fix sighup issue with empty acl (#2296)

Fixes #2291

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2024-12-16 07:48:19 +01:00 committed by GitHub
parent e00b9d9a91
commit ec8729b772
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 16 additions and 0 deletions

View file

@ -838,6 +838,10 @@ func (h *Headscale) Serve() error {
Str("signal", sig.String()). Str("signal", sig.String()).
Msg("Received SIGHUP, reloading ACL and Config") Msg("Received SIGHUP, reloading ACL and Config")
if h.cfg.Policy.IsEmpty() {
continue
}
if err := h.loadPolicyManager(); err != nil { if err := h.loadPolicyManager(); err != nil {
log.Error().Err(err).Msg("failed to reload Policy") log.Error().Err(err).Msg("failed to reload Policy")
} }
@ -1102,6 +1106,10 @@ func (h *Headscale) policyBytes() ([]byte, error) {
return nil, err return nil, err
} }
if p.Data == "" {
return nil, nil
}
return []byte(p.Data), err return []byte(p.Data), err
} }

View file

@ -122,6 +122,10 @@ func (pm *PolicyManagerV1) SSHPolicy(node *types.Node) (*tailcfg.SSHPolicy, erro
} }
func (pm *PolicyManagerV1) SetPolicy(polB []byte) (bool, error) { func (pm *PolicyManagerV1) SetPolicy(polB []byte) (bool, error) {
if len(polB) == 0 {
return false, nil
}
pol, err := LoadACLPolicyFromBytes(polB) pol, err := LoadACLPolicyFromBytes(polB)
if err != nil { if err != nil {
return false, fmt.Errorf("parsing policy: %w", err) return false, fmt.Errorf("parsing policy: %w", err)

View file

@ -211,6 +211,10 @@ type PolicyConfig struct {
Mode PolicyMode Mode PolicyMode
} }
func (p *PolicyConfig) IsEmpty() bool {
return p.Mode == PolicyModeFile && p.Path == ""
}
type LogConfig struct { type LogConfig struct {
Format string Format string
Level zerolog.Level Level zerolog.Level