diff --git a/hscontrol/db/machine_test.go b/hscontrol/db/machine_test.go index f9522b5..f6d173c 100644 --- a/hscontrol/db/machine_test.go +++ b/hscontrol/db/machine_test.go @@ -12,7 +12,6 @@ import ( "github.com/juanfont/headscale/hscontrol/types" "github.com/juanfont/headscale/hscontrol/util" "gopkg.in/check.v1" - "tailscale.com/tailcfg" "tailscale.com/types/key" ) @@ -659,131 +658,3 @@ func (s *Suite) TestAutoApproveRoutes(c *check.C) { c.Assert(channelUpdates, check.Equals, int32(4)) } - -func TestMachine_canAccess(t *testing.T) { - type args struct { - filter []tailcfg.FilterRule - machine2 *types.Machine - } - tests := []struct { - name string - machine types.Machine - args args - want bool - }{ - { - name: "no-rules", - machine: types.Machine{ - IPAddresses: types.MachineAddresses{ - netip.MustParseAddr("10.0.0.1"), - }, - }, - args: args{ - filter: []tailcfg.FilterRule{}, - machine2: &types.Machine{ - IPAddresses: types.MachineAddresses{ - netip.MustParseAddr("10.0.0.2"), - }, - }, - }, - want: false, - }, - { - name: "wildcard", - machine: types.Machine{ - IPAddresses: types.MachineAddresses{ - netip.MustParseAddr("10.0.0.1"), - }, - }, - args: args{ - filter: []tailcfg.FilterRule{ - { - SrcIPs: []string{"*"}, - DstPorts: []tailcfg.NetPortRange{ - { - IP: "*", - Ports: tailcfg.PortRange{ - First: 0, - Last: 65535, - }, - }, - }, - }, - }, - machine2: &types.Machine{ - IPAddresses: types.MachineAddresses{ - netip.MustParseAddr("10.0.0.2"), - }, - }, - }, - want: true, - }, - { - name: "explicit-m1-to-m2", - machine: types.Machine{ - IPAddresses: types.MachineAddresses{ - netip.MustParseAddr("10.0.0.1"), - }, - }, - args: args{ - filter: []tailcfg.FilterRule{ - { - SrcIPs: []string{"10.0.0.1"}, - DstPorts: []tailcfg.NetPortRange{ - { - IP: "10.0.0.2", - Ports: tailcfg.PortRange{ - First: 0, - Last: 65535, - }, - }, - }, - }, - }, - machine2: &types.Machine{ - IPAddresses: types.MachineAddresses{ - netip.MustParseAddr("10.0.0.2"), - }, - }, - }, - want: true, - }, - { - name: "explicit-m2-to-m1", - machine: types.Machine{ - IPAddresses: types.MachineAddresses{ - netip.MustParseAddr("10.0.0.1"), - }, - }, - args: args{ - filter: []tailcfg.FilterRule{ - { - SrcIPs: []string{"10.0.0.2"}, - DstPorts: []tailcfg.NetPortRange{ - { - IP: "10.0.0.1", - Ports: tailcfg.PortRange{ - First: 0, - Last: 65535, - }, - }, - }, - }, - }, - machine2: &types.Machine{ - IPAddresses: types.MachineAddresses{ - netip.MustParseAddr("10.0.0.2"), - }, - }, - }, - want: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := tt.machine.CanAccess(tt.args.filter, tt.args.machine2); got != tt.want { - t.Errorf("Machine.CanAccess() = %v, want %v", got, tt.want) - } - }) - } -} diff --git a/hscontrol/types/machine_test.go b/hscontrol/types/machine_test.go index 384b0d1..50fc428 100644 --- a/hscontrol/types/machine_test.go +++ b/hscontrol/types/machine_test.go @@ -16,18 +16,44 @@ func Test_MachineCanAccess(t *testing.T) { want bool }{ { - name: "other-cant-access-src", + name: "no-rules", machine1: Machine{ - ID: 0, - IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.1")}, - Hostname: "mini", - User: User{Name: "mini"}, + IPAddresses: []netip.Addr{netip.MustParseAddr("10.0.0.1")}, + }, + machine2: Machine{ + IPAddresses: []netip.Addr{netip.MustParseAddr("10.0.0.2")}, + }, + rules: []tailcfg.FilterRule{}, + want: false, + }, + { + name: "wildcard", + machine1: Machine{ + IPAddresses: []netip.Addr{netip.MustParseAddr("10.0.0.1")}, + }, + machine2: Machine{ + IPAddresses: []netip.Addr{netip.MustParseAddr("10.0.0.2")}, + }, + rules: []tailcfg.FilterRule{ + { + SrcIPs: []string{"*"}, + DstPorts: []tailcfg.NetPortRange{ + { + IP: "*", + Ports: tailcfg.PortRangeAny, + }, + }, + }, + }, + want: true, + }, + { + name: "other-cant-access-src", + machine1: Machine{ + IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.1")}, }, machine2: Machine{ - ID: 2, IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")}, - Hostname: "peer2", - User: User{Name: "peer2"}, }, rules: []tailcfg.FilterRule{ { @@ -42,16 +68,10 @@ func Test_MachineCanAccess(t *testing.T) { { name: "dest-cant-access-src", machine1: Machine{ - ID: 2, IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")}, - Hostname: "peer2", - User: User{Name: "peer2"}, }, machine2: Machine{ - ID: 0, IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")}, - Hostname: "mini", - User: User{Name: "mini"}, }, rules: []tailcfg.FilterRule{ { @@ -66,16 +86,10 @@ func Test_MachineCanAccess(t *testing.T) { { name: "src-can-access-dest", machine1: Machine{ - ID: 0, IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")}, - Hostname: "mini", - User: User{Name: "mini"}, }, machine2: Machine{ - ID: 2, IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")}, - Hostname: "peer2", - User: User{Name: "peer2"}, }, rules: []tailcfg.FilterRule{ {