Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-09-06 17:54:31 +02:00
Code Issues Projects Releases Wiki Activity

use polivyv1 definitions in integration tests

Browse Source 
These can be marshalled back into JSON, which the
new format might not be able to.

Also, just dont change it all to JSON strings for now.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2025-02-26 19:19:15 +01:00
parent e9ffc4f2df
commit 0d95945999
No known key found for this signature in database
6 changed files with 106 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
integration/acl_test.go
View File

@ -8,7 +8,7 @@ import (
"testing" "testing"
"github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp"
"github.com/juanfont/headscale/hscontrol/policy" policyv1 "github.com/juanfont/headscale/hscontrol/policy/v1"
"github.com/juanfont/headscale/integration/hsic" "github.com/juanfont/headscale/integration/hsic"
"github.com/juanfont/headscale/integration/tsic" "github.com/juanfont/headscale/integration/tsic"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -50,7 +50,7 @@ var veryLargeDestination = []string{
func aclScenario( func aclScenario(
t *testing.T, t *testing.T,
policy *policy.ACLPolicy, policy *policyv1.ACLPolicy,
clientsPerUser int, clientsPerUser int,
) *Scenario { ) *Scenario {
t.Helper() t.Helper()
@ -77,6 +77,8 @@ func aclScenario(
}, },
hsic.WithACLPolicy(policy), hsic.WithACLPolicy(policy),
hsic.WithTestName("acl"), hsic.WithTestName("acl"),
hsic.WithEmbeddedDERPServerOnly(),
hsic.WithTLS(),
) )
require.NoError(t, err) require.NoError(t, err)
@ -100,7 +102,7 @@ func TestACLHostsInNetMapTable(t *testing.T) {
// they can access minus one (them self). // they can access minus one (them self).
tests := map[string]struct { tests := map[string]struct {
users map[string]int users map[string]int
policy policy.ACLPolicy policy policyv1.ACLPolicy
want map[string]int want map[string]int
}{ }{
// Test that when we have no ACL, each client netmap has // Test that when we have no ACL, each client netmap has
@ -110,8 +112,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
"user1": 2, "user1": 2,
"user2": 2, "user2": 2,
}, },
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
@ -131,8 +133,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
"user1": 2, "user1": 2,
"user2": 2, "user2": 2,
}, },
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"user1"}, Sources: []string{"user1"},
@ -157,8 +159,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
"user1": 2, "user1": 2,
"user2": 2, "user2": 2,
}, },
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"user1"}, Sources: []string{"user1"},
@ -194,8 +196,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
"user1": 2, "user1": 2,
"user2": 2, "user2": 2,
}, },
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"user1"}, Sources: []string{"user1"},
@ -222,8 +224,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
"user1": 2, "user1": 2,
"user2": 2, "user2": 2,
}, },
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"user1"}, Sources: []string{"user1"},
@ -250,8 +252,8 @@ func TestACLHostsInNetMapTable(t *testing.T) {
"user1": 2, "user1": 2,
"user2": 2, "user2": 2,
}, },
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
@ -306,8 +308,8 @@ func TestACLAllowUser80Dst(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
scenario := aclScenario(t, scenario := aclScenario(t,
&policy.ACLPolicy{ &policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"user1"}, Sources: []string{"user1"},
@ -360,11 +362,11 @@ func TestACLDenyAllPort80(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
scenario := aclScenario(t, scenario := aclScenario(t,
&policy.ACLPolicy{ &policyv1.ACLPolicy{
Groups: map[string][]string{ Groups: map[string][]string{
"group:integration-acl-test": {"user1", "user2"}, "group:integration-acl-test": {"user1", "user2"},
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"group:integration-acl-test"}, Sources: []string{"group:integration-acl-test"},
@ -407,8 +409,8 @@ func TestACLAllowUserDst(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
scenario := aclScenario(t, scenario := aclScenario(t,
&policy.ACLPolicy{ &policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"user1"}, Sources: []string{"user1"},
@ -463,8 +465,8 @@ func TestACLAllowStarDst(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
scenario := aclScenario(t, scenario := aclScenario(t,
&policy.ACLPolicy{ &policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"user1"}, Sources: []string{"user1"},
@ -520,11 +522,11 @@ func TestACLNamedHostsCanReachBySubnet(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
scenario := aclScenario(t, scenario := aclScenario(t,
