Kristoffer Dalby
f77abeda63
Merge 02c76bda99
into 2c1ad6d11a
2024-11-25 09:06:40 +00:00
Kristoffer Dalby
02c76bda99
policyman before #2255
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-25 10:06:33 +01:00
Kristoffer Dalby
af969f602c
add node hasip
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-25 10:03:47 +01:00
Kristoffer Dalby
6422cdf576
add users string method
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-25 10:03:34 +01:00
Kristoffer Dalby
6253fc9e72
copy reduce test filter test to compare v1 vs v2
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-25 10:01:10 +01:00
Kristoffer Dalby
662dfbf423
use json in TestReduceFilterRules test
...
This is to allow for the tests to be ran with
the new upcoming parser to ensure we get the
same input.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-25 09:59:02 +01:00
Kristoffer Dalby
03fd7f31b4
implement asterix, pass old parsing test
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-25 09:56:08 +01:00
Kristoffer Dalby
4f46d6513b
loads
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-25 09:56:08 +01:00
Kristoffer Dalby
9f6c8ab62e
can the policy be typed at parsetime?
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-25 09:56:08 +01:00
github-actions[bot]
2c1ad6d11a
flake.lock: Update ( #2254 )
Build / build (push) Has been cancelled
Build documentation / build (push) Has been cancelled
Tests / test (push) Has been cancelled
Build documentation / deploy (push) Has been cancelled
2024-11-24 09:42:22 +00:00
Kristoffer Dalby
fffd23602b
Resolve user to stable unique ID in policy ( #2205 )
Build / build (push) Waiting to run
Build documentation / deploy (push) Blocked by required conditions
Build documentation / build (push) Waiting to run
Tests / test (push) Waiting to run
2024-11-24 00:13:27 +01:00
Kristoffer Dalby
3a2589f1a9
rename dockerfile to integration to avoid confusion ( #2225 )
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:36 +00:00
Kristoffer Dalby
f6276ab9d2
fix postgres constraints, add postgres testing
...
This commit fixes the constraint syntax so it is both valid for
sqlite and postgres.
To validate this, I've added a new postgres testing library and a
helper that will spin up local postgres, setup a db and use it in
the constraints tests. This should also help testing db stuff in
the future.
postgres has been added to the nix dev shell and is now required
for running the unit tests.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
7d9b430ec2
fix constraints
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
3780c9fd69
fix nil in test
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
281025bb16
fix constraints
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
5e7c3153b9
nits
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
7ba0c3d515
use userID instead of username everywhere
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
4b58dc6eb4
make preauthkey tags test stable
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
4dd12a2f97
fix oidc test, add tests for migration
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
2fe65624c0
restore strip_email_domain for migration
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
35b669fe59
add iss to identifier, only set email if verified
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
dc07779143
add @ to end of username if not present
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
d72663a4d0
remove log print
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
0a82d3f17a
update changelog
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
78214699ad
Harden OIDC migration and make optional
...
This commit hardens the migration part of the OIDC from
the old username based approach to the new sub based approach
and makes it possible for the operator to opt out entirely.
Fixes #1990
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-23 21:14:55 +01:00
Kristoffer Dalby
64bb56352f
make configurable wal auto checkpoint ( #2242 )
2024-11-23 21:03:48 +01:00
nblock
dc17b4d378
Documentation dependencies ( #2252 )
...
Build / build (push) Waiting to run
Build documentation / build (push) Waiting to run
Build documentation / deploy (push) Blocked by required conditions
Tests / test (push) Waiting to run
* Use a trailing slash
recommended by mkdocs-material
* Update doc requirements
Let mkdocs-material resolve its imaging dependencies (cairosvg and
pillow) and fix a dependabot warning along the way.
Reference compatible versions by major.minor.
2024-11-22 16:52:36 +00:00
Kristoffer Dalby
a6b19e85db
more linter fixups ( #2212 )
...
* linter fixes
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
* conf
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
* update nix hash
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
ArcticLampyrid
edf9e25001
feat: support client verify for derp (add integration tests) ( #2046 )
...
Build / build (push) Waiting to run
Build documentation / build (push) Waiting to run
Build documentation / deploy (push) Blocked by required conditions
Tests / test (push) Waiting to run
* feat: support client verify for derp
* docs: fix doc for integration test
* tests: add integration test for DERP verify endpoint
* tests: use `tailcfg.DERPMap` instead of `[]byte`
* refactor: introduce func `ContainsNodeKey`
* tests(dsic): use string builder for cmd args
* ci: fix tests order
* tests: fix derper failure
* chore: cleanup
* tests(verify-client): perfer to use `CreateHeadscaleEnv`
* refactor(verify-client): simplify error handling
* tests: fix `TestDERPVerifyEndpoint`
* refactor: make `doVerify` a seperated func
---------
Co-authored-by: 117503445 <t117503445@gmail.com>
2024-11-22 13:23:05 +01:00
Motiejus Jakštys
c6336adb01
config: loosen up BaseDomain and ServerURL checks ( #2248 )
...
* config: loosen up BaseDomain and ServerURL checks
Requirements [here][1]:
> OK:
> server_url: headscale.com, base: clients.headscale.com
> server_url: headscale.com, base: headscale.net
>
> Not OK:
> server_url: server.headscale.com, base: headscale.com
>
> Essentially we have to prevent the possibility where the headscale
> server has a URL which can also be assigned to a node.
>
> So for the Not OK scenario:
>
> if the server is: server.headscale.com, and a node joins with the name
> server, it will be assigned server.headscale.com and that will break
> the connection for nodes which will now try to connect to that node
> instead of the headscale server.
Fixes #2210
[1]: https://github.com/juanfont/headscale/issues/2210#issuecomment-2488165187
* server_url and base_domain: re-word error message, fix a one-off bug and add a test case for the bug.
* lint
* lint again
2024-11-22 13:21:44 +01:00
enoperm
5fbf3f8327
Websocket derp test fixes ( #2247 )
...
* integration testing: add and validate build-time options for tailscale head
* fixup! integration testing: add and validate build-time options for tailscale head
integration testing: comply with linter
* fixup! fixup! integration testing: add and validate build-time options for tailscale head
integration testing: tsic.New must never return nil
* fixup! fixup! fixup! integration testing: add and validate build-time options for tailscale head
* minor fixes
2024-11-22 11:57:01 +01:00
Nathan Sweet
6275399327
Update tls.md to mention using the full cert chain ( #2243 )
Build / build (push) Has been cancelled
Build documentation / build (push) Has been cancelled
Tests / test (push) Has been cancelled
Build documentation / deploy (push) Has been cancelled
2024-11-18 06:12:12 +00:00
nblock
29119bb7f4
Misc doc fixes ( #2240 )
...
Build / build (push) Waiting to run
Build documentation / build (push) Waiting to run
Build documentation / deploy (push) Blocked by required conditions
Tests / test (push) Waiting to run
* Link back to node registration docs
* adjust wording in apple docs
* Mention client specific page to check if headscale works
Ref: #2238
2024-11-18 05:46:58 +01:00
github-actions[bot]
93ba21ede5
flake.lock: Update ( #2239 )
Build / build (push) Waiting to run
Build documentation / build (push) Waiting to run
Build documentation / deploy (push) Blocked by required conditions
Tests / test (push) Waiting to run
2024-11-17 19:38:50 +00:00
nblock
a7874af3d0
Use discord server invite link ( #2235 )
...
Build / build (push) Has been cancelled
Build documentation / build (push) Has been cancelled
Build documentation / deploy (push) Has been cancelled
Tests / test (push) Has been cancelled
Replace channel links with links to discord invite link and remove
channel list.
Fixes : #1521
2024-11-16 07:06:15 +01:00
nblock
e7245856c5
Refresh remote CLI documentation ( #2216 )
...
Build documentation / deploy (push) Has been cancelled
Build / build (push) Has been cancelled
Build documentation / build (push) Has been cancelled
Tests / test (push) Has been cancelled
* Document to either use a minimal configuration file or environment
variables to connect with a remote headscale instance.
* Document a workaround specific for headscale 0.23.0.
* Remove reference to ancient headscale version.
* Use `cli.insecure: true` or `HEADSCALE_CLI_INSECURE=1` to skip
certificate verification.
* Style and typo fixes
Ref: #2193
2024-11-13 18:35:42 +01:00
nblock
2345c38e1e
Add a page for third-party tools ( #2217 )
...
