TheArchive/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2024-11-23 10:05:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
main
headscale/hscontrol/policy/acls_test.go

3768 lines
84 KiB
Go
Raw Permalink Normal View History

Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
package policy
Initial work on ACLs
2021-07-03 09:55:32 +00:00
import (
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
"errors"
Migrate ACLs to net/netip
2022-09-01 22:05:43 +00:00
"net/netip"
use tsaddr library and cleanups (#2150) * resuse tsaddr code instead of handrolled Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * ensure we dont give out internal tailscale IPs Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use prefix instead of string for routes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove old custom compare func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * trim unused util code Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 07:06:09 +00:00
"slices"
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
"testing"
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
"github.com/google/go-cmp/cmp"
reformat code (#2019) * reformat code This is mostly an automated change with `make lint`. I had to manually please golangci-lint in routes_test because of a short variable name. * fix start -> strategy which was wrongly corrected by linter
2024-07-22 06:56:00 +00:00
"github.com/juanfont/headscale/hscontrol/types"
"github.com/juanfont/headscale/hscontrol/util"
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
"github.com/rs/zerolog/log"
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
"github.com/spf13/viper"
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
"github.com/stretchr/testify/require"
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
"go4.org/netipx"
Initial work on ACLs
2021-07-03 09:55:32 +00:00
"gopkg.in/check.v1"
use tsaddr library and cleanups (#2150) * resuse tsaddr code instead of handrolled Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * ensure we dont give out internal tailscale IPs Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use prefix instead of string for routes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove old custom compare func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * trim unused util code Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 07:06:09 +00:00
"tailscale.com/net/tsaddr"
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
"tailscale.com/tailcfg"
Initial work on ACLs
2021-07-03 09:55:32 +00:00
)
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
var iap = func(ipStr string) *netip.Addr {
ip := netip.MustParseAddr(ipStr)
return &ip
}
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
func Test(t *testing.T) {
check.TestingT(t)
}
var _ = check.Suite(&Suite{})
type Suite struct{}
Initial work on ACLs
2021-07-03 09:55:32 +00:00
func (s *Suite) TestWrongPath(c *check.C) {
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
_, err := LoadACLPolicyFromPath("asdfg")
Initial work on ACLs
2021-07-03 09:55:32 +00:00
c.Assert(err, check.NotNil)
}
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
func TestParsing(t *testing.T) {
tests := []struct {
name string
format string
acl string
want []tailcfg.FilterRule
wantErr bool
}{
{
name: "invalid-hujson",
format: "hujson",
acl: `
inline old acl hujson tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-10 08:19:16 +00:00
{
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
`,
want: []tailcfg.FilterRule{},
wantErr: true,
},
{
name: "valid-hujson-invalid-content",
format: "hujson",
acl: `
{
"valid_json": true,
"but_a_policy_though": false
Initial work on ACLs
2021-07-03 09:55:32 +00:00
}
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
`,
want: []tailcfg.FilterRule{},
wantErr: true,
},
{
name: "invalid-cidr",
format: "hujson",
acl: `
{"example-host-1": "100.100.100.100/42"}
`,
want: []tailcfg.FilterRule{},
wantErr: true,
},
{
name: "basic-rule",
format: "hujson",
acl: `
{
"hosts": {
"host-1": "100.100.100.100",
"subnet-1": "100.100.101.100/24",
},
Initial work on ACLs
2021-07-03 09:55:32 +00:00
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
"acls": [
{
"action": "accept",
"src": [
"subnet-1",
"192.168.1.0/24"
],
"dst": [
"*:22,3389",
"host-1:*",
],
},
],
}
`,
want: []tailcfg.FilterRule{
{
SrcIPs: []string{"100.100.101.0/24", "192.168.1.0/24"},
DstPorts: []tailcfg.NetPortRange{
{IP: "0.0.0.0/0", Ports: tailcfg.PortRange{First: 22, Last: 22}},
{IP: "0.0.0.0/0", Ports: tailcfg.PortRange{First: 3389, Last: 3389}},
{IP: "::/0", Ports: tailcfg.PortRange{First: 22, Last: 22}},
{IP: "::/0", Ports: tailcfg.PortRange{First: 3389, Last: 3389}},
{IP: "100.100.100.100/32", Ports: tailcfg.PortRangeAny},
},
},
},
wantErr: false,
},
{
name: "parse-protocol",
format: "hujson",
acl: `
{
"hosts": {
"host-1": "100.100.100.100",
"subnet-1": "100.100.101.100/24",
},
"acls": [
{
"Action": "accept",
"src": [
"*",
],
"proto": "tcp",
"dst": [
"host-1:*",
],
},
{
"Action": "accept",
"src": [
"*",
],
"proto": "udp",
"dst": [
"host-1:53",
],
},
{
"Action": "accept",
"src": [
"*",
],
"proto": "icmp",
"dst": [
"host-1:*",
],
},
],
}`,
want: []tailcfg.FilterRule{
{
SrcIPs: []string{"0.0.0.0/0", "::/0"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.100.100.100/32", Ports: tailcfg.PortRangeAny},
},
IPProto: []int{protocolTCP},
},
{
SrcIPs: []string{"0.0.0.0/0", "::/0"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.100.100.100/32", Ports: tailcfg.PortRange{First: 53, Last: 53}},
},
IPProto: []int{protocolUDP},
},
{
SrcIPs: []string{"0.0.0.0/0", "::/0"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.100.100.100/32", Ports: tailcfg.PortRangeAny},
},
IPProto: []int{protocolICMP, protocolIPv6ICMP},
},
},
wantErr: false,
},
{
name: "port-wildcard",
format: "hujson",
acl: `
inline old acl hujson tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-10 08:19:16 +00:00
{
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
"hosts": {
"host-1": "100.100.100.100",
"subnet-1": "100.100.101.100/24",
},
"acls": [
{
"Action": "accept",
"src": [
"*",
],
"dst": [
"host-1:*",
],
},
],
inline old acl hujson tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-10 08:19:16 +00:00
}
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
`,
want: []tailcfg.FilterRule{
{
SrcIPs: []string{"0.0.0.0/0", "::/0"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.100.100.100/32", Ports: tailcfg.PortRangeAny},
},
},
},
wantErr: false,
},
{
name: "port-range",
format: "hujson",
acl: `
{
"hosts": {
"host-1": "100.100.100.100",
"subnet-1": "100.100.101.100/24",
},
"acls": [
{
"action": "accept",
"src": [
"subnet-1",
],
"dst": [
"host-1:5400-5500",
],
},
],
Initial work on ACLs
2021-07-03 09:55:32 +00:00
}
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
`,
want: []tailcfg.FilterRule{
{
SrcIPs: []string{"100.100.101.0/24"},
DstPorts: []tailcfg.NetPortRange{
{
IP: "100.100.100.100/32",
Ports: tailcfg.PortRange{First: 5400, Last: 5500},
},
},
},
},
wantErr: false,
},
{
name: "port-group",
format: "hujson",
acl: `
{
"groups": {
"group:example": [
"testuser",
],
},
Initial work on ACLs
2021-07-03 09:55:32 +00:00
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
"hosts": {
"host-1": "100.100.100.100",
"subnet-1": "100.100.101.100/24",
},
"acls": [
{
"action": "accept",
"src": [
"group:example",
],
"dst": [
"host-1:*",
],
},
],
Work in progress in rule generation
2021-07-03 15:31:32 +00:00
}
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
`,
want: []tailcfg.FilterRule{
{
SrcIPs: []string{"200.200.200.200/32"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.100.100.100/32", Ports: tailcfg.PortRangeAny},
},
},
},
wantErr: false,
},
{
name: "port-user",
format: "hujson",
acl: `
{
"hosts": {
"host-1": "100.100.100.100",
"subnet-1": "100.100.101.100/24",
},
Work in progress in rule generation
2021-07-03 15:31:32 +00:00
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
"acls": [
{
"action": "accept",
"src": [
"testuser",
],
"dst": [
"host-1:*",
],
},
],
}
`,
want: []tailcfg.FilterRule{
{
SrcIPs: []string{"200.200.200.200/32"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.100.100.100/32", Ports: tailcfg.PortRangeAny},
},
},
},
wantErr: false,
},
{
feat: implements apis for managing headscale policy (#1792)
2024-07-18 05:38:25 +00:00
name: "ipv6",
format: "hujson",
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
acl: `
feat: implements apis for managing headscale policy (#1792)
2024-07-18 05:38:25 +00:00
{
"hosts": {
"host-1": "100.100.100.100/32",
"subnet-1": "100.100.101.100/24",
},
"acls": [
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
{
feat: implements apis for managing headscale policy (#1792)
2024-07-18 05:38:25 +00:00
"action": "accept",
"src": [
"*",
],
"dst": [
"host-1:*",
],
},
],
use tsaddr library and cleanups (#2150) * resuse tsaddr code instead of handrolled Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * ensure we dont give out internal tailscale IPs Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use prefix instead of string for routes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove old custom compare func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * trim unused util code Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 07:06:09 +00:00
}
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
`,
want: []tailcfg.FilterRule{
{
SrcIPs: []string{"0.0.0.0/0", "::/0"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.100.100.100/32", Ports: tailcfg.PortRangeAny},
},
},
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
feat: implements apis for managing headscale policy (#1792)
2024-07-18 05:38:25 +00:00
pol, err := LoadACLPolicyFromBytes([]byte(tt.acl))
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
if tt.wantErr && err == nil {
t.Errorf("parsing() error = %v, wantErr %v", err, tt.wantErr)
return
} else if !tt.wantErr && err != nil {
t.Errorf("parsing() error = %v, wantErr %v", err, tt.wantErr)
return
}
if err != nil {
return
}
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
rules, err := pol.CompileFilterRules(types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.100.100.100"),
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("200.200.200.200"),
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
User: types.User{
Name: "testuser",
},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{},
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
},
})
if (err != nil) != tt.wantErr {
t.Errorf("parsing() error = %v, wantErr %v", err, tt.wantErr)
return
}
if diff := cmp.Diff(tt.want, rules); diff != "" {
t.Errorf("parsing() unexpected result (-want +got):\n%s", diff)
}
})
}
Work in progress in rule generation
2021-07-03 15:31:32 +00:00
}
func (s *Suite) TestRuleInvalidGeneration(c *check.C) {
inline old acl hujson tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-10 08:19:16 +00:00
acl := []byte(`
{
create DB struct This is step one in detaching the Database layer from Headscale (h). The ultimate goal is to have all function that does database operations in its own package, and keep the business logic and writing separate. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-11 07:09:18 +00:00
// Declare static groups of users beyond those in the identity service.
"groups": {
"group:example": [
"user1@example.com",
"user2@example.com",
],
},
// Declare hostname aliases to use in place of IP addresses or subnets.
"hosts": {
"example-host-1": "100.100.100.100",
"example-host-2": "100.100.101.100/24",
},
// Define who is allowed to use which tags.
"tagOwners": {
// Everyone in the montreal-admins or global-admins group are
// allowed to tag servers as montreal-webserver.
"tag:montreal-webserver": [
"group:montreal-admins",
"group:global-admins",
],
// Only a few admins are allowed to create API servers.
"tag:api-server": [
"group:global-admins",
"example-host-1",
],
},
// Access control lists.
"acls": [
// Engineering users, plus the president, can access port 22 (ssh)
// and port 3389 (remote desktop protocol) on all servers, and all
// ports on git-server or ci-server.
{
"action": "accept",
"src": [
"group:engineering",
"president@example.com"
],
"dst": [
"*:22,3389",
"git-server:*",
"ci-server:*"
],
},
// Allow engineer users to access any port on a device tagged with
// tag:production.
{
"action": "accept",
"src": [
"group:engineers"
],
"dst": [
"tag:production:*"
],
},
// Allow servers in the my-subnet host and 192.168.1.0/24 to access hosts
// on both networks.
{
"action": "accept",
"src": [
"my-subnet",
"192.168.1.0/24"
],
"dst": [
"my-subnet:*",
"192.168.1.0/24:*"
],
},
// Allow every user of your network to access anything on the network.
// Comment out this section if you want to define specific ACL
// restrictions above.
{
"action": "accept",
"src": [
"*"
],
"dst": [
"*:*"
],
},
// All users in Montreal are allowed to access the Montreal web
// servers.
{
"action": "accept",
"src": [
"group:montreal-users"
],
"dst": [
"tag:montreal-webserver:80,443"
],
},
// Montreal web servers are allowed to make outgoing connections to
// the API servers, but only on https port 443.
// In contrast, this doesn't grant API servers the right to initiate
// any connections.
