leviathonbeast/ionscale
1
0
Fork 0
mirror of https://github.com/jsiebens/ionscale.git synced 2026-03-31 15:07:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
814335d703ce65ebe525baf92dd908b88c7073ad
ionscale/tests/acl_test.go
T
Johan Siebens 4bce1c33b8 feat: ssh recording
2024-06-03 07:24:43 +02:00

79 lines
2.1 KiB
Go
Raw Blame History

package tests
import (
"github.com/jsiebens/ionscale/pkg/client/ionscale"
"github.com/jsiebens/ionscale/pkg/defaults"
"github.com/jsiebens/ionscale/tests/sc"
"github.com/jsiebens/ionscale/tests/tsn"
"github.com/stretchr/testify/require"
"testing"
)
func TestACL_PeersShouldBeRemovedWhenNoMatchingACLRuleIsAvailable(t *testing.T) {
sc.Run(t, func(s *sc.Scenario) {
tailnet := s.CreateTailnet()
clientKey := s.CreateAuthKey(tailnet.Id, true, "tag:client")
serverKey := s.CreateAuthKey(tailnet.Id, true, "tag:server")
client1 := s.NewTailscaleNode()
client2 := s.NewTailscaleNode()
server := s.NewTailscaleNode()
require.NoError(t, client1.Up(clientKey))
require.NoError(t, client2.Up(clientKey))
require.NoError(t, server.Up(serverKey))
require.NoError(t, server.WaitFor(tsn.PeerCount(2)))
policy := defaults.DefaultACLPolicy()
policy.ACLs = []ionscale.ACLEntry{
{
Action: "accept",
Source: []string{"tag:server"},
Destination: []string{"tag:server:*"},
},
}
s.SetACLPolicy(tailnet.Id, policy)
require.NoError(t, server.WaitFor(tsn.PeerCount(0)))
})
}
func TestACL_PeersShouldSeeSSHRecorder(t *testing.T) {
sc.Run(t, func(s *sc.Scenario) {
tailnet := s.CreateTailnet()
clientKey := s.CreateAuthKey(tailnet.Id, true, "tag:client")
recorderKey := s.CreateAuthKey(tailnet.Id, true, "tag:recorder")
policy := defaults.DefaultACLPolicy()
policy.ACLs = []ionscale.ACLEntry{
{
Action: "accept",
Source: []string{"tag:client"},
Destination: []string{"tag:client:*"},
},
}
policy.SSH = []ionscale.ACLSSH{
{
Action: "check",
Source: []string{"tag:client"},
Destination: []string{"tag:client"},
Users: []string{"autogroup:nonroot", "root"},
Recorder: []string{"tag:recorder"},
},
}
s.SetACLPolicy(tailnet.Id, policy)
client1 := s.NewTailscaleNode()
client2 := s.NewTailscaleNode()
recorder1 := s.NewTailscaleNode()
require.NoError(t, client1.Up(clientKey))
require.NoError(t, client2.Up(clientKey))
require.NoError(t, recorder1.Up(recorderKey))
require.NoError(t, recorder1.WaitFor(tsn.PeerCount(2)))
})
}
Reference in New Issue View Git Blame Copy Permalink