&policy.ACLPolicy{ &policyv1.ACLPolicy{
Hosts: policy.Hosts{ Hosts: policyv1.Hosts{
"all": netip.MustParsePrefix("100.64.0.0/24"), "all": netip.MustParsePrefix("100.64.0.0/24"),
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
// Everyone can curl test3 // Everyone can curl test3
{ {
Action: "accept", Action: "accept",
@ -617,16 +619,16 @@ func TestACLNamedHostsCanReach(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
tests := map[string]struct { tests := map[string]struct {
policy policy.ACLPolicy policy policyv1.ACLPolicy
}{ }{
"ipv4": { "ipv4": {
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
Hosts: policy.Hosts{ Hosts: policyv1.Hosts{
"test1": netip.MustParsePrefix("100.64.0.1/32"), "test1": netip.MustParsePrefix("100.64.0.1/32"),
"test2": netip.MustParsePrefix("100.64.0.2/32"), "test2": netip.MustParsePrefix("100.64.0.2/32"),
"test3": netip.MustParsePrefix("100.64.0.3/32"), "test3": netip.MustParsePrefix("100.64.0.3/32"),
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
// Everyone can curl test3 // Everyone can curl test3
{ {
Action: "accept", Action: "accept",
@ -643,13 +645,13 @@ func TestACLNamedHostsCanReach(t *testing.T) {
}, },
}, },
"ipv6": { "ipv6": {
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
Hosts: policy.Hosts{ Hosts: policyv1.Hosts{
"test1": netip.MustParsePrefix("fd7a:115c:a1e0::1/128"), "test1": netip.MustParsePrefix("fd7a:115c:a1e0::1/128"),
"test2": netip.MustParsePrefix("fd7a:115c:a1e0::2/128"), "test2": netip.MustParsePrefix("fd7a:115c:a1e0::2/128"),
"test3": netip.MustParsePrefix("fd7a:115c:a1e0::3/128"), "test3": netip.MustParsePrefix("fd7a:115c:a1e0::3/128"),
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
// Everyone can curl test3 // Everyone can curl test3
{ {
Action: "accept", Action: "accept",
@ -866,11 +868,11 @@ func TestACLDevice1CanAccessDevice2(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
tests := map[string]struct { tests := map[string]struct {
policy policy.ACLPolicy policy policyv1.ACLPolicy
}{ }{
"ipv4": { "ipv4": {
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"100.64.0.1"}, Sources: []string{"100.64.0.1"},
@ -880,8 +882,8 @@ func TestACLDevice1CanAccessDevice2(t *testing.T) {
}, },
}, },
"ipv6": { "ipv6": {
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"fd7a:115c:a1e0::1"}, Sources: []string{"fd7a:115c:a1e0::1"},
@ -891,12 +893,12 @@ func TestACLDevice1CanAccessDevice2(t *testing.T) {
}, },
}, },
"hostv4cidr": { "hostv4cidr": {
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
Hosts: policy.Hosts{ Hosts: policyv1.Hosts{
"test1": netip.MustParsePrefix("100.64.0.1/32"), "test1": netip.MustParsePrefix("100.64.0.1/32"),
"test2": netip.MustParsePrefix("100.64.0.2/32"), "test2": netip.MustParsePrefix("100.64.0.2/32"),
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"test1"}, Sources: []string{"test1"},
@ -906,12 +908,12 @@ func TestACLDevice1CanAccessDevice2(t *testing.T) {
}, },
}, },
"hostv6cidr": { "hostv6cidr": {
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
Hosts: policy.Hosts{ Hosts: policyv1.Hosts{
"test1": netip.MustParsePrefix("fd7a:115c:a1e0::1/128"), "test1": netip.MustParsePrefix("fd7a:115c:a1e0::1/128"),
"test2": netip.MustParsePrefix("fd7a:115c:a1e0::2/128"), "test2": netip.MustParsePrefix("fd7a:115c:a1e0::2/128"),
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"test1"}, Sources: []string{"test1"},
@ -921,12 +923,12 @@ func TestACLDevice1CanAccessDevice2(t *testing.T) {
}, },
}, },
"group": { "group": {
policy: policy.ACLPolicy{ policy: policyv1.ACLPolicy{
Groups: map[string][]string{ Groups: map[string][]string{
"group:one": {"user1"}, "group:one": {"user1"},
"group:two": {"user2"}, "group:two": {"user2"},
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"group:one"}, Sources: []string{"group:one"},
@ -1085,15 +1087,15 @@ func TestPolicyUpdateWhileRunningWithCLIInDatabase(t *testing.T) {
headscale, err := scenario.Headscale() headscale, err := scenario.Headscale()
require.NoError(t, err) require.NoError(t, err)
p := policy.ACLPolicy{ p := policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"user1"}, Sources: []string{"user1"},
Destinations: []string{"user2:*"}, Destinations: []string{"user2:*"},
}, },
}, },
Hosts: policy.Hosts{}, Hosts: policyv1.Hosts{},
} }
pBytes, _ := json.Marshal(p) pBytes, _ := json.Marshal(p)
@ -1118,7 +1120,7 @@ func TestPolicyUpdateWhileRunningWithCLIInDatabase(t *testing.T) {
// Get the current policy and check // Get the current policy and check
// if it is the same as the one we set. // if it is the same as the one we set.
var output *policy.ACLPolicy var output *policyv1.ACLPolicy
err = executeAndUnmarshal( err = executeAndUnmarshal(
headscale, headscale,
[]string{ []string{

28
integration/cli_test.go
View File

@ -11,7 +11,7 @@ import (
tcmp "github.com/google/go-cmp/cmp" tcmp "github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts" "github.com/google/go-cmp/cmp/cmpopts"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1" v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/juanfont/headscale/hscontrol/policy" policyv1 "github.com/juanfont/headscale/hscontrol/policy/v1"
"github.com/juanfont/headscale/hscontrol/types" "github.com/juanfont/headscale/hscontrol/types"
"github.com/juanfont/headscale/integration/hsic" "github.com/juanfont/headscale/integration/hsic"
"github.com/juanfont/headscale/integration/tsic" "github.com/juanfont/headscale/integration/tsic"
@ -915,7 +915,7 @@ func TestNodeAdvertiseTagCommand(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
policy *policy.ACLPolicy policy *policyv1.ACLPolicy
wantTag bool wantTag bool
}{ }{
{ {
@ -924,8 +924,8 @@ func TestNodeAdvertiseTagCommand(t *testing.T) {
}, },
{ {
name: "with-policy-email", name: "with-policy-email",
policy: &policy.ACLPolicy{ policy: &policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
@ -940,8 +940,8 @@ func TestNodeAdvertiseTagCommand(t *testing.T) {
}, },
{ {
name: "with-policy-username", name: "with-policy-username",
policy: &policy.ACLPolicy{ policy: &policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
@ -956,11 +956,11 @@ func TestNodeAdvertiseTagCommand(t *testing.T) {
}, },
{ {
name: "with-policy-groups", name: "with-policy-groups",
policy: &policy.ACLPolicy{ policy: &policyv1.ACLPolicy{
Groups: policy.Groups{ Groups: policyv1.Groups{
"group:admins": []string{"user1"}, "group:admins": []string{"user1"},
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
@ -1742,8 +1742,8 @@ func TestPolicyCommand(t *testing.T) {
headscale, err := scenario.Headscale() headscale, err := scenario.Headscale()
assertNoErr(t, err) assertNoErr(t, err)
p := policy.ACLPolicy{ p := policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
@ -1778,7 +1778,7 @@ func TestPolicyCommand(t *testing.T) {
// Get the current policy and check // Get the current policy and check
// if it is the same as the one we set. // if it is the same as the one we set.
var output *policy.ACLPolicy var output *policyv1.ACLPolicy
err = executeAndUnmarshal( err = executeAndUnmarshal(
headscale, headscale,
[]string{ []string{
@ -1822,8 +1822,8 @@ func TestPolicyBrokenConfigCommand(t *testing.T) {
headscale, err := scenario.Headscale() headscale, err := scenario.Headscale()
assertNoErr(t, err) assertNoErr(t, err)
p := policy.ACLPolicy{ p := policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
// This is an unknown action, so it will return an error // This is an unknown action, so it will return an error
// and the config will not be applied. // and the config will not be applied.