{
"action": "accept",
"src": [
"tag:montreal-webserver"
],
"dst": [
"tag:api-server:443"
],
},
],
// Declare tests to check functionality of ACL rules
"tests": [
{
"src": "user1@example.com",
"accept": [
"example-host-1:22",
"example-host-2:80"
],
"deny": [
Fix typos (#1860) * Fix typos * trigger GitHub actions * remove kdiff3 orig files * fix unicode * remove unnecessary function call * remove unnecessary comment * remove unnecessary comment --------- Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
2024-05-19 21:49:27 +00:00
"example-host-2:100"
create DB struct This is step one in detaching the Database layer from Headscale (h). The ultimate goal is to have all function that does database operations in its own package, and keep the business logic and writing separate. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-11 07:09:18 +00:00
],
},
{
"src": "user2@example.com",
"accept": [
"100.60.3.4:22"
],
},
],
inline old acl hujson tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-10 08:19:16 +00:00
}
`)
feat: implements apis for managing headscale policy (#1792)
2024-07-18 05:38:25 +00:00
pol, err := LoadACLPolicyFromBytes(acl)
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
c.Assert(pol.ACLs, check.HasLen, 6)
c.Assert(err, check.IsNil)
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
rules, err := pol.CompileFilterRules(types.Nodes{})
Work in progress in rule generation
2021-07-03 15:31:32 +00:00
c.Assert(err, check.NotNil)
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
c.Assert(rules, check.IsNil)
Work in progress in rule generation
2021-07-03 15:31:32 +00:00
}
fix(acls_test): fix comment in go code
2022-02-21 20:48:05 +00:00
// TODO(kradalby): Make tests values safe, independent and descriptive.
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
func (s *Suite) TestInvalidAction(c *check.C) {
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
pol := &ACLPolicy{
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
ACLs: []ACL{
chore(all): apply formater
2022-08-04 08:47:00 +00:00
{
Action: "invalidAction",
Sources: []string{"*"},
Destinations: []string{"*:*"},
},
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
},
}
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
_, _, err := GenerateFilterAndSSHRulesForTests(pol, &types.Node{}, types.Nodes{})
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
c.Assert(errors.Is(err, ErrInvalidAction), check.Equals, true)
Add SSH capability advertisement Advertises the SSH capability, and parses the SSH ACLs to pass to the tailscale client. Doesn’t support ‘autogroup’ ACL functionality. Co-authored-by: Daniel Brooks <db48x@headline.com>
2022-09-30 18:44:23 +00:00
}
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
func (s *Suite) TestInvalidGroupInGroup(c *check.C) {
Migrate ACLs syntax to new Tailscale format Implements #617. Tailscale has changed the format of their ACLs to use a more firewall-y terms ("users" & "ports" -> "src" & "dst"). They have also started using all-lowercase tags. This PR applies these changes.
2022-06-08 11:40:15 +00:00
// this ACL is wrong because the group in Sources sections doesn't exist
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
pol := &ACLPolicy{
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
Groups: Groups{
"group:test": []string{"foo"},
"group:error": []string{"foo", "group:test"},
},
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
ACLs: []ACL{
chore(all): apply formater
2022-08-04 08:47:00 +00:00
{
Action: "accept",
Sources: []string{"group:error"},
Destinations: []string{"*:*"},
},
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
},
}
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
_, _, err := GenerateFilterAndSSHRulesForTests(pol, &types.Node{}, types.Nodes{})
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
c.Assert(errors.Is(err, ErrInvalidGroup), check.Equals, true)
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
}
func (s *Suite) TestInvalidTagOwners(c *check.C) {
// this ACL is wrong because no tagOwners own the requested tag for the server
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
pol := &ACLPolicy{
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
ACLs: []ACL{
chore(all): apply formater
2022-08-04 08:47:00 +00:00
{
Action: "accept",
Sources: []string{"tag:foo"},
Destinations: []string{"*:*"},
},
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
},
}
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
_, _, err := GenerateFilterAndSSHRulesForTests(pol, &types.Node{}, types.Nodes{})
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
c.Assert(errors.Is(err, ErrInvalidTag), check.Equals, true)
feat(acls): check acl owners and add bunch of tests
2022-02-05 16:18:39 +00:00
}
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
func Test_expandGroup(t *testing.T) {
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
type field struct {
pol ACLPolicy
}
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
type args struct {
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
group string
stripEmail bool
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
tests := []struct {
name string
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field field
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args args
want []string
wantErr bool
}{
{
name: "simple test",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
Groups: Groups{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
"group:test": []string{"user1", "user2", "user3"},
"group:foo": []string{"user2", "user3"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
},
args: args{
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
group: "group:test",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
want: []string{"user1", "user2", "user3"},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
{
Fix typos (#1860) * Fix typos * trigger GitHub actions * remove kdiff3 orig files * fix unicode * remove unnecessary function call * remove unnecessary comment * remove unnecessary comment --------- Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
2024-05-19 21:49:27 +00:00
name: "InexistentGroup",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
Groups: Groups{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
"group:test": []string{"user1", "user2", "user3"},
"group:foo": []string{"user2", "user3"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
},
args: args{
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
group: "group:undefined",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
want: []string{},
wantErr: true,
},
feat(acls): normalize the group name
2022-03-01 20:01:46 +00:00
{
name: "Expand emails in group",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{
feat(acls): normalize the group name
2022-03-01 20:01:46 +00:00
Groups: Groups{
"group:admin": []string{
"joe.bar@gmail.com",
"john.doe@yahoo.fr",
},
},
},
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
},
args: args{
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
group: "group:admin",
feat(acls): normalize the group name
2022-03-01 20:01:46 +00:00
},
Redo OIDC configuration (#2020) expand user, add claims to user This commit expands the user table with additional fields that can be retrieved from OIDC providers (and other places) and uses this data in various tailscale response objects if it is available. This is the beginning of implementing https://docs.google.com/document/d/1X85PMxIaVWDF6T_UPji3OeeUqVBcGj_uHRM5CI-AwlY/edit trying to make OIDC more coherant and maintainable in addition to giving the user a better experience and integration with a provider. remove usernames in magic dns, normalisation of emails this commit removes the option to have usernames as part of MagicDNS domains and headscale will now align with Tailscale, where there is a root domain, and the machine name. In addition, the various normalisation functions for dns names has been made lighter not caring about username and special character that wont occur. Email are no longer normalised as part of the policy processing. untagle oidc and regcache, use typed cache This commits stops reusing the registration cache for oidc purposes and switches the cache to be types and not use any allowing the removal of a bunch of casting. try to make reauth/register branches clearer in oidc Currently there was a function that did a bunch of stuff, finding the machine key, trying to find the node, reauthing the node, returning some status, and it was called validate which was very confusing. This commit tries to split this into what to do if the node exists, if it needs to register etc. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 12:50:17 +00:00
want: []string{"joe.bar@gmail.com", "john.doe@yahoo.fr"},
feat(acls): normalize the group name
2022-03-01 20:01:46 +00:00
wantErr: false,
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
chore(all): update some files for linter
2022-02-14 14:26:54 +00:00
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
viper.Set("oidc.strip_email_domain", test.args.stripEmail)
rename acl "get" funcs to "expand" for consistency Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 07:17:50 +00:00
got, err := test.field.pol.expandUsersFromGroup(
feat(acls): normalize the group name
2022-03-01 20:01:46 +00:00
test.args.group,
)
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
chore(all): update some files for linter
2022-02-14 14:26:54 +00:00
if (err != nil) != test.wantErr {
t.Errorf("expandGroup() error = %v, wantErr %v", err, test.wantErr)
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
return
}
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
if diff := cmp.Diff(test.want, got); diff != "" {
t.Errorf("expandGroup() unexpected result (-want +got):\n%s", diff)
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
})
}
}
func Test_expandTagOwners(t *testing.T) {
type args struct {
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
aclPolicy *ACLPolicy
tag string
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
tests := []struct {
name string
args args
want []string
wantErr bool
}{
{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
name: "simple tag expansion",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
aclPolicy: &ACLPolicy{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
TagOwners: TagOwners{"tag:test": []string{"user1"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
tag: "tag:test",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
want: []string{"user1"},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
name: "expand with tag and group",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
aclPolicy: &ACLPolicy{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
Groups: Groups{"group:foo": []string{"user1", "user2"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
TagOwners: TagOwners{"tag:test": []string{"group:foo"}},
},
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
tag: "tag:test",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
want: []string{"user1", "user2"},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
{
Rename [Nn]amespace -> [Uu]ser in go code Use gopls, ag and perl to rename all occurances of Namespace Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-17 16:43:44 +00:00
name: "expand with user and group",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
aclPolicy: &ACLPolicy{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
Groups: Groups{"group:foo": []string{"user1", "user2"}},
TagOwners: TagOwners{"tag:test": []string{"group:foo", "user3"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
tag: "tag:test",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
want: []string{"user1", "user2", "user3"},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
{
name: "invalid tag",
args: args{
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
aclPolicy: &ACLPolicy{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
TagOwners: TagOwners{"tag:foo": []string{"group:foo", "user1"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
tag: "tag:test",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
want: []string{},
wantErr: true,
},
{
name: "invalid group",
args: args{
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
aclPolicy: &ACLPolicy{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
Groups: Groups{"group:bar": []string{"user1", "user2"}},
TagOwners: TagOwners{"tag:test": []string{"group:foo", "user2"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
tag: "tag:test",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
want: []string{},
wantErr: true,
},
}
chore(all): update some files for linter
2022-02-14 14:26:54 +00:00
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
rename acl "get" funcs to "expand" for consistency Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 07:17:50 +00:00
got, err := expandOwnersFromTag(
feat(acls): normalize the group name
2022-03-01 20:01:46 +00:00
test.args.aclPolicy,
test.args.tag,
)
chore(all): update some files for linter
2022-02-14 14:26:54 +00:00
if (err != nil) != test.wantErr {
t.Errorf("expandTagOwners() error = %v, wantErr %v", err, test.wantErr)
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
return
}
use cmp.Diff instead of reflect.DeepEqual Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-21 06:12:24 +00:00
if diff := cmp.Diff(test.want, got); diff != "" {
t.Errorf("expandTagOwners() = (-want +got):\n%s", diff)
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
})
}
}
func Test_expandPorts(t *testing.T) {
type args struct {
Improve ACLs by adding protocol parsing support
2022-06-08 15:43:59 +00:00
portsStr string
needsWildcard bool
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
tests := []struct {
name string
args args
want *[]tailcfg.PortRange
wantErr bool
}{
{
name: "wildcard",
Improve ACLs by adding protocol parsing support
2022-06-08 15:43:59 +00:00
args: args{portsStr: "*", needsWildcard: true},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
want: &[]tailcfg.PortRange{
{First: portRangeBegin, Last: portRangeEnd},
},
wantErr: false,
},
Improve ACLs by adding protocol parsing support
2022-06-08 15:43:59 +00:00
{
name: "needs wildcard but does not require it",
args: args{portsStr: "*", needsWildcard: false},
want: &[]tailcfg.PortRange{
{First: portRangeBegin, Last: portRangeEnd},
},
wantErr: false,
},
{
name: "needs wildcard but gets port",
args: args{portsStr: "80,443", needsWildcard: true},
want: nil,
wantErr: true,
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
{
Migrate ACLs syntax to new Tailscale format Implements #617. Tailscale has changed the format of their ACLs to use a more firewall-y terms ("users" & "ports" -> "src" & "dst"). They have also started using all-lowercase tags. This PR applies these changes.
