Remove database from Mapper
This commit changes the internals of the mapper to track all the changes to peers over its lifetime. This means that it no longer depends on the database and this should hopefully help with locks and timing issues. When the mapper is created, it needs the current list of peers, the world view, when the polling session was started. Then as update changes are called, it tracks the changes and generates responses based on its internal list. As a side, the types.Machines and types.MachinesP, as well as types.Machine being passed as a full struct and pointer has been changed to always be pointers, everywhere. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
parent
3b0749a320
commit
387aa03adb
15 changed files with 251 additions and 236 deletions
|
@ -214,7 +214,7 @@ func NewHeadscaleDatabase(
|
||||||
Msg("Failed to normalize machine hostname in DB migration")
|
Msg("Failed to normalize machine hostname in DB migration")
|
||||||
}
|
}
|
||||||
|
|
||||||
err = db.RenameMachine(&machines[item], normalizedHostname)
|
err = db.RenameMachine(machines[item], normalizedHostname)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error().
|
log.Error().
|
||||||
Caller().
|
Caller().
|
||||||
|
|
|
@ -123,7 +123,7 @@ func (hsdb *HSDatabase) GetMachine(user string, name string) (*types.Machine, er
|
||||||
|
|
||||||
for _, m := range machines {
|
for _, m := range machines {
|
||||||
if m.Hostname == name {
|
if m.Hostname == name {
|
||||||
return &m, nil
|
return m, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -267,7 +267,7 @@ func (hsdb *HSDatabase) SetTags(
|
||||||
|
|
||||||
hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
|
hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
|
||||||
Type: types.StatePeerChanged,
|
Type: types.StatePeerChanged,
|
||||||
Changed: []uint64{machine.ID},
|
Changed: types.Machines{machine},
|
||||||
}, machine.MachineKey)
|
}, machine.MachineKey)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -303,7 +303,7 @@ func (hsdb *HSDatabase) RenameMachine(machine *types.Machine, newName string) er
|
||||||
|
|
||||||
hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
|
hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
|
||||||
Type: types.StatePeerChanged,
|
Type: types.StatePeerChanged,
|
||||||
Changed: []uint64{machine.ID},
|
Changed: types.Machines{machine},
|
||||||
}, machine.MachineKey)
|
}, machine.MachineKey)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -332,7 +332,7 @@ func (hsdb *HSDatabase) machineSetExpiry(machine *types.Machine, expiry time.Tim
|
||||||
|
|
||||||
hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
|
hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
|
||||||
Type: types.StatePeerChanged,
|
Type: types.StatePeerChanged,
|
||||||
Changed: []uint64{machine.ID},
|
Changed: types.Machines{machine},
|
||||||
}, machine.MachineKey)
|
}, machine.MachineKey)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -713,7 +713,7 @@ func (hsdb *HSDatabase) enableRoutes(machine *types.Machine, routeStrs ...string
|
||||||
|
|
||||||
hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
|
hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
|
||||||
Type: types.StatePeerChanged,
|
Type: types.StatePeerChanged,
|
||||||
Changed: []uint64{machine.ID},
|
Changed: types.Machines{machine},
|
||||||
}, machine.MachineKey)
|
}, machine.MachineKey)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -807,7 +807,7 @@ func (hsdb *HSDatabase) ExpireEphemeralMachines(inactivityThreshhold time.Durati
|
||||||
Str("machine", machine.Hostname).
|
Str("machine", machine.Hostname).
|
||||||
Msg("Ephemeral client removed from database")
|
Msg("Ephemeral client removed from database")
|
||||||
|
|
||||||
err = hsdb.deleteMachine(&machines[idx])
|
err = hsdb.deleteMachine(machines[idx])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error().
|
log.Error().
|
||||||
Err(err).
|
Err(err).
|
||||||
|
@ -860,7 +860,7 @@ func (hsdb *HSDatabase) ExpireExpiredMachines(lastCheck time.Time) time.Time {
|
||||||
expired = append(expired, tailcfg.NodeID(machine.ID))
|
expired = append(expired, tailcfg.NodeID(machine.ID))
|
||||||
|
|
||||||
now := time.Now()
|
now := time.Now()
|
||||||
err := hsdb.machineSetExpiry(&machines[index], now)
|
err := hsdb.machineSetExpiry(machines[index], now)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error().
|
log.Error().
|
||||||
Err(err).
|
Err(err).
|
||||||
|
|
|
@ -590,7 +590,7 @@ func (s *Suite) TestAutoApproveRoutes(c *check.C) {
|
||||||
|
|
||||||
db.db.Save(&machine)
|
db.db.Save(&machine)
|
||||||
|
|
||||||
err = db.ProcessMachineRoutes(&machine)
|
err = db.SaveMachineRoutes(&machine)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
machine0ByID, err := db.GetMachineByID(0)
|
machine0ByID, err := db.GetMachineByID(0)
|
||||||
|
|
|
@ -257,14 +257,16 @@ func (hsdb *HSDatabase) GetMachinePrimaryRoutes(machine *types.Machine) (types.R
|
||||||
return routes, nil
|
return routes, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (hsdb *HSDatabase) ProcessMachineRoutes(machine *types.Machine) error {
|
// SaveMachineRoutes takes a machine and updates the database with
|
||||||
|
// the new routes.
|
||||||
|
func (hsdb *HSDatabase) SaveMachineRoutes(machine *types.Machine) error {
|
||||||
hsdb.mu.Lock()
|
hsdb.mu.Lock()
|
||||||
defer hsdb.mu.Unlock()
|
defer hsdb.mu.Unlock()
|
||||||
|
|
||||||
return hsdb.processMachineRoutes(machine)
|
return hsdb.saveMachineRoutes(machine)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (hsdb *HSDatabase) processMachineRoutes(machine *types.Machine) error {
|
func (hsdb *HSDatabase) saveMachineRoutes(machine *types.Machine) error {
|
||||||
currentRoutes := types.Routes{}
|
currentRoutes := types.Routes{}
|
||||||
err := hsdb.db.Where("machine_id = ?", machine.ID).Find(¤tRoutes).Error
|
err := hsdb.db.Where("machine_id = ?", machine.ID).Find(¤tRoutes).Error
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -332,7 +334,7 @@ func (hsdb *HSDatabase) handlePrimarySubnetFailover() error {
|
||||||
log.Error().Err(err).Msg("error getting routes")
|
log.Error().Err(err).Msg("error getting routes")
|
||||||
}
|
}
|
||||||
|
|
||||||
changedMachines := make([]uint64, 0)
|
changedMachines := make(types.Machines, 0)
|
||||||
for pos, route := range routes {
|
for pos, route := range routes {
|
||||||
if route.IsExitRoute() {
|
if route.IsExitRoute() {
|
||||||
continue
|
continue
|
||||||
|
@ -353,7 +355,7 @@ func (hsdb *HSDatabase) handlePrimarySubnetFailover() error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
changedMachines = append(changedMachines, route.MachineID)
|
changedMachines = append(changedMachines, &route.Machine)
|
||||||
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
@ -427,7 +429,7 @@ func (hsdb *HSDatabase) handlePrimarySubnetFailover() error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
changedMachines = append(changedMachines, route.MachineID)
|
changedMachines = append(changedMachines, &route.Machine)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -488,7 +490,7 @@ func (hsdb *HSDatabase) EnableAutoApprovedRoutes(
|
||||||
approvedRoutes = append(approvedRoutes, advertisedRoute)
|
approvedRoutes = append(approvedRoutes, advertisedRoute)
|
||||||
} else {
|
} else {
|
||||||
// TODO(kradalby): figure out how to get this to depend on less stuff
|
// TODO(kradalby): figure out how to get this to depend on less stuff
|
||||||
approvedIps, err := aclPolicy.ExpandAlias(types.Machines{*machine}, approvedAlias)
|
approvedIps, err := aclPolicy.ExpandAlias(types.Machines{machine}, approvedAlias)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Err(err).
|
log.Err(err).
|
||||||
Str("alias", approvedAlias).
|
Str("alias", approvedAlias).
