remove redundant tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
parent
88ca2501d1
commit
fcdc7a6f7d
2 changed files with 34 additions and 149 deletions
|
@ -12,7 +12,6 @@ import (
|
||||||
"github.com/juanfont/headscale/hscontrol/types"
|
"github.com/juanfont/headscale/hscontrol/types"
|
||||||
"github.com/juanfont/headscale/hscontrol/util"
|
"github.com/juanfont/headscale/hscontrol/util"
|
||||||
"gopkg.in/check.v1"
|
"gopkg.in/check.v1"
|
||||||
"tailscale.com/tailcfg"
|
|
||||||
"tailscale.com/types/key"
|
"tailscale.com/types/key"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -659,131 +658,3 @@ func (s *Suite) TestAutoApproveRoutes(c *check.C) {
|
||||||
|
|
||||||
c.Assert(channelUpdates, check.Equals, int32(4))
|
c.Assert(channelUpdates, check.Equals, int32(4))
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestMachine_canAccess(t *testing.T) {
|
|
||||||
type args struct {
|
|
||||||
filter []tailcfg.FilterRule
|
|
||||||
machine2 *types.Machine
|
|
||||||
}
|
|
||||||
tests := []struct {
|
|
||||||
name string
|
|
||||||
machine types.Machine
|
|
||||||
args args
|
|
||||||
want bool
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
name: "no-rules",
|
|
||||||
machine: types.Machine{
|
|
||||||
IPAddresses: types.MachineAddresses{
|
|
||||||
netip.MustParseAddr("10.0.0.1"),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
args: args{
|
|
||||||
filter: []tailcfg.FilterRule{},
|
|
||||||
machine2: &types.Machine{
|
|
||||||
IPAddresses: types.MachineAddresses{
|
|
||||||
netip.MustParseAddr("10.0.0.2"),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
want: false,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "wildcard",
|
|
||||||
machine: types.Machine{
|
|
||||||
IPAddresses: types.MachineAddresses{
|
|
||||||
netip.MustParseAddr("10.0.0.1"),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
args: args{
|
|
||||||
filter: []tailcfg.FilterRule{
|
|
||||||
{
|
|
||||||
SrcIPs: []string{"*"},
|
|
||||||
DstPorts: []tailcfg.NetPortRange{
|
|
||||||
{
|
|
||||||
IP: "*",
|
|
||||||
Ports: tailcfg.PortRange{
|
|
||||||
First: 0,
|
|
||||||
Last: 65535,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
machine2: &types.Machine{
|
|
||||||
IPAddresses: types.MachineAddresses{
|
|
||||||
netip.MustParseAddr("10.0.0.2"),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
want: true,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "explicit-m1-to-m2",
|
|
||||||
machine: types.Machine{
|
|
||||||
IPAddresses: types.MachineAddresses{
|
|
||||||
netip.MustParseAddr("10.0.0.1"),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
args: args{
|
|
||||||
filter: []tailcfg.FilterRule{
|
|
||||||
{
|
|
||||||
SrcIPs: []string{"10.0.0.1"},
|
|
||||||
DstPorts: []tailcfg.NetPortRange{
|
|
||||||
{
|
|
||||||
IP: "10.0.0.2",
|
|
||||||
Ports: tailcfg.PortRange{
|
|
||||||
First: 0,
|
|
||||||
Last: 65535,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
machine2: &types.Machine{
|
|
||||||
IPAddresses: types.MachineAddresses{
|
|
||||||
netip.MustParseAddr("10.0.0.2"),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
want: true,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "explicit-m2-to-m1",
|
|
||||||
machine: types.Machine{
|
|
||||||
IPAddresses: types.MachineAddresses{
|
|
||||||
netip.MustParseAddr("10.0.0.1"),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
args: args{
|
|
||||||
filter: []tailcfg.FilterRule{
|
|
||||||
{
|
|
||||||
SrcIPs: []string{"10.0.0.2"},
|
|
||||||
DstPorts: []tailcfg.NetPortRange{
|
|
||||||
{
|
|
||||||
IP: "10.0.0.1",
|
|
||||||
Ports: tailcfg.PortRange{
|
|
||||||
First: 0,
|
|
||||||