2022-06-08 11:40:15 +00:00
name: "two Destinations",
Improve ACLs by adding protocol parsing support
2022-06-08 15:43:59 +00:00
args: args{portsStr: "80,443", needsWildcard: false},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
want: &[]tailcfg.PortRange{
{First: 80, Last: 80},
{First: 443, Last: 443},
},
wantErr: false,
},
{
name: "a range and a port",
Improve ACLs by adding protocol parsing support
2022-06-08 15:43:59 +00:00
args: args{portsStr: "80-1024,443", needsWildcard: false},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
want: &[]tailcfg.PortRange{
{First: 80, Last: 1024},
{First: 443, Last: 443},
},
wantErr: false,
},
{
name: "out of bounds",
Improve ACLs by adding protocol parsing support
2022-06-08 15:43:59 +00:00
args: args{portsStr: "854038", needsWildcard: false},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
want: nil,
wantErr: true,
},
{
name: "wrong port",
Improve ACLs by adding protocol parsing support
2022-06-08 15:43:59 +00:00
args: args{portsStr: "85a38", needsWildcard: false},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
want: nil,
wantErr: true,
},
{
name: "wrong port in first",
Improve ACLs by adding protocol parsing support
2022-06-08 15:43:59 +00:00
args: args{portsStr: "a-80", needsWildcard: false},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
want: nil,
wantErr: true,
},
{
name: "wrong port in last",
Improve ACLs by adding protocol parsing support
2022-06-08 15:43:59 +00:00
args: args{portsStr: "80-85a38", needsWildcard: false},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
want: nil,
wantErr: true,
},
{
name: "wrong port format",
Improve ACLs by adding protocol parsing support
2022-06-08 15:43:59 +00:00
args: args{portsStr: "80-85a38-3", needsWildcard: false},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
want: nil,
wantErr: true,
},
}
chore(all): update some files for linter
2022-02-14 14:26:54 +00:00
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
Improve ACLs by adding protocol parsing support
2022-06-08 15:43:59 +00:00
got, err := expandPorts(test.args.portsStr, test.args.needsWildcard)
chore(all): update some files for linter
2022-02-14 14:26:54 +00:00
if (err != nil) != test.wantErr {
t.Errorf("expandPorts() error = %v, wantErr %v", err, test.wantErr)
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
return
}
use cmp.Diff instead of reflect.DeepEqual Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-21 06:12:24 +00:00
if diff := cmp.Diff(test.want, got); diff != "" {
t.Errorf("expandPorts() = (-want +got):\n%s", diff)
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
})
}
}
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
func Test_listNodesInUser(t *testing.T) {
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
type args struct {
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes types.Nodes
user string
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
tests := []struct {
name string
args args
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want types.Nodes
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}{
{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
name: "1 node in user",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{User: types.User{Name: "joe"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
Rename [Nn]amespace -> [Uu]ser in go code Use gopls, ag and perl to rename all occurances of Namespace Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-17 16:43:44 +00:00
user: "joe",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{User: types.User{Name: "joe"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
},
{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
name: "3 nodes, 2 in user",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{ID: 1, User: types.User{Name: "joe"}},
&types.Node{ID: 2, User: types.User{Name: "marc"}},
&types.Node{ID: 3, User: types.User{Name: "marc"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
Rename [Nn]amespace -> [Uu]ser in go code Use gopls, ag and perl to rename all occurances of Namespace Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-17 16:43:44 +00:00
user: "marc",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{ID: 2, User: types.User{Name: "marc"}},
&types.Node{ID: 3, User: types.User{Name: "marc"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
},
{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
name: "5 nodes, 0 in user",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{ID: 1, User: types.User{Name: "joe"}},
&types.Node{ID: 2, User: types.User{Name: "marc"}},
&types.Node{ID: 3, User: types.User{Name: "marc"}},
&types.Node{ID: 4, User: types.User{Name: "marc"}},
&types.Node{ID: 5, User: types.User{Name: "marc"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
Rename [Nn]amespace -> [Uu]ser in go code Use gopls, ag and perl to rename all occurances of Namespace Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-17 16:43:44 +00:00
user: "mickael",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
Remove allocations of lists before use (#1989) * policy: remove allocs before appends in acls Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * notifier: make batcher tests stable/non-flaky Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * {db,derp,mapper}: dont allocate until append Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-06-23 20:06:50 +00:00
want: nil,
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
}
chore(lint): more lint fixing
2022-02-14 17:24:37 +00:00
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
got := filterNodesByUser(test.args.nodes, test.args.user)
use cmp.Diff instead of reflect.DeepEqual Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-21 06:12:24 +00:00
ensure online status and route changes are propagated (#1564)
2023-12-09 17:09:24 +00:00
if diff := cmp.Diff(test.want, got, util.Comparers...); diff != "" {
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
t.Errorf("listNodesInUser() = (-want +got):\n%s", diff)
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
})
}
}
func Test_expandAlias(t *testing.T) {
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
set := func(ips []string, prefixes []string) *netipx.IPSet {
var builder netipx.IPSetBuilder
for _, ip := range ips {
builder.Add(netip.MustParseAddr(ip))
}
for _, pre := range prefixes {
builder.AddPrefix(netip.MustParsePrefix(pre))
}
s, _ := builder.IPSet()
return s
}
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
type field struct {
pol ACLPolicy
}
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
type args struct {
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes types.Nodes
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
aclPolicy ACLPolicy
alias string
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
tests := []struct {
name string
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field field
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args args
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want *netipx.IPSet
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr bool
}{
{
name: "wildcard",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{},
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
alias: "*",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
fix lint Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-07-26 09:53:42 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.78.84.227"),
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{}, []string{
"0.0.0.0/0",
"::/0",
}),
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
{
name: "simple group",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{
Groups: Groups{"group:accountant": []string{"joe", "marc"}},
},
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
alias: "group:accountant",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{
"100.64.0.1", "100.64.0.2", "100.64.0.3",
}, []string{}),
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
{
name: "wrong group",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{
Groups: Groups{"group:accountant": []string{"joe", "marc"}},
},
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
alias: "group:hr",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{}, []string{}),
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: true,
},
{
name: "simple ipaddress",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{},
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
alias: "10.0.0.3",
nodes: types.Nodes{},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{
"10.0.0.3",
}, []string{}),
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
{
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
name: "simple host by ip passed through",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{},
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
alias: "10.0.0.1",
nodes: types.Nodes{},
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{
"10.0.0.1",
}, []string{}),
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
wantErr: false,
},
{
name: "simple host by ipv4 single ipv4",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{},
},
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
args: args{
alias: "10.0.0.1",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("10.0.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{
"10.0.0.1",
}, []string{}),
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
{
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
name: "simple host by ipv4 single dual stack",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{},
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
alias: "10.0.0.1",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("10.0.0.1"),
IPv6: iap("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
},
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{
"10.0.0.1", "fd7a:115c:a1e0:ab12:4843:2222:6273:2222",
}, []string{}),
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
wantErr: false,
},
{
name: "simple host by ipv6 single dual stack",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{},
},
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
args: args{
alias: "fd7a:115c:a1e0:ab12:4843:2222:6273:2222",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("10.0.0.1"),
IPv6: iap("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
},
},
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{
"fd7a:115c:a1e0:ab12:4843:2222:6273:2222", "10.0.0.1",
}, []string{}),
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
Rename IP specific function, add missing test case Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 08:39:27 +00:00
{
name: "simple host by hostname alias",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{
Rename IP specific function, add missing test case Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 08:39:27 +00:00
Hosts: Hosts{
"testy": netip.MustParsePrefix("10.0.0.132/32"),
},
},
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
},
args: args{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
alias: "testy",
nodes: types.Nodes{},
Rename IP specific function, add missing test case Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 08:39:27 +00:00
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{}, []string{"10.0.0.132/32"}),
Rename IP specific function, add missing test case Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 08:39:27 +00:00
wantErr: false,
},
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
{
name: "private network",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
Hosts: Hosts{
"homeNetwork": netip.MustParsePrefix("192.168.1.0/24"),
},
},
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
},
args: args{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
alias: "homeNetwork",
nodes: types.Nodes{},
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{}, []string{"192.168.1.0/24"}),
Fix IPv6 in ACLs (#1339)
2023-04-16 10:26:35 +00:00
wantErr: false,
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
{
name: "simple CIDR",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{},
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
alias: "10.0.0.0/16",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{},
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
aclPolicy: ACLPolicy{},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{}, []string{"10.0.0.0/16"}),
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
{
name: "simple tag",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{
TagOwners: TagOwners{"tag:hr-webserver": []string{"joe"}},
},
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
alias: "tag:hr-webserver",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Use new machine types in tests
2022-03-01 16:34:35 +00:00
OS: "centos",
Hostname: "foo",
RequestTags: []string{"tag:hr-webserver"},
},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Use new machine types in tests
2022-03-01 16:34:35 +00:00
OS: "centos",
Hostname: "foo",
RequestTags: []string{"tag:hr-webserver"},
},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{
"100.64.0.1", "100.64.0.2",
}, []string{}),
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
{
name: "No tag defined",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{
Groups: Groups{"group:accountant": []string{"joe", "marc"}},
TagOwners: TagOwners{
"tag:accountant-webserver": []string{"group:accountant"},
},
},
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
alias: "tag:hr-webserver",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{}, []string{}),
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: true,
},
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
{
name: "Forced tag defined",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{},
},
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
args: args{
alias: "tag:hr-webserver",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
ForcedTags: []string{"tag:hr-webserver"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
ForcedTags: []string{"tag:hr-webserver"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
},
},
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{"100.64.0.1", "100.64.0.2"}, []string{}),
Fix forced Tags with legitimate tagOwners Also replace loops contains
2022-06-01 13:39:59 +00:00
wantErr: false,
},
{
name: "Forced tag with legitimate tagOwner",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{
TagOwners: TagOwners{
"tag:hr-webserver": []string{"joe"},
},
},
},
Fix forced Tags with legitimate tagOwners Also replace loops contains
2022-06-01 13:39:59 +00:00
args: args{
alias: "tag:hr-webserver",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
Fix forced Tags with legitimate tagOwners Also replace loops contains
2022-06-01 13:39:59 +00:00
ForcedTags: []string{"tag:hr-webserver"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Fix forced Tags with legitimate tagOwners Also replace loops contains
2022-06-01 13:39:59 +00:00
OS: "centos",
Hostname: "foo",
RequestTags: []string{"tag:hr-webserver"},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
