Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Registration simplification #366

Merged
merged 31 commits into from
Mar 2, 2022
Merged

Registration simplification #366

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
c58ce6f
Generalise the registration method to DRY stuff up
kradalby Feb 27, 2022
acb9458
Generalise registration for pre auth keys
kradalby Feb 27, 2022
fd1e4a1
Generalise registration for openid
kradalby Feb 27, 2022
caffbd8
Update cli registration with new method
kradalby Feb 27, 2022
ecc2643
Fix excessive replace
kradalby Feb 27, 2022
1caa6f5
Add todo for JSON datatype
kradalby Feb 27, 2022
469551b
Register new machines needing callback in memory
kradalby Feb 28, 2022
402a760
Reuse machine structure for parameters, named parameters
kradalby Feb 28, 2022
54cc3c0
Implement new machine register parameter
kradalby Feb 28, 2022
50053e6
Ignore complexity linter
kradalby Feb 28, 2022
c6b87de
Remove poorly aged test
kradalby Feb 28, 2022
e7bef56
Remove reference to registered in integration test
kradalby Feb 28, 2022
35616eb
Fix oidc error were namespace isnt created #365
kradalby Feb 28, 2022
16b21e8
Remove all references to Machine.Registered
kradalby Feb 28, 2022
a8649d8
Remove all references to Machine.Registered from tests
kradalby Feb 28, 2022
78251ce
Remove registrated field
kradalby Feb 28, 2022
eea8e7b
Update changelog
kradalby Feb 28, 2022
5e1b129
Remove registered field from proto
kradalby Feb 28, 2022
e64bee7
Regenerate proto
kradalby Feb 28, 2022
5e92dda
Remove redundant caches
kradalby Feb 28, 2022
8bef04d
Remove sorted todo
kradalby Feb 28, 2022
3790176
Reformat and add db backup note
kradalby Feb 28, 2022
82cb6b9
Cleanup some unreachable code
kradalby Feb 28, 2022
7c63412
Remove todo
kradalby Feb 28, 2022
d34d617
Merge branch 'main' into registration-simplification
kradalby Mar 1, 2022
a9d4fa8
Merge branch 'main' into registration-simplification
kradalby Mar 1, 2022
86ade72
Remove err check
kradalby Mar 1, 2022
ec4dc68
Use correct machinekey format for oidc reg
kradalby Mar 2, 2022
ef422e6
Protect against expiry nil
kradalby Mar 2, 2022
1f8c7f4
Add comment
kradalby Mar 2, 2022
e4d81bb
Merge branch 'main' into registration-simplification
kradalby Mar 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .golangci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ linters:
- wrapcheck
- dupl
- makezero
- maintidx

# We might want to enable this, but it might be a lot of work
- cyclop
Expand Down
50 changes: 27 additions & 23 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,51 +1,55 @@
# CHANGELOG

**0.15.0 (2022-xx-xx):**
## 0.15.0 (2022-xx-xx)

**BREAKING**:
**Note:** Take a backup of your database before upgrading.

### BREAKING

- Boundaries between Namespaces has been removed and all nodes can communicate by default [#357](https://github.com/juanfont/headscale/pull/357)
- To limit access between nodes, use [ACLs](./docs/acls.md).

**Features**:
### Features

- Add support for writing ACL files with YAML [#359](https://github.com/juanfont/headscale/pull/359)
- Users can now use emails in ACL's groups [#372](https://github.com/juanfont/headscale/issues/372)

**Changes**:
### Changes

- Fix a bug were the same IP could be assigned to multiple hosts if joined in quick succession [#346](https://github.com/juanfont/headscale/pull/346)
- Simplify the code behind registration of machines [#366](https://github.com/juanfont/headscale/pull/366)
- Nodes are now only written to database if they are registrated successfully
- Fix a limitation in the ACLs that prevented users to write rules with `*` as source [#374](https://github.com/juanfont/headscale/issues/374)

**0.14.0 (2022-02-24):**
## 0.14.0 (2022-02-24)

**UPCOMING BREAKING**:
From the **next** version (`0.15.0`), all machines will be able to communicate regardless of
**UPCOMING ### BREAKING
From the **next\*\* version (`0.15.0`), all machines will be able to communicate regardless of
if they are in the same namespace. This means that the behaviour currently limited to ACLs
will become default. From version `0.15.0`, all limitation of communications must be done
with ACLs.

This is a part of aligning `headscale`'s behaviour with Tailscale's upstream behaviour.

**BREAKING**:
### BREAKING

- ACLs have been rewritten to align with the bevaviour Tailscale Control Panel provides. **NOTE:** This is only active if you use ACLs
- Namespaces are now treated as Users
- All machines can communicate with all machines by default
- Tags should now work correctly and adding a host to Headscale should now reload the rules.
- The documentation have a [fictional example](docs/acls.md) that should cover some use cases of the ACLs features

**Features**:
### Features

- Add support for configurable mTLS [docs](docs/tls.md#configuring-mutual-tls-authentication-mtls) [#297](https://github.com/juanfont/headscale/pull/297)

**Changes**:
### Changes

- Remove dependency on CGO (switch from CGO SQLite to pure Go) [#346](https://github.com/juanfont/headscale/pull/346)

**0.13.0 (2022-02-18):**

**Features**:
### Features

- Add IPv6 support to the prefix assigned to namespaces
- Add API Key support
Expand All @@ -56,7 +60,7 @@ This is a part of aligning `headscale`'s behaviour with Tailscale's upstream beh
- `oidc.domain_map` option has been removed
- `strip_email_domain` option has been added (see [config-example.yaml](./config_example.yaml))

