2023-05-26 11:26:34 +01:00
|
|
|
package mapper
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2023-05-31 17:26:19 +02:00
|
|
|
"net/netip"
|
2023-05-26 11:26:34 +01:00
|
|
|
"testing"
|
2023-05-31 17:26:19 +02:00
|
|
|
"time"
|
2023-05-26 11:26:34 +01:00
|
|
|
|
2023-05-31 18:45:04 +02:00
|
|
|
"github.com/davecgh/go-spew/spew"
|
2023-05-26 11:26:34 +01:00
|
|
|
"github.com/google/go-cmp/cmp"
|
|
|
|
"github.com/google/go-cmp/cmp/cmpopts"
|
2023-05-31 17:26:19 +02:00
|
|
|
"github.com/juanfont/headscale/hscontrol/policy"
|
2023-05-26 11:26:34 +01:00
|
|
|
"github.com/juanfont/headscale/hscontrol/types"
|
|
|
|
"gopkg.in/check.v1"
|
Redo OIDC configuration (#2020)
expand user, add claims to user
This commit expands the user table with additional fields that
can be retrieved from OIDC providers (and other places) and
uses this data in various tailscale response objects if it is
available.
This is the beginning of implementing
https://docs.google.com/document/d/1X85PMxIaVWDF6T_UPji3OeeUqVBcGj_uHRM5CI-AwlY/edit
trying to make OIDC more coherant and maintainable in addition
to giving the user a better experience and integration with a
provider.
remove usernames in magic dns, normalisation of emails
this commit removes the option to have usernames as part of MagicDNS
domains and headscale will now align with Tailscale, where there is a
root domain, and the machine name.
In addition, the various normalisation functions for dns names has been
made lighter not caring about username and special character that wont
occur.
Email are no longer normalised as part of the policy processing.
untagle oidc and regcache, use typed cache
This commits stops reusing the registration cache for oidc
purposes and switches the cache to be types and not use any
allowing the removal of a bunch of casting.
try to make reauth/register branches clearer in oidc
Currently there was a function that did a bunch of stuff,
finding the machine key, trying to find the node, reauthing
the node, returning some status, and it was called validate
which was very confusing.
This commit tries to split this into what to do if the node
exists, if it needs to register etc.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 14:50:17 +02:00
|
|
|
"gorm.io/gorm"
|
2024-10-02 09:06:09 +02:00
|
|
|
"tailscale.com/net/tsaddr"
|
2023-05-26 11:26:34 +01:00
|
|
|
"tailscale.com/tailcfg"
|
|
|
|
"tailscale.com/types/dnstype"
|
2023-05-31 17:26:19 +02:00
|
|
|
"tailscale.com/types/key"
|
2023-05-26 11:26:34 +01:00
|
|
|
)
|
|
|
|
|
2024-04-17 07:03:06 +02:00
|
|
|
var iap = func(ipStr string) *netip.Addr {
|
|
|
|
ip := netip.MustParseAddr(ipStr)
|
|
|
|
return &ip
|
|
|
|
}
|
|
|
|
|
2023-05-26 11:26:34 +01:00
|
|
|
func (s *Suite) TestGetMapResponseUserProfiles(c *check.C) {
|
2023-09-24 13:42:05 +02:00
|
|
|
mach := func(hostname, username string, userid uint) *types.Node {
|
|
|
|
return &types.Node{
|
2023-05-26 11:26:34 +01:00
|
|
|
Hostname: hostname,
|
|
|
|
UserID: userid,
|
|
|
|
User: types.User{
|
Redo OIDC configuration (#2020)
expand user, add claims to user
This commit expands the user table with additional fields that
can be retrieved from OIDC providers (and other places) and
uses this data in various tailscale response objects if it is
available.
This is the beginning of implementing
https://docs.google.com/document/d/1X85PMxIaVWDF6T_UPji3OeeUqVBcGj_uHRM5CI-AwlY/edit
trying to make OIDC more coherant and maintainable in addition
to giving the user a better experience and integration with a
provider.
remove usernames in magic dns, normalisation of emails
this commit removes the option to have usernames as part of MagicDNS
domains and headscale will now align with Tailscale, where there is a
root domain, and the machine name.
In addition, the various normalisation functions for dns names has been
made lighter not caring about username and special character that wont
occur.
Email are no longer normalised as part of the policy processing.
untagle oidc and regcache, use typed cache
This commits stops reusing the registration cache for oidc
purposes and switches the cache to be types and not use any
allowing the removal of a bunch of casting.
try to make reauth/register branches clearer in oidc
Currently there was a function that did a bunch of stuff,
finding the machine key, trying to find the node, reauthing
the node, returning some status, and it was called validate
which was very confusing.
This commit tries to split this into what to do if the node
exists, if it needs to register etc.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 14:50:17 +02:00
|
|
|
Model: gorm.Model{
|
|
|
|
ID: userid,
|
|
|
|
},
|
2023-05-26 11:26:34 +01:00
|
|
|
Name: username,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
nodeInShared1 := mach("test_get_shared_nodes_1", "user1", 1)
|
|
|
|
nodeInShared2 := mach("test_get_shared_nodes_2", "user2", 2)
|
|
|
|
nodeInShared3 := mach("test_get_shared_nodes_3", "user3", 3)
|
|
|
|
node2InShared1 := mach("test_get_shared_nodes_4", "user1", 1)
|
2023-05-26 11:26:34 +01:00
|
|
|
|
|
|
|
userProfiles := generateUserProfiles(
|
2023-09-24 13:42:05 +02:00
|
|
|
nodeInShared1,
|
|
|
|
types.Nodes{
|
|
|
|
nodeInShared2, nodeInShared3, node2InShared1,
|
2023-05-26 11:26:34 +01:00
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
c.Assert(len(userProfiles), check.Equals, 3)
|
|
|
|
|
|
|
|
users := []string{
|
|
|
|
"user1", "user2", "user3",
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, user := range users {
|
|
|
|
found := false
|
|
|
|
for _, userProfile := range userProfiles {
|
|
|
|
if userProfile.DisplayName == user {
|
|
|
|
found = true
|
|
|
|
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
c.Assert(found, check.Equals, true)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestDNSConfigMapResponse(t *testing.T) {
|
|
|
|
tests := []struct {
|
|
|
|
magicDNS bool
|
|
|
|
want *tailcfg.DNSConfig
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
magicDNS: true,
|
|
|
|
want: &tailcfg.DNSConfig{
|
Redo OIDC configuration (#2020)
expand user, add claims to user
This commit expands the user table with additional fields that
can be retrieved from OIDC providers (and other places) and
uses this data in various tailscale response objects if it is
available.
This is the beginning of implementing
https://docs.google.com/document/d/1X85PMxIaVWDF6T_UPji3OeeUqVBcGj_uHRM5CI-AwlY/edit
trying to make OIDC more coherant and maintainable in addition
to giving the user a better experience and integration with a
provider.
remove usernames in magic dns, normalisation of emails
this commit removes the option to have usernames as part of MagicDNS
domains and headscale will now align with Tailscale, where there is a
root domain, and the machine name.
In addition, the various normalisation functions for dns names has been
made lighter not caring about username and special character that wont
occur.
Email are no longer normalised as part of the policy processing.
untagle oidc and regcache, use typed cache
This commits stops reusing the registration cache for oidc
purposes and switches the cache to be types and not use any
allowing the removal of a bunch of casting.
try to make reauth/register branches clearer in oidc
Currently there was a function that did a bunch of stuff,
finding the machine key, trying to find the node, reauthing
the node, returning some status, and it was called validate
which was very confusing.
This commit tries to split this into what to do if the node
exists, if it needs to register etc.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 14:50:17 +02:00
|
|
|
Routes: map[string][]*dnstype.Resolver{},
|
2023-05-26 11:26:34 +01:00
|
|
|
Domains: []string{
|
|
|
|
"foobar.headscale.net",
|
|
|
|
},
|
|
|
|
Proxied: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
magicDNS: false,
|
|
|
|
want: &tailcfg.DNSConfig{
|
|
|
|
Domains: []string{"foobar.headscale.net"},
|
|
|
|
Proxied: false,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(fmt.Sprintf("with-magicdns-%v", tt.magicDNS), func(t *testing.T) {
|
2023-09-24 13:42:05 +02:00
|
|
|
mach := func(hostname, username string, userid uint) *types.Node {
|
|
|
|
return &types.Node{
|
2023-05-26 11:26:34 +01:00
|
|
|
Hostname: hostname,
|
|
|
|
UserID: userid,
|
|
|
|
User: types.User{
|
|
|
|
Name: username,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
baseDomain := "foobar.headscale.net"
|
|
|
|
|
|
|
|
dnsConfigOrig := tailcfg.DNSConfig{
|
|
|
|
Routes: make(map[string][]*dnstype.Resolver),
|
|
|
|
Domains: []string{baseDomain},
|
|
|
|
Proxied: tt.magicDNS,
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
nodeInShared1 := mach("test_get_shared_nodes_1", "shared1", 1)
|
2023-05-26 11:26:34 +01:00
|
|
|
|
|
|
|
got := generateDNSConfig(
|
2024-06-26 13:44:40 +02:00
|
|
|
&types.Config{
|
Redo OIDC configuration (#2020)
expand user, add claims to user
This commit expands the user table with additional fields that
can be retrieved from OIDC providers (and other places) and
uses this data in various tailscale response objects if it is
available.
This is the beginning of implementing
https://docs.google.com/document/d/1X85PMxIaVWDF6T_UPji3OeeUqVBcGj_uHRM5CI-AwlY/edit
trying to make OIDC more coherant and maintainable in addition
to giving the user a better experience and integration with a
provider.
remove usernames in magic dns, normalisation of emails
this commit removes the option to have usernames as part of MagicDNS
domains and headscale will now align with Tailscale, where there is a
root domain, and the machine name.
In addition, the various normalisation functions for dns names has been
made lighter not caring about username and special character that wont
occur.
Email are no longer normalised as part of the policy processing.
untagle oidc and regcache, use typed cache
This commits stops reusing the registration cache for oidc
purposes and switches the cache to be types and not use any
allowing the removal of a bunch of casting.
try to make reauth/register branches clearer in oidc
Currently there was a function that did a bunch of stuff,
finding the machine key, trying to find the node, reauthing
the node, returning some status, and it was called validate
which was very confusing.
This commit tries to split this into what to do if the node
exists, if it needs to register etc.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 14:50:17 +02:00
|
|
|
DNSConfig: &dnsConfigOrig,
|
2024-06-26 13:44:40 +02:00
|
|
|
},
|
2023-09-24 13:42:05 +02:00
|
|
|
nodeInShared1,
|
2023-05-26 11:26:34 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
if diff := cmp.Diff(tt.want, got, cmpopts.EquateEmpty()); diff != "" {
|
2023-05-31 09:59:37 +02:00
|
|
|
t.Errorf("expandAlias() unexpected result (-want +got):\n%s", diff)
|
2023-05-26 11:26:34 +01:00
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2023-05-31 17:26:19 +02:00
|
|
|
|
|
|
|
func Test_fullMapResponse(t *testing.T) {
|
|
|
|
mustNK := func(str string) key.NodePublic {
|
|
|
|
var k key.NodePublic
|
|
|
|
_ = k.UnmarshalText([]byte(str))
|
|
|
|
|
|
|
|
return k
|
|
|
|
}
|
|
|
|
|
|
|
|
mustDK := func(str string) key.DiscoPublic {
|
|
|
|
var k key.DiscoPublic
|
|
|
|
_ = k.UnmarshalText([]byte(str))
|
|
|
|
|
|
|
|
return k
|
|
|
|
}
|
|
|
|
|
|
|
|
mustMK := func(str string) key.MachinePublic {
|
|
|
|
var k key.MachinePublic
|
|
|
|
_ = k.UnmarshalText([]byte(str))
|
|
|
|
|
|
|
|
return k
|
|
|
|
}
|
|
|
|
|
|
|
|
hiview := func(hoin tailcfg.Hostinfo) tailcfg.HostinfoView {
|
|
|
|
return hoin.View()
|
|
|
|
}
|
|
|
|
|
|
|
|
created := time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
|
|
|
|
lastSeen := time.Date(2009, time.November, 10, 23, 9, 0, 0, time.UTC)
|
|
|
|
expire := time.Date(2500, time.November, 11, 23, 0, 0, 0, time.UTC)
|
|
|
|
|
2024-11-24 00:13:27 +01:00
|
|
|
user1 := types.User{Model: gorm.Model{ID: 0}, Name: "mini"}
|
|
|
|
user2 := types.User{Model: gorm.Model{ID: 1}, Name: "peer2"}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
mini := &types.Node{
|
2023-11-19 22:37:04 +01:00
|
|
|
ID: 0,
|
|
|
|
MachineKey: mustMK(
|
|
|
|
"mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
|
|
|
),
|
|
|
|
NodeKey: mustNK(
|
|
|
|
"nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
|
|
|
),
|
|
|
|
DiscoKey: mustDK(
|
|
|
|
"discokey:cf7b0fd05da556fdc3bab365787b506fd82d64a70745db70e00e86c1b1c03084",
|
|
|
|
),
|
2024-04-17 07:03:06 +02:00
|
|
|
IPv4: iap("100.64.0.1"),
|
|
|
|
Hostname: "mini",
|
|
|
|
GivenName: "mini",
|
2024-11-24 00:13:27 +01:00
|
|
|
UserID: user1.ID,
|
|
|
|
User: user1,
|
2024-04-17 07:03:06 +02:00
|
|
|
ForcedTags: []string{},
|
2024-06-26 13:44:40 +02:00
|
|
|
AuthKey: &types.PreAuthKey{},
|
|
|
|
LastSeen: &lastSeen,
|
|
|
|
Expiry: &expire,
|
2024-04-17 07:03:06 +02:00
|
|
|
Hostinfo: &tailcfg.Hostinfo{},
|
2023-05-31 18:45:04 +02:00
|
|
|
Routes: []types.Route{
|
|
|
|
{
|
2024-10-02 11:41:58 +02:00
|
|
|
Prefix: tsaddr.AllIPv4(),
|
2023-05-31 18:45:04 +02:00
|
|
|
Advertised: true,
|
|
|
|
Enabled: true,
|
|
|
|
IsPrimary: false,
|
|
|
|
},
|
|
|
|
{
|
2024-10-02 11:41:58 +02:00
|
|
|
Prefix: netip.MustParsePrefix("192.168.0.0/24"),
|
2023-05-31 18:45:04 +02:00
|
|
|
Advertised: true,
|
|
|
|
Enabled: true,
|
|
|
|
IsPrimary: true,
|
|
|
|
},
|
|
|
|
{
|
2024-10-02 11:41:58 +02:00
|
|
|
Prefix: netip.MustParsePrefix("172.0.0.0/10"),
|
2023-05-31 18:45:04 +02:00
|
|
|
Advertised: true,
|
|
|
|
Enabled: false,
|
|
|
|
IsPrimary: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
CreatedAt: created,
|
|
|
|
}
|
|
|
|
|
|
|
|
tailMini := &tailcfg.Node{
|
|
|
|
ID: 0,
|
|
|
|
StableID: "0",
|
|
|
|
Name: "mini",
|
|
|
|
User: 0,
|
|
|
|
Key: mustNK(
|
|
|
|
"nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
|
|
|
),
|
|
|
|
KeyExpiry: expire,
|
|
|
|
Machine: mustMK(
|
|
|
|
"mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
|
|
|
),
|
|
|
|
DiscoKey: mustDK(
|
|
|
|
"discokey:cf7b0fd05da556fdc3bab365787b506fd82d64a70745db70e00e86c1b1c03084",
|
|
|
|
),
|
|
|
|
Addresses: []netip.Prefix{netip.MustParsePrefix("100.64.0.1/32")},
|
|
|
|
AllowedIPs: []netip.Prefix{
|
|
|
|
netip.MustParsePrefix("100.64.0.1/32"),
|
2024-10-02 09:06:09 +02:00
|
|
|
tsaddr.AllIPv4(),
|
2023-05-31 18:45:04 +02:00
|
|
|
netip.MustParsePrefix("192.168.0.0/24"),
|
|
|
|
},
|
|
|
|
DERP: "127.3.3.40:0",
|
|
|
|
Hostinfo: hiview(tailcfg.Hostinfo{}),
|
|
|
|
Created: created,
|
|
|
|
Tags: []string{},
|
|
|
|
PrimaryRoutes: []netip.Prefix{netip.MustParsePrefix("192.168.0.0/24")},
|
|
|
|
LastSeen: &lastSeen,
|
|
|
|
MachineAuthorized: true,
|
2024-09-24 18:34:20 +02:00
|
|
|
|
|
|
|
CapMap: tailcfg.NodeCapMap{
|
|
|
|
tailcfg.CapabilityFileSharing: []tailcfg.RawMessage{},
|
|
|
|
tailcfg.CapabilityAdmin: []tailcfg.RawMessage{},
|
|
|
|
tailcfg.CapabilitySSH: []tailcfg.RawMessage{},
|
2023-05-31 18:45:04 +02:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
peer1 := &types.Node{
|
2023-11-19 22:37:04 +01:00
|
|
|
ID: 1,
|
|
|
|
MachineKey: mustMK(
|
|
|
|
"mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
|
|
|
),
|
|
|
|
NodeKey: mustNK(
|
|
|
|
"nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
|
|
|
),
|
|
|
|
DiscoKey: mustDK(
|
|
|
|
"discokey:cf7b0fd05da556fdc3bab365787b506fd82d64a70745db70e00e86c1b1c03084",
|
|
|
|
),
|
2024-04-17 07:03:06 +02:00
|
|
|
IPv4: iap("100.64.0.2"),
|
|
|
|
Hostname: "peer1",
|
|
|
|
GivenName: "peer1",
|
2024-11-24 00:13:27 +01:00
|
|
|
UserID: user1.ID,
|
|
|
|
User: user1,
|
2024-04-17 07:03:06 +02:00
|
|
|
ForcedTags: []string{},
|
|
|
|
LastSeen: &lastSeen,
|
|
|
|
Expiry: &expire,
|
|
|
|
Hostinfo: &tailcfg.Hostinfo{},
|
|
|
|
Routes: []types.Route{},
|
|
|
|
CreatedAt: created,
|
2023-05-31 18:45:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
tailPeer1 := &tailcfg.Node{
|
|
|
|
ID: 1,
|
|
|
|
StableID: "1",
|
|