Fix forced Tags with legitimate tagOwners Also replace loops contains
2022-06-01 13:39:59 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
Fix forced Tags with legitimate tagOwners Also replace loops contains
2022-06-01 13:39:59 +00:00
},
},
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{"100.64.0.1", "100.64.0.2"}, []string{}),
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
wantErr: false,
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
{
Rename [Nn]amespace -> [Uu]ser in go code Use gopls, ag and perl to rename all occurances of Namespace Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-17 16:43:44 +00:00
name: "list host in user without correctly tagged servers",
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
field: field{
pol: ACLPolicy{
TagOwners: TagOwners{"tag:accountant-webserver": []string{"joe"}},
},
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
args: args{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
alias: "joe",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Use new machine types in tests
2022-03-01 16:34:35 +00:00
OS: "centos",
Hostname: "foo",
RequestTags: []string{"tag:accountant-webserver"},
},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Use new machine types in tests
2022-03-01 16:34:35 +00:00
OS: "centos",
Hostname: "foo",
RequestTags: []string{"tag:accountant-webserver"},
},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.3"),
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
User: types.User{Name: "marc"},
Hostinfo: &tailcfg.Hostinfo{},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
User: types.User{Name: "joe"},
Hostinfo: &tailcfg.Hostinfo{},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
},
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
want: set([]string{"100.64.0.4"}, []string{}),
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr: false,
},
}
chore(all): update some files for linter
2022-02-14 14:26:54 +00:00
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
got, err := test.field.pol.ExpandAlias(
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
test.args.nodes,
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
test.args.alias,
)
chore(all): update some files for linter
2022-02-14 14:26:54 +00:00
if (err != nil) != test.wantErr {
t.Errorf("expandAlias() error = %v, wantErr %v", err, test.wantErr)
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
return
}
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
if diff := cmp.Diff(test.want, got); diff != "" {
remove DB dependency of tailNode conversion, add test Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-31 07:59:37 +00:00
t.Errorf("expandAlias() unexpected result (-want +got):\n%s", diff)
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
})
}
}
func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
type args struct {
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
aclPolicy *ACLPolicy
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes types.Nodes
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
user string
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
tests := []struct {
name string
args args
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want types.Nodes
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
wantErr bool
}{
{
name: "exclude nodes with valid tags",
args: args{
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
aclPolicy: &ACLPolicy{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
TagOwners: TagOwners{"tag:accountant-webserver": []string{"joe"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Use new machine types in tests
2022-03-01 16:34:35 +00:00
OS: "centos",
Hostname: "foo",
RequestTags: []string{"tag:accountant-webserver"},
},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Use new machine types in tests
2022-03-01 16:34:35 +00:00
OS: "centos",
Hostname: "foo",
RequestTags: []string{"tag:accountant-webserver"},
},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
User: types.User{Name: "joe"},
Hostinfo: &tailcfg.Hostinfo{},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
user: "joe",
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes This commit fix issue #563
2022-08-04 08:42:47 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
User: types.User{Name: "joe"},
Hostinfo: &tailcfg.Hostinfo{},
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes This commit fix issue #563
2022-08-04 08:42:47 +00:00
},
},
},
{
name: "exclude nodes with valid tags, and owner is in a group",
args: args{
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
aclPolicy: &ACLPolicy{
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes This commit fix issue #563
2022-08-04 08:42:47 +00:00
Groups: Groups{
"group:accountant": []string{"joe", "bar"},
},
chore(all): apply formater
2022-08-04 08:47:00 +00:00
TagOwners: TagOwners{
"tag:accountant-webserver": []string{"group:accountant"},
},
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes This commit fix issue #563
2022-08-04 08:42:47 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes This commit fix issue #563
2022-08-04 08:42:47 +00:00
OS: "centos",
Hostname: "foo",
RequestTags: []string{"tag:accountant-webserver"},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes This commit fix issue #563
2022-08-04 08:42:47 +00:00
OS: "centos",
Hostname: "foo",
RequestTags: []string{"tag:accountant-webserver"},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
User: types.User{Name: "joe"},
Hostinfo: &tailcfg.Hostinfo{},
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes This commit fix issue #563
2022-08-04 08:42:47 +00:00
},
},
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
user: "joe",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
User: types.User{Name: "joe"},
Hostinfo: &tailcfg.Hostinfo{},
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
},
},
},
{
name: "exclude nodes with valid tags and with forced tags",
args: args{
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
aclPolicy: &ACLPolicy{
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
TagOwners: TagOwners{"tag:accountant-webserver": []string{"joe"}},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
OS: "centos",
Hostname: "foo",
RequestTags: []string{"tag:accountant-webserver"},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
ForcedTags: []string{"tag:accountant-webserver"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{},
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
User: types.User{Name: "joe"},
Hostinfo: &tailcfg.Hostinfo{},
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
},
},
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
user: "joe",
feat(acls): add support for forced tags
2022-04-15 16:01:13 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
User: types.User{Name: "joe"},
Hostinfo: &tailcfg.Hostinfo{},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
},
{
name: "all nodes have invalid tags, don't exclude them",
args: args{
simplify expandAlias function, move seperate logic out Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 08:58:26 +00:00
aclPolicy: &ACLPolicy{
fix(tests): fix naming issues related to code review
2022-02-20 22:00:31 +00:00
TagOwners: TagOwners{"tag:accountant-webserver": []string{"joe"}},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Use new machine types in tests
2022-03-01 16:34:35 +00:00
OS: "centos",
Hostname: "hr-web1",
RequestTags: []string{"tag:hr-webserver"},
},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Use new machine types in tests
2022-03-01 16:34:35 +00:00
OS: "centos",
Hostname: "hr-web2",
RequestTags: []string{"tag:hr-webserver"},
},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
User: types.User{Name: "joe"},
Hostinfo: &tailcfg.Hostinfo{},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
user: "joe",
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Use new machine types in tests
2022-03-01 16:34:35 +00:00
OS: "centos",
Hostname: "hr-web1",
RequestTags: []string{"tag:hr-webserver"},
},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Use new machine types in tests
2022-03-01 16:34:35 +00:00
OS: "centos",
Hostname: "hr-web2",
RequestTags: []string{"tag:hr-webserver"},
},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
User: types.User{Name: "joe"},
Hostinfo: &tailcfg.Hostinfo{},
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
},
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
},
},
}
chore(all): update some files for linter
2022-02-14 14:26:54 +00:00
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
Remove always nil error
2022-03-02 08:15:14 +00:00
got := excludeCorrectlyTaggedNodes(
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
test.args.aclPolicy,
test.args.nodes,
Rename [Nn]amespace -> [Uu]ser in go code Use gopls, ag and perl to rename all occurances of Namespace Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-17 16:43:44 +00:00
test.args.user,
chore(fmt): apply make fmt command
2022-02-14 14:54:51 +00:00
)
ensure online status and route changes are propagated (#1564)
2023-12-09 17:09:24 +00:00
if diff := cmp.Diff(test.want, got, util.Comparers...); diff != "" {
use cmp.Diff instead of reflect.DeepEqual Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-21 06:12:24 +00:00
t.Errorf("excludeCorrectlyTaggedNodes() (-want +got):\n%s", diff)
feat(acls): rewrite functions to be testable Rewrite some function to get rid of the dependency on Headscale object. This allows us to write succinct test that are more easy to review and implement. The improvements of the tests allowed to write the removal of the tagged hosts from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-07 15:12:05 +00:00
}
})
}
}
Add tests to verify "Hosts" aliases in ACL (#1304)
2023-04-03 08:08:48 +00:00
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
func TestACLPolicy_generateFilterRules(t *testing.T) {
type field struct {
pol ACLPolicy
}
type args struct {
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
nodes types.Nodes
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
}
tests := []struct {
name string
field field
args args
want []tailcfg.FilterRule
wantErr bool
}{
{
name: "no-policy",
field: field{},
args: args{},
Remove allocations of lists before use (#1989) * policy: remove allocs before appends in acls Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * notifier: make batcher tests stable/non-flaky Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * {db,derp,mapper}: dont allocate until append Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-06-23 20:06:50 +00:00
want: nil,
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
wantErr: false,
},
{
testing without that horrible filtercode Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 15:27:51 +00:00
name: "allow-all",
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
field: field{
pol: ACLPolicy{
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"*"},
Destinations: []string{"*:*"},
},
},
},
},
args: args{
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0:ab12:4843:2222:6273:2221"),
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
},
},
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
},
want: []tailcfg.FilterRule{
{
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
SrcIPs: []string{"0.0.0.0/0", "::/0"},
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
DstPorts: []tailcfg.NetPortRange{
{
use IPSet in acls instead of string slice Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 14:11:02 +00:00
IP: "0.0.0.0/0",
Ports: tailcfg.PortRange{
First: 0,
Last: 65535,
},
},
{
IP: "::/0",
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
Ports: tailcfg.PortRange{
First: 0,
Last: 65535,
},
},
},
},
},
wantErr: false,
},
{
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
name: "host1-can-reach-host2-full",
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
field: field{
pol: ACLPolicy{
ACLs: []ACL{
{
Action: "accept",
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
Sources: []string{"100.64.0.2"},
Destinations: []string{"100.64.0.1:*"},
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
},
},
},
},
args: args{
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
nodes: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0:ab12:4843:2222:6273:2221"),
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
User: types.User{Name: "mickael"},
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
IPv6: iap("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
},
},
},
want: []tailcfg.FilterRule{
{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
SrcIPs: []string{
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
"100.64.0.2/32",
"fd7a:115c:a1e0:ab12:4843:2222:6273:2222/128",
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
DstPorts: []tailcfg.NetPortRange{
{
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
IP: "100.64.0.1/32",
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
Ports: tailcfg.PortRange{
First: 0,
Last: 65535,
},
},
testing without that horrible filtercode Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 15:27:51 +00:00
{
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
IP: "fd7a:115c:a1e0:ab12:4843:2222:6273:2221/128",
testing without that horrible filtercode Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 15:27:51 +00:00
Ports: tailcfg.PortRange{
First: 0,
Last: 65535,
},
},
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
},
},
},
wantErr: false,
},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
got, err := tt.field.pol.CompileFilterRules(
tt.args.nodes,
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
)
if (err != nil) != tt.wantErr {
t.Errorf("ACLgenerateFilterRules() error = %v, wantErr %v", err, tt.wantErr)
return
}
if diff := cmp.Diff(tt.want, got); diff != "" {
log.Trace().Interface("got", got).Msg("result")
t.Errorf("ACLgenerateFilterRules() unexpected result (-want +got):\n%s", diff)
}
})
}
}
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
// tsExitNodeDest is the list of destination IP ranges that are allowed when
// you dump the filter list from a Tailscale node connected to Tailscale SaaS.
var tsExitNodeDest = []tailcfg.NetPortRange{
{
IP: "0.0.0.0-9.255.255.255",
Ports: tailcfg.PortRangeAny,
},
{
IP: "11.0.0.0-100.63.255.255",
Ports: tailcfg.PortRangeAny,
},
{
IP: "100.128.0.0-169.253.255.255",
Ports: tailcfg.PortRangeAny,
},
{
IP: "169.255.0.0-172.15.255.255",
Ports: tailcfg.PortRangeAny,
},
{
IP: "172.32.0.0-192.167.255.255",
Ports: tailcfg.PortRangeAny,
},
{
IP: "192.169.0.0-255.255.255.255",
Ports: tailcfg.PortRangeAny,
},
{
IP: "2000::-3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
Ports: tailcfg.PortRangeAny,
},
}
// hsExitNodeDest is the list of destination IP ranges that are allowed when
reformat code (#2019) * reformat code This is mostly an automated change with `make lint`. I had to manually please golangci-lint in routes_test because of a short variable name. * fix start -> strategy which was wrongly corrected by linter
