14e29a7bee
This is step one in detaching the Database layer from Headscale (h). The ultimate goal is to have all function that does database operations in its own package, and keep the business logic and writing separate. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
415 lines
11 KiB
Go
415 lines
11 KiB
Go
package hscontrol
|
|
|
|
import (
|
|
"net/netip"
|
|
"testing"
|
|
|
|
"gopkg.in/check.v1"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
func (s *Suite) TestCreateAndDestroyUser(c *check.C) {
|
|
user, err := app.db.CreateUser("test")
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(user.Name, check.Equals, "test")
|
|
|
|
users, err := app.db.ListUsers()
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(len(users), check.Equals, 1)
|
|
|
|
err = app.db.DestroyUser("test")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
_, err = app.db.GetUser("test")
|
|
c.Assert(err, check.NotNil)
|
|
}
|
|
|
|
func (s *Suite) TestDestroyUserErrors(c *check.C) {
|
|
err := app.db.DestroyUser("test")
|
|
c.Assert(err, check.Equals, ErrUserNotFound)
|
|
|
|
user, err := app.db.CreateUser("test")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
pak, err := app.db.CreatePreAuthKey(user.Name, false, false, nil, nil)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
err = app.db.DestroyUser("test")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
result := app.db.db.Preload("User").First(&pak, "key = ?", pak.Key)
|
|
// destroying a user also deletes all associated preauthkeys
|
|
c.Assert(result.Error, check.Equals, gorm.ErrRecordNotFound)
|
|
|
|
user, err = app.db.CreateUser("test")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
pak, err = app.db.CreatePreAuthKey(user.Name, false, false, nil, nil)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
machine := Machine{
|
|
ID: 0,
|
|
MachineKey: "foo",
|
|
NodeKey: "bar",
|
|
DiscoKey: "faa",
|
|
Hostname: "testmachine",
|
|
UserID: user.ID,
|
|
RegisterMethod: RegisterMethodAuthKey,
|
|
AuthKeyID: uint(pak.ID),
|
|
}
|
|
app.db.db.Save(&machine)
|
|
|
|
err = app.db.DestroyUser("test")
|
|
c.Assert(err, check.Equals, ErrUserStillHasNodes)
|
|
}
|
|
|
|
func (s *Suite) TestRenameUser(c *check.C) {
|
|
userTest, err := app.db.CreateUser("test")
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(userTest.Name, check.Equals, "test")
|
|
|
|
users, err := app.db.ListUsers()
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(len(users), check.Equals, 1)
|
|
|
|
err = app.db.RenameUser("test", "test-renamed")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
_, err = app.db.GetUser("test")
|
|
c.Assert(err, check.Equals, ErrUserNotFound)
|
|
|
|
_, err = app.db.GetUser("test-renamed")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
err = app.db.RenameUser("test-does-not-exit", "test")
|
|
c.Assert(err, check.Equals, ErrUserNotFound)
|
|
|
|
userTest2, err := app.db.CreateUser("test2")
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(userTest2.Name, check.Equals, "test2")
|
|
|
|
err = app.db.RenameUser("test2", "test-renamed")
|
|
c.Assert(err, check.Equals, ErrUserExists)
|
|
}
|
|
|
|
func (s *Suite) TestGetMapResponseUserProfiles(c *check.C) {
|
|
userShared1, err := app.db.CreateUser("shared1")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
userShared2, err := app.db.CreateUser("shared2")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
userShared3, err := app.db.CreateUser("shared3")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
preAuthKeyShared1, err := app.db.CreatePreAuthKey(
|
|
userShared1.Name,
|
|
false,
|
|
false,
|
|
nil,
|
|
nil,
|
|
)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
preAuthKeyShared2, err := app.db.CreatePreAuthKey(
|
|
userShared2.Name,
|
|
false,
|
|
false,
|
|
nil,
|
|
nil,
|
|
)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
preAuthKeyShared3, err := app.db.CreatePreAuthKey(
|
|
userShared3.Name,
|
|
false,
|
|
false,
|
|
nil,
|
|
nil,
|
|
)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
preAuthKey2Shared1, err := app.db.CreatePreAuthKey(
|
|
userShared1.Name,
|
|
false,
|
|
false,
|
|
nil,
|
|
nil,
|
|
)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
_, err = app.db.GetMachine(userShared1.Name, "test_get_shared_nodes_1")
|
|
c.Assert(err, check.NotNil)
|
|
|
|
machineInShared1 := &Machine{
|
|
ID: 1,
|
|
MachineKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
|
|
NodeKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
|
|
DiscoKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
|
|
Hostname: "test_get_shared_nodes_1",
|
|
UserID: userShared1.ID,
|
|
User: *userShared1,
|
|
RegisterMethod: RegisterMethodAuthKey,
|
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.1")},
|
|
AuthKeyID: uint(preAuthKeyShared1.ID),
|
|
}
|
|
app.db.db.Save(machineInShared1)
|
|
|
|
_, err = app.db.GetMachine(userShared1.Name, machineInShared1.Hostname)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
machineInShared2 := &Machine{
|
|
ID: 2,
|
|
MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
|
|
NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
|
|
DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
|
|
Hostname: "test_get_shared_nodes_2",
|
|
UserID: userShared2.ID,
|
|
User: *userShared2,
|
|
RegisterMethod: RegisterMethodAuthKey,
|
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
|
|
AuthKeyID: uint(preAuthKeyShared2.ID),
|
|
}
|
|
app.db.db.Save(machineInShared2)
|
|
|
|
_, err = app.db.GetMachine(userShared2.Name, machineInShared2.Hostname)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
machineInShared3 := &Machine{
|
|
ID: 3,
|
|
MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
|
|
NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
|
|
DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
|
|
Hostname: "test_get_shared_nodes_3",
|
|
UserID: userShared3.ID,
|
|
User: *userShared3,
|
|
RegisterMethod: RegisterMethodAuthKey,
|
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")},
|
|
AuthKeyID: uint(preAuthKeyShared3.ID),
|
|
}
|
|
app.db.db.Save(machineInShared3)
|
|
|
|
_, err = app.db.GetMachine(userShared3.Name, machineInShared3.Hostname)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
machine2InShared1 := &Machine{
|
|
ID: 4,
|
|
MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
|
|
NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
|
|
DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
|
|
Hostname: "test_get_shared_nodes_4",
|
|
UserID: userShared1.ID,
|
|
User: *userShared1,
|
|
RegisterMethod: RegisterMethodAuthKey,
|
|
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.4")},
|
|
AuthKeyID: uint(preAuthKey2Shared1.ID),
|
|
}
|
|
app.db.db.Save(machine2InShared1)
|
|
|
|
peersOfMachine1InShared1, err := app.db.getPeers(app.aclPolicy, app.aclRules, machineInShared1)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
userProfiles := app.db.getMapResponseUserProfiles(
|
|
*machineInShared1,
|
|
peersOfMachine1InShared1,
|
|
)
|
|
|
|
c.Assert(len(userProfiles), check.Equals, 3)
|
|
|
|
found := false
|
|
for _, userProfiles := range userProfiles {
|
|
if userProfiles.DisplayName == userShared1.Name {
|
|
found = true
|
|
|
|
break
|
|
}
|
|
}
|
|
c.Assert(found, check.Equals, true)
|
|
|
|
found = false
|
|
for _, userProfile := range userProfiles {
|
|
if userProfile.DisplayName == userShared2.Name {
|
|
found = true
|
|
|
|
break
|
|
}
|
|
}
|
|
c.Assert(found, check.Equals, true)
|
|
}
|
|
|
|
func TestNormalizeToFQDNRules(t *testing.T) {
|
|
type args struct {
|
|
name string
|
|
stripEmailDomain bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want string
|
|
wantErr bool
|
|
}{
|
|
{
|
|
name: "normalize simple name",
|
|
args: args{
|
|
name: "normalize-simple.name",
|
|
stripEmailDomain: false,
|
|
},
|
|
want: "normalize-simple.name",
