diff --git a/modules/policy.module.sh b/modules/policy.module.sh index 5a80ea5..845561b 100644 --- a/modules/policy.module.sh +++ b/modules/policy.module.sh @@ -3,52 +3,16 @@ # Policies define behavioral flags for subnets, identities, and future contexts. # Chain: Subnet → Policy → Identity → Peer -# ====================================================== -# Hardcoded Fallbacks -# Mirror of policies.json built-in policies. -# Used when policies.json lookup fails. -# ====================================================== - -declare -gA _POLICY_TUNNEL_MODE=( - [default]="split" - [guest]="split" - [trusted]="split" - [server]="split" - [iot]="split" -) - -declare -gA _POLICY_DEFAULT_RULE=( - [default]="" - [guest]="guest" - [trusted]="" - [server]="" - [iot]="" -) - -declare -gA _POLICY_STRICT_RULE=( - [default]="false" - [guest]="true" - [trusted]="false" - [server]="false" - [iot]="false" -) - -declare -gA _POLICY_AUTO_APPLY=( - [default]="true" - [guest]="true" - [trusted]="true" - [server]="true" - [iot]="true" -) - function policy::_hardcoded_field() { local name="${1:-}" field="${2:-}" + # Only fallback for 'default' policy if policies.json is unavailable + [[ "$name" != "default" ]] && echo "" && return 0 case "$field" in - tunnel_mode) echo "${_POLICY_TUNNEL_MODE[$name]:-split}" ;; - default_rule) echo "${_POLICY_DEFAULT_RULE[$name]:-}" ;; - strict_rule) echo "${_POLICY_STRICT_RULE[$name]:-false}" ;; - auto_apply) echo "${_POLICY_AUTO_APPLY[$name]:-true}" ;; - *) echo "" ;; + tunnel_mode) echo "split" ;; + default_rule) echo "" ;; + strict_rule) echo "false" ;; + auto_apply) echo "true" ;; + *) echo "" ;; esac }