2024-07-22 06:56:00 +00:00
// we use headscale "autogroup:internet".
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
var hsExitNodeDest = []tailcfg.NetPortRange{
{IP: "0.0.0.0/5", Ports: tailcfg.PortRangeAny},
{IP: "8.0.0.0/7", Ports: tailcfg.PortRangeAny},
{IP: "11.0.0.0/8", Ports: tailcfg.PortRangeAny},
{IP: "12.0.0.0/6", Ports: tailcfg.PortRangeAny},
{IP: "16.0.0.0/4", Ports: tailcfg.PortRangeAny},
{IP: "32.0.0.0/3", Ports: tailcfg.PortRangeAny},
{IP: "64.0.0.0/3", Ports: tailcfg.PortRangeAny},
{IP: "96.0.0.0/6", Ports: tailcfg.PortRangeAny},
{IP: "100.0.0.0/10", Ports: tailcfg.PortRangeAny},
{IP: "100.128.0.0/9", Ports: tailcfg.PortRangeAny},
{IP: "101.0.0.0/8", Ports: tailcfg.PortRangeAny},
{IP: "102.0.0.0/7", Ports: tailcfg.PortRangeAny},
{IP: "104.0.0.0/5", Ports: tailcfg.PortRangeAny},
{IP: "112.0.0.0/4", Ports: tailcfg.PortRangeAny},
{IP: "128.0.0.0/3", Ports: tailcfg.PortRangeAny},
{IP: "160.0.0.0/5", Ports: tailcfg.PortRangeAny},
{IP: "168.0.0.0/8", Ports: tailcfg.PortRangeAny},
{IP: "169.0.0.0/9", Ports: tailcfg.PortRangeAny},
{IP: "169.128.0.0/10", Ports: tailcfg.PortRangeAny},
{IP: "169.192.0.0/11", Ports: tailcfg.PortRangeAny},
{IP: "169.224.0.0/12", Ports: tailcfg.PortRangeAny},
{IP: "169.240.0.0/13", Ports: tailcfg.PortRangeAny},
{IP: "169.248.0.0/14", Ports: tailcfg.PortRangeAny},
{IP: "169.252.0.0/15", Ports: tailcfg.PortRangeAny},
{IP: "169.255.0.0/16", Ports: tailcfg.PortRangeAny},
{IP: "170.0.0.0/7", Ports: tailcfg.PortRangeAny},
{IP: "172.0.0.0/12", Ports: tailcfg.PortRangeAny},
{IP: "172.32.0.0/11", Ports: tailcfg.PortRangeAny},
{IP: "172.64.0.0/10", Ports: tailcfg.PortRangeAny},
{IP: "172.128.0.0/9", Ports: tailcfg.PortRangeAny},
{IP: "173.0.0.0/8", Ports: tailcfg.PortRangeAny},
{IP: "174.0.0.0/7", Ports: tailcfg.PortRangeAny},
{IP: "176.0.0.0/4", Ports: tailcfg.PortRangeAny},
{IP: "192.0.0.0/9", Ports: tailcfg.PortRangeAny},
{IP: "192.128.0.0/11", Ports: tailcfg.PortRangeAny},
{IP: "192.160.0.0/13", Ports: tailcfg.PortRangeAny},
{IP: "192.169.0.0/16", Ports: tailcfg.PortRangeAny},
{IP: "192.170.0.0/15", Ports: tailcfg.PortRangeAny},
{IP: "192.172.0.0/14", Ports: tailcfg.PortRangeAny},
{IP: "192.176.0.0/12", Ports: tailcfg.PortRangeAny},
{IP: "192.192.0.0/10", Ports: tailcfg.PortRangeAny},
{IP: "193.0.0.0/8", Ports: tailcfg.PortRangeAny},
{IP: "194.0.0.0/7", Ports: tailcfg.PortRangeAny},
{IP: "196.0.0.0/6", Ports: tailcfg.PortRangeAny},
{IP: "200.0.0.0/5", Ports: tailcfg.PortRangeAny},
{IP: "208.0.0.0/4", Ports: tailcfg.PortRangeAny},
{IP: "224.0.0.0/3", Ports: tailcfg.PortRangeAny},
{IP: "2000::/3", Ports: tailcfg.PortRangeAny},
}
func TestTheInternet(t *testing.T) {
internetSet := theInternet()
internetPrefs := internetSet.Prefixes()
reformat code (#2019) * reformat code This is mostly an automated change with `make lint`. I had to manually please golangci-lint in routes_test because of a short variable name. * fix start -> strategy which was wrongly corrected by linter
2024-07-22 06:56:00 +00:00
for i := range internetPrefs {
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
if internetPrefs[i].String() != hsExitNodeDest[i].IP {
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
t.Errorf(
"prefix from internet set %q != hsExit list %q",
internetPrefs[i].String(),
hsExitNodeDest[i].IP,
)
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
}
}
if len(internetPrefs) != len(hsExitNodeDest) {
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
t.Fatalf(
"expected same length of prefixes, internet: %d, hsExit: %d",
len(internetPrefs),
len(hsExitNodeDest),
)
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
}
}
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
func TestReduceFilterRules(t *testing.T) {
tests := []struct {
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
name string
node *types.Node
peers types.Nodes
pol ACLPolicy
want []tailcfg.FilterRule
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
}{
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
{
name: "host1-can-reach-host2-no-rules",
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
pol: ACLPolicy{
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"100.64.0.1"},
Destinations: []string{"100.64.0.2:*"},
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0:ab12:4843:2222:6273:2221"),
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
User: types.User{Name: "mickael"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
peers: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
IPv6: iap("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
User: types.User{Name: "mickael"},
},
},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
want: []tailcfg.FilterRule{},
only send relevant filterrules to nodes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-13 08:03:22 +00:00
},
node selfupdate and fix subnet router when ACL is enabled (#1673) Fixes #1604 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-01-18 16:30:25 +00:00
{
name: "1604-subnet-routers-are-preserved",
pol: ACLPolicy{
Groups: Groups{
"group:admins": {"user1"},
},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"group:admins"},
Destinations: []string{"group:admins:*"},
},
{
Action: "accept",
Sources: []string{"group:admins"},
Destinations: []string{"10.33.0.0/16:*"},
},
},
},
node: &types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0::1"),
node selfupdate and fix subnet router when ACL is enabled (#1673) Fixes #1604 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-01-18 16:30:25 +00:00
User: types.User{Name: "user1"},
Hostinfo: &tailcfg.Hostinfo{
RoutableIPs: []netip.Prefix{
netip.MustParsePrefix("10.33.0.0/16"),
},
},
},
peers: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
IPv6: iap("fd7a:115c:a1e0::2"),
node selfupdate and fix subnet router when ACL is enabled (#1673) Fixes #1604 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-01-18 16:30:25 +00:00
User: types.User{Name: "user1"},
},
},
want: []tailcfg.FilterRule{
{
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
DstPorts: []tailcfg.NetPortRange{
{
IP: "100.64.0.1/32",
Ports: tailcfg.PortRangeAny,
},
{
IP: "fd7a:115c:a1e0::1/128",
Ports: tailcfg.PortRangeAny,
},
},
},
{
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
DstPorts: []tailcfg.NetPortRange{
{
IP: "10.33.0.0/16",
Ports: tailcfg.PortRangeAny,
},
},
},
},
},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
{
name: "1786-reducing-breaks-exit-nodes-the-client",
pol: ACLPolicy{
Hosts: Hosts{
// Exit node
"internal": netip.MustParsePrefix("100.64.0.100/32"),
},
Groups: Groups{
"group:team": {"user3", "user2", "user1"},
},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"group:team"},
Destinations: []string{
"internal:*",
},
},
{
Action: "accept",
Sources: []string{"group:team"},
Destinations: []string{
"autogroup:internet:*",
},
},
},
},
node: &types.Node{
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0::1"),
User: types.User{Name: "user1"},
},
peers: types.Nodes{
&types.Node{
IPv4: iap("100.64.0.2"),
IPv6: iap("fd7a:115c:a1e0::2"),
User: types.User{Name: "user2"},
},
// "internal" exit node
&types.Node{
IPv4: iap("100.64.0.100"),
IPv6: iap("fd7a:115c:a1e0::100"),
User: types.User{Name: "user100"},
Hostinfo: &tailcfg.Hostinfo{
use tsaddr library and cleanups (#2150) * resuse tsaddr code instead of handrolled Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * ensure we dont give out internal tailscale IPs Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use prefix instead of string for routes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove old custom compare func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * trim unused util code Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 07:06:09 +00:00
RoutableIPs: tsaddr.ExitRoutes(),
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
},
},
},
want: []tailcfg.FilterRule{},
},
{
name: "1786-reducing-breaks-exit-nodes-the-exit",
pol: ACLPolicy{
Hosts: Hosts{
// Exit node
"internal": netip.MustParsePrefix("100.64.0.100/32"),
},
Groups: Groups{
"group:team": {"user3", "user2", "user1"},
},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"group:team"},
Destinations: []string{
"internal:*",
},
},
{
Action: "accept",
Sources: []string{"group:team"},
Destinations: []string{
"autogroup:internet:*",
},
},
},
},
node: &types.Node{
IPv4: iap("100.64.0.100"),
IPv6: iap("fd7a:115c:a1e0::100"),
User: types.User{Name: "user100"},
Hostinfo: &tailcfg.Hostinfo{
use tsaddr library and cleanups (#2150) * resuse tsaddr code instead of handrolled Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * ensure we dont give out internal tailscale IPs Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use prefix instead of string for routes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove old custom compare func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * trim unused util code Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 07:06:09 +00:00
RoutableIPs: tsaddr.ExitRoutes(),
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
},
},
peers: types.Nodes{
&types.Node{
IPv4: iap("100.64.0.2"),
IPv6: iap("fd7a:115c:a1e0::2"),
User: types.User{Name: "user2"},
},
&types.Node{
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0::1"),
User: types.User{Name: "user1"},
},
},
want: []tailcfg.FilterRule{
{
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
DstPorts: []tailcfg.NetPortRange{
{
IP: "100.64.0.100/32",
Ports: tailcfg.PortRangeAny,
},
{
IP: "fd7a:115c:a1e0::100/128",
Ports: tailcfg.PortRangeAny,
},
},
},
{
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
DstPorts: hsExitNodeDest,
},
},
},
{
name: "1786-reducing-breaks-exit-nodes-the-example-from-issue",
pol: ACLPolicy{
Hosts: Hosts{
// Exit node
"internal": netip.MustParsePrefix("100.64.0.100/32"),
},
Groups: Groups{
"group:team": {"user3", "user2", "user1"},
},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"group:team"},
Destinations: []string{
"internal:*",
},
},
{
Action: "accept",
Sources: []string{"group:team"},
Destinations: []string{
"0.0.0.0/5:*",
"8.0.0.0/7:*",
"11.0.0.0/8:*",
"12.0.0.0/6:*",
"16.0.0.0/4:*",
"32.0.0.0/3:*",
"64.0.0.0/2:*",
"128.0.0.0/3:*",
"160.0.0.0/5:*",
"168.0.0.0/6:*",
"172.0.0.0/12:*",
"172.32.0.0/11:*",
"172.64.0.0/10:*",
"172.128.0.0/9:*",
"173.0.0.0/8:*",
"174.0.0.0/7:*",
"176.0.0.0/4:*",
"192.0.0.0/9:*",
"192.128.0.0/11:*",
"192.160.0.0/13:*",
"192.169.0.0/16:*",
"192.170.0.0/15:*",
"192.172.0.0/14:*",
"192.176.0.0/12:*",
"192.192.0.0/10:*",
"193.0.0.0/8:*",
"194.0.0.0/7:*",
"196.0.0.0/6:*",
"200.0.0.0/5:*",
"208.0.0.0/4:*",
},
},
},
},
node: &types.Node{
IPv4: iap("100.64.0.100"),
IPv6: iap("fd7a:115c:a1e0::100"),
User: types.User{Name: "user100"},
Hostinfo: &tailcfg.Hostinfo{
use tsaddr library and cleanups (#2150) * resuse tsaddr code instead of handrolled Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * ensure we dont give out internal tailscale IPs Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use prefix instead of string for routes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove old custom compare func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * trim unused util code Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 07:06:09 +00:00
RoutableIPs: tsaddr.ExitRoutes(),
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
},
},
peers: types.Nodes{
&types.Node{
IPv4: iap("100.64.0.2"),
IPv6: iap("fd7a:115c:a1e0::2"),
User: types.User{Name: "user2"},
},
&types.Node{
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0::1"),
User: types.User{Name: "user1"},
},
},
want: []tailcfg.FilterRule{
{
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
DstPorts: []tailcfg.NetPortRange{
{
IP: "100.64.0.100/32",
Ports: tailcfg.PortRangeAny,
},
{
IP: "fd7a:115c:a1e0::100/128",
Ports: tailcfg.PortRangeAny,
},
},
},
{
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
DstPorts: []tailcfg.NetPortRange{
{IP: "0.0.0.0/5", Ports: tailcfg.PortRangeAny},
{IP: "8.0.0.0/7", Ports: tailcfg.PortRangeAny},
{IP: "11.0.0.0/8", Ports: tailcfg.PortRangeAny},
{IP: "12.0.0.0/6", Ports: tailcfg.PortRangeAny},
{IP: "16.0.0.0/4", Ports: tailcfg.PortRangeAny},
{IP: "32.0.0.0/3", Ports: tailcfg.PortRangeAny},
{IP: "64.0.0.0/2", Ports: tailcfg.PortRangeAny},
{IP: "fd7a:115c:a1e0::1/128", Ports: tailcfg.PortRangeAny},
{IP: "fd7a:115c:a1e0::2/128", Ports: tailcfg.PortRangeAny},
{IP: "fd7a:115c:a1e0::100/128", Ports: tailcfg.PortRangeAny},
{IP: "128.0.0.0/3", Ports: tailcfg.PortRangeAny},
{IP: "160.0.0.0/5", Ports: tailcfg.PortRangeAny},
{IP: "168.0.0.0/6", Ports: tailcfg.PortRangeAny},
{IP: "172.0.0.0/12", Ports: tailcfg.PortRangeAny},
{IP: "172.32.0.0/11", Ports: tailcfg.PortRangeAny},
{IP: "172.64.0.0/10", Ports: tailcfg.PortRangeAny},
{IP: "172.128.0.0/9", Ports: tailcfg.PortRangeAny},
{IP: "173.0.0.0/8", Ports: tailcfg.PortRangeAny},
{IP: "174.0.0.0/7", Ports: tailcfg.PortRangeAny},
{IP: "176.0.0.0/4", Ports: tailcfg.PortRangeAny},
{IP: "192.0.0.0/9", Ports: tailcfg.PortRangeAny},
{IP: "192.128.0.0/11", Ports: tailcfg.PortRangeAny},
{IP: "192.160.0.0/13", Ports: tailcfg.PortRangeAny},
{IP: "192.169.0.0/16", Ports: tailcfg.PortRangeAny},
{IP: "192.170.0.0/15", Ports: tailcfg.PortRangeAny},
{IP: "192.172.0.0/14", Ports: tailcfg.PortRangeAny},
{IP: "192.176.0.0/12", Ports: tailcfg.PortRangeAny},
{IP: "192.192.0.0/10", Ports: tailcfg.PortRangeAny},
{IP: "193.0.0.0/8", Ports: tailcfg.PortRangeAny},
{IP: "194.0.0.0/7", Ports: tailcfg.PortRangeAny},
{IP: "196.0.0.0/6", Ports: tailcfg.PortRangeAny},
{IP: "200.0.0.0/5", Ports: tailcfg.PortRangeAny},
{IP: "208.0.0.0/4", Ports: tailcfg.PortRangeAny},
},
},
},
},
{
name: "1786-reducing-breaks-exit-nodes-app-connector-like",
pol: ACLPolicy{
Hosts: Hosts{
// Exit node
"internal": netip.MustParsePrefix("100.64.0.100/32"),
},
Groups: Groups{
"group:team": {"user3", "user2", "user1"},
},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"group:team"},
Destinations: []string{
"internal:*",
},
},
{
Action: "accept",
Sources: []string{"group:team"},
Destinations: []string{
"8.0.0.0/8:*",
"16.0.0.0/8:*",
},
},
},
},
node: &types.Node{
IPv4: iap("100.64.0.100"),
IPv6: iap("fd7a:115c:a1e0::100"),
User: types.User{Name: "user100"},
Hostinfo: &tailcfg.Hostinfo{
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
RoutableIPs: []netip.Prefix{
netip.MustParsePrefix("8.0.0.0/16"),
netip.MustParsePrefix("16.0.0.0/16"),
},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
},
},
peers: types.Nodes{
&types.Node{
IPv4: iap("100.64.0.2"),
IPv6: iap("fd7a:115c:a1e0::2"),
User: types.User{Name: "user2"},
},
&types.Node{
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0::1"),
User: types.User{Name: "user1"},
},
},
want: []tailcfg.FilterRule{
{
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
DstPorts: []tailcfg.NetPortRange{
{
IP: "100.64.0.100/32",
Ports: tailcfg.PortRangeAny,
},
{
IP: "fd7a:115c:a1e0::100/128",
Ports: tailcfg.PortRangeAny,
},
},
},
{
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
DstPorts: []tailcfg.NetPortRange{
{
IP: "8.0.0.0/8",
Ports: tailcfg.PortRangeAny,
},
{
IP: "16.0.0.0/8",
