feat(machines): untie dependency with class for filter func
The dependency to the `headscale` struct makes tests harder to do. This change allow to easily add some tests for this quite sensible function.
This commit is contained in:
parent
9c6ce02554
commit
f006860136
2 changed files with 15 additions and 11 deletions
19
machine.go
19
machine.go
|
@ -148,19 +148,13 @@ func matchSourceAndDestinationWithRule(ruleSources []string, ruleDestinations []
|
||||||
}
|
}
|
||||||
|
|
||||||
// getFilteredByACLPeerss should return the list of peers authorized to be accessed from machine.
|
// getFilteredByACLPeerss should return the list of peers authorized to be accessed from machine.
|
||||||
func (h *Headscale) getFilteredByACLPeers(machine *Machine) (Machines, error) {
|
func getFilteredByACLPeers(machines []Machine, rules []tailcfg.FilterRule, machine *Machine) (Machines, error) {
|
||||||
log.Trace().
|
log.Trace().
|
||||||
Caller().
|
Caller().
|
||||||
Str("machine", machine.Name).
|
Str("machine", machine.Name).
|
||||||
Msg("Finding peers filtered by ACLs")
|
Msg("Finding peers filtered by ACLs")
|
||||||
|
|
||||||
machines, err := h.ListAllMachines()
|
|
||||||
if err != nil {
|
|
||||||
log.Error().Err(err).Msg("Error retrieving list of machines")
|
|
||||||
return Machines{}, err
|
|
||||||
}
|
|
||||||
peers := make(map[uint64]Machine)
|
peers := make(map[uint64]Machine)
|
||||||
|
|
||||||
// Aclfilter peers here. We are itering through machines in all namespaces and search through the computed aclRules
|
// Aclfilter peers here. We are itering through machines in all namespaces and search through the computed aclRules
|
||||||
// for match between rule SrcIPs and DstPorts. If the rule is a match we allow the machine to be viewable.
|
// for match between rule SrcIPs and DstPorts. If the rule is a match we allow the machine to be viewable.
|
||||||
|
|
||||||
|
@ -182,7 +176,7 @@ func (h *Headscale) getFilteredByACLPeers(machine *Machine) (Machines, error) {
|
||||||
if peer.ID == machine.ID {
|
if peer.ID == machine.ID {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
for _, rule := range h.aclRules {
|
for _, rule := range rules {
|
||||||
var dst []string
|
var dst []string
|
||||||
for _, d := range rule.DstPorts {
|
for _, d := range rule.DstPorts {
|
||||||
dst = append(dst, d.IP)
|
dst = append(dst, d.IP)
|
||||||
|
@ -301,10 +295,17 @@ func (h *Headscale) getSharedTo(machine *Machine) (Machines, error) {
|
||||||
func (h *Headscale) getPeers(machine *Machine) (Machines, error) {
|
func (h *Headscale) getPeers(machine *Machine) (Machines, error) {
|
||||||
var peers Machines
|
var peers Machines
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
// If ACLs rules are defined, filter visible host list with the ACLs
|
// If ACLs rules are defined, filter visible host list with the ACLs
|
||||||
// else use the classic namespace scope
|
// else use the classic namespace scope
|
||||||
if h.aclPolicy != nil {
|
if h.aclPolicy != nil {
|
||||||
peers, err = h.getFilteredByACLPeers(machine)
|
var machines []Machine
|
||||||
|
machines, err = h.ListAllMachines()
|
||||||
|
if err != nil {
|
||||||
|
log.Error().Err(err).Msg("Error retrieving list of machines")
|
||||||
|
return Machines{}, err
|
||||||
|
}
|
||||||
|
peers, err = getFilteredByACLPeers(machines, h.aclRules, machine)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error().
|
log.Error().
|
||||||
Caller().
|
Caller().
|
||||||
|
|
|
@ -219,10 +219,13 @@ func (s *Suite) TestGetACLFilteredPeers(c *check.C) {
|
||||||
_, err = testMachine.GetHostInfo()
|
_, err = testMachine.GetHostInfo()
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
peersOfTestMachine, err := app.getFilteredByACLPeers(testMachine)
|
machines, err := app.ListAllMachines()
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
peersOfAdminMachine, err := app.getFilteredByACLPeers(adminMachine)
|
peersOfTestMachine, err := getFilteredByACLPeers(machines, app.aclRules, testMachine)
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
peersOfAdminMachine, err := getFilteredByACLPeers(machines, app.aclRules, adminMachine)
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
c.Log(peersOfTestMachine)
|
c.Log(peersOfTestMachine)
|
||||||
|
|
Loading…
Reference in a new issue