2023-03-10 11:44:28 -08:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
package ipn
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
2023-09-27 23:01:09 -07:00
|
|
|
"tailscale.com/ipn/ipnstate"
|
2023-03-10 11:44:28 -08:00
|
|
|
"tailscale.com/tailcfg"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestCheckFunnelAccess(t *testing.T) {
|
2023-09-06 10:17:25 -07:00
|
|
|
caps := func(c ...tailcfg.NodeCapability) []tailcfg.NodeCapability { return c }
|
|
|
|
const portAttr tailcfg.NodeCapability = "https://tailscale.com/cap/funnel-ports?ports=443,8080-8090,8443,"
|
2023-03-10 11:44:28 -08:00
|
|
|
tests := []struct {
|
2023-03-11 08:45:40 -08:00
|
|
|
port uint16
|
2023-09-06 10:17:25 -07:00
|
|
|
caps []tailcfg.NodeCapability
|
2023-03-10 11:44:28 -08:00
|
|
|
wantErr bool
|
|
|
|
}{
|
2023-09-06 10:17:25 -07:00
|
|
|
{443, caps(portAttr), true}, // No "funnel" attribute
|
|
|
|
{443, caps(portAttr, tailcfg.NodeAttrFunnel), true},
|
|
|
|
{443, caps(portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel), false},
|
|
|
|
{8443, caps(portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel), false},
|
|
|
|
{8321, caps(portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel), true},
|
|
|
|
{8083, caps(portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel), false},
|
|
|
|
{8091, caps(portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel), true},
|
|
|
|
{3000, caps(portAttr, tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel), true},
|
2023-03-10 11:44:28 -08:00
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
2023-09-27 23:01:09 -07:00
|
|
|
cm := tailcfg.NodeCapMap{}
|
|
|
|
for _, c := range tt.caps {
|
|
|
|
cm[c] = nil
|
|
|
|
}
|
|
|
|
err := CheckFunnelAccess(tt.port, &ipnstate.PeerStatus{CapMap: cm})
|
2023-03-10 11:44:28 -08:00
|
|
|
switch {
|
|
|
|
case err != nil && tt.wantErr,
|
|
|
|
err == nil && !tt.wantErr:
|
|
|
|
continue
|
|
|
|
case tt.wantErr:
|
|
|
|
t.Fatalf("got no error, want error")
|
|
|
|
case !tt.wantErr:
|
|
|
|
t.Fatalf("got error %v, want no error", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|