From a72a3d6e5fbce9b10be645f98095a431c75aa731 Mon Sep 17 00:00:00 2001 From: Aarnav Tale Date: Sat, 24 Aug 2024 10:09:10 -0400 Subject: [PATCH] chore(TALE-29): remove references to ACL_FILE --- app/routes/_data.acls._index/route.tsx | 17 ----- app/utils/config/headplane.ts | 91 -------------------------- docs/Advanced-Integration.md | 6 +- docs/Configuration.md | 1 - 4 files changed, 3 insertions(+), 112 deletions(-) diff --git a/app/routes/_data.acls._index/route.tsx b/app/routes/_data.acls._index/route.tsx index d6d7467..e994ed7 100644 --- a/app/routes/_data.acls._index/route.tsx +++ b/app/routes/_data.acls._index/route.tsx @@ -142,23 +142,6 @@ export function ErrorBoundary() { database .

-

- If you are running an older version of Headscale, the - {' '} - ACL_FILE - {' '} - environment variable is not set. Refer to the - {' '} - - Headplane Configuration - - {' '} - documentation for more information on how to set the - ACL file and integrate it with Headscale. -

diff --git a/app/utils/config/headplane.ts b/app/utils/config/headplane.ts index f6770f5..8825fcc 100644 --- a/app/utils/config/headplane.ts +++ b/app/utils/config/headplane.ts @@ -81,75 +81,10 @@ export async function loadContext(): Promise { : 'Unavailable', ) - log.info('CTXT', 'ACL: %s', context.acl.read - ? `Found ${context.acl.write ? '' : '(Read Only)'}` - : 'Unavailable', - ) - log.info('CTXT', 'OIDC: %s', context.oidc ? 'Configured' : 'Unavailable') return context } -export async function loadAcl(): Promise<{ - data: string - type: 'json' | 'yaml' - read: boolean - write: boolean -}> { - let path = process.env.ACL_FILE - if (!path) { - try { - const config = await loadConfig() - path = config.acl_policy_path - } catch {} - } - - if (!path) { - throw new Error('No ACL file defined') - } - - // Check for attributes - let read = false - let write = false - - try { - await access(path, constants.R_OK) - read = true - } catch {} - - try { - await access(path, constants.W_OK) - write = true - } catch {} - - const data = await readFile(path, 'utf8') - - // Naive check for YAML over JSON - // This is because JSON.parse doesn't support comments - try { - parse(data) - return { data, type: 'yaml', read, write } - } catch { - return { data, type: 'json', read, write } - } -} - -export async function patchAcl(data: string) { - let path = process.env.ACL_FILE - if (!path) { - try { - const config = await loadConfig() - path = config.acl_policy_path - } catch {} - } - - if (!path) { - throw new Error('No ACL file defined') - } - - await writeFile(path, data, 'utf8') -} - async function checkConfig(path: string) { let config: HeadscaleConfig | undefined try { @@ -179,32 +114,6 @@ async function checkConfig(path: string) { } } -async function checkAcl(config?: HeadscaleConfig) { - let path = process.env.ACL_FILE - if (!path && config) { - path = config.acl_policy_path - } - - let read = false - let write = false - if (path) { - try { - await access(path, constants.R_OK) - read = true - } catch {} - - try { - await access(path, constants.W_OK) - write = true - } catch {} - } - - return { - read, - write, - } -} - async function checkOidc(config?: HeadscaleConfig) { const disableKeyLogin = process.env.DISABLE_API_KEY_LOGIN === 'true' const rootKey = process.env.ROOT_API_KEY ?? process.env.API_KEY diff --git a/docs/Advanced-Integration.md b/docs/Advanced-Integration.md index c150076..64e49e3 100644 --- a/docs/Advanced-Integration.md +++ b/docs/Advanced-Integration.md @@ -54,9 +54,9 @@ When the ACL file is available for editing, the `Access Controls` tab will become available. All of the integrations support automatic reloading of the ACLs when the file is changed. -> By default, the ACL file is read from `/etc/headscale/acl_policy.json`. This -can be overridden by setting the `ACL_FILE` environment variable and is also -overriden by the `acl_policy_path` key in the configuration file if set. +> By default, the ACL file is read from `/etc/headscale/acl_policy.json`. +> If `policy.path` is set and `policy.mode` is set to `file`, the ACL file will +> be read from the path specified in the configuration file instead. ## Deployment diff --git a/docs/Configuration.md b/docs/Configuration.md index a700aea..192bc7b 100644 --- a/docs/Configuration.md +++ b/docs/Configuration.md @@ -12,7 +12,6 @@ You can configure Headplane using environment variables. - **`HOST`**: The host to bind the server to (default: `0.0.0.0`). - **`PORT`**: The port to bind the server to (default: `3000`). - **`CONFIG_FILE`**: The path to the Headscale `config.yaml` (default: `/etc/headscale/config.yaml`). -- **`ACL_FILE`**: The path to the ACL file (default: `/etc/headscale/acl_policy.json`, not needed if you have `acl_policy_path` in your config). - **`HEADSCALE_CONFIG_UNSTRICT`**: This will disable the strict configuration loader (default: `false`). - **`COOKIE_SECURE`**: This option enables the `Secure` flag for cookies, ensuring they are sent only over HTTPS, which helps prevent interception and enhances data security. It should be disabled when using HTTP instead of HTTPS (default: `true`).