Ports: tailcfg.PortRangeAny,
},
},
},
},
},
{
name: "1786-reducing-breaks-exit-nodes-app-connector-like2",
pol: ACLPolicy{
Hosts: Hosts{
// Exit node
"internal": netip.MustParsePrefix("100.64.0.100/32"),
},
Groups: Groups{
"group:team": {"user3", "user2", "user1"},
},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"group:team"},
Destinations: []string{
"internal:*",
},
},
{
Action: "accept",
Sources: []string{"group:team"},
Destinations: []string{
"8.0.0.0/16:*",
"16.0.0.0/16:*",
},
},
},
},
node: &types.Node{
IPv4: iap("100.64.0.100"),
IPv6: iap("fd7a:115c:a1e0::100"),
User: types.User{Name: "user100"},
Hostinfo: &tailcfg.Hostinfo{
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
RoutableIPs: []netip.Prefix{
netip.MustParsePrefix("8.0.0.0/8"),
netip.MustParsePrefix("16.0.0.0/8"),
},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
},
},
peers: types.Nodes{
&types.Node{
IPv4: iap("100.64.0.2"),
IPv6: iap("fd7a:115c:a1e0::2"),
User: types.User{Name: "user2"},
},
&types.Node{
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0::1"),
User: types.User{Name: "user1"},
},
},
want: []tailcfg.FilterRule{
{
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
DstPorts: []tailcfg.NetPortRange{
{
IP: "100.64.0.100/32",
Ports: tailcfg.PortRangeAny,
},
{
IP: "fd7a:115c:a1e0::100/128",
Ports: tailcfg.PortRangeAny,
},
},
},
{
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
DstPorts: []tailcfg.NetPortRange{
{
IP: "8.0.0.0/16",
Ports: tailcfg.PortRangeAny,
},
{
IP: "16.0.0.0/16",
Ports: tailcfg.PortRangeAny,
},
},
},
},
},
{
name: "1817-reduce-breaks-32-mask",
pol: ACLPolicy{
Hosts: Hosts{
"vlan1": netip.MustParsePrefix("172.16.0.0/24"),
"dns1": netip.MustParsePrefix("172.16.0.21/32"),
},
Groups: Groups{
"group:access": {"user1"},
},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"group:access"},
Destinations: []string{
"tag:access-servers:*",
"dns1:*",
},
},
},
},
node: &types.Node{
IPv4: iap("100.64.0.100"),
IPv6: iap("fd7a:115c:a1e0::100"),
User: types.User{Name: "user100"},
Hostinfo: &tailcfg.Hostinfo{
RoutableIPs: []netip.Prefix{netip.MustParsePrefix("172.16.0.0/24")},
},
use gorm serialiser instead of custom hooks (#2156) * add sqlite to debug/test image Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * test using gorm serialiser instead of custom hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 09:41:58 +00:00
ForcedTags: []string{"tag:access-servers"},
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
},
peers: types.Nodes{
&types.Node{
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0::1"),
User: types.User{Name: "user1"},
},
},
want: []tailcfg.FilterRule{
{
SrcIPs: []string{"100.64.0.1/32", "fd7a:115c:a1e0::1/128"},
DstPorts: []tailcfg.NetPortRange{
{
IP: "100.64.0.100/32",
Ports: tailcfg.PortRangeAny,
},
{
IP: "fd7a:115c:a1e0::100/128",
Ports: tailcfg.PortRangeAny,
},
{
IP: "172.16.0.21/32",
Ports: tailcfg.PortRangeAny,
},
},
},
},
},
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
}
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
got, _ := tt.pol.CompileFilterRules(
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
append(tt.peers, tt.node),
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
)
add autogroup:internet, fix reduce filter rules (#1917)
2024-04-30 05:23:16 +00:00
got = ReduceFilterRules(tt.node, got)
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
if diff := cmp.Diff(tt.want, got); diff != "" {
log.Trace().Interface("got", got).Msg("result")
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
t.Errorf("TestReduceFilterRules() unexpected result (-want +got):\n%s", diff)
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
}
})
}
}
func Test_getTags(t *testing.T) {
type args struct {
remove "stripEmailDomain" argument This commit makes a wrapper function round the normalisation requiring "stripEmailDomain" which has to be passed in almost all functions of headscale by loading it from Viper instead. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:29:34 +00:00
aclPolicy *ACLPolicy
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node *types.Node
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
}
tests := []struct {
name string
args args
wantInvalid []string
wantValid []string
}{
{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
name: "valid tag one nodes",
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
args: args{
aclPolicy: &ACLPolicy{
TagOwners: TagOwners{
"tag:valid": []string{"joe"},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{
Name: "joe",
},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
RequestTags: []string{"tag:valid"},
},
},
},
wantValid: []string{"tag:valid"},
wantInvalid: nil,
},
{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
name: "invalid tag and valid tag one nodes",
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
args: args{
aclPolicy: &ACLPolicy{
TagOwners: TagOwners{
"tag:valid": []string{"joe"},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{
Name: "joe",
},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
RequestTags: []string{"tag:valid", "tag:invalid"},
},
},
},
wantValid: []string{"tag:valid"},
wantInvalid: []string{"tag:invalid"},
},
{
name: "multiple invalid and identical tags, should return only one invalid tag",
args: args{
aclPolicy: &ACLPolicy{
TagOwners: TagOwners{
"tag:valid": []string{"joe"},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{
Name: "joe",
},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
RequestTags: []string{
"tag:invalid",
"tag:valid",
"tag:invalid",
},
},
},
},
wantValid: []string{"tag:valid"},
wantInvalid: []string{"tag:invalid"},
},
{
name: "only invalid tags",
args: args{
aclPolicy: &ACLPolicy{
TagOwners: TagOwners{
"tag:valid": []string{"joe"},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{
Name: "joe",
},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
RequestTags: []string{"tag:invalid", "very-invalid"},
},
},
},
wantValid: nil,
wantInvalid: []string{"tag:invalid", "very-invalid"},
},
{
name: "empty ACLPolicy should return empty tags and should not panic",
args: args{
aclPolicy: &ACLPolicy{},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{
Name: "joe",
},
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &tailcfg.Hostinfo{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
RequestTags: []string{"tag:invalid", "very-invalid"},
},
},
},
wantValid: nil,
wantInvalid: []string{"tag:invalid", "very-invalid"},
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
gotValid, gotInvalid := test.args.aclPolicy.TagsOfNode(
test.args.node,
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
)
for _, valid := range gotValid {
use tsaddr library and cleanups (#2150) * resuse tsaddr code instead of handrolled Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * ensure we dont give out internal tailscale IPs Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use prefix instead of string for routes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove old custom compare func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * trim unused util code Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 07:06:09 +00:00
if !slices.Contains(test.wantValid, valid) {
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
t.Errorf(
"valids: getTags() = %v, want %v",
gotValid,
test.wantValid,
)
break
}
}
for _, invalid := range gotInvalid {
use tsaddr library and cleanups (#2150) * resuse tsaddr code instead of handrolled Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * ensure we dont give out internal tailscale IPs Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use prefix instead of string for routes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove old custom compare func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * trim unused util code Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 07:06:09 +00:00
if !slices.Contains(test.wantInvalid, invalid) {
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
t.Errorf(
"invalids: getTags() = %v, want %v",
gotInvalid,
test.wantInvalid,
)
break
}
}
})
}
}
func Test_getFilteredByACLPeers(t *testing.T) {
type args struct {
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes types.Nodes
rules []tailcfg.FilterRule
node *types.Node
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
}
tests := []struct {
name string
args args
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want types.Nodes
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
}{
{
name: "all hosts can talk to each other",
args: args{
Fix typos (#1860) * Fix typos * trigger GitHub actions * remove kdiff3 orig files * fix unicode * remove unnecessary function call * remove unnecessary comment * remove unnecessary comment --------- Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
2024-05-19 21:49:27 +00:00
nodes: types.Nodes{ // list of all nodes in the database
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
{
SrcIPs: []string{"100.64.0.1", "100.64.0.2", "100.64.0.3"},
DstPorts: []tailcfg.NetPortRange{
{IP: "*"},
},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{ // current nodes
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
User: types.User{Name: "joe"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
User: types.User{Name: "marc"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.3"),
User: types.User{Name: "mickael"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
},
{
name: "One host can talk to another, but not all hosts",
args: args{
Fix typos (#1860) * Fix typos * trigger GitHub actions * remove kdiff3 orig files * fix unicode * remove unnecessary function call * remove unnecessary comment * remove unnecessary comment --------- Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
2024-05-19 21:49:27 +00:00
nodes: types.Nodes{ // list of all nodes in the database
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
{
SrcIPs: []string{"100.64.0.1", "100.64.0.2", "100.64.0.3"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.2"},
},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{ // current nodes
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
User: types.User{Name: "joe"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
User: types.User{Name: "marc"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
},
{
name: "host cannot directly talk to destination, but return path is authorized",
args: args{
Fix typos (#1860) * Fix typos * trigger GitHub actions * remove kdiff3 orig files * fix unicode * remove unnecessary function call * remove unnecessary comment * remove unnecessary comment --------- Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
2024-05-19 21:49:27 +00:00
nodes: types.Nodes{ // list of all nodes in the database
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
{
SrcIPs: []string{"100.64.0.3"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.2"},
},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{ // current nodes
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
User: types.User{Name: "marc"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.3"),
User: types.User{Name: "mickael"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
},
{
name: "rules allows all hosts to reach one destination",
args: args{
Fix typos (#1860) * Fix typos * trigger GitHub actions * remove kdiff3 orig files * fix unicode * remove unnecessary function call * remove unnecessary comment * remove unnecessary comment --------- Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
2024-05-19 21:49:27 +00:00
nodes: types.Nodes{ // list of all nodes in the database
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
{
SrcIPs: []string{"*"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.2"},
},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{ // current nodes
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
},
},
},
{
name: "rules allows all hosts to reach one destination, destination can reach all hosts",
args: args{
Fix typos (#1860) * Fix typos * trigger GitHub actions * remove kdiff3 orig files * fix unicode * remove unnecessary function call * remove unnecessary comment * remove unnecessary comment --------- Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
2024-05-19 21:49:27 +00:00
nodes: types.Nodes{ // list of all nodes in the database
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
{
SrcIPs: []string{"*"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.2"},
},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{ // current nodes
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
},
},
},
{
name: "rule allows all hosts to reach all destinations",
args: args{
Fix typos (#1860) * Fix typos * trigger GitHub actions * remove kdiff3 orig files * fix unicode * remove unnecessary function call * remove unnecessary comment * remove unnecessary comment --------- Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
2024-05-19 21:49:27 +00:00
nodes: types.Nodes{ // list of all nodes in the database
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
{
SrcIPs: []string{"*"},
DstPorts: []tailcfg.NetPortRange{
{IP: "*"},
},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{ // current nodes
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
User: types.User{Name: "marc"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.3"),
User: types.User{Name: "mickael"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
},
{
name: "without rule all communications are forbidden",
args: args{
Fix typos (#1860) * Fix typos * trigger GitHub actions * remove kdiff3 orig files * fix unicode * remove unnecessary function call * remove unnecessary comment * remove unnecessary comment --------- Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
2024-05-19 21:49:27 +00:00
nodes: types.Nodes{ // list of all nodes in the database
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "joe"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "marc"},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.3"),
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
User: types.User{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{ // current nodes
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
User: types.User{Name: "marc"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
Remove allocations of lists before use (#1989) * policy: remove allocs before appends in acls Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * notifier: make batcher tests stable/non-flaky Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * {db,derp,mapper}: dont allocate until append Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-06-23 20:06:50 +00:00
want: nil,
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
{
// Investigating 699
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
// Found some nodes: [ts-head-8w6paa ts-unstable-lys2ib ts-head-upcrmb ts-unstable-rlwpvr] nodes=ts-head-8w6paa
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
// ACL rules generated ACL=[{"DstPorts":[{"Bits":null,"IP":"*","Ports":{"First":0,"Last":65535}}],"SrcIPs":["fd7a:115c:a1e0::3","100.64.0.3","fd7a:115c:a1e0::4","100.64.0.4"]}]
