tailcfg: add AcceptEnv field to SSHRule (#13523)

Add an `AcceptEnv` field to `SSHRule`. This will contain the collection
of environment variable names / patterns that are specified in the
`acceptEnv` block for the SSH rule within the policy file. This will be
used in the tailscale client to filter out unacceptable environment
variables.

Updates: https://github.com/tailscale/corp/issues/22775

Signed-off-by: Mario Minardi <mario@tailscale.com>
This commit is contained in:
Mario Minardi
2024-09-22 20:15:26 -06:00
committed by GitHub
parent dc86d3589c
commit 8d508712c9
3 changed files with 11 additions and 0 deletions
+7
View File
@@ -2451,6 +2451,13 @@ type SSHRule struct {
// Action is the outcome to task.
// A nil or invalid action means to deny.
Action *SSHAction `json:"action"`
// AcceptEnv is a slice of environment variable names that are allowlisted
// for the SSH rule in the policy file.
//
// AcceptEnv values may contain * and ? wildcard characters which match against
// an arbitrary number of characters or a single character respectively.
AcceptEnv []string `json:"acceptEnv,omitempty"`
}
// SSHPrincipal is either a particular node or a user on any node.