Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-11-10 01:20:58 +01:00
Code Issues Projects Releases Wiki Activity

tags approved via acl

Browse Source 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2024-10-27 13:53:45 -04:00
parent dbf2faa4bf
commit 85a038cfca
No known key found for this signature in database
2 changed files with 72 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
integration/cli_test.go
View File

@ -13,6 +13,7 @@ import (
"github.com/juanfont/headscale/integration/hsic" "github.com/juanfont/headscale/integration/hsic"
"github.com/juanfont/headscale/integration/tsic" "github.com/juanfont/headscale/integration/tsic"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"golang.org/x/exp/slices"
) )
func executeAndUnmarshal[T any](headscale ControlServer, command []string, result T) error { func executeAndUnmarshal[T any](headscale ControlServer, command []string, result T) error {
@ -786,70 +787,22 @@ func TestNodeTagCommand(t *testing.T) {
) )
} }
func TestNodeAdvertiseTagNoACLCommand(t *testing.T) { func TestNodeAdvertiseTagCommand(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
t.Parallel() t.Parallel()
scenario, err := NewScenario(dockertestMaxWait()) tests := []struct {
assertNoErr(t, err) name string
defer scenario.ShutdownAssertNoPanics(t) policy *policy.ACLPolicy
wantTag bool
spec := map[string]int{ }{
"user1": 1, {
} name: "no-policy",
wantTag: false,
err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:test"})}, hsic.WithTestName("cliadvtags"))
assertNoErr(t, err)
headscale, err := scenario.Headscale()
assertNoErr(t, err)
// Test list all nodes after added seconds
resultMachines := make([]*v1.Node, spec["user1"])
err = executeAndUnmarshal(
headscale,
[]string{
"headscale",
"nodes",
"list",
"--tags",
"--output", "json",
}, },
&resultMachines, {
) name: "with-policy",
assert.Nil(t, err) policy: &policy.ACLPolicy{
found := false
for _, node := range resultMachines {
if node.GetInvalidTags() != nil {
for _, tag := range node.GetInvalidTags() {
if tag == "tag:test" {
found = true
}
}
}
}
assert.Equal(
t,
true,
found,
"should not find a node with the tag 'tag:test' in the list of nodes",
)
}
func TestNodeAdvertiseTagWithACLCommand(t *testing.T) {
IntegrationSkip(t)
t.Parallel()
scenario, err := NewScenario(dockertestMaxWait())
assertNoErr(t, err)
defer scenario.ShutdownAssertNoPanics(t)
spec := map[string]int{
"user1": 1,
}
err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:exists"})}, hsic.WithTestName("cliadvtags"), hsic.WithACLPolicy(
&policy.ACLPolicy{
ACLs: []policy.ACL{ ACLs: []policy.ACL{
{ {
Action: "accept", Action: "accept",
@ -858,10 +811,28 @@ func TestNodeAdvertiseTagWithACLCommand(t *testing.T) {
}, },
}, },
TagOwners: map[string][]string{ TagOwners: map[string][]string{
"tag:exists": {"user1"}, "tag:test": {"user1"},
}, },
}, },
)) wantTag: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
scenario, err := NewScenario(dockertestMaxWait())
assertNoErr(t, err)
// defer scenario.ShutdownAssertNoPanics(t)
spec := map[string]int{
"user1": 1,
}
err = scenario.CreateHeadscaleEnv(spec,
[]tsic.Option{tsic.WithTags([]string{"tag:test"})},
hsic.WithTestName("cliadvtags"),
hsic.WithACLPolicy(tt.policy),
)
assertNoErr(t, err) assertNoErr(t, err)
headscale, err := scenario.Headscale() headscale, err := scenario.Headscale()
@ -883,20 +854,18 @@ func TestNodeAdvertiseTagWithACLCommand(t *testing.T) {
assert.Nil(t, err) assert.Nil(t, err)
found := false found := false
for _, node := range resultMachines { for _, node := range resultMachines {
if node.GetValidTags() != nil { if tags := node.GetValidTags(); tags != nil {
for _, tag := range node.GetValidTags() { found = slices.Contains(tags, "tag:test")
if tag == "tag:exists" {
found = true
} }
} }
} assert.Equalf(
}
assert.Equal(
t, t,
true, tt.wantTag,
found, found,
"should not find a node with the tag 'tag:exists' in the list of nodes", "'tag:test' found(%t) is the list of nodes, expected %t", found, tt.wantTag,
) )
})
}
} }
func TestNodeCommand(t *testing.T) { func TestNodeCommand(t *testing.T) {

4
integration/hsic/hsic.go
View File

@ -81,6 +81,10 @@ type Option = func(c *HeadscaleInContainer)
// HeadscaleInContainer instance. // HeadscaleInContainer instance.
func WithACLPolicy(acl *policy.ACLPolicy) Option { func WithACLPolicy(acl *policy.ACLPolicy) Option {
return func(hsic *HeadscaleInContainer) { return func(hsic *HeadscaleInContainer) {
if acl == nil {
return
}
// TODO(kradalby): Move somewhere appropriate // TODO(kradalby): Move somewhere appropriate
hsic.env["HEADSCALE_POLICY_PATH"] = aclPolicyPath hsic.env["HEADSCALE_POLICY_PATH"] = aclPolicyPath