Build / build (push) Waiting to run
Build documentation / build (push) Waiting to run
Build documentation / deploy (push) Blocked by required conditions
Tests / test (push) Waiting to run
* Remove status from web-ui docs
Rename the title to indicate that there multiple web interfaces
available. Do not track the status of each web interface here as their
status is subject to change over time.
* Add page for third-party tools and scripts
2024-11-12 16:53:30 +01:00
github-actions[bot]
8cfaa6bdac
flake.lock: Update ( #2222 )
2024-11-12 13:27:49 +00:00
docgalaxyblock
4e44d57bf7
fix: missing stable-debug tag ( #2232 )
...
Build / build (push) Has been cancelled
Build documentation / build (push) Has been cancelled
Build documentation / deploy (push) Has been cancelled
Tests / test (push) Has been cancelled
Fixes #2171
2024-11-11 06:06:44 +00:00
Philip Henning
0089ceaf1d
Feature tvos documentation ( #2226 )
...
Build / build (push) Has been cancelled
Build documentation / build (push) Has been cancelled
Build documentation / deploy (push) Has been cancelled
Tests / test (push) Has been cancelled
* Add usage documentation for tvOS
* lint and format
* Change admonition to mkdocs flavoured style
* fix typos
* Update hscontrol/templates/apple.go
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
* change outer quoting for where quoting in-text is used
---------
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
2024-11-07 14:56:18 +00:00
nblock
9a46c5763c
Handle /derp/latency-check ( #2227 )
...
Build / build (push) Waiting to run
Build documentation / build (push) Waiting to run
Build documentation / deploy (push) Blocked by required conditions
Tests / test (push) Waiting to run
According to 15fc6cd966
the routes `/derp/probe` and `/derp/latency-check` are the same and
different versions of the tailscale client use one or the other
endpoint.
Also handle /derp/latency-check
Fixes : #2211
2024-11-06 15:59:38 +01:00
Kristoffer Dalby
a71a933705
add nblock to doc owners ( #2207 )
...
Build documentation / deploy (push) Has been cancelled
Tests / test (push) Has been cancelled
Build / build (push) Has been cancelled
Build documentation / build (push) Has been cancelled
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-04 10:12:50 -06:00
github-actions[bot]
0c98d09783
Update flake.lock ( #2195 )
...
Build / build (push) Has been cancelled
Build documentation / build (push) Has been cancelled
Build documentation / deploy (push) Has been cancelled
Tests / test (push) Has been cancelled
Flake lock file updates:
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da?narHash=sha256-CAZF2NRuHmqTtRTNAruWpHA43Gg2UvuCNEIzabP0l6M%3D' (2024-10-05)
→ 'github:NixOS/nixpkgs/41dea55321e5a999b17033296ac05fe8a8b5a257?narHash=sha256-WvLXzNNnnw%2BqpFOmgaM3JUlNEH%2BT4s22b5i2oyyCpXE%3D' (2024-10-25)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2024-10-29 14:16:10 +00:00
Kristoffer Dalby
e2d5ee0927
cleanup linter warnings ( #2206 )
...
Build / build (push) Has been cancelled
Build documentation / build (push) Has been cancelled
Build documentation / deploy (push) Has been cancelled
Tests / test (push) Has been cancelled
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-23 10:45:59 -05:00
Kristoffer Dalby
028d9aab73
add new user fields to grpc and list command ( #2202 )
...
Updates #2166
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-18 14:20:03 +00:00
hopleus
b6dc6eb36c
#2140 Fixed reflection of hostname change ( #2199 )
...
* #2140 Fixed updating of hostname and givenName when it is updated in HostInfo
* #2140 Added integration tests
* #2140 Fix unit tests
* Changed IsAutomaticNameMode to GivenNameHasBeenChanged. Fixed errors in files according to golangci-lint rules
2024-10-17 09:45:33 -06:00
Goran Draganić
45c9585b52
feat: derpmap field in config ( #1823 )
2024-10-17 05:34:20 -06:00
hopleus
cc42fc394a
#2177 Added conversion of 'Hostname' to 'givenName' in a node with FQDN rules applied ( #2198 )
2024-10-15 18:33:03 +02:00
hopleus
52a3b54ba2
Fixed loginUrl with "WithTLS()" used. Added "WithTLS()" to scenario integration tests ( #2187 )
2024-10-15 14:38:43 +02:00