SettingsValidator: Disallow changing network tunnel

This ensures that we cannot change the network tunnel configuration via the API at all; the only way to do so would be to edit the settings file directly while Rancher Desktop is not running. Signed-off-by: Mark Yen <[email protected]>
rancher-sandbox · Jul 23, 2024 · b0aa155 · b0aa155
1 parent 83f052f
commit b0aa155
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/pkg/rancher-desktop/main/commandServer/__tests__/settingsValidator.spec.ts b/pkg/rancher-desktop/main/commandServer/__tests__/settingsValidator.spec.ts
@@ -78,6 +78,7 @@ describe(SettingsValidator, () => {
       ['experimental', 'virtualMachine', 'mount', '9p', 'protocolVersion'],
       ['experimental', 'virtualMachine', 'mount', '9p', 'securityModel'],
       ['experimental', 'virtualMachine', 'mount', 'type'],
+      ['experimental', 'virtualMachine', 'networkingTunnel'], // Cannot be set
       ['experimental', 'virtualMachine', 'type'],
       ['experimental', 'virtualMachine', 'useRosetta'],
       ['experimental', 'virtualMachine', 'proxy', 'noproxy'],
@@ -88,17 +89,16 @@ describe(SettingsValidator, () => {
 
     // Fields that can only be set on specific platforms.
     const platformSpecificFields: Record<string, ReturnType<typeof os.platform>> = {
-      'application.adminAccess':                      'linux',
-      'experimental.virtualMachine.networkingTunnel': 'win32',
-      'experimental.virtualMachine.proxy.enabled':    'win32',
-      'experimental.virtualMachine.proxy.address':    'win32',
-      'experimental.virtualMachine.proxy.password':   'win32',
-      'experimental.virtualMachine.proxy.port':       'win32',
-      'experimental.virtualMachine.proxy.username':   'win32',
-      'kubernetes.ingress.localhostOnly':             'win32',
-      'virtualMachine.hostResolver':                  'win32',
-      'virtualMachine.memoryInGB':                    'darwin',
-      'virtualMachine.numberCPUs':                    'linux',
+      'application.adminAccess':                    'linux',
+      'experimental.virtualMachine.proxy.enabled':  'win32',
+      'experimental.virtualMachine.proxy.address':  'win32',
+      'experimental.virtualMachine.proxy.password': 'win32',
+      'experimental.virtualMachine.proxy.port':     'win32',
+      'experimental.virtualMachine.proxy.username': 'win32',
+      'kubernetes.ingress.localhostOnly':           'win32',
+      'virtualMachine.hostResolver':                'win32',
+      'virtualMachine.memoryInGB':                  'darwin',
+      'virtualMachine.numberCPUs':                  'linux',
     };
 
     const spyValidateSettings = jest.spyOn(subject, 'validateSettings');

diff --git a/pkg/rancher-desktop/main/commandServer/settingsValidator.ts b/pkg/rancher-desktop/main/commandServer/settingsValidator.ts
@@ -128,8 +128,8 @@ export default class SettingsValidator {
           // see https://github.com/rancher-sandbox/rancher-desktop/issues/6953
           // The setting will be removed once the legacy Windows networking mode is disabled, so until
           // then we will allow changing the setting on all platforms to avoid the profile error.
-          // Changing the setting will have no effect on macOS/Linux anyways.
-          networkingTunnel: this.checkBoolean,
+          // Changing the setting will have no effect on macOS/Linux anyways.1
+          networkingTunnel: this.checkUnchanged,
           useRosetta:       this.checkPlatform('darwin', this.checkRosetta),
           type:             this.checkPlatform('darwin', this.checkMulti(
             this.checkEnum(...Object.values(VMType)),