|
||||||
|
|
|
@ -40,7 +40,7 @@ func (s *Suite) TestGetRoutes(c *check.C) {
|
||||||
}
|
}
|
||||||
db.db.Save(&machine)
|
db.db.Save(&machine)
|
||||||
|
|
||||||
err = db.ProcessMachineRoutes(&machine)
|
err = db.SaveMachineRoutes(&machine)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
advertisedRoutes, err := db.GetAdvertisedRoutes(&machine)
|
advertisedRoutes, err := db.GetAdvertisedRoutes(&machine)
|
||||||
|
@ -91,7 +91,7 @@ func (s *Suite) TestGetEnableRoutes(c *check.C) {
|
||||||
}
|
}
|
||||||
db.db.Save(&machine)
|
db.db.Save(&machine)
|
||||||
|
|
||||||
err = db.ProcessMachineRoutes(&machine)
|
err = db.SaveMachineRoutes(&machine)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
availableRoutes, err := db.GetAdvertisedRoutes(&machine)
|
availableRoutes, err := db.GetAdvertisedRoutes(&machine)
|
||||||
|
@ -165,7 +165,7 @@ func (s *Suite) TestIsUniquePrefix(c *check.C) {
|
||||||
}
|
}
|
||||||
db.db.Save(&machine1)
|
db.db.Save(&machine1)
|
||||||
|
|
||||||
err = db.ProcessMachineRoutes(&machine1)
|
err = db.SaveMachineRoutes(&machine1)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
err = db.enableRoutes(&machine1, route.String())
|
err = db.enableRoutes(&machine1, route.String())
|
||||||
|
@ -190,7 +190,7 @@ func (s *Suite) TestIsUniquePrefix(c *check.C) {
|
||||||
}
|
}
|
||||||
db.db.Save(&machine2)
|
db.db.Save(&machine2)
|
||||||
|
|
||||||
err = db.ProcessMachineRoutes(&machine2)
|
err = db.SaveMachineRoutes(&machine2)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
err = db.enableRoutes(&machine2, route2.String())
|
err = db.enableRoutes(&machine2, route2.String())
|
||||||
|
@ -252,7 +252,7 @@ func (s *Suite) TestSubnetFailover(c *check.C) {
|
||||||
}
|
}
|
||||||
db.db.Save(&machine1)
|
db.db.Save(&machine1)
|
||||||
|
|
||||||
err = db.ProcessMachineRoutes(&machine1)
|
err = db.SaveMachineRoutes(&machine1)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
err = db.enableRoutes(&machine1, prefix.String())
|
err = db.enableRoutes(&machine1, prefix.String())
|
||||||
|
@ -289,7 +289,7 @@ func (s *Suite) TestSubnetFailover(c *check.C) {
|
||||||
}
|
}
|
||||||
db.db.Save(&machine2)
|
db.db.Save(&machine2)
|
||||||
|
|
||||||
err = db.ProcessMachineRoutes(&machine2)
|
err = db.SaveMachineRoutes(&machine2)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
err = db.enableRoutes(&machine2, prefix2.String())
|
err = db.enableRoutes(&machine2, prefix2.String())
|
||||||
|
@ -337,7 +337,7 @@ func (s *Suite) TestSubnetFailover(c *check.C) {
|
||||||
err = db.db.Save(&machine2).Error
|
err = db.db.Save(&machine2).Error
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
err = db.ProcessMachineRoutes(&machine2)
|
err = db.SaveMachineRoutes(&machine2)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
err = db.enableRoutes(&machine2, prefix.String())
|
err = db.enableRoutes(&machine2, prefix.String())
|
||||||
|
@ -394,7 +394,7 @@ func (s *Suite) TestDeleteRoutes(c *check.C) {
|
||||||
}
|
}
|
||||||
db.db.Save(&machine1)
|
db.db.Save(&machine1)
|
||||||
|
|
||||||
err = db.ProcessMachineRoutes(&machine1)
|
err = db.SaveMachineRoutes(&machine1)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
err = db.enableRoutes(&machine1, prefix.String())
|
err = db.enableRoutes(&machine1, prefix.String())
|
||||||
|
|
|
@ -342,7 +342,7 @@ func (api headscaleV1APIServer) ListMachines(
|
||||||
for index, machine := range machines {
|
for index, machine := range machines {
|
||||||
m := machine.Proto()
|
m := machine.Proto()
|
||||||
validTags, invalidTags := api.h.ACLPolicy.TagsOfMachine(
|
validTags, invalidTags := api.h.ACLPolicy.TagsOfMachine(
|
||||||
machine,
|
&machine,
|
||||||
)
|
)
|
||||||
m.InvalidTags = invalidTags
|
m.InvalidTags = invalidTags
|
||||||
m.ValidTags = validTags
|
m.ValidTags = validTags
|
||||||
|
|
|
@ -39,8 +39,6 @@ const (
|
||||||
var debugDumpMapResponsePath = envknob.String("HEADSCALE_DEBUG_DUMP_MAPRESPONSE_PATH")
|
var debugDumpMapResponsePath = envknob.String("HEADSCALE_DEBUG_DUMP_MAPRESPONSE_PATH")
|
||||||
|
|
||||||
type Mapper struct {
|
type Mapper struct {
|
||||||
db *db.HSDatabase
|
|
||||||
|
|
||||||
privateKey2019 *key.MachinePrivate
|
privateKey2019 *key.MachinePrivate
|
||||||
isNoise bool
|
isNoise bool
|
||||||
|
|
||||||
|
@ -55,11 +53,16 @@ type Mapper struct {
|
||||||
uid string
|
uid string
|
||||||
created time.Time
|
created time.Time
|
||||||
seq uint64
|
seq uint64
|
||||||
|
|
||||||
|
// Map isnt concurrency safe, so we need to ensure
|
||||||
|
// only one func is accessing it over time.
|
||||||
|
mu sync.Mutex
|
||||||
|
peers map[uint64]*types.Machine
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewMapper(
|
func NewMapper(
|
||||||
machine *types.Machine,
|
machine *types.Machine,
|
||||||
db *db.HSDatabase,
|
peers types.Machines,
|
||||||
privateKey *key.MachinePrivate,
|
privateKey *key.MachinePrivate,
|
||||||
isNoise bool,
|
isNoise bool,
|
||||||
derpMap *tailcfg.DERPMap,
|
derpMap *tailcfg.DERPMap,
|
||||||
|
@ -77,8 +80,6 @@ func NewMapper(
|
||||||
uid, _ := util.GenerateRandomStringDNSSafe(mapperIDLength)
|
uid, _ := util.GenerateRandomStringDNSSafe(mapperIDLength)
|
||||||
|
|
||||||
return &Mapper{
|
return &Mapper{
|
||||||
db: db,
|
|
||||||
|
|
||||||
privateKey2019: privateKey,
|
privateKey2019: privateKey,
|
||||||
isNoise: isNoise,
|
isNoise: isNoise,
|
||||||
|
|
||||||
|
@ -91,6 +92,9 @@ func NewMapper(
|
||||||
uid: uid,
|
uid: uid,
|
||||||
created: time.Now(),
|
created: time.Now(),
|
||||||
seq: 0,
|
seq: 0,
|
||||||
|
|
||||||
|
// TODO: populate
|
||||||
|
peers: peers.IDMap(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -121,7 +125,7 @@ func fullMapResponse(
|
||||||
logtail bool,
|
logtail bool,
|
||||||
randomClientPort bool,
|
randomClientPort bool,
|
||||||
) (*tailcfg.MapResponse, error) {
|
) (*tailcfg.MapResponse, error) {
|
||||||
tailnode, err := tailNode(*machine, pol, dnsCfg, baseDomain)
|
tailnode, err := tailNode(machine, pol, dnsCfg, baseDomain)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -160,9 +164,7 @@ func fullMapResponse(
|
||||||
}
|
}
|
||||||
|
|
||||||
// Filter out peers that have expired.
|
// Filter out peers that have expired.
|
||||||
peers = lo.Filter(peers, func(item types.Machine, index int) bool {
|
peers = filterExpiredAndNotReady(peers)
|
||||||
return !item.IsExpired()
|
|
||||||
})
|
|
||||||
|
|
||||||
// If there are filter rules present, see if there are any machines that cannot
|
// If there are filter rules present, see if there are any machines that cannot
|
||||||
// access eachother at all and remove them from the peers.
|
// access eachother at all and remove them from the peers.
