Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-02-07 20:04:00 +01:00
Code Issues Projects Releases Wiki Activity

policy: add comprehensive Tailscale ACL compatibility tests

Browse Source 
Add extensive test coverage verifying Headscale's ACL policy behavior
matches Tailscale's coordination server. Tests cover:
- Source/destination resolution for users, groups, tags, hosts, IPs
- autogroup:member, autogroup:tagged, autogroup:self behavior
- Filter rule deduplication and merging semantics
- Multi-rule interaction patterns
- Error case validation
Key behavioral differences documented:
- Headscale creates separate filter entries per ACL rule; Tailscale
  merges rules with identical sources
- Headscale deduplicates Dsts within a rule; Tailscale does not
- Headscale does not validate autogroup:self source restrictions for
  ACL rules (only SSH rules); Tailscale rejects invalid sources
Tests are based on real Tailscale coordination server responses
captured from a test environment with 5 nodes (1 user-owned, 4 tagged).

Updates #3036
This commit is contained in:
Kristoffer Dalby 2026-01-23 19:36:17 +00:00
parent 14f833bdb9
commit 53d17aa321
1 changed files with 10436 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10436
hscontrol/policy/v2/tailscale_compat_test.go Normal file
View File

File diff suppressed because it is too large Load Diff