headscale/machine_test.go

1094 lines
26 KiB
Go
Raw Normal View History

2021-05-11 18:55:36 -06:00
package headscale
import (
"fmt"
2022-09-01 16:04:31 -06:00
"net/netip"
"reflect"
"strconv"
"strings"
"testing"
2021-11-21 06:40:19 -07:00
"time"
2021-05-11 18:55:36 -06:00
"gopkg.in/check.v1"
"tailscale.com/tailcfg"
"tailscale.com/types/key"
2021-05-11 18:55:36 -06:00
)
func (s *Suite) TestGetMachine(c *check.C) {
2021-11-15 09:16:04 -07:00
namespace, err := app.CreateNamespace("test")
2021-05-11 18:55:36 -06:00
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
2021-05-11 18:55:36 -06:00
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
_, err = app.GetMachine("test", "testmachine")
2021-05-11 18:55:36 -06:00
c.Assert(err, check.NotNil)
2021-11-15 09:16:04 -07:00
machine := &Machine{
2021-05-11 18:55:36 -06:00
ID: 0,
MachineKey: "foo",
NodeKey: "bar",
DiscoKey: "faa",
Hostname: "testmachine",
2021-11-15 09:16:04 -07:00
NamespaceID: namespace.ID,
2021-11-18 01:49:55 -07:00
RegisterMethod: RegisterMethodAuthKey,
2021-05-11 18:55:36 -06:00
AuthKeyID: uint(pak.ID),
}
2021-11-15 09:16:04 -07:00
app.db.Save(machine)
2021-05-11 18:55:36 -06:00
2022-03-01 09:34:35 -07:00
_, err = app.GetMachine("test", "testmachine")
2021-05-11 18:55:36 -06:00
c.Assert(err, check.IsNil)
2021-07-16 16:14:22 -06:00
}
func (s *Suite) TestGetMachineByID(c *check.C) {
2021-11-15 09:16:04 -07:00
namespace, err := app.CreateNamespace("test")
2021-07-16 16:14:22 -06:00
c.Assert(err, check.IsNil)
2021-05-11 18:55:36 -06:00
2021-11-15 09:16:04 -07:00
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
2021-07-16 16:14:22 -06:00
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
_, err = app.GetMachineByID(0)
2021-07-16 16:14:22 -06:00
c.Assert(err, check.NotNil)
2021-11-15 09:16:04 -07:00
machine := Machine{
2021-07-16 16:14:22 -06:00
ID: 0,
MachineKey: "foo",
NodeKey: "bar",
DiscoKey: "faa",
Hostname: "testmachine",
2021-11-15 09:16:04 -07:00
NamespaceID: namespace.ID,
2021-11-18 01:49:55 -07:00
RegisterMethod: RegisterMethodAuthKey,
2021-07-16 16:14:22 -06:00
AuthKeyID: uint(pak.ID),
}
2021-11-15 09:16:04 -07:00
app.db.Save(&machine)
2021-07-16 16:14:22 -06:00
2022-03-01 09:34:35 -07:00
_, err = app.GetMachineByID(0)
2021-07-16 16:14:22 -06:00
c.Assert(err, check.IsNil)
}
func (s *Suite) TestGetMachineByNodeKey(c *check.C) {
namespace, err := app.CreateNamespace("test")
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
c.Assert(err, check.IsNil)
_, err = app.GetMachineByID(0)
c.Assert(err, check.NotNil)
nodeKey := key.NewNode()
machine := Machine{
ID: 0,
MachineKey: "foo",
NodeKey: NodePublicKeyStripPrefix(nodeKey.Public()),
DiscoKey: "faa",
Hostname: "testmachine",
NamespaceID: namespace.ID,
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
}
app.db.Save(&machine)
_, err = app.GetMachineByNodeKey(nodeKey.Public())
c.Assert(err, check.IsNil)
}
func (s *Suite) TestGetMachineByAnyNodeKey(c *check.C) {
namespace, err := app.CreateNamespace("test")
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
c.Assert(err, check.IsNil)
_, err = app.GetMachineByID(0)
c.Assert(err, check.NotNil)
nodeKey := key.NewNode()
oldNodeKey := key.NewNode()
machine := Machine{
ID: 0,
MachineKey: "foo",
NodeKey: NodePublicKeyStripPrefix(nodeKey.Public()),
DiscoKey: "faa",
Hostname: "testmachine",
NamespaceID: namespace.ID,
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
}
app.db.Save(&machine)
_, err = app.GetMachineByAnyNodeKey(nodeKey.Public(), oldNodeKey.Public())
c.Assert(err, check.IsNil)
}
2021-07-16 16:14:22 -06:00
func (s *Suite) TestDeleteMachine(c *check.C) {
2021-11-15 09:16:04 -07:00
namespace, err := app.CreateNamespace("test")
2021-07-16 16:14:22 -06:00
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
machine := Machine{
2021-07-16 16:14:22 -06:00
ID: 0,
MachineKey: "foo",
NodeKey: "bar",
DiscoKey: "faa",
Hostname: "testmachine",
2021-11-15 09:16:04 -07:00
NamespaceID: namespace.ID,
2021-11-18 01:49:55 -07:00
RegisterMethod: RegisterMethodAuthKey,
2021-07-16 16:14:22 -06:00
AuthKeyID: uint(1),
}
2021-11-15 09:16:04 -07:00
app.db.Save(&machine)
err = app.DeleteMachine(&machine)
2021-07-16 16:29:14 -06:00
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
_, err = app.GetMachine(namespace.Name, "testmachine")
2021-07-16 16:14:22 -06:00
c.Assert(err, check.NotNil)
}
func (s *Suite) TestHardDeleteMachine(c *check.C) {
2021-11-15 09:16:04 -07:00
namespace, err := app.CreateNamespace("test")
2021-07-16 16:14:22 -06:00
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
machine := Machine{
2021-07-16 16:14:22 -06:00
ID: 0,
MachineKey: "foo",
NodeKey: "bar",
DiscoKey: "faa",
Hostname: "testmachine3",
2021-11-15 09:16:04 -07:00
NamespaceID: namespace.ID,
2021-11-18 01:49:55 -07:00
RegisterMethod: RegisterMethodAuthKey,
2021-07-16 16:14:22 -06:00
AuthKeyID: uint(1),
}
2021-11-15 09:16:04 -07:00
app.db.Save(&machine)
err = app.HardDeleteMachine(&machine)
2021-07-16 16:29:14 -06:00
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
_, err = app.GetMachine(namespace.Name, "testmachine3")
2021-07-16 16:14:22 -06:00
c.Assert(err, check.NotNil)
2021-05-11 18:55:36 -06:00
}
2022-02-25 02:26:34 -07:00
func (s *Suite) TestListPeers(c *check.C) {
2021-11-15 09:16:04 -07:00
namespace, err := app.CreateNamespace("test")
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
_, err = app.GetMachineByID(0)
c.Assert(err, check.NotNil)
2021-11-15 09:16:04 -07:00
for index := 0; index <= 10; index++ {
machine := Machine{
ID: uint64(index),
MachineKey: "foo" + strconv.Itoa(index),
NodeKey: "bar" + strconv.Itoa(index),
DiscoKey: "faa" + strconv.Itoa(index),
Hostname: "testmachine" + strconv.Itoa(index),
2021-11-15 09:16:04 -07:00
NamespaceID: namespace.ID,
2021-11-18 01:49:55 -07:00
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
}
2021-11-15 09:16:04 -07:00
app.db.Save(&machine)
}
2021-11-15 09:16:04 -07:00
machine0ByID, err := app.GetMachineByID(0)
c.Assert(err, check.IsNil)
2022-02-25 02:26:34 -07:00
peersOfMachine0, err := app.ListPeers(machine0ByID)
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
c.Assert(len(peersOfMachine0), check.Equals, 9)
c.Assert(peersOfMachine0[0].Hostname, check.Equals, "testmachine2")
c.Assert(peersOfMachine0[5].Hostname, check.Equals, "testmachine7")
c.Assert(peersOfMachine0[8].Hostname, check.Equals, "testmachine10")
}
2021-11-21 06:40:19 -07:00
func (s *Suite) TestGetACLFilteredPeers(c *check.C) {
type base struct {
namespace *Namespace
key *PreAuthKey
}
stor := make([]base, 0)
for _, name := range []string{"test", "admin"} {
