public/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-02-21 20:20:31 +09:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

policy: fix issue where non existent user results in empty ssh pol
Some checks failed
Build / build-nix (push) Has been cancelled
Details
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Details
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Details
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Details
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Details
Check Generated Files / check-generated (push) Has been cancelled
Details
Tests / test (push) Has been cancelled
Details
Close inactive issues / close-issues (push) Has been cancelled
Details

Browse Source 
When we encounter a source we cannot resolve, we skipped the whole rule,
even if some of the srcs could be resolved. In this case, if we had one user
that exists and one that does not.

In the regular policy, we log this, and still let a rule be created from what
does exist, while in the SSH policy we did not.

This commit fixes it so the behaviour is the same.

Fixes #2863

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby
2025-11-10 17:00:03 +01:00
committed by Kristoffer Dalby
parent a28d9bed6d
commit 21e3f2598d
1 changed files with 0 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hscontrol/policy/v2/filter.go
View File

@@ -316,7 +316,6 @@ func (pol *Policy) compileSSHPolicy(
srcIPs, err := rule.Sources.Resolve(pol, users, nodes)
if err != nil {
log.Trace().Caller().Err(err).Msgf("SSH policy compilation failed resolving source ips for rule %+v", rule)
continue // Skip this rule if we can't resolve sources
}
if srcIPs == nil || len(srcIPs.Prefixes()) == 0 {