, and if that expectation fails, then we can react accordingly. This will require additional configuration in CI, but I'm sure that can be done. Signed-off-by: Xe <xe@tailscale.com>
		
			
				
	
	
		
			2 lines
		
	
	
		
			19 B
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			2 lines
		
	
	
		
			19 B
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| version-cache.json
 |