headscale icon indicating copy to clipboard operation
headscale copied to clipboard

Published 20 hours ago verified publisher icon juanfont

Support ACL Tests

Open EtaoinWu opened this issue 4 months ago • 0 comments

Why

ACL tests is a tailscale feature that allows ACL creators to do a sanity check on an ACL. It is a quality of life feature for access management.

// in ACL.hujson
{
  // ... other config
  "tests": [
    {
      "src": "alice-pc",
      "proto": "tcp",
      "accept": [ "jump-server:22", "tag:printer:80" ],
      "deny": [ "bob-laptop:443" ],
    },
  ],
}

Headscale currently parses but ignores ACL tests in an ACL config hujson or yaml file.

Description

Implement ACL testing as described in tailscale's KB. Note that the struct ACLTest misses some fields as defined by tailscale.

EtaoinWu avatar Mar 01 '24 11:03 EtaoinWu