mirror of
https://github.com/juanfont/headscale.git
synced 2024-11-27 12:05:26 +00:00
Add initial test for mapresponse
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
parent
f9f6e1557a
commit
084d1d5d6e
@ -70,7 +70,6 @@ func NewMapper(
|
||||
}
|
||||
|
||||
func (m *Mapper) tempWrap(
|
||||
mapRequest tailcfg.MapRequest,
|
||||
machine *types.Machine,
|
||||
pol *policy.ACLPolicy,
|
||||
) (*tailcfg.MapResponse, error) {
|
||||
@ -85,7 +84,6 @@ func (m *Mapper) tempWrap(
|
||||
}
|
||||
|
||||
return fullMapResponse(
|
||||
mapRequest,
|
||||
pol,
|
||||
machine,
|
||||
peers,
|
||||
@ -99,7 +97,6 @@ func (m *Mapper) tempWrap(
|
||||
}
|
||||
|
||||
func fullMapResponse(
|
||||
mapRequest tailcfg.MapRequest,
|
||||
pol *policy.ACLPolicy,
|
||||
machine *types.Machine,
|
||||
peers types.Machines,
|
||||
@ -185,12 +182,6 @@ func fullMapResponse(
|
||||
},
|
||||
}
|
||||
|
||||
log.Trace().
|
||||
Caller().
|
||||
Str("machine", mapRequest.Hostinfo.Hostname).
|
||||
// Interface("payload", resp).
|
||||
Msgf("Generated map response: %s", util.TailMapResponseToString(resp))
|
||||
|
||||
return &resp, nil
|
||||
}
|
||||
|
||||
@ -292,7 +283,7 @@ func (m Mapper) CreateMapResponse(
|
||||
machine *types.Machine,
|
||||
pol *policy.ACLPolicy,
|
||||
) ([]byte, error) {
|
||||
mapResponse, err := m.tempWrap(mapRequest, machine, pol)
|
||||
mapResponse, err := m.tempWrap(machine, pol)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -345,8 +336,12 @@ func (m Mapper) CreateKeepAliveResponse(
|
||||
return m.marshalMapResponse(keepAliveResponse, machineKey, mapRequest.Compress)
|
||||
}
|
||||
|
||||
// MarshalResponse takes an Tailscale Response, marhsal it to JSON.
|
||||
// If isNoise is set, then the JSON body will be returned
|
||||
// If !isNoise and privateKey2019 is set, the JSON body will be sealed in a Nacl box.
|
||||
func MarshalResponse(
|
||||
resp interface{},
|
||||
isNoise bool,
|
||||
privateKey2019 *key.MachinePrivate,
|
||||
machineKey key.MachinePublic,
|
||||
) ([]byte, error) {
|
||||
@ -360,7 +355,7 @@ func MarshalResponse(
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if privateKey2019 != nil {
|
||||
if !isNoise && privateKey2019 != nil {
|
||||
return privateKey2019.SealTo(machineKey, jsonBody), nil
|
||||
}
|
||||
|
||||
|
@ -2,14 +2,18 @@ package mapper
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/netip"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"github.com/google/go-cmp/cmp/cmpopts"
|
||||
"github.com/juanfont/headscale/hscontrol/policy"
|
||||
"github.com/juanfont/headscale/hscontrol/types"
|
||||
"gopkg.in/check.v1"
|
||||
"tailscale.com/tailcfg"
|
||||
"tailscale.com/types/dnstype"
|
||||
"tailscale.com/types/key"
|
||||
)
|
||||
|
||||
func (s *Suite) TestGetMapResponseUserProfiles(c *check.C) {
|
||||
@ -129,3 +133,349 @@ func TestDNSConfigMapResponse(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_fullMapResponse(t *testing.T) {
|
||||
mustNK := func(str string) key.NodePublic {
|
||||
var k key.NodePublic
|
||||
_ = k.UnmarshalText([]byte(str))
|
||||
|
||||
return k
|
||||
}
|
||||
|
||||
mustDK := func(str string) key.DiscoPublic {
|
||||
var k key.DiscoPublic
|
||||
_ = k.UnmarshalText([]byte(str))
|
||||
|
||||
return k
|
||||
}
|
||||
