leviathonbeast/ionscale
1
0
Fork 0
mirror of https://github.com/jsiebens/ionscale.git synced 2026-03-31 15:07:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: add support for autgroup:member when validating node attributes

Browse Source 
Signed-off-by: Johan Siebens <johan.siebens@gmail.com>
This commit is contained in:
Johan Siebens
2024-11-23 08:06:17 +01:00
parent d44832ea78
commit 4394d44cbd
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/domain/acl.go
+4
View File
@@ -164,6 +164,10 @@ func (a ACLPolicy) NodeCapabilities(m *Machine) []tailcfg.NodeCapability {
}
}
}
if (alias == AutoGroupMember || alias == AutoGroupMembers) && !m.HasTags() {
return true
}
}
return false
internal/domain/acl_test.go
+32
View File
@@ -113,6 +113,38 @@ func TestACLPolicy_NodeAttributesWithUserAndTags(t *testing.T) {
assert.Equal(t, expectedAttrs, actualAttrs)
}
func TestACLPolicy_NodeAttributesWithAutoGroupMember(t *testing.T) {
p1 := createMachine("john@example.com")
policy := ACLPolicy{
ionscale.ACLPolicy{
NodeAttrs: []ionscale.ACLNodeAttrGrant{
{
Target: []string{"autogroup:member"},
Attr: []string{
"attr1",
"attr2",
},
},
{
Target: []string{"tag:web"},
Attr: []string{
"attr3",
},
},
},
},
}
actualAttrs := policy.NodeCapabilities(p1)
expectedAttrs := []tailcfg.NodeCapability{
tailcfg.NodeCapability("attr1"),
tailcfg.NodeCapability("attr2"),
}
assert.Equal(t, expectedAttrs, actualAttrs)
}
func TestACLPolicy_BuildFilterRulesEmptyACL(t *testing.T) {
p1 := createMachine("john@example.com")
p2 := createMachine("jane@example.com")