|
||||||
|
@ -175,7 +177,7 @@ func fullMapResponse(
|
||||||
dnsConfig := generateDNSConfig(
|
dnsConfig := generateDNSConfig(
|
||||||
dnsCfg,
|
dnsCfg,
|
||||||
baseDomain,
|
baseDomain,
|
||||||
*machine,
|
machine,
|
||||||
peers,
|
peers,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -232,7 +234,7 @@ func generateUserProfiles(
|
||||||
func generateDNSConfig(
|
func generateDNSConfig(
|
||||||
base *tailcfg.DNSConfig,
|
base *tailcfg.DNSConfig,
|
||||||
baseDomain string,
|
baseDomain string,
|
||||||
machine types.Machine,
|
machine *types.Machine,
|
||||||
peers types.Machines,
|
peers types.Machines,
|
||||||
) *tailcfg.DNSConfig {
|
) *tailcfg.DNSConfig {
|
||||||
dnsConfig := base.Clone()
|
dnsConfig := base.Clone()
|
||||||
|
@ -275,7 +277,7 @@ func generateDNSConfig(
|
||||||
//
|
//
|
||||||
// This will produce a resolver like:
|
// This will produce a resolver like:
|
||||||
// `https://dns.nextdns.io/<nextdns-id>?device_name=node-name&device_model=linux&device_ip=100.64.0.1`
|
// `https://dns.nextdns.io/<nextdns-id>?device_name=node-name&device_model=linux&device_ip=100.64.0.1`
|
||||||
func addNextDNSMetadata(resolvers []*dnstype.Resolver, machine types.Machine) {
|
func addNextDNSMetadata(resolvers []*dnstype.Resolver, machine *types.Machine) {
|
||||||
for _, resolver := range resolvers {
|
for _, resolver := range resolvers {
|
||||||
if strings.HasPrefix(resolver.Addr, nextDNSDoHPrefix) {
|
if strings.HasPrefix(resolver.Addr, nextDNSDoHPrefix) {
|
||||||
attrs := url.Values{
|
attrs := url.Values{
|
||||||
|
@ -298,20 +300,13 @@ func (m *Mapper) FullMapResponse(
|
||||||
machine *types.Machine,
|
machine *types.Machine,
|
||||||
pol *policy.ACLPolicy,
|
pol *policy.ACLPolicy,
|
||||||
) ([]byte, error) {
|
) ([]byte, error) {
|
||||||
peers, err := m.db.ListPeers(machine)
|
m.mu.Lock()
|
||||||
if err != nil {
|
defer m.mu.Unlock()
|
||||||
log.Error().
|
|
||||||
Caller().
|
|
||||||
Err(err).
|
|
||||||
Msg("Cannot fetch peers")
|
|
||||||
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
mapResponse, err := fullMapResponse(
|
mapResponse, err := fullMapResponse(
|
||||||
pol,
|
pol,
|
||||||
machine,
|
machine,
|
||||||
peers,
|
machineMapToList(m.peers),
|
||||||
m.baseDomain,
|
m.baseDomain,
|
||||||
m.dnsCfg,
|
m.dnsCfg,
|
||||||
m.derpMap,
|
m.derpMap,
|
||||||
|
@ -382,42 +377,33 @@ func (m *Mapper) DERPMapResponse(
|
||||||
func (m *Mapper) PeerChangedResponse(
|
func (m *Mapper) PeerChangedResponse(
|
||||||
mapRequest tailcfg.MapRequest,
|
mapRequest tailcfg.MapRequest,
|
||||||
machine *types.Machine,
|
machine *types.Machine,
|
||||||
machineIDs []uint64,
|
changed types.Machines,
|
||||||
pol *policy.ACLPolicy,
|
pol *policy.ACLPolicy,
|
||||||
) ([]byte, error) {
|
) ([]byte, error) {
|
||||||
|
m.mu.Lock()
|
||||||
|
defer m.mu.Unlock()
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
changed := make(types.Machines, len(machineIDs))
|
|
||||||
lastSeen := make(map[tailcfg.NodeID]bool)
|
lastSeen := make(map[tailcfg.NodeID]bool)
|
||||||
|
|
||||||
peersList, err := m.db.ListPeers(machine)
|
// Update our internal map.
|
||||||
if err != nil {
|
for _, machine := range changed {
|
||||||
return nil, err
|
m.peers[machine.ID] = machine
|
||||||
}
|
|
||||||
|
|
||||||
peers := peersList.IDMap()
|
|
||||||
|
|
||||||
for idx, machineID := range machineIDs {
|
|
||||||
changed[idx] = peers[machineID]
|
|
||||||
|
|
||||||
// We have just seen the node, let the peers update their list.
|
// We have just seen the node, let the peers update their list.
|
||||||
lastSeen[tailcfg.NodeID(machineID)] = true
|
lastSeen[tailcfg.NodeID(machine.ID)] = true
|
||||||
}
|
}
|
||||||
|
|
||||||
rules, sshPolicy, err := policy.GenerateFilterAndSSHRules(
|
rules, sshPolicy, err := policy.GenerateFilterAndSSHRules(
|
||||||
pol,
|
pol,
|
||||||
machine,
|
machine,
|
||||||
peersList,
|
machineMapToList(m.peers),
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
changed = lo.Filter(changed, func(item types.Machine, index int) bool {
|
changed = filterExpiredAndNotReady(changed)
|
||||||
// Filter out nodes that are expired OR
|
|
||||||
// nodes that has no endpoints, this typically means they have
|
|
||||||
// registered, but are not configured.
|
|
||||||
return !item.IsExpired() || len(item.Endpoints) > 0
|
|
||||||
})
|
|
||||||
|
|
||||||
// If there are filter rules present, see if there are any machines that cannot
|
// If there are filter rules present, see if there are any machines that cannot
|
||||||
// access eachother at all and remove them from the changed.
|
// access eachother at all and remove them from the changed.
|
||||||
|
@ -449,6 +435,14 @@ func (m *Mapper) PeerRemovedResponse(
|
||||||
machine *types.Machine,
|
machine *types.Machine,
|
||||||
removed []tailcfg.NodeID,
|
removed []tailcfg.NodeID,
|
||||||
) ([]byte, error) {
|
) ([]byte, error) {
|
||||||
|
m.mu.Lock()
|
||||||
|
defer m.mu.Unlock()
|
||||||
|
|
||||||
|
// remove from our internal map
|
||||||
|
for _, id := range removed {
|
||||||
|
delete(m.peers, uint64(id))
|
||||||
|
}
|
||||||
|
|
||||||
resp := m.baseMapResponse(machine)
|
resp := m.baseMapResponse(machine)
|
||||||
resp.PeersRemoved = removed
|
resp.PeersRemoved = removed
|
||||||
|
|
||||||
|
@ -604,3 +598,22 @@ func (m *Mapper) baseMapResponse(_ *types.Machine) tailcfg.MapResponse {
|
||||||
|
|
||||||
return resp
|
return resp
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func machineMapToList(machines map[uint64]*types.Machine) types.Machines {
|
||||||
|
ret := make(types.Machines, 0)
|
||||||
|
|
||||||
|
for _, machine := range machines {
|
||||||
|
ret = append(ret, machine)
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret
|
||||||
|
}
|
||||||
|
|
||||||
|
func filterExpiredAndNotReady(peers types.Machines) types.Machines {
|
||||||
|
return lo.Filter(peers, func(item *types.Machine, index int) bool {
|
||||||
|
// Filter out nodes that are expired OR
|
||||||
|
// nodes that has no endpoints, this typically means they have
|
||||||
|
// registered, but are not configured.
