allow users to be defined with @ in v1 (#2495)

* allow users to be defined with @ in v1 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove integration test rewrite hack Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove test rewrite hack Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * add @ to integration tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * a bit to agressive removeals Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * fix last test Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-03-30 13:19:05 +02:00 · 2025-03-30 13:19:05 +02:00 · e3521be705
commit e3521be705
parent f52f15ff08
12 changed files with 76 additions and 150 deletions
--- a/integration/hsic/hsic.go
+++ b/integration/hsic/hsic.go
@ -12,7 +12,6 @@ import (
 	"net/netip"
 	"os"
 	"path"
-	"regexp"
 	"sort"
 	"strconv"
 	"strings"
@ -413,10 +412,6 @@ func New(
 	}

 	if hsic.aclPolicy != nil {
-		// Rewrite all user entries in the policy to have an @ at the end.
-		if hsic.policyV2 {
-			RewritePolicyToV2(hsic.aclPolicy)
-		}
 		data, err := json.Marshal(hsic.aclPolicy)
 		if err != nil {
 			return nil, fmt.Errorf("failed to marshal ACL Policy to JSON: %w", err)
@ -878,50 +873,3 @@ func (t *HeadscaleInContainer) SendInterrupt() error {

 	return nil
 }
-
-// TODO(kradalby): Remove this function when v1 is deprecated
-func rewriteUsersToV2(strs []string) []string {
-	var result []string
-	userPattern := regexp.MustCompile(`^user\d+$`)
-
-	for _, username := range strs {
-		parts := strings.Split(username, ":")
-		if len(parts) == 0 {
-			result = append(result, username)
-			continue
-		}
-		firstPart := parts[0]
-		if userPattern.MatchString(firstPart) {
-			modifiedFirst := firstPart + "@"
-			if len(parts) > 1 {
-				rest := strings.Join(parts[1:], ":")
-				username = modifiedFirst + ":" + rest
-			} else {
-				username = modifiedFirst
-			}
-		}
-		result = append(result, username)
-	}
-
-	return result
-}
-
-// rewritePolicyToV2 rewrites the policy to v2 format.
-// This mostly means adding the @ prefix to user names.
-// replaces are done inplace
-func RewritePolicyToV2(pol *policyv1.ACLPolicy) {
-	for idx := range pol.ACLs {
-		pol.ACLs[idx].Sources = rewriteUsersToV2(pol.ACLs[idx].Sources)
-		pol.ACLs[idx].Destinations = rewriteUsersToV2(pol.ACLs[idx].Destinations)
-	}
-	for idx := range pol.Groups {
-		pol.Groups[idx] = rewriteUsersToV2(pol.Groups[idx])
-	}
-	for idx := range pol.TagOwners {
-		pol.TagOwners[idx] = rewriteUsersToV2(pol.TagOwners[idx])
-	}
-	for idx := range pol.SSHs {
-		pol.SSHs[idx].Sources = rewriteUsersToV2(pol.SSHs[idx].Sources)
-		pol.SSHs[idx].Destinations = rewriteUsersToV2(pol.SSHs[idx].Destinations)
-	}
-}