summaryrefslogtreecommitdiffhomepage
path: root/ipn/ipnlocal/network-lock.go
diff options
context:
space:
mode:
Diffstat (limited to 'ipn/ipnlocal/network-lock.go')
-rw-r--r--ipn/ipnlocal/network-lock.go32
1 files changed, 32 insertions, 0 deletions
diff --git a/ipn/ipnlocal/network-lock.go b/ipn/ipnlocal/network-lock.go
index 81d6e275a..12711b259 100644
--- a/ipn/ipnlocal/network-lock.go
+++ b/ipn/ipnlocal/network-lock.go
@@ -27,6 +27,7 @@ import (
"tailscale.com/health/healthmsg"
"tailscale.com/ipn"
"tailscale.com/ipn/ipnstate"
+ "tailscale.com/ipn/store/mem"
"tailscale.com/net/tsaddr"
"tailscale.com/tailcfg"
"tailscale.com/tka"
@@ -38,6 +39,7 @@ import (
"tailscale.com/types/tkatype"
"tailscale.com/util/mak"
"tailscale.com/util/set"
+ "tailscale.com/util/testenv"
)
// TODO(tom): RPC retry/backoff was broken and has been removed. Fix?
@@ -47,6 +49,13 @@ var (
errNetworkLockNotActive = errors.New("tailnet-lock is not active")
)
+// IsNetworkLockNotActive reports whether the given error indicates that
+// network-lock is not active. Stop-gap for feature/tailnetlock to check this
+// until all of this is code is moved to the feature.
+func IsNetworkLockNotActive(err error) bool {
+ return errors.Is(err, errNetworkLockNotActive)
+}
+
type tkaState struct {
profile ipn.ProfileID
authority *tka.Authority
@@ -702,6 +711,7 @@ func (b *LocalBackend) NetworkLockAllowed() bool {
// Only use is in tests.
func (b *LocalBackend) NetworkLockVerifySignatureForTest(nks tkatype.MarshaledSignature, nodeKey key.NodePublic) error {
+ testenv.AssertInTest()
b.mu.Lock()
defer b.mu.Unlock()
if b.tka == nil {
@@ -712,6 +722,7 @@ func (b *LocalBackend) NetworkLockVerifySignatureForTest(nks tkatype.MarshaledSi
// Only use is in tests.
func (b *LocalBackend) NetworkLockKeyTrustedForTest(keyID tkatype.KeyID) bool {
+ testenv.AssertInTest()
b.mu.Lock()
defer b.mu.Unlock()
if b.tka == nil {
@@ -1481,3 +1492,24 @@ func (b *LocalBackend) tkaReadAffectedSigs(ourNodeKey key.NodePublic, key tkatyp
return a, nil
}
+
+// LocalBackendWithTKAForTest creates a LocalBackend with an initialized TKA
+// state for testing tailnet lock from the feature/tailnetlock package. Will be
+// removed when tailnet lock is fully moved to its own package. Do not use this
+// from any other package.
+func LocalBackendWithTKAForTest(chonk tka.CompactableChonk, tka *tka.Authority) *LocalBackend {
+ testenv.AssertInTest()
+
+ var state *tkaState
+ if tka != nil {
+ state = &tkaState{
+ authority: tka,
+ storage: chonk,
+ }
+ }
+ return &LocalBackend{
+ store: &mem.Store{},
+ logf: logger.Discard,
+ tka: state,
+ }
+}
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.