diff --git a/integration/acl_test.go b/integration/acl_test.go index 987f1699..e85e28cd 100644 --- a/integration/acl_test.go +++ b/integration/acl_test.go @@ -6,7 +6,7 @@ import ( "strings" "testing" - "github.com/juanfont/headscale" + "github.com/juanfont/headscale/hscontrol" "github.com/juanfont/headscale/integration/hsic" "github.com/juanfont/headscale/integration/tsic" "github.com/stretchr/testify/assert" @@ -45,7 +45,7 @@ var veryLargeDestination = []string{ "208.0.0.0/4:*", } -func aclScenario(t *testing.T, policy *headscale.ACLPolicy, clientsPerUser int) *Scenario { +func aclScenario(t *testing.T, policy *hscontrol.ACLPolicy, clientsPerUser int) *Scenario { t.Helper() scenario, err := NewScenario() assert.NoError(t, err) @@ -92,7 +92,7 @@ func TestACLHostsInNetMapTable(t *testing.T) { // they can access minus one (them self). tests := map[string]struct { users map[string]int - policy headscale.ACLPolicy + policy hscontrol.ACLPolicy want map[string]int }{ // Test that when we have no ACL, each client netmap has @@ -102,8 +102,8 @@ func TestACLHostsInNetMapTable(t *testing.T) { "user1": 2, "user2": 2, }, - policy: headscale.ACLPolicy{ - ACLs: []headscale.ACL{ + policy: hscontrol.ACLPolicy{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"*"}, @@ -123,8 +123,8 @@ func TestACLHostsInNetMapTable(t *testing.T) { "user1": 2, "user2": 2, }, - policy: headscale.ACLPolicy{ - ACLs: []headscale.ACL{ + policy: hscontrol.ACLPolicy{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"user1"}, @@ -149,8 +149,8 @@ func TestACLHostsInNetMapTable(t *testing.T) { "user1": 2, "user2": 2, }, - policy: headscale.ACLPolicy{ - ACLs: []headscale.ACL{ + policy: hscontrol.ACLPolicy{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"user1"}, @@ -186,8 +186,8 @@ func TestACLHostsInNetMapTable(t *testing.T) { "user1": 2, "user2": 2, }, - policy: headscale.ACLPolicy{ - ACLs: []headscale.ACL{ + policy: hscontrol.ACLPolicy{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"user1"}, @@ -214,8 +214,8 @@ func TestACLHostsInNetMapTable(t *testing.T) { "user1": 2, "user2": 2, }, - policy: headscale.ACLPolicy{ - ACLs: []headscale.ACL{ + policy: hscontrol.ACLPolicy{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"user1"}, @@ -282,8 +282,8 @@ func TestACLAllowUser80Dst(t *testing.T) { IntegrationSkip(t) scenario := aclScenario(t, - &headscale.ACLPolicy{ - ACLs: []headscale.ACL{ + &hscontrol.ACLPolicy{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"user1"}, @@ -338,11 +338,11 @@ func TestACLDenyAllPort80(t *testing.T) { IntegrationSkip(t) scenario := aclScenario(t, - &headscale.ACLPolicy{ + &hscontrol.ACLPolicy{ Groups: map[string][]string{ "group:integration-acl-test": {"user1", "user2"}, }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"group:integration-acl-test"}, @@ -387,8 +387,8 @@ func TestACLAllowUserDst(t *testing.T) { IntegrationSkip(t) scenario := aclScenario(t, - &headscale.ACLPolicy{ - ACLs: []headscale.ACL{ + &hscontrol.ACLPolicy{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"user1"}, @@ -445,8 +445,8 @@ func TestACLAllowStarDst(t *testing.T) { IntegrationSkip(t) scenario := aclScenario(t, - &headscale.ACLPolicy{ - ACLs: []headscale.ACL{ + &hscontrol.ACLPolicy{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"user1"}, @@ -504,11 +504,11 @@ func TestACLNamedHostsCanReachBySubnet(t *testing.T) { IntegrationSkip(t) scenario := aclScenario(t, - &headscale.ACLPolicy{ - Hosts: headscale.Hosts{ + &hscontrol.ACLPolicy{ + Hosts: hscontrol.Hosts{ "all": netip.MustParsePrefix("100.64.0.0/24"), }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ // Everyone can curl test3 { Action: "accept", @@ -603,16 +603,16 @@ func TestACLNamedHostsCanReach(t *testing.T) { IntegrationSkip(t) tests := map[string]struct { - policy headscale.ACLPolicy + policy hscontrol.ACLPolicy }{ "ipv4": { - policy: headscale.ACLPolicy{ - Hosts: headscale.Hosts{ + policy: hscontrol.ACLPolicy{ + Hosts: hscontrol.Hosts{ "test1": netip.MustParsePrefix("100.64.0.1/32"), "test2": netip.MustParsePrefix("100.64.0.2/32"), "test3": netip.MustParsePrefix("100.64.0.3/32"), }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ // Everyone can curl test3 { Action: "accept", @@ -629,13 +629,13 @@ func TestACLNamedHostsCanReach(t *testing.T) { }, }, "ipv6": { - policy: headscale.ACLPolicy{ - Hosts: headscale.Hosts{ + policy: hscontrol.ACLPolicy{ + Hosts: hscontrol.Hosts{ "test1": netip.MustParsePrefix("fd7a:115c:a1e0::1/128"), "test2": netip.MustParsePrefix("fd7a:115c:a1e0::2/128"), "test3": netip.MustParsePrefix("fd7a:115c:a1e0::3/128"), }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ // Everyone can curl test3 { Action: "accept", @@ -854,11 +854,11 @@ func TestACLDevice1CanAccessDevice2(t *testing.T) { IntegrationSkip(t) tests := map[string]struct { - policy headscale.ACLPolicy + policy hscontrol.ACLPolicy }{ "ipv4": { - policy: headscale.ACLPolicy{ - ACLs: []headscale.ACL{ + policy: hscontrol.ACLPolicy{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"100.64.0.1"}, @@ -868,8 +868,8 @@ func TestACLDevice1CanAccessDevice2(t *testing.T) { }, }, "ipv6": { - policy: headscale.ACLPolicy{ - ACLs: []headscale.ACL{ + policy: hscontrol.ACLPolicy{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"fd7a:115c:a1e0::1"}, @@ -879,12 +879,12 @@ func TestACLDevice1CanAccessDevice2(t *testing.T) { }, }, "hostv4cidr": { - policy: headscale.ACLPolicy{ - Hosts: headscale.Hosts{ + policy: hscontrol.ACLPolicy{ + Hosts: hscontrol.Hosts{ "test1": netip.MustParsePrefix("100.64.0.1/32"), "test2": netip.MustParsePrefix("100.64.0.2/32"), }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"test1"}, @@ -894,12 +894,12 @@ func TestACLDevice1CanAccessDevice2(t *testing.T) { }, }, "hostv6cidr": { - policy: headscale.ACLPolicy{ - Hosts: headscale.Hosts{ + policy: hscontrol.ACLPolicy{ + Hosts: hscontrol.Hosts{ "test1": netip.MustParsePrefix("fd7a:115c:a1e0::1/128"), "test2": netip.MustParsePrefix("fd7a:115c:a1e0::2/128"), }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"test1"}, @@ -909,12 +909,12 @@ func TestACLDevice1CanAccessDevice2(t *testing.T) { }, }, "group": { - policy: headscale.ACLPolicy{ + policy: hscontrol.ACLPolicy{ Groups: map[string][]string{ "group:one": {"user1"}, "group:two": {"user2"}, }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"group:one"}, diff --git a/integration/auth_oidc_test.go b/integration/auth_oidc_test.go index 3e61c197..8ad8f329 100644 --- a/integration/auth_oidc_test.go +++ b/integration/auth_oidc_test.go @@ -14,7 +14,7 @@ import ( "testing" "time" - "github.com/juanfont/headscale" + "github.com/juanfont/headscale/hscontrol" "github.com/juanfont/headscale/integration/dockertestutil" "github.com/juanfont/headscale/integration/hsic" "github.com/ory/dockertest/v3" @@ -213,14 +213,14 @@ func (s *AuthOIDCScenario) CreateHeadscaleEnv( return nil } -func (s *AuthOIDCScenario) runMockOIDC(accessTTL time.Duration) (*headscale.OIDCConfig, error) { +func (s *AuthOIDCScenario) runMockOIDC(accessTTL time.Duration) (*hscontrol.OIDCConfig, error) { port, err := dockertestutil.RandomFreeHostPort() if err != nil { log.Fatalf("could not find an open port: %s", err) } portNotation := fmt.Sprintf("%d/tcp", port) - hash, _ := headscale.GenerateRandomStringDNSSafe(hsicOIDCMockHashLength) + hash, _ := hscontrol.GenerateRandomStringDNSSafe(hsicOIDCMockHashLength) hostname := fmt.Sprintf("hs-oidcmock-%s", hash) @@ -287,7 +287,7 @@ func (s *AuthOIDCScenario) runMockOIDC(accessTTL time.Duration) (*headscale.OIDC log.Printf("headscale mock oidc is ready for tests at %s", hostEndpoint) - return &headscale.OIDCConfig{ + return &hscontrol.OIDCConfig{ Issuer: fmt.Sprintf( "http://%s/oidc", net.JoinHostPort(s.mockOIDC.GetIPInNetwork(s.network), strconv.Itoa(port)), diff --git a/integration/embedded_derp_test.go b/integration/embedded_derp_test.go index 5f831bf4..be128087 100644 --- a/integration/embedded_derp_test.go +++ b/integration/embedded_derp_test.go @@ -6,7 +6,7 @@ import ( "net/url" "testing" - "github.com/juanfont/headscale" + "github.com/juanfont/headscale/hscontrol" "github.com/juanfont/headscale/integration/dockertestutil" "github.com/juanfont/headscale/integration/hsic" "github.com/juanfont/headscale/integration/tsic" @@ -110,7 +110,7 @@ func (s *EmbeddedDERPServerScenario) CreateHeadscaleEnv( return err } - hash, err := headscale.GenerateRandomStringDNSSafe(scenarioHashLength) + hash, err := hscontrol.GenerateRandomStringDNSSafe(scenarioHashLength) if err != nil { return err } diff --git a/integration/hsic/hsic.go b/integration/hsic/hsic.go index 63034918..6b1652b0 100644 --- a/integration/hsic/hsic.go +++ b/integration/hsic/hsic.go @@ -22,8 +22,8 @@ import ( "time" "github.com/davecgh/go-spew/spew" - "github.com/juanfont/headscale" v1 "github.com/juanfont/headscale/gen/go/headscale/v1" + "github.com/juanfont/headscale/hscontrol" "github.com/juanfont/headscale/integration/dockertestutil" "github.com/juanfont/headscale/integration/integrationutil" "github.com/ory/dockertest/v3" @@ -59,7 +59,7 @@ type HeadscaleInContainer struct { port int extraPorts []string hostPortBindings map[string][]string - aclPolicy *headscale.ACLPolicy + aclPolicy *hscontrol.ACLPolicy env map[string]string tlsCert []byte tlsKey []byte @@ -70,9 +70,9 @@ type HeadscaleInContainer struct { // Headscale instance. type Option = func(c *HeadscaleInContainer) -// WithACLPolicy adds a headscale.ACLPolicy policy to the +// WithACLPolicy adds a hscontrol.ACLPolicy policy to the // HeadscaleInContainer instance. -func WithACLPolicy(acl *headscale.ACLPolicy) Option { +func WithACLPolicy(acl *hscontrol.ACLPolicy) Option { return func(hsic *HeadscaleInContainer) { // TODO(kradalby): Move somewhere appropriate hsic.env["HEADSCALE_ACL_POLICY_PATH"] = aclPolicyPath @@ -132,7 +132,7 @@ func WithHostPortBindings(bindings map[string][]string) Option { // in the Docker container name. func WithTestName(testName string) Option { return func(hsic *HeadscaleInContainer) { - hash, _ := headscale.GenerateRandomStringDNSSafe(hsicHashLength) + hash, _ := hscontrol.GenerateRandomStringDNSSafe(hsicHashLength) hostname := fmt.Sprintf("hs-%s-%s", testName, hash) hsic.hostname = hostname @@ -167,7 +167,7 @@ func New( network *dockertest.Network, opts ...Option, ) (*HeadscaleInContainer, error) { - hash, err := headscale.GenerateRandomStringDNSSafe(hsicHashLength) + hash, err := hscontrol.GenerateRandomStringDNSSafe(hsicHashLength) if err != nil { return nil, err } diff --git a/integration/scenario.go b/integration/scenario.go index 817ea7c1..58005482 100644 --- a/integration/scenario.go +++ b/integration/scenario.go @@ -9,8 +9,8 @@ import ( "sync" "time" - "github.com/juanfont/headscale" v1 "github.com/juanfont/headscale/gen/go/headscale/v1" + "github.com/juanfont/headscale/hscontrol" "github.com/juanfont/headscale/integration/dockertestutil" "github.com/juanfont/headscale/integration/hsic" "github.com/juanfont/headscale/integration/tsic" @@ -105,7 +105,7 @@ type Scenario struct { // NewScenario creates a test Scenario which can be used to bootstraps a ControlServer with // a set of Users and TailscaleClients. func NewScenario() (*Scenario, error) { - hash, err := headscale.GenerateRandomStringDNSSafe(scenarioHashLength) + hash, err := hscontrol.GenerateRandomStringDNSSafe(scenarioHashLength) if err != nil { return nil, err } diff --git a/integration/ssh_test.go b/integration/ssh_test.go index aaebf3b9..922ced62 100644 --- a/integration/ssh_test.go +++ b/integration/ssh_test.go @@ -6,7 +6,7 @@ import ( "testing" "time" - "github.com/juanfont/headscale" + "github.com/juanfont/headscale/hscontrol" "github.com/juanfont/headscale/integration/hsic" "github.com/juanfont/headscale/integration/tsic" "github.com/stretchr/testify/assert" @@ -57,18 +57,18 @@ func TestSSHOneUserAllToAll(t *testing.T) { err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithSSH()}, hsic.WithACLPolicy( - &headscale.ACLPolicy{ + &hscontrol.ACLPolicy{ Groups: map[string][]string{ "group:integration-test": {"user1"}, }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"*"}, Destinations: []string{"*:*"}, }, }, - SSHs: []headscale.SSH{ + SSHs: []hscontrol.SSH{ { Action: "accept", Sources: []string{"group:integration-test"}, @@ -134,18 +134,18 @@ func TestSSHMultipleUsersAllToAll(t *testing.T) { err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithSSH()}, hsic.WithACLPolicy( - &headscale.ACLPolicy{ + &hscontrol.ACLPolicy{ Groups: map[string][]string{ "group:integration-test": {"user1", "user2"}, }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"*"}, Destinations: []string{"*:*"}, }, }, - SSHs: []headscale.SSH{ + SSHs: []hscontrol.SSH{ { Action: "accept", Sources: []string{"group:integration-test"}, @@ -216,18 +216,18 @@ func TestSSHNoSSHConfigured(t *testing.T) { err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithSSH()}, hsic.WithACLPolicy( - &headscale.ACLPolicy{ + &hscontrol.ACLPolicy{ Groups: map[string][]string{ "group:integration-test": {"user1"}, }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"*"}, Destinations: []string{"*:*"}, }, }, - SSHs: []headscale.SSH{}, + SSHs: []hscontrol.SSH{}, }, ), hsic.WithTestName("sshnoneconfigured"), @@ -286,18 +286,18 @@ func TestSSHIsBlockedInACL(t *testing.T) { err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithSSH()}, hsic.WithACLPolicy( - &headscale.ACLPolicy{ + &hscontrol.ACLPolicy{ Groups: map[string][]string{ "group:integration-test": {"user1"}, }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"*"}, Destinations: []string{"*:80"}, }, }, - SSHs: []headscale.SSH{ + SSHs: []hscontrol.SSH{ { Action: "accept", Sources: []string{"group:integration-test"}, @@ -364,19 +364,19 @@ func TestSSUserOnlyIsolation(t *testing.T) { err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithSSH()}, hsic.WithACLPolicy( - &headscale.ACLPolicy{ + &hscontrol.ACLPolicy{ Groups: map[string][]string{ "group:ssh1": {"useracl1"}, "group:ssh2": {"useracl2"}, }, - ACLs: []headscale.ACL{ + ACLs: []hscontrol.ACL{ { Action: "accept", Sources: []string{"*"}, Destinations: []string{"*:*"}, }, }, - SSHs: []headscale.SSH{ + SSHs: []hscontrol.SSH{ { Action: "accept", Sources: []string{"group:ssh1"}, diff --git a/integration/tsic/tsic.go b/integration/tsic/tsic.go index 520f0f2d..cc285f3b 100644 --- a/integration/tsic/tsic.go +++ b/integration/tsic/tsic.go @@ -12,7 +12,7 @@ import ( "time" "github.com/cenkalti/backoff/v4" - "github.com/juanfont/headscale" + "github.com/juanfont/headscale/hscontrol" "github.com/juanfont/headscale/integration/dockertestutil" "github.com/juanfont/headscale/integration/integrationutil" "github.com/ory/dockertest/v3" @@ -150,7 +150,7 @@ func New( network *dockertest.Network, opts ...Option, ) (*TailscaleInContainer, error) { - hash, err := headscale.GenerateRandomStringDNSSafe(tsicHashLength) + hash, err := hscontrol.GenerateRandomStringDNSSafe(tsicHashLength) if err != nil { return nil, err }