Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

See warning about console changes to ACL file in Action log #25

Open
arigesher opened this issue May 11, 2023 · 2 comments
Open

See warning about console changes to ACL file in Action log #25

arigesher opened this issue May 11, 2023 · 2 comments

Comments

@arigesher
Copy link

Description

The Github action fires a warning when testing edits to the policy file. This appears to have no effect on the test, but it does issue a confusing warning message:

Warning: The policy file was modified externally in the admin console.

This is confusing because it implies that there may be edits via the console that shouldn't have been made when using GitOps to manage the file. (Or I'm really confused and we do have edits in the console that aren't being reflected).

Desired Behavior

Don't issue the warnning.

Logs/Screenshots

2023/05/11 22:51:46 no previous etag found, assuming local file is correct and recording that
Warning: The policy file was modified externally in the admin console.
2023/05/11 22:51:46 control: dc85ea67f801dfe78b3[9](https://github.com/KairosAerospace/tailscale-acls/actions/runs/4953251071/jobs/8860528687#step:5:10)0ee9c479c03b44267317c30efc0d440db79345e035b2
2023/05/[11](https://github.com/KairosAerospace/tailscale-acls/actions/runs/4953251071/jobs/8860528687#step:5:12) 22:51:46 local:   22ed067d02ddb5555d215d2007ce3271a6ed69189a01b9c939a1c3481eaef3[12](https://github.com/KairosAerospace/tailscale-acls/actions/runs/4953251071/jobs/8860528687#step:5:13)
2023/05/11 22:51:46 cache:   22ed067d02ddb5555d215d2007ce3271a6ed69189a01b9c939a1c3481eaef312
Screenshot 2023-05-11 at 4 30 16 PM

Here's line 1 from our policy file:

// This tailnet's ACLs are maintained in https://github.com/KairosAerospace/tailscale-acls

In the diff view, the annotation looks like this:

Screenshot 2023-05-11 at 4 31 53 PM
@DentonGentry DentonGentry transferred this issue from tailscale/github-action May 12, 2023
@pmocek
Copy link

pmocek commented May 19, 2023

This message appears to be generated from line 44 of the source code for gitops-pusher, which is apparently used by the GitHub Actions action of topic, part of the definition of function modifiedExternallyError(), which appears to be called in apply() lines 67-69, and also in test() lines 108-110, in each case like so:

if cache.PrevETag != controlEtag {
    modifiedExternallyError()
}

controlEtag comes from getACLEtag(), and cache.PrevETag is passed as an argument to the function.

getACLEtag appears to make an api call to /api/v2/tailnet/<my-tailnet>/acl, and to return an ETag value from the HTTP response header.

@jordemort
Copy link

We are also having this problem. Every pull request against our ACL results in this annotation.

I dug into the code and gitops-pusher seems to want to read the previously pushed ETag from a file called version-cache.json in the current directory: https://github.com/tailscale/tailscale/blob/main/cmd/gitops-pusher/gitops-pusher.go#L33

However, I don't see anything in this action that would populate that file, or override its path, or maintain it between runs: https://github.com/tailscale/gitops-acl-action/blob/main/action.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pmocek @arigesher @jordemort