|
|
Name: "peer1",
|
|
|
|
Key: mustNK(
|
|
|
|
"nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
|
|
|
),
|
|
|
|
KeyExpiry: expire,
|
|
|
|
Machine: mustMK(
|
|
|
|
"mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
|
|
|
),
|
|
|
|
DiscoKey: mustDK(
|
|
|
|
"discokey:cf7b0fd05da556fdc3bab365787b506fd82d64a70745db70e00e86c1b1c03084",
|
|
|
|
),
|
|
|
|
Addresses: []netip.Prefix{netip.MustParsePrefix("100.64.0.2/32")},
|
|
|
|
AllowedIPs: []netip.Prefix{netip.MustParsePrefix("100.64.0.2/32")},
|
|
|
|
DERP: "127.3.3.40:0",
|
|
|
|
Hostinfo: hiview(tailcfg.Hostinfo{}),
|
|
|
|
Created: created,
|
|
|
|
Tags: []string{},
|
|
|
|
PrimaryRoutes: []netip.Prefix{},
|
|
|
|
LastSeen: &lastSeen,
|
|
|
|
MachineAuthorized: true,
|
2024-09-24 18:34:20 +02:00
|
|
|
|
|
|
|
CapMap: tailcfg.NodeCapMap{
|
|
|
|
tailcfg.CapabilityFileSharing: []tailcfg.RawMessage{},
|
|
|
|
tailcfg.CapabilityAdmin: []tailcfg.RawMessage{},
|
|
|
|
tailcfg.CapabilitySSH: []tailcfg.RawMessage{},
|
2023-05-31 18:45:04 +02:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
peer2 := &types.Node{
|
2023-11-19 22:37:04 +01:00
|
|
|
ID: 2,
|
|
|
|
MachineKey: mustMK(
|
|
|
|
"mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
|
|
|
),
|
|
|
|
NodeKey: mustNK(
|
|
|
|
"nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
|
|
|
),
|
|
|
|
DiscoKey: mustDK(
|
|
|
|
"discokey:cf7b0fd05da556fdc3bab365787b506fd82d64a70745db70e00e86c1b1c03084",
|
|
|
|
),
|
2024-04-17 07:03:06 +02:00
|
|
|
IPv4: iap("100.64.0.3"),
|
|
|
|
Hostname: "peer2",
|
|
|
|
GivenName: "peer2",
|
2024-11-24 00:13:27 +01:00
|
|
|
UserID: user2.ID,
|
|
|
|
User: user2,
|
2024-04-17 07:03:06 +02:00
|
|
|
ForcedTags: []string{},
|
|
|
|
LastSeen: &lastSeen,
|
|
|
|
Expiry: &expire,
|
|
|
|
Hostinfo: &tailcfg.Hostinfo{},
|
|
|
|
Routes: []types.Route{},
|
|
|
|
CreatedAt: created,
|
2023-05-31 18:45:04 +02:00
|
|
|
}
|
|
|
|
|
2023-05-31 17:26:19 +02:00
|
|
|
tests := []struct {
|
2023-09-24 13:42:05 +02:00
|
|
|
name string
|
|
|
|
pol *policy.ACLPolicy
|
|
|
|
node *types.Node
|
|
|
|
peers types.Nodes
|
2023-05-31 17:26:19 +02:00
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
derpMap *tailcfg.DERPMap
|
|
|
|
cfg *types.Config
|
|
|
|
want *tailcfg.MapResponse
|
|
|
|
wantErr bool
|
2023-05-31 17:26:19 +02:00
|
|
|
}{
|
|
|
|
// {
|
2023-09-24 13:42:05 +02:00
|
|
|
// name: "empty-node",
|
|
|
|
// node: types.Node{},
|
2023-05-31 17:26:19 +02:00
|
|
|
// pol: &policy.ACLPolicy{},
|
|
|
|
// dnsConfig: &tailcfg.DNSConfig{},
|
|
|
|
// baseDomain: "",
|
|
|
|
// want: nil,
|
|
|
|
// wantErr: true,
|
|
|
|
// },
|
|
|
|
{
|
2024-02-23 10:59:24 +01:00
|
|
|
name: "no-pol-no-peers-map-response",
|
|
|
|
pol: &policy.ACLPolicy{},
|
|
|
|
node: mini,
|
|
|
|
peers: types.Nodes{},
|
|
|
|
derpMap: &tailcfg.DERPMap{},
