2023-03-10 11:44:28 -08:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
package ipn
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"tailscale.com/tailcfg"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestCheckFunnelAccess(t *testing.T) {
|
2023-03-11 08:45:40 -08:00
|
|
|
portAttr := "https://tailscale.com/cap/funnel-ports?ports=443,8080-8090,8443,"
|
2023-03-10 11:44:28 -08:00
|
|
|
tests := []struct {
|
2023-03-11 08:45:40 -08:00
|
|
|
port uint16
|
2023-03-10 11:44:28 -08:00
|
|
|
caps []string
|
|
|
|
wantErr bool
|
|
|
|
}{
|
2023-03-11 08:45:40 -08:00
|
|
|
{443, []string{portAttr}, true}, // No "funnel" attribute
|
2023-08-09 10:06:58 -04:00
|
|
|
{443, []string{portAttr, tailcfg.NodeAttrFunnel}, true},
|
|
|
|
{443, []string{portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel}, false},
|
|
|
|
{8443, []string{portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel}, false},
|
|
|
|
{8321, []string{portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel}, true},
|
|
|
|
{8083, []string{portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel}, false},
|
|
|
|
{8091, []string{portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel}, true},
|
|
|
|
{3000, []string{portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel}, true},
|
2023-03-10 11:44:28 -08:00
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
2023-03-11 08:45:40 -08:00
|
|
|
err := CheckFunnelAccess(tt.port, tt.caps)
|
2023-03-10 11:44:28 -08:00
|
|
|
switch {
|
|
|
|
case err != nil && tt.wantErr,
|
|
|
|
err == nil && !tt.wantErr:
|
|
|
|
continue
|
|
|
|
case tt.wantErr:
|
|
|
|
t.Fatalf("got no error, want error")
|
|
|
|
case !tt.wantErr:
|
|
|
|
t.Fatalf("got error %v, want no error", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|