And more tests

2024-11-29 18:33:05 +00:00 · 2021-07-04 13:23:31 +02:00 · 2021-07-04 13:23:31 +02:00 · 401e6aec32
commit 401e6aec32
parent bd86975d10
3 changed files with 79 additions and 18 deletions
--- a/acls_test.go
+++ b/acls_test.go
@ -5,18 +5,18 @@ import (
 )
 func (s *Suite) TestWrongPath(c *check.C) {
-	err := h.LoadPolicy("asdfg")
+	err := h.LoadAclPolicy("asdfg")
 	c.Assert(err, check.NotNil)
 }
 func (s *Suite) TestBrokenHuJson(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/broken.hujson")
+	err := h.LoadAclPolicy("./tests/acls/broken.hujson")
 	c.Assert(err, check.NotNil)
 }
 func (s *Suite) TestInvalidPolicyHuson(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/invalid.hujson")
+	err := h.LoadAclPolicy("./tests/acls/invalid.hujson")
 	c.Assert(err, check.NotNil)
 	c.Assert(err, check.Equals, errorEmptyPolicy)
 }
@ -36,13 +36,13 @@ func (s *Suite) TestParseInvalidCIDR(c *check.C) {
 }
 func (s *Suite) TestCheckLoaded(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_1.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_1.hujson")
 	c.Assert(err, check.IsNil)
 	c.Assert(h.aclPolicy, check.NotNil)
 }
 func (s *Suite) TestValidCheckParsedHosts(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_1.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_1.hujson")
 	c.Assert(err, check.IsNil)
 	c.Assert(h.aclPolicy, check.NotNil)
 	c.Assert(h.aclPolicy.IsZero(), check.Equals, false)
@ -50,7 +50,7 @@ func (s *Suite) TestValidCheckParsedHosts(c *check.C) {
 }
 func (s *Suite) TestRuleInvalidGeneration(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_invalid.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_invalid.hujson")
 	c.Assert(err, check.IsNil)
 	rules, err := h.generateACLRules()
@ -59,7 +59,7 @@ func (s *Suite) TestRuleInvalidGeneration(c *check.C) {
 }
 func (s *Suite) TestBasicRule(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_basic_1.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_basic_1.hujson")
 	c.Assert(err, check.IsNil)
 	rules, err := h.generateACLRules()
@ -68,7 +68,7 @@ func (s *Suite) TestBasicRule(c *check.C) {
 }
 func (s *Suite) TestPortRange(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_basic_range.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_basic_range.hujson")
 	c.Assert(err, check.IsNil)
 	rules, err := h.generateACLRules()
@ -82,7 +82,7 @@ func (s *Suite) TestPortRange(c *check.C) {
 }
 func (s *Suite) TestPortWildcard(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_basic_wildcards.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_basic_wildcards.hujson")
 	c.Assert(err, check.IsNil)
 	rules, err := h.generateACLRules()
@ -126,7 +126,7 @@ func (s *Suite) TestPortNamespace(c *check.C) {
 	}
 	db.Save(&m)
-	err = h.LoadPolicy("./tests/acls/acl_policy_basic_namespace_as_user.hujson")
+	err = h.LoadAclPolicy("./tests/acls/acl_policy_basic_namespace_as_user.hujson")
 	c.Assert(err, check.IsNil)
 	rules, err := h.generateACLRules()
@ -142,12 +142,47 @@ func (s *Suite) TestPortNamespace(c *check.C) {
 	c.Assert((*rules)[0].SrcIPs[0], check.Equals, ip.String())
 }
-// func (s *Suite) TestRuleGeneration(c *check.C) {
+func (s *Suite) TestPortGroup(c *check.C) {
-// 	err := h.LoadPolicy("./tests/acls/acl_policy_1.hujson")
+	n, err := h.CreateNamespace("testnamespace")
-// 	c.Assert(err, check.IsNil)
+	c.Assert(err, check.IsNil)
-// 	rules, err := h.generateACLRules()
+	pak, err := h.CreatePreAuthKey(n.Name, false, false, nil)
-// 	c.Assert(err, check.IsNil)
+	c.Assert(err, check.IsNil)
 // 	c.Assert(rules, check.NotNil)
-// }
+	db, err := h.db()
 	if err != nil {
 		c.Fatal(err)
 	}
 	_, err = h.GetMachine("testnamespace", "testmachine")
 	c.Assert(err, check.NotNil)
 	ip, _ := h.getAvailableIP()
 	m := Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
 		Name:           "testmachine",
 		NamespaceID:    n.ID,
 		Registered:     true,
 		RegisterMethod: "authKey",
 		IPAddress:      ip.String(),
 		AuthKeyID:      uint(pak.ID),
 	}
 	db.Save(&m)
 	err = h.LoadAclPolicy("./tests/acls/acl_policy_basic_groups.hujson")
 	c.Assert(err, check.IsNil)
 	rules, err := h.generateACLRules()
 	c.Assert(err, check.IsNil)
 	c.Assert(rules, check.NotNil)
 	c.Assert(*rules, check.HasLen, 1)
 	c.Assert((*rules)[0].DstPorts, check.HasLen, 1)
 	c.Assert((*rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
 	c.Assert((*rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
 	c.Assert((*rules)[0].SrcIPs, check.HasLen, 1)
 	c.Assert((*rules)[0].SrcIPs[0], check.Not(check.Equals), "not an ip")
 	c.Assert((*rules)[0].SrcIPs[0], check.Equals, ip.String())
 }
--- a/tests/acls/acl_policy_basic_groups.hujson
+++ b/tests/acls/acl_policy_basic_groups.hujson
@ -0,0 +1,26 @@
 // This ACL is used to test group expansion
 {
    "Groups": {
        "group:example": [
            "testnamespace",
        ],
    },
    "Hosts": {
        "host-1": "100.100.100.100",
        "subnet-1": "100.100.101.100/24",
    },
    "ACLs": [
        {
            "Action": "accept",
            "Users": [
                "group:example",
            ],
            "Ports": [
                "host-1:*",
            ],
        },
    ],
 }
--- a/tests/acls/acl_policy_basic_namespace_as_user.hujson
+++ b/tests/acls/acl_policy_basic_namespace_as_user.hujson
@ -1,4 +1,4 @@
-// This ACL is used to test wildcards
+// This ACL is used to test namespace expansion
 {
    "Hosts": {