namespace, err := app.CreateNamespace(name)
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
c.Assert(err, check.IsNil)
stor = append(stor, base{namespace, pak})
}
_, err := app.GetMachineByID(0)
c.Assert(err, check.NotNil)
for index := 0; index <= 10; index++ {
machine := Machine{
2022-02-14 07:54:51 -07:00
ID: uint64(index),
MachineKey: "foo" + strconv.Itoa(index),
NodeKey: "bar" + strconv.Itoa(index),
DiscoKey: "faa" + strconv.Itoa(index),
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr(fmt.Sprintf("100.64.0.%v", strconv.Itoa(index+1))),
2022-02-14 07:54:51 -07:00
},
Hostname: "testmachine" + strconv.Itoa(index),
NamespaceID: stor[index%2].namespace.ID,
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(stor[index%2].key.ID),
}
app.db.Save(&machine)
}
app.aclPolicy = &ACLPolicy{
Groups: map[string][]string{
"group:test": {"admin"},
},
2022-09-01 16:04:31 -06:00
Hosts: map[string]netip.Prefix{},
TagOwners: map[string][]string{},
ACLs: []ACL{
2022-08-04 02:47:00 -06:00
{
Action: "accept",
Sources: []string{"admin"},
Destinations: []string{"*:*"},
},
{
Action: "accept",
Sources: []string{"test"},
Destinations: []string{"test:*"},
},
},
Tests: []ACLTest{},
}
2022-02-03 12:00:41 -07:00
err = app.UpdateACLRules()
c.Assert(err, check.IsNil)
adminMachine, err := app.GetMachineByID(1)
c.Logf("Machine(%v), namespace: %v", adminMachine.Hostname, adminMachine.Namespace)
c.Assert(err, check.IsNil)
testMachine, err := app.GetMachineByID(2)
c.Logf("Machine(%v), namespace: %v", testMachine.Hostname, testMachine.Namespace)
c.Assert(err, check.IsNil)
2022-02-25 02:26:34 -07:00
machines, err := app.ListMachines()
c.Assert(err, check.IsNil)
2022-02-21 02:02:59 -07:00
peersOfTestMachine := getFilteredByACLPeers(machines, app.aclRules, testMachine)
peersOfAdminMachine := getFilteredByACLPeers(machines, app.aclRules, adminMachine)
c.Log(peersOfTestMachine)
c.Assert(len(peersOfTestMachine), check.Equals, 4)
c.Assert(peersOfTestMachine[0].Hostname, check.Equals, "testmachine4")
c.Assert(peersOfTestMachine[1].Hostname, check.Equals, "testmachine6")
c.Assert(peersOfTestMachine[3].Hostname, check.Equals, "testmachine10")
c.Log(peersOfAdminMachine)
c.Assert(len(peersOfAdminMachine), check.Equals, 9)
c.Assert(peersOfAdminMachine[0].Hostname, check.Equals, "testmachine2")
c.Assert(peersOfAdminMachine[2].Hostname, check.Equals, "testmachine4")
c.Assert(peersOfAdminMachine[5].Hostname, check.Equals, "testmachine7")
}
2021-11-21 06:40:19 -07:00
func (s *Suite) TestExpireMachine(c *check.C) {
namespace, err := app.CreateNamespace("test")
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
c.Assert(err, check.IsNil)
_, err = app.GetMachine("test", "testmachine")
c.Assert(err, check.NotNil)
machine := &Machine{
ID: 0,
MachineKey: "foo",
NodeKey: "bar",
DiscoKey: "faa",
Hostname: "testmachine",
2021-11-21 06:40:19 -07:00
NamespaceID: namespace.ID,
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
Expiry: &time.Time{},
}
app.db.Save(machine)
machineFromDB, err := app.GetMachine("test", "testmachine")
c.Assert(err, check.IsNil)
2022-06-26 04:30:52 -06:00
c.Assert(machineFromDB, check.NotNil)
2021-11-21 06:40:19 -07:00
c.Assert(machineFromDB.isExpired(), check.Equals, false)
2022-06-26 04:30:52 -06:00
err = app.ExpireMachine(machineFromDB)
c.Assert(err, check.IsNil)
2021-11-21 06:40:19 -07:00
c.Assert(machineFromDB.isExpired(), check.Equals, true)
}
2022-01-16 06:16:59 -07:00
func (s *Suite) TestSerdeAddressStrignSlice(c *check.C) {
2022-09-01 16:04:31 -06:00
input := MachineAddresses([]netip.Addr{
netip.MustParseAddr("192.0.2.1"),
netip.MustParseAddr("2001:db8::1"),
2022-01-16 06:16:59 -07:00
})
serialized, err := input.Value()
c.Assert(err, check.IsNil)
2022-01-30 01:35:10 -07:00
if serial, ok := serialized.(string); ok {
c.Assert(serial, check.Equals, "192.0.2.1,2001:db8::1")
}
2022-01-16 06:16:59 -07:00
var deserialized MachineAddresses
err = deserialized.Scan(serialized)
c.Assert(err, check.IsNil)
c.Assert(len(deserialized), check.Equals, len(input))
for i := range deserialized {
c.Assert(deserialized[i], check.Equals, input[i])
}
}
func (s *Suite) TestSetTags(c *check.C) {
namespace, err := app.CreateNamespace("test")
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
c.Assert(err, check.IsNil)
_, err = app.GetMachine("test", "testmachine")
c.Assert(err, check.NotNil)
machine := &Machine{
ID: 0,
MachineKey: "foo",
NodeKey: "bar",
DiscoKey: "faa",
Hostname: "testmachine",
NamespaceID: namespace.ID,
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
}
app.db.Save(machine)
// assign simple tags
sTags := []string{"tag:test", "tag:foo"}
err = app.SetTags(machine, sTags)
c.Assert(err, check.IsNil)
machine, err = app.GetMachine("test", "testmachine")
c.Assert(err, check.IsNil)
c.Assert(machine.ForcedTags, check.DeepEquals, StringList(sTags))
// assign duplicat tags, expect no errors but no doubles in DB
eTags := []string{"tag:bar", "tag:test", "tag:unknown", "tag:test"}
err = app.SetTags(machine, eTags)
c.Assert(err, check.IsNil)
machine, err = app.GetMachine("test", "testmachine")
c.Assert(err, check.IsNil)
c.Assert(
machine.ForcedTags,
check.DeepEquals,
StringList([]string{"tag:bar", "tag:test", "tag:unknown"}),
)
}
2022-04-16 05:15:04 -06:00
func Test_getTags(t *testing.T) {
type args struct {
aclPolicy *ACLPolicy
2022-04-16 05:15:04 -06:00
machine Machine
stripEmailDomain bool
}
tests := []struct {
name string
args args
wantInvalid []string
wantValid []string
}{
{
name: "valid tag one machine",
args: args{
aclPolicy: &ACLPolicy{
2022-04-16 05:15:04 -06:00
TagOwners: TagOwners{
"tag:valid": []string{"joe"},
},
},
machine: Machine{
Namespace: Namespace{
Name: "joe",
},
HostInfo: HostInfo{
RequestTags: []string{"tag:valid"},
},
},
stripEmailDomain: false,
},
wantValid: []string{"tag:valid"},
wantInvalid: nil,
},
{
name: "invalid tag and valid tag one machine",
args: args{
aclPolicy: &ACLPolicy{
2022-04-16 05:15:04 -06:00
TagOwners: TagOwners{
"tag:valid": []string{"joe"},
},
},
machine: Machine{
Namespace: Namespace{
Name: "joe",
},
HostInfo: HostInfo{
RequestTags: []string{"tag:valid", "tag:invalid"},
},
},
stripEmailDomain: false,
},
wantValid: []string{"tag:valid"},
wantInvalid: []string{"tag:invalid"},
},
{
name: "multiple invalid and identical tags, should return only one invalid tag",
args: args{
aclPolicy: &ACLPolicy{
2022-04-16 05:15:04 -06:00
TagOwners: TagOwners{
"tag:valid": []string{"joe"},
},
},
machine: Machine{
Namespace: Namespace{
Name: "joe",
},
HostInfo: HostInfo{
RequestTags: []string{
"tag:invalid",
"tag:valid",
