chore(TALE-29): remove references to ACL_FILE
This commit is contained in:
Aarnav Tale
parent
c4c1fd8aab
commit
a72a3d6e5f
@ -142,23 +142,6 @@ export function ErrorBoundary() {
|
||||
<Code>database</Code>
|
||||
.
|
||||
</p>
|
||||
<p className="mb-2 text-md">
|
||||
If you are running an older version of Headscale, the
|
||||
{' '}
|
||||
<Code>ACL_FILE</Code>
|
||||
{' '}
|
||||
environment variable is not set. Refer to the
|
||||
{' '}
|
||||
<Link
|
||||
to="https://github.com/tale/headplane/blob/main/docs/Configuration.md"
|
||||
name="Headplane Configuration"
|
||||
>
|
||||
Headplane Configuration
|
||||
</Link>
|
||||
{' '}
|
||||
documentation for more information on how to set the
|
||||
ACL file and integrate it with Headscale.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -81,75 +81,10 @@ export async function loadContext(): Promise<HeadplaneContext> {
|
||||
: 'Unavailable',
|
||||
)
|
||||
|
||||
log.info('CTXT', 'ACL: %s', context.acl.read
|
||||
? `Found ${context.acl.write ? '' : '(Read Only)'}`
|
||||
: 'Unavailable',
|
||||
)
|
||||
|
||||
log.info('CTXT', 'OIDC: %s', context.oidc ? 'Configured' : 'Unavailable')
|
||||
return context
|
||||
}
|
||||
|
||||
export async function loadAcl(): Promise<{
|
||||
data: string
|
||||
type: 'json' | 'yaml'
|
||||
read: boolean
|
||||
write: boolean
|
||||
}> {
|
||||
let path = process.env.ACL_FILE
|
||||
if (!path) {
|
||||
try {
|
||||
const config = await loadConfig()
|
||||
path = config.acl_policy_path
|
||||
} catch {}
|
||||
}
|
||||
|
||||
if (!path) {
|
||||
throw new Error('No ACL file defined')
|
||||
}
|
||||
|
||||
// Check for attributes
|
||||
let read = false
|
||||
let write = false
|
||||
|
||||
try {
|
||||
await access(path, constants.R_OK)
|
||||
read = true
|
||||
} catch {}
|
||||
|
||||
try {
|
||||
await access(path, constants.W_OK)
|
||||
write = true
|
||||
} catch {}
|
||||
|
||||
const data = await readFile(path, 'utf8')
|
||||
|
||||
// Naive check for YAML over JSON
|
||||
// This is because JSON.parse doesn't support comments
|
||||
try {
|
||||
parse(data)
|
||||
return { data, type: 'yaml', read, write }
|
||||
} catch {
|
||||
return { data, type: 'json', read, write }
|
||||
}
|
||||
}
|
||||
|
||||
export async function patchAcl(data: string) {
|
||||
let path = process.env.ACL_FILE
|
||||
if (!path) {
|
||||
try {
|
||||
const config = await loadConfig()
|
||||
path = config.acl_policy_path
|
||||
} catch {}
|
||||
}
|
||||
|
||||
if (!path) {
|
||||
throw new Error('No ACL file defined')
|
||||
}
|
||||
|
||||
await writeFile(path, data, 'utf8')
|
||||
}
|
||||
|
||||
async function checkConfig(path: string) {
|
||||
let config: HeadscaleConfig | undefined
|
||||
try {
|
||||
@ -179,32 +114,6 @@ async function checkConfig(path: string) {
|
||||
}
|
||||
}
|
||||
|
||||
async function checkAcl(config?: HeadscaleConfig) {
|
||||
let path = process.env.ACL_FILE
|
||||
if (!path && config) {
|
||||
path = config.acl_policy_path
|
||||
}
|
||||
|
||||
let read = false
|
||||
let write = false
|
||||
if (path) {
|
||||
try {
|
||||
await access(path, constants.R_OK)
|
||||
read = true
|
||||
} catch {}
|
||||
|
||||
try {
|
||||
await access(path, constants.W_OK)
|
||||
write = true
|
||||
} catch {}
|
||||
}
|
||||
|
||||
return {
|
||||
read,
|
||||
write,
|
||||
}
|
||||
}
|
||||
|
||||
async function checkOidc(config?: HeadscaleConfig) {
|
||||
const disableKeyLogin = process.env.DISABLE_API_KEY_LOGIN === 'true'
|
||||
const rootKey = process.env.ROOT_API_KEY ?? process.env.API_KEY
|
||||
|
||||
@ -54,9 +54,9 @@ When the ACL file is available for editing, the `Access Controls` tab will
|
||||
become available. All of the integrations support automatic reloading of the
|
||||
ACLs when the file is changed.
|
||||
|
||||
> By default, the ACL file is read from `/etc/headscale/acl_policy.json`. This
|
||||
can be overridden by setting the `ACL_FILE` environment variable and is also
|
||||
overriden by the `acl_policy_path` key in the configuration file if set.
|
||||
> By default, the ACL file is read from `/etc/headscale/acl_policy.json`.
|
||||
> If `policy.path` is set and `policy.mode` is set to `file`, the ACL file will
|
||||
> be read from the path specified in the configuration file instead.
|
||||
|
||||
## Deployment
|
||||
|
||||
|
||||
@ -12,7 +12,6 @@ You can configure Headplane using environment variables.
|
||||
- **`HOST`**: The host to bind the server to (default: `0.0.0.0`).
|
||||
- **`PORT`**: The port to bind the server to (default: `3000`).
|
||||
- **`CONFIG_FILE`**: The path to the Headscale `config.yaml` (default: `/etc/headscale/config.yaml`).
|
||||
- **`ACL_FILE`**: The path to the ACL file (default: `/etc/headscale/acl_policy.json`, not needed if you have `acl_policy_path` in your config).
|
||||
- **`HEADSCALE_CONFIG_UNSTRICT`**: This will disable the strict configuration loader (default: `false`).
|
||||
- **`COOKIE_SECURE`**: This option enables the `Secure` flag for cookies, ensuring they are sent only over HTTPS, which helps prevent interception and enhances data security. It should be disabled when using HTTP instead of HTTPS (default: `true`).
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user