From 061efa182239fb962acca74e41e90d645a84a654 Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Sun, 17 Oct 2021 11:57:53 +0200 Subject: [PATCH 1/7] Do not include BaseDomain as full route in DNSConfig + code reorg --- api.go | 14 +++++++------- dns.go | 31 +++++++++++++++++++++++++------ 2 files changed, 32 insertions(+), 13 deletions(-) diff --git a/api.go b/api.go index 0aad5ee..519dbea 100644 --- a/api.go +++ b/api.go @@ -258,13 +258,13 @@ func (h *Headscale) getMapResponse(mKey wgkey.Key, req tailcfg.MapRequest, m *Ma return nil, err } - var dnsConfig *tailcfg.DNSConfig - if h.cfg.DNSConfig != nil && h.cfg.DNSConfig.Proxied { // if MagicDNS is enabled - // Only inject the Search Domain of the current namespace - shared nodes should use their full FQDN - dnsConfig = h.cfg.DNSConfig.Clone() - dnsConfig.Domains = append(dnsConfig.Domains, fmt.Sprintf("%s.%s", m.Namespace.Name, h.cfg.BaseDomain)) - } else { - dnsConfig = h.cfg.DNSConfig + dnsConfig, err := h.getMapResponseDNSConfig(*m, peers) + if err != nil { + log.Error(). + Str("func", "getMapResponse"). + Err(err). + Msg("Failed generate the DNSConfig") + return nil, err } resp := tailcfg.MapResponse{ diff --git a/dns.go b/dns.go index 353e10b..ae7d290 100644 --- a/dns.go +++ b/dns.go @@ -4,7 +4,9 @@ import ( "fmt" "strings" + "github.com/fatih/set" "inet.af/netaddr" + "tailscale.com/tailcfg" "tailscale.com/util/dnsname" ) @@ -29,15 +31,10 @@ import ( // From the netmask we can find out the wildcard bits (the bits that are not set in the netmask). // This allows us to then calculate the subnets included in the subsequent class block and generate the entries. func generateMagicDNSRootDomains(ipPrefix netaddr.IPPrefix, baseDomain string) ([]dnsname.FQDN, error) { - base, err := dnsname.ToFQDN(baseDomain) - if err != nil { - return nil, err - } - // TODO(juanfont): we are not handing out IPv6 addresses yet // and in fact this is Tailscale.com's range (note the fd7a:115c:a1e0: range in the fc00::/7 network) ipv6base := dnsname.FQDN("0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa.") - fqdns := []dnsname.FQDN{base, ipv6base} + fqdns := []dnsname.FQDN{ipv6base} // Conversion to the std lib net.IPnet, a bit easier to operate netRange := ipPrefix.IPNet() @@ -71,3 +68,25 @@ func generateMagicDNSRootDomains(ipPrefix netaddr.IPPrefix, baseDomain string) ( } return fqdns, nil } + +func (h *Headscale) getMapResponseDNSConfig(m Machine, peers Machines) (*tailcfg.DNSConfig, error) { + var dnsConfig *tailcfg.DNSConfig + if h.cfg.DNSConfig != nil && h.cfg.DNSConfig.Proxied { // if MagicDNS is enabled + // Only inject the Search Domain of the current namespace - shared nodes should use their full FQDN + dnsConfig = h.cfg.DNSConfig.Clone() + dnsConfig.Domains = append(dnsConfig.Domains, fmt.Sprintf("%s.%s", m.Namespace.Name, h.cfg.BaseDomain)) + + namespaceSet := set.New(set.ThreadSafe) + namespaceSet.Add(m.Namespace) + for _, p := range peers { + namespaceSet.Add(p.Namespace) + } + for _, namespace := range namespaceSet.List() { + dnsRoute := dnsname.FQDN(fmt.Sprintf("%s.%s", namespace.(Namespace).Name, h.cfg.BaseDomain)) + dnsConfig.Routes[dnsRoute.WithoutTrailingDot()] = nil + } + } else { + dnsConfig = h.cfg.DNSConfig + } + return dnsConfig, nil +} From 8094e6fdef67ca683afc27208ca578a4422f9b67 Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Sun, 17 Oct 2021 11:59:08 +0200 Subject: [PATCH 2/7] Preload the Namespace from SharedMachines --- machine.