Merge branch 'main' into configurable-mtls

beclab · Jan 31, 2022 · 168b1bd · 168b1bd
2 parents 9de5c7f + e05c5e0
commit 168b1bd
Show file tree

Hide file tree

Showing 43 changed files with 958 additions and 546 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -14,22 +14,38 @@ jobs:
 
     steps:
       - uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v14.1
+        with:
+          files: |
+            go.*
+            **/*.go
+            integration_test/
+            config-example.yaml
 
       - name: Setup Go
+        if: steps.changed-files.outputs.any_changed == 'true'
         uses: actions/setup-go@v2
         with:
           go-version: "1.17"
 
       - name: Install dependencies
+        if: steps.changed-files.outputs.any_changed == 'true'
         run: |
           go version
           sudo apt update
           sudo apt install -y make
 
       - name: Run build
+        if: steps.changed-files.outputs.any_changed == 'true'
         run: make build
 
       - uses: actions/upload-artifact@v2
+        if: steps.changed-files.outputs.any_changed == 'true'
         with:
           name: headscale-linux
           path: headscale
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -8,8 +8,21 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v14.1
+        with:
+          files: |
+            go.*
+            **/*.go
+            integration_test/
+            config-example.yaml
 
       - name: golangci-lint
+        if: steps.changed-files.outputs.any_changed == 'true'
         uses: golangci/golangci-lint-action@v2
         with:
           version: latest
@@ -24,8 +37,26 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v14.1
+        with:
+          files: |
+            **/*.md
+            **/*.yml
+            **/*.yaml
+            **/*.ts
+            **/*.js
+            **/*.sass
+            **/*.css
+            **/*.scss
+            **/*.html
 
       - name: Prettify code
+        if: steps.changed-files.outputs.any_changed == 'true'
         uses: creyD/prettier_action@v4.0
         with:
           prettier_options: >-

diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml
@@ -3,21 +3,30 @@ name: CI
 on: [pull_request]
 
 jobs:
-  # The "build" workflow
   integration-test:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v14.1
+        with:
+          files: |
+            go.*
+            **/*.go
+            integration_test/
+            config-example.yaml
 
-      # Setup Go
       - name: Setup Go
+        if: steps.changed-files.outputs.any_changed == 'true'
         uses: actions/setup-go@v2
         with:
           go-version: "1.17"
 
       - name: Run Integration tests
+        if: steps.changed-files.outputs.any_changed == 'true'
         run: go test -tags integration -timeout 30m
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -3,31 +3,41 @@ name: CI
 on: [push, pull_request]
 
 jobs:
-  # The "build" workflow
   test:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v14.1
+        with:
+          files: |
+            go.*
+            **/*.go
+            integration_test/
+            config-example.yaml
 
-      # Setup Go
       - name: Setup Go
+        if: steps.changed-files.outputs.any_changed == 'true'
         uses: actions/setup-go@v2
         with:
-          go-version: "1.17" # The Go version to download (if necessary) and use.
+          go-version: "1.17"
 
-      # Install all the dependencies
       - name: Install dependencies
+        if: steps.changed-files.outputs.any_changed == 'true'
         run: |
           go version
           sudo apt update
           sudo apt install -y make
 
       - name: Run tests
+        if: steps.changed-files.outputs.any_changed == 'true'
         run: make test
 
       - name: Run build
+        if: steps.changed-files.outputs.any_changed == 'true'
         run: make
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -1,8 +1,7 @@
-# This is an example .goreleaser.yml file with some sane defaults.
-# Make sure to check the documentation at http://goreleaser.com
+---
 before:
   hooks:
-    - go mod tidy
+    - go mod tidy -compat=1.17
 
 release:
   prerelease: auto
@@ -33,7 +32,7 @@ builds:
     goarch:
       - arm
     goarm:
-      - 7
+      - "7"
     env:
       - CC=arm-linux-gnueabihf-gcc
       - CXX=arm-linux-gnueabihf-g++

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,18 @@
 
 **TBD (TBD):**
 
+**0.13.0 (2022-xx-xx):**
+
+**Features**:
+
+- Add IPv6 support to the prefix assigned to namespaces
+
+**Changes**:
+
+- `ip_prefix` is now superseded by `ip_prefixes` in the configuration [#208](https://github.com/juanfont/headscale/pull/208)
+
+**0.12.4 (2022-01-29):**
+
 **Changes**:
 
