-
Notifications
You must be signed in to change notification settings - Fork 0
/
acl.go
74 lines (61 loc) · 1.59 KB
/
acl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package tailscale_gateway
import (
"context"
"github.com/awlsring/texit/internal/pkg/logger"
"github.com/tailscale/tailscale-client-go/tailscale"
)
const (
autogroup = "autogroup:admin"
)
func setAutoApprover(acl *tailscale.ACL) bool {
exitNodes := acl.AutoApprovers.ExitNode
for _, exitNode := range exitNodes {
if exitNode == tagTexitNode {
return false
}
}
acl.AutoApprovers.ExitNode = append(exitNodes, tagTexitNode)
return true
}
func setTagOwners(acl *tailscale.ACL) bool {
owners := acl.TagOwners[tagTexitNode]
for _, owner := range owners {
if owner == autogroup {
return false
}
}
acl.TagOwners[tagTexitNode] = append(owners, autogroup)
return true
}
func (g *TailscaleGateway) updateAcl(ctx context.Context) error {
log := logger.FromContext(ctx)
log.Debug().Msg("Checking if ACL needs update")
log.Debug().Msg("Getting ACL")
acl, err := g.client.ACL(ctx)
if err != nil {
log.Error().Err(err).Msg("Failed to get ACL")
return err
}
log.Debug().Msg("Setting tag owner in ACL")
ownersUpdated := setTagOwners(acl)
log.Debug().Msg("Configuring tag as auto approver")
approversUpdated := setAutoApprover(acl)
if !ownersUpdated && !approversUpdated {
log.Debug().Msg("ACL does not need update")
return nil
}
log.Debug().Msg("Validating ACL")
err = g.client.ValidateACL(ctx, *acl)
if err != nil {
log.Error().Err(err).Msg("Failed to validate ACL")
return err
}
log.Debug().Msg("Updating ACL")
err = g.client.SetACL(ctx, *acl)
if err != nil {
log.Error().Err(err).Msg("Failed to update ACL")
return err
}
log.Debug().Msg("ACL updated")
return nil
}