dahjah/headplane
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

chore(TALE-29): remove references to ACL_FILE

Browse Source
This commit is contained in:
Aarnav Tale 2024-08-24 10:09:10 -04:00
parent c4c1fd8aab
commit a72a3d6e5f
No known key found for this signature in database
4 changed files with 3 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/routes/_data.acls._index/route.tsx
View File

@ -142,23 +142,6 @@ export function ErrorBoundary() {
<Code>database</Code> <Code>database</Code>
. .
</p> </p>
<p className="mb-2 text-md">
If you are running an older version of Headscale, the
{' '}
<Code>ACL_FILE</Code>
{' '}
environment variable is not set. Refer to the
{' '}
<Link
to="https://github.com/tale/headplane/blob/main/docs/Configuration.md"
name="Headplane Configuration"
>
Headplane Configuration
</Link>
{' '}
documentation for more information on how to set the
ACL file and integrate it with Headscale.
</p>
</div> </div>
</div> </div>
</div> </div>

91
app/utils/config/headplane.ts
View File

@ -81,75 +81,10 @@ export async function loadContext(): Promise<HeadplaneContext> {
: 'Unavailable', : 'Unavailable',
) )
log.info('CTXT', 'ACL: %s', context.acl.read
? `Found ${context.acl.write ? '' : '(Read Only)'}`
: 'Unavailable',
)
log.info('CTXT', 'OIDC: %s', context.oidc ? 'Configured' : 'Unavailable') log.info('CTXT', 'OIDC: %s', context.oidc ? 'Configured' : 'Unavailable')
return context return context
} }
export async function loadAcl(): Promise<{
data: string
type: 'json' | 'yaml'
read: boolean
write: boolean
}> {
let path = process.env.ACL_FILE
if (!path) {
try {
const config = await loadConfig()
path = config.acl_policy_path
} catch {}
}
if (!path) {
throw new Error('No ACL file defined')
}
// Check for attributes
let read = false
let write = false
try {
await access(path, constants.R_OK)
read = true
} catch {}
try {
await access(path, constants.W_OK)
write = true
} catch {}
const data = await readFile(path, 'utf8')
// Naive check for YAML over JSON
// This is because JSON.parse doesn't support comments
try {
parse(data)
return { data, type: 'yaml', read, write }
} catch {
return { data, type: 'json', read, write }
}
}
export async function patchAcl(data: string) {
let path = process.env.ACL_FILE
if (!path) {
try {
const config = await loadConfig()
path = config.acl_policy_path
} catch {}
}
if (!path) {
throw new Error('No ACL file defined')
}
await writeFile(path, data, 'utf8')
}
async function checkConfig(path: string) { async function checkConfig(path: string) {
let config: HeadscaleConfig | undefined let config: HeadscaleConfig | undefined
try { try {
@ -179,32 +114,6 @@ async function checkConfig(path: string) {
} }
} }
async function checkAcl(config?: HeadscaleConfig) {
let path = process.env.ACL_FILE
if (!path && config) {
path = config.acl_policy_path
}
let read = false
let write = false
if (path) {
try {
await access(path, constants.R_OK)
read = true
} catch {}
try {
await access(path, constants.W_OK)
write = true
} catch {}
}
return {
read,
write,
}
}
async function checkOidc(config?: HeadscaleConfig) { async function checkOidc(config?: HeadscaleConfig) {
const disableKeyLogin = process.env.DISABLE_API_KEY_LOGIN === 'true' const disableKeyLogin = process.env.DISABLE_API_KEY_LOGIN === 'true'
const rootKey = process.env.ROOT_API_KEY ?? process.env.API_KEY const rootKey = process.env.ROOT_API_KEY ?? process.env.API_KEY

6
docs/Advanced-Integration.md
View File

@ -54,9 +54,9 @@ When the ACL file is available for editing, the `Access Controls` tab will
become available. All of the integrations support automatic reloading of the become available. All of the integrations support automatic reloading of the
ACLs when the file is changed. ACLs when the file is changed.
> By default, the ACL file is read from `/etc/headscale/acl_policy.json`. This > By default, the ACL file is read from `/etc/headscale/acl_policy.json`.
can be overridden by setting the `ACL_FILE` environment variable and is also > If `policy.path` is set and `policy.mode` is set to `file`, the ACL file will
overriden by the `acl_policy_path` key in the configuration file if set. > be read from the path specified in the configuration file instead.
## Deployment ## Deployment

1
docs/Configuration.md
View File

@ -12,7 +12,6 @@ You can configure Headplane using environment variables.
- **`HOST`**: The host to bind the server to (default: `0.0.0.0`). - **`HOST`**: The host to bind the server to (default: `0.0.0.0`).
- **`PORT`**: The port to bind the server to (default: `3000`). - **`PORT`**: The port to bind the server to (default: `3000`).
- **`CONFIG_FILE`**: The path to the Headscale `config.yaml` (default: `/etc/headscale/config.yaml`). - **`CONFIG_FILE`**: The path to the Headscale `config.yaml` (default: `/etc/headscale/config.yaml`).
- **`ACL_FILE`**: The path to the ACL file (default: `/etc/headscale/acl_policy.json`, not needed if you have `acl_policy_path` in your config).
- **`HEADSCALE_CONFIG_UNSTRICT`**: This will disable the strict configuration loader (default: `false`). - **`HEADSCALE_CONFIG_UNSTRICT`**: This will disable the strict configuration loader (default: `false`).
- **`COOKIE_SECURE`**: This option enables the `Secure` flag for cookies, ensuring they are sent only over HTTPS, which helps prevent interception and enhances data security. It should be disabled when using HTTP instead of HTTPS (default: `true`). - **`COOKIE_SECURE`**: This option enables the `Secure` flag for cookies, ensuring they are sent only over HTTPS, which helps prevent interception and enhances data security. It should be disabled when using HTTP instead of HTTPS (default: `true`).