"tag:invalid",
},
},
},
stripEmailDomain: false,
},
wantValid: []string{"tag:valid"},
wantInvalid: []string{"tag:invalid"},
},
{
name: "only invalid tags",
args: args{
aclPolicy: &ACLPolicy{
2022-04-16 05:15:04 -06:00
TagOwners: TagOwners{
"tag:valid": []string{"joe"},
},
},
machine: Machine{
Namespace: Namespace{
Name: "joe",
},
HostInfo: HostInfo{
RequestTags: []string{"tag:invalid", "very-invalid"},
},
},
stripEmailDomain: false,
},
wantValid: nil,
wantInvalid: []string{"tag:invalid", "very-invalid"},
},
{
name: "empty ACLPolicy should return empty tags and should not panic",
args: args{
aclPolicy: nil,
machine: Machine{
Namespace: Namespace{
Name: "joe",
},
HostInfo: HostInfo{
RequestTags: []string{"tag:invalid", "very-invalid"},
},
},
stripEmailDomain: false,
},
wantValid: nil,
wantInvalid: nil,
},
2022-04-16 05:15:04 -06:00
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
gotValid, gotInvalid := getTags(
test.args.aclPolicy,
test.args.machine,
test.args.stripEmailDomain,
)
2022-04-25 14:07:44 -06:00
for _, valid := range gotValid {
if !contains(test.wantValid, valid) {
2022-04-25 14:27:44 -06:00
t.Errorf(
"valids: getTags() = %v, want %v",
gotValid,
test.wantValid,
)
2022-04-25 14:07:44 -06:00
break
}
2022-04-16 05:15:04 -06:00
}
2022-04-25 14:07:44 -06:00
for _, invalid := range gotInvalid {
if !contains(test.wantInvalid, invalid) {
2022-04-25 14:27:44 -06:00
t.Errorf(
"invalids: getTags() = %v, want %v",
gotInvalid,
test.wantInvalid,
)
2022-04-25 14:07:44 -06:00
break
}
2022-04-16 05:15:04 -06:00
}
})
}
}
func Test_getFilteredByACLPeers(t *testing.T) {
type args struct {
machines []Machine
rules []tailcfg.FilterRule
machine *Machine
}
tests := []struct {
2022-02-21 02:02:59 -07:00
name string
args args
want Machines
}{
{
name: "all hosts can talk to each other",
args: args{
machines: []Machine{ // list of all machines in the database
{
2022-02-21 08:06:20 -07:00
ID: 1,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.1"),
2022-02-21 08:06:20 -07:00
},
Namespace: Namespace{Name: "joe"},
},
{
2022-02-21 08:06:20 -07:00
ID: 2,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.2"),
2022-02-21 08:06:20 -07:00
},
Namespace: Namespace{Name: "marc"},
},
{
2022-02-21 08:06:20 -07:00
ID: 3,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.3"),
2022-02-21 08:06:20 -07:00
},
Namespace: Namespace{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
2022-02-21 02:02:59 -07:00
{
SrcIPs: []string{"100.64.0.1", "100.64.0.2", "100.64.0.3"},
DstPorts: []tailcfg.NetPortRange{
{IP: "*"},
},
},
},
machine: &Machine{ // current machine
ID: 1,
2022-09-01 16:04:31 -06:00
IPAddresses: MachineAddresses{netip.MustParseAddr("100.64.0.1")},
Namespace: Namespace{Name: "joe"},
},
},
want: Machines{
{
ID: 2,
2022-09-01 16:04:31 -06:00
IPAddresses: MachineAddresses{netip.MustParseAddr("100.64.0.2")},
Namespace: Namespace{Name: "marc"},
},
{
ID: 3,
2022-09-01 16:04:31 -06:00
IPAddresses: MachineAddresses{netip.MustParseAddr("100.64.0.3")},
Namespace: Namespace{Name: "mickael"},
},
},
},
{
name: "One host can talk to another, but not all hosts",
args: args{
machines: []Machine{ // list of all machines in the database
{
2022-02-21 08:06:20 -07:00
ID: 1,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.1"),
2022-02-21 08:06:20 -07:00
},
Namespace: Namespace{Name: "joe"},
},
{
2022-02-21 08:06:20 -07:00
ID: 2,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.2"),
2022-02-21 08:06:20 -07:00
},
Namespace: Namespace{Name: "marc"},
},
{
2022-02-21 08:06:20 -07:00
ID: 3,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.3"),
2022-02-21 08:06:20 -07:00
},
Namespace: Namespace{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
2022-02-21 02:02:59 -07:00
{
SrcIPs: []string{"100.64.0.1", "100.64.0.2", "100.64.0.3"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.2"},
},
},
},
machine: &Machine{ // current machine
ID: 1,
2022-09-01 16:04:31 -06:00
IPAddresses: MachineAddresses{netip.MustParseAddr("100.64.0.1")},
Namespace: Namespace{Name: "joe"},
},
},
want: Machines{
{
ID: 2,
2022-09-01 16:04:31 -06:00
IPAddresses: MachineAddresses{netip.MustParseAddr("100.64.0.2")},
Namespace: Namespace{Name: "marc"},
},
},
},
{
name: "host cannot directly talk to destination, but return path is authorized",
args: args{
machines: []Machine{ // list of all machines in the database
{
2022-02-21 08:06:20 -07:00
ID: 1,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.1"),
2022-02-21 08:06:20 -07:00
},
Namespace: Namespace{Name: "joe"},
},
{
2022-02-21 08:06:20 -07:00
ID: 2,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.2"),
2022-02-21 08:06:20 -07:00
},
Namespace: Namespace{Name: "marc"},
},
{
2022-02-21 08:06:20 -07:00
ID: 3,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.3"),
2022-02-21 08:06:20 -07:00
},
Namespace: Namespace{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
2022-02-21 02:02:59 -07:00
{
SrcIPs: []string{"100.64.0.3"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.2"},
},
},
},
machine: &Machine{ // current machine
ID: 2,
2022-09-01 16:04:31 -06:00
IPAddresses: MachineAddresses{netip.MustParseAddr("100.64.0.2")},
Namespace: Namespace{Name: "marc"},
},
},
want: Machines{
{
ID: 3,
2022-09-01 16:04:31 -06:00
IPAddresses: MachineAddresses{netip.MustParseAddr("100.64.0.3")},
Namespace: Namespace{Name: "mickael"},
},
},
},
{
name: "rules allows all hosts to reach one destination",
args: args{
machines: []Machine{ // list of all machines in the database
{
ID: 1,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.1"),
},
Namespace: Namespace{Name: "joe"},
},
{
ID: 2,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.2"),
},
Namespace: Namespace{Name: "marc"},
},
{
ID: 3,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.3"),
},
Namespace: Namespace{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
{
SrcIPs: []string{"*"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.2"},
},
},
},
machine: &Machine{ // current machine
ID: 1,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.1"),
},
Namespace: Namespace{Name: "joe"},
},
},
want: Machines{
{
ID: 2,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.2"),
},
Namespace: Namespace{Name: "marc"},
},
},
},
{
name: "rules allows all hosts to reach one destination, destination can reach all hosts",
args: args{
machines: []Machine{ // list of all machines in the database
{
ID: 1,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.1"),
},
Namespace: Namespace{Name: "joe"},
},
{
ID: 2,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.2"),
},
Namespace: Namespace{Name: "marc"},
},
{
ID: 3,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.3"),
},
Namespace: Namespace{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
{
SrcIPs: []string{"*"},
DstPorts: []tailcfg.NetPortRange{
{IP: "100.64.0.2"},
},
},
},
machine: &Machine{ // current machine
ID: 2,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.2"),
},
Namespace: Namespace{Name: "marc"},
},
},
want: Machines{
{
ID: 1,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.1"),
},
Namespace: Namespace{Name: "joe"},
},
{
ID: 3,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.3"),
},
Namespace: Namespace{Name: "mickael"},
},
},
},
{
name: "rule allows all hosts to reach all destinations",
args: args{
machines: []Machine{ // list of all machines in the database
{
ID: 1,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.1"),
},
Namespace: Namespace{Name: "joe"},
},
{
ID: 2,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.2"),
},
Namespace: Namespace{Name: "marc"},
},
{
ID: 3,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.3"),
},
Namespace: Namespace{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
{
SrcIPs: []string{"*"},
DstPorts: []tailcfg.NetPortRange{
{IP: "*"},
},
},
},
machine: &Machine{ // current machine
ID: 2,
2022-09-01 16:04:31 -06:00
IPAddresses: MachineAddresses{netip.MustParseAddr("100.64.0.2")},
Namespace: Namespace{Name: "marc"},
},
},
want: Machines{
{
ID: 1,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.1"),
},
Namespace: Namespace{Name: "joe"},
},
{
ID: 3,
2022-09-01 16:04:31 -06:00
IPAddresses: MachineAddresses{netip.MustParseAddr("100.64.0.3")},
Namespace: Namespace{Name: "mickael"},
},
},
},
{
name: "without rule all communications are forbidden",
args: args{
machines: []Machine{ // list of all machines in the database
{
ID: 1,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.1"),
},
Namespace: Namespace{Name: "joe"},
},
{
ID: 2,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.2"),
},
Namespace: Namespace{Name: "marc"},
},
{
ID: 3,
IPAddresses: MachineAddresses{
2022-09-01 16:04:31 -06:00
netip.MustParseAddr("100.64.0.3"),
},
Namespace: Namespace{Name: "mickael"},
},
},
rules: []tailcfg.FilterRule{ // list of all ACLRules registered
},
machine: &Machine{ // current machine
ID: 2,
2022-09-01 16:04:31 -06:00
IPAddresses: MachineAddresses{netip.MustParseAddr("100.64.0.2")},
Namespace: Namespace{Name: "marc"},
},
},
want: Machines{},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
2022-02-21 08:06:20 -07:00
got := getFilteredByACLPeers(
tt.args.machines,
tt.args.rules,
tt.args.machine,
)
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("getFilteredByACLPeers() = %v, want %v", got, tt.want)
}
})
}
}
func TestHeadscale_GenerateGivenName(t *testing.T) {
type args struct {
suppliedName string
}
tests := []struct {
name string
h *Headscale
args args
want string
wantErr bool
}{
{
name: "simple machine name generation",
h: &Headscale{
2022-06-05 09:47:26 -06:00
cfg: &Config{
OIDC: OIDCConfig{
StripEmaildomain: true,
},
},
},
args: args{
suppliedName: "testmachine",
},
want: "testmachine",
wantErr: false,
},
{
name: "machine name with 53 chars",
h: &Headscale{
2022-06-05 09:47:26 -06:00
cfg: &Config{
OIDC: OIDCConfig{
StripEmaildomain: true,
},
},
},
args: args{
