2021-07-03 05:55:32 -04:00
|
|
|
package headscale
|
|
|
|
|
|
|
|
import (
|
|
|
|
"gopkg.in/check.v1"
|
|
|
|
)
|
|
|
|
|
|
|
|
func (s *Suite) TestWrongPath(c *check.C) {
|
2021-11-15 11:16:04 -05:00
|
|
|
err := app.LoadACLPolicy("asdfg")
|
2021-07-03 05:55:32 -04:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Suite) TestBrokenHuJson(c *check.C) {
|
2021-11-15 11:16:04 -05:00
|
|
|
err := app.LoadACLPolicy("./tests/acls/broken.hujson")
|
2021-07-03 05:55:32 -04:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Suite) TestInvalidPolicyHuson(c *check.C) {
|
2021-11-15 11:16:04 -05:00
|
|
|
err := app.LoadACLPolicy("./tests/acls/invalid.hujson")
|
2021-07-03 05:55:32 -04:00
|
|
|
c.Assert(err, check.NotNil)
|
2021-11-15 11:33:16 -05:00
|
|
|
c.Assert(err, check.Equals, errEmptyPolicy)
|
2021-07-03 05:55:32 -04:00
|
|
|
}
|
|
|
|
|
2021-07-03 11:31:32 -04:00
|
|
|
func (s *Suite) TestParseHosts(c *check.C) {
|
2021-11-15 11:16:04 -05:00
|
|
|
var hosts Hosts
|
|
|
|
err := hosts.UnmarshalJSON(
|
2021-11-13 03:36:45 -05:00
|
|
|
[]byte(
|
|
|
|
`{"example-host-1": "100.100.100.100","example-host-2": "100.100.101.100/24"}`,
|
|
|
|
),
|
|
|
|
)
|
2021-11-15 11:16:04 -05:00
|
|
|
c.Assert(hosts, check.NotNil)
|
2021-07-03 05:55:32 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-07-03 11:31:32 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Suite) TestParseInvalidCIDR(c *check.C) {
|
2021-11-15 11:16:04 -05:00
|
|
|
var hosts Hosts
|
|
|
|
err := hosts.UnmarshalJSON([]byte(`{"example-host-1": "100.100.100.100/42"}`))
|
|
|
|
c.Assert(hosts, check.IsNil)
|
2021-07-03 11:31:32 -04:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Suite) TestRuleInvalidGeneration(c *check.C) {
|
2021-11-15 11:16:04 -05:00
|
|
|
err := app.LoadACLPolicy("./tests/acls/acl_policy_invalid.hujson")
|
2021-07-03 11:31:32 -04:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
}
|
|
|
|
|
2021-07-04 06:35:18 -04:00
|
|
|
func (s *Suite) TestBasicRule(c *check.C) {
|
2021-11-15 11:16:04 -05:00
|
|
|
err := app.LoadACLPolicy("./tests/acls/acl_policy_basic_1.hujson")
|
2021-07-03 11:31:32 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 11:16:04 -05:00
|
|
|
rules, err := app.generateACLRules()
|
2021-07-03 11:31:32 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-07-04 07:01:41 -04:00
|
|
|
c.Assert(rules, check.NotNil)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Suite) TestPortRange(c *check.C) {
|
2021-11-15 11:16:04 -05:00
|
|
|
err := app.LoadACLPolicy("./tests/acls/acl_policy_basic_range.hujson")
|
2021-07-04 07:01:41 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 11:16:04 -05:00
|
|
|
rules, err := app.generateACLRules()
|
2021-07-04 07:01:41 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
c.Assert(rules, check.NotNil)
|
|
|
|
|
2021-11-04 18:16:56 -04:00
|
|
|
c.Assert(rules, check.HasLen, 1)
|
|
|
|
c.Assert((rules)[0].DstPorts, check.HasLen, 1)
|
|
|
|
c.Assert((rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(5400))
|
|
|
|
c.Assert((rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(5500))
|
2021-07-04 07:01:41 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Suite) TestPortWildcard(c *check.C) {
|
2021-11-15 11:16:04 -05:00
|
|
|
err := app.LoadACLPolicy("./tests/acls/acl_policy_basic_wildcards.hujson")
|
2021-07-04 07:01:41 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 11:16:04 -05:00
|
|
|
rules, err := app.generateACLRules()
|
2021-07-04 07:01:41 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
c.Assert(rules, check.NotNil)
|
|
|
|
|
2021-11-04 18:16:56 -04:00
|
|
|
c.Assert(rules, check.HasLen, 1)
|
|
|
|
c.Assert((rules)[0].DstPorts, check.HasLen, 1)
|
|
|
|
c.Assert((rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
|
|
|
|
c.Assert((rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
|
|
|
|
c.Assert((rules)[0].SrcIPs, check.HasLen, 1)
|
|
|
|
c.Assert((rules)[0].SrcIPs[0], check.Equals, "*")
|
2021-07-04 07:01:41 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Suite) TestPortNamespace(c *check.C) {
|
2021-11-15 11:16:04 -05:00
|
|
|
namespace, err := app.CreateNamespace("testnamespace")
|
2021-07-04 07:01:41 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 11:16:04 -05:00
|
|
|
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
|
2021-07-04 07:01:41 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 11:16:04 -05:00
|
|
|
_, err = app.GetMachine("testnamespace", "testmachine")
|
2021-07-04 07:01:41 -04:00
|
|
|
c.Assert(err, check.NotNil)
|
2021-11-15 11:16:04 -05:00
|
|
|
ip, _ := app.getAvailableIP()
|
|
|
|
machine := Machine{
|
2021-07-04 07:01:41 -04:00
|
|
|
ID: 0,
|
|
|
|
MachineKey: "foo",
|
|
|
|
NodeKey: "bar",
|
|
|
|
DiscoKey: "faa",
|
|
|
|
Name: "testmachine",
|
2021-11-15 11:16:04 -05:00
|
|
|
NamespaceID: namespace.ID,
|
2021-07-04 07:01:41 -04:00
|
|
|
Registered: true,
|
2021-11-18 03:49:55 -05:00
|
|
|
RegisterMethod: RegisterMethodAuthKey,
|
2021-07-04 07:01:41 -04:00
|
|
|
IPAddress: ip.String(),
|
|
|
|
AuthKeyID: uint(pak.ID),
|
|
|
|
}
|
2021-11-15 11:16:04 -05:00
|
|
|
app.db.Save(&machine)
|
2021-07-04 07:01:41 -04:00
|
|
|
|
2021-11-15 11:16:04 -05:00
|
|
|
err = app.LoadACLPolicy(
|
|
|
|
"./tests/acls/acl_policy_basic_namespace_as_user.hujson",
|
|
|
|
)
|
2021-07-04 07:01:41 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 11:16:04 -05:00
|
|
|
rules, err := app.generateACLRules()
|
2021-07-04 07:01:41 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
c.Assert(rules, check.NotNil)
|
|
|
|
|
2021-11-04 18:16:56 -04:00
|
|
|
c.Assert(rules, check.HasLen, 1)
|
|
|
|
c.Assert((rules)[0].DstPorts, check.HasLen, 1)
|
|
|
|
c.Assert((rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
|
|
|
|
c.Assert((rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
|
|
|
|
c.Assert((rules)[0].SrcIPs, check.HasLen, 1)
|
|
|
|
c.Assert((rules)[0].SrcIPs[0], check.Not(check.Equals), "not an ip")
|
|
|
|
c.Assert((rules)[0].SrcIPs[0], check.Equals, ip.String())
|
2021-07-03 05:55:32 -04:00
|
|
|
}
|
2021-07-04 06:35:18 -04:00
|
|
|
|
2021-07-04 07:23:31 -04:00
|
|
|
func (s *Suite) TestPortGroup(c *check.C) {
|
2021-11-15 11:16:04 -05:00
|
|
|
namespace, err := app.CreateNamespace("testnamespace")
|
2021-07-04 07:23:31 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 11:16:04 -05:00
|
|
|
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
|
2021-07-04 07:23:31 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 11:16:04 -05:00
|
|
|
_, err = app.GetMachine("testnamespace", "testmachine")
|
2021-07-04 07:23:31 -04:00
|
|
|
c.Assert(err, check.NotNil)
|
2021-11-15 11:16:04 -05:00
|
|
|
ip, _ := app.getAvailableIP()
|
|
|
|
machine := Machine{
|
2021-07-04 07:23:31 -04:00
|
|
|
ID: 0,
|
|
|
|
MachineKey: "foo",
|
|
|
|
NodeKey: "bar",
|
|
|
|
DiscoKey: "faa",
|
|
|
|
Name: "testmachine",
|
2021-11-15 11:16:04 -05:00
|
|
|
NamespaceID: namespace.ID,
|
2021-07-04 07:23:31 -04:00
|
|
|
Registered: true,
|
2021-11-18 03:49:55 -05:00
|
|
|
RegisterMethod: RegisterMethodAuthKey,
|
2021-07-04 07:23:31 -04:00
|
|
|
IPAddress: ip.String(),
|
|
|
|
AuthKeyID: uint(pak.ID),
|
|
|
|
}
|
2021-11-15 11:16:04 -05:00
|
|
|
app.db.Save(&machine)
|
2021-07-04 06:35:18 -04:00
|
|
|
|
2021-11-15 11:16:04 -05:00
|
|
|
err = app.LoadACLPolicy("./tests/acls/acl_policy_basic_groups.hujson")
|
2021-07-04 07:23:31 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 11:16:04 -05:00
|
|
|
rules, err := app.generateACLRules()
|
2021-07-04 07:23:31 -04:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
c.Assert(rules, check.NotNil)
|
2021-07-04 06:35:18 -04:00
|
|
|
|
2021-11-04 18:16:56 -04:00
|
|
|
c.Assert(rules, check.HasLen, 1)
|
|
|
|
c.Assert((rules)[0].DstPorts, check.HasLen, 1)
|
|
|
|
c.Assert((rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
|
|
|
|
c.Assert((rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
|
|
|
|
c.Assert((rules)[0].SrcIPs, check.HasLen, 1)
|
|
|
|
c.Assert((rules)[0].SrcIPs[0], check.Not(check.Equals), "not an ip")
|
|
|
|
c.Assert((rules)[0].SrcIPs[0], check.Equals, ip.String())
|
2021-07-04 07:23:31 -04:00
|
|
|
}
|