// ACL Cache Map={"100.64.0.3":{"*":{}},"100.64.0.4":{"*":{}},"fd7a:115c:a1e0::3":{"*":{}},"fd7a:115c:a1e0::4":{"*":{}}}
name: "issue-699-broken-star",
args: args{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: types.Nodes{ //
&types.Node{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
ID: 1,
Hostname: "ts-head-upcrmb",
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.3"),
IPv6: iap("fd7a:115c:a1e0::3"),
User: types.User{Name: "user1"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
ID: 2,
Hostname: "ts-unstable-rlwpvr",
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
IPv6: iap("fd7a:115c:a1e0::4"),
User: types.User{Name: "user1"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
ID: 3,
Hostname: "ts-head-8w6paa",
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0::1"),
User: types.User{Name: "user2"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
ID: 4,
Hostname: "ts-unstable-lys2ib",
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.2"),
IPv6: iap("fd7a:115c:a1e0::2"),
User: types.User{Name: "user2"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
{
DstPorts: []tailcfg.NetPortRange{
{
IP: "*",
Ports: tailcfg.PortRange{First: 0, Last: 65535},
},
},
SrcIPs: []string{
"fd7a:115c:a1e0::3", "100.64.0.3",
"fd7a:115c:a1e0::4", "100.64.0.4",
},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{ // current nodes
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
ID: 3,
Hostname: "ts-head-8w6paa",
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.1"),
IPv6: iap("fd7a:115c:a1e0::1"),
User: types.User{Name: "user2"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: types.Nodes{
&types.Node{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
ID: 1,
Hostname: "ts-head-upcrmb",
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.3"),
IPv6: iap("fd7a:115c:a1e0::3"),
User: types.User{Name: "user1"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
&types.Node{
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
ID: 2,
Hostname: "ts-unstable-rlwpvr",
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
IPv4: iap("100.64.0.4"),
IPv6: iap("fd7a:115c:a1e0::4"),
User: types.User{Name: "user1"},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
},
},
},
Remove variables and leftovers of pregenerated ACL content Prior to the code reorg, we would generate rules from the Policy and store it on the global object. Now we generate it on the fly for each node and this commit cleans up the old variables to make sure we have no unexpected side effects. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-31 16:45:04 +00:00
{
name: "failing-edge-case-during-p3-refactor",
args: args{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: []*types.Node{
Remove variables and leftovers of pregenerated ACL content Prior to the code reorg, we would generate rules from the Policy and store it on the global object. Now we generate it on the fly for each node and this commit cleans up the old variables to make sure we have no unexpected side effects. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-31 16:45:04 +00:00
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.2"),
Hostname: "peer1",
User: types.User{Name: "mini"},
Remove variables and leftovers of pregenerated ACL content Prior to the code reorg, we would generate rules from the Policy and store it on the global object. Now we generate it on the fly for each node and this commit cleans up the old variables to make sure we have no unexpected side effects. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-31 16:45:04 +00:00
},
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.3"),
Hostname: "peer2",
User: types.User{Name: "peer2"},
Remove variables and leftovers of pregenerated ACL content Prior to the code reorg, we would generate rules from the Policy and store it on the global object. Now we generate it on the fly for each node and this commit cleans up the old variables to make sure we have no unexpected side effects. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-31 16:45:04 +00:00
},
},
rules: []tailcfg.FilterRule{
{
SrcIPs: []string{"100.64.0.1/32"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.3/32", Ports: tailcfg.PortRangeAny},
{IP: "::/0", Ports: tailcfg.PortRangeAny},
},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 0,
IPv4: iap("100.64.0.1"),
Hostname: "mini",
User: types.User{Name: "mini"},
Remove variables and leftovers of pregenerated ACL content Prior to the code reorg, we would generate rules from the Policy and store it on the global object. Now we generate it on the fly for each node and this commit cleans up the old variables to make sure we have no unexpected side effects. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-31 16:45:04 +00:00
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: []*types.Node{
Remove variables and leftovers of pregenerated ACL content Prior to the code reorg, we would generate rules from the Policy and store it on the global object. Now we generate it on the fly for each node and this commit cleans up the old variables to make sure we have no unexpected side effects. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-31 16:45:04 +00:00
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.3"),
Hostname: "peer2",
User: types.User{Name: "peer2"},
Remove variables and leftovers of pregenerated ACL content Prior to the code reorg, we would generate rules from the Policy and store it on the global object. Now we generate it on the fly for each node and this commit cleans up the old variables to make sure we have no unexpected side effects. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-31 16:45:04 +00:00
},
},
},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
{
name: "p4-host-in-netmap-user2-dest-bug",
args: args{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: []*types.Node{
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.2"),
Hostname: "user1-2",
User: types.User{Name: "user1"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 0,
IPv4: iap("100.64.0.1"),
Hostname: "user1-1",
User: types.User{Name: "user1"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.4"),
Hostname: "user2-2",
User: types.User{Name: "user2"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
},
rules: []tailcfg.FilterRule{
{
SrcIPs: []string{
"100.64.0.3/32",
"100.64.0.4/32",
"fd7a:115c:a1e0::3/128",
"fd7a:115c:a1e0::4/128",
},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.3/32", Ports: tailcfg.PortRangeAny},
{IP: "100.64.0.4/32", Ports: tailcfg.PortRangeAny},
{IP: "fd7a:115c:a1e0::3/128", Ports: tailcfg.PortRangeAny},
{IP: "fd7a:115c:a1e0::4/128", Ports: tailcfg.PortRangeAny},
},
},
{
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.3/32", Ports: tailcfg.PortRangeAny},
{IP: "100.64.0.4/32", Ports: tailcfg.PortRangeAny},
{IP: "fd7a:115c:a1e0::3/128", Ports: tailcfg.PortRangeAny},
{IP: "fd7a:115c:a1e0::4/128", Ports: tailcfg.PortRangeAny},
},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.3"),
Hostname: "user-2-1",
User: types.User{Name: "user2"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: []*types.Node{
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.2"),
Hostname: "user1-2",
User: types.User{Name: "user1"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 0,
IPv4: iap("100.64.0.1"),
Hostname: "user1-1",
User: types.User{Name: "user1"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.4"),
Hostname: "user2-2",
User: types.User{Name: "user2"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
},
},
{
name: "p4-host-in-netmap-user1-dest-bug",
args: args{
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes: []*types.Node{
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.2"),
Hostname: "user1-2",
User: types.User{Name: "user1"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.3"),
Hostname: "user-2-1",
User: types.User{Name: "user2"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.4"),
Hostname: "user2-2",
User: types.User{Name: "user2"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
},
rules: []tailcfg.FilterRule{
{
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.1/32", Ports: tailcfg.PortRangeAny},
{IP: "100.64.0.2/32", Ports: tailcfg.PortRangeAny},
{IP: "fd7a:115c:a1e0::1/128", Ports: tailcfg.PortRangeAny},
{IP: "fd7a:115c:a1e0::2/128", Ports: tailcfg.PortRangeAny},
},
},
{
SrcIPs: []string{
"100.64.0.1/32",
"100.64.0.2/32",
"fd7a:115c:a1e0::1/128",
"fd7a:115c:a1e0::2/128",
},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.3/32", Ports: tailcfg.PortRangeAny},
{IP: "100.64.0.4/32", Ports: tailcfg.PortRangeAny},
{IP: "fd7a:115c:a1e0::3/128", Ports: tailcfg.PortRangeAny},
{IP: "fd7a:115c:a1e0::4/128", Ports: tailcfg.PortRangeAny},
},
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: &types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 0,
IPv4: iap("100.64.0.1"),
Hostname: "user1-1",
User: types.User{Name: "user1"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
want: []*types.Node{
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.2"),
Hostname: "user1-2",
User: types.User{Name: "user1"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.3"),
Hostname: "user-2-1",
User: types.User{Name: "user2"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 3,
IPv4: iap("100.64.0.4"),
Hostname: "user2-2",
User: types.User{Name: "user2"},
reduce filter rules at the end, so we filter nodes correctly Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-16 14:42:30 +00:00
},
},
},
Allow when user has only a subnet route (#1734) * Add test because of issue 1604 * Add peer for routes * Revert previous change to try different way to add peer * Add traces * Remove traces * Make sure tests have IPPrefix comparator * Get allowedIps before loop * Remove comment * Add composite literals :)
2024-02-12 10:44:37 +00:00
{
name: "subnet-router-with-only-route",
args: args{
nodes: []*types.Node{
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Hostname: "user1",
User: types.User{Name: "user1"},
Allow when user has only a subnet route (#1734) * Add test because of issue 1604 * Add peer for routes * Revert previous change to try different way to add peer * Add traces * Remove traces * Make sure tests have IPPrefix comparator * Get allowedIps before loop * Remove comment * Add composite literals :)
2024-02-12 10:44:37 +00:00
},
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
Hostname: "router",
User: types.User{Name: "router"},
Allow when user has only a subnet route (#1734) * Add test because of issue 1604 * Add peer for routes * Revert previous change to try different way to add peer * Add traces * Remove traces * Make sure tests have IPPrefix comparator * Get allowedIps before loop * Remove comment * Add composite literals :)
2024-02-12 10:44:37 +00:00
Routes: types.Routes{
types.Route{
NodeID: 2,
use gorm serialiser instead of custom hooks (#2156) * add sqlite to debug/test image Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * test using gorm serialiser instead of custom hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 09:41:58 +00:00
Prefix: netip.MustParsePrefix("10.33.0.0/16"),
Allow when user has only a subnet route (#1734) * Add test because of issue 1604 * Add peer for routes * Revert previous change to try different way to add peer * Add traces * Remove traces * Make sure tests have IPPrefix comparator * Get allowedIps before loop * Remove comment * Add composite literals :)
2024-02-12 10:44:37 +00:00
IsPrimary: true,
Enabled: true,
},
},
},
},
rules: []tailcfg.FilterRule{
{
SrcIPs: []string{
"100.64.0.1/32",
},
DstPorts: []tailcfg.NetPortRange{
{IP: "10.33.0.0/16", Ports: tailcfg.PortRangeAny},
},
},
},
node: &types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
IPv4: iap("100.64.0.1"),
Hostname: "user1",
User: types.User{Name: "user1"},
Allow when user has only a subnet route (#1734) * Add test because of issue 1604 * Add peer for routes * Revert previous change to try different way to add peer * Add traces * Remove traces * Make sure tests have IPPrefix comparator * Get allowedIps before loop * Remove comment * Add composite literals :)
2024-02-12 10:44:37 +00:00
},
},
want: []*types.Node{
{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
IPv4: iap("100.64.0.2"),
Hostname: "router",
User: types.User{Name: "router"},
Allow when user has only a subnet route (#1734) * Add test because of issue 1604 * Add peer for routes * Revert previous change to try different way to add peer * Add traces * Remove traces * Make sure tests have IPPrefix comparator * Get allowedIps before loop * Remove comment * Add composite literals :)
2024-02-12 10:44:37 +00:00
Routes: types.Routes{
types.Route{
NodeID: 2,
use gorm serialiser instead of custom hooks (#2156) * add sqlite to debug/test image Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * test using gorm serialiser instead of custom hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 09:41:58 +00:00
Prefix: netip.MustParsePrefix("10.33.0.0/16"),
Allow when user has only a subnet route (#1734) * Add test because of issue 1604 * Add peer for routes * Revert previous change to try different way to add peer * Add traces * Remove traces * Make sure tests have IPPrefix comparator * Get allowedIps before loop * Remove comment * Add composite literals :)
2024-02-12 10:44:37 +00:00
IsPrimary: true,
Enabled: true,
},
},
},
},
},
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
}
Allow when user has only a subnet route (#1734) * Add test because of issue 1604 * Add peer for routes * Revert previous change to try different way to add peer * Add traces * Remove traces * Make sure tests have IPPrefix comparator * Get allowedIps before loop * Remove comment * Add composite literals :)
2024-02-12 10:44:37 +00:00
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
got := FilterNodesByACL(
tt.args.node,
tt.args.nodes,
Split code into modules This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-21 16:37:59 +00:00
tt.args.rules,
)
use gorm serialiser instead of custom hooks (#2156) * add sqlite to debug/test image Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * test using gorm serialiser instead of custom hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 09:41:58 +00:00
if diff := cmp.Diff(tt.want, got, util.Comparers...); diff != "" {
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
t.Errorf("FilterNodesByACL() unexpected result (-want +got):\n%s", diff)
outline tests for full filter generate Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 12:04:12 +00:00
}
})
}
}
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
func TestSSHRules(t *testing.T) {
tests := []struct {
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
name string
node types.Node
peers types.Nodes
pol ACLPolicy
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
want *tailcfg.SSHPolicy
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
}{
{
name: "peers-can-connect",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
Hostname: "testnodes",