6
integration/general_test.go
View File

@ -365,7 +365,11 @@ func TestTaildrop(t *testing.T) {
"taildrop": len(MustTestVersions), "taildrop": len(MustTestVersions),
} }
err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("taildrop")) err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{},
hsic.WithTestName("taildrop"),
hsic.WithEmbeddedDERPServerOnly(),
hsic.WithTLS(),
)
assertNoErrHeadscaleEnv(t, err) assertNoErrHeadscaleEnv(t, err)
allClients, err := scenario.ListTailscaleClients() allClients, err := scenario.ListTailscaleClients()

7
integration/hsic/hsic.go
View File

@ -12,6 +12,7 @@ import (
"net/netip" "net/netip"
"os" "os"
"path" "path"
"regexp"
"sort" "sort"
"strconv" "strconv"
"strings" "strings"
@ -19,7 +20,7 @@ import (
"github.com/davecgh/go-spew/spew" "github.com/davecgh/go-spew/spew"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1" v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/juanfont/headscale/hscontrol/policy" policyv1 "github.com/juanfont/headscale/hscontrol/policy/v1"
"github.com/juanfont/headscale/hscontrol/types" "github.com/juanfont/headscale/hscontrol/types"
"github.com/juanfont/headscale/hscontrol/util" "github.com/juanfont/headscale/hscontrol/util"
"github.com/juanfont/headscale/integration/dockertestutil" "github.com/juanfont/headscale/integration/dockertestutil"
@ -64,7 +65,7 @@ type HeadscaleInContainer struct {
extraPorts []string extraPorts []string
caCerts [][]byte caCerts [][]byte
hostPortBindings map[string][]string hostPortBindings map[string][]string
aclPolicy *policy.ACLPolicy aclPolicy *policyv1.ACLPolicy
env map[string]string env map[string]string
tlsCert []byte tlsCert []byte
tlsKey []byte tlsKey []byte
@ -78,7 +79,7 @@ type Option = func(c *HeadscaleInContainer)
// WithACLPolicy adds a hscontrol.ACLPolicy policy to the // WithACLPolicy adds a hscontrol.ACLPolicy policy to the
// HeadscaleInContainer instance. // HeadscaleInContainer instance.
func WithACLPolicy(acl *policy.ACLPolicy) Option { func WithACLPolicy(acl *policyv1.ACLPolicy) Option {
return func(hsic *HeadscaleInContainer) { return func(hsic *HeadscaleInContainer) {
if acl == nil { if acl == nil {
return return