 - Make gRPC Unix Socket permissions configurable [#292](https://github.com/juanfont/headscale/pull/292)

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Builder image
-FROM golang:1.17.6-bullseye AS build
+FROM docker.io/golang:1.17.1-bullseye AS build
 ENV GOPATH /go
 WORKDIR /go/src/headscale
 

diff --git a/Dockerfile.alpine b/Dockerfile.alpine
@@ -1,5 +1,5 @@
 # Builder image
-FROM golang:1.17.6-alpine AS build
+FROM docker.io/golang:1.17.1-alpine AS build
 ENV GOPATH /go
 WORKDIR /go/src/headscale
 
@@ -14,7 +14,7 @@ RUN strip /go/bin/headscale
 RUN test -e /go/bin/headscale
 
 # Production image
-FROM alpine:latest
+FROM docker.io/alpine:latest
 
 COPY --from=build /go/bin/headscale /bin/headscale
 ENV TZ UTC

diff --git a/Dockerfile.debug b/Dockerfile.debug
@@ -1,5 +1,5 @@
 # Builder image
-FROM golang:1.17.1-bullseye AS build
+FROM docker.io/golang:1.17.1-bullseye AS build
 ENV GOPATH /go
 WORKDIR /go/src/headscale
 

diff --git a/Dockerfile.tailscale b/Dockerfile.tailscale
@@ -7,5 +7,5 @@ RUN apt-get update \
     && curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.gpg | apt-key add - \
     && curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.list | tee /etc/apt/sources.list.d/tailscale.list \
     && apt-get update \
-    && apt-get install -y tailscale=${TAILSCALE_VERSION} \
+    && apt-get install -y tailscale=${TAILSCALE_VERSION} dnsutils \
     && rm -rf /var/lib/apt/lists/*
diff --git a/Makefile b/Makefile
@@ -18,7 +18,7 @@ test:
 	@go test -coverprofile=coverage.out ./...
 
 test_integration:
-	go test -tags integration -timeout 30m ./...
+	go test -tags integration -timeout 30m -count=1 ./...
 
 test_integration_cli:
 	go test -tags integration -v integration_cli_test.go integration_common_test.go

diff --git a/acls.go b/acls.go
@@ -188,7 +188,7 @@ func (h *Headscale) expandAlias(alias string) ([]string, error) {
 				return nil, errInvalidNamespace
 			}
 			for _, node := range nodes {
-				ips = append(ips, node.IPAddress)
+				ips = append(ips, node.IPAddresses.ToStringSlice()...)
 			}
 		}
 
@@ -222,7 +222,7 @@ func (h *Headscale) expandAlias(alias string) ([]string, error) {
 				// FIXME: Check TagOwners allows this
 				for _, t := range hostinfo.RequestTags {
 					if alias[4:] == t {
-						ips = append(ips, machine.IPAddress)
+						ips = append(ips, machine.IPAddresses.ToStringSlice()...)
 
 						break
 					}
@@ -241,7 +241,7 @@ func (h *Headscale) expandAlias(alias string) ([]string, error) {
 		}
 		ips := []string{}
 		for _, n := range nodes {
-			ips = append(ips, n.IPAddress)
+			ips = append(ips, n.IPAddresses.ToStringSlice()...)
 		}
 
 		return ips, nil

diff --git a/acls_test.go b/acls_test.go
@@ -61,9 +61,9 @@ func (s *Suite) TestPortRange(c *check.C) {
 	c.Assert(rules, check.NotNil)
 
 	c.Assert(rules, check.HasLen, 1)
-	c.Assert((rules)[0].DstPorts, check.HasLen, 1)
-	c.Assert((rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(5400))
-	c.Assert((rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(5500))
+	c.Assert(rules[0].DstPorts, check.HasLen, 1)
+	c.Assert(rules[0].DstPorts[0].Ports.First, check.Equals, uint16(5400))
+	c.Assert(rules[0].DstPorts[0].Ports.Last, check.Equals, uint16(5500))
 }
 
 func (s *Suite) TestPortWildcard(c *check.C) {
@@ -75,11 +75,11 @@ func (s *Suite) TestPortWildcard(c *check.C) {
 	c.Assert(rules, check.NotNil)
 
 	c.Assert(rules, check.HasLen, 1)
-	c.Assert((rules)[0].DstPorts, check.HasLen, 1)
-	c.Assert((rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
-	c.Assert((rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
-	c.Assert((rules)[0].SrcIPs, check.HasLen, 1)
-	c.Assert((rules)[0].SrcIPs[0], check.Equals, "*")
+	c.Assert(rules[0].DstPorts, check.HasLen, 1)
+	c.Assert(rules[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
+	c.Assert(rules[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
+	c.Assert(rules[0].SrcIPs, check.HasLen, 1)
+	c.Assert(rules[0].SrcIPs[0], check.Equals, "*")
 }
 
 func (s *Suite) TestPortNamespace(c *check.C) {
@@ -91,7 +91,7 @@ func (s *Suite) TestPortNamespace(c *check.C) {
 
