Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-11-10 01:20:58 +01:00
Code Issues Projects Releases Wiki Activity

tags approved via acl

Browse Source 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2024-10-27 13:53:45 -04:00
parent dbf2faa4bf
commit 85a038cfca
No known key found for this signature in database
2 changed files with 72 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

167
integration/cli_test.go
View File

@ -13,6 +13,7 @@ import (
"github.com/juanfont/headscale/integration/hsic" "github.com/juanfont/headscale/integration/hsic"
"github.com/juanfont/headscale/integration/tsic" "github.com/juanfont/headscale/integration/tsic"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"golang.org/x/exp/slices"
) )
func executeAndUnmarshal[T any](headscale ControlServer, command []string, result T) error { func executeAndUnmarshal[T any](headscale ControlServer, command []string, result T) error {
@ -786,117 +787,85 @@ func TestNodeTagCommand(t *testing.T) {
) )
} }
func TestNodeAdvertiseTagNoACLCommand(t *testing.T) { func TestNodeAdvertiseTagCommand(t *testing.T) {
IntegrationSkip(t) IntegrationSkip(t)
t.Parallel() t.Parallel()
scenario, err := NewScenario(dockertestMaxWait()) tests := []struct {
assertNoErr(t, err) name string
defer scenario.ShutdownAssertNoPanics(t) policy *policy.ACLPolicy
wantTag bool
spec := map[string]int{ }{
"user1": 1, {
} name: "no-policy",
wantTag: false,
err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:test"})}, hsic.WithTestName("cliadvtags"))
assertNoErr(t, err)
headscale, err := scenario.Headscale()
assertNoErr(t, err)
// Test list all nodes after added seconds
resultMachines := make([]*v1.Node, spec["user1"])
err = executeAndUnmarshal(
headscale,
[]string{
"headscale",
"nodes",
"list",
"--tags",
"--output", "json",
}, },
&resultMachines, {
) name: "with-policy",
assert.Nil(t, err) policy: &policy.ACLPolicy{
found := false ACLs: []policy.ACL{
for _, node := range resultMachines { {
if node.GetInvalidTags() != nil { Action: "accept",
for _, tag := range node.GetInvalidTags() { Sources: []string{"*"},
if tag == "tag:test" { Destinations: []string{"*:*"},
found = true },
} },
} TagOwners: map[string][]string{
} "tag:test": {"user1"},
}
assert.Equal(
t,
true,
found,
"should not find a node with the tag 'tag:test' in the list of nodes",
)
}
func TestNodeAdvertiseTagWithACLCommand(t *testing.T) {
IntegrationSkip(t)
t.Parallel()
scenario, err := NewScenario(dockertestMaxWait())
assertNoErr(t, err)
defer scenario.ShutdownAssertNoPanics(t)
spec := map[string]int{
"user1": 1,
}
err = scenario.CreateHeadscaleEnv(spec, []tsic.Option{tsic.WithTags([]string{"tag:exists"})}, hsic.WithTestName("cliadvtags"), hsic.WithACLPolicy(
&policy.ACLPolicy{
ACLs: []policy.ACL{
{
Action: "accept",
Sources: []string{"*"},
Destinations: []string{"*:*"},
}, },
}, },
TagOwners: map[string][]string{ wantTag: true,
"tag:exists": {"user1"},
},
}, },
)) }
assertNoErr(t, err)
headscale, err := scenario.Headscale() for _, tt := range tests {
assertNoErr(t, err) t.Run(tt.name, func(t *testing.T) {
scenario, err := NewScenario(dockertestMaxWait())
assertNoErr(t, err)
// defer scenario.ShutdownAssertNoPanics(t)
// Test list all nodes after added seconds spec := map[string]int{
resultMachines := make([]*v1.Node, spec["user1"]) "user1": 1,
err = executeAndUnmarshal( }
headscale,
[]string{ err = scenario.CreateHeadscaleEnv(spec,
"headscale", []tsic.Option{tsic.WithTags([]string{"tag:test"})},
"nodes", hsic.WithTestName("cliadvtags"),
"list", hsic.WithACLPolicy(tt.policy),
"--tags", )
"--output", "json", assertNoErr(t, err)
},
&resultMachines, headscale, err := scenario.Headscale()
) assertNoErr(t, err)
assert.Nil(t, err)
found := false // Test list all nodes after added seconds
for _, node := range resultMachines { resultMachines := make([]*v1.Node, spec["user1"])
if node.GetValidTags() != nil { err = executeAndUnmarshal(
for _, tag := range node.GetValidTags() { headscale,
if tag == "tag:exists" { []string{
found = true "headscale",
"nodes",
"list",
"--tags",
"--output", "json",
},
&resultMachines,
)
assert.Nil(t, err)
found := false
for _, node := range resultMachines {
if tags := node.GetValidTags(); tags != nil {
found = slices.Contains(tags, "tag:test")
} }
} }
} assert.Equalf(
t,
tt.wantTag,
found,
"'tag:test' found(%t) is the list of nodes, expected %t", found, tt.wantTag,
)
})
} }
assert.Equal(
t,
true,
found,
"should not find a node with the tag 'tag:exists' in the list of nodes",
)
} }
func TestNodeCommand(t *testing.T) { func TestNodeCommand(t *testing.T) {

4
integration/hsic/hsic.go
View File

@ -81,6 +81,10 @@ type Option = func(c *HeadscaleInContainer)
// HeadscaleInContainer instance. // HeadscaleInContainer instance.
func WithACLPolicy(acl *policy.ACLPolicy) Option { func WithACLPolicy(acl *policy.ACLPolicy) Option {
return func(hsic *HeadscaleInContainer) { return func(hsic *HeadscaleInContainer) {
if acl == nil {
return
}
// TODO(kradalby): Move somewhere appropriate // TODO(kradalby): Move somewhere appropriate
hsic.env["HEADSCALE_POLICY_PATH"] = aclPolicyPath hsic.env["HEADSCALE_POLICY_PATH"] = aclPolicyPath