headscale
headscale copied to clipboard
juanfont
Add support for autoApprovers ACL
- [X] read the CONTRIBUTING guidelines
- [x] raised a GitHub issue or discussed it on the projects chat beforehand
- [X] added unit tests
- [ ] added integration tests
- [ ] updated documentation if needed
- [ ] updated CHANGELOG.md
I've patched in support for AutoApprovers for exit nodes and subnets per https://tailscale.com/blog/auto-approvers/
The behaviour of the code is (currently)
- Support auto-approving nodes that advertise subnets or exit status by tag, group or namespace
- Advertised routes can be auto-approved by a overarching autoApproved route (e.g. advertised route 10.10.0.0/16 would be enabled if the node matched autoApproved route 10.0.0.0/8)
- EnableAutoApprovedRoutes is called in protocol_common_poll.go!handlePollCommon, although I'm not 100% sure if this is the appropriate place within headscale
Let me know what you think, happy to tweak as far as my limited go skills allow
@tsujamin can you update the PR to fix the conflict and replace inet.af/netaddr with net/netip?
awesome - I can add a test like that but since the underlying logic relied on the same expandAlias logic I ommited it for now.
do you want me to do the change-log or is that something the maintainers do as a rollup?
awesome - I can add a test like that but since the underlying logic relied on the same expandAlias logic I ommited it for now.
do you want me to do the change-log or is that something the maintainers do as a rollup?
You can add the changelog.
I've added the changelog - just noting though that there's a merge conflict between this and #767 so #767 would need to be merged first, then I can make the small change to a failing test here