Documentation ¶
Overview ¶
Package source defines interfaces for policy stores, facilitates the creation of policy sources, and provides functionality for reading policy settings from these sources.
Index ¶
- Variables
- type Changeable
- type Expirable
- type Lockable
- type PlatformPolicyStore
- func (ps *PlatformPolicyStore) Close() error
- func (ps *PlatformPolicyStore) Done() <-chan struct{}
- func (ps *PlatformPolicyStore) Lock() (err error)
- func (ps *PlatformPolicyStore) ReadBoolean(key setting.Key) (bool, error)
- func (ps *PlatformPolicyStore) ReadString(key setting.Key) (val string, err error)
- func (ps *PlatformPolicyStore) ReadStringArray(key setting.Key) ([]string, error)
- func (ps *PlatformPolicyStore) ReadUInt64(key setting.Key) (uint64, error)
- func (ps *PlatformPolicyStore) RegisterChangeCallback(cb func()) (unregister func(), err error)
- func (ps *PlatformPolicyStore) Unlock()
- type ReadableSource
- type ReadableSources
- type Reader
- type ReadingSession
- type Source
- type Store
- type TestExpectedReads
- type TestSetting
- type TestStore
- func (s *TestStore) Clear()
- func (s *TestStore) Close()
- func (s *TestStore) Delete(keys ...setting.Key)
- func (s *TestStore) Done() <-chan struct{}
- func (s *TestStore) Lock() error
- func (s *TestStore) ReadBoolean(key setting.Key) (bool, error)
- func (s *TestStore) ReadString(key setting.Key) (string, error)
- func (s *TestStore) ReadStringArray(key setting.Key) ([]string, error)
- func (s *TestStore) ReadUInt64(key setting.Key) (uint64, error)
- func (s *TestStore) ReadsMustContain(reads ...TestExpectedReads)
- func (s *TestStore) ReadsMustEqual(reads ...TestExpectedReads)
- func (s *TestStore) RegisterChangeCallback(callback func()) (unregister func(), err error)
- func (s *TestStore) ResetCounters()
- func (s *TestStore) Resume()
- func (s *TestStore) SetBooleans(settings ...TestSetting[bool])
- func (s *TestStore) SetStringLists(settings ...TestSetting[[]string])
- func (s *TestStore) SetStrings(settings ...TestSetting[string])
- func (s *TestStore) SetUInt64s(settings ...TestSetting[uint64])
- func (s *TestStore) Suspend()
- func (s *TestStore) Unlock()
- type TestValueType
Constants ¶
This section is empty.
Variables ¶
var ErrStoreClosed = errors.New("the policy store has been closed")
ErrStoreClosed is an error returned when attempting to use a Store after it has been closed.
Functions ¶
This section is empty.
Types ¶
type Changeable ¶
type Changeable interface { // RegisterChangeCallback adds a function that will be called // whenever there's a policy change in the [Store]. // The returned function can be used to unregister the callback. RegisterChangeCallback(callback func()) (unregister func(), err error) }
Changeable is an optional interface that Store implementations may support if the policy settings they contain can be externally changed after being initially read.
type Expirable ¶
type Expirable interface { // Done returns a channel that is closed when the policy [Store] should no longer be used. // It should return nil if the store never expires. Done() <-chan struct{} }
Expirable is an optional interface that Store implementations may support if they can be externally closed or otherwise become invalid while in use.
type Lockable ¶
type Lockable interface { // Lock acquires a read lock on the policy store, // ensuring the store's state remains unchanged while locked. // Multiple readers can hold the lock simultaneously. // It returns an error if the store cannot be locked. Lock() error // Unlock unlocks the policy store. // It is a run-time error if the store is not locked on entry to Unlock. Unlock() }
Lockable is an optional interface that Store implementations may support. Locking a Store is not mandatory as Store must be concurrency-safe, but is recommended to avoid issues where consecutive read calls for related policies might return inconsistent results if a policy change occurs between the calls. Implementations may use locking to pre-read policies or for similar performance optimizations.
type PlatformPolicyStore ¶
type PlatformPolicyStore struct {
// contains filtered or unexported fields
}
PlatformPolicyStore implements Store by providing read access to Registry-based Tailscale policies, such as those configured via Group Policy or MDM. For better performance and consistency, it is recommended to lock it when reading multiple policy settings sequentially. It also allows subscribing to policy change notifications.
