remove hardcoded policies
This commit is contained in:
parent
a003e3b753
commit
d14db5e85c
1 changed files with 7 additions and 43 deletions
|
|
@ -3,51 +3,15 @@
|
||||||
# Policies define behavioral flags for subnets, identities, and future contexts.
|
# Policies define behavioral flags for subnets, identities, and future contexts.
|
||||||
# Chain: Subnet → Policy → Identity → Peer
|
# Chain: Subnet → Policy → Identity → Peer
|
||||||
|
|
||||||
# ======================================================
|
|
||||||
# Hardcoded Fallbacks
|
|
||||||
# Mirror of policies.json built-in policies.
|
|
||||||
# Used when policies.json lookup fails.
|
|
||||||
# ======================================================
|
|
||||||
|
|
||||||
declare -gA _POLICY_TUNNEL_MODE=(
|
|
||||||
[default]="split"
|
|
||||||
[guest]="split"
|
|
||||||
[trusted]="split"
|
|
||||||
[server]="split"
|
|
||||||
[iot]="split"
|
|
||||||
)
|
|
||||||
|
|
||||||
declare -gA _POLICY_DEFAULT_RULE=(
|
|
||||||
[default]=""
|
|
||||||
[guest]="guest"
|
|
||||||
[trusted]=""
|
|
||||||
[server]=""
|
|
||||||
[iot]=""
|
|
||||||
)
|
|
||||||
|
|
||||||
declare -gA _POLICY_STRICT_RULE=(
|
|
||||||
[default]="false"
|
|
||||||
[guest]="true"
|
|
||||||
[trusted]="false"
|
|
||||||
[server]="false"
|
|
||||||
[iot]="false"
|
|
||||||
)
|
|
||||||
|
|
||||||
declare -gA _POLICY_AUTO_APPLY=(
|
|
||||||
[default]="true"
|
|
||||||
[guest]="true"
|
|
||||||
[trusted]="true"
|
|
||||||
[server]="true"
|
|
||||||
[iot]="true"
|
|
||||||
)
|
|
||||||
|
|
||||||
function policy::_hardcoded_field() {
|
function policy::_hardcoded_field() {
|
||||||
local name="${1:-}" field="${2:-}"
|
local name="${1:-}" field="${2:-}"
|
||||||
|
# Only fallback for 'default' policy if policies.json is unavailable
|
||||||
|
[[ "$name" != "default" ]] && echo "" && return 0
|
||||||
case "$field" in
|
case "$field" in
|
||||||
tunnel_mode) echo "${_POLICY_TUNNEL_MODE[$name]:-split}" ;;
|
tunnel_mode) echo "split" ;;
|
||||||
default_rule) echo "${_POLICY_DEFAULT_RULE[$name]:-}" ;;
|
default_rule) echo "" ;;
|
||||||
strict_rule) echo "${_POLICY_STRICT_RULE[$name]:-false}" ;;
|
strict_rule) echo "false" ;;
|
||||||
auto_apply) echo "${_POLICY_AUTO_APPLY[$name]:-true}" ;;
|
auto_apply) echo "true" ;;
|
||||||
*) echo "" ;;
|
*) echo "" ;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue