remove hardcoded policies

This commit is contained in:
Nuno Duque Nunes 2026-05-25 18:47:48 +00:00
parent a003e3b753
commit d14db5e85c

View file

@ -3,51 +3,15 @@
# Policies define behavioral flags for subnets, identities, and future contexts. # Policies define behavioral flags for subnets, identities, and future contexts.
# Chain: Subnet → Policy → Identity → Peer # Chain: Subnet → Policy → Identity → Peer
# ======================================================
# Hardcoded Fallbacks
# Mirror of policies.json built-in policies.
# Used when policies.json lookup fails.
# ======================================================
declare -gA _POLICY_TUNNEL_MODE=(
[default]="split"
[guest]="split"
[trusted]="split"
[server]="split"
[iot]="split"
)
declare -gA _POLICY_DEFAULT_RULE=(
[default]=""
[guest]="guest"
[trusted]=""
[server]=""
[iot]=""
)
declare -gA _POLICY_STRICT_RULE=(
[default]="false"
[guest]="true"
[trusted]="false"
[server]="false"
[iot]="false"
)
declare -gA _POLICY_AUTO_APPLY=(
[default]="true"
[guest]="true"
[trusted]="true"
[server]="true"
[iot]="true"
)
function policy::_hardcoded_field() { function policy::_hardcoded_field() {
local name="${1:-}" field="${2:-}" local name="${1:-}" field="${2:-}"
# Only fallback for 'default' policy if policies.json is unavailable
[[ "$name" != "default" ]] && echo "" && return 0
case "$field" in case "$field" in
tunnel_mode) echo "${_POLICY_TUNNEL_MODE[$name]:-split}" ;; tunnel_mode) echo "split" ;;
default_rule) echo "${_POLICY_DEFAULT_RULE[$name]:-}" ;; default_rule) echo "" ;;
strict_rule) echo "${_POLICY_STRICT_RULE[$name]:-false}" ;; strict_rule) echo "false" ;;
auto_apply) echo "${_POLICY_AUTO_APPLY[$name]:-true}" ;; auto_apply) echo "true" ;;
*) echo "" ;; *) echo "" ;;
esac esac
} }