|
||||||
|
return !item.IsExpired() || len(item.Endpoints) > 0
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
|
@ -18,8 +18,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *Suite) TestGetMapResponseUserProfiles(c *check.C) {
|
func (s *Suite) TestGetMapResponseUserProfiles(c *check.C) {
|
||||||
mach := func(hostname, username string, userid uint) types.Machine {
|
mach := func(hostname, username string, userid uint) *types.Machine {
|
||||||
return types.Machine{
|
return &types.Machine{
|
||||||
Hostname: hostname,
|
Hostname: hostname,
|
||||||
UserID: userid,
|
UserID: userid,
|
||||||
User: types.User{
|
User: types.User{
|
||||||
|
@ -34,7 +34,7 @@ func (s *Suite) TestGetMapResponseUserProfiles(c *check.C) {
|
||||||
machine2InShared1 := mach("test_get_shared_nodes_4", "user1", 1)
|
machine2InShared1 := mach("test_get_shared_nodes_4", "user1", 1)
|
||||||
|
|
||||||
userProfiles := generateUserProfiles(
|
userProfiles := generateUserProfiles(
|
||||||
&machineInShared1,
|
machineInShared1,
|
||||||
types.Machines{
|
types.Machines{
|
||||||
machineInShared2, machineInShared3, machine2InShared1,
|
machineInShared2, machineInShared3, machine2InShared1,
|
||||||
},
|
},
|
||||||
|
@ -91,8 +91,8 @@ func TestDNSConfigMapResponse(t *testing.T) {
|
||||||
|
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(fmt.Sprintf("with-magicdns-%v", tt.magicDNS), func(t *testing.T) {
|
t.Run(fmt.Sprintf("with-magicdns-%v", tt.magicDNS), func(t *testing.T) {
|
||||||
mach := func(hostname, username string, userid uint) types.Machine {
|
mach := func(hostname, username string, userid uint) *types.Machine {
|
||||||
return types.Machine{
|
return &types.Machine{
|
||||||
Hostname: hostname,
|
Hostname: hostname,
|
||||||
UserID: userid,
|
UserID: userid,
|
||||||
User: types.User{
|
User: types.User{
|
||||||
|
@ -243,7 +243,7 @@ func Test_fullMapResponse(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
peer1 := types.Machine{
|
peer1 := &types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
MachineKey: "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
MachineKey: "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
||||||
NodeKey: "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
NodeKey: "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
||||||
|
@ -295,7 +295,7 @@ func Test_fullMapResponse(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
peer2 := types.Machine{
|
peer2 := &types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
MachineKey: "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
MachineKey: "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
||||||
NodeKey: "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
NodeKey: "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
||||||
|
@ -341,7 +341,7 @@ func Test_fullMapResponse(t *testing.T) {
|
||||||
name: "no-pol-no-peers-map-response",
|
name: "no-pol-no-peers-map-response",
|
||||||
pol: &policy.ACLPolicy{},
|
pol: &policy.ACLPolicy{},
|
||||||
machine: mini,
|
machine: mini,
|
||||||
peers: []types.Machine{},
|
peers: types.Machines{},
|
||||||
baseDomain: "",
|
baseDomain: "",
|
||||||
dnsConfig: &tailcfg.DNSConfig{},
|
dnsConfig: &tailcfg.DNSConfig{},
|
||||||
derpMap: &tailcfg.DERPMap{},
|
derpMap: &tailcfg.DERPMap{},
|
||||||
|
@ -369,7 +369,7 @@ func Test_fullMapResponse(t *testing.T) {
|
||||||
name: "no-pol-with-peer-map-response",
|
name: "no-pol-with-peer-map-response",
|
||||||
pol: &policy.ACLPolicy{},
|
pol: &policy.ACLPolicy{},
|
||||||
machine: mini,
|
machine: mini,
|
||||||
peers: []types.Machine{
|
peers: types.Machines{
|
||||||
peer1,
|
peer1,
|
||||||
},
|
},
|
||||||
baseDomain: "",
|
baseDomain: "",
|
||||||
|
@ -410,7 +410,7 @@ func Test_fullMapResponse(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
machine: mini,
|
machine: mini,
|
||||||
peers: []types.Machine{
|
peers: types.Machines{
|
||||||
peer1,
|
peer1,
|
||||||
peer2,
|
peer2,
|
||||||
},
|
},
|
||||||
|
|
|
@ -41,7 +41,7 @@ func tailNodes(
|
||||||
// tailNode converts a Machine into a Tailscale Node. includeRoutes is false for shared nodes
|
// tailNode converts a Machine into a Tailscale Node. includeRoutes is false for shared nodes
|
||||||
// as per the expected behaviour in the official SaaS.
|
// as per the expected behaviour in the official SaaS.
|
||||||
func tailNode(
|
func tailNode(
|
||||||
machine types.Machine,
|
machine *types.Machine,
|
||||||
pol *policy.ACLPolicy,
|
pol *policy.ACLPolicy,
|
||||||
dnsConfig *tailcfg.DNSConfig,
|
dnsConfig *tailcfg.DNSConfig,
|
||||||
baseDomain string,
|
baseDomain string,
|
||||||
|
|
|
@ -45,7 +45,7 @@ func TestTailNode(t *testing.T) {
|
||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
machine types.Machine
|
machine *types.Machine
|
||||||
pol *policy.ACLPolicy
|
pol *policy.ACLPolicy
|
||||||
dnsConfig *tailcfg.DNSConfig
|
dnsConfig *tailcfg.DNSConfig
|
||||||
baseDomain string
|
baseDomain string
|
||||||
|
@ -54,7 +54,7 @@ func TestTailNode(t *testing.T) {
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
name: "empty-machine",
|
name: "empty-machine",
|
||||||
machine: types.Machine{},
|
machine: &types.Machine{},
|
||||||
pol: &policy.ACLPolicy{},
|
pol: &policy.ACLPolicy{},
|
||||||
dnsConfig: &tailcfg.DNSConfig{},
|
dnsConfig: &tailcfg.DNSConfig{},
|
||||||
baseDomain: "",
|
baseDomain: "",
|
||||||
|
@ -63,7 +63,7 @@ func TestTailNode(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "minimal-machine",
|
name: "minimal-machine",
|
||||||
machine: types.Machine{
|
machine: &types.Machine{
|
||||||
ID: 0,
|
ID: 0,
|
||||||
MachineKey: "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
MachineKey: "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
|
||||||
NodeKey: "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
NodeKey: "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
|
||||||
|
|
|
@ -157,7 +157,7 @@ func (pol *ACLPolicy) generateFilterRules(
|
||||||
peers types.Machines,
|
peers types.Machines,
|
||||||
) ([]tailcfg.FilterRule, error) {
|
) ([]tailcfg.FilterRule, error) {
|
||||||
rules := []tailcfg.FilterRule{}
|
rules := []tailcfg.FilterRule{}
|
||||||
machines := append(peers, *machine)
|
machines := append(peers, machine)
|
||||||
|
|
||||||
for index, acl := range pol.ACLs {
|
for index, acl := range pol.ACLs {
|
||||||
if acl.Action != "accept" {
|
if acl.Action != "accept" {
|
||||||
|
@ -293,7 +293,7 @@ func (pol *ACLPolicy) generateSSHRules(
|
||||||
for index, sshACL := range pol.SSHs {
|
for index, sshACL := range pol.SSHs {
|
||||||
var dest netipx.IPSetBuilder
|
var dest netipx.IPSetBuilder
|
||||||
for _, src := range sshACL.Destinations {
|
for _, src := range sshACL.Destinations {
|
||||||
expanded, err := pol.ExpandAlias(append(peers, *machine), src)
|
expanded, err := pol.ExpandAlias(append(peers, machine), src)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -875,7 +875,7 @@ func isTag(str string) bool {
|
||||||
// Invalid tags are tags added by a user on a node, and that user doesn't have authority to add this tag.
|
// Invalid tags are tags added by a user on a node, and that user doesn't have authority to add this tag.
|
||||||
// Valid tags are tags added by a user that is allowed in the ACL policy to add this tag.
|
// Valid tags are tags added by a user that is allowed in the ACL policy to add this tag.