IPv4: iap("100.64.99.42"),
UserID: 0,
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
User: types.User{
Name: "user1",
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
peers: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
Hostname: "testnodes2",
IPv4: iap("100.64.0.1"),
UserID: 0,
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
User: types.User{
Name: "user1",
},
},
},
pol: ACLPolicy{
Groups: Groups{
"group:test": []string{"user1"},
},
Hosts: Hosts{
"client": netip.PrefixFrom(netip.MustParseAddr("100.64.99.42"), 32),
},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"*"},
Destinations: []string{"*:*"},
},
},
SSHs: []SSH{
{
Action: "accept",
Sources: []string{"group:test"},
Destinations: []string{"client"},
Users: []string{"autogroup:nonroot"},
},
{
Action: "accept",
Sources: []string{"*"},
Destinations: []string{"client"},
Users: []string{"autogroup:nonroot"},
},
{
Action: "accept",
Sources: []string{"group:test"},
Destinations: []string{"100.64.99.42"},
Users: []string{"autogroup:nonroot"},
},
{
Action: "accept",
Sources: []string{"*"},
Destinations: []string{"100.64.99.42"},
Users: []string{"autogroup:nonroot"},
},
},
},
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
want: &tailcfg.SSHPolicy{Rules: []*tailcfg.SSHRule{
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
{
Principals: []*tailcfg.SSHPrincipal{
{
UserLogin: "user1",
},
},
SSHUsers: map[string]string{
"autogroup:nonroot": "=",
},
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
Action: &tailcfg.SSHAction{
Accept: true,
AllowAgentForwarding: true,
AllowLocalPortForwarding: true,
},
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
},
{
SSHUsers: map[string]string{
"autogroup:nonroot": "=",
},
Principals: []*tailcfg.SSHPrincipal{
{
Any: true,
},
},
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
Action: &tailcfg.SSHAction{
Accept: true,
AllowAgentForwarding: true,
AllowLocalPortForwarding: true,
},
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
},
{
Principals: []*tailcfg.SSHPrincipal{
{
UserLogin: "user1",
},
},
SSHUsers: map[string]string{
"autogroup:nonroot": "=",
},
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
Action: &tailcfg.SSHAction{
Accept: true,
AllowAgentForwarding: true,
AllowLocalPortForwarding: true,
},
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
},
{
SSHUsers: map[string]string{
"autogroup:nonroot": "=",
},
Principals: []*tailcfg.SSHPrincipal{
{
Any: true,
},
},
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
Action: &tailcfg.SSHAction{
Accept: true,
AllowAgentForwarding: true,
AllowLocalPortForwarding: true,
},
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
},
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
}},
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
},
{
name: "peers-cannot-connect",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node: types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
Hostname: "testnodes",
IPv4: iap("100.64.0.1"),
UserID: 0,
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
User: types.User{
Name: "user1",
},
},
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
peers: types.Nodes{
&types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
Hostname: "testnodes2",
IPv4: iap("100.64.99.42"),
UserID: 0,
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
User: types.User{
Name: "user1",
},
},
},
pol: ACLPolicy{
Groups: Groups{
"group:test": []string{"user1"},
},
Hosts: Hosts{
"client": netip.PrefixFrom(netip.MustParseAddr("100.64.99.42"), 32),
},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"*"},
Destinations: []string{"*:*"},
},
},
SSHs: []SSH{
{
Action: "accept",
Sources: []string{"group:test"},
Destinations: []string{"100.64.99.42"},
Users: []string{"autogroup:nonroot"},
},
{
Action: "accept",
Sources: []string{"*"},
Destinations: []string{"100.64.99.42"},
Users: []string{"autogroup:nonroot"},
},
},
},
Remove allocations of lists before use (#1989) * policy: remove allocs before appends in acls Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * notifier: make batcher tests stable/non-flaky Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * {db,derp,mapper}: dont allocate until append Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-06-23 20:06:50 +00:00
want: &tailcfg.SSHPolicy{Rules: nil},
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
got, err := tt.pol.CompileSSHPolicy(&tt.node, tt.peers)
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
require.NoError(t, err)
Finish SSH This commit allows SSH rules to be assigned to each relevant not and by doing that allow SSH to be rejected, completing the initial SSH support. This commit enables SSH by default and removes the experimental flag. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-08 17:50:59 +00:00
if diff := cmp.Diff(tt.want, got); diff != "" {
t.Errorf("TestSSHRules() unexpected result (-want +got):\n%s", diff)
}
})
}
}
make parse destination string into a func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-12 13:59:05 +00:00
func TestParseDestination(t *testing.T) {
tests := []struct {
dest string
wantAlias string
wantPort string
}{
{
dest: "git-server:*",
wantAlias: "git-server",
wantPort: "*",
},
{
dest: "192.168.1.0/24:22",
wantAlias: "192.168.1.0/24",
wantPort: "22",
},
{
dest: "192.168.1.1:22",
wantAlias: "192.168.1.1",
wantPort: "22",
},
{
dest: "fd7a:115c:a1e0::2:22",
wantAlias: "fd7a:115c:a1e0::2",
wantPort: "22",
},
{
dest: "fd7a:115c:a1e0::2/128:22",
wantAlias: "fd7a:115c:a1e0::2/128",
wantPort: "22",
},
{
dest: "tag:montreal-webserver:80,443",
wantAlias: "tag:montreal-webserver",
wantPort: "80,443",
},
{
dest: "tag:api-server:443",
wantAlias: "tag:api-server",
wantPort: "443",
},
{
dest: "example-host-1:*",
wantAlias: "example-host-1",
wantPort: "*",
},
}
for _, tt := range tests {
t.Run(tt.dest, func(t *testing.T) {
alias, port, _ := parseDestination(tt.dest)
if alias != tt.wantAlias {
t.Errorf("unexpected alias: want(%s) != got(%s)", tt.wantAlias, alias)
}
if port != tt.wantPort {
t.Errorf("unexpected port: want(%s) != got(%s)", tt.wantPort, port)
}
})
}
}
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
// this test should validate that we can expand a group in a TagOWner section and
// match properly the IP's of the related hosts. The owner is valid and the tag is also valid.
// the tag is matched in the Sources section.
func TestValidExpandTagOwnersInSources(t *testing.T) {
hostInfo := tailcfg.Hostinfo{
OS: "centos",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
Hostname: "testnodes",
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
RequestTags: []string{"tag:test"},
}
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node := &types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 0,
Hostname: "testnodes",
IPv4: iap("100.64.0.1"),
UserID: 0,
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
User: types.User{
Name: "user1",
},
RegisterMethod: util.RegisterMethodAuthKey,
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &hostInfo,
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
}
pol := &ACLPolicy{
Groups: Groups{"group:test": []string{"user1", "user2"}},
TagOwners: TagOwners{"tag:test": []string{"user3", "group:test"}},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"tag:test"},
Destinations: []string{"*:*"},
},
},
}
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
got, _, err := GenerateFilterAndSSHRulesForTests(pol, node, types.Nodes{})
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
require.NoError(t, err)
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
want := []tailcfg.FilterRule{
{
SrcIPs: []string{"100.64.0.1/32"},
DstPorts: []tailcfg.NetPortRange{
{IP: "0.0.0.0/0", Ports: tailcfg.PortRange{Last: 65535}},
{IP: "::/0", Ports: tailcfg.PortRange{Last: 65535}},
},
},
}
if diff := cmp.Diff(want, got); diff != "" {
t.Errorf("TestValidExpandTagOwnersInSources() unexpected result (-want +got):\n%s", diff)
}
}
// need a test with:
// tag on a host that isn't owned by a tag owners. So the user
// of the host should be valid.
func TestInvalidTagValidUser(t *testing.T) {
hostInfo := tailcfg.Hostinfo{
OS: "centos",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
Hostname: "testnodes",
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
RequestTags: []string{"tag:foo"},
}
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node := &types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
Hostname: "testnodes",
IPv4: iap("100.64.0.1"),
UserID: 1,
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
User: types.User{
Name: "user1",
},
RegisterMethod: util.RegisterMethodAuthKey,
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &hostInfo,
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
}
pol := &ACLPolicy{
TagOwners: TagOwners{"tag:test": []string{"user1"}},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"user1"},
Destinations: []string{"*:*"},
},
},
}
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
got, _, err := GenerateFilterAndSSHRulesForTests(pol, node, types.Nodes{})
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
require.NoError(t, err)
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
want := []tailcfg.FilterRule{
{
SrcIPs: []string{"100.64.0.1/32"},
DstPorts: []tailcfg.NetPortRange{
{IP: "0.0.0.0/0", Ports: tailcfg.PortRange{Last: 65535}},
{IP: "::/0", Ports: tailcfg.PortRange{Last: 65535}},
},
},
}
if diff := cmp.Diff(want, got); diff != "" {
t.Errorf("TestInvalidTagValidUser() unexpected result (-want +got):\n%s", diff)
}
}
// this test should validate that we can expand a group in a TagOWner section and
// match properly the IP's of the related hosts. The owner is valid and the tag is also valid.
// the tag is matched in the Destinations section.
func TestValidExpandTagOwnersInDestinations(t *testing.T) {
hostInfo := tailcfg.Hostinfo{
OS: "centos",
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
Hostname: "testnodes",
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
RequestTags: []string{"tag:test"},
}
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node := &types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
Hostname: "testnodes",
IPv4: iap("100.64.0.1"),
UserID: 1,
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
User: types.User{
Name: "user1",
},
RegisterMethod: util.RegisterMethodAuthKey,
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &hostInfo,
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
}
pol := &ACLPolicy{
Groups: Groups{"group:test": []string{"user1", "user2"}},
TagOwners: TagOwners{"tag:test": []string{"user3", "group:test"}},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"*"},
Destinations: []string{"tag:test:*"},
},
},
}
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
// rules, _, err := GenerateFilterRules(pol, &node, peers, false)
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
// c.Assert(err, check.IsNil)
//
// c.Assert(rules, check.HasLen, 1)
// c.Assert(rules[0].DstPorts, check.HasLen, 1)
// c.Assert(rules[0].DstPorts[0].IP, check.Equals, "100.64.0.1/32")
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
got, _, err := GenerateFilterAndSSHRulesForTests(pol, node, types.Nodes{})
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
require.NoError(t, err)
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
want := []tailcfg.FilterRule{
{
SrcIPs: []string{"0.0.0.0/0", "::/0"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.1/32", Ports: tailcfg.PortRange{Last: 65535}},
},
},
}
if diff := cmp.Diff(want, got); diff != "" {
t.Errorf(
"TestValidExpandTagOwnersInDestinations() unexpected result (-want +got):\n%s",
diff,
)
}
}
// tag on a host is owned by a tag owner, the tag is valid.
// an ACL rule is matching the tag to a user. It should not be valid since the
// host should be tied to the tag now.
func TestValidTagInvalidUser(t *testing.T) {
hostInfo := tailcfg.Hostinfo{
OS: "centos",
Hostname: "webserver",
RequestTags: []string{"tag:webapp"},
}
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
node := &types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 1,
Hostname: "webserver",
IPv4: iap("100.64.0.1"),
UserID: 1,
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
User: types.User{
Name: "user1",
},
RegisterMethod: util.RegisterMethodAuthKey,
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &hostInfo,
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
}
hostInfo2 := tailcfg.Hostinfo{
OS: "debian",
Hostname: "Hostname",
}
Rename Machine to Node (#1553)
2023-09-24 11:42:05 +00:00
nodes2 := &types.Node{
Migrate IP fields in database to dedicated columns (#1869)
2024-04-17 05:03:06 +00:00
ID: 2,
Hostname: "user",
IPv4: iap("100.64.0.2"),
UserID: 1,
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
User: types.User{
Name: "user1",
},
RegisterMethod: util.RegisterMethodAuthKey,
move to use tailscfg types over strings/custom types (#1612) * rename database only fields Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use correct endpoint type over string list Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove HostInfo wrapper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * wrap errors in database hooks Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-11-21 17:20:06 +00:00
Hostinfo: &hostInfo2,
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
}
pol := &ACLPolicy{
TagOwners: TagOwners{"tag:webapp": []string{"user1"}},
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"user1"},
Destinations: []string{"tag:webapp:80,443"},
},
},
}
Rework map session This commit restructures the map session in to a struct holding the state of what is needed during its lifetime. For streaming sessions, the event loop is structured a bit differently not hammering the clients with updates but rather batching them over a short, configurable time which should significantly improve cpu usage, and potentially flakyness. The use of Patch updates has been dialed back a little as it does not look like its a 100% ready for prime time. Nodes are now updated with full changes, except for a few things like online status. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-02-23 09:59:24 +00:00
got, _, err := GenerateFilterAndSSHRulesForTests(pol, node, types.Nodes{nodes2})
more linter fixups (#2212) * linter fixes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * conf Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update nix hash Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-22 15:54:58 +00:00
require.NoError(t, err)
migrate last acl tests away from database Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-06-19 06:48:49 +00:00
want := []tailcfg.FilterRule{
{
SrcIPs: []string{"100.64.0.2/32"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.1/32", Ports: tailcfg.PortRange{First: 80, Last: 80}},
{IP: "100.64.0.1/32", Ports: tailcfg.PortRange{First: 443, Last: 443}},
},
},
}
if diff := cmp.Diff(want, got); diff != "" {
t.Errorf("TestValidTagInvalidUser() unexpected result (-want +got):\n%s", diff)
}
}
Reference in New Issue Copy Permalink