 	_, err = app.GetMachine("testnamespace", "testmachine")
 	c.Assert(err, check.NotNil)
-	ip, _ := app.getAvailableIP()
+	ips, _ := app.getAvailableIPs()
 	machine := Machine{
 		ID:             0,
 		MachineKey:     "foo",
@@ -101,7 +101,7 @@ func (s *Suite) TestPortNamespace(c *check.C) {
 		NamespaceID:    namespace.ID,
 		Registered:     true,
 		RegisterMethod: RegisterMethodAuthKey,
-		IPAddress:      ip.String(),
+		IPAddresses:    ips,
 		AuthKeyID:      uint(pak.ID),
 	}
 	app.db.Save(&machine)
@@ -116,12 +116,13 @@ func (s *Suite) TestPortNamespace(c *check.C) {
 	c.Assert(rules, check.NotNil)
 
 	c.Assert(rules, check.HasLen, 1)
-	c.Assert((rules)[0].DstPorts, check.HasLen, 1)
-	c.Assert((rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
-	c.Assert((rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
-	c.Assert((rules)[0].SrcIPs, check.HasLen, 1)
-	c.Assert((rules)[0].SrcIPs[0], check.Not(check.Equals), "not an ip")
-	c.Assert((rules)[0].SrcIPs[0], check.Equals, ip.String())
+	c.Assert(rules[0].DstPorts, check.HasLen, 1)
+	c.Assert(rules[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
+	c.Assert(rules[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
+	c.Assert(rules[0].SrcIPs, check.HasLen, 1)
+	c.Assert(rules[0].SrcIPs[0], check.Not(check.Equals), "not an ip")
+	c.Assert(len(ips), check.Equals, 1)
+	c.Assert(rules[0].SrcIPs[0], check.Equals, ips[0].String())
 }
 
 func (s *Suite) TestPortGroup(c *check.C) {
@@ -133,7 +134,7 @@ func (s *Suite) TestPortGroup(c *check.C) {
 
 	_, err = app.GetMachine("testnamespace", "testmachine")
 	c.Assert(err, check.NotNil)
-	ip, _ := app.getAvailableIP()
+	ips, _ := app.getAvailableIPs()
 	machine := Machine{
 		ID:             0,
 		MachineKey:     "foo",
@@ -143,7 +144,7 @@ func (s *Suite) TestPortGroup(c *check.C) {
 		NamespaceID:    namespace.ID,
 		Registered:     true,
 		RegisterMethod: RegisterMethodAuthKey,
-		IPAddress:      ip.String(),
+		IPAddresses:    ips,
 		AuthKeyID:      uint(pak.ID),
 	}
 	app.db.Save(&machine)
@@ -156,10 +157,11 @@ func (s *Suite) TestPortGroup(c *check.C) {
 	c.Assert(rules, check.NotNil)
 
 	c.Assert(rules, check.HasLen, 1)
-	c.Assert((rules)[0].DstPorts, check.HasLen, 1)
-	c.Assert((rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
-	c.Assert((rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
-	c.Assert((rules)[0].SrcIPs, check.HasLen, 1)
-	c.Assert((rules)[0].SrcIPs[0], check.Not(check.Equals), "not an ip")
-	c.Assert((rules)[0].SrcIPs[0], check.Equals, ip.String())
+	c.Assert(rules[0].DstPorts, check.HasLen, 1)
+	c.Assert(rules[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
+	c.Assert(rules[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
+	c.Assert(rules[0].SrcIPs, check.HasLen, 1)
+	c.Assert(rules[0].SrcIPs[0], check.Not(check.Equals), "not an ip")
+	c.Assert(len(ips), check.Equals, 1)
+	c.Assert(rules[0].SrcIPs[0], check.Equals, ips[0].String())
 }