func NewMachinePlatformPolicyStore ¶
func NewMachinePlatformPolicyStore() (*PlatformPolicyStore, error)
NewMachinePlatformPolicyStore returns a new PlatformPolicyStore for the machine.
func NewUserPlatformPolicyStore ¶
func NewUserPlatformPolicyStore(token windows.Token) (*PlatformPolicyStore, error)
NewUserPlatformPolicyStore returns a new PlatformPolicyStore for the user specified by its token. User's profile must be loaded, and the token handle must have windows.TOKEN_QUERY and windows.TOKEN_DUPLICATE access. The caller retains ownership of the token.
func (*PlatformPolicyStore) Close ¶
func (ps *PlatformPolicyStore) Close() error
Close closes the policy store and releases any associated resources. It cancels pending locks and prevents any new lock attempts, but waits for existing locks to be released.
func (*PlatformPolicyStore) Done ¶
func (ps *PlatformPolicyStore) Done() <-chan struct{}
Done returns a channel that is closed when the Close method is called.
func (*PlatformPolicyStore) Lock ¶
func (ps *PlatformPolicyStore) Lock() (err error)
Lock locks the policy store, preventing the system from modifying the policies while they are being read. It is a read lock that may be acquired by multiple goroutines. Each Lock call must be balanced by exactly one Unlock call.
func (*PlatformPolicyStore) ReadBoolean ¶
func (ps *PlatformPolicyStore) ReadBoolean(key setting.Key) (bool, error)
ReadBoolean retrieves a boolean policy with the specified key. It returns setting.ErrNotConfigured if the policy setting does not exist.
func (*PlatformPolicyStore) ReadString ¶
func (ps *PlatformPolicyStore) ReadString(key setting.Key) (val string, err error)
ReadString retrieves a string policy with the specified key. It returns setting.ErrNotConfigured if the policy setting does not exist.
func (*PlatformPolicyStore) ReadStringArray ¶
func (ps *PlatformPolicyStore) ReadStringArray(key setting.Key) ([]string, error)
ReadString retrieves a multi-string policy with the specified key. It returns setting.ErrNotConfigured if the policy setting does not exist.
func (*PlatformPolicyStore) ReadUInt64 ¶
func (ps *PlatformPolicyStore) ReadUInt64(key setting.Key) (uint64, error)
ReadUInt64 retrieves an integer policy with the specified key. It returns setting.ErrNotConfigured if the policy setting does not exist.
func (*PlatformPolicyStore) RegisterChangeCallback ¶
func (ps *PlatformPolicyStore) RegisterChangeCallback(cb func()) (unregister func(), err error)
RegisterChangeCallback adds a function that will be called whenever there's a policy change. It returns a function that can be used to unregister the specified callback or an error. The error is ErrStoreClosed if ps has already been closed.
func (*PlatformPolicyStore) Unlock ¶
func (ps *PlatformPolicyStore) Unlock()
Unlock decrements the lock counter and unlocks the policy store once the counter reaches 0. It panics if ps is not locked on entry to Unlock.
type ReadableSource ¶
type ReadableSource struct { *Source *ReadingSession }
ReadableSource is a Source open for reading.
func (ReadableSource) Close ¶
func (s ReadableSource) Close()
Close closes the underlying ReadingSession.
type ReadableSources ¶
type ReadableSources []ReadableSource
ReadableSources is a slice of ReadableSource.
func (*ReadableSources) Close ¶
func (s *ReadableSources) Close()
Close closes and deletes all sources in s.
func (ReadableSources) Contains ¶
func (s ReadableSources) Contains(source *Source) bool
Contains reports whether s contains the specified source.
func (*ReadableSources) DeleteAt ¶
func (s *ReadableSources) DeleteAt(i int)
DeleteAt closes and deletes the i-th source from s.
func (ReadableSources) IndexOf ¶
func (s ReadableSources) IndexOf(source *Source) int
IndexOf returns position of the specified source in s, or -1 if the source does not exist.
