Kristoffer Dalby 0acf09bdd2 policy/v2: add localpart:*@domain SSH user compilation ...

Add support for localpart:*@<domain> entries in SSH policy users.
When a user SSHes into a target, their email local-part becomes the
OS username (e.g. alice@example.com → OS user alice).

Type system (types.go):
- SSHUser.IsLocalpart() and ParseLocalpart() for validation
- SSHUsers.LocalpartEntries(), NormalUsers(), ContainsLocalpart()
- Enforces format: localpart:*@<domain> (wildcard-only)
- UserWildcard.Resolve for user:*@domain SSH source aliases
- acceptEnv passthrough for SSH rules

Compilation (filter.go):
- resolveLocalparts: pure function mapping users to local-parts
  by email domain. No node walking, easy to test.
- groupSourcesByUser: single walk producing per-user principals
  with sorted user IDs, and tagged principals separately.
- ipSetToPrincipals: shared helper replacing 6 inline copies.
- selfPrincipalsForNode: self-access using pre-computed byUser.

The approach separates data gathering from rule assembly. Localpart
rules are interleaved per source user to match Tailscale SaaS
first-match-wins ordering.

Updates #3049

2026-02-28 05:14:11 -08:00

..

matcher

all: fix golangci-lint issues (#3064)

2026-02-06 21:45:32 +01:00

policyutil

all: upgrade to Go 1.26rc2 and modernize codebase

2026-02-08 12:35:23 +01:00

v2

policy/v2: add localpart:*@domain SSH user compilation

2026-02-28 05:14:11 -08:00

pm.go

state, policy, noise: implement SSH check period auto-approval

2026-02-25 21:28:05 +01:00

policy_autoapprove_test.go

all: upgrade to Go 1.26rc2 and modernize codebase

2026-02-08 12:35:23 +01:00

policy_route_approval_test.go

all: apply golangci-lint 2.9.0 fixes

2026-02-19 08:21:23 +01:00

policy_test.go

policy/v2: add localpart:*@domain SSH user compilation

2026-02-28 05:14:11 -08:00

policy.go

all: upgrade to Go 1.26rc2 and modernize codebase

2026-02-08 12:35:23 +01:00

route_approval_test.go

all: upgrade to Go 1.26rc2 and modernize codebase

2026-02-08 12:35:23 +01:00