fix tags not resolving to username if email is present (#2309)

* ensure valid tags is populated on user gets too

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* ensure forced tags are added

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* remove unused envvar in test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* debug log auth/unauth tags in policy man

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* defer shutdown in tags test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add tag test with groups

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add email, display name, picture to create user

Updates #2166

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add ability to set display and email to cli

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add email to test users in integration

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* fix issue where tags were only assigned to email, not username

Fixes #2300
Fixes #2307

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* expand principles to correct login name

and if fix an issue where nodeip principles might not expand to all
relevant IPs instead of taking the first in a prefix.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* fix ssh unit test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update cli and oauth tests for users with email

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* index by test email

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* fix last test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2024-12-19 13:10:10 +01:00 committed by GitHub
parent af4508b9dc
commit 770f3dcb93
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
28 changed files with 409 additions and 230 deletions

View File

@ -39,33 +39,33 @@ func init() {
err := registerNodeCmd.MarkFlagRequired("user") err := registerNodeCmd.MarkFlagRequired("user")
if err != nil { if err != nil {
log.Fatalf(err.Error()) log.Fatal(err.Error())
} }
registerNodeCmd.Flags().StringP("key", "k", "", "Key") registerNodeCmd.Flags().StringP("key", "k", "", "Key")
err = registerNodeCmd.MarkFlagRequired("key") err = registerNodeCmd.MarkFlagRequired("key")
if err != nil { if err != nil {
log.Fatalf(err.Error()) log.Fatal(err.Error())
} }
nodeCmd.AddCommand(registerNodeCmd) nodeCmd.AddCommand(registerNodeCmd)
expireNodeCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)") expireNodeCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)")
err = expireNodeCmd.MarkFlagRequired("identifier") err = expireNodeCmd.MarkFlagRequired("identifier")
if err != nil { if err != nil {
log.Fatalf(err.Error()) log.Fatal(err.Error())
} }
nodeCmd.AddCommand(expireNodeCmd) nodeCmd.AddCommand(expireNodeCmd)
renameNodeCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)") renameNodeCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)")
err = renameNodeCmd.MarkFlagRequired("identifier") err = renameNodeCmd.MarkFlagRequired("identifier")
if err != nil { if err != nil {
log.Fatalf(err.Error()) log.Fatal(err.Error())
} }
nodeCmd.AddCommand(renameNodeCmd) nodeCmd.AddCommand(renameNodeCmd)
deleteNodeCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)") deleteNodeCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)")
err = deleteNodeCmd.MarkFlagRequired("identifier") err = deleteNodeCmd.MarkFlagRequired("identifier")
if err != nil { if err != nil {
log.Fatalf(err.Error()) log.Fatal(err.Error())
} }
nodeCmd.AddCommand(deleteNodeCmd) nodeCmd.AddCommand(deleteNodeCmd)
@ -73,7 +73,7 @@ func init() {
err = moveNodeCmd.MarkFlagRequired("identifier") err = moveNodeCmd.MarkFlagRequired("identifier")
if err != nil { if err != nil {
log.Fatalf(err.Error()) log.Fatal(err.Error())
} }
moveNodeCmd.Flags().StringP("user", "u", "", "New user") moveNodeCmd.Flags().StringP("user", "u", "", "New user")
@ -85,7 +85,7 @@ func init() {
err = moveNodeCmd.MarkFlagRequired("user") err = moveNodeCmd.MarkFlagRequired("user")
if err != nil { if err != nil {
log.Fatalf(err.Error()) log.Fatal(err.Error())
} }
nodeCmd.AddCommand(moveNodeCmd) nodeCmd.AddCommand(moveNodeCmd)
@ -93,7 +93,7 @@ func init() {
err = tagCmd.MarkFlagRequired("identifier") err = tagCmd.MarkFlagRequired("identifier")
if err != nil { if err != nil {
log.Fatalf(err.Error()) log.Fatal(err.Error())
} }
tagCmd.Flags(). tagCmd.Flags().
StringSliceP("tags", "t", []string{}, "List of tags to add to the node") StringSliceP("tags", "t", []string{}, "List of tags to add to the node")

View File

@ -25,21 +25,21 @@ func init() {
enableRouteCmd.Flags().Uint64P("route", "r", 0, "Route identifier (ID)") enableRouteCmd.Flags().Uint64P("route", "r", 0, "Route identifier (ID)")
err := enableRouteCmd.MarkFlagRequired("route") err := enableRouteCmd.MarkFlagRequired("route")
if err != nil { if err != nil {
log.Fatalf(err.Error()) log.Fatal(err.Error())
} }
routesCmd.AddCommand(enableRouteCmd) routesCmd.AddCommand(enableRouteCmd)
disableRouteCmd.Flags().Uint64P("route", "r", 0, "Route identifier (ID)") disableRouteCmd.Flags().Uint64P("route", "r", 0, "Route identifier (ID)")
err = disableRouteCmd.MarkFlagRequired("route") err = disableRouteCmd.MarkFlagRequired("route")
if err != nil { if err != nil {
log.Fatalf(err.Error()) log.Fatal(err.Error())
} }
routesCmd.AddCommand(disableRouteCmd) routesCmd.AddCommand(disableRouteCmd)
deleteRouteCmd.Flags().Uint64P("route", "r", 0, "Route identifier (ID)") deleteRouteCmd.Flags().Uint64P("route", "r", 0, "Route identifier (ID)")
err = deleteRouteCmd.MarkFlagRequired("route") err = deleteRouteCmd.MarkFlagRequired("route")
if err != nil { if err != nil {
log.Fatalf(err.Error()) log.Fatal(err.Error())
} }
routesCmd.AddCommand(deleteRouteCmd) routesCmd.AddCommand(deleteRouteCmd)
} }

View File

@ -3,6 +3,7 @@ package cli
import ( import (
"errors" "errors"
"fmt" "fmt"
"net/url"
survey "github.com/AlecAivazis/survey/v2" survey "github.com/AlecAivazis/survey/v2"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1" v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
@ -40,6 +41,9 @@ func usernameAndIDFromFlag(cmd *cobra.Command) (uint64, string) {
func init() { func init() {
rootCmd.AddCommand(userCmd) rootCmd.AddCommand(userCmd)
userCmd.AddCommand(createUserCmd) userCmd.AddCommand(createUserCmd)
createUserCmd.Flags().StringP("display-name", "d", "", "Display name")
createUserCmd.Flags().StringP("email", "e", "", "Email")
createUserCmd.Flags().StringP("picture-url", "p", "", "Profile picture URL")
userCmd.AddCommand(listUsersCmd) userCmd.AddCommand(listUsersCmd)
usernameAndIDFlag(listUsersCmd) usernameAndIDFlag(listUsersCmd)
listUsersCmd.Flags().StringP("email", "e", "", "Email") listUsersCmd.Flags().StringP("email", "e", "", "Email")
@ -83,6 +87,28 @@ var createUserCmd = &cobra.Command{
request := &v1.CreateUserRequest{Name: userName} request := &v1.CreateUserRequest{Name: userName}
if displayName, _ := cmd.Flags().GetString("display-name"); displayName != "" {
request.DisplayName = displayName
}
if email, _ := cmd.Flags().GetString("email"); email != "" {
request.Email = email
}
if pictureURL, _ := cmd.Flags().GetString("picture-url"); pictureURL != "" {
if _, err := url.Parse(pictureURL); err != nil {
ErrorOutput(
err,
fmt.Sprintf(
"Invalid Picture URL: %s",
err,
),
output,
)
}
request.PictureUrl = pictureURL
}
log.Trace().Interface("request", request).Msg("Sending CreateUser request") log.Trace().Interface("request", request).Msg("Sending CreateUser request")
response, err := client.CreateUser(ctx, request) response, err := client.CreateUser(ctx, request)
if err != nil { if err != nil {