Last: 65535,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
machine2: &types.Machine{
|
|
||||||
IPAddresses: types.MachineAddresses{
|
|
||||||
netip.MustParseAddr("10.0.0.2"),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
want: false,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
for _, tt := range tests {
|
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
|
||||||
if got := tt.machine.CanAccess(tt.args.filter, tt.args.machine2); got != tt.want {
|
|
||||||
t.Errorf("Machine.CanAccess() = %v, want %v", got, tt.want)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -16,18 +16,44 @@ func Test_MachineCanAccess(t *testing.T) {
|
||||||
want bool
|
want bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
name: "other-cant-access-src",
|
name: "no-rules",
|
||||||
machine1: Machine{
|
machine1: Machine{
|
||||||
ID: 0,
|
IPAddresses: []netip.Addr{netip.MustParseAddr("10.0.0.1")},
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.1")},
|
},
|
||||||
Hostname: "mini",
|
machine2: Machine{
|
||||||
User: User{Name: "mini"},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("10.0.0.2")},
|
||||||
|
},
|
||||||
|
rules: []tailcfg.FilterRule{},
|
||||||
|
want: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "wildcard",
|
||||||
|
machine1: Machine{
|
||||||
|
IPAddresses: []netip.Addr{netip.MustParseAddr("10.0.0.1")},
|
||||||
|
},
|
||||||
|
machine2: Machine{
|
||||||
|
IPAddresses: []netip.Addr{netip.MustParseAddr("10.0.0.2")},
|
||||||
|
},
|
||||||
|
rules: []tailcfg.FilterRule{
|
||||||
|
{
|
||||||
|
SrcIPs: []string{"*"},
|
||||||
|
DstPorts: []tailcfg.NetPortRange{
|
||||||
|
{
|
||||||
|
IP: "*",
|
||||||
|
Ports: tailcfg.PortRangeAny,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
want: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "other-cant-access-src",
|
||||||
|
machine1: Machine{
|
||||||
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.1")},
|
||||||
},
|
},
|
||||||
machine2: Machine{
|
machine2: Machine{
|
||||||
ID: 2,
|
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")},
|
||||||
Hostname: "peer2",
|
|
||||||
User: User{Name: "peer2"},
|
|
||||||
},
|
},
|
||||||
rules: []tailcfg.FilterRule{
|
rules: []tailcfg.FilterRule{
|
||||||
{
|
{
|
||||||
|
@ -42,16 +68,10 @@ func Test_MachineCanAccess(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "dest-cant-access-src",
|
name: "dest-cant-access-src",
|
||||||
machine1: Machine{
|
machine1: Machine{
|
||||||
ID: 2,
|
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")},
|
||||||
Hostname: "peer2",
|
|
||||||
User: User{Name: "peer2"},
|
|
||||||
},
|
},
|
||||||
machine2: Machine{
|
machine2: Machine{
|
||||||
ID: 0,
|
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
||||||
Hostname: "mini",
|
|
||||||
User: User{Name: "mini"},
|
|
||||||
},
|
},
|
||||||
rules: []tailcfg.FilterRule{
|
rules: []tailcfg.FilterRule{
|
||||||
{
|
{
|
||||||
|
@ -66,16 +86,10 @@ func Test_MachineCanAccess(t *testing.T) {
|
||||||
{
|
{
|
||||||
name: "src-can-access-dest",
|
name: "src-can-access-dest",
|
||||||
machine1: Machine{
|
machine1: Machine{
|
||||||
ID: 0,
|
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
||||||
Hostname: "mini",
|
|
||||||
User: User{Name: "mini"},
|
|
||||||
},
|
},
|
||||||
machine2: Machine{
|
machine2: Machine{
|
||||||
ID: 2,
|
|
||||||
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")},
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")},
|
||||||
Hostname: "peer2",
|
|
||||||
User: User{Name: "peer2"},
|
|
||||||
},
|
},
|
||||||
rules: []tailcfg.FilterRule{
|
rules: []tailcfg.FilterRule{
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue