mirror of
https://github.com/juanfont/headscale.git
synced 2024-11-26 08:53:05 +00:00
Add basic testcases for Machine.canAccess
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
parent
644be822d5
commit
1a7ae11697
1 changed files with 128 additions and 0 deletions
128
machine_test.go
128
machine_test.go
|
@ -1259,3 +1259,131 @@ func (s *Suite) TestAutoApproveRoutes(c *check.C) {
|
|||
c.Assert(err, check.IsNil)
|
||||
c.Assert(enabledRoutes, check.HasLen, 3)
|
||||
}
|
||||
|
||||
func TestMachine_canAccess(t *testing.T) {
|
||||
type args struct {
|
||||
filter []tailcfg.FilterRule
|
||||
machine2 *Machine
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
machine Machine
|
||||
args args
|
||||
want bool
|
||||
}{
|
||||
{
|
||||
name: "no-rules",
|
||||
machine: Machine{
|
||||
IPAddresses: MachineAddresses{
|
||||
netip.MustParseAddr("10.0.0.1"),
|
||||
},
|
||||
},
|
||||
args: args{
|
||||
filter: []tailcfg.FilterRule{},
|
||||
machine2: &Machine{
|
||||
IPAddresses: MachineAddresses{
|
||||
netip.MustParseAddr("10.0.0.2"),
|
||||
},
|
||||
},
|
||||
},
|
||||
want: false,
|
||||
},
|
||||
{
|
||||
name: "wildcard",
|
||||
machine: Machine{
|
||||
IPAddresses: MachineAddresses{
|
||||
netip.MustParseAddr("10.0.0.1"),
|
||||
},
|
||||
},
|
||||
args: args{
|
||||
filter: []tailcfg.FilterRule{
|
||||
{
|
||||
SrcIPs: []string{"*"},
|
||||
DstPorts: []tailcfg.NetPortRange{
|
||||
{
|
||||
IP: "*",
|
||||
Ports: tailcfg.PortRange{
|
||||
First: 0,
|
||||
Last: 65535,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
machine2: &Machine{
|
||||
IPAddresses: MachineAddresses{
|
||||
netip.MustParseAddr("10.0.0.2"),
|
||||
},
|
||||
},
|
||||
},
|
||||
want: true,
|
||||
},
|
||||
{
|
||||
name: "explicit-m1-to-m2",
|
||||
machine: Machine{
|
||||
IPAddresses: MachineAddresses{
|
||||
netip.MustParseAddr("10.0.0.1"),
|
||||
},
|
||||
},
|
||||
args: args{
|
||||
filter: []tailcfg.FilterRule{
|
||||
{
|
||||
SrcIPs: []string{"10.0.0.1"},
|
||||
DstPorts: []tailcfg.NetPortRange{
|
||||
{
|
||||
IP: "10.0.0.2",
|
||||
Ports: tailcfg.PortRange{
|
||||
First: 0,
|
||||
Last: 65535,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
machine2: &Machine{
|
||||
IPAddresses: MachineAddresses{
|
||||
netip.MustParseAddr("10.0.0.2"),
|
||||
},
|
||||
},
|
||||
},
|
||||
want: true,
|
||||
},
|
||||
{
|
||||
name: "explicit-m2-to-m1",
|
||||
machine: Machine{
|
||||
IPAddresses: MachineAddresses{
|
||||
netip.MustParseAddr("10.0.0.1"),
|
||||
},
|
||||
},
|
||||
args: args{
|
||||
filter: []tailcfg.FilterRule{
|
||||
{
|
||||
SrcIPs: []string{"10.0.0.2"},
|
||||
DstPorts: []tailcfg.NetPortRange{
|
||||
{
|
||||
IP: "10.0.0.1",
|
||||
Ports: tailcfg.PortRange{
|
||||
First: 0,
|
||||
Last: 65535,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
machine2: &Machine{
|
||||
IPAddresses: MachineAddresses{
|
||||
netip.MustParseAddr("10.0.0.2"),
|
||||
},
|
||||
},
|
||||
},
|
||||
want: false,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if got := tt.machine.canAccess(tt.args.filter, tt.args.machine2); got != tt.want {
|
||||
t.Errorf("Machine.canAccess() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue