feat(machines): untie dependency with class for filter func

The dependency to the `headscale` struct makes tests harder to do.

This change allow to easily add some tests for this quite sensible function.
This commit is contained in:
Adrien Raffin-Caboisse 2022-02-21 09:15:34 +01:00
parent 9c6ce02554
commit f006860136
2 changed files with 15 additions and 11 deletions

View file

@ -148,19 +148,13 @@ func matchSourceAndDestinationWithRule(ruleSources []string, ruleDestinations []
} }
// getFilteredByACLPeerss should return the list of peers authorized to be accessed from machine. // getFilteredByACLPeerss should return the list of peers authorized to be accessed from machine.
func (h *Headscale) getFilteredByACLPeers(machine *Machine) (Machines, error) { func getFilteredByACLPeers(machines []Machine, rules []tailcfg.FilterRule, machine *Machine) (Machines, error) {
log.Trace(). log.Trace().
Caller(). Caller().
Str("machine", machine.Name). Str("machine", machine.Name).
Msg("Finding peers filtered by ACLs") Msg("Finding peers filtered by ACLs")
machines, err := h.ListAllMachines()
if err != nil {
log.Error().Err(err).Msg("Error retrieving list of machines")
return Machines{}, err
}
peers := make(map[uint64]Machine) peers := make(map[uint64]Machine)
// Aclfilter peers here. We are itering through machines in all namespaces and search through the computed aclRules // Aclfilter peers here. We are itering through machines in all namespaces and search through the computed aclRules
// for match between rule SrcIPs and DstPorts. If the rule is a match we allow the machine to be viewable. // for match between rule SrcIPs and DstPorts. If the rule is a match we allow the machine to be viewable.
@ -182,7 +176,7 @@ func (h *Headscale) getFilteredByACLPeers(machine *Machine) (Machines, error) {
if peer.ID == machine.ID { if peer.ID == machine.ID {
continue continue
} }
for _, rule := range h.aclRules { for _, rule := range rules {
var dst []string var dst []string
for _, d := range rule.DstPorts { for _, d := range rule.DstPorts {
dst = append(dst, d.IP) dst = append(dst, d.IP)
@ -301,10 +295,17 @@ func (h *Headscale) getSharedTo(machine *Machine) (Machines, error) {
func (h *Headscale) getPeers(machine *Machine) (Machines, error) { func (h *Headscale) getPeers(machine *Machine) (Machines, error) {
var peers Machines var peers Machines
var err error var err error
// If ACLs rules are defined, filter visible host list with the ACLs // If ACLs rules are defined, filter visible host list with the ACLs
// else use the classic namespace scope // else use the classic namespace scope
if h.aclPolicy != nil { if h.aclPolicy != nil {
peers, err = h.getFilteredByACLPeers(machine) var machines []Machine
machines, err = h.ListAllMachines()
if err != nil {
log.Error().Err(err).Msg("Error retrieving list of machines")
return Machines{}, err
}
peers, err = getFilteredByACLPeers(machines, h.aclRules, machine)
if err != nil { if err != nil {
log.Error(). log.Error().
Caller(). Caller().

View file

@ -219,10 +219,13 @@ func (s *Suite) TestGetACLFilteredPeers(c *check.C) {
_, err = testMachine.GetHostInfo() _, err = testMachine.GetHostInfo()
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
peersOfTestMachine, err := app.getFilteredByACLPeers(testMachine) machines, err := app.ListAllMachines()
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
peersOfAdminMachine, err := app.getFilteredByACLPeers(adminMachine) peersOfTestMachine, err := getFilteredByACLPeers(machines, app.aclRules, testMachine)
c.Assert(err, check.IsNil)
peersOfAdminMachine, err := getFilteredByACLPeers(machines, app.aclRules, adminMachine)
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
c.Log(peersOfTestMachine) c.Log(peersOfTestMachine)