Update

vendor/tailscale.com/util/syspolicy/source/env_policy_store.go

@@ -11,6 +11,7 @@ import (
 	"strings"
 	"unicode/utf8"
 
+	"tailscale.com/util/syspolicy/pkey"
 	"tailscale.com/util/syspolicy/setting"
 )
 
@@ -22,7 +23,7 @@ var _ Store = (*EnvPolicyStore)(nil)
 type EnvPolicyStore struct{}
 
 // ReadString implements [Store].
-func (s *EnvPolicyStore) ReadString(key setting.Key) (string, error) {
+func (s *EnvPolicyStore) ReadString(key pkey.Key) (string, error) {
 	_, str, err := s.lookupSettingVariable(key)
 	if err != nil {
 		return "", err
@@ -31,7 +32,7 @@ func (s *EnvPolicyStore) ReadString(key setting.Key) (string, error) {
 }
 
 // ReadUInt64 implements [Store].
-func (s *EnvPolicyStore) ReadUInt64(key setting.Key) (uint64, error) {
+func (s *EnvPolicyStore) ReadUInt64(key pkey.Key) (uint64, error) {
 	name, str, err := s.lookupSettingVariable(key)
 	if err != nil {
 		return 0, err
@@ -47,7 +48,7 @@ func (s *EnvPolicyStore) ReadUInt64(key setting.Key) (uint64, error) {
 }
 
 // ReadBoolean implements [Store].
-func (s *EnvPolicyStore) ReadBoolean(key setting.Key) (bool, error) {
+func (s *EnvPolicyStore) ReadBoolean(key pkey.Key) (bool, error) {
 	name, str, err := s.lookupSettingVariable(key)
 	if err != nil {
 		return false, err
@@ -63,7 +64,7 @@ func (s *EnvPolicyStore) ReadBoolean(key setting.Key) (bool, error) {
 }
 
 // ReadStringArray implements [Store].
-func (s *EnvPolicyStore) ReadStringArray(key setting.Key) ([]string, error) {
+func (s *EnvPolicyStore) ReadStringArray(key pkey.Key) ([]string, error) {
 	_, str, err := s.lookupSettingVariable(key)
 	if err != nil || str == "" {
 		return nil, err
@@ -79,7 +80,7 @@ func (s *EnvPolicyStore) ReadStringArray(key setting.Key) ([]string, error) {
 	return res[0:dst], nil
 }
 
-func (s *EnvPolicyStore) lookupSettingVariable(key setting.Key) (name, value string, err error) {
+func (s *EnvPolicyStore) lookupSettingVariable(key pkey.Key) (name, value string, err error) {
 	name, err = keyToEnvVarName(key)
 	if err != nil {
 		return "", "", err
@@ -103,7 +104,7 @@ var (
 //
 // It's fine to use this in [EnvPolicyStore] without caching variable names since it's not a hot path.
 // [EnvPolicyStore] is not a [Changeable] policy store, so the conversion will only happen once.
-func keyToEnvVarName(key setting.Key) (string, error) {
+func keyToEnvVarName(key pkey.Key) (string, error) {
 	if len(key) == 0 {
 		return "", errEmptyKey
 	}
@@ -135,7 +136,7 @@ func keyToEnvVarName(key setting.Key) (string, error) {
 			}
 		case isDigit(c):
 			split = currentWord.Len() > 0 && !isDigit(key[i-1])
-		case c == setting.KeyPathSeparator:
+		case c == pkey.KeyPathSeparator:
 			words = append(words, currentWord.String())
 			currentWord.Reset()
 			continue

vendor/tailscale.com/util/syspolicy/source/policy_reader.go

@@ -16,6 +16,8 @@ import (
 	"tailscale.com/util/set"
 	"tailscale.com/util/syspolicy/internal/loggerx"
 	"tailscale.com/util/syspolicy/internal/metrics"
+	"tailscale.com/util/syspolicy/pkey"
+	"tailscale.com/util/syspolicy/ptype"
 	"tailscale.com/util/syspolicy/setting"
 )
 
@@ -138,9 +140,9 @@ func (r *Reader) reload(force bool) (*setting.Snapshot, error) {
 
 	metrics.Reset(r.origin)
 
-	var m map[setting.Key]setting.RawItem
+	var m map[pkey.Key]setting.RawItem
 	if lastPolicyCount := r.lastPolicy.Len(); lastPolicyCount > 0 {
-		m = make(map[setting.Key]setting.RawItem, lastPolicyCount)
+		m = make(map[pkey.Key]setting.RawItem, lastPolicyCount)
 	}
 	for _, s := range r.settings {
 		if !r.origin.Scope().IsConfigurableSetting(s) {
@@ -364,21 +366,21 @@ func readPolicySettingValue(store Store, s *setting.Definition) (value any, err
 	case setting.PreferenceOptionValue:
 		s, err := store.ReadString(key)
 		if err == nil {
-			var value setting.PreferenceOption
+			var value ptype.PreferenceOption
 			if err = value.UnmarshalText([]byte(s)); err == nil {
 				return value, nil
 			}
 		}
-		return setting.ShowChoiceByPolicy, err
+		return ptype.ShowChoiceByPolicy, err
 	case setting.VisibilityValue:
 		s, err := store.ReadString(key)
 		if err == nil {
-			var value setting.Visibility
+			var value ptype.Visibility
 			if err = value.UnmarshalText([]byte(s)); err == nil {
 				return value, nil
 			}
 		}
-		return setting.VisibleByPolicy, err
+		return ptype.VisibleByPolicy, err
 	case setting.DurationValue:
 		s, err := store.ReadString(key)
 		if err == nil {

vendor/tailscale.com/util/syspolicy/source/policy_source.go

@@ -13,6 +13,7 @@ import (
 	"io"
 
 	"tailscale.com/types/lazy"
+	"tailscale.com/util/syspolicy/pkey"
 	"tailscale.com/util/syspolicy/setting"
 )
 
@@ -31,19 +32,19 @@ type Store interface {
 	// ReadString returns the value of a [setting.StringValue] with the specified key,
 	// an [setting.ErrNotConfigured] if the policy setting is not configured, or
 	// an error on failure.
-	ReadString(key setting.Key) (string, error)
+	ReadString(key pkey.Key) (string, error)
 	// ReadUInt64 returns the value of a [setting.IntegerValue] with the specified key,
 	// an [setting.ErrNotConfigured] if the policy setting is not configured, or
 	// an error on failure.
-	ReadUInt64(key setting.Key) (uint64, error)
+	ReadUInt64(key pkey.Key) (uint64, error)
 	// ReadBoolean returns the value of a [setting.BooleanValue] with the specified key,
 	// an [setting.ErrNotConfigured] if the policy setting is not configured, or
 	// an error on failure.
-	ReadBoolean(key setting.Key) (bool, error)
+	ReadBoolean(key pkey.Key) (bool, error)
 	// ReadStringArray returns the value of a [setting.StringListValue] with the specified key,
 	// an [setting.ErrNotConfigured] if the policy setting is not configured, or
 	// an error on failure.
-	ReadStringArray(key setting.Key) ([]string, error)
+	ReadStringArray(key pkey.Key) ([]string, error)
 }
 
 // Lockable is an optional interface that [Store] implementations may support.

vendor/tailscale.com/util/syspolicy/source/policy_store_windows.go

@@ -13,6 +13,7 @@ import (
 	"golang.org/x/sys/windows/registry"
 	"tailscale.com/util/set"
 	"tailscale.com/util/syspolicy/internal/loggerx"
+	"tailscale.com/util/syspolicy/pkey"
 	"tailscale.com/util/syspolicy/setting"
 	"tailscale.com/util/winutil/gp"
 )
@@ -251,7 +252,7 @@ func (ps *PlatformPolicyStore) onChange() {
 
 // ReadString retrieves a string policy with the specified key.
 // It returns [setting.ErrNotConfigured] if the policy setting does not exist.
-func (ps *PlatformPolicyStore) ReadString(key setting.Key) (val string, err error) {
+func (ps *PlatformPolicyStore) ReadString(key pkey.Key) (val string, err error) {
 	return getPolicyValue(ps, key,
 		func(key registry.Key, valueName string) (string, error) {
 			val, _, err := key.GetStringValue(valueName)
@@ -261,7 +262,7 @@ func (ps *PlatformPolicyStore) ReadString(key setting.Key) (val string, err erro
 
 // ReadUInt64 retrieves an integer policy with the specified key.
 // It returns [setting.ErrNotConfigured] if the policy setting does not exist.
-func (ps *PlatformPolicyStore) ReadUInt64(key setting.Key) (uint64, error) {
+func (ps *PlatformPolicyStore) ReadUInt64(key pkey.Key) (uint64, error) {
 	return getPolicyValue(ps, key,
 		func(key registry.Key, valueName string) (uint64, error) {
 			val, _, err := key.GetIntegerValue(valueName)
@@ -271,7 +272,7 @@ func (ps *PlatformPolicyStore) ReadUInt64(key setting.Key) (uint64, error) {
 
 // ReadBoolean retrieves a boolean policy with the specified key.
 // It returns [setting.ErrNotConfigured] if the policy setting does not exist.
-func (ps *PlatformPolicyStore) ReadBoolean(key setting.Key) (bool, error) {
+func (ps *PlatformPolicyStore) ReadBoolean(key pkey.Key) (bool, error) {
 	return getPolicyValue(ps, key,
 		func(key registry.Key, valueName string) (bool, error) {
 			val, _, err := key.GetIntegerValue(valueName)
@@ -283,8 +284,8 @@ func (ps *PlatformPolicyStore) ReadBoolean(key setting.Key) (bool, error) {
 }
 
 // ReadString retrieves a multi-string policy with the specified key.
-// It returns [setting.ErrNotConfigured] if the policy setting does not exist.
-func (ps *PlatformPolicyStore) ReadStringArray(key setting.Key) ([]string, error) {
+// It returns [pkey.ErrNotConfigured] if the policy setting does not exist.
+func (ps *PlatformPolicyStore) ReadStringArray(key pkey.Key) ([]string, error) {
 	return getPolicyValue(ps, key,
 		func(key registry.Key, valueName string) ([]string, error) {
 			val, _, err := key.GetStringsValue(valueName)
@@ -322,25 +323,25 @@ func (ps *PlatformPolicyStore) ReadStringArray(key setting.Key) ([]string, error
 		})
 }
 
-// splitSettingKey extracts the registry key name and value name from a [setting.Key].
-// The [setting.Key] format allows grouping settings into nested categories using one
-// or more [setting.KeyPathSeparator]s in the path. How individual policy settings are
+// splitSettingKey extracts the registry key name and value name from a [pkey.Key].
+// The [pkey.Key] format allows grouping settings into nested categories using one
+// or more [pkey.KeyPathSeparator]s in the path. How individual policy settings are
 // stored is an implementation detail of each [Store]. In the [PlatformPolicyStore]
 // for Windows, we map nested policy categories onto the Registry key hierarchy.
-// The last component after a [setting.KeyPathSeparator] is treated as the value name,
+// The last component after a [pkey.KeyPathSeparator] is treated as the value name,
 // while everything preceding it is considered a subpath (relative to the {HKLM,HKCU}\Software\Policies\Tailscale key).
-// If there are no [setting.KeyPathSeparator]s in the key, the policy setting value
+// If there are no [pkey.KeyPathSeparator]s in the key, the policy setting value
 // is meant to be stored directly under {HKLM,HKCU}\Software\Policies\Tailscale.
-func splitSettingKey(key setting.Key) (path, valueName string) {
-	if idx := strings.LastIndexByte(string(key), setting.KeyPathSeparator); idx != -1 {
-		path = strings.ReplaceAll(string(key[:idx]), string(setting.KeyPathSeparator), `\`)
+func splitSettingKey(key pkey.Key) (path, valueName string) {
+	if idx := strings.LastIndexByte(string(key), pkey.KeyPathSeparator); idx != -1 {
+		path = strings.ReplaceAll(string(key[:idx]), string(pkey.KeyPathSeparator), `\`)
 		valueName = string(key[idx+1:])
 		return path, valueName
 	}
 	return "", string(key)
 }
 
-func getPolicyValue[T any](ps *PlatformPolicyStore, key setting.Key, getter registryValueGetter[T]) (T, error) {
+func getPolicyValue[T any](ps *PlatformPolicyStore, key pkey.Key, getter registryValueGetter[T]) (T, error) {
 	var zero T
 
 	ps.mu.Lock()

vendor/tailscale.com/util/syspolicy/source/test_store.go

@@ -12,8 +12,9 @@ import (
 	"tailscale.com/util/mak"
 	"tailscale.com/util/set"
 	"tailscale.com/util/slicesx"
-	"tailscale.com/util/syspolicy/internal"
+	"tailscale.com/util/syspolicy/pkey"
 	"tailscale.com/util/syspolicy/setting"
+	"tailscale.com/util/testenv"
 )
 
 var (
@@ -31,7 +32,7 @@ type TestValueType interface {
 // TestSetting is a policy setting in a [TestStore].
 type TestSetting[T TestValueType] struct {
 	// Key is the setting's unique identifier.
-	Key setting.Key
+	Key pkey.Key
 	// Error is the error to be returned by the [TestStore] when reading
 	// a policy setting with the specified key.
 	Error error
@@ -43,20 +44,20 @@ type TestSetting[T TestValueType] struct {
 
 // TestSettingOf returns a [TestSetting] representing a policy setting
 // configured with the specified key and value.
-func TestSettingOf[T TestValueType](key setting.Key, value T) TestSetting[T] {
+func TestSettingOf[T TestValueType](key pkey.Key, value T) TestSetting[T] {
 	return TestSetting[T]{Key: key, Value: value}
 }
 
 // TestSettingWithError returns a [TestSetting] representing a policy setting
 // with the specified key and error.
-func TestSettingWithError[T TestValueType](key setting.Key, err error) TestSetting[T] {
+func TestSettingWithError[T TestValueType](key pkey.Key, err error) TestSetting[T] {
 	return TestSetting[T]{Key: key, Error: err}
 }
 
 // testReadOperation describes a single policy setting read operation.
 type testReadOperation struct {
 	// Key is the setting's unique identifier.
-	Key setting.Key
+	Key pkey.Key
 	// Type is a value type of a read operation.
 	// [setting.BooleanValue], [setting.IntegerValue], [setting.StringValue] or [setting.StringListValue]
 	Type setting.Type
@@ -65,7 +66,7 @@ type testReadOperation struct {
 // TestExpectedReads is the number of read operations with the specified details.
 type TestExpectedReads struct {
 	// Key is the setting's unique identifier.
-	Key setting.Key
+	Key pkey.Key
 	// Type is a value type of a read operation.
 	// [setting.BooleanValue], [setting.IntegerValue], [setting.StringValue] or [setting.StringListValue]
 	Type setting.Type
@@ -79,7 +80,7 @@ func (r TestExpectedReads) operation() testReadOperation {
 
 // TestStore is a [Store] that can be used in tests.
 type TestStore struct {
-	tb internal.TB
+	tb testenv.TB
 
 	done chan struct{}
 
@@ -87,8 +88,8 @@ type TestStore struct {
 	storeLockCount atomic.Int32
 
 	mu           sync.RWMutex
-	suspendCount int                 // change callback are suspended if > 0
-	mr, mw       map[setting.Key]any // maps for reading and writing; they're the same unless the store is suspended.
+	suspendCount int              // change callback are suspended if > 0
+	mr, mw       map[pkey.Key]any // maps for reading and writing; they're the same unless the store is suspended.
 	cbs          set.HandleSet[func()]
 	closed       bool
 
@@ -98,8 +99,8 @@ type TestStore struct {
 
 // NewTestStore returns a new [TestStore].
 // The tb will be used to report coding errors detected by the [TestStore].
-func NewTestStore(tb internal.TB) *TestStore {
-	m := make(map[setting.Key]any)
+func NewTestStore(tb testenv.TB) *TestStore {
+	m := make(map[pkey.Key]any)
 	store := &TestStore{
 		tb:   tb,
 		done: make(chan struct{}),
@@ -112,7 +113,7 @@ func NewTestStore(tb internal.TB) *TestStore {
 
 // NewTestStoreOf is a shorthand for [NewTestStore] followed by [TestStore.SetBooleans],
 // [TestStore.SetUInt64s], [TestStore.SetStrings] or [TestStore.SetStringLists].
-func NewTestStoreOf[T TestValueType](tb internal.TB, settings ...TestSetting[T]) *TestStore {
+func NewTestStoreOf[T TestValueType](tb testenv.TB, settings ...TestSetting[T]) *TestStore {
 	store := NewTestStore(tb)
 	switch settings := any(settings).(type) {
 	case []TestSetting[bool]:
@@ -154,8 +155,15 @@ func (s *TestStore) RegisterChangeCallback(callback func()) (unregister func(),
 	}, nil
 }
 
+// IsEmpty reports whether the store does not contain any settings.
+func (s *TestStore) IsEmpty() bool {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return len(s.mr) == 0
+}
+
 // ReadString implements [Store].
-func (s *TestStore) ReadString(key setting.Key) (string, error) {
+func (s *TestStore) ReadString(key pkey.Key) (string, error) {
 	defer s.recordRead(key, setting.StringValue)
 	s.mu.RLock()
 	defer s.mu.RUnlock()
@@ -174,7 +182,7 @@ func (s *TestStore) ReadString(key setting.Key) (string, error) {
 }
 
 // ReadUInt64 implements [Store].
-func (s *TestStore) ReadUInt64(key setting.Key) (uint64, error) {
+func (s *TestStore) ReadUInt64(key pkey.Key) (uint64, error) {
 	defer s.recordRead(key, setting.IntegerValue)
 	s.mu.RLock()
 	defer s.mu.RUnlock()
@@ -193,7 +201,7 @@ func (s *TestStore) ReadUInt64(key setting.Key) (uint64, error) {
 }
 
 // ReadBoolean implements [Store].
-func (s *TestStore) ReadBoolean(key setting.Key) (bool, error) {
+func (s *TestStore) ReadBoolean(key pkey.Key) (bool, error) {
 	defer s.recordRead(key, setting.BooleanValue)
 	s.mu.RLock()
 	defer s.mu.RUnlock()
@@ -212,7 +220,7 @@ func (s *TestStore) ReadBoolean(key setting.Key) (bool, error) {
 }
 
 // ReadStringArray implements [Store].
-func (s *TestStore) ReadStringArray(key setting.Key) ([]string, error) {
+func (s *TestStore) ReadStringArray(key pkey.Key) ([]string, error) {
 	defer s.recordRead(key, setting.StringListValue)
 	s.mu.RLock()
 	defer s.mu.RUnlock()
@@ -230,7 +238,7 @@ func (s *TestStore) ReadStringArray(key setting.Key) ([]string, error) {
 	return slice, nil
 }
 
-func (s *TestStore) recordRead(key setting.Key, typ setting.Type) {
+func (s *TestStore) recordRead(key pkey.Key, typ setting.Type) {
 	s.readsMu.Lock()
 	op := testReadOperation{key, typ}
 	num := s.reads[op]
@@ -392,7 +400,7 @@ func (s *TestStore) SetStringLists(settings ...TestSetting[[]string]) {
 }
 
 // Delete deletes the specified settings from s.
-func (s *TestStore) Delete(keys ...setting.Key) {
+func (s *TestStore) Delete(keys ...pkey.Key) {
 	s.storeLock.Lock()
 	for _, key := range keys {
 		s.mu.Lock()