**Changes**:
### Changes

- `ip_prefix` is now superseded by `ip_prefixes` in the configuration [#208](https://github.com/juanfont/headscale/pull/208)
- Upgrade `tailscale` (1.20.4) and other dependencies to latest [#314](https://github.com/juanfont/headscale/pull/314)
Expand All @@ -65,55 +69,55 @@ This is a part of aligning `headscale`'s behaviour with Tailscale's upstream beh

**0.12.4 (2022-01-29):**

**Changes**:
### Changes

- Make gRPC Unix Socket permissions configurable [#292](https://github.com/juanfont/headscale/pull/292)
- Trim whitespace before reading Private Key from file [#289](https://github.com/juanfont/headscale/pull/289)
- Add new command to generate a private key for `headscale` [#290](https://github.com/juanfont/headscale/pull/290)
- Fixed issue where hosts deleted from control server may be written back to the database, as long as they are connected to the control server [#278](https://github.com/juanfont/headscale/pull/278)

**0.12.3 (2022-01-13):**
## 0.12.3 (2022-01-13)

**Changes**:
### Changes

- Added Alpine container [#270](https://github.com/juanfont/headscale/pull/270)
- Minor updates in dependencies [#271](https://github.com/juanfont/headscale/pull/271)

**0.12.2 (2022-01-11):**
## 0.12.2 (2022-01-11)

Happy New Year!

**Changes**:
### Changes

- Fix Docker release [#258](https://github.com/juanfont/headscale/pull/258)
- Rewrite main docs [#262](https://github.com/juanfont/headscale/pull/262)
- Improve Docker docs [#263](https://github.com/juanfont/headscale/pull/263)

**0.12.1 (2021-12-24):**
## 0.12.1 (2021-12-24)

(We are skipping 0.12.0 to correct a mishap done weeks ago with the version tagging)

**BREAKING**:
### BREAKING

- Upgrade to Tailscale 1.18 [#229](https://github.com/juanfont/headscale/pull/229)
- This change requires a new format for private key, private keys are now generated automatically:
1. Delete your current key
2. Restart `headscale`, a new key will be generated.
3. Restart all Tailscale clients to fetch the new key

**Changes**:
### Changes

- Unify configuration example [#197](https://github.com/juanfont/headscale/pull/197)
- Add stricter linting and formatting [#223](https://github.com/juanfont/headscale/pull/223)

**Features**:
### Features

- Add gRPC and HTTP API (HTTP API is currently disabled) [#204](https://github.com/juanfont/headscale/pull/204)
- Use gRPC between the CLI and the server [#206](https://github.com/juanfont/headscale/pull/206), [#212](https://github.com/juanfont/headscale/pull/212)
- Beta OpenID Connect support [#126](https://github.com/juanfont/headscale/pull/126), [#227](https://github.com/juanfont/headscale/pull/227)

**0.11.0 (2021-10-25):**
## 0.11.0 (2021-10-25)

**BREAKING**:
### BREAKING

- Make headscale fetch DERP map from URL and file [#196](https://github.com/juanfont/headscale/pull/196)
7 changes: 0 additions & 7 deletions acls_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,6 @@ func (s *Suite) TestValidExpandTagOwnersInUsers(c *check.C) {
Name: "testmachine",
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.1")},
NamespaceID: namespace.ID,
Registered: true,
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
HostInfo: datatypes.JSON(hostInfo),
Expand Down Expand Up @@ -163,7 +162,6 @@ func (s *Suite) TestValidExpandTagOwnersInPorts(c *check.C) {
Name: "testmachine",
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.1")},
NamespaceID: namespace.ID,
Registered: true,
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
HostInfo: datatypes.JSON(hostInfo),
Expand Down Expand Up @@ -207,7 +205,6 @@ func (s *Suite) TestInvalidTagValidNamespace(c *check.C) {
Name: "testmachine",
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.1")},
NamespaceID: namespace.ID,
Registered: true,
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
HostInfo: datatypes.JSON(hostInfo),
Expand Down Expand Up @@ -250,7 +247,6 @@ func (s *Suite) TestValidTagInvalidNamespace(c *check.C) {
Name: "webserver",
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.1")},
NamespaceID: namespace.ID,
Registered: true,
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
HostInfo: datatypes.JSON(hostInfo),
Expand All @@ -267,7 +263,6 @@ func (s *Suite) TestValidTagInvalidNamespace(c *check.C) {
Name: "user",
IPAddresses: MachineAddresses{netaddr.MustParseIP("100.64.0.2")},
NamespaceID: namespace.ID,
Registered: true,
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
HostInfo: datatypes.JSON(hostInfo),
Expand Down Expand Up @@ -361,7 +356,6 @@ func (s *Suite) TestPortNamespace(c *check.C) {
DiscoKey: "faa",
Name: "testmachine",
NamespaceID: namespace.ID,
Registered: true,
RegisterMethod: RegisterMethodAuthKey,
IPAddresses: ips,
AuthKeyID: uint(pak.ID),
Expand Down Expand Up @@ -404,7 +398,6 @@ func (s *Suite) TestPortGroup(c *check.C) {
DiscoKey: "faa",
Name: "testmachine",
NamespaceID: namespace.ID,
Registered: true,
RegisterMethod: RegisterMethodAuthKey,
IPAddresses: ips,
AuthKeyID: uint(pak.ID),
Expand Down
Loading