2021-07-03 11:55:32 +02:00
|
|
|
package headscale
|
|
|
|
|
|
|
|
import (
|
|
|
|
"strings"
|
|
|
|
|
2021-07-03 17:31:32 +02:00
|
|
|
"github.com/tailscale/hujson"
|
2021-07-03 11:55:32 +02:00
|
|
|
"inet.af/netaddr"
|
|
|
|
)
|
|
|
|
|
|
|
|
type ACLPolicy struct {
|
|
|
|
Groups Groups `json:"Groups"`
|
|
|
|
Hosts Hosts `json:"Hosts"`
|
|
|
|
TagOwners TagOwners `json:"TagOwners"`
|
|
|
|
ACLs []ACL `json:"ACLs"`
|
|
|
|
Tests []ACLTest `json:"Tests"`
|
|
|
|
}
|
|
|
|
|
|
|
|
type ACL struct {
|
|
|
|
Action string `json:"Action"`
|
|
|
|
Users []string `json:"Users"`
|
|
|
|
Ports []string `json:"Ports"`
|
|
|
|
}
|
|
|
|
|
|
|
|
type Groups map[string][]string
|
|
|
|
|
2021-07-03 17:31:32 +02:00
|
|
|
type Hosts map[string]netaddr.IPPrefix
|
2021-07-03 11:55:32 +02:00
|
|
|
|
2021-07-03 17:31:32 +02:00
|
|
|
type TagOwners map[string][]string
|
2021-07-03 11:55:32 +02:00
|
|
|
|
|
|
|
type ACLTest struct {
|
|
|
|
User string `json:"User"`
|
|
|
|
Allow []string `json:"Allow"`
|
|
|
|
Deny []string `json:"Deny,omitempty"`
|
|
|
|
}
|
|
|
|
|
2021-07-03 17:31:32 +02:00
|
|
|
func (h *Hosts) UnmarshalJSON(data []byte) error {
|
|
|
|
hosts := Hosts{}
|
|
|
|
hs := make(map[string]string)
|
|
|
|
err := hujson.Unmarshal(data, &hs)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2021-07-03 11:55:32 +02:00
|
|
|
}
|
2021-07-03 17:31:32 +02:00
|
|
|
for k, v := range hs {
|
2021-07-03 11:55:32 +02:00
|
|
|
if !strings.Contains(v, "/") {
|
|
|
|
v = v + "/32"
|
|
|
|
}
|
|
|
|
prefix, err := netaddr.ParseIPPrefix(v)
|
|
|
|
if err != nil {
|
2021-07-03 17:31:32 +02:00
|
|
|
return err
|
2021-07-03 11:55:32 +02:00
|
|
|
}
|
|
|
|
hosts[k] = prefix
|
|
|
|
}
|
2021-07-03 17:31:32 +02:00
|
|
|
*h = hosts
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// IsZero is perhaps a bit naive here
|
|
|
|
func (p ACLPolicy) IsZero() bool {
|
|
|
|
if len(p.Groups) == 0 && len(p.Hosts) == 0 && len(p.ACLs) == 0 {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
return false
|
2021-07-03 11:55:32 +02:00
|
|
|
}
|