28
integration/route_test.go
View File

@ -8,7 +8,7 @@ import (
"github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1" v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/juanfont/headscale/hscontrol/policy" policyv1 "github.com/juanfont/headscale/hscontrol/policy/v1"
"github.com/juanfont/headscale/hscontrol/util" "github.com/juanfont/headscale/hscontrol/util"
"github.com/juanfont/headscale/integration/hsic" "github.com/juanfont/headscale/integration/hsic"
"github.com/juanfont/headscale/integration/tsic" "github.com/juanfont/headscale/integration/tsic"
@ -29,7 +29,7 @@ func TestEnablingRoutes(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
t.Parallel() t.Parallel()
user := "enable-routing" user := "user6"
scenario, err := NewScenario(dockertestMaxWait()) scenario, err := NewScenario(dockertestMaxWait())
require.NoErrorf(t, err, "failed to create scenario: %s", err) require.NoErrorf(t, err, "failed to create scenario: %s", err)
@ -203,7 +203,7 @@ func TestHASubnetRouterFailover(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
t.Parallel() t.Parallel()
user := "enable-routing" user := "user9"
scenario, err := NewScenario(dockertestMaxWait()) scenario, err := NewScenario(dockertestMaxWait())
require.NoErrorf(t, err, "failed to create scenario: %s", err) require.NoErrorf(t, err, "failed to create scenario: %s", err)
@ -528,7 +528,7 @@ func TestEnableDisableAutoApprovedRoute(t *testing.T) {
expectedRoutes := "172.0.0.0/24" expectedRoutes := "172.0.0.0/24"
user := "enable-disable-routing" user := "user2"
scenario, err := NewScenario(dockertestMaxWait()) scenario, err := NewScenario(dockertestMaxWait())
require.NoErrorf(t, err, "failed to create scenario: %s", err) require.NoErrorf(t, err, "failed to create scenario: %s", err)
@ -539,8 +539,8 @@ func TestEnableDisableAutoApprovedRoute(t *testing.T) {
} }
err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy( err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:approve"})}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy(
&policy.ACLPolicy{ &policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
@ -550,7 +550,7 @@ func TestEnableDisableAutoApprovedRoute(t *testing.T) {
TagOwners: map[string][]string{ TagOwners: map[string][]string{
"tag:approve": {user}, "tag:approve": {user},
}, },
AutoApprovers: policy.AutoApprovers{ AutoApprovers: policyv1.AutoApprovers{
Routes: map[string][]string{ Routes: map[string][]string{
expectedRoutes: {"tag:approve"}, expectedRoutes: {"tag:approve"},
}, },
@ -640,8 +640,8 @@ func TestAutoApprovedSubRoute2068(t *testing.T) {
hsic.WithEmbeddedDERPServerOnly(), hsic.WithEmbeddedDERPServerOnly(),
hsic.WithTLS(), hsic.WithTLS(),
hsic.WithACLPolicy( hsic.WithACLPolicy(
&policy.ACLPolicy{ &policyv1.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
@ -651,7 +651,7 @@ func TestAutoApprovedSubRoute2068(t *testing.T) {
TagOwners: map[string][]string{ TagOwners: map[string][]string{
"tag:approve": {user}, "tag:approve": {user},
}, },
AutoApprovers: policy.AutoApprovers{ AutoApprovers: policyv1.AutoApprovers{
Routes: map[string][]string{ Routes: map[string][]string{
"10.42.0.0/16": {"tag:approve"}, "10.42.0.0/16": {"tag:approve"},
}, },
@ -696,7 +696,7 @@ func TestSubnetRouteACL(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
t.Parallel() t.Parallel()
user := "subnet-route-acl" user := "user4"
scenario, err := NewScenario(dockertestMaxWait()) scenario, err := NewScenario(dockertestMaxWait())
require.NoErrorf(t, err, "failed to create scenario: %s", err) require.NoErrorf(t, err, "failed to create scenario: %s", err)
@ -707,11 +707,11 @@ func TestSubnetRouteACL(t *testing.T) {
} }
err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy( err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{}, hsic.WithTestName("clienableroute"), hsic.WithACLPolicy(
&policy.ACLPolicy{ &policyv1.ACLPolicy{
Groups: policy.Groups{ Groups: policyv1.Groups{
"group:admins": {user}, "group:admins": {user},
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"group:admins"}, Sources: []string{"group:admins"},

