From 30dce30a9d83c909aaea5fb8c03620b7f3c93371 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Mon, 30 Mar 2026 17:08:26 +0000 Subject: [PATCH] testdata: convert .json to .hujson with header comments Rename all 594 test data files from .json to .hujson and add descriptive header comments to each file documenting what policy rules are under test and what outcome is expected. Update test loaders in all 5 _test.go files to parse HuJSON via hujson.Parse/Standardize/Pack before json.Unmarshal. Add cross-dependency warning to via_compat_test.go documenting that GRANT-V29/V30/V31/V36 are shared with TestGrantsCompat. Add .gitignore exemption for testdata HuJSON files. --- .gitignore | 1 + .../v2/tailscale_acl_data_compat_test.go | 13 +++++++---- .../policy/v2/tailscale_grants_compat_test.go | 13 +++++++---- .../v2/tailscale_routes_data_compat_test.go | 13 +++++++---- .../v2/tailscale_ssh_data_compat_test.go | 13 +++++++---- .../{ACL-A01.json => ACL-A01.hujson} | 5 ++++ .../{ACL-A02.json => ACL-A02.hujson} | 5 ++++ .../{ACL-A03.json => ACL-A03.hujson} | 5 ++++ .../{ACL-A04.json => ACL-A04.hujson} | 5 ++++ .../{ACL-A05.json => ACL-A05.hujson} | 5 ++++ .../{ACL-A06.json => ACL-A06.hujson} | 5 ++++ .../{ACL-A07.json => ACL-A07.hujson} | 5 ++++ .../{ACL-A08.json => ACL-A08.hujson} | 5 ++++ .../{ACL-A09.json => ACL-A09.hujson} | 5 ++++ .../{ACL-A10.json => ACL-A10.hujson} | 5 ++++ .../{ACL-A11.json => ACL-A11.hujson} | 5 ++++ .../{ACL-A12.json => ACL-A12.hujson} | 5 ++++ .../{ACL-A13.json => ACL-A13.hujson} | 5 ++++ .../{ACL-A14.json => ACL-A14.hujson} | 5 ++++ .../{ACL-A15.json => ACL-A15.hujson} | 5 ++++ .../{ACL-A16.json => ACL-A16.hujson} | 5 ++++ .../{ACL-A17.json => ACL-A17.hujson} | 5 ++++ .../{ACL-AH01.json => ACL-AH01.hujson} | 5 ++++ .../{ACL-AH02.json => ACL-AH02.hujson} | 5 ++++ .../{ACL-AH03.json => ACL-AH03.hujson} | 5 ++++ .../{ACL-AH04.json => ACL-AH04.hujson} | 5 ++++ .../{ACL-AH05.json => ACL-AH05.hujson} | 5 ++++ .../{ACL-AH06.json => ACL-AH06.hujson} | 5 ++++ .../{ACL-AR01.json => ACL-AR01.hujson} | 7 ++++++ .../{ACL-AR02.json => ACL-AR02.hujson} | 8 +++++++ .../{ACL-AR03.json => ACL-AR03.hujson} | 8 +++++++ .../{ACL-AR04.json => ACL-AR04.hujson} | 8 +++++++ .../{ACL-AR05.json => ACL-AR05.hujson} | 9 ++++++++ .../{ACL-AR06.json => ACL-AR06.hujson} | 7 ++++++ .../{ACL-AT01.json => ACL-AT01.hujson} | 5 ++++ .../{ACL-AT02.json => ACL-AT02.hujson} | 5 ++++ .../{ACL-AT03.json => ACL-AT03.hujson} | 5 ++++ .../{ACL-AT04.json => ACL-AT04.hujson} | 7 ++++++ .../{ACL-AT05.json => ACL-AT05.hujson} | 7 ++++++ .../{ACL-AT06.json => ACL-AT06.hujson} | 9 ++++++++ .../{ACL-AU01.json => ACL-AU01.hujson} | 