From 01c1f6f82a003a7aaca7a8fbd010d7218fd334c1 Mon Sep 17 00:00:00 2001
From: Kristoffer Dalby <kristoffer@dalby.cc>
Date: Wed, 10 Sep 2025 18:41:43 +0200
Subject: [PATCH] policy: validate error message for asterix in ssh (#2766)

---
 hscontrol/policy/v2/types_test.go | 36 +++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/hscontrol/policy/v2/types_test.go b/hscontrol/policy/v2/types_test.go
index 6f6b40d1..5bdb7885 100644
--- a/hscontrol/policy/v2/types_test.go
+++ b/hscontrol/policy/v2/types_test.go
@@ -348,6 +348,42 @@ func TestUnmarshalPolicy(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "2652-asterix-error-better-explain",
+			input: `
+{
+	"acls": [
+		{
+			"action": "accept",
+			"src": [
+				"*"
+			],
+			"dst": [
+				"*:*"
+			],
+			"proto": [
+				"*:*"
+			]
+		}
+	],
+	"ssh": [
+		{
+			"action": "accept",
+			"src": [
+				"*"
+			],
+			"dst": [
+				"*"
+			],
+			"proto": [
+				"*:*"
+			]
+		}
+	]
+}
+			`,
+			wantErr: "alias v2.Asterix is not supported for SSH source",
+		},
 		{
 			name: "invalid-username",
 			input: `