View File

@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT. // Code generated by protoc-gen-go. DO NOT EDIT.
// versions: // versions:
// protoc-gen-go v1.35.1 // protoc-gen-go v1.35.2
// protoc (unknown) // protoc (unknown)
// source: headscale/v1/apikey.proto // source: headscale/v1/apikey.proto

View File

@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT. // Code generated by protoc-gen-go. DO NOT EDIT.
// versions: // versions:
// protoc-gen-go v1.35.1 // protoc-gen-go v1.35.2
// protoc (unknown) // protoc (unknown)
// source: headscale/v1/device.proto // source: headscale/v1/device.proto

View File

@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT. // Code generated by protoc-gen-go. DO NOT EDIT.
// versions: // versions:
// protoc-gen-go v1.35.1 // protoc-gen-go v1.35.2
// protoc (unknown) // protoc (unknown)
// source: headscale/v1/headscale.proto // source: headscale/v1/headscale.proto

View File

@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT. // Code generated by protoc-gen-go. DO NOT EDIT.
// versions: // versions:
// protoc-gen-go v1.35.1 // protoc-gen-go v1.35.2
// protoc (unknown) // protoc (unknown)
// source: headscale/v1/node.proto // source: headscale/v1/node.proto

View File

@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT. // Code generated by protoc-gen-go. DO NOT EDIT.
// versions: // versions:
// protoc-gen-go v1.35.1 // protoc-gen-go v1.35.2
// protoc (unknown) // protoc (unknown)
// source: headscale/v1/policy.proto // source: headscale/v1/policy.proto

View File

@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT. // Code generated by protoc-gen-go. DO NOT EDIT.
// versions: // versions:
// protoc-gen-go v1.35.1 // protoc-gen-go v1.35.2
// protoc (unknown) // protoc (unknown)
// source: headscale/v1/preauthkey.proto // source: headscale/v1/preauthkey.proto

View File

@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT. // Code generated by protoc-gen-go. DO NOT EDIT.
// versions: // versions:
// protoc-gen-go v1.35.1 // protoc-gen-go v1.35.2
// protoc (unknown) // protoc (unknown)
// source: headscale/v1/routes.proto // source: headscale/v1/routes.proto

View File

@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT. // Code generated by protoc-gen-go. DO NOT EDIT.
// versions: // versions:
// protoc-gen-go v1.35.1 // protoc-gen-go v1.35.2
// protoc (unknown) // protoc (unknown)
// source: headscale/v1/user.proto // source: headscale/v1/user.proto
@ -128,6 +128,9 @@ type CreateUserRequest struct {
unknownFields protoimpl.UnknownFields unknownFields protoimpl.UnknownFields
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
DisplayName string `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
Email string `protobuf:"bytes,3,opt,name=email,proto3" json:"email,omitempty"`
PictureUrl string `protobuf:"bytes,4,opt,name=picture_url,json=pictureUrl,proto3" json:"picture_url,omitempty"`
} }
func (x *CreateUserRequest) Reset() { func (x *CreateUserRequest) Reset() {
@ -167,6 +170,27 @@ func (x *CreateUserRequest) GetName() string {
return "" return ""
} }
func (x *CreateUserRequest) GetDisplayName() string {
if x != nil {
return x.DisplayName
}
return ""
}
func (x *CreateUserRequest) GetEmail() string {
if x != nil {
return x.Email
}
return ""
}
func (x *CreateUserRequest) GetPictureUrl() string {
if x != nil {
return x.PictureUrl
}
return ""
}
type CreateUserResponse struct { type CreateUserResponse struct {
state protoimpl.MessageState state protoimpl.MessageState
sizeCache protoimpl.SizeCache sizeCache protoimpl.SizeCache
@ -520,38 +544,43 @@ var file_headscale_v1_user_proto_rawDesc = []byte{
0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72,
0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c,
0x65, 0x5f, 0x70, 0x69, 0x63, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x65, 0x5f, 0x70, 0x69, 0x63, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52,
0x0d, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x50, 0x69, 0x63, 0x55, 0x72, 0x6c, 0x22, 0x27, 0x0d, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x50, 0x69, 0x63, 0x55, 0x72, 0x6c, 0x22, 0x81,
0x0a, 0x11, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x01, 0x0a, 0x11, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x71,
0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x3c, 0x0a, 0x12, 0x43, 0x72, 0x65, 0x61, 0x74, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70,
0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65,
0x6d, 0x61, 0x69, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x6d, 0x61, 0x69,
0x6c, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x69, 0x63, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x75, 0x72, 0x6c,
0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x69, 0x63, 0x74, 0x75, 0x72, 0x65, 0x55,
0x72, 0x6c, 0x22, 0x3c, 0x0a, 0x12, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x26, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72,
0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61,
0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72,
0x22, 0x45, 0x0a, 0x11, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x15, 0x0a, 0x06, 0x6f, 0x6c, 0x64, 0x5f, 0x69, 0x64, 0x18,
0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x6f, 0x6c, 0x64, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08,
0x6e, 0x65, 0x77, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07,
0x6e, 0x65, 0x77, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x3c, 0x0a, 0x12, 0x52, 0x65, 0x6e, 0x61, 0x6d,
0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x26, 0x0a, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x26, 0x0a,
0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x68, 0x65, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x68, 0x65,
0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52,
0x04, 0x75, 0x73, 0x65, 0x72, 0x22, 0x45, 0x0a, 0x11, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x55, 0x04, 0x75, 0x73, 0x65, 0x72, 0x22, 0x23, 0x0a, 0x11, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55,
0x73, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x15, 0x0a, 0x06, 0x6f, 0x6c, 0x73, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64,
0x64, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x6f, 0x6c, 0x64, 0x49, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x02, 0x69, 0x64, 0x22, 0x14, 0x0a, 0x12, 0x44, 0x65,
0x64, 0x12, 0x19, 0x0a, 0x08, 0x6e, 0x65, 0x77, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x77, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x3c, 0x0a, 0x12, 0x22, 0x4c, 0x0a, 0x10, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71,
0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04,
0x73, 0x65, 0x12, 0x26, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01,
0x32, 0x12, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69,
0x55, 0x73, 0x65, 0x72, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x22, 0x23, 0x0a, 0x11, 0x44, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x22, 0x3d,
0x6c, 0x65, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0a, 0x11, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f,
0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x02, 0x69, 0x64, 0x22, 0x6e, 0x73, 0x65, 0x12, 0x28, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03,
0x14, 0x0a, 0x12, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76,
0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x4c, 0x0a, 0x10, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x42, 0x29, 0x5a,
0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6a, 0x75, 0x61, 0x6e,
0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x66, 0x6f, 0x6e, 0x74, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x67,
0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x6d,
0x61, 0x69, 0x6c, 0x22, 0x3d, 0x0a, 0x11, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x73,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x28, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72,
0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63,
0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52, 0x05, 0x75, 0x73, 0x65,
0x72, 0x73, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
0x2f, 0x6a, 0x75, 0x61, 0x6e, 0x66, 0x6f, 0x6e, 0x74, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63,
0x61, 0x6c, 0x65, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x33,
} }
var ( var (

View File

@ -1039,6 +1039,15 @@
"properties": { "properties": {
"name": { "name": {
"type": "string" "type": "string"
},
"displayName": {
"type": "string"
},
"email": {
"type": "string"
},
"pictureUrl": {
"type": "string"
} }
} }
}, },

View File

@ -278,9 +278,9 @@ func TestConstraints(t *testing.T) {
{ {
name: "no-duplicate-username-if-no-oidc", name: "no-duplicate-username-if-no-oidc",
run: func(t *testing.T, db *gorm.DB) { run: func(t *testing.T, db *gorm.DB) {
_, err := CreateUser(db, "user1") _, err := CreateUser(db, types.User{Name: "user1"})
require.NoError(t, err) require.NoError(t, err)
_, err = CreateUser(db, "user1") _, err = CreateUser(db, types.User{Name: "user1"})
requireConstraintFailed(t, err) requireConstraintFailed(t, err)
}, },
}, },
@ -331,7 +331,7 @@ func TestConstraints(t *testing.T) {
{ {
name: "allow-duplicate-username-cli-then-oidc", name: "allow-duplicate-username-cli-then-oidc",
run: func(t *testing.T, db *gorm.DB) { run: func(t *testing.T, db *gorm.DB) {
_, err := CreateUser(db, "user1") // Create CLI username _, err := CreateUser(db, types.User{Name: "user1"}) // Create CLI username
require.NoError(t, err) require.NoError(t, err)
user := types.User{ user := types.User{
@ -354,7 +354,7 @@ func TestConstraints(t *testing.T) {
err := db.Save(&user).Error err := db.Save(&user).Error
require.NoError(t, err) require.NoError(t, err)
_, err = CreateUser(db, "user1") // Create CLI username _, err = CreateUser(db, types.User{Name: "user1"}) // Create CLI username
require.NoError(t, err) require.NoError(t, err)
}, },
}, },

View File

@ -27,7 +27,7 @@ import (
) )
func (s *Suite) TestGetNode(c *check.C) { func (s *Suite) TestGetNode(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -56,7 +56,7 @@ func (s *Suite) TestGetNode(c *check.C) {
} }
func (s *Suite) TestGetNodeByID(c *check.C) { func (s *Suite) TestGetNodeByID(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -85,7 +85,7 @@ func (s *Suite) TestGetNodeByID(c *check.C) {
} }
func (s *Suite) TestGetNodeByAnyNodeKey(c *check.C) { func (s *Suite) TestGetNodeByAnyNodeKey(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -116,7 +116,7 @@ func (s *Suite) TestGetNodeByAnyNodeKey(c *check.C) {
} }
func (s *Suite) TestHardDeleteNode(c *check.C) { func (s *Suite) TestHardDeleteNode(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
nodeKey := key.NewNode() nodeKey := key.NewNode()
@ -141,7 +141,7 @@ func (s *Suite) TestHardDeleteNode(c *check.C) {
} }
func (s *Suite) TestListPeers(c *check.C) { func (s *Suite) TestListPeers(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -188,7 +188,7 @@ func (s *Suite) TestGetACLFilteredPeers(c *check.C) {
stor := make([]base, 0) stor := make([]base, 0)
for _, name := range []string{"test", "admin"} { for _, name := range []string{"test", "admin"} {
user, err := db.CreateUser(name) user, err := db.CreateUser(types.User{Name: name})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
@ -279,7 +279,7 @@ func (s *Suite) TestGetACLFilteredPeers(c *check.C) {
} }
func (s *Suite) TestExpireNode(c *check.C) { func (s *Suite) TestExpireNode(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -320,7 +320,7 @@ func (s *Suite) TestExpireNode(c *check.C) {
} }
func (s *Suite) TestSetTags(c *check.C) { func (s *Suite) TestSetTags(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -565,7 +565,7 @@ func TestAutoApproveRoutes(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
require.NotNil(t, pol) require.NotNil(t, pol)
user, err := adb.CreateUser("test") user, err := adb.CreateUser(types.User{Name: "test"})
require.NoError(t, err) require.NoError(t, err)
pak, err := adb.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := adb.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -706,7 +706,7 @@ func TestListEphemeralNodes(t *testing.T) {
t.Fatalf("creating db: %s", err) t.Fatalf("creating db: %s", err)
} }
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
require.NoError(t, err) require.NoError(t, err)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -762,10 +762,10 @@ func TestRenameNode(t *testing.T) {
t.Fatalf("creating db: %s", err) t.Fatalf("creating db: %s", err)
} }
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
require.NoError(t, err) require.NoError(t, err)
user2, err := db.CreateUser("test2") user2, err := db.CreateUser(types.User{Name: "user2"})
require.NoError(t, err) require.NoError(t, err)
node := types.Node{ node := types.Node{

