Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-10-28 10:51:44 +01:00
Code Issues Projects Releases Wiki Activity

cmd: add policy check command (#2553)

Browse Source
This commit is contained in:
Kristoffer Dalby 2025-05-02 13:58:30 +03:00 committed by GitHub
parent e4d10ad964
commit 93afb03f67
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG.md
View File

@ -71,13 +71,11 @@ working in v1 and not tested might be broken in v2 (and vice versa).
**We do need help testing this code** **We do need help testing this code**
#### Other breaking
- Disallow `server_url` and `base_domain` to be equal
[#2544](https://github.com/juanfont/headscale/pull/2544)
#### Other breaking changes #### Other breaking changes
- Disallow `server_url` and `base_domain` to be equal
[#2544](https://github.com/juanfont/headscale/pull/2544)
- Return full user in API for pre auth keys instead of string - Return full user in API for pre auth keys instead of string
[#2542](https://github.com/juanfont/headscale/pull/2542) [#2542](https://github.com/juanfont/headscale/pull/2542)
- Pre auth key API/CLI now uses ID over username - Pre auth key API/CLI now uses ID over username
@ -86,6 +84,8 @@ working in v1 and not tested might be broken in v2 (and vice versa).
### Changes ### Changes
- Use Go 1.24 [#2427](https://github.com/juanfont/headscale/pull/2427) - Use Go 1.24 [#2427](https://github.com/juanfont/headscale/pull/2427)
- Add `headscale policy check` command to check policy
[#2553](https://github.com/juanfont/headscale/pull/2553)
- `oidc.map_legacy_users` and `oidc.strip_email_domain` has been removed - `oidc.map_legacy_users` and `oidc.strip_email_domain` has been removed
[#2411](https://github.com/juanfont/headscale/pull/2411) [#2411](https://github.com/juanfont/headscale/pull/2411)
- Add more information to `/debug` endpoint - Add more information to `/debug` endpoint

34
cmd/headscale/cli/policy.go
View File

@ -6,6 +6,7 @@ import (
"os" "os"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1" v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/juanfont/headscale/hscontrol/policy"
"github.com/rs/zerolog/log" "github.com/rs/zerolog/log"
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
@ -19,6 +20,12 @@ func init() {
log.Fatal().Err(err).Msg("") log.Fatal().Err(err).Msg("")
} }
policyCmd.AddCommand(setPolicy) policyCmd.AddCommand(setPolicy)
checkPolicy.Flags().StringP("file", "f", "", "Path to a policy file in HuJSON format")
if err := checkPolicy.MarkFlagRequired("file"); err != nil {
log.Fatal().Err(err).Msg("")
}
policyCmd.AddCommand(checkPolicy)
} }
var policyCmd = &cobra.Command{ var policyCmd = &cobra.Command{
@ -85,3 +92,30 @@ var setPolicy = &cobra.Command{
SuccessOutput(nil, "Policy updated.", "") SuccessOutput(nil, "Policy updated.", "")
}, },
} }
var checkPolicy = &cobra.Command{
Use: "check",
Short: "Check the Policy file for errors",
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
policyPath, _ := cmd.Flags().GetString("file")
f, err := os.Open(policyPath)
if err != nil {
ErrorOutput(err, fmt.Sprintf("Error opening the policy file: %s", err), output)
}
defer f.Close()
policyBytes, err := io.ReadAll(f)
if err != nil {
ErrorOutput(err, fmt.Sprintf("Error reading the policy file: %s", err), output)
}
_, err = policy.NewPolicyManager(policyBytes, nil, nil)
if err != nil {
ErrorOutput(err, fmt.Sprintf("Error parsing the policy file: %s", err), output)
}
SuccessOutput(nil, "Policy is valid", "")
},
}