|
||||||
func (pol *ACLPolicy) TagsOfMachine(
|
func (pol *ACLPolicy) TagsOfMachine(
|
||||||
machine types.Machine,
|
machine *types.Machine,
|
||||||
) ([]string, []string) {
|
) ([]string, []string) {
|
||||||
validTags := make([]string, 0)
|
validTags := make([]string, 0)
|
||||||
invalidTags := make([]string, 0)
|
invalidTags := make([]string, 0)
|
||||||
|
@ -935,7 +935,7 @@ func FilterMachinesByACL(
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if machine.CanAccess(filter, &machines[index]) || peer.CanAccess(filter, machine) {
|
if machine.CanAccess(filter, machines[index]) || peer.CanAccess(filter, machine) {
|
||||||
result = append(result, peer)
|
result = append(result, peer)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -394,7 +394,7 @@ acls:
|
||||||
netip.MustParseAddr("100.100.100.100"),
|
netip.MustParseAddr("100.100.100.100"),
|
||||||
},
|
},
|
||||||
}, types.Machines{
|
}, types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("200.200.200.200"),
|
netip.MustParseAddr("200.200.200.200"),
|
||||||
},
|
},
|
||||||
|
@ -909,38 +909,38 @@ func Test_listMachinesInUser(t *testing.T) {
|
||||||
name: "1 machine in user",
|
name: "1 machine in user",
|
||||||
args: args{
|
args: args{
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{User: types.User{Name: "joe"}},
|
&types.Machine{User: types.User{Name: "joe"}},
|
||||||
},
|
},
|
||||||
user: "joe",
|
user: "joe",
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{User: types.User{Name: "joe"}},
|
&types.Machine{User: types.User{Name: "joe"}},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "3 machines, 2 in user",
|
name: "3 machines, 2 in user",
|
||||||
args: args{
|
args: args{
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{ID: 1, User: types.User{Name: "joe"}},
|
&types.Machine{ID: 1, User: types.User{Name: "joe"}},
|
||||||
types.Machine{ID: 2, User: types.User{Name: "marc"}},
|
&types.Machine{ID: 2, User: types.User{Name: "marc"}},
|
||||||
types.Machine{ID: 3, User: types.User{Name: "marc"}},
|
&types.Machine{ID: 3, User: types.User{Name: "marc"}},
|
||||||
},
|
},
|
||||||
user: "marc",
|
user: "marc",
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{ID: 2, User: types.User{Name: "marc"}},
|
&types.Machine{ID: 2, User: types.User{Name: "marc"}},
|
||||||
types.Machine{ID: 3, User: types.User{Name: "marc"}},
|
&types.Machine{ID: 3, User: types.User{Name: "marc"}},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "5 machines, 0 in user",
|
name: "5 machines, 0 in user",
|
||||||
args: args{
|
args: args{
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{ID: 1, User: types.User{Name: "joe"}},
|
&types.Machine{ID: 1, User: types.User{Name: "joe"}},
|
||||||
types.Machine{ID: 2, User: types.User{Name: "marc"}},
|
&types.Machine{ID: 2, User: types.User{Name: "marc"}},
|
||||||
types.Machine{ID: 3, User: types.User{Name: "marc"}},
|
&types.Machine{ID: 3, User: types.User{Name: "marc"}},
|
||||||
types.Machine{ID: 4, User: types.User{Name: "marc"}},
|
&types.Machine{ID: 4, User: types.User{Name: "marc"}},
|
||||||
types.Machine{ID: 5, User: types.User{Name: "marc"}},
|
&types.Machine{ID: 5, User: types.User{Name: "marc"}},
|
||||||
},
|
},
|
||||||
user: "mickael",
|
user: "mickael",
|
||||||
},
|
},
|
||||||
|
@ -998,10 +998,10 @@ func Test_expandAlias(t *testing.T) {
|
||||||
args: args{
|
args: args{
|
||||||
alias: "*",
|
alias: "*",
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.1")},
|
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.1")},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.78.84.227"),
|
netip.MustParseAddr("100.78.84.227"),
|
||||||
},
|
},
|
||||||
|
@ -1024,25 +1024,25 @@ func Test_expandAlias(t *testing.T) {
|
||||||
args: args{
|
args: args{
|
||||||
alias: "group:accountant",
|
alias: "group:accountant",
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1065,25 +1065,25 @@ func Test_expandAlias(t *testing.T) {
|
||||||
args: args{
|
args: args{
|
||||||
alias: "group:hr",
|
alias: "group:hr",
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1130,7 +1130,7 @@ func Test_expandAlias(t *testing.T) {
|
||||||
args: args{
|
args: args{
|
||||||
alias: "10.0.0.1",
|
alias: "10.0.0.1",
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("10.0.0.1"),
|
netip.MustParseAddr("10.0.0.1"),
|
||||||
},
|
},
|
||||||
|
@ -1151,7 +1151,7 @@ func Test_expandAlias(t *testing.T) {
|
||||||
args: args{
|
args: args{
|
||||||
alias: "10.0.0.1",
|
alias: "10.0.0.1",
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("10.0.0.1"),
|
netip.MustParseAddr("10.0.0.1"),
|
||||||
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
|
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
|
||||||
|
@ -1173,7 +1173,7 @@ func Test_expandAlias(t *testing.T) {
|
||||||
args: args{
|
args: args{
|
||||||
alias: "fd7a:115c:a1e0:ab12:4843:2222:6273:2222",
|
alias: "fd7a:115c:a1e0:ab12:4843:2222:6273:2222",
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("10.0.0.1"),
|
netip.MustParseAddr("10.0.0.1"),
|
||||||
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
|
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
|
||||||
|
@ -1242,7 +1242,7 @@ func Test_expandAlias(t *testing.T) {
|
||||||
args: args{
|
args: args{
|
||||||
alias: "tag:hr-webserver",
|
alias: "tag:hr-webserver",
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
|
@ -1253,7 +1253,7 @@ func Test_expandAlias(t *testing.T) {
|
||||||
RequestTags: []string{"tag:hr-webserver"},
|
RequestTags: []string{"tag:hr-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
|
@ -1264,13 +1264,13 @@ func Test_expandAlias(t *testing.T) {
|
||||||
RequestTags: []string{"tag:hr-webserver"},
|
RequestTags: []string{"tag:hr-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1296,25 +1296,25 @@ func Test_expandAlias(t *testing.T) {
|
||||||
args: args{
|
args: args{
|
||||||
alias: "tag:hr-webserver",
|
alias: "tag:hr-webserver",
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1333,27 +1333,27 @@ func Test_expandAlias(t *testing.T) {
|
||||||
args: args{
|
args: args{
|
||||||
alias: "tag:hr-webserver",
|
alias: "tag:hr-webserver",
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
ForcedTags: []string{"tag:hr-webserver"},
|
ForcedTags: []string{"tag:hr-webserver"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
ForcedTags: []string{"tag:hr-webserver"},
|
ForcedTags: []string{"tag:hr-webserver"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1376,14 +1376,14 @@ func Test_expandAlias(t *testing.T) {
|
||||||
args: args{
|
args: args{
|
||||||
alias: "tag:hr-webserver",
|
alias: "tag:hr-webserver",
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
ForcedTags: []string{"tag:hr-webserver"},
|
ForcedTags: []string{"tag:hr-webserver"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
|
@ -1394,13 +1394,13 @@ func Test_expandAlias(t *testing.T) {
|
||||||
RequestTags: []string{"tag:hr-webserver"},
|
RequestTags: []string{"tag:hr-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1421,7 +1421,7 @@ func Test_expandAlias(t *testing.T) {
|
||||||
args: args{
|
args: args{
|
||||||
alias: "joe",
|
alias: "joe",
|
||||||
machines: types.Machines{
|
machines: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
|
@ -1432,7 +1432,7 @@ func Test_expandAlias(t *testing.T) {
|
||||||
RequestTags: []string{"tag:accountant-webserver"},
|
RequestTags: []string{"tag:accountant-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
|
@ -1443,13 +1443,13 @@ func Test_expandAlias(t *testing.T) {
|
||||||
RequestTags: []string{"tag:accountant-webserver"},
|
RequestTags: []string{"tag:accountant-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1498,7 +1498,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
TagOwners: TagOwners{"tag:accountant-webserver": []string{"joe"}},
|
TagOwners: TagOwners{"tag:accountant-webserver": []string{"joe"}},
|
||||||
},
|
},
|
||||||
nodes: types.Machines{
|
nodes: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
|
@ -1509,7 +1509,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
RequestTags: []string{"tag:accountant-webserver"},
|
RequestTags: []string{"tag:accountant-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
|
@ -1520,7 +1520,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
RequestTags: []string{"tag:accountant-webserver"},
|
RequestTags: []string{"tag:accountant-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1530,7 +1530,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
user: "joe",
|
user: "joe",
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.4")},
|
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.4")},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
