starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-11 20:00:28 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

[Bug] Error out on unknown symbol for policy v2 #973

New Issue
Closed
opened 2025-12-29 02:26:57 +01:00 by adam · 0 comments
adam commented 2025-12-29 02:26:57 +01:00
Owner
Copy Link

Originally created by @nblock on GitHub (Mar 16, 2025).

Is this a support request?

  • This is not a support request

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

This policy loads fine with Headscale 0.25 (user1 has to exist as user):

{
  "acls": [
    {
      "action": "accept",
      "src": [
        "user1"
      ],
      "dst": [
        "user1:*"
      ]
    },
    {
      "action": "accept",
      "src": [
        "user1"
      ],
      "dst": [
        "autogroup:internet:*"
      ]
    }
  ]
}

When loading the same policy with 586a20fbff and HEADSCALE_EXPERIMENTAL_POLICY_V2=1 it also loads without error/warning. The policy is no longer valid as user1 does no longer exist (and policy was not updated to user1@).

Expected Behavior

Error out on loading the policy as user1 can no longer be used to refer to a user and no entry in the hosts section exists that could match otherwise.

Steps To Reproduce

Load the above policy with policy v2 enabled (HEADSCALE_EXPERIMENTAL_POLICY_V2=1 )

Environment

- OS: Debian 12
- Headscale version: 586a20fbff4e97519d68a7fdd0d75e1c7decec30
- Tailscale version: -

Runtime environment

  • Headscale is behind a (reverse) proxy
  • Headscale runs in a container

Anything else?

No response

Originally created by @nblock on GitHub (Mar 16, 2025). ### Is this a support request? - [x] This is not a support request ### Is there an existing issue for this? - [x] I have searched the existing issues ### Current Behavior This policy loads fine with Headscale 0.25 (`user1` has to exist as user): ```json { "acls": [ { "action": "accept", "src": [ "user1" ], "dst": [ "user1:*" ] }, { "action": "accept", "src": [ "user1" ], "dst": [ "autogroup:internet:*" ] } ] } ``` When loading the same policy with 586a20fbff4e97519d68a7fdd0d75e1c7decec30 and `HEADSCALE_EXPERIMENTAL_POLICY_V2=1` it also loads without error/warning. The policy is no longer valid as `user1` does no longer exist (and policy was not updated to `user1@`). ### Expected Behavior Error out on loading the policy as `user1` can no longer be used to refer to a user and no entry in the `hosts` section exists that could match otherwise. ### Steps To Reproduce Load the above policy with policy v2 enabled (`HEADSCALE_EXPERIMENTAL_POLICY_V2=1` ) ### Environment ```markdown - OS: Debian 12 - Headscale version: 586a20fbff4e97519d68a7fdd0d75e1c7decec30 - Tailscale version: - ``` ### Runtime environment - [ ] Headscale is behind a (reverse) proxy - [ ] Headscale runs in a container ### Anything else? _No response_
adam added the bugpolicy 📝 labels 2025-12-29 02:26:57 +01:00
adam closed this issue 2025-12-29 02:26:58 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
CLI
DERP
DNS
Nix
OIDC
SSH
bug
database
documentation
duplicate
enhancement
faq
good first issue
grants
help wanted
might-come
needs design doc
needs investigation
no-stale-bot
out of scope
performance
policy 📝
pull-request
Mirrored from GitHub Pull Request
 question
regression
routes
stale
tags
tailscale-feature-gap
well described ❤️
wontfix
No Label bug policy 📝
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/headscale#973
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?