mirror of
https://github.com/juanfont/headscale.git
synced 2024-12-24 21:25:52 -05:00
Added more unit tests
This commit is contained in:
parent
07e95393b3
commit
d0e970f21d
3
acls.go
3
acls.go
@ -9,7 +9,6 @@ import (
|
|||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/davecgh/go-spew/spew"
|
|
||||||
"github.com/tailscale/hujson"
|
"github.com/tailscale/hujson"
|
||||||
"inet.af/netaddr"
|
"inet.af/netaddr"
|
||||||
"tailscale.com/tailcfg"
|
"tailscale.com/tailcfg"
|
||||||
@ -82,8 +81,6 @@ func (h *Headscale) generateACLRules() (*[]tailcfg.FilterRule, error) {
|
|||||||
DstPorts: destPorts,
|
DstPorts: destPorts,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
// fmt.Println(rules)
|
|
||||||
spew.Dump(rules)
|
|
||||||
|
|
||||||
return &rules, nil
|
return &rules, nil
|
||||||
}
|
}
|
||||||
|
77
acls_test.go
77
acls_test.go
@ -64,7 +64,82 @@ func (s *Suite) TestBasicRule(c *check.C) {
|
|||||||
|
|
||||||
rules, err := h.generateACLRules()
|
rules, err := h.generateACLRules()
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
c.Assert(rules, check.IsNil)
|
c.Assert(rules, check.NotNil)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Suite) TestPortRange(c *check.C) {
|
||||||
|
err := h.LoadPolicy("./tests/acls/acl_policy_basic_range.hujson")
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
rules, err := h.generateACLRules()
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
c.Assert(rules, check.NotNil)
|
||||||
|
|
||||||
|
c.Assert(*rules, check.HasLen, 1)
|
||||||
|
c.Assert((*rules)[0].DstPorts, check.HasLen, 1)
|
||||||
|
c.Assert((*rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(5400))
|
||||||
|
c.Assert((*rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(5500))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Suite) TestPortWildcard(c *check.C) {
|
||||||
|
err := h.LoadPolicy("./tests/acls/acl_policy_basic_wildcards.hujson")
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
rules, err := h.generateACLRules()
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
c.Assert(rules, check.NotNil)
|
||||||
|
|
||||||
|
c.Assert(*rules, check.HasLen, 1)
|
||||||
|
c.Assert((*rules)[0].DstPorts, check.HasLen, 1)
|
||||||
|
c.Assert((*rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
|
||||||
|
c.Assert((*rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
|
||||||
|
c.Assert((*rules)[0].SrcIPs, check.HasLen, 1)
|
||||||
|
c.Assert((*rules)[0].SrcIPs[0], check.Equals, "*")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Suite) TestPortNamespace(c *check.C) {
|
||||||
|
n, err := h.CreateNamespace("testnamespace")
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
pak, err := h.CreatePreAuthKey(n.Name, false, false, nil)
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
db, err := h.db()
|
||||||
|
if err != nil {
|
||||||
|
c.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = h.GetMachine("testnamespace", "testmachine")
|
||||||
|
c.Assert(err, check.NotNil)
|
||||||
|
ip, _ := h.getAvailableIP()
|
||||||
|
m := Machine{
|
||||||
|
ID: 0,
|
||||||
|
MachineKey: "foo",
|
||||||
|
NodeKey: "bar",
|
||||||
|
DiscoKey: "faa",
|
||||||
|
Name: "testmachine",
|
||||||
|
NamespaceID: n.ID,
|
||||||
|
Registered: true,
|
||||||
|
RegisterMethod: "authKey",
|
||||||
|
IPAddress: ip.String(),
|
||||||
|
AuthKeyID: uint(pak.ID),
|
||||||
|
}
|
||||||
|
db.Save(&m)
|
||||||
|
|
||||||
|
err = h.LoadPolicy("./tests/acls/acl_policy_basic_namespace_as_user.hujson")
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
rules, err := h.generateACLRules()
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
c.Assert(rules, check.NotNil)
|
||||||
|
|
||||||
|
c.Assert(*rules, check.HasLen, 1)
|
||||||
|
c.Assert((*rules)[0].DstPorts, check.HasLen, 1)
|
||||||
|
c.Assert((*rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
|
||||||
|
c.Assert((*rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
|
||||||
|
c.Assert((*rules)[0].SrcIPs, check.HasLen, 1)
|
||||||
|
c.Assert((*rules)[0].SrcIPs[0], check.Not(check.Equals), "not an ip")
|
||||||
|
c.Assert((*rules)[0].SrcIPs[0], check.Equals, ip.String())
|
||||||
}
|
}
|
||||||
|
|
||||||
// func (s *Suite) TestRuleGeneration(c *check.C) {
|
// func (s *Suite) TestRuleGeneration(c *check.C) {
|
||||||
|
@ -20,12 +20,11 @@
|
|||||||
// Everyone in the montreal-admins or global-admins group are
|
// Everyone in the montreal-admins or global-admins group are
|
||||||
// allowed to tag servers as montreal-webserver.
|
// allowed to tag servers as montreal-webserver.
|
||||||
"tag:montreal-webserver": [
|
"tag:montreal-webserver": [
|
||||||
"group:montreal-admins",
|
"group:example",
|
||||||
"group:global-admins",
|
|
||||||
],
|
],
|
||||||
// Only a few admins are allowed to create API servers.
|
// Only a few admins are allowed to create API servers.
|
||||||
"tag:api-server": [
|
"tag:production": [
|
||||||
"group:global-admins",
|
"group:example",
|
||||||
"president@example.com",
|
"president@example.com",
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
@ -38,7 +37,7 @@
|
|||||||
"Action": "accept",
|
"Action": "accept",
|
||||||
"Users": [
|
"Users": [
|
||||||
"group:example2",
|
"group:example2",
|
||||||
"192.168.1.1"
|
"192.168.1.0/24"
|
||||||
],
|
],
|
||||||
"Ports": [
|
"Ports": [
|
||||||
"*:22,3389",
|
"*:22,3389",
|
||||||
@ -63,7 +62,6 @@
|
|||||||
"Action": "accept",
|
"Action": "accept",
|
||||||
"Users": [
|
"Users": [
|
||||||
"example-host-2",
|
"example-host-2",
|
||||||
"192.168.1.0/24"
|
|
||||||
],
|
],
|
||||||
"Ports": [
|
"Ports": [
|
||||||
"example-host-1:*",
|
"example-host-1:*",
|
||||||
|
24
tests/acls/acl_policy_basic_1.hujson
Normal file
24
tests/acls/acl_policy_basic_1.hujson
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
// This ACL is a very basic example to validate the
|
||||||
|
// expansion of hosts
|
||||||
|
|
||||||
|
|
||||||
|
{
|
||||||
|
"Hosts": {
|
||||||
|
"host-1": "100.100.100.100",
|
||||||
|
"subnet-1": "100.100.101.100/24",
|
||||||
|
},
|
||||||
|
|
||||||
|
"ACLs": [
|
||||||
|
{
|
||||||
|
"Action": "accept",
|
||||||
|
"Users": [
|
||||||
|
"subnet-1",
|
||||||
|
"192.168.1.0/24"
|
||||||
|
],
|
||||||
|
"Ports": [
|
||||||
|
"*:22,3389",
|
||||||
|
"host-1:*",
|
||||||
|
],
|
||||||
|
},
|
||||||
|
],
|
||||||
|
}
|
20
tests/acls/acl_policy_basic_namespace_as_user.hujson
Normal file
20
tests/acls/acl_policy_basic_namespace_as_user.hujson
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
// This ACL is used to test wildcards
|
||||||
|
|
||||||
|
{
|
||||||
|
"Hosts": {
|
||||||
|
"host-1": "100.100.100.100",
|
||||||
|
"subnet-1": "100.100.101.100/24",
|
||||||
|
},
|
||||||
|
|
||||||
|
"ACLs": [
|
||||||
|
{
|
||||||
|
"Action": "accept",
|
||||||
|
"Users": [
|
||||||
|
"testnamespace",
|
||||||
|
],
|
||||||
|
"Ports": [
|
||||||
|
"host-1:*",
|
||||||
|
],
|
||||||
|
},
|
||||||
|
],
|
||||||
|
}
|
20
tests/acls/acl_policy_basic_range.hujson
Normal file
20
tests/acls/acl_policy_basic_range.hujson
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
// This ACL is used to test the port range expansion
|
||||||
|
|
||||||
|
{
|
||||||
|
"Hosts": {
|
||||||
|
"host-1": "100.100.100.100",
|
||||||
|
"subnet-1": "100.100.101.100/24",
|
||||||
|
},
|
||||||
|
|
||||||
|
"ACLs": [
|
||||||
|
{
|
||||||
|
"Action": "accept",
|
||||||
|
"Users": [
|
||||||
|
"subnet-1",
|
||||||
|
],
|
||||||
|
"Ports": [
|
||||||
|
"host-1:5400-5500",
|
||||||
|
],
|
||||||
|
},
|
||||||
|
],
|
||||||
|
}
|
20
tests/acls/acl_policy_basic_wildcards.hujson
Normal file
20
tests/acls/acl_policy_basic_wildcards.hujson
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
// This ACL is used to test wildcards
|
||||||
|
|
||||||
|
{
|
||||||
|
"Hosts": {
|
||||||
|
"host-1": "100.100.100.100",
|
||||||
|
"subnet-1": "100.100.101.100/24",
|
||||||
|
},
|
||||||
|
|
||||||
|
"ACLs": [
|
||||||
|
{
|
||||||
|
"Action": "accept",
|
||||||
|
"Users": [
|
||||||
|
"*",
|
||||||
|
],
|
||||||
|
"Ports": [
|
||||||
|
"host-1:*",
|
||||||
|
],
|
||||||
|
},
|
||||||
|
],
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user