5 ++++ .../{ACL-AU02.json => ACL-AU02.hujson} | 5 ++++ .../{ACL-AU03.json => ACL-AU03.hujson} | 5 ++++ .../{ACL-AU04.json => ACL-AU04.hujson} | 5 ++++ .../{ACL-AU05.json => ACL-AU05.hujson} | 5 ++++ .../{ACL-AU06.json => ACL-AU06.hujson} | 5 ++++ .../{ACL-C01.json => ACL-C01.hujson} | 8 +++++++ .../{ACL-C02.json => ACL-C02.hujson} | 8 +++++++ .../{ACL-C03.json => ACL-C03.hujson} | 7 ++++++ .../{ACL-C04.json => ACL-C04.hujson} | 9 ++++++++ .../{ACL-C05.json => ACL-C05.hujson} | 5 ++++ .../{ACL-C06.json => ACL-C06.hujson} | 5 ++++ .../{ACL-C07.json => ACL-C07.hujson} | 9 ++++++++ .../{ACL-C08.json => ACL-C08.hujson} | 5 ++++ .../{ACL-C09.json => ACL-C09.hujson} | 9 ++++++++ .../{ACL-C10.json => ACL-C10.hujson} | 8 +++++++ .../{ACL-D01.json => ACL-D01.hujson} | 7 ++++++ .../{ACL-D02.json => ACL-D02.hujson} | 5 ++++ .../{ACL-D03.json => ACL-D03.hujson} | 5 ++++ .../{ACL-D04.json => ACL-D04.hujson} | 5 ++++ .../{ACL-D05.json => ACL-D05.hujson} | 5 ++++ .../{ACL-D06.json => ACL-D06.hujson} | 5 ++++ .../{ACL-D07.json => ACL-D07.hujson} | 5 ++++ .../{ACL-D08.json => ACL-D08.hujson} | 7 ++++++ .../{ACL-E01.json => ACL-E01.hujson} | 5 ++++ .../{ACL-E02.json => ACL-E02.hujson} | 5 ++++ .../{ACL-E03.json => ACL-E03.hujson} | 5 ++++ .../{ACL-E04.json => ACL-E04.hujson} | 5 ++++ .../{ACL-E05.json => ACL-E05.hujson} | 5 ++++ .../{ACL-E06.json => ACL-E06.hujson} | 5 ++++ .../{ACL-E07.json => ACL-E07.hujson} | 5 ++++ .../{ACL-E08.json => ACL-E08.hujson} | 5 ++++ .../{ACL-E09.json => ACL-E09.hujson} | 5 ++++ .../{ACL-ERR01.json => ACL-ERR01.hujson} | 5 ++++ .../{ACL-ERR02.json => ACL-ERR02.hujson} | 5 ++++ .../{ACL-ERR03.json => ACL-ERR03.hujson} | 5 ++++ .../{ACL-ERR04.json => ACL-ERR04.hujson} | 5 ++++ .../{ACL-ERR05.json => ACL-ERR05.hujson} | 5 ++++ .../{ACL-ERR06.json => ACL-ERR06.hujson} | 5 ++++ .../{ACL-ERR07.json => ACL-ERR07.hujson} | 5 ++++ .../{ACL-ERR08.json => ACL-ERR08.hujson} | 7 ++++++ .../{ACL-ERR09.json => ACL-ERR09.hujson} | 7 ++++++ .../{ACL-H01.json => ACL-H01.hujson} | 5 ++++ .../{ACL-H02.json => ACL-H02.hujson} | 5 ++++ .../{ACL-H03.json => ACL-H03.hujson} | 5 ++++ .../{ACL-H04.json => ACL-H04.hujson} | 5 ++++ .../{ACL-H05.json => ACL-H05.hujson} | 5 ++++ .../{ACL-H06.json => ACL-H06.hujson} | 5 ++++ .../{ACL-H07.json => ACL-H07.hujson} | 5 ++++ .../{ACL-H08.json => ACL-H08.hujson} | 5 ++++ .../{ACL-K01.json => ACL-K01.hujson} | 5 ++++ .../{ACL-K02.json => ACL-K02.hujson} | 5 ++++ .../{ACL-K03.json => ACL-K03.hujson} | 5 ++++ .../{ACL-K04.json => ACL-K04.hujson} | 5 ++++ .../{ACL-K05.json => ACL-K05.hujson} | 5 ++++ .../{ACL-M01.json => ACL-M01.hujson} | 5 ++++ .../{ACL-M02.json => ACL-M02.hujson} | 5 ++++ .../{ACL-M03.json => ACL-M03.hujson} | 5 ++++ .../{ACL-M04.json => ACL-M04.hujson} | 5 ++++ .../{ACL-M05.json => ACL-M05.hujson} | 5 ++++ .../{ACL-M06.json => ACL-M06.hujson} | 5 ++++ .../{ACL-M07.json => ACL-M07.hujson} | 5 ++++ .../{ACL-M08.json => ACL-M08.hujson} | 5 ++++ .../{ACL-M09.json => ACL-M09.hujson} | 5 ++++ .../{ACL-M10.json => ACL-M10.hujson} | 5 ++++ .../{ACL-MR01.json => ACL-MR01.hujson} | 7 ++++++ .../{ACL-MR02.json => ACL-MR02.hujson} | 7 ++++++ .../{ACL-MR03.json => ACL-MR03.hujson} | 7 ++++++ .../{ACL-MR04.json => ACL-MR04.hujson} | 7 ++++++ .../{ACL-MR05.json => ACL-MR05.hujson} | 7 ++++++ .../{ACL-MR06.json => ACL-MR06.hujson} | 7 ++++++ .../{ACL-MR07.json => ACL-MR07.hujson} | 7 ++++++ .../{ACL-MR08.json => ACL-MR08.hujson} | 8 +++++++ .../{ACL-MR09.json => ACL-MR09.hujson} | 8 +++++++ .../{ACL-MR10.json => ACL-MR10.hujson} | 8 +++++++ .../{ACL-MR11.json => ACL-MR11.hujson} | 7 ++++++ .../{ACL-MR12.json => ACL-MR12.hujson} | 7 ++++++ .../{ACL-MR13.json => ACL-MR13.hujson} | 7 ++++++ .../{ACL-MR14.json => ACL-MR14.hujson} | 7 ++++++ .../{ACL-MR15.json => ACL-MR15.hujson} | 7 ++++++ .../{ACL-MR16.json => ACL-MR16.hujson} | 8 +++++++ .../{ACL-MR17.json => ACL-MR17.hujson} | 7 ++++++ .../{ACL-MR18.json => ACL-MR18.hujson} | 7 ++++++ .../{ACL-MR19.json => ACL-MR19.hujson} | 7 ++++++ .../{ACL-MR20.json => ACL-MR20.hujson} | 7 ++++++ .../{ACL-MR21.json => ACL-MR21.hujson} | 9 ++++++++ .../{ACL-MR22.json => ACL-MR22.hujson} | 9 ++++++++ .../{ACL-MR23.json => ACL-MR23.hujson} | 9 ++++++++ .../{ACL-MU01.json => ACL-MU01.hujson} | 7 ++++++ .../{ACL-MU02.json => ACL-MU02.hujson} | 5 ++++ .../{ACL-MU03.json => ACL-MU03.hujson} | 7 ++++++ .../{ACL-MU04.json => ACL-MU04.hujson} | 7 ++++++ .../{ACL-MU05.json => ACL-MU05.hujson} | 5 ++++ .../{ACL-MU06.json => ACL-MU06.hujson} | 5 ++++ .../{ACL-MU07.json => ACL-MU07.hujson} | 5 ++++ .../{ACL-MU08.json => ACL-MU08.hujson} | 5 ++++ .../{ACL-O01.json => ACL-O01.hujson} | 5 ++++ .../{ACL-O02.json => ACL-O02.hujson} | 5 ++++ .../{ACL-O03.json => ACL-O03.hujson} | 5 ++++ .../{ACL-O04.json => ACL-O04.hujson} | 5 ++++ .../{ACL-P01.json => ACL-P01.hujson} | 5 ++++ .../{ACL-P02.json => ACL-P02.hujson} | 5 ++++ .../{ACL-P03.json => ACL-P03.hujson} | 5 ++++ .../{ACL-P04.json => ACL-P04.hujson} | 5 ++++ .../{ACL-P05.json => ACL-P05.hujson} | 5 ++++ .../{ACL-P06.json => ACL-P06.hujson} | 5 ++++ .../{ACL-PF01.json => ACL-PF01.hujson} | 5 ++++ .../{ACL-PF02.json => ACL-PF02.hujson} | 5 ++++ .../{ACL-PF03.json => ACL-PF03.hujson} | 5 ++++ .../{ACL-PF04.json => ACL-PF04.hujson} | 5 ++++ .../{ACL-PF05.json => ACL-PF05.hujson} | 5 ++++ .../