34
integration/ssh_test.go
View File

@ -7,7 +7,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/juanfont/headscale/hscontrol/policy" policyv1 "github.com/juanfont/headscale/hscontrol/policy/v1"
"github.com/juanfont/headscale/integration/hsic" "github.com/juanfont/headscale/integration/hsic"
"github.com/juanfont/headscale/integration/tsic" "github.com/juanfont/headscale/integration/tsic"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -48,7 +48,7 @@ var retry = func(times int, sleepInterval time.Duration,
return result, stderr, err return result, stderr, err
} }
func sshScenario(t *testing.T, policy *policy.ACLPolicy, clientsPerUser int) *Scenario { func sshScenario(t *testing.T, policy *policyv1.ACLPolicy, clientsPerUser int) *Scenario {
t.Helper() t.Helper()
scenario, err := NewScenario(dockertestMaxWait()) scenario, err := NewScenario(dockertestMaxWait())
assertNoErr(t, err) assertNoErr(t, err)
@ -92,18 +92,18 @@ func TestSSHOneUserToAll(t *testing.T) {
t.Parallel() t.Parallel()
scenario := sshScenario(t, scenario := sshScenario(t,
&policy.ACLPolicy{ &policyv1.ACLPolicy{
Groups: map[string][]string{ Groups: map[string][]string{
"group:integration-test": {"user1"}, "group:integration-test": {"user1"},
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
Destinations: []string{"*:*"}, Destinations: []string{"*:*"},
}, },
}, },
SSHs: []policy.SSH{ SSHs: []policyv1.SSH{
{ {
Action: "accept", Action: "accept",
Sources: []string{"group:integration-test"}, Sources: []string{"group:integration-test"},
@ -157,18 +157,18 @@ func TestSSHMultipleUsersAllToAll(t *testing.T) {
t.Parallel() t.Parallel()
scenario := sshScenario(t, scenario := sshScenario(t,
&policy.ACLPolicy{ &policyv1.ACLPolicy{
Groups: map[string][]string{ Groups: map[string][]string{
"group:integration-test": {"user1", "user2"}, "group:integration-test": {"user1", "user2"},
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
Destinations: []string{"*:*"}, Destinations: []string{"*:*"},
}, },
}, },
SSHs: []policy.SSH{ SSHs: []policyv1.SSH{
{ {
Action: "accept", Action: "accept",
Sources: []string{"group:integration-test"}, Sources: []string{"group:integration-test"},
@ -210,18 +210,18 @@ func TestSSHNoSSHConfigured(t *testing.T) {
t.Parallel() t.Parallel()
scenario := sshScenario(t, scenario := sshScenario(t,
&policy.ACLPolicy{ &policyv1.ACLPolicy{
Groups: map[string][]string{ Groups: map[string][]string{
"group:integration-test": {"user1"}, "group:integration-test": {"user1"},
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
Destinations: []string{"*:*"}, Destinations: []string{"*:*"},
}, },
}, },
SSHs: []policy.SSH{}, SSHs: []policyv1.SSH{},
}, },
len(MustTestVersions), len(MustTestVersions),
) )
@ -252,18 +252,18 @@ func TestSSHIsBlockedInACL(t *testing.T) {
t.Parallel() t.Parallel()
scenario := sshScenario(t, scenario := sshScenario(t,
&policy.ACLPolicy{ &policyv1.ACLPolicy{
Groups: map[string][]string{ Groups: map[string][]string{
"group:integration-test": {"user1"}, "group:integration-test": {"user1"},
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
Destinations: []string{"*:80"}, Destinations: []string{"*:80"},
}, },
}, },
SSHs: []policy.SSH{ SSHs: []policyv1.SSH{
{ {
Action: "accept", Action: "accept",
Sources: []string{"group:integration-test"}, Sources: []string{"group:integration-test"},
@ -301,19 +301,19 @@ func TestSSHUserOnlyIsolation(t *testing.T) {
t.Parallel() t.Parallel()
scenario := sshScenario(t, scenario := sshScenario(t,
&policy.ACLPolicy{ &policyv1.ACLPolicy{
Groups: map[string][]string{ Groups: map[string][]string{
"group:ssh1": {"user1"}, "group:ssh1": {"user1"},
"group:ssh2": {"user2"}, "group:ssh2": {"user2"},
}, },
ACLs: []policy.ACL{ ACLs: []policyv1.ACL{
{ {
Action: "accept", Action: "accept",
Sources: []string{"*"}, Sources: []string{"*"},
Destinations: []string{"*:*"}, Destinations: []string{"*:*"},
}, },
}, },
SSHs: []policy.SSH{ SSHs: []policyv1.SSH{
{ {
Action: "accept", Action: "accept",
Sources: []string{"group:ssh1"}, Sources: []string{"group:ssh1"},