|
||||
mustMK := func(str string) key.MachinePublic {
|
||||
var k key.MachinePublic
|
||||
_ = k.UnmarshalText([]byte(str))
|
||||
|
||||
return k
|
||||
}
|
||||
|
||||
hiview := func(hoin tailcfg.Hostinfo) tailcfg.HostinfoView {
|
||||
return hoin.View()
|
||||
}
|
||||
|
||||
created := time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
|
||||
lastSeen := time.Date(2009, time.November, 10, 23, 9, 0, 0, time.UTC)
|
||||
expire := time.Date(2500, time.November, 11, 23, 0, 0, 0, time.UTC)
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
pol *policy.ACLPolicy
|
||||
machine *types.Machine
|
||||
peers types.Machines
|
||||
|
||||
stripEmailDomain bool
|
||||
baseDomain string
|
||||
dnsConfig *tailcfg.DNSConfig
|
||||
derpMap *tailcfg.DERPMap
|
||||
logtail bool
|
||||
randomClientPort bool
|
||||
want *tailcfg.MapResponse
|
||||
wantErr bool
|
||||
}{
|
||||
// {
|
||||
// name: "empty-machine",
|
||||
// machine: types.Machine{},
|
||||
// pol: &policy.ACLPolicy{},
|
||||
// dnsConfig: &tailcfg.DNSConfig{},
|
||||
// baseDomain: "",
|
||||
// stripEmailDomain: false,
|
||||
// want: nil,
|
||||
// wantErr: true,
|
||||
// },
|
||||
{
|
||||
name: "no-pol-no-peers-map-response",
|
||||
pol: &policy.ACLPolicy{},
|
||||
machine: &types.Machine{
|
||||
ID: 0,
|
||||
MachineKey: "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
||||
NodeKey: "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
||||
DiscoKey: "discokey:cf7b0fd05da556fdc3bab365787b506fd82d64a70745db70e00e86c1b1c03084",
|
||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.1")},
|
||||
Hostname: "mini",
|
||||
GivenName: "mini",
|
||||
UserID: 0,
|
||||
User: types.User{Name: "mini"},
|
||||
ForcedTags: []string{},
|
||||
AuthKeyID: 0,
|
||||
AuthKey: &types.PreAuthKey{},
|
||||
LastSeen: &lastSeen,
|
||||
Expiry: &expire,
|
||||
HostInfo: types.HostInfo{},
|
||||
Endpoints: []string{},
|
||||
Routes: []types.Route{
|
||||
{
|
||||
Prefix: types.IPPrefix(netip.MustParsePrefix("0.0.0.0/0")),
|
||||
Advertised: true,
|
||||
Enabled: true,
|
||||
IsPrimary: false,
|
||||
},
|
||||
{
|
||||
Prefix: types.IPPrefix(netip.MustParsePrefix("192.168.0.0/24")),
|
||||
Advertised: true,
|
||||
Enabled: true,
|
||||
IsPrimary: true,
|
||||
},
|
||||
{
|
||||
Prefix: types.IPPrefix(netip.MustParsePrefix("172.0.0.0/10")),
|
||||
Advertised: true,
|
||||
Enabled: false,
|
||||
IsPrimary: true,
|
||||
},
|
||||
},
|
||||
CreatedAt: created,
|
||||
},
|
||||
peers: []types.Machine{},
|
||||
stripEmailDomain: false,
|
||||
baseDomain: "",
|
||||
dnsConfig: &tailcfg.DNSConfig{},
|
||||
derpMap: &tailcfg.DERPMap{},
|
||||
logtail: false,
|
||||
randomClientPort: false,
|
||||
want: &tailcfg.MapResponse{
|
||||
KeepAlive: false,
|
||||
Node: &tailcfg.Node{
|
||||
ID: 0,
|
||||
StableID: "0",
|
||||
Name: "mini",
|
||||
User: 0,
|
||||
Key: mustNK(
|
||||
"nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
||||
),
|
||||
KeyExpiry: expire,
|
||||
Machine: mustMK(
|
||||
"mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
||||
),
|
||||
DiscoKey: mustDK(
|
||||
"discokey:cf7b0fd05da556fdc3bab365787b506fd82d64a70745db70e00e86c1b1c03084",
|
||||
),
|
||||
Addresses: []netip.Prefix{netip.MustParsePrefix("100.64.0.1/32")},
|
||||
