policy

Documentation

Index

• type ACL
• type ACLPolicy
  • func (aclPolicy *ACLPolicy) GetTagOwners() TagOwners
  • func (pol ACLPolicy) IsZero() bool
  • func (aclPolicy *ACLPolicy) TouchTagOwner(tagName string)
• type ACLTest
• type AutoApprovers
  • func (autoApprovers *AutoApprovers) GetRouteApprovers(prefix netip.Prefix) ([]string, error)
• type Groups
• type Hosts
  • func (hosts *Hosts) UnmarshalJSON(data []byte) error
  • func (hosts *Hosts) UnmarshalYAML(data []byte) error
• type SSH
• type TagOwners

Types

type ACL

type ACL struct {
	Action       string   `json:"action" yaml:"action"`
	Protocol     string   `json:"proto"  yaml:"proto"`
	Sources      []string `json:"src"    yaml:"src"`
	Destinations []string `json:"dst"    yaml:"dst"`
}

ACL is a basic rule for the ACL Policy.

type ACLPolicy

type ACLPolicy struct {
	Groups        Groups        `json:"groups"        yaml:"groups"`
	Hosts         Hosts         `json:"hosts"         yaml:"hosts"`
	TagOwners     TagOwners     `json:"tagOwners"     yaml:"tagOwners"`
	ACLs          []ACL         `json:"acls"          yaml:"acls"`
	Tests         []ACLTest     `json:"tests"         yaml:"tests"`
	AutoApprovers AutoApprovers `json:"autoApprovers" yaml:"autoApprovers"`
	SSHs          []SSH         `json:"ssh"           yaml:"ssh"`
}

ACLPolicy represents a Tailscale ACL Policy.

func (*ACLPolicy) GetTagOwners

func (aclPolicy *ACLPolicy) GetTagOwners() TagOwners

func (ACLPolicy) IsZero

func (pol ACLPolicy) IsZero() bool

IsZero is perhaps a bit naive here.

func (*ACLPolicy) TouchTagOwner

func (aclPolicy *ACLPolicy) TouchTagOwner(tagName string)

type ACLTest

type ACLTest struct {
	Source string   `json:"src"            yaml:"src"`
	Accept []string `json:"accept"         yaml:"accept"`
	Deny   []string `json:"deny,omitempty" yaml:"deny,omitempty"`
}

ACLTest is not implemented, but should be use to check if a certain rule is allowed.

type AutoApprovers

type AutoApprovers struct {
	Routes   map[string][]string `json:"routes"   yaml:"routes"`
	ExitNode []string            `json:"exitNode" yaml:"exitNode"`
}

AutoApprovers specify which users (users?), groups or tags have their advertised routes or exit node status automatically enabled.

func (*AutoApprovers) GetRouteApprovers

func (autoApprovers *AutoApprovers) GetRouteApprovers(
	prefix netip.Prefix,
) ([]string, error)

Returns the list of autoApproving users, groups or tags for a given IPPrefix.

type Groups

type Groups map[string][]string

Groups references a series of alias in the ACL rules.

type Hosts

type Hosts map[string]netip.Prefix

Hosts are alias for IP addresses or subnets.

func (*Hosts) UnmarshalJSON

func (hosts *Hosts) UnmarshalJSON(data []byte) error

UnmarshalJSON allows to parse the Hosts directly into netip objects.

func (*Hosts) UnmarshalYAML

func (hosts *Hosts) UnmarshalYAML(data []byte) error

UnmarshalYAML allows to parse the Hosts directly into netip objects.

type SSH

type SSH struct {
	Action       string   `json:"action"                yaml:"action"`
	Sources      []string `json:"src"                   yaml:"src"`
	Destinations []string `json:"dst"                   yaml:"dst"`
	Users        []string `json:"users"                 yaml:"users"`
	CheckPeriod  string   `json:"checkPeriod,omitempty" yaml:"checkPeriod,omitempty"`
}

SSH controls who can ssh into which machines.

type TagOwners

type TagOwners map[string][]string

TagOwners specify what users (users?) are allow to use certain tags.