View File

@ -15,7 +15,7 @@ func (*Suite) TestCreatePreAuthKey(c *check.C) {
_, err := db.CreatePreAuthKey(12345, true, false, nil, nil) _, err := db.CreatePreAuthKey(12345, true, false, nil, nil)
c.Assert(err, check.NotNil) c.Assert(err, check.NotNil)
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
key, err := db.CreatePreAuthKey(types.UserID(user.ID), true, false, nil, nil) key, err := db.CreatePreAuthKey(types.UserID(user.ID), true, false, nil, nil)
@ -41,7 +41,7 @@ func (*Suite) TestCreatePreAuthKey(c *check.C) {
} }
func (*Suite) TestExpiredPreAuthKey(c *check.C) { func (*Suite) TestExpiredPreAuthKey(c *check.C) {
user, err := db.CreateUser("test2") user, err := db.CreateUser(types.User{Name: "test2"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
now := time.Now().Add(-5 * time.Second) now := time.Now().Add(-5 * time.Second)
@ -60,7 +60,7 @@ func (*Suite) TestPreAuthKeyDoesNotExist(c *check.C) {
} }
func (*Suite) TestValidateKeyOk(c *check.C) { func (*Suite) TestValidateKeyOk(c *check.C) {
user, err := db.CreateUser("test3") user, err := db.CreateUser(types.User{Name: "test3"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), true, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), true, false, nil, nil)
@ -72,7 +72,7 @@ func (*Suite) TestValidateKeyOk(c *check.C) {
} }
func (*Suite) TestAlreadyUsedKey(c *check.C) { func (*Suite) TestAlreadyUsedKey(c *check.C) {
user, err := db.CreateUser("test4") user, err := db.CreateUser(types.User{Name: "test4"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -94,7 +94,7 @@ func (*Suite) TestAlreadyUsedKey(c *check.C) {
} }
func (*Suite) TestReusableBeingUsedKey(c *check.C) { func (*Suite) TestReusableBeingUsedKey(c *check.C) {
user, err := db.CreateUser("test5") user, err := db.CreateUser(types.User{Name: "test5"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), true, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), true, false, nil, nil)
@ -116,7 +116,7 @@ func (*Suite) TestReusableBeingUsedKey(c *check.C) {
} }
func (*Suite) TestNotReusableNotBeingUsedKey(c *check.C) { func (*Suite) TestNotReusableNotBeingUsedKey(c *check.C) {
user, err := db.CreateUser("test6") user, err := db.CreateUser(types.User{Name: "test6"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -128,7 +128,7 @@ func (*Suite) TestNotReusableNotBeingUsedKey(c *check.C) {
} }
func (*Suite) TestExpirePreauthKey(c *check.C) { func (*Suite) TestExpirePreauthKey(c *check.C) {
user, err := db.CreateUser("test3") user, err := db.CreateUser(types.User{Name: "test3"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), true, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), true, false, nil, nil)
@ -145,7 +145,7 @@ func (*Suite) TestExpirePreauthKey(c *check.C) {
} }
func (*Suite) TestNotReusableMarkedAsUsed(c *check.C) { func (*Suite) TestNotReusableMarkedAsUsed(c *check.C) {
user, err := db.CreateUser("test6") user, err := db.CreateUser(types.User{Name: "test6"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -158,7 +158,7 @@ func (*Suite) TestNotReusableMarkedAsUsed(c *check.C) {
} }
func (*Suite) TestPreAuthKeyACLTags(c *check.C) { func (*Suite) TestPreAuthKeyACLTags(c *check.C) {
user, err := db.CreateUser("test8") user, err := db.CreateUser(types.User{Name: "test8"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
_, err = db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, []string{"badtag"}) _, err = db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, []string{"badtag"})

View File

@ -32,7 +32,7 @@ var mp = func(p string) netip.Prefix {
} }
func (s *Suite) TestGetRoutes(c *check.C) { func (s *Suite) TestGetRoutes(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -76,7 +76,7 @@ func (s *Suite) TestGetRoutes(c *check.C) {
} }
func (s *Suite) TestGetEnableRoutes(c *check.C) { func (s *Suite) TestGetEnableRoutes(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -150,7 +150,7 @@ func (s *Suite) TestGetEnableRoutes(c *check.C) {
} }
func (s *Suite) TestIsUniquePrefix(c *check.C) { func (s *Suite) TestIsUniquePrefix(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -231,7 +231,7 @@ func (s *Suite) TestIsUniquePrefix(c *check.C) {
} }
func (s *Suite) TestDeleteRoutes(c *check.C) { func (s *Suite) TestDeleteRoutes(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)

View File

@ -15,22 +15,19 @@ var (
ErrUserStillHasNodes = errors.New("user not empty: node(s) found") ErrUserStillHasNodes = errors.New("user not empty: node(s) found")
) )
func (hsdb *HSDatabase) CreateUser(name string) (*types.User, error) { func (hsdb *HSDatabase) CreateUser(user types.User) (*types.User, error) {
return Write(hsdb.DB, func(tx *gorm.DB) (*types.User, error) { return Write(hsdb.DB, func(tx *gorm.DB) (*types.User, error) {
return CreateUser(tx, name) return CreateUser(tx, user)
}) })
} }
// CreateUser creates a new User. Returns error if could not be created // CreateUser creates a new User. Returns error if could not be created
// or another user already exists. // or another user already exists.
func CreateUser(tx *gorm.DB, name string) (*types.User, error) { func CreateUser(tx *gorm.DB, user types.User) (*types.User, error) {
err := util.CheckForFQDNRules(name) err := util.CheckForFQDNRules(user.Name)
if err != nil { if err != nil {
return nil, err return nil, err
} }
user := types.User{
Name: name,
}
if err := tx.Create(&user).Error; err != nil { if err := tx.Create(&user).Error; err != nil {
return nil, fmt.Errorf("creating user: %w", err) return nil, fmt.Errorf("creating user: %w", err)
} }

View File

@ -11,7 +11,7 @@ import (
) )
func (s *Suite) TestCreateAndDestroyUser(c *check.C) { func (s *Suite) TestCreateAndDestroyUser(c *check.C) {
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
c.Assert(user.Name, check.Equals, "test") c.Assert(user.Name, check.Equals, "test")
@ -30,7 +30,7 @@ func (s *Suite) TestDestroyUserErrors(c *check.C) {
err := db.DestroyUser(9998) err := db.DestroyUser(9998)
c.Assert(err, check.Equals, ErrUserNotFound) c.Assert(err, check.Equals, ErrUserNotFound)
user, err := db.CreateUser("test") user, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -43,7 +43,7 @@ func (s *Suite) TestDestroyUserErrors(c *check.C) {
// destroying a user also deletes all associated preauthkeys // destroying a user also deletes all associated preauthkeys
c.Assert(result.Error, check.Equals, gorm.ErrRecordNotFound) c.Assert(result.Error, check.Equals, gorm.ErrRecordNotFound)
user, err = db.CreateUser("test") user, err = db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err = db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil) pak, err = db.CreatePreAuthKey(types.UserID(user.ID), false, false, nil, nil)
@ -64,7 +64,7 @@ func (s *Suite) TestDestroyUserErrors(c *check.C) {
} }
func (s *Suite) TestRenameUser(c *check.C) { func (s *Suite) TestRenameUser(c *check.C) {
userTest, err := db.CreateUser("test") userTest, err := db.CreateUser(types.User{Name: "test"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
c.Assert(userTest.Name, check.Equals, "test") c.Assert(userTest.Name, check.Equals, "test")
@ -86,7 +86,7 @@ func (s *Suite) TestRenameUser(c *check.C) {
err = db.RenameUser(99988, "test") err = db.RenameUser(99988, "test")
c.Assert(err, check.Equals, ErrUserNotFound) c.Assert(err, check.Equals, ErrUserNotFound)
userTest2, err := db.CreateUser("test2") userTest2, err := db.CreateUser(types.User{Name: "test2"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
c.Assert(userTest2.Name, check.Equals, "test2") c.Assert(userTest2.Name, check.Equals, "test2")
@ -98,10 +98,10 @@ func (s *Suite) TestRenameUser(c *check.C) {
} }
func (s *Suite) TestSetMachineUser(c *check.C) { func (s *Suite) TestSetMachineUser(c *check.C) {
oldUser, err := db.CreateUser("old") oldUser, err := db.CreateUser(types.User{Name: "old"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
newUser, err := db.CreateUser("new") newUser, err := db.CreateUser(types.User{Name: "new"})
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(types.UserID(oldUser.ID), false, false, nil, nil) pak, err := db.CreatePreAuthKey(types.UserID(oldUser.ID), false, false, nil, nil)

View File

@ -11,7 +11,9 @@ import (
"strings" "strings"
"time" "time"
"github.com/puzpuzpuz/xsync/v3"
"github.com/rs/zerolog/log" "github.com/rs/zerolog/log"
"github.com/samber/lo"
"google.golang.org/grpc/codes" "google.golang.org/grpc/codes"
"google.golang.org/grpc/status" "google.golang.org/grpc/status"
"google.golang.org/protobuf/types/known/timestamppb" "google.golang.org/protobuf/types/known/timestamppb"
@ -21,6 +23,7 @@ import (
v1 "github.com/juanfont/headscale/gen/go/headscale/v1" v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/juanfont/headscale/hscontrol/db" "github.com/juanfont/headscale/hscontrol/db"
"github.com/juanfont/headscale/hscontrol/policy"
"github.com/juanfont/headscale/hscontrol/types" "github.com/juanfont/headscale/hscontrol/types"
"github.com/juanfont/headscale/hscontrol/util" "github.com/juanfont/headscale/hscontrol/util"
) )
@ -40,7 +43,13 @@ func (api headscaleV1APIServer) CreateUser(
ctx context.Context, ctx context.Context,
request *v1.CreateUserRequest, request *v1.CreateUserRequest,
) (*v1.CreateUserResponse, error) { ) (*v1.CreateUserResponse, error) {
user, err := api.h.db.CreateUser(request.GetName()) newUser := types.User{
Name: request.GetName(),
DisplayName: request.GetDisplayName(),
Email: request.GetEmail(),
ProfilePicURL: request.GetPictureUrl(),
}
user, err := api.h.db.CreateUser(newUser)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -457,19 +466,7 @@ func (api headscaleV1APIServer) ListNodes(
return nil, err return nil, err
} }
response := make([]*v1.Node, len(nodes)) response := nodesToProto(api.h.polMan, isLikelyConnected, nodes)
for index, node := range nodes {
resp := node.Proto()
// Populate the online field based on
// currently connected nodes.
if val, ok := isLikelyConnected.Load(node.ID); ok && val {
resp.Online = true
}
response[index] = resp
}
return &v1.ListNodesResponse{Nodes: response}, nil return &v1.ListNodesResponse{Nodes: response}, nil
} }
@ -482,6 +479,11 @@ func (api headscaleV1APIServer) ListNodes(
return nodes[i].ID < nodes[j].ID return nodes[i].ID < nodes[j].ID
}) })
response := nodesToProto(api.h.polMan, isLikelyConnected, nodes)
return &v1.ListNodesResponse{Nodes: response}, nil
}
func nodesToProto(polMan policy.PolicyManager, isLikelyConnected *xsync.MapOf[types.NodeID, bool], nodes types.Nodes) []*v1.Node {
response := make([]*v1.Node, len(nodes)) response := make([]*v1.Node, len(nodes))
for index, node := range nodes { for index, node := range nodes {
resp := node.Proto() resp := node.Proto()
@ -492,12 +494,12 @@ func (api headscaleV1APIServer) ListNodes(
resp.Online = true resp.Online = true
} }
validTags := api.h.polMan.Tags(node) tags := polMan.Tags(node)
resp.ValidTags = validTags resp.ValidTags = lo.Uniq(append(tags, node.ForcedTags...))
response[index] = resp response[index] = resp
} }
return &v1.ListNodesResponse{Nodes: response}, nil return response
} }
func (api headscaleV1APIServer) MoveNode( func (api headscaleV1APIServer) MoveNode(

View File

@ -5,6 +5,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"io" "io"
"iter"
"net/netip" "net/netip"
"os" "os"
"slices" "slices"
@ -361,39 +362,69 @@ func (pol *ACLPolicy) CompileSSHPolicy(
) )
} }
principals := make([]*tailcfg.SSHPrincipal, 0, len(sshACL.Sources)) var principals []*tailcfg.SSHPrincipal
for innerIndex, rawSrc := range sshACL.Sources { for innerIndex, srcToken := range sshACL.Sources {
if isWildcard(rawSrc) { if isWildcard(srcToken) {
principals = append(principals, &tailcfg.SSHPrincipal{ principals = []*tailcfg.SSHPrincipal{{
Any: true, Any: true,
}) }}
} else if isGroup(rawSrc) { break
users, err := pol.expandUsersFromGroup(rawSrc) }
// If the token is a group, expand the users and validate
// them. Then use the .Username() to get the login name
// that corresponds with the User info in the netmap.
if isGroup(srcToken) {
usersFromGroup, err := pol.expandUsersFromGroup(srcToken)
if err != nil { if err != nil {
return nil, fmt.Errorf("parsing SSH policy, expanding user from group, index: %d->%d: %w", index, innerIndex, err) return nil, fmt.Errorf("parsing SSH policy, expanding user from group, index: %d->%d: %w", index, innerIndex, err)
} }
for _, user := range users { for _, userStr := range usersFromGroup {
user, err := findUserFromTokenOrErr(users, userStr)
if err != nil {
log.Trace().Err(err).Msg("user not found")
continue
}
principals = append(principals, &tailcfg.SSHPrincipal{ principals = append(principals, &tailcfg.SSHPrincipal{
UserLogin: user, UserLogin: user.Username(),
}) })
} }
} else {
expandedSrcs, err := pol.ExpandAlias( continue
}
// Try to check if the token is a user, if it is, then we
// can use the .Username() to get the login name that
// corresponds with the User info in the netmap.
// TODO(kradalby): This is a bit of a hack, and it should go
// away with the new policy where users can be reliably determined.
if user, err := findUserFromTokenOrErr(users, srcToken); err == nil {
principals = append(principals, &tailcfg.SSHPrincipal{
UserLogin: user.Username(),
})
continue
}
// This is kind of then non-ideal scenario where we dont really know
// what to do with the token, so we expand it to IP addresses of nodes.
// The pro here is that we have a pretty good lockdown on the mapping
// between users and node, but it can explode if a user owns many nodes.
ips, err := pol.ExpandAlias(
peers, peers,
users, users,
rawSrc, srcToken,
) )
if err != nil { if err != nil {
return nil, fmt.Errorf("parsing SSH policy, expanding alias, index: %d->%d: %w", index, innerIndex, err) return nil, fmt.Errorf("parsing SSH policy, expanding alias, index: %d->%d: %w", index, innerIndex, err)
} }
for _, expandedSrc := range expandedSrcs.Prefixes() { for addr := range ipSetAll(ips) {
principals = append(principals, &tailcfg.SSHPrincipal{ principals = append(principals, &tailcfg.SSHPrincipal{
NodeIP: expandedSrc.Addr().String(), NodeIP: addr.String(),
}) })
} }
} }
}
userMap := make(map[string]string, len(sshACL.Users)) userMap := make(map[string]string, len(sshACL.Users))
for _, user := range sshACL.Users { for _, user := range sshACL.Users {
@ -411,6 +442,19 @@ func (pol *ACLPolicy) CompileSSHPolicy(
}, nil }, nil
} }
// ipSetAll returns a function that iterates over all the IPs in the IPSet.
func ipSetAll(ipSet *netipx.IPSet) iter.Seq[netip.Addr] {
return func(yield func(netip.Addr) bool) {
for _, rng := range ipSet.Ranges() {
for ip := rng.From(); ip.Compare(rng.To()) <= 0; ip = ip.Next() {
if !yield(ip) {
return
}
}
}
}
}
func sshCheckAction(duration string) (*tailcfg.SSHAction, error) { func sshCheckAction(duration string) (*tailcfg.SSHAction, error) {
sessionLength, err := time.ParseDuration(duration) sessionLength, err := time.ParseDuration(duration)
if err != nil { if err != nil {
@ -934,6 +978,7 @@ func isAutoGroup(str string) bool {
// Invalid tags are tags added by a user on a node, and that user doesn't have authority to add this tag. // Invalid tags are tags added by a user on a node, and that user doesn't have authority to add this tag.
// Valid tags are tags added by a user that is allowed in the ACL policy to add this tag. // Valid tags are tags added by a user that is allowed in the ACL policy to add this tag.
func (pol *ACLPolicy) TagsOfNode( func (pol *ACLPolicy) TagsOfNode(
users []types.User,
node *types.Node, node *types.Node,
) ([]string, []string) { ) ([]string, []string) {
var validTags []string var validTags []string
@ -956,7 +1001,12 @@ func (pol *ACLPolicy) TagsOfNode(
} }
var found bool var found bool
for _, owner := range owners { for _, owner := range owners {
if node.User.Username() == owner { user, err := findUserFromTokenOrErr(users, owner)
if err != nil {
log.Trace().Caller().Err(err).Msg("could not determine user to filter tags by")
}
if node.User.ID == user.ID {
found = true found = true
} }
} }
@ -988,29 +1038,11 @@ func (pol *ACLPolicy) TagsOfNode(
func filterNodesByUser(nodes types.Nodes, users []types.User, userToken string) types.Nodes { func filterNodesByUser(nodes types.Nodes, users []types.User, userToken string) types.Nodes {
var out types.Nodes var out types.Nodes
var potentialUsers []types.User user, err := findUserFromTokenOrErr(users, userToken)
for _, user := range users { if err != nil {
if user.ProviderIdentifier.Valid && user.ProviderIdentifier.String == userToken { log.Trace().Caller().Err(err).Msg("could not determine user to filter nodes by")
// If a user is matching with a known unique field, return out
// disgard all other users and only keep the current
// user.
potentialUsers = []types.User{user}
break
} }
if user.Email == userToken {
potentialUsers = append(potentialUsers, user)
}
if user.Name == userToken {
potentialUsers = append(potentialUsers, user)
}
}
if len(potentialUsers) != 1 {
return nil
}
user := potentialUsers[0]
for _, node := range nodes { for _, node := range nodes {
if node.User.ID == user.ID { if node.User.ID == user.ID {
@ -1021,6 +1053,44 @@ func filterNodesByUser(nodes types.Nodes, users []types.User, userToken string)
return out return out
} }
var (
ErrorNoUserMatching = errors.New("no user matching")
ErrorMultipleUserMatching = errors.New("multiple users matching")
)
func findUserFromTokenOrErr(
users []types.User,
token string,
) (types.User, error) {
var potentialUsers []types.User
for _, user := range users {
if user.ProviderIdentifier.Valid && user.ProviderIdentifier.String == token {
// If a user is matching with a known unique field,
// disgard all other users and only keep the current
// user.
potentialUsers = []types.User{user}
break
}
if user.Email == token {
potentialUsers = append(potentialUsers, user)
}
if user.Name == token {
potentialUsers = append(potentialUsers, user)
}
}
if len(potentialUsers) == 0 {
return types.User{}, fmt.Errorf("user with token %q not found: %w", token, ErrorNoUserMatching)
}
if len(potentialUsers) > 1 {
return types.User{}, fmt.Errorf("multiple users with token %q found: %w", token, ErrorNoUserMatching)
}
return potentialUsers[0], nil
}
// FilterNodesByACL returns the list of peers authorized to be accessed from a given node. // FilterNodesByACL returns the list of peers authorized to be accessed from a given node.
func FilterNodesByACL( func FilterNodesByACL(
node *types.Node, node *types.Node,

View File

@ -2735,6 +2735,12 @@ func TestReduceFilterRules(t *testing.T) {
} }
func Test_getTags(t *testing.T) { func Test_getTags(t *testing.T) {
users := []types.User{
{
Model: gorm.Model{ID: 1},
Name: "joe",
},
}
type args struct { type args struct {
aclPolicy *ACLPolicy aclPolicy *ACLPolicy
node *types.Node node *types.Node
@ -2754,9 +2760,7 @@ func Test_getTags(t *testing.T) {
}, },
}, },
node: &types.Node{ node: &types.Node{
User: types.User{ User: users[0],
Name: "joe",
},
Hostinfo: &tailcfg.Hostinfo{ Hostinfo: &tailcfg.Hostinfo{
RequestTags: []string{"tag:valid"}, RequestTags: []string{"tag:valid"},
}, },
@ -2774,9 +2778,7 @@ func Test_getTags(t *testing.T) {
}, },
}, },
node: &types.Node{ node: &types.Node{
User: types.User{ User: users[0],
Name: "joe",
},
Hostinfo: &tailcfg.Hostinfo{ Hostinfo: &tailcfg.Hostinfo{
RequestTags: []string{"tag:valid", "tag:invalid"}, RequestTags: []string{"tag:valid", "tag:invalid"},
}, },
@ -2794,9 +2796,7 @@ func Test_getTags(t *testing.T) {
}, },
}, },
node: &types.Node{ node: &types.Node{
User: types.User{ User: users[0],
Name: "joe",
},
Hostinfo: &tailcfg.Hostinfo{ Hostinfo: &tailcfg.Hostinfo{
RequestTags: []string{ RequestTags: []string{
"tag:invalid", "tag:invalid",
@ -2818,9 +2818,7 @@ func Test_getTags(t *testing.T) {
}, },
}, },
node: &types.Node{ node: &types.Node{
User: types.User{ User: users[0],
Name: "joe",
},
Hostinfo: &tailcfg.Hostinfo{ Hostinfo: &tailcfg.Hostinfo{
RequestTags: []string{"tag:invalid", "very-invalid"}, RequestTags: []string{"tag:invalid", "very-invalid"},
}, },
@ -2834,9 +2832,7 @@ func Test_getTags(t *testing.T) {
args: args{ args: args{
aclPolicy: &ACLPolicy{}, aclPolicy: &ACLPolicy{},
node: &types.Node{ node: &types.Node{
User: types.User{ User: users[0],
Name: "joe",
},
Hostinfo: &tailcfg.Hostinfo{ Hostinfo: &tailcfg.Hostinfo{
RequestTags: []string{"tag:invalid", "very-invalid"}, RequestTags: []string{"tag:invalid", "very-invalid"},
}, },
@ -2849,6 +2845,7 @@ func Test_getTags(t *testing.T) {
for _, test := range tests { for _, test := range tests {
t.Run(test.name, func(t *testing.T) { t.Run(test.name, func(t *testing.T) {
gotValid, gotInvalid := test.args.aclPolicy.TagsOfNode( gotValid, gotInvalid := test.args.aclPolicy.TagsOfNode(
users,
test.args.node, test.args.node,
) )
for _, valid := range gotValid { for _, valid := range gotValid {
@ -3542,6 +3539,11 @@ func Test_getFilteredByACLPeers(t *testing.T) {
} }
func TestSSHRules(t *testing.T) { func TestSSHRules(t *testing.T) {
users := []types.User{
{
Name: "user1",
},
}
tests := []struct { tests := []struct {
name string name string
node types.Node node types.Node
@ -3555,18 +3557,14 @@ func TestSSHRules(t *testing.T) {
Hostname: "testnodes", Hostname: "testnodes",
IPv4: iap("100.64.99.42"), IPv4: iap("100.64.99.42"),
UserID: 0, UserID: 0,
User: types.User{ User: users[0],
Name: "user1",
},
}, },
peers: types.Nodes{ peers: types.Nodes{
&types.Node{ &types.Node{
Hostname: "testnodes2", Hostname: "testnodes2",
IPv4: iap("100.64.0.1"), IPv4: iap("100.64.0.1"),
UserID: 0, UserID: 0,
User: types.User{ User: users[0],
Name: "user1",
},
}, },
}, },
pol: ACLPolicy{ pol: ACLPolicy{
@ -3679,18 +3677,14 @@ func TestSSHRules(t *testing.T) {
Hostname: "testnodes", Hostname: "testnodes",
IPv4: iap("100.64.0.1"), IPv4: iap("100.64.0.1"),
UserID: 0, UserID: 0,
User: types.User{ User: users[0],
Name: "user1",
},
}, },
peers: types.Nodes{ peers: types.Nodes{
&types.Node{ &types.Node{
Hostname: "testnodes2", Hostname: "testnodes2",
IPv4: iap("100.64.99.42"), IPv4: iap("100.64.99.42"),
UserID: 0, UserID: 0,
User: types.User{ User: users[0],
Name: "user1",
},
}, },
}, },
pol: ACLPolicy{ pol: ACLPolicy{
@ -3728,7 +3722,7 @@ func TestSSHRules(t *testing.T) {
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
got, err := tt.pol.CompileSSHPolicy(&tt.node, []types.User{}, tt.peers) got, err := tt.pol.CompileSSHPolicy(&tt.node, users, tt.peers)
require.NoError(t, err) require.NoError(t, err)
if diff := cmp.Diff(tt.want, got); diff != "" { if diff := cmp.Diff(tt.want, got); diff != "" {

View File

@ -8,6 +8,7 @@ import (
"sync" "sync"
"github.com/juanfont/headscale/hscontrol/types" "github.com/juanfont/headscale/hscontrol/types"
"github.com/rs/zerolog/log"
"go4.org/netipx" "go4.org/netipx"
"tailscale.com/tailcfg" "tailscale.com/tailcfg"
"tailscale.com/util/deephash" "tailscale.com/util/deephash"
@ -161,7 +162,8 @@ func (pm *PolicyManagerV1) Tags(node *types.Node) []string {
return nil return nil
} }
tags, _ := pm.pol.TagsOfNode(node) tags, invalid := pm.pol.TagsOfNode(pm.users, node)
log.Debug().Strs("authorised_tags", tags).Strs("unauthorised_tags", invalid).Uint64("node.id", node.ID.Uint64()).Msg("tags provided by policy")
return tags return tags
} }

View File

@ -119,8 +119,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
}, },
}, },
}, want: map[string]int{ }, want: map[string]int{
"user1": 3, // ns1 + ns2 "user1@test.no": 3, // ns1 + ns2
"user2": 3, // ns2 + ns1 "user2@test.no": 3, // ns2 + ns1
}, },
}, },
// Test that when we have two users, which cannot see // Test that when we have two users, which cannot see
@ -145,8 +145,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
}, },
}, },
}, want: map[string]int{ }, want: map[string]int{
"user1": 1, "user1@test.no": 1,
"user2": 1, "user2@test.no": 1,
}, },
}, },
// Test that when we have two users, with ACLs and they // Test that when we have two users, with ACLs and they
@ -181,8 +181,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
}, },
}, },
}, want: map[string]int{ }, want: map[string]int{
"user1": 3, "user1@test.no": 3,
"user2": 3, "user2@test.no": 3,
}, },
}, },
// Test that when we have two users, that are isolated, // Test that when we have two users, that are isolated,
@ -213,8 +213,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
}, },
}, },
}, want: map[string]int{ }, want: map[string]int{
"user1": 3, // ns1 + ns2 "user1@test.no": 3, // ns1 + ns2
"user2": 3, // ns1 + ns2 (return path) "user2@test.no": 3, // ns1 + ns2 (return path)
}, },
}, },
"very-large-destination-prefix-1372": { "very-large-destination-prefix-1372": {
@ -241,8 +241,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
}, },
}, },
}, want: map[string]int{ }, want: map[string]int{
"user1": 3, // ns1 + ns2 "user1@test.no": 3, // ns1 + ns2
"user2": 3, // ns1 + ns2 (return path) "user2@test.no": 3, // ns1 + ns2 (return path)
}, },
}, },
"ipv6-acls-1470": { "ipv6-acls-1470": {
@ -259,8 +259,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
}, },
}, },
}, want: map[string]int{ }, want: map[string]int{
"user1": 3, // ns1 + ns2 "user1@test.no": 3, // ns1 + ns2
"user2": 3, // ns2 + ns1 "user2@test.no": 3, // ns2 + ns1
}, },
}, },
} }
@ -282,7 +282,7 @@ func TestACLHostsInNetMapTable(t *testing.T) {
allClients, err := scenario.ListTailscaleClients() allClients, err := scenario.ListTailscaleClients()
require.NoError(t, err) require.NoError(t, err)
err = scenario.WaitForTailscaleSyncWithPeerCount(testCase.want["user1"]) err = scenario.WaitForTailscaleSyncWithPeerCount(testCase.want["user1@test.no"])
require.NoError(t, err) require.NoError(t, err)
for _, client := range allClients { for _, client := range allClients {

View File

@ -132,6 +132,7 @@ func TestOIDCAuthenticationPingAll(t *testing.T) {
{ {
Id: 1, Id: 1,
Name: "user1", Name: "user1",
Email: "user1@test.no",
}, },
{ {
Id: 2, Id: 2,
@ -143,6 +144,7 @@ func TestOIDCAuthenticationPingAll(t *testing.T) {
{ {
Id: 3, Id: 3,
Name: "user2", Name: "user2",
Email: "user2@test.no",
}, },
{ {
Id: 4, Id: 4,
@ -262,6 +264,7 @@ func TestOIDC024UserCreation(t *testing.T) {
{ {
Id: 1, Id: 1,
Name: "user1", Name: "user1",
Email: "user1@test.no",
}, },
{ {
Id: 2, Id: 2,
@ -273,6 +276,7 @@ func TestOIDC024UserCreation(t *testing.T) {
{ {
Id: 3, Id: 3,
Name: "user2", Name: "user2",
Email: "user2@test.no",
}, },
{ {
Id: 4, Id: 4,
@ -297,6 +301,7 @@ func TestOIDC024UserCreation(t *testing.T) {
{ {
Id: 1, Id: 1,
Name: "user1", Name: "user1",
Email: "user1@test.no",
}, },
{ {
Id: 2, Id: 2,
@ -307,6 +312,7 @@ func TestOIDC024UserCreation(t *testing.T) {
{ {
Id: 3, Id: 3,
Name: "user2", Name: "user2",
Email: "user2@test.no",
}, },
{ {
Id: 4, Id: 4,
@ -359,6 +365,7 @@ func TestOIDC024UserCreation(t *testing.T) {
{ {
Id: 1, Id: 1,
Name: "user1", Name: "user1",
Email: "user1@test.no",
}, },
{ {
Id: 2, Id: 2,
@ -369,6 +376,7 @@ func TestOIDC024UserCreation(t *testing.T) {
{ {
Id: 3, Id: 3,
Name: "user2", Name: "user2",
Email: "user2@test.no",
}, },
{ {
Id: 4, Id: 4,
@ -423,6 +431,7 @@ func TestOIDC024UserCreation(t *testing.T) {
{ {
Id: 1, Id: 1,
Name: "user1.headscale.net", Name: "user1.headscale.net",
Email: "user1.headscale.net@test.no",
}, },
{ {
Id: 2, Id: 2,
@ -433,6 +442,7 @@ func TestOIDC024UserCreation(t *testing.T) {
{ {
Id: 3, Id: 3,
Name: "user2.headscale.net", Name: "user2.headscale.net",
Email: "user2.headscale.net@test.no",
}, },
{ {
Id: 4, Id: 4,

View File

@ -137,6 +137,7 @@ func TestUserCommand(t *testing.T) {
{ {
Id: 1, Id: 1,
Name: "user1", Name: "user1",
Email: "user1@test.no",
}, },
} }
@ -163,6 +164,7 @@ func TestUserCommand(t *testing.T) {
{ {
Id: 1, Id: 1,
Name: "user1", Name: "user1",
Email: "user1@test.no",
}, },
} }
@ -201,6 +203,7 @@ func TestUserCommand(t *testing.T) {
{ {
Id: 2, Id: 2,
Name: "newname", Name: "newname",
Email: "user2@test.no",
}, },
} }
@ -930,7 +933,23 @@ func TestNodeAdvertiseTagCommand(t *testing.T) {
wantTag: false, wantTag: false,
}, },
{ {
name: "with-policy", name: "with-policy-email",
policy: &policy.ACLPolicy{
ACLs: []policy.ACL{
{
Action: "accept",
Sources: []string{"*"},
Destinations: []string{"*:*"},
},
},
TagOwners: map[string][]string{
"tag:test": {"user1@test.no"},
},
},
wantTag: true,
},
{
name: "with-policy-username",
policy: &policy.ACLPolicy{ policy: &policy.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policy.ACL{
{ {
@ -945,13 +964,32 @@ func TestNodeAdvertiseTagCommand(t *testing.T) {
}, },
wantTag: true, wantTag: true,
}, },
{
name: "with-policy-groups",
policy: &policy.ACLPolicy{
Groups: policy.Groups{
"group:admins": []string{"user1"},
},
ACLs: []policy.ACL{
{
Action: "accept",
Sources: []string{"*"},
Destinations: []string{"*:*"},
},
},
TagOwners: map[string][]string{
"tag:test": {"group:admins"},
},
},
wantTag: true,
},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
scenario, err := NewScenario(dockertestMaxWait()) scenario, err := NewScenario(dockertestMaxWait())
assertNoErr(t, err) assertNoErr(t, err)
// defer scenario.ShutdownAssertNoPanics(t) defer scenario.ShutdownAssertNoPanics(t)
spec := map[string]int{ spec := map[string]int{
"user1": 1, "user1": 1,

View File

@ -702,7 +702,7 @@ func (t *HeadscaleInContainer) WaitForRunning() error {
func (t *HeadscaleInContainer) CreateUser( func (t *HeadscaleInContainer) CreateUser(
user string, user string,
) error { ) error {
command := []string{"headscale", "users", "create", user} command := []string{"headscale", "users", "create", user, fmt.Sprintf("--email=%s@test.no", user)}
_, _, err := dockertestutil.ExecuteCommand( _, _, err := dockertestutil.ExecuteCommand(
t.container, t.container,

View File

@ -69,9 +69,6 @@ func sshScenario(t *testing.T, policy *policy.ACLPolicy, clientsPerUser int) *Sc
}, },
hsic.WithACLPolicy(policy), hsic.WithACLPolicy(policy),
hsic.WithTestName("ssh"), hsic.WithTestName("ssh"),
hsic.WithConfigEnv(map[string]string{
"HEADSCALE_EXPERIMENTAL_FEATURE_SSH": "1",
}),
) )
assertNoErr(t, err) assertNoErr(t, err)

View File

@ -15,7 +15,12 @@ message User {
string profile_pic_url = 8; string profile_pic_url = 8;
} }
message CreateUserRequest { string name = 1; } message CreateUserRequest {
string name = 1;
string display_name = 2;
string email = 3;
string picture_url = 4;
}
message CreateUserResponse { User user = 1; } message CreateUserResponse { User user = 1; }