AllowedIPs: []netip.Prefix{
|
||||
netip.MustParsePrefix("100.64.0.1/32"),
|
||||
netip.MustParsePrefix("0.0.0.0/0"),
|
||||
netip.MustParsePrefix("192.168.0.0/24"),
|
||||
},
|
||||
Endpoints: []string{},
|
||||
DERP: "127.3.3.40:0",
|
||||
Hostinfo: hiview(tailcfg.Hostinfo{}),
|
||||
Created: created,
|
||||
Tags: []string{},
|
||||
PrimaryRoutes: []netip.Prefix{netip.MustParsePrefix("192.168.0.0/24")},
|
||||
LastSeen: &lastSeen,
|
||||
Online: new(bool),
|
||||
KeepAlive: true,
|
||||
MachineAuthorized: true,
|
||||
Capabilities: []string{
|
||||
tailcfg.CapabilityFileSharing,
|
||||
tailcfg.CapabilityAdmin,
|
||||
tailcfg.CapabilitySSH,
|
||||
},
|
||||
},
|
||||
DERPMap: &tailcfg.DERPMap{},
|
||||
Peers: []*tailcfg.Node{},
|
||||
DNSConfig: &tailcfg.DNSConfig{},
|
||||
Domain: "",
|
||||
CollectServices: "false",
|
||||
PacketFilter: []tailcfg.FilterRule{},
|
||||
UserProfiles: []tailcfg.UserProfile{{LoginName: "mini", DisplayName: "mini"}},
|
||||
SSHPolicy: nil,
|
||||
ControlTime: &time.Time{},
|
||||
Debug: &tailcfg.Debug{
|
||||
DisableLogTail: true,
|
||||
},
|
||||
},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "no-pol-map-response",
|
||||
pol: &policy.ACLPolicy{},
|
||||
machine: &types.Machine{
|
||||
ID: 0,
|
||||
MachineKey: "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
||||
NodeKey: "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
||||
DiscoKey: "discokey:cf7b0fd05da556fdc3bab365787b506fd82d64a70745db70e00e86c1b1c03084",
|
||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.1")},
|
||||
Hostname: "mini",
|
||||
GivenName: "mini",
|
||||
UserID: 0,
|
||||
User: types.User{Name: "mini"},
|
||||
ForcedTags: []string{},
|
||||
LastSeen: &lastSeen,
|
||||
Expiry: &expire,
|
||||
HostInfo: types.HostInfo{},
|
||||
Endpoints: []string{},
|
||||
Routes: []types.Route{
|
||||
{
|
||||
Prefix: types.IPPrefix(netip.MustParsePrefix("0.0.0.0/0")),
|
||||
Advertised: true,
|
||||
Enabled: true,
|
||||
IsPrimary: false,
|
||||
},
|
||||
{
|
||||
Prefix: types.IPPrefix(netip.MustParsePrefix("192.168.0.0/24")),
|
||||
Advertised: true,
|
||||
Enabled: true,
|
||||
IsPrimary: true,
|
||||
},
|
||||
{
|
||||
Prefix: types.IPPrefix(netip.MustParsePrefix("172.0.0.0/10")),
|
||||
Advertised: true,
|
||||
Enabled: false,
|
||||
IsPrimary: true,
|
||||
},
|
||||
},
|
||||
CreatedAt: created,
|
||||
},
|
||||
peers: []types.Machine{
|
||||
{
|
||||
ID: 1,
|
||||
MachineKey: "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
||||
NodeKey: "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
||||
DiscoKey: "discokey:cf7b0fd05da556fdc3bab365787b506fd82d64a70745db70e00e86c1b1c03084",
|
||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
||||
Hostname: "peer1",
|
||||
GivenName: "peer1",
|
||||
UserID: 0,
|
||||
User: types.User{Name: "mini"},
|
||||
ForcedTags: []string{},
|
||||
LastSeen: &lastSeen,
|
||||
Expiry: &expire,
|
||||
HostInfo: types.HostInfo{},
|
||||
Endpoints: []string{},
|
||||
Routes: []types.Route{},
|
||||
CreatedAt: created,
|
||||
},
|
||||
},
|
||||
stripEmailDomain: false,
|
||||
baseDomain: "",
|
||||
dnsConfig: &tailcfg.DNSConfig{},
|
||||
derpMap: &tailcfg.DERPMap{},
|
||||
logtail: false,
|
||||
randomClientPort: false,
|
||||
want: &tailcfg.MapResponse{
|
||||
KeepAlive: false,
|
||||
Node: &tailcfg.Node{
|
||||
ID: 0,
|
||||
StableID: "0",
|
||||
Name: "mini",
|
||||
User: 0,
|
||||
Key: mustNK(
|
||||
"nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
||||
),
|
||||
KeyExpiry: expire,
|
||||
Machine: mustMK(
|
||||
"mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
||||
),
|
||||
DiscoKey: mustDK(
|
||||
"discokey:cf7b0fd05da556fdc3bab365787b506fd82d64a70745db70e00e86c1b1c03084",
|
||||
),
|
||||
Addresses: []netip.Prefix{netip.MustParsePrefix("100.64.0.1/32")},
|
||||
AllowedIPs: []netip.Prefix{
|
||||
netip.MustParsePrefix("100.64.0.1/32"),
|
||||
netip.MustParsePrefix("0.0.0.0/0"),
|
||||
netip.MustParsePrefix("192.168.0.0/24"),
|
||||
},
|
||||
Endpoints: []string{},
|
||||
DERP: "127.3.3.40:0",
|
||||
Hostinfo: hiview(tailcfg.Hostinfo{}),
|
||||
Created: created,
|
||||
Tags: []string{},
|
||||
PrimaryRoutes: []netip.Prefix{netip.MustParsePrefix("192.168.0.0/24")},
|
||||
LastSeen: &lastSeen,
|
||||
Online: new(bool),
|
||||
KeepAlive: true,
|
||||
MachineAuthorized: true,
|
||||
Capabilities: []string{
|
||||
tailcfg.CapabilityFileSharing,
|
||||
tailcfg.CapabilityAdmin,
|
||||
tailcfg.CapabilitySSH,
|
||||
},
|
||||
},
|
||||
DERPMap: &tailcfg.DERPMap{},
|
||||
Peers: []*tailcfg.Node{
|
||||
{
|
||||
ID: 1,
|
||||
StableID: "1",
|
||||
Name: "peer1",
|
||||
Key: mustNK(
|
||||
"nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
||||
),
|
||||
KeyExpiry: expire,
|
||||
Machine: mustMK(
|
||||
"mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
||||
),
|
||||
DiscoKey: mustDK(
|
||||
"discokey:cf7b0fd05da556fdc3bab365787b506fd82d64a70745db70e00e86c1b1c03084",
|
||||
),
|
||||
Addresses: []netip.Prefix{netip.MustParsePrefix("100.64.0.2/32")},
|
||||
AllowedIPs: []netip.Prefix{netip.MustParsePrefix("100.64.0.2/32")},
|
||||
Endpoints: []string{},
|
||||
DERP: "127.3.3.40:0",
|
||||
Hostinfo: hiview(tailcfg.Hostinfo{}),
|
||||
Created: created,
|
||||
Tags: []string{},
|
||||
PrimaryRoutes: []netip.Prefix{},
|
||||
LastSeen: &lastSeen,
|
||||
Online: new(bool),
|
||||
KeepAlive: true,
|
||||
MachineAuthorized: true,
|
||||
Capabilities: []string{
|
||||
tailcfg.CapabilityFileSharing,
|
||||
tailcfg.CapabilityAdmin,
|
||||
tailcfg.CapabilitySSH,
|
||||
},
|
||||
},
|
||||
},
|
||||
DNSConfig: &tailcfg.DNSConfig{},
|
||||
Domain: "",
|
||||
CollectServices: "false",
|
||||
PacketFilter: []tailcfg.FilterRule{},
|
||||
UserProfiles: []tailcfg.UserProfile{{LoginName: "mini", DisplayName: "mini"}},
|
||||
SSHPolicy: nil,
|
||||
ControlTime: &time.Time{},
|
||||
Debug: &tailcfg.Debug{
|
||||
DisableLogTail: true,
|
||||
},
|
||||
},
|
||||
wantErr: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
got, err := fullMapResponse(
|
||||
tt.pol,
|
||||
tt.machine,
|
||||
tt.peers,
|
||||
tt.stripEmailDomain,
|
||||
tt.baseDomain,
|
||||
tt.dnsConfig,
|
||||
tt.derpMap,
|
||||
tt.logtail,
|
||||
tt.randomClientPort,
|
||||
)
|
||||
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("fullMapResponse() error = %v, wantErr %v", err, tt.wantErr)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
if diff := cmp.Diff(
|
||||
tt.want,
|
||||
got,
|
||||
cmpopts.EquateEmpty(),
|
||||
// Ignore ControlTime, it is set to now and we dont really need to mock it.
|
||||
cmpopts.IgnoreFields(tailcfg.MapResponse{}, "ControlTime"),
|
||||
); diff != "" {
|
||||
t.Errorf("fullMapResponse() unexpected result (-want +got):\n%s", diff)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
@ -126,7 +126,7 @@ func GenerateFilterRules(
|
||||
stripEmailDomain bool,
|
||||
) ([]tailcfg.FilterRule, *tailcfg.SSHPolicy, error) {
|
||||
if policy == nil {
|
||||
return []tailcfg.FilterRule{}, &tailcfg.SSHPolicy{}, ErrEmptyPolicy
|
||||
return []tailcfg.FilterRule{}, &tailcfg.SSHPolicy{}, nil
|
||||
}
|
||||
|
||||
rules, err := policy.generateFilterRules(machines, stripEmailDomain)
|
||||
|
@ -324,7 +324,7 @@ func (h *Headscale) handleAuthKeyCommon(
|
||||
Msg("Failed authentication via AuthKey")
|
||||
resp.MachineAuthorized = false
|
||||
|
||||
respBody, err := mapper.MarshalResponse(resp, h.privateKey2019, machineKey)
|
||||
respBody, err := mapper.MarshalResponse(resp, isNoise, h.privateKey2019, machineKey)
|
||||
if err != nil {
|
||||
log.Error().
|
||||
Caller().
|
||||
@ -484,7 +484,7 @@ func (h *Headscale) handleAuthKeyCommon(
|
||||
// Otherwise it will need to exec `tailscale up` twice to fetch the *LoginName*
|
||||
resp.Login = *pak.User.TailscaleLogin()
|
||||
|
||||
respBody, err := mapper.MarshalResponse(resp, h.privateKey2019, machineKey)
|
||||
respBody, err := mapper.MarshalResponse(resp, isNoise, h.privateKey2019, machineKey)
|
||||
if err != nil {
|
||||
log.Error().
|
||||
Caller().
|
||||
@ -549,7 +549,7 @@ func (h *Headscale) handleNewMachineCommon(
|
||||
registerRequest.NodeKey)
|
||||
}
|
||||
|
||||
respBody, err := mapper.MarshalResponse(resp, h.privateKey2019, machineKey)
|
||||
respBody, err := mapper.MarshalResponse(resp, isNoise, h.privateKey2019, machineKey)
|
||||
if err != nil {
|
||||
log.Error().
|
||||
Caller().
|
||||
@ -610,7 +610,7 @@ func (h *Headscale) handleMachineLogOutCommon(
|
||||
resp.MachineAuthorized = false
|
||||
resp.NodeKeyExpired = true
|
||||
resp.User = *machine.User.TailscaleUser()
|
||||
respBody, err := mapper.MarshalResponse(resp, h.privateKey2019, machineKey)
|
||||
respBody, err := mapper.MarshalResponse(resp, isNoise, h.privateKey2019, machineKey)
|
||||
if err != nil {
|
||||
log.Error().
|
||||
Caller().
|
||||
@ -674,7 +674,7 @@ func (h *Headscale) handleMachineValidRegistrationCommon(
|
||||
resp.User = *machine.User.TailscaleUser()
|
||||
resp.Login = *machine.User.TailscaleLogin()
|
||||
|
||||
respBody, err := mapper.MarshalResponse(resp, h.privateKey2019, machineKey)
|
||||
respBody, err := mapper.MarshalResponse(resp, isNoise, h.privateKey2019, machineKey)
|
||||
if err != nil {
|
||||
log.Error().
|
||||
Caller().
|
||||
@ -736,7 +736,7 @@ func (h *Headscale) handleMachineRefreshKeyCommon(
|
||||
|
||||
resp.AuthURL = ""
|
||||
resp.User = *machine.User.TailscaleUser()
|
||||
respBody, err := mapper.MarshalResponse(resp, h.privateKey2019, machineKey)
|
||||
respBody, err := mapper.MarshalResponse(resp, isNoise, h.privateKey2019, machineKey)
|
||||
if err != nil {
|
||||
log.Error().
|
||||
Caller().
|
||||
@ -803,7 +803,7 @@ func (h *Headscale) handleMachineExpiredOrLoggedOutCommon(
|
||||
registerRequest.NodeKey)
|
||||
}
|
||||
|
||||
respBody, err := mapper.MarshalResponse(resp, h.privateKey2019, machineKey)
|
||||
respBody, err := mapper.MarshalResponse(resp, isNoise, h.privateKey2019, machineKey)
|
||||
if err != nil {
|
||||
log.Error().
|
||||
Caller().
|
||||
|
Loading…
Reference in New Issue
Block a user