func (ReadableSources) InsertionIndexOf ¶
func (s ReadableSources) InsertionIndexOf(source *Source) int
InsertionIndexOf returns the position at which source can be inserted to maintain the sorted order of the readableSources. The return value is unspecified if s is not sorted on entry to InsertionIndexOf.
func (*ReadableSources) StableSort ¶
func (s *ReadableSources) StableSort()
StableSort sorts ReadableSource in s by precedence, so that policy settings from sources with higher precedence (e.g., [DeviceScope]) will be read and merged last, overriding any policy settings with the same keys configured in sources with lower precedence (e.g., [CurrentUserScope]).
type Reader ¶
type Reader struct {
// contains filtered or unexported fields
}
Reader reads all configured policy settings from a given Store. It registers a change callback with the Store and maintains the current version of the setting.Snapshot by lazily re-reading policy settings from the Store whenever a new settings snapshot is requested with Reader.GetSettings. It is safe for concurrent use.
func (*Reader) Done ¶
func (r *Reader) Done() <-chan struct{}
Done returns a channel that is closed when the reader is closed.
func (*Reader) GetSettings ¶
GetSettings returns the current *setting.Snapshot, re-reading it from from the underlying Store only if the policy has changed since it was read last. It never fails and returns the previous version of the policy settings if a read attempt fails.
func (*Reader) OpenSession ¶
func (r *Reader) OpenSession() (*ReadingSession, error)
OpenSession opens and returns a new session to r, allowing the caller to get notified whenever a policy change is reported by the source.Store, or an ErrStoreClosed if the reader has already been closed.
func (*Reader) ReadSettings ¶
ReadSettings reads policy settings from the underlying Store even if no changes were detected. It returns the new *setting.Snapshot,nil on success or an undefined snapshot (possibly `nil`) along with a non-`nil` error in case of failure.
type ReadingSession ¶
type ReadingSession struct {
// contains filtered or unexported fields
}
ReadingSession is like Reader, but with a channel that's written to when there's a policy change, and closed when the session is terminated.
func (*ReadingSession) Close ¶
func (s *ReadingSession) Close()
Close unregisters this session with the Reader.
func (*ReadingSession) GetSettings ¶
func (s *ReadingSession) GetSettings() *setting.Snapshot
GetSettings is like Reader.GetSettings.
func (*ReadingSession) PolicyChanged ¶
func (s *ReadingSession) PolicyChanged() <-chan struct{}
PolicyChanged returns a channel that's written to when there's a policy change, closed when the session is terminated.
func (*ReadingSession) ReadSettings ¶
func (s *ReadingSession) ReadSettings() (*setting.Snapshot, error)
ReadSettings is like Reader.ReadSettings.
type Source ¶
type Source struct {
// contains filtered or unexported fields
}
Source represents a named source of policy settings for a given setting.PolicyScope.
func NewSource ¶
func NewSource(name string, scope setting.PolicyScope, store Store) *Source
NewSource returns a new Source with the specified name, scope, and store.
func (*Source) Compare ¶
Compare returns an integer comparing s and s2 by their precedence, following the "last-wins" model. The result will be:
-1 if policy settings from s should be processed before policy settings from s2; +1 if policy settings from s should be processed after policy settings from s2, overriding s2; 0 if the relative processing order of policy settings in s and s2 is unspecified.
func (*Source) Description ¶
Description returns a formatted string with the scope and name of this policy source. It can be used for logging or display purposes.
func (*Source) Scope ¶
func (s *Source) Scope() setting.PolicyScope
Scope reports the management scope of the policy source.
type Store ¶
type Store interface { // ReadString returns the value of a [setting.StringValue] with the specified key, // an [setting.ErrNotConfigured] if the policy setting is not configured, or // an error on failure. ReadString(key setting.Key) (string, error) // ReadUInt64 returns the value of a [setting.IntegerValue] with the specified key, // an [setting.ErrNotConfigured] if the policy setting is not configured, or // an error on failure. ReadUInt64(key setting.Key) (uint64, error) // ReadBoolean returns the value of a [setting.BooleanValue] with the specified key, // an [setting.ErrNotConfigured] if the policy setting is not configured, or // an error on failure. ReadBoolean(key setting.Key) (bool, error) // ReadStringArray returns the value of a [setting.StringListValue] with the specified key, // an [setting.ErrNotConfigured] if the policy setting is not configured, or // an error on failure. ReadStringArray(key setting.Key) ([]string, error) }
Store provides methods to read system policy settings from OS-specific storage. Implementations must be concurrency-safe, and may also implement Lockable, Changeable, Expirable and io.Closer.
