tailcfg: add AcceptEnv field to SSHRule (#13523)
Add an `AcceptEnv` field to `SSHRule`. This will contain the collection of environment variable names / patterns that are specified in the `acceptEnv` block for the SSH rule within the policy file. This will be used in the tailscale client to filter out unacceptable environment variables. Updates: https://github.com/tailscale/corp/issues/22775 Signed-off-by: Mario Minardi <mario@tailscale.com>
This commit is contained in:
@@ -2451,6 +2451,13 @@ type SSHRule struct {
|
||||
// Action is the outcome to task.
|
||||
// A nil or invalid action means to deny.
|
||||
Action *SSHAction `json:"action"`
|
||||
|
||||
// AcceptEnv is a slice of environment variable names that are allowlisted
|
||||
// for the SSH rule in the policy file.
|
||||
//
|
||||
// AcceptEnv values may contain * and ? wildcard characters which match against
|
||||
// an arbitrary number of characters or a single character respectively.
|
||||
AcceptEnv []string `json:"acceptEnv,omitempty"`
|
||||
}
|
||||
|
||||
// SSHPrincipal is either a particular node or a user on any node.
|
||||
|
||||
Reference in New Issue
Block a user