suppliedName: "testmaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaachine",
},
want: "testmaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaachine",
wantErr: false,
},
{
name: "machine name with 60 chars",
h: &Headscale{
2022-06-05 09:47:26 -06:00
cfg: &Config{
OIDC: OIDCConfig{
StripEmaildomain: true,
},
},
},
args: args{
suppliedName: "testmaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaachine1234567",
},
want: "testmaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaachine",
wantErr: false,
},
{
name: "machine name with 63 chars",
h: &Headscale{
2022-06-05 09:47:26 -06:00
cfg: &Config{
OIDC: OIDCConfig{
StripEmaildomain: true,
},
},
},
args: args{
suppliedName: "testmaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaachine1234567890",
},
want: "testmaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
wantErr: false,
},
{
name: "machine name with 64 chars",
h: &Headscale{
2022-06-05 09:47:26 -06:00
cfg: &Config{
OIDC: OIDCConfig{
StripEmaildomain: true,
},
},
},
args: args{
suppliedName: "testmaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaachine1234567891",
},
want: "testmaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
wantErr: false,
},
{
name: "machine name with 73 chars",
h: &Headscale{
2022-06-05 09:47:26 -06:00
cfg: &Config{
OIDC: OIDCConfig{
StripEmaildomain: true,
},
},
},
args: args{
suppliedName: "testmaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaachine12345678901234567890",
},
want: "",
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := tt.h.GenerateGivenName(tt.args.suppliedName)
if (err != nil) != tt.wantErr {
t.Errorf(
"Headscale.GenerateGivenName() error = %v, wantErr %v",
err,
tt.wantErr,
)
2022-06-26 03:43:17 -06:00
return
}
if tt.want != "" && strings.Contains(tt.want, got) {
t.Errorf(
"Headscale.GenerateGivenName() = %v, is not a substring of %v",
tt.want,
got,
)
}
if len(got) > labelHostnameLength {
t.Errorf(
"Headscale.GenerateGivenName() = %v is larger than allowed DNS segment %d",
got,
labelHostnameLength,
)
}
})
}
}
2022-08-24 06:09:06 -06:00
func (s *Suite) TestAutoApproveRoutes(c *check.C) {
err := app.LoadACLPolicy("./tests/acls/acl_policy_autoapprovers.hujson")
c.Assert(err, check.IsNil)
namespace, err := app.CreateNamespace("test")
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil)
c.Assert(err, check.IsNil)
nodeKey := key.NewNode()
2022-09-04 17:33:53 -06:00
defaultRoute := netip.MustParsePrefix("0.0.0.0/0")
route1 := netip.MustParsePrefix("10.10.0.0/16")
route2 := netip.MustParsePrefix("10.11.0.0/16")
2022-08-24 06:09:06 -06:00
machine := Machine{
ID: 0,
MachineKey: "foo",
NodeKey: NodePublicKeyStripPrefix(nodeKey.Public()),
DiscoKey: "faa",
Hostname: "test",
NamespaceID: namespace.ID,
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
HostInfo: HostInfo{
RequestTags: []string{"tag:exit"},
2022-09-04 17:33:53 -06:00
RoutableIPs: []netip.Prefix{defaultRoute, route1, route2},
2022-08-24 06:09:06 -06:00
},
2022-09-04 17:33:53 -06:00
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.1")},
2022-08-24 06:09:06 -06:00
}
app.db.Save(&machine)
machine0ByID, err := app.GetMachineByID(0)
c.Assert(err, check.IsNil)
app.EnableAutoApprovedRoutes(machine0ByID)
c.Assert(machine0ByID.GetEnabledRoutes(), check.HasLen, 3)
}