If a Store implementation also implements io.Closer, it will be called by the package to release the resources when the store is no longer needed.
type TestExpectedReads ¶
type TestExpectedReads struct { // Key is the setting's unique identifier. Key setting.Key // Type is a value type of a read operation. // [setting.BooleanValue], [setting.IntegerValue], [setting.StringValue] or [setting.StringListValue] Type setting.Type // NumTimes is how many times a setting with the specified key and type should have been read. NumTimes int }
TestExpectedReads is the number of read operations with the specified details.
type TestSetting ¶
type TestSetting[T TestValueType] struct { // Key is the setting's unique identifier. Key setting.Key // Error is the error to be returned by the [TestStore] when reading // a policy setting with the specified key. Error error // Value is the value to be returned by the [TestStore] when reading // a policy setting with the specified key. // It is only used if the Error is nil. Value T }
TestSetting is a policy setting in a TestStore.
func TestSettingOf ¶
func TestSettingOf[T TestValueType](key setting.Key, value T) TestSetting[T]
TestSettingOf returns a TestSetting representing a policy setting configured with the specified key and value.
func TestSettingWithError ¶
func TestSettingWithError[T TestValueType](key setting.Key, err error) TestSetting[T]
TestSettingWithError returns a TestSetting representing a policy setting with the specified key and error.
type TestStore ¶
type TestStore struct {
// contains filtered or unexported fields
}
TestStore is a Store that can be used in tests.
func NewTestStore ¶
NewTestStore returns a new TestStore. The tb will be used to report coding errors detected by the TestStore.
func NewTestStoreOf ¶
func NewTestStoreOf[T TestValueType](tb internal.TB, settings ...TestSetting[T]) *TestStore
NewTestStoreOf is a shorthand for NewTestStore followed by TestStore.SetBooleans, TestStore.SetUInt64s, TestStore.SetStrings or TestStore.SetStringLists.
func (*TestStore) Close ¶
func (s *TestStore) Close()
Close closes s, notifying its users that it has expired.
func (*TestStore) ReadBoolean ¶
ReadBoolean implements Store.
func (*TestStore) ReadString ¶
ReadString implements Store.
func (*TestStore) ReadStringArray ¶
ReadStringArray implements Store.
func (*TestStore) ReadUInt64 ¶
ReadUInt64 implements Store.
func (*TestStore) ReadsMustContain ¶
func (s *TestStore) ReadsMustContain(reads ...TestExpectedReads)
ReadsMustContain fails the test if the specified reads have not been made, or have been made a different number of times. It permits other values to be read in addition to the ones being tested.
func (*TestStore) ReadsMustEqual ¶
func (s *TestStore) ReadsMustEqual(reads ...TestExpectedReads)
ReadsMustEqual fails the test if the actual reads differs from the specified reads.
func (*TestStore) RegisterChangeCallback ¶
RegisterChangeCallback implements Changeable.
func (*TestStore) ResetCounters ¶
func (s *TestStore) ResetCounters()
func (*TestStore) Resume ¶
func (s *TestStore) Resume()
Resume resumes the store, applying the changes and invoking the change callbacks.
func (*TestStore) SetBooleans ¶
func (s *TestStore) SetBooleans(settings ...TestSetting[bool])
SetBooleans sets the specified boolean settings in s.
func (*TestStore) SetStringLists ¶
func (s *TestStore) SetStringLists(settings ...TestSetting[[]string])
SetStrings sets the specified string list settings in s.
func (*TestStore) SetStrings ¶
func (s *TestStore) SetStrings(settings ...TestSetting[string])
SetStrings sets the specified string settings in s.
func (*TestStore) SetUInt64s ¶
func (s *TestStore) SetUInt64s(settings ...TestSetting[uint64])
SetUInt64s sets the specified integer settings in s.
func (*TestStore) Suspend ¶
func (s *TestStore) Suspend()
Suspend suspends the store, batching changes and notifications until TestStore.Resume is called the same number of times as Suspend.