remove hardcoded policies
This commit is contained in:
parent
a003e3b753
commit
d14db5e85c
1 changed files with 7 additions and 43 deletions
|
|
@ -3,52 +3,16 @@
|
|||
# Policies define behavioral flags for subnets, identities, and future contexts.
|
||||
# Chain: Subnet → Policy → Identity → Peer
|
||||
|
||||
# ======================================================
|
||||
# Hardcoded Fallbacks
|
||||
# Mirror of policies.json built-in policies.
|
||||
# Used when policies.json lookup fails.
|
||||
# ======================================================
|
||||
|
||||
declare -gA _POLICY_TUNNEL_MODE=(
|
||||
[default]="split"
|
||||
[guest]="split"
|
||||
[trusted]="split"
|
||||
[server]="split"
|
||||
[iot]="split"
|
||||
)
|
||||
|
||||
declare -gA _POLICY_DEFAULT_RULE=(
|
||||
[default]=""
|
||||
[guest]="guest"
|
||||
[trusted]=""
|
||||
[server]=""
|
||||
[iot]=""
|
||||
)
|
||||
|
||||
declare -gA _POLICY_STRICT_RULE=(
|
||||
[default]="false"
|
||||
[guest]="true"
|
||||
[trusted]="false"
|
||||
[server]="false"
|
||||
[iot]="false"
|
||||
)
|
||||
|
||||
declare -gA _POLICY_AUTO_APPLY=(
|
||||
[default]="true"
|
||||
[guest]="true"
|
||||
[trusted]="true"
|
||||
[server]="true"
|
||||
[iot]="true"
|
||||
)
|
||||
|
||||
function policy::_hardcoded_field() {
|
||||
local name="${1:-}" field="${2:-}"
|
||||
# Only fallback for 'default' policy if policies.json is unavailable
|
||||
[[ "$name" != "default" ]] && echo "" && return 0
|
||||
case "$field" in
|
||||
tunnel_mode) echo "${_POLICY_TUNNEL_MODE[$name]:-split}" ;;
|
||||
default_rule) echo "${_POLICY_DEFAULT_RULE[$name]:-}" ;;
|
||||
strict_rule) echo "${_POLICY_STRICT_RULE[$name]:-false}" ;;
|
||||
auto_apply) echo "${_POLICY_AUTO_APPLY[$name]:-true}" ;;
|
||||
*) echo "" ;;
|
||||
tunnel_mode) echo "split" ;;
|
||||
default_rule) echo "" ;;
|
||||
strict_rule) echo "false" ;;
|
||||
auto_apply) echo "true" ;;
|
||||
*) echo "" ;;
|
||||
esac
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue