Commit Graph

64 Commits

Author SHA1 Message Date
Kristoffer Dalby 735b185e7f use IPSet in acls instead of string slice
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby ecd62fb785 remove terrible filter code
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby 889d5a1b29 testing without that horrible filtercode
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby 1700a747f6 outline tests for full filter generate
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby 200e3b88cc make generateFilterRule a pol struct func
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby 5bbbe437df clear up the acl function naming
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby 6de53e2f8d simplify expandAlias function, move seperate logic out
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby 5e74ca9414
Fix IPv6 in ACLs (#1339) 2023-04-16 12:26:35 +02:00
Juan Font dfc5d861c7 Fix CIDR calculation in expandACLPeerAddr 2023-04-05 09:44:46 +02:00
Kristoffer Dalby ceeef40cdf
Add tests to verify "Hosts" aliases in ACL (#1304) 2023-04-03 10:08:48 +02:00
Kristoffer Dalby 83a538cc95 Rename IP specific function, add missing test case
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 15:56:38 +01:00
Kristoffer Dalby 90287a6735 gofumpt
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby e3a2593344 Rename [Nn]amespace -> [Uu]ser in go code
Use gopls, ag and perl to rename all occurances of Namespace

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Juan Font 54f701ff92 generateACLPolicy() no longer a Headscale method 2022-12-03 15:43:40 +01:00
Even Holthe d4e3bf184b Add experimental flag to unit test 2022-11-26 11:53:31 +01:00
Even Holthe 52a323b90d Add SSH capability advertisement
Advertises the SSH capability, and parses the SSH ACLs to pass to the
tailscale client. Doesn’t support ‘autogroup’ ACL functionality.

Co-authored-by: Daniel Brooks <db48x@headline.com>
2022-11-26 11:53:31 +01:00
Juan Font f6153a9b5d
Merge branch 'main' into preauthkey-tags 2022-09-04 22:35:51 +02:00
Juan Font Alonso 7a78314d9d Remove nolint directives 2022-09-04 11:44:24 +02:00
Juan Font Alonso 290ec8bb19 Migrate ACLs to net/netip 2022-09-02 00:05:43 +02:00
Benjamin George Roberts 6faa1d2e4a Fix tests broken by preauthkey tags 2022-08-25 22:23:52 +10:00
Adrien Raffin-Caboisse 79688e6187
chore(all): apply formater 2022-08-04 10:47:00 +02:00
Adrien Raffin-Caboisse babf9470c2
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes
This commit fix issue #563
2022-08-04 10:42:47 +02:00
Kristoffer Dalby 569f3caab9 Use constants in tests 2022-06-11 13:17:07 +00:00
Juan Font Alonso 3d7be5b287 Minor rename 2022-06-11 14:12:53 +02:00
Juan Font Alonso 39f03b86c8 Added ACL test file 2022-06-08 18:06:25 +02:00
Juan Font Alonso ab1aac9f3e Improve ACLs by adding protocol parsing support 2022-06-08 17:43:59 +02:00
Juan Font Alonso 3e353004b8 Migrate ACLs syntax to new Tailscale format
Implements #617.

Tailscale has changed the format of their ACLs to use a more firewall-y terms ("users" & "ports" -> "src" & "dst"). They have also started using all-lowercase tags. This PR applies these changes.
2022-06-08 13:40:15 +02:00
Anton Schubert 6dccfee862 Fix forced Tags with legitimate tagOwners
Also replace loops contains
2022-06-01 15:43:32 +02:00
Kristoffer Dalby e631c6f7e0 Merge master 2022-05-16 21:41:46 +02:00
Kristoffer Dalby 6e2768097a Rename name -> hostname, nickname -> givenname 2022-04-24 20:54:38 +01:00
Adrien Raffin-Caboisse cd1d10761f
feat(acls): add support for forced tags 2022-04-15 18:01:13 +02:00
Kristoffer Dalby c80e364f02 Remove always nil error 2022-03-02 08:15:14 +00:00
Kristoffer Dalby 5b169010be Resolve merge conflict 2022-03-02 08:11:50 +00:00
Kristoffer Dalby e4d81bbb16
Merge branch 'main' into registration-simplification 2022-03-02 07:31:02 +00:00
Adrien Raffin-Caboisse a455a874ad
feat(acls): normalize the group name 2022-03-01 21:10:52 +01:00
Kristoffer Dalby 49cd761bf6 Use new machine types in tests 2022-03-01 16:34:35 +00:00
Kristoffer Dalby d34d617935
Merge branch 'main' into registration-simplification 2022-03-01 15:18:24 +01:00
Kristoffer Dalby a8649d83c4 Remove all references to Machine.Registered from tests 2022-02-28 17:42:03 +00:00
Kristoffer Dalby c159eb7541 Add basic test of yaml parsing 2022-02-27 09:04:59 +01:00
Adrien Raffin-Caboisse d971f0f0e6 fix(acls_test): fix comment in go code 2022-02-21 21:48:05 +01:00
Adrien Raffin-Caboisse baae266db0
Update acls_test.go
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-02-21 20:25:41 +01:00
Adrien Raffin-Caboisse 25550f8866 chore(format): run prettier on repo 2022-02-21 16:06:20 +01:00
Adrien Raffin-Caboisse 5e167cc00a fix(tests): fix naming issues related to code review 2022-02-20 23:00:31 +01:00
Adrien Raffin-Caboisse d00251c63e fix(acls,machines): apply code review suggestions 2022-02-20 21:26:20 +01:00
Adrien Raffin-Caboisse f073d8f43c
chore(lint): ignore linting on test_expandalias
This is a false positive on the way the function is built.
Small tests cases are all inside this functions, making it big.
2022-02-17 09:32:55 +01:00
Adrien Raffin-Caboisse 5f642eef76
chore(lint): more lint fixing 2022-02-17 09:32:54 +01:00
Adrien Raffin-Caboisse d8c4c3163b
chore(fmt): apply make fmt command 2022-02-17 09:32:54 +01:00
Adrien Raffin-Caboisse 9cedbbafd4
chore(all): update some files for linter 2022-02-17 09:32:51 +01:00
Adrien Raffin de59946447
feat(acls): rewrite functions to be testable
Rewrite some function to get rid of the dependency on Headscale object. This allows us
to write succinct test that are more easy to review and implement.

The improvements of the tests allowed to write the removal of the tagged hosts
from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-17 09:30:09 +01:00
Adrien Raffin fb45138fc1
feat(acls): check acl owners and add bunch of tests 2022-02-17 09:30:08 +01:00