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/machine.go b/machine.go index f97169b..8986ac9 100644 --- a/machine.go +++ b/machine.go @@ -86,7 +86,7 @@ func (h *Headscale) getShared(m *Machine) (Machines, error) { Msg("Finding shared peers") sharedMachines := []SharedMachine{} - if err := h.db.Preload("Namespace").Preload("Machine").Where("namespace_id = ?", + if err := h.db.Preload("Namespace").Preload("Machine").Preload("Machine.Namespace").Where("namespace_id = ?", m.NamespaceID).Find(&sharedMachines).Error; err != nil { return Machines{}, err } @@ -113,7 +113,7 @@ func (h *Headscale) getSharedTo(m *Machine) (Machines, error) { Msg("Finding peers in namespaces this machine is shared with") sharedMachines := []SharedMachine{} - if err := h.db.Preload("Namespace").Preload("Machine").Where("machine_id = ?", + if err := h.db.Preload("Namespace").Preload("Machine").Preload("Machine.Namespace").Where("machine_id = ?", m.ID).Find(&sharedMachines).Error; err != nil { return Machines{}, err } From 01f755ecf90b6ecd65ef7fc29f770e59575b0cfc Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Sun, 17 Oct 2021 12:07:01 +0200 Subject: [PATCH 3/7] Send UserProfile info for the peers' namespaces --- api.go | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/api.go b/api.go index 519dbea..37090f1 100644 --- a/api.go +++ b/api.go @@ -9,6 +9,7 @@ import ( "net/http" "time" + "github.com/fatih/set" "github.com/rs/zerolog/log" "github.com/gin-gonic/gin" @@ -243,11 +244,7 @@ func (h *Headscale) getMapResponse(mKey wgkey.Key, req tailcfg.MapRequest, m *Ma return nil, err } - profile := tailcfg.UserProfile{ - ID: tailcfg.UserID(m.NamespaceID), - LoginName: m.Namespace.Name, - DisplayName: m.Namespace.Name, - } + profiles := getMapResponseUserProfiles(*m, peers) nodePeers, err := peers.toNodes(h.cfg.BaseDomain, h.cfg.DNSConfig, true) if err != nil { @@ -275,10 +272,9 @@ func (h *Headscale) getMapResponse(mKey wgkey.Key, req tailcfg.MapRequest, m *Ma Domain: h.cfg.BaseDomain, PacketFilter: *h.aclRules, DERPMap: h.cfg.DerpMap, - - // TODO(juanfont): We should send the profiles of all the peers (this own namespace + those from the shared peers) - UserProfiles: []tailcfg.UserProfile{profile}, + UserProfiles: profiles, } + log.Trace(). Str("func", "getMapResponse"). Str("machine", req.Hostinfo.Hostname). @@ -419,3 +415,22 @@ func (h *Headscale) handleAuthKey(c *gin.Context, db *gorm.DB, idKey wgkey.Key, Str("ip", ip.String()). Msg("Successfully authenticated via AuthKey") } + +func getMapResponseUserProfiles(m Machine, peers Machines) []tailcfg.UserProfile { + namespaceSet := set.New(set.ThreadSafe) + namespaceSet.Add(m.Namespace) + for _, p := range peers { + namespaceSet.Add(p.Namespace) + } + + profiles := []tailcfg.UserProfile{} + for _, namespace := range namespaceSet.List() { + profiles = append(profiles, + tailcfg.UserProfile{ + ID: tailcfg.UserID(namespace.(Namespace).ID), + LoginName: namespace.(Namespace).Name, + DisplayName: namespace.(Namespace).Name, + }) + } + return profiles +} From 687e8d12bec677f947d2f9d3162b622d3bb4c9a9 Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Sun, 17 Oct 2021 12:10:03 +0200 Subject: [PATCH 4/7] Do not use the full application for getMapResponseDNSConfig --- api.go | 2 +- dns.go | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/api.go b/api.go index 37090f1..427a506 100644 --- a/api.go +++ b/api.go @@ -255,7 +255,7 @@ func (h *Headscale) getMapResponse(mKey wgkey.Key, req tailcfg.MapRequest, m *Ma return nil, err } - dnsConfig, err := h.getMapResponseDNSConfig(*m, peers) + dnsConfig, err := getMapResponseDNSConfig(h.cfg.DNSConfig, h.cfg.BaseDomain, *m, peers) if err != nil { log.Error(). Str("func", "getMapResponse"). diff --git a/dns.go b/dns.go index ae7d290..e8c8a93 100644 --- a/dns.go +++ b/dns.go @@ -69,12 +69,12 @@ func generateMagicDNSRootDomains(ipPrefix netaddr.IPPrefix, baseDomain string) ( return fqdns, nil } -func (h *Headscale) getMapResponseDNSConfig(m Machine, peers Machines) (*tailcfg.DNSConfig, error) { +func getMapResponseDNSConfig(dnsConfigOrig *tailcfg.DNSConfig, baseDomain string, m Machine, peers Machines) (*tailcfg.DNSConfig, error) { var dnsConfig *tailcfg.DNSConfig - if h.cfg.DNSConfig != nil && h.cfg.DNSConfig.Proxied { // if MagicDNS is enabled + if dnsConfigOrig != nil && dnsConfigOrig.Proxied { // if MagicDNS is enabled // Only inject the Search Domain of the current namespace - shared nodes should use their full FQDN - dnsConfig = h.cfg.DNSConfig.Clone() - dnsConfig.Domains = append(dnsConfig.Domains, fmt.Sprintf("%s.%s", m.Namespace.Name, h.cfg.BaseDomain)) + dnsConfig = dnsConfigOrig.Clone() + dnsConfig.Domains = append(dnsConfig.Domains, fmt.Sprintf("%s.%s", m.Namespace.Name, baseDomain)) namespaceSet := set.New(set.ThreadSafe) namespaceSet.Add(m.Namespace) @@ -82,11 +82,11 @@ func (h *Headscale) getMapResponseDNSConfig(m Machine, peers Machines) (*tailcfg namespaceSet.Add(p.Namespace) } for _, namespace := range namespaceSet.List() { - dnsRoute := dnsname.FQDN(fmt.Sprintf("%s.%s", namespace.(Namespace).Name, h.cfg.BaseDomain)) + dnsRoute := dnsname.FQDN(fmt.Sprintf("%s.%s", namespace.(Namespace).Name, baseDomain)) dnsConfig.Routes[dnsRoute.WithoutTrailingDot()] = nil } } else { - dnsConfig = h.cfg.DNSConfig + dnsConfig = dnsConfigOrig } return dnsConfig, nil } From b06e34f144c367a64b7e1eabb3d4a77ef68f8ad5 Mon Sep 17 00:00:00 2001 From: Ward Vandewege Date: Sun, 17 Oct 2021 11:29:03 -0400 Subject: [PATCH 5/7] Bugfix: the check to see if a node was already shared into a namespace was incorrect. --- sharing.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sharing.go b/sharing.go index 83ce526..2905c8e 100644 --- a/sharing.go +++ b/sharing.go @@ -21,12 +21,15 @@ func (h *Headscale) AddSharedMachineToNamespace(m *Machine, ns *Namespace) error return errorSameNamespace } - sharedMachine := SharedMachine{} - if err := h.db.Where("machine_id = ? AND namespace_id", m.ID, ns.ID).First(&sharedMachine).Error; err == nil { + sharedMachines := []SharedMachine{} + if err := h.db.Where("machine_id = ? AND namespace_id = ?", m.ID, ns.ID).Find(&sharedMachines).Error; err != nil { + return err + } + if len(sharedMachines) > 0 { return errorMachineAlreadyShared } - sharedMachine = SharedMachine{ + sharedMachine := SharedMachine{ MachineID: m.ID, Machine: *m, NamespaceID: ns.ID, From 9e3339b4f1b869b3aab626cc85fb5ebd6650ea3d Mon Sep 17 00:00:00 2001 From: Ward Vandewege Date: Sun, 17 Oct 2021 16:29:30 -0400 Subject: [PATCH 6/7] Add cli support for unsharing a node from a namespace. --- cmd/headscale/cli/nodes.go | 50 ++++++++++++++++++++++++++++++++++ sharing.go | 24 ++++++++++++++++ sharing_test.go | 56 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 130 insertions(+) diff --git a/cmd/headscale/cli/nodes.go b/cmd/headscale/cli/nodes.go index 1246192..c44aa5e 100644 --- a/cmd/headscale/cli/nodes.go +++ b/cmd/headscale/cli/nodes.go @@ -26,6 +26,7 @@ func init() { nodeCmd.AddCommand(registerNodeCmd) nodeCmd.AddCommand(deleteNodeCmd) nodeCmd.AddCommand(shareMachineCmd) + nodeCmd.AddCommand(unshareMachineCmd) } var nodeCmd = &cobra.Command{ @@ -229,6 +230,55 @@ var shareMachineCmd = &cobra.Command{ }, } +var unshareMachineCmd = &cobra.Command{ + Use: "unshare ID", + Short: "Unshares a node from the specified namespace", + Args: func(cmd *cobra.Command, args []string) error { + if len(args) < 1 { + return fmt.Errorf("missing parameters") + } + return nil + }, + Run: func(cmd *cobra.Command, args []string) { + namespace, err := cmd.Flags().GetString("namespace") + if err != nil { + log.Fatalf("Error getting namespace: %s", err) + } + output, _ := cmd.Flags().GetString("output") + + h, err := getHeadscaleApp() + if err != nil { + log.Fatalf("Error initializing: %s", err) + } + + n, err := h.GetNamespace(namespace) + if err != nil { + log.Fatalf("Error fetching namespace: %s", err) + } + + id, err := strconv.Atoi(args[0]) + if err != nil { + log.Fatalf("Error converting ID to integer: %s", err) + } + machine, err := h.GetMachineByID(uint64(id)) + if err != nil { + log.Fatalf("Error getting node: %s", err) + } + + err = h.RemoveSharedMachineFromNamespace(machine, n) + if strings.HasPrefix(output, "json") { + JsonOutput(map[string]string{"Result": "Node unshared"}, err, output) + return + } + if err != nil { + fmt.Printf("Error unsharing node: %s\n", err) + return + } + + fmt.Println("Node unshared!") + }, +} + func nodesToPtables(currentNamespace headscale.Namespace, machines []headscale.Machine) (pterm.TableData, error) { d := pterm.TableData{{"ID", "Name", "NodeKey", "Namespace", "IP address", "Ephemeral", "Last seen", "Online"}} diff --git a/sharing.go b/sharing.go index 2905c8e..879ed06 100644 --- a/sharing.go +++ b/sharing.go @@ -40,6 +40,30 @@ func (h *Headscale) AddSharedMachineToNamespace(m *Machine, ns *Namespace) error return nil } +// RemoveSharedMachineFromNamespace removes a shared machine from a namespace +func (h *Headscale) RemoveSharedMachineFromNamespace(m *Machine, ns *Namespace) error { + if m.NamespaceID == ns.ID { + return errorSameNamespace + } + + sharedMachine := SharedMachine{} + result := h.db.Where("machine_id = ? AND namespace_id = ?", m.ID, ns.ID).Unscoped().Delete(&sharedMachine) + if result.Error != nil { + return result.Error + } + + if result.RowsAffected == 0 { + return errorMachineNotShared + } + + err := h.RequestMapUpdates(ns.ID) + if err != nil { + return err + } + + return nil +} + // RemoveSharedMachineFromAllNamespaces removes a machine as a shared node from all namespaces func (h *Headscale) RemoveSharedMachineFromAllNamespaces(m *Machine) error { sharedMachine := SharedMachine{} diff --git a/sharing_test.go b/sharing_test.go index d8cd802..c6d26f6 100644 --- a/sharing_test.go +++ b/sharing_test.go @@ -4,6 +4,36 @@ import ( "gopkg.in/check.v1" ) +func CreateNodeNamespace(c *check.C, namespace, node, key, IP string) (*Namespace, *Machine) { + n1, err := h.CreateNamespace(namespace) + c.Assert(err, check.IsNil) + + pak1, err := h.CreatePreAuthKey(n1.Name, false, false, nil) + c.Assert(err, check.IsNil) + + _, err = h.GetMachine(n1.Name, node) + c.Assert(err, check.NotNil) + + m1 := &Machine{ + ID: 0, + MachineKey: key, + NodeKey: key, + DiscoKey: key, + Name: node, + NamespaceID: n1.ID, + Registered: true, + RegisterMethod: "authKey", + IPAddress: IP, + AuthKeyID: uint(pak1.ID), + } + h.db.Save(m1) + + _, err = h.GetMachine(n1.Name, m1.Name) + c.Assert(err, check.IsNil) + + return n1, m1 +} + func (s *Suite) TestBasicSharedNodesInNamespace(c *check.C) { n1, err := h.CreateNamespace("shared1") c.Assert(err, check.IsNil) @@ -125,6 +155,32 @@ func (s *Suite) TestSameNamespace(c *check.C) { c.Assert(err, check.Equals, errorSameNamespace) } +func (s *Suite) TestUnshare(c *check.C) { + n1, m1 := CreateNodeNamespace(c, "shared1", "test_unshare_1", "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", "100.64.0.1") + _, m2 := CreateNodeNamespace(c, "shared2", "test_unshare_2", "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", "100.64.0.2") + + p1s, err := h.getPeers(m1) + c.Assert(err, check.IsNil) + c.Assert(len(p1s), check.Equals, 0) + + err = h.AddSharedMachineToNamespace(m2, n1) + c.Assert(err, check.IsNil) + + p1s, err = h.getShared(m1) + c.Assert(err, check.IsNil) + c.Assert(len(p1s), check.Equals, 1) + + err = h.RemoveSharedMachineFromNamespace(m2, n1) + c.Assert(err, check.IsNil) + + p1s, err = h.getShared(m1) + c.Assert(err, check.IsNil) + c.Assert(len(p1s), check.Equals, 0) + + err = h.RemoveSharedMachineFromNamespace(m2, n1) + c.Assert(err, check.Equals, errorMachineNotShared) +} + func (s *Suite) TestAlreadyShared(c *check.C) { n1, err := h.CreateNamespace("shared1") c.Assert(err, check.IsNil) From 01a5fe3c51ea926e18eaf7a98dd11102513fcf7a Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Sun, 17 Oct 2021 23:58:09 +0200 Subject: [PATCH 7/7] Added tests, solved some bugs, and code reorg --- api.go | 20 ---- dns.go | 4 +- dns_test.go | 245 ++++++++++++++++++++++++++++++++++++++++++++- namespaces.go | 19 ++++ namespaces_test.go | 124 +++++++++++++++++++++++ 5 files changed, 389 insertions(+), 23 deletions(-) diff --git a/api.go b/api.go index 427a506..6e30cb3 100644 --- a/api.go +++ b/api.go @@ -9,7 +9,6 @@ import ( "net/http" "time" - "github.com/fatih/set" "github.com/rs/zerolog/log" "github.com/gin-gonic/gin" @@ -415,22 +414,3 @@ func (h *Headscale) handleAuthKey(c *gin.Context, db *gorm.DB, idKey wgkey.Key, Str("ip", ip.String()). Msg("Successfully authenticated via AuthKey") } - -func getMapResponseUserProfiles(m Machine, peers Machines) []tailcfg.UserProfile { - namespaceSet := set.New(set.ThreadSafe) - namespaceSet.Add(m.Namespace) - for _, p := range peers { - namespaceSet.Add(p.Namespace) - } - - profiles := []tailcfg.UserProfile{} - for _, namespace := range namespaceSet.List() { - profiles = append(profiles, - tailcfg.UserProfile{ - ID: tailcfg.UserID(namespace.(Namespace).ID), - LoginName: namespace.(Namespace).Name, - DisplayName: namespace.(Namespace).Name, - }) - } - return profiles -} diff --git a/dns.go b/dns.go index e8c8a93..c7ca32a 100644 --- a/dns.go +++ b/dns.go @@ -82,8 +82,8 @@ func getMapResponseDNSConfig(dnsConfigOrig *tailcfg.DNSConfig, baseDomain string namespaceSet.Add(p.Namespace) } for _, namespace := range namespaceSet.List() { - dnsRoute := dnsname.FQDN(fmt.Sprintf("%s.%s", namespace.(Namespace).Name, baseDomain)) - dnsConfig.Routes[dnsRoute.WithoutTrailingDot()] = nil + dnsRoute := fmt.Sprintf("%s.%s", namespace.(Namespace).Name, baseDomain) + dnsConfig.Routes[dnsRoute] = nil } } else { dnsConfig = dnsConfigOrig diff --git a/dns_test.go b/dns_test.go index 8781320..eeaf885 100644 --- a/dns_test.go +++ b/dns_test.go @@ -1,13 +1,17 @@ package headscale import ( + "fmt" + "gopkg.in/check.v1" "inet.af/netaddr" + "tailscale.com/tailcfg" + "tailscale.com/types/dnstype" ) func (s *Suite) TestMagicDNSRootDomains100(c *check.C) { prefix := netaddr.MustParseIPPrefix("100.64.0.0/10") - domains, err := generateMagicDNSRootDomains(prefix, "headscale.net") + domains, err := generateMagicDNSRootDomains(prefix, "foobar.headscale.net") c.Assert(err, check.IsNil) found := false @@ -61,3 +65,242 @@ func (s *Suite) TestMagicDNSRootDomains172(c *check.C) { } c.Assert(found, check.Equals, true) } + +func (s *Suite) TestDNSConfigMapResponseWithMagicDNS(c *check.C) { + n1, err := h.CreateNamespace("shared1") + c.Assert(err, check.IsNil) + + n2, err := h.CreateNamespace("shared2") + c.Assert(err, check.IsNil) + + n3, err := h.CreateNamespace("shared3") + c.Assert(err, check.IsNil) + + pak1n1, err := h.CreatePreAuthKey(n1.Name, false, false, nil) + c.Assert(err, check.IsNil) + + pak2n2, err := h.CreatePreAuthKey(n2.Name, false, false, nil) + c.Assert(err, check.IsNil) + + pak3n3, err := h.CreatePreAuthKey(n3.Name, false, false, nil) + c.Assert(err, check.IsNil) + + pak4n1, err := h.CreatePreAuthKey(n1.Name, false, false, nil) + c.Assert(err, check.IsNil) + + _, err = h.GetMachine(n1.Name, "test_get_shared_nodes_1") + c.Assert(err, check.NotNil) + + m1 := &Machine{ + ID: 1, + MachineKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", + NodeKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", + DiscoKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", + Name: "test_get_shared_nodes_1", + NamespaceID: n1.ID, + Namespace: *n1, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.1", + AuthKeyID: uint(pak1n1.ID), + } + h.db.Save(m1) + + _, err = h.GetMachine(n1.Name, m1.Name) + c.Assert(err, check.IsNil) + + m2 := &Machine{ + ID: 2, + MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + Name: "test_get_shared_nodes_2", + NamespaceID: n2.ID, + Namespace: *n2, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.2", + AuthKeyID: uint(pak2n2.ID), + } + h.db.Save(m2) + + _, err = h.GetMachine(n2.Name, m2.Name) + c.Assert(err, check.IsNil) + + m3 := &Machine{ + ID: 3, + MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + Name: "test_get_shared_nodes_3", + NamespaceID: n3.ID, + Namespace: *n3, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.3", + AuthKeyID: uint(pak3n3.ID), + } + h.db.Save(m3) + + _, err = h.GetMachine(n3.Name, m3.Name) + c.Assert(err, check.IsNil) + + m4 := &Machine{ + ID: 4, + MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + Name: "test_get_shared_nodes_4", + NamespaceID: n1.ID, + Namespace: *n1, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.4", + AuthKeyID: uint(pak4n1.ID), + } + h.db.Save(m4) + + err = h.AddSharedMachineToNamespace(m2, n1) + c.Assert(err, check.IsNil) + + baseDomain := "foobar.headscale.net" + dnsConfigOrig := tailcfg.DNSConfig{ + Routes: make(map[string][]dnstype.Resolver), + Domains: []string{baseDomain}, + Proxied: true, + } + + m1peers, err := h.getPeers(m1) + c.Assert(err, check.IsNil) + + dnsConfig, err := getMapResponseDNSConfig(&dnsConfigOrig, baseDomain, *m1, m1peers) + c.Assert(err, check.IsNil) + c.Assert(dnsConfig, check.NotNil) + c.Assert(len(dnsConfig.Routes), check.Equals, 2) + + routeN1 := fmt.Sprintf("%s.%s", n1.Name, baseDomain) + _, ok := dnsConfig.Routes[routeN1] + c.Assert(ok, check.Equals, true) + + routeN2 := fmt.Sprintf("%s.%s", n2.Name, baseDomain) + _, ok = dnsConfig.Routes[routeN2] + c.Assert(ok, check.Equals, true) + + routeN3 := fmt.Sprintf("%s.