feat: ssh recording

2026-03-31 15:07:49 +01:00 · 2024-05-31 08:24:55 +02:00
parent 78825d4e05
commit 4bce1c33b8
5 changed files with 117 additions and 15 deletions
@@ -38,3 +38,41 @@ func TestACL_PeersShouldBeRemovedWhenNoMatchingACLRuleIsAvailable(t *testing.T)
 		require.NoError(t, server.WaitFor(tsn.PeerCount(0)))
 	})
 }
+
+func TestACL_PeersShouldSeeSSHRecorder(t *testing.T) {
+	sc.Run(t, func(s *sc.Scenario) {
+		tailnet := s.CreateTailnet()
+		clientKey := s.CreateAuthKey(tailnet.Id, true, "tag:client")
+		recorderKey := s.CreateAuthKey(tailnet.Id, true, "tag:recorder")
+
+		policy := defaults.DefaultACLPolicy()
+		policy.ACLs = []ionscale.ACLEntry{
+			{
+				Action:      "accept",
+				Source:      []string{"tag:client"},
+				Destination: []string{"tag:client:*"},
+			},
+		}
+		policy.SSH = []ionscale.ACLSSH{
+			{
+				Action:      "check",
+				Source:      []string{"tag:client"},
+				Destination: []string{"tag:client"},
+				Users:       []string{"autogroup:nonroot", "root"},
+				Recorder:    []string{"tag:recorder"},
+			},
+		}
+
+		s.SetACLPolicy(tailnet.Id, policy)
+
+		client1 := s.NewTailscaleNode()
+		client2 := s.NewTailscaleNode()
+		recorder1 := s.NewTailscaleNode()
+
+		require.NoError(t, client1.Up(clientKey))
+		require.NoError(t, client2.Up(clientKey))
+		require.NoError(t, recorder1.Up(recorderKey))
+
+		require.NoError(t, recorder1.WaitFor(tsn.PeerCount(2)))
+	})
+}