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "normalize an email",
|
|
args: args{
|
|
name: "foo.bar@example.com",
|
|
stripEmailDomain: false,
|
|
},
|
|
want: "foo.bar.example.com",
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "normalize an email domain should be removed",
|
|
args: args{
|
|
name: "foo.bar@example.com",
|
|
stripEmailDomain: true,
|
|
},
|
|
want: "foo.bar",
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "strip enabled no email passed as argument",
|
|
args: args{
|
|
name: "not-email-and-strip-enabled",
|
|
stripEmailDomain: true,
|
|
},
|
|
want: "not-email-and-strip-enabled",
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "normalize complex email",
|
|
args: args{
|
|
name: "foo.bar+complex-email@example.com",
|
|
stripEmailDomain: false,
|
|
},
|
|
want: "foo.bar-complex-email.example.com",
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "user name with space",
|
|
args: args{
|
|
name: "name space",
|
|
stripEmailDomain: false,
|
|
},
|
|
want: "name-space",
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "user with quote",
|
|
args: args{
|
|
name: "Jamie's iPhone 5",
|
|
stripEmailDomain: false,
|
|
},
|
|
want: "jamies-iphone-5",
|
|
wantErr: false,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got, err := NormalizeToFQDNRules(tt.args.name, tt.args.stripEmailDomain)
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf(
|
|
"NormalizeToFQDNRules() error = %v, wantErr %v",
|
|
err,
|
|
tt.wantErr,
|
|
)
|
|
|
|
return
|
|
}
|
|
if got != tt.want {
|
|
t.Errorf("NormalizeToFQDNRules() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCheckForFQDNRules(t *testing.T) {
|
|
type args struct {
|
|
name string
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
wantErr bool
|
|
}{
|
|
{
|
|
name: "valid: user",
|
|
args: args{name: "valid-user"},
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "invalid: capitalized user",
|
|
args: args{name: "Invalid-CapItaLIzed-user"},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "invalid: email as user",
|
|
args: args{name: "foo.bar@example.com"},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "invalid: chars in user name",
|
|
args: args{name: "super-user+name"},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "invalid: too long name for user",
|
|
args: args{
|
|
name: "super-long-useruseruser-name-that-should-be-a-little-more-than-63-chars",
|
|
},
|
|
wantErr: true,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if err := CheckForFQDNRules(tt.args.name); (err != nil) != tt.wantErr {
|
|
t.Errorf("CheckForFQDNRules() error = %v, wantErr %v", err, tt.wantErr)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func (s *Suite) TestSetMachineUser(c *check.C) {
|
|
oldUser, err := app.db.CreateUser("old")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
newUser, err := app.db.CreateUser("new")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
pak, err := app.db.CreatePreAuthKey(oldUser.Name, false, false, nil, nil)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
machine := Machine{
|
|
ID: 0,
|
|
MachineKey: "foo",
|
|
NodeKey: "bar",
|
|
DiscoKey: "faa",
|
|
Hostname: "testmachine",
|
|
UserID: oldUser.ID,
|
|
RegisterMethod: RegisterMethodAuthKey,
|
|
AuthKeyID: uint(pak.ID),
|
|
}
|
|
app.db.db.Save(&machine)
|
|
c.Assert(machine.UserID, check.Equals, oldUser.ID)
|
|
|
|
err = app.db.SetMachineUser(&machine, newUser.Name)
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(machine.UserID, check.Equals, newUser.ID)
|
|
c.Assert(machine.User.Name, check.Equals, newUser.Name)
|
|
|
|
err = app.db.SetMachineUser(&machine, "non-existing-user")
|
|
c.Assert(err, check.Equals, ErrUserNotFound)
|
|
|
|
err = app.db.SetMachineUser(&machine, newUser.Name)
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(machine.UserID, check.Equals, newUser.ID)
|
|
c.Assert(machine.User.Name, check.Equals, newUser.Name)
|
|
}
|