|
|
|
|
cfg: &types.Config{
|
|
|
|
BaseDomain: "",
|
|
|
|
DNSConfig: &tailcfg.DNSConfig{},
|
|
|
|
LogTail: types.LogTailConfig{Enabled: false},
|
|
|
|
RandomizeClientPort: false,
|
|
|
|
},
|
2023-05-31 18:45:04 +02:00
|
|
|
want: &tailcfg.MapResponse{
|
|
|
|
Node: tailMini,
|
|
|
|
KeepAlive: false,
|
|
|
|
DERPMap: &tailcfg.DERPMap{},
|
|
|
|
Peers: []*tailcfg.Node{},
|
|
|
|
DNSConfig: &tailcfg.DNSConfig{},
|
|
|
|
Domain: "",
|
|
|
|
CollectServices: "false",
|
|
|
|
PacketFilter: []tailcfg.FilterRule{},
|
|
|
|
UserProfiles: []tailcfg.UserProfile{{LoginName: "mini", DisplayName: "mini"}},
|
2023-06-08 19:10:09 +02:00
|
|
|
SSHPolicy: &tailcfg.SSHPolicy{Rules: []*tailcfg.SSHRule{}},
|
2023-05-31 18:45:04 +02:00
|
|
|
ControlTime: &time.Time{},
|
|
|
|
Debug: &tailcfg.Debug{
|
|
|
|
DisableLogTail: true,
|
2023-05-31 17:26:19 +02:00
|
|
|
},
|
|
|
|
},
|
2023-05-31 18:45:04 +02:00
|
|
|
wantErr: false,
|
|
|
|
},
|
|
|
|
{
|
2023-09-24 13:42:05 +02:00
|
|
|
name: "no-pol-with-peer-map-response",
|
|
|
|
pol: &policy.ACLPolicy{},
|
|
|
|
node: mini,
|
|
|
|
peers: types.Nodes{
|
2023-05-31 18:45:04 +02:00
|
|
|
peer1,
|
|
|
|
},
|
2024-02-23 10:59:24 +01:00
|
|
|
derpMap: &tailcfg.DERPMap{},
|
|
|
|
cfg: &types.Config{
|
|
|
|
BaseDomain: "",
|
|
|
|
DNSConfig: &tailcfg.DNSConfig{},
|
|
|
|
LogTail: types.LogTailConfig{Enabled: false},
|
|
|
|
RandomizeClientPort: false,
|
|
|
|
},
|
2023-05-31 17:26:19 +02:00
|
|
|
want: &tailcfg.MapResponse{
|
|
|
|
KeepAlive: false,
|
2023-05-31 18:45:04 +02:00
|
|
|
Node: tailMini,
|
|
|
|
DERPMap: &tailcfg.DERPMap{},
|
|
|
|
Peers: []*tailcfg.Node{
|
|
|
|
tailPeer1,
|
2023-05-31 17:26:19 +02:00
|
|
|
},
|
|
|
|
DNSConfig: &tailcfg.DNSConfig{},
|
|
|
|
Domain: "",
|
|
|
|
CollectServices: "false",
|
|
|
|
PacketFilter: []tailcfg.FilterRule{},
|
|
|
|
UserProfiles: []tailcfg.UserProfile{{LoginName: "mini", DisplayName: "mini"}},
|
2023-06-08 19:10:09 +02:00
|
|
|
SSHPolicy: &tailcfg.SSHPolicy{Rules: []*tailcfg.SSHRule{}},
|
2023-05-31 17:26:19 +02:00
|
|
|
ControlTime: &time.Time{},
|
|
|
|
Debug: &tailcfg.Debug{
|
|
|
|
DisableLogTail: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
wantErr: false,
|
|
|
|
},
|
|
|
|
{
|
2023-05-31 18:45:04 +02:00
|
|
|
name: "with-pol-map-response",
|
|
|
|
pol: &policy.ACLPolicy{
|
|
|
|
ACLs: []policy.ACL{
|
2023-05-31 17:26:19 +02:00
|
|
|
{
|
2023-05-31 18:45:04 +02:00
|
|
|
Action: "accept",
|
2023-06-13 10:03:22 +02:00
|
|
|
Sources: []string{"100.64.0.2"},
|
|
|
|
Destinations: []string{"mini:*"},
|
2023-05-31 17:26:19 +02:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2023-09-24 13:42:05 +02:00
|
|
|
node: mini,
|
|
|
|
peers: types.Nodes{
|
2023-05-31 18:45:04 +02:00
|
|
|
peer1,
|
|
|
|
peer2,
|
2023-05-31 17:26:19 +02:00
|
|
|
},
|
2024-02-23 10:59:24 +01:00
|
|
|
derpMap: &tailcfg.DERPMap{},
|
|
|
|
cfg: &types.Config{
|
|
|
|
BaseDomain: "",
|
|
|
|
DNSConfig: &tailcfg.DNSConfig{},
|
|
|
|
LogTail: types.LogTailConfig{Enabled: false},
|
|
|
|
RandomizeClientPort: false,
|
|
|
|
},
|
2023-05-31 17:26:19 +02:00
|
|
|
want: &tailcfg.MapResponse{
|
|
|
|
KeepAlive: false,
|
2023-05-31 18:45:04 +02:00
|
|
|
Node: tailMini,
|
|
|
|
DERPMap: &tailcfg.DERPMap{},
|
2023-05-31 17:26:19 +02:00
|
|
|
Peers: []*tailcfg.Node{
|
2023-05-31 18:45:04 +02:00
|
|
|
tailPeer1,
|
2023-05-31 17:26:19 +02:00
|
|
|
},
|
|
|
|
DNSConfig: &tailcfg.DNSConfig{},
|
|
|
|
Domain: "",
|
|
|
|
CollectServices: "false",
|
2023-05-31 18:45:04 +02:00
|
|
|
PacketFilter: []tailcfg.FilterRule{
|
|
|
|
{
|
2023-06-13 10:03:22 +02:00
|
|
|
SrcIPs: []string{"100.64.0.2/32"},
|
2023-05-31 18:45:04 +02:00
|
|
|
DstPorts: []tailcfg.NetPortRange{
|
2023-06-13 10:03:22 +02:00
|
|
|
{IP: "100.64.0.1/32", Ports: tailcfg.PortRangeAny},
|
2023-05-31 18:45:04 +02:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2023-08-09 22:56:21 +02:00
|
|
|
UserProfiles: []tailcfg.UserProfile{
|
|
|
|
{LoginName: "mini", DisplayName: "mini"},
|
|
|
|
},
|
|
|
|
SSHPolicy: &tailcfg.SSHPolicy{Rules: []*tailcfg.SSHRule{}},
|
|
|
|
ControlTime: &time.Time{},
|
2023-05-31 17:26:19 +02:00
|
|
|
Debug: &tailcfg.Debug{
|
|
|
|
DisableLogTail: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
wantErr: false,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
2024-11-26 15:16:06 +01:00
|
|
|
polMan, _ := policy.NewPolicyManagerForTest(tt.pol, []types.User{user1, user2}, append(tt.peers, tt.node))
|
|
|
|
|
2023-08-09 22:56:21 +02:00
|
|
|
mappy := NewMapper(
|
2024-02-23 10:59:24 +01:00
|
|
|
nil,
|
|
|
|
tt.cfg,
|
2023-08-09 22:56:21 +02:00
|
|
|
tt.derpMap,
|
2024-02-23 10:59:24 +01:00
|
|
|
nil,
|
2024-11-26 15:16:06 +01:00
|
|
|
polMan,
|
2023-05-31 17:26:19 +02:00
|
|
|
)
|
|
|
|
|
2023-08-09 22:56:21 +02:00
|
|
|
got, err := mappy.fullMapResponse(
|
2023-09-24 13:42:05 +02:00
|
|
|
tt.node,
|
2024-02-23 10:59:24 +01:00
|
|
|
tt.peers,
|
2023-11-23 08:31:33 +01:00
|
|
|
0,
|
2023-08-09 22:56:21 +02:00
|
|
|
)
|
|
|
|
|
2023-05-31 17:26:19 +02:00
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
t.Errorf("fullMapResponse() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-05-31 18:45:04 +02:00
|
|
|
spew.Dump(got)
|
|
|
|
|
2023-05-31 17:26:19 +02:00
|
|
|
if diff := cmp.Diff(
|
|
|
|
tt.want,
|
|
|
|
got,
|
|
|
|
cmpopts.EquateEmpty(),
|
|
|
|
// Ignore ControlTime, it is set to now and we dont really need to mock it.
|
|
|
|
cmpopts.IgnoreFields(tailcfg.MapResponse{}, "ControlTime"),
|
|
|
|
); diff != "" {
|
|
|
|
t.Errorf("fullMapResponse() unexpected result (-want +got):\n%s", diff)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|