tailcfg: add AcceptEnv field to SSHRule (tailscale#13523)

Add an `AcceptEnv` field to `SSHRule`. This will contain the collection of environment variable names / patterns that are specified in the `acceptEnv` block for the SSH rule within the policy file. This will be used in the tailscale client to filter out unacceptable environment variables. Updates: tailscale/corp#22775 Signed-off-by: Mario Minardi <mario@tailscale.com>
nshalman · Sep 23, 2024 · 8d50871 · 8d50871
1 parent dc86d35
commit 8d50871
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 0 deletions.
diff --git a/tailcfg/tailcfg.go b/tailcfg/tailcfg.go
@@ -2451,6 +2451,13 @@ type SSHRule struct {
 	// Action is the outcome to task.
 	// A nil or invalid action means to deny.
 	Action *SSHAction `json:"action"`
+
+	// AcceptEnv is a slice of environment variable names that are allowlisted
+	// for the SSH rule in the policy file.
+	//
+	// AcceptEnv values may contain * and ? wildcard characters which match against
+	// an arbitrary number of characters or a single character respectively.
+	AcceptEnv []string `json:"acceptEnv,omitempty"`
 }
 
 // SSHPrincipal is either a particular node or a user on any node.

diff --git a/tailcfg/tailcfg_clone.go b/tailcfg/tailcfg_clone.go
diff --git a/tailcfg/tailcfg_view.go b/tailcfg/tailcfg_view.go