Skip to content

Commit

Permalink
outline tests for full filter generate
Browse files Browse the repository at this point in the history
Signed-off-by: Kristoffer Dalby <[email protected]>
  • Loading branch information
kradalby authored and juanfont committed May 3, 2023
1 parent 200e3b8 commit 1700a74
Show file tree
Hide file tree
Showing 3 changed files with 132 additions and 3 deletions.
7 changes: 4 additions & 3 deletions acls.go
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,7 @@ func expandACLPeerAddr(srcIP string) []string {
// set of Tailscale compatible FilterRules used to allow traffic on clients.
func (pol *ACLPolicy) generateFilterRules(
machines []Machine,
stripEmaildomain bool,
stripEmailDomain bool,
) ([]tailcfg.FilterRule, error) {
rules := []tailcfg.FilterRule{}

Expand All @@ -239,7 +239,7 @@ func (pol *ACLPolicy) generateFilterRules(

srcIPs := []string{}
for srcIndex, src := range acl.Sources {
srcs, err := pol.getIPsFromSource(src, machines, stripEmaildomain)
srcs, err := pol.getIPsFromSource(src, machines, stripEmailDomain)
if err != nil {
log.Error().
Interface("src", src).
Expand All @@ -266,7 +266,7 @@ func (pol *ACLPolicy) generateFilterRules(
dest,
machines,
needsWildcard,
stripEmaildomain,
stripEmailDomain,
)
if err != nil {
log.Error().
Expand Down Expand Up @@ -569,6 +569,7 @@ func (pol *ACLPolicy) expandAlias(
}

// if alias is an host
// Note, this is recursive.
if h, ok := pol.Hosts[alias]; ok {
log.Trace().Str("host", h.String()).Msg("expandAlias got hosts entry")

Expand Down
127 changes: 127 additions & 0 deletions acls_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"reflect"
"testing"

"github.com/google/go-cmp/cmp"
"github.com/rs/zerolog/log"
"gopkg.in/check.v1"
"tailscale.com/envknob"
"tailscale.com/tailcfg"
Expand Down Expand Up @@ -1793,3 +1795,128 @@ func Test_expandACLPeerAddrV6(t *testing.T) {
})
}
}

func TestACLPolicy_generateFilterRules(t *testing.T) {
type field struct {
pol ACLPolicy
}
type args struct {
machines []Machine
stripEmailDomain bool
}
tests := []struct {
name string
field field
args args
want []tailcfg.FilterRule
wantErr bool
}{
{
name: "no-policy",
field: field{},
args: args{},
want: []tailcfg.FilterRule{},
wantErr: false,
},
{
name: "simple group",
field: field{
pol: ACLPolicy{
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"*"},
Destinations: []string{"*:*"},
},
},
},
},
args: args{
machines: []Machine{},
stripEmailDomain: true,
},
want: []tailcfg.FilterRule{
{
SrcIPs: []string{"*"},
DstPorts: []tailcfg.NetPortRange{
{
IP: "*",
Ports: tailcfg.PortRange{
First: 0,
Last: 65535,
},
},
},
},
},
wantErr: false,
},
{
name: "simple host by ipv4 single dual stack",
field: field{
pol: ACLPolicy{
ACLs: []ACL{
{
Action: "accept",
Sources: []string{"100.64.0.1"},
Destinations: []string{"100.64.0.2:*"},
},
},
},
},
args: args{
machines: []Machine{
{
IPAddresses: MachineAddresses{
netip.MustParseAddr("10.0.0.1"),
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2221"),
},
User: User{Name: "mickael"},
},
{
IPAddresses: MachineAddresses{
netip.MustParseAddr("10.0.0.2"),
netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
},
User: User{Name: "mickael"},
},
},
stripEmailDomain: true,
},
// [{"SrcIPs":["100.64.0.1"],"DstPorts":[{"IP":"100.64.0.2","Bits":null,"Ports":{"First":0,"Last":65535}}]}]
want: []tailcfg.FilterRule{
{
SrcIPs: []string{"100.64.0.1"},
DstPorts: []tailcfg.NetPortRange{
{
IP: "100.64.0.2",
Ports: tailcfg.PortRange{
First: 0,
Last: 65535,
},
},
},
},
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := tt.field.pol.generateFilterRules(
tt.args.machines,
tt.args.stripEmailDomain,
)
if (err != nil) != tt.wantErr {
t.Errorf("ACLPolicy.generateFilterRules() error = %v, wantErr %v", err, tt.wantErr)

return
}

if diff := cmp.Diff(tt.want, got); diff != "" {
log.Trace().Interface("got", got).Msg("result")
t.Errorf("ACLPolicy.generateFilterRules() = %v, want %v", got, tt.want)
}
})
}
}
1 change: 1 addition & 0 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@
goreleaser
nfpm
gotestsum
gotests

# 'dot' is needed for pprof graphs
# go tool pprof -http=: <source>
Expand Down

0 comments on commit 1700a74

Please sign in to comment.