testing without that horrible filtercode

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-26 17:27:51 +02:00 · 2023-04-26 17:27:51 +02:00 · 889d5a1b29
commit 889d5a1b29
parent 1700a747f6
6 changed files with 510 additions and 345 deletions
--- a/acls_test.go
+++ b/acls_test.go
@ -1661,140 +1661,140 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
 	}
 }

-func Test_expandACLPeerAddr(t *testing.T) {
-	type args struct {
-		srcIP string
-	}
-	tests := []struct {
-		name string
-		args args
-		want []string
-	}{
-		{
-			name: "asterix",
-			args: args{
-				srcIP: "*",
-			},
-			want: []string{"*"},
-		},
-		{
-			name: "ip",
-			args: args{
-				srcIP: "10.0.0.1",
-			},
-			want: []string{"10.0.0.1"},
-		},
-		{
-			name: "ip/32",
-			args: args{
-				srcIP: "10.0.0.1/32",
-			},
-			want: []string{"10.0.0.1"},
-		},
-		{
-			name: "ip/30",
-			args: args{
-				srcIP: "10.0.0.1/30",
-			},
-			want: []string{
-				"10.0.0.0",
-				"10.0.0.1",
-				"10.0.0.2",
-				"10.0.0.3",
-			},
-		},
-		{
-			name: "ip/28",
-			args: args{
-				srcIP: "192.168.0.128/28",
-			},
-			want: []string{
-				"192.168.0.128", "192.168.0.129", "192.168.0.130",
-				"192.168.0.131", "192.168.0.132", "192.168.0.133",
-				"192.168.0.134", "192.168.0.135", "192.168.0.136",
-				"192.168.0.137", "192.168.0.138", "192.168.0.139",
-				"192.168.0.140", "192.168.0.141", "192.168.0.142",
-				"192.168.0.143",
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := expandACLPeerAddr(tt.args.srcIP); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("expandACLPeerAddr() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
+// func Test_expandACLPeerAddr(t *testing.T) {
+// 	type args struct {
+// 		srcIP string
+// 	}
+// 	tests := []struct {
+// 		name string
+// 		args args
+// 		want []string
+// 	}{
+// 		{
+// 			name: "asterix",
+// 			args: args{
+// 				srcIP: "*",
+// 			},
+// 			want: []string{"*"},
+// 		},
+// 		{
+// 			name: "ip",
+// 			args: args{
+// 				srcIP: "10.0.0.1",
+// 			},
+// 			want: []string{"10.0.0.1"},
+// 		},
+// 		{
+// 			name: "ip/32",
+// 			args: args{
+// 				srcIP: "10.0.0.1/32",
+// 			},
+// 			want: []string{"10.0.0.1"},
+// 		},
+// 		{
+// 			name: "ip/30",
+// 			args: args{
+// 				srcIP: "10.0.0.1/30",
+// 			},
+// 			want: []string{
+// 				"10.0.0.0",
+// 				"10.0.0.1",
+// 				"10.0.0.2",
+// 				"10.0.0.3",
+// 			},
+// 		},
+// 		{
+// 			name: "ip/28",
+// 			args: args{
+// 				srcIP: "192.168.0.128/28",
+// 			},
+// 			want: []string{
+// 				"192.168.0.128", "192.168.0.129", "192.168.0.130",
+// 				"192.168.0.131", "192.168.0.132", "192.168.0.133",
+// 				"192.168.0.134", "192.168.0.135", "192.168.0.136",
+// 				"192.168.0.137", "192.168.0.138", "192.168.0.139",
+// 				"192.168.0.140", "192.168.0.141", "192.168.0.142",
+// 				"192.168.0.143",
+// 			},
+// 		},
+// 	}
+// 	for _, tt := range tests {
+// 		t.Run(tt.name, func(t *testing.T) {
+// 			if got := expandACLPeerAddr(tt.args.srcIP); !reflect.DeepEqual(got, tt.want) {
+// 				t.Errorf("expandACLPeerAddr() = %v, want %v", got, tt.want)
+// 			}
+// 		})
+// 	}
+// }

-func Test_expandACLPeerAddrV6(t *testing.T) {
-	type args struct {
-		srcIP string
-	}
-	tests := []struct {
-		name string
-		args args
-		want []string
-	}{
-		{
-			name: "asterix",
-			args: args{
-				srcIP: "*",
-			},
-			want: []string{"*"},
-		},
-		{
-			name: "ipfull",
-			args: args{
-				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:3166",
-			},
-			want: []string{"fd7a:115c:a1e0:ab12:4943:cd96:624c:3166"},
-		},
-		{
-			name: "ipzerocompression",
-			args: args{
-				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c::",
-			},
-			want: []string{"fd7a:115c:a1e0:ab12:4943:cd96:624c:0"},
-		},
-		{
-			name: "ip/128",
-			args: args{
-				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:3166/128",
-			},
-			want: []string{"fd7a:115c:a1e0:ab12:4943:cd96:624c:3166"},
-		},
-		{
-			name: "ip/127",
-			args: args{
-				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:0000/127",
-			},
-			want: []string{
-				"fd7a:115c:a1e0:ab12:4943:cd96:624c:0",
-				"fd7a:115c:a1e0:ab12:4943:cd96:624c:1",
-			},
-		},
-		{
-			name: "ip/126",
-			args: args{
-				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:0000/126",
-			},
-			want: []string{
-				"fd7a:115c:a1e0:ab12:4943:cd96:624c:0",
-				"fd7a:115c:a1e0:ab12:4943:cd96:624c:1",
-				"fd7a:115c:a1e0:ab12:4943:cd96:624c:2",
-				"fd7a:115c:a1e0:ab12:4943:cd96:624c:3",
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := expandACLPeerAddr(tt.args.srcIP); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("expandACLPeerAddr() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
+// func Test_expandACLPeerAddrV6(t *testing.T) {
+// 	type args struct {
+// 		srcIP string
+// 	}
+// 	tests := []struct {
+// 		name string
+// 		args args
+// 		want []string
+// 	}{
+// 		{
+// 			name: "asterix",
+// 			args: args{
+// 				srcIP: "*",
+// 			},
+// 			want: []string{"*"},
+// 		},
+// 		{
+// 			name: "ipfull",
+// 			args: args{
+// 				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:3166",
+// 			},
+// 			want: []string{"fd7a:115c:a1e0:ab12:4943:cd96:624c:3166"},
+// 		},
+// 		{
+// 			name: "ipzerocompression",
+// 			args: args{
+// 				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c::",
+// 			},
+// 			want: []string{"fd7a:115c:a1e0:ab12:4943:cd96:624c:0"},
+// 		},
+// 		{
+// 			name: "ip/128",
+// 			args: args{
+// 				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:3166/128",
+// 			},
+// 			want: []string{"fd7a:115c:a1e0:ab12:4943:cd96:624c:3166"},
+// 		},
+// 		{
+// 			name: "ip/127",
+// 			args: args{
+// 				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:0000/127",
+// 			},
+// 			want: []string{
+// 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:0",
+// 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:1",
+// 			},
+// 		},
+// 		{
+// 			name: "ip/126",
+// 			args: args{
+// 				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:0000/126",
+// 			},
+// 			want: []string{
+// 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:0",
+// 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:1",
+// 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:2",
+// 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:3",
+// 			},
+// 		},
+// 	}
+// 	for _, tt := range tests {
+// 		t.Run(tt.name, func(t *testing.T) {
+// 			if got := expandACLPeerAddr(tt.args.srcIP); !reflect.DeepEqual(got, tt.want) {
+// 				t.Errorf("expandACLPeerAddr() = %v, want %v", got, tt.want)
+// 			}
+// 		})
+// 	}
+// }

 func TestACLPolicy_generateFilterRules(t *testing.T) {
 	type field struct {
@ -1819,7 +1819,7 @@ func TestACLPolicy_generateFilterRules(t *testing.T) {
 			wantErr: false,
 		},
 		{
-			name: "simple group",
+			name: "allow-all",
 			field: field{
 				pol: ACLPolicy{
 					ACLs: []ACL{
@ -1852,7 +1852,7 @@ func TestACLPolicy_generateFilterRules(t *testing.T) {
 			wantErr: false,
 		},
 		{
-			name: "simple host by ipv4 single dual stack",
+			name: "host1-can-reach-host2",
 			field: field{
 				pol: ACLPolicy{
 					ACLs: []ACL{
@ -1868,14 +1868,14 @@ func TestACLPolicy_generateFilterRules(t *testing.T) {
 				machines: []Machine{
 					{
 						IPAddresses: MachineAddresses{
-							netip.MustParseAddr("10.0.0.1"),
+							netip.MustParseAddr("100.64.0.1"),
 							netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2221"),
 						},
 						User: User{Name: "mickael"},
 					},
 					{
 						IPAddresses: MachineAddresses{
-							netip.MustParseAddr("10.0.0.2"),
+							netip.MustParseAddr("100.64.0.2"),
 							netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
 						},
 						User: User{Name: "mickael"},
@ -1883,10 +1883,9 @@ func TestACLPolicy_generateFilterRules(t *testing.T) {
 				},
 				stripEmailDomain: true,
 			},
-			// [{"SrcIPs":["100.64.0.1"],"DstPorts":[{"IP":"100.64.0.2","Bits":null,"Ports":{"First":0,"Last":65535}}]}]
 			want: []tailcfg.FilterRule{
 				{
-					SrcIPs: []string{"100.64.0.1"},
+					SrcIPs: []string{"100.64.0.1", "fd7a:115c:a1e0:ab12:4843:2222:6273:2221"},
 					DstPorts: []tailcfg.NetPortRange{
 						{
 							IP: "100.64.0.2",
@ -1895,6 +1894,13 @@ func TestACLPolicy_generateFilterRules(t *testing.T) {
 								Last:  65535,
 							},
 						},
+						{
+							IP: "fd7a:115c:a1e0:ab12:4843:2222:6273:2222",
+							Ports: tailcfg.PortRange{
+								First: 0,
+								Last:  65535,
+							},
+						},
 					},
 				},
 			},