|
@ -1548,7 +1548,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
nodes: types.Machines{
|
nodes: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
|
@ -1559,7 +1559,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
RequestTags: []string{"tag:accountant-webserver"},
|
RequestTags: []string{"tag:accountant-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
|
@ -1570,7 +1570,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
RequestTags: []string{"tag:accountant-webserver"},
|
RequestTags: []string{"tag:accountant-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1580,7 +1580,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
user: "joe",
|
user: "joe",
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.4")},
|
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.4")},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
|
@ -1593,7 +1593,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
TagOwners: TagOwners{"tag:accountant-webserver": []string{"joe"}},
|
TagOwners: TagOwners{"tag:accountant-webserver": []string{"joe"}},
|
||||||
},
|
},
|
||||||
nodes: types.Machines{
|
nodes: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
|
@ -1604,14 +1604,14 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
RequestTags: []string{"tag:accountant-webserver"},
|
RequestTags: []string{"tag:accountant-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
ForcedTags: []string{"tag:accountant-webserver"},
|
ForcedTags: []string{"tag:accountant-webserver"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1621,7 +1621,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
user: "joe",
|
user: "joe",
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.4")},
|
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.4")},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
|
@ -1634,7 +1634,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
TagOwners: TagOwners{"tag:accountant-webserver": []string{"joe"}},
|
TagOwners: TagOwners{"tag:accountant-webserver": []string{"joe"}},
|
||||||
},
|
},
|
||||||
nodes: types.Machines{
|
nodes: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
|
@ -1645,7 +1645,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
RequestTags: []string{"tag:hr-webserver"},
|
RequestTags: []string{"tag:hr-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
|
@ -1656,7 +1656,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
RequestTags: []string{"tag:hr-webserver"},
|
RequestTags: []string{"tag:hr-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1666,7 +1666,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
user: "joe",
|
user: "joe",
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
|
@ -1677,7 +1677,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
RequestTags: []string{"tag:hr-webserver"},
|
RequestTags: []string{"tag:hr-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
|
@ -1688,7 +1688,7 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
|
||||||
RequestTags: []string{"tag:hr-webserver"},
|
RequestTags: []string{"tag:hr-webserver"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.4"),
|
netip.MustParseAddr("100.64.0.4"),
|
||||||
},
|
},
|
||||||
|
@ -1716,7 +1716,7 @@ func TestACLPolicy_generateFilterRules(t *testing.T) {
|
||||||
pol ACLPolicy
|
pol ACLPolicy
|
||||||
}
|
}
|
||||||
type args struct {
|
type args struct {
|
||||||
machine types.Machine
|
machine *types.Machine
|
||||||
peers types.Machines
|
peers types.Machines
|
||||||
}
|
}
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
|
@ -1747,7 +1747,7 @@ func TestACLPolicy_generateFilterRules(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
args: args{
|
args: args{
|
||||||
machine: types.Machine{
|
machine: &types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2221"),
|
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2221"),
|
||||||
|
@ -1792,7 +1792,7 @@ func TestACLPolicy_generateFilterRules(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
args: args{
|
args: args{
|
||||||
machine: types.Machine{
|
machine: &types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2221"),
|
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2221"),
|
||||||
|
@ -1800,7 +1800,7 @@ func TestACLPolicy_generateFilterRules(t *testing.T) {
|
||||||
User: types.User{Name: "mickael"},
|
User: types.User{Name: "mickael"},
|
||||||
},
|
},
|
||||||
peers: types.Machines{
|
peers: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
|
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
|
||||||
|
@ -1839,7 +1839,7 @@ func TestACLPolicy_generateFilterRules(t *testing.T) {
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
got, err := tt.field.pol.generateFilterRules(
|
got, err := tt.field.pol.generateFilterRules(
|
||||||
&tt.args.machine,
|
tt.args.machine,
|
||||||
tt.args.peers,
|
tt.args.peers,
|
||||||
)
|
)
|
||||||
if (err != nil) != tt.wantErr {
|
if (err != nil) != tt.wantErr {
|
||||||
|
@ -1859,7 +1859,7 @@ func TestACLPolicy_generateFilterRules(t *testing.T) {
|
||||||
func TestReduceFilterRules(t *testing.T) {
|
func TestReduceFilterRules(t *testing.T) {
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
machine types.Machine
|
machine *types.Machine
|
||||||
peers types.Machines
|
peers types.Machines
|
||||||
pol ACLPolicy
|
pol ACLPolicy
|
||||||
want []tailcfg.FilterRule
|
want []tailcfg.FilterRule
|
||||||
|
@ -1875,7 +1875,7 @@ func TestReduceFilterRules(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
machine: types.Machine{
|
machine: &types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2221"),
|
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2221"),
|
||||||
|
@ -1883,7 +1883,7 @@ func TestReduceFilterRules(t *testing.T) {
|
||||||
User: types.User{Name: "mickael"},
|
User: types.User{Name: "mickael"},
|
||||||
},
|
},
|
||||||
peers: types.Machines{
|
peers: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
|
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
|
||||||
|
@ -1898,11 +1898,11 @@ func TestReduceFilterRules(t *testing.T) {
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
rules, _ := tt.pol.generateFilterRules(
|
rules, _ := tt.pol.generateFilterRules(
|
||||||
&tt.machine,
|
tt.machine,
|
||||||
tt.peers,
|
tt.peers,
|
||||||
)
|
)
|
||||||
|
|
||||||
got := ReduceFilterRules(&tt.machine, rules)
|
got := ReduceFilterRules(tt.machine, rules)
|
||||||
|
|
||||||
if diff := cmp.Diff(tt.want, got); diff != "" {
|
if diff := cmp.Diff(tt.want, got); diff != "" {
|
||||||
log.Trace().Interface("got", got).Msg("result")
|
log.Trace().Interface("got", got).Msg("result")
|
||||||
|
@ -1915,7 +1915,7 @@ func TestReduceFilterRules(t *testing.T) {
|
||||||
func Test_getTags(t *testing.T) {
|
func Test_getTags(t *testing.T) {
|
||||||
type args struct {
|
type args struct {
|
||||||
aclPolicy *ACLPolicy
|
aclPolicy *ACLPolicy
|
||||||
machine types.Machine
|
machine *types.Machine
|
||||||
}
|
}
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
|
@ -1931,7 +1931,7 @@ func Test_getTags(t *testing.T) {
|
||||||
"tag:valid": []string{"joe"},
|
"tag:valid": []string{"joe"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
machine: types.Machine{
|
machine: &types.Machine{
|
||||||
User: types.User{
|
User: types.User{
|
||||||
Name: "joe",
|
Name: "joe",
|
||||||
},
|
},
|
||||||
|
@ -1951,7 +1951,7 @@ func Test_getTags(t *testing.T) {
|
||||||
"tag:valid": []string{"joe"},
|
"tag:valid": []string{"joe"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
machine: types.Machine{
|
machine: &types.Machine{
|
||||||
User: types.User{
|
User: types.User{
|
||||||
Name: "joe",
|
Name: "joe",
|
||||||
},
|
},
|
||||||
|
@ -1971,7 +1971,7 @@ func Test_getTags(t *testing.T) {
|
||||||
"tag:valid": []string{"joe"},
|
"tag:valid": []string{"joe"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
machine: types.Machine{
|
machine: &types.Machine{
|
||||||
User: types.User{
|
User: types.User{
|
||||||
Name: "joe",
|
Name: "joe",
|
||||||
},
|
},
|
||||||
|
@ -1995,7 +1995,7 @@ func Test_getTags(t *testing.T) {
|
||||||
"tag:valid": []string{"joe"},
|
"tag:valid": []string{"joe"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
machine: types.Machine{
|
machine: &types.Machine{
|
||||||
User: types.User{
|
User: types.User{
|
||||||
Name: "joe",
|
Name: "joe",
|
||||||
},
|
},
|
||||||
|
@ -2011,7 +2011,7 @@ func Test_getTags(t *testing.T) {
|
||||||
name: "empty ACLPolicy should return empty tags and should not panic",
|
name: "empty ACLPolicy should return empty tags and should not panic",
|
||||||
args: args{
|
args: args{
|
||||||