%s", n3.Name, baseDomain) + _, ok = dnsConfig.Routes[routeN3] + c.Assert(ok, check.Equals, false) +} + +func (s *Suite) TestDNSConfigMapResponseWithoutMagicDNS(c *check.C) { + n1, err := h.CreateNamespace("shared1") + c.Assert(err, check.IsNil) + + n2, err := h.CreateNamespace("shared2") + c.Assert(err, check.IsNil) + + n3, err := h.CreateNamespace("shared3") + c.Assert(err, check.IsNil) + + pak1n1, err := h.CreatePreAuthKey(n1.Name, false, false, nil) + c.Assert(err, check.IsNil) + + pak2n2, err := h.CreatePreAuthKey(n2.Name, false, false, nil) + c.Assert(err, check.IsNil) + + pak3n3, err := h.CreatePreAuthKey(n3.Name, false, false, nil) + c.Assert(err, check.IsNil) + + pak4n1, err := h.CreatePreAuthKey(n1.Name, false, false, nil) + c.Assert(err, check.IsNil) + + _, err = h.GetMachine(n1.Name, "test_get_shared_nodes_1") + c.Assert(err, check.NotNil) + + m1 := &Machine{ + ID: 1, + MachineKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", + NodeKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", + DiscoKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", + Name: "test_get_shared_nodes_1", + NamespaceID: n1.ID, + Namespace: *n1, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.1", + AuthKeyID: uint(pak1n1.ID), + } + h.db.Save(m1) + + _, err = h.GetMachine(n1.Name, m1.Name) + c.Assert(err, check.IsNil) + + m2 := &Machine{ + ID: 2, + MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + Name: "test_get_shared_nodes_2", + NamespaceID: n2.ID, + Namespace: *n2, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.2", + AuthKeyID: uint(pak2n2.ID), + } + h.db.Save(m2) + + _, err = h.GetMachine(n2.Name, m2.Name) + c.Assert(err, check.IsNil) + + m3 := &Machine{ + ID: 3, + MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + Name: "test_get_shared_nodes_3", + NamespaceID: n3.ID, + Namespace: *n3, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.3", + AuthKeyID: uint(pak3n3.ID), + } + h.db.Save(m3) + + _, err = h.GetMachine(n3.Name, m3.Name) + c.Assert(err, check.IsNil) + + m4 := &Machine{ + ID: 4, + MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + Name: "test_get_shared_nodes_4", + NamespaceID: n1.ID, + Namespace: *n1, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.4", + AuthKeyID: uint(pak4n1.ID), + } + h.db.Save(m4) + + err = h.AddSharedMachineToNamespace(m2, n1) + c.Assert(err, check.IsNil) + + baseDomain := "foobar.headscale.net" + dnsConfigOrig := tailcfg.DNSConfig{ + Routes: make(map[string][]dnstype.Resolver), + Domains: []string{baseDomain}, + Proxied: false, + } + + m1peers, err := h.getPeers(m1) + c.Assert(err, check.IsNil) + + dnsConfig, err := getMapResponseDNSConfig(&dnsConfigOrig, baseDomain, *m1, m1peers) + c.Assert(err, check.IsNil) + c.Assert(dnsConfig, check.NotNil) + c.Assert(len(dnsConfig.Routes), check.Equals, 0) + c.Assert(len(dnsConfig.Domains), check.Equals, 1) +} diff --git a/namespaces.go b/namespaces.go index e109b9a..dfe4297 100644 --- a/namespaces.go +++ b/namespaces.go @@ -216,3 +216,22 @@ func (n *Namespace) toUser() *tailcfg.User { } return &u } + +func getMapResponseUserProfiles(m Machine, peers Machines) []tailcfg.UserProfile { + namespaceMap := make(map[string]Namespace) + namespaceMap[m.Namespace.Name] = m.Namespace + for _, p := range peers { + namespaceMap[p.Namespace.Name] = p.Namespace // not worth checking if already is there + } + + profiles := []tailcfg.UserProfile{} + for _, namespace := range namespaceMap { + profiles = append(profiles, + tailcfg.UserProfile{ + ID: tailcfg.UserID(namespace.ID), + LoginName: namespace.Name, + DisplayName: namespace.Name, + }) + } + return profiles +} diff --git a/namespaces_test.go b/namespaces_test.go index 9168b20..5350576 100644 --- a/namespaces_test.go +++ b/namespaces_test.go @@ -1,6 +1,7 @@ package headscale import ( + "github.com/rs/zerolog/log" "gopkg.in/check.v1" ) @@ -46,3 +47,126 @@ func (s *Suite) TestDestroyNamespaceErrors(c *check.C) { err = h.DestroyNamespace("test") c.Assert(err, check.Equals, errorNamespaceNotEmpty) } + +func (s *Suite) TestGetMapResponseUserProfiles(c *check.C) { + n1, err := h.CreateNamespace("shared1") + c.Assert(err, check.IsNil) + + n2, err := h.CreateNamespace("shared2") + c.Assert(err, check.IsNil) + + n3, err := h.CreateNamespace("shared3") + c.Assert(err, check.IsNil) + + pak1n1, err := h.CreatePreAuthKey(n1.Name, false, false, nil) + c.Assert(err, check.IsNil) + + pak2n2, err := h.CreatePreAuthKey(n2.Name, false, false, nil) + c.Assert(err, check.IsNil) + + pak3n3, err := h.CreatePreAuthKey(n3.Name, false, false, nil) + c.Assert(err, check.IsNil) + + pak4n1, err := h.CreatePreAuthKey(n1.Name, false, false, nil) + c.Assert(err, check.IsNil) + + _, err = h.GetMachine(n1.Name, "test_get_shared_nodes_1") + c.Assert(err, check.NotNil) + + m1 := &Machine{ + ID: 1, + MachineKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", + NodeKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", + DiscoKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66", + Name: "test_get_shared_nodes_1", + NamespaceID: n1.ID, + Namespace: *n1, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.1", + AuthKeyID: uint(pak1n1.ID), + } + h.db.Save(m1) + + _, err = h.GetMachine(n1.Name, m1.Name) + c.Assert(err, check.IsNil) + + m2 := &Machine{ + ID: 2, + MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + Name: "test_get_shared_nodes_2", + NamespaceID: n2.ID, + Namespace: *n2, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.2", + AuthKeyID: uint(pak2n2.ID), + } + h.db.Save(m2) + + _, err = h.GetMachine(n2.Name, m2.Name) + c.Assert(err, check.IsNil) + + m3 := &Machine{ + ID: 3, + MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + Name: "test_get_shared_nodes_3", + NamespaceID: n3.ID, + Namespace: *n3, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.3", + AuthKeyID: uint(pak3n3.ID), + } + h.db.Save(m3) + + _, err = h.GetMachine(n3.Name, m3.Name) + c.Assert(err, check.IsNil) + + m4 := &Machine{ + ID: 4, + MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863", + Name: "test_get_shared_nodes_4", + NamespaceID: n1.ID, + Namespace: *n1, + Registered: true, + RegisterMethod: "authKey", + IPAddress: "100.64.0.4", + AuthKeyID: uint(pak4n1.ID), + } + h.db.Save(m4) + + err = h.AddSharedMachineToNamespace(m2, n1) + c.Assert(err, check.IsNil) + m1peers, err := h.getPeers(m1) + c.Assert(err, check.IsNil) + + userProfiles := getMapResponseUserProfiles(*m1, m1peers) + + log.Trace().Msgf("userProfiles %#v", userProfiles) + c.Assert(len(userProfiles), check.Equals, 2) + + found := false + for _, up := range userProfiles { + if up.DisplayName == n1.Name { + found = true + break + } + } + c.Assert(found, check.Equals, true) + + found = false + for _, up := range userProfiles { + if up.DisplayName == n2.Name { + found = true + break + } + } + c.Assert(found, check.Equals, true) +}