aclPolicy: &ACLPolicy{},
|
aclPolicy: &ACLPolicy{},
|
||||||
machine: types.Machine{
|
machine: &types.Machine{
|
||||||
User: types.User{
|
User: types.User{
|
||||||
Name: "joe",
|
Name: "joe",
|
||||||
},
|
},
|
||||||
|
@ -2074,21 +2074,21 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
name: "all hosts can talk to each other",
|
name: "all hosts can talk to each other",
|
||||||
args: args{
|
args: args{
|
||||||
machines: types.Machines{ // list of all machines in the database
|
machines: types.Machines{ // list of all machines in the database
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
|
@ -2111,12 +2111,12 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.2")},
|
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.2")},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.3")},
|
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.3")},
|
||||||
User: types.User{Name: "mickael"},
|
User: types.User{Name: "mickael"},
|
||||||
|
@ -2127,21 +2127,21 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
name: "One host can talk to another, but not all hosts",
|
name: "One host can talk to another, but not all hosts",
|
||||||
args: args{
|
args: args{
|
||||||
machines: types.Machines{ // list of all machines in the database
|
machines: types.Machines{ // list of all machines in the database
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
|
@ -2164,7 +2164,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.2")},
|
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.2")},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
|
@ -2175,21 +2175,21 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
name: "host cannot directly talk to destination, but return path is authorized",
|
name: "host cannot directly talk to destination, but return path is authorized",
|
||||||
args: args{
|
args: args{
|
||||||
machines: types.Machines{ // list of all machines in the database
|
machines: types.Machines{ // list of all machines in the database
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
|
@ -2212,7 +2212,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.3")},
|
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.3")},
|
||||||
User: types.User{Name: "mickael"},
|
User: types.User{Name: "mickael"},
|
||||||
|
@ -2223,21 +2223,21 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
name: "rules allows all hosts to reach one destination",
|
name: "rules allows all hosts to reach one destination",
|
||||||
args: args{
|
args: args{
|
||||||
machines: types.Machines{ // list of all machines in the database
|
machines: types.Machines{ // list of all machines in the database
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
|
@ -2262,7 +2262,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
|
@ -2275,21 +2275,21 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
name: "rules allows all hosts to reach one destination, destination can reach all hosts",
|
name: "rules allows all hosts to reach one destination, destination can reach all hosts",
|
||||||
args: args{
|
args: args{
|
||||||
machines: types.Machines{ // list of all machines in the database
|
machines: types.Machines{ // list of all machines in the database
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
|
@ -2314,14 +2314,14 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
|
@ -2334,21 +2334,21 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
name: "rule allows all hosts to reach all destinations",
|
name: "rule allows all hosts to reach all destinations",
|
||||||
args: args{
|
args: args{
|
||||||
machines: types.Machines{ // list of all machines in the database
|
machines: types.Machines{ // list of all machines in the database
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
|
@ -2371,14 +2371,14 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.3")},
|
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.3")},
|
||||||
User: types.User{Name: "mickael"},
|
User: types.User{Name: "mickael"},
|
||||||
|
@ -2389,21 +2389,21 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
name: "without rule all communications are forbidden",
|
name: "without rule all communications are forbidden",
|
||||||
args: args{
|
args: args{
|
||||||
machines: types.Machines{ // list of all machines in the database
|
machines: types.Machines{ // list of all machines in the database
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.1"),
|
netip.MustParseAddr("100.64.0.1"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "joe"},
|
User: types.User{Name: "joe"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.2"),
|
netip.MustParseAddr("100.64.0.2"),
|
||||||
},
|
},
|
||||||
User: types.User{Name: "marc"},
|
User: types.User{Name: "marc"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
netip.MustParseAddr("100.64.0.3"),
|
netip.MustParseAddr("100.64.0.3"),
|
||||||
|
@ -2429,7 +2429,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
name: "issue-699-broken-star",
|
name: "issue-699-broken-star",
|
||||||
args: args{
|
args: args{
|
||||||
machines: types.Machines{ //
|
machines: types.Machines{ //
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
Hostname: "ts-head-upcrmb",
|
Hostname: "ts-head-upcrmb",
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
|
@ -2438,7 +2438,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
},
|
},
|
||||||
User: types.User{Name: "user1"},
|
User: types.User{Name: "user1"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
Hostname: "ts-unstable-rlwpvr",
|
Hostname: "ts-unstable-rlwpvr",
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
|
@ -2447,7 +2447,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
},
|
},
|
||||||
User: types.User{Name: "user1"},
|
User: types.User{Name: "user1"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 3,
|
ID: 3,
|
||||||
Hostname: "ts-head-8w6paa",
|
Hostname: "ts-head-8w6paa",
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
|
@ -2456,7 +2456,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
},
|
},
|
||||||
User: types.User{Name: "user2"},
|
User: types.User{Name: "user2"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 4,
|
ID: 4,
|
||||||
Hostname: "ts-unstable-lys2ib",
|
Hostname: "ts-unstable-lys2ib",
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
|
@ -2491,7 +2491,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
want: types.Machines{
|
want: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
Hostname: "ts-head-upcrmb",
|
Hostname: "ts-head-upcrmb",
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
|
@ -2500,7 +2500,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
},
|
},
|
||||||
User: types.User{Name: "user1"},
|
User: types.User{Name: "user1"},
|
||||||
},
|
},
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
Hostname: "ts-unstable-rlwpvr",
|
Hostname: "ts-unstable-rlwpvr",
|
||||||
IPAddresses: types.MachineAddresses{
|
IPAddresses: types.MachineAddresses{
|
||||||
|
@ -2514,7 +2514,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "failing-edge-case-during-p3-refactor",
|
name: "failing-edge-case-during-p3-refactor",
|
||||||
args: args{
|
args: args{
|
||||||
machines: []types.Machine{
|
machines: []*types.Machine{
|
||||||
{
|
{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
||||||
|
@ -2544,7 +2544,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
User: types.User{Name: "mini"},
|
User: types.User{Name: "mini"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
want: []types.Machine{
|
want: []*types.Machine{
|
||||||
{
|
{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")},
|
||||||
|
@ -2556,7 +2556,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "p4-host-in-netmap-user2-dest-bug",
|
name: "p4-host-in-netmap-user2-dest-bug",
|
||||||
args: args{
|
args: args{
|
||||||
machines: []types.Machine{
|
machines: []*types.Machine{
|
||||||
{
|
{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
||||||
|
@ -2613,7 +2613,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
User: types.User{Name: "user2"},
|
User: types.User{Name: "user2"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
want: []types.Machine{
|
want: []*types.Machine{
|
||||||
{
|
{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
||||||
|
@ -2637,7 +2637,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "p4-host-in-netmap-user1-dest-bug",
|
name: "p4-host-in-netmap-user1-dest-bug",
|
||||||
args: args{
|
args: args{
|
||||||
machines: []types.Machine{
|
machines: []*types.Machine{
|
||||||
{
|
{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
||||||
|
@ -2694,7 +2694,7 @@ func Test_getFilteredByACLPeers(t *testing.T) {
|
||||||
User: types.User{Name: "user1"},
|
User: types.User{Name: "user1"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
want: []types.Machine{
|
want: []*types.Machine{
|
||||||
{
|
{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
||||||
|
@ -2749,7 +2749,7 @@ func TestSSHRules(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
peers: types.Machines{
|
peers: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
Hostname: "testmachine2",
|
Hostname: "testmachine2",
|
||||||
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.1")},
|
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.0.1")},
|
||||||
UserID: 0,
|
UserID: 0,
|
||||||
|
@ -2857,7 +2857,7 @@ func TestSSHRules(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
peers: types.Machines{
|
peers: types.Machines{
|
||||||
types.Machine{
|
&types.Machine{
|
||||||
Hostname: "testmachine2",
|
Hostname: "testmachine2",
|
||||||
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.99.42")},
|
IPAddresses: types.MachineAddresses{netip.MustParseAddr("100.64.99.42")},
|
||||||
UserID: 0,
|
UserID: 0,
|
||||||
|
@ -2984,7 +2984,7 @@ func TestValidExpandTagOwnersInSources(t *testing.T) {
|
||||||
RequestTags: []string{"tag:test"},
|
RequestTags: []string{"tag:test"},
|
||||||
}
|
}
|
||||||
|
|
||||||
machine := types.Machine{
|
machine := &types.Machine{
|
||||||
ID: 0,
|
ID: 0,
|
||||||
MachineKey: "foo",
|
MachineKey: "foo",
|
||||||
NodeKey: "bar",
|
NodeKey: "bar",
|
||||||
|
@ -3011,7 +3011,7 @@ func TestValidExpandTagOwnersInSources(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
got, _, err := GenerateFilterAndSSHRules(pol, &machine, types.Machines{})
|
got, _, err := GenerateFilterAndSSHRules(pol, machine, types.Machines{})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
want := []tailcfg.FilterRule{
|
want := []tailcfg.FilterRule{
|
||||||
|
@ -3039,7 +3039,7 @@ func TestInvalidTagValidUser(t *testing.T) {
|
||||||
RequestTags: []string{"tag:foo"},
|
RequestTags: []string{"tag:foo"},
|
||||||
}
|
}
|
||||||
|
|
||||||
machine := types.Machine{
|
machine := &types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
MachineKey: "12345",
|
MachineKey: "12345",
|
||||||
NodeKey: "bar",
|
NodeKey: "bar",
|
||||||
|
@ -3065,7 +3065,7 @@ func TestInvalidTagValidUser(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
got, _, err := GenerateFilterAndSSHRules(pol, &machine, types.Machines{})
|
got, _, err := GenerateFilterAndSSHRules(pol, machine, types.Machines{})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
want := []tailcfg.FilterRule{
|
want := []tailcfg.FilterRule{
|
||||||
|
@ -3093,7 +3093,7 @@ func TestValidExpandTagOwnersInDestinations(t *testing.T) {
|
||||||
RequestTags: []string{"tag:test"},
|
RequestTags: []string{"tag:test"},
|
||||||
}
|
}
|
||||||
|
|
||||||
machine := types.Machine{
|
machine := &types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
MachineKey: "12345",
|
MachineKey: "12345",
|
||||||
NodeKey: "bar",
|
NodeKey: "bar",
|
||||||
|
@ -3127,7 +3127,7 @@ func TestValidExpandTagOwnersInDestinations(t *testing.T) {
|
||||||
// c.Assert(rules[0].DstPorts, check.HasLen, 1)
|
// c.Assert(rules[0].DstPorts, check.HasLen, 1)
|
||||||
// c.Assert(rules[0].DstPorts[0].IP, check.Equals, "100.64.0.1/32")
|
// c.Assert(rules[0].DstPorts[0].IP, check.Equals, "100.64.0.1/32")
|
||||||
|
|
||||||
got, _, err := GenerateFilterAndSSHRules(pol, &machine, types.Machines{})
|
got, _, err := GenerateFilterAndSSHRules(pol, machine, types.Machines{})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
want := []tailcfg.FilterRule{
|
want := []tailcfg.FilterRule{
|
||||||
|
@ -3157,7 +3157,7 @@ func TestValidTagInvalidUser(t *testing.T) {
|
||||||
RequestTags: []string{"tag:webapp"},
|
RequestTags: []string{"tag:webapp"},
|
||||||
}
|
}
|
||||||
|
|
||||||
machine := types.Machine{
|
machine := &types.Machine{
|
||||||
ID: 1,
|
ID: 1,
|
||||||
MachineKey: "12345",
|
MachineKey: "12345",
|
||||||
NodeKey: "bar",
|
NodeKey: "bar",
|
||||||
|
@ -3177,7 +3177,7 @@ func TestValidTagInvalidUser(t *testing.T) {
|
||||||
Hostname: "Hostname",
|
Hostname: "Hostname",
|
||||||
}
|
}
|
||||||
|
|
||||||
machine2 := types.Machine{
|
machine2 := &types.Machine{
|
||||||
ID: 2,
|
ID: 2,
|
||||||
MachineKey: "56789",
|
MachineKey: "56789",
|
||||||
NodeKey: "bar2",
|
NodeKey: "bar2",
|
||||||
|
@ -3203,7 +3203,7 @@ func TestValidTagInvalidUser(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
got, _, err := GenerateFilterAndSSHRules(pol, &machine, types.Machines{machine2})
|
got, _, err := GenerateFilterAndSSHRules(pol, machine, types.Machines{machine2})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
want := []tailcfg.FilterRule{
|
want := []tailcfg.FilterRule{
|
||||||
|
|
|
@ -80,9 +80,21 @@ func (h *Headscale) handlePoll(
|
||||||
|
|
||||||
logInfo, logErr := logPollFunc(mapRequest, machine, isNoise)
|
logInfo, logErr := logPollFunc(mapRequest, machine, isNoise)
|
||||||
|
|
||||||
|
// When a node connects to control, list the peers it has at
|
||||||
|
// that given point, further updates are kept in memory in
|
||||||
|
// the Mapper, which lives for the duration of the polling
|
||||||
|
// session.
|
||||||
|
peers, err := h.db.ListPeers(machine)
|
||||||
|
if err != nil {
|
||||||
|
logErr(err, "Failed to list peers when opening poller")
|
||||||
|
http.Error(writer, "", http.StatusInternalServerError)
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
mapp := mapper.NewMapper(
|
mapp := mapper.NewMapper(
|
||||||
machine,
|
machine,
|
||||||
h.db,
|
peers,
|
||||||
h.privateKey2019,
|
h.privateKey2019,
|
||||||
isNoise,
|
isNoise,
|
||||||
h.DERPMap,
|
h.DERPMap,
|
||||||
|
@ -97,7 +109,7 @@ func (h *Headscale) handlePoll(
|
||||||
machine.DiscoKey = util.DiscoPublicKeyStripPrefix(mapRequest.DiscoKey)
|
machine.DiscoKey = util.DiscoPublicKeyStripPrefix(mapRequest.DiscoKey)
|
||||||
now := time.Now().UTC()
|
now := time.Now().UTC()
|
||||||
|
|
||||||
err := h.db.ProcessMachineRoutes(machine)
|
err = h.db.SaveMachineRoutes(machine)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logErr(err, "Error processing machine routes")
|
logErr(err, "Error processing machine routes")
|
||||||
}
|
}
|
||||||
|
@ -142,7 +154,7 @@ func (h *Headscale) handlePoll(
|
||||||
h.nodeNotifier.NotifyWithIgnore(
|
h.nodeNotifier.NotifyWithIgnore(
|
||||||
types.StateUpdate{
|
types.StateUpdate{
|
||||||
Type: types.StatePeerChanged,
|
Type: types.StatePeerChanged,
|
||||||
Changed: []uint64{machine.ID},
|
Changed: types.Machines{machine},
|
||||||
},
|
},
|
||||||
machine.MachineKey)
|
machine.MachineKey)
|
||||||
}
|
}
|
||||||
|
|
|
@ -124,7 +124,7 @@ type StateUpdate struct {
|
||||||
|
|
||||||
// Changed must be set when Type is StatePeerChanged and
|
// Changed must be set when Type is StatePeerChanged and
|
||||||
// contain the Machine IDs of machines that has changed.
|
// contain the Machine IDs of machines that has changed.
|
||||||
Changed []uint64
|
Changed Machines
|
||||||
|
|
||||||
// Removed must be set when Type is StatePeerRemoved and
|
// Removed must be set when Type is StatePeerRemoved and
|
||||||
// contain a list of the nodes that has been removed from
|
// contain a list of the nodes that has been removed from
|
||||||
|
|
|
@ -68,8 +68,7 @@ type Machine struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type (
|
type (
|
||||||
Machines []Machine
|
Machines []*Machine
|
||||||
MachinesP []*Machine
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type MachineAddresses []netip.Addr
|
type MachineAddresses []netip.Addr
|
||||||
|
@ -343,19 +342,8 @@ func (machines Machines) String() string {
|
||||||
return fmt.Sprintf("[ %s ](%d)", strings.Join(temp, ", "), len(temp))
|
return fmt.Sprintf("[ %s ](%d)", strings.Join(temp, ", "), len(temp))
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(kradalby): Remove when we have generics...
|
func (machines Machines) IDMap() map[uint64]*Machine {
|
||||||
func (machines MachinesP) String() string {
|
ret := map[uint64]*Machine{}
|
||||||
temp := make([]string, len(machines))
|
|
||||||
|
|
||||||
for index, machine := range machines {
|
|
||||||
temp[index] = machine.Hostname
|
|
||||||
}
|
|
||||||
|
|
||||||
return fmt.Sprintf("[ %s ](%d)", strings.Join(temp, ", "), len(temp))
|
|
||||||
}
|
|
||||||
|
|
||||||
func (machines Machines) IDMap() map[uint64]Machine {
|
|
||||||
ret := map[uint64]Machine{}
|
|
||||||
|
|
||||||
for _, machine := range machines {
|
for _, machine := range machines {
|
||||||
ret[machine.ID] = machine
|
ret[machine.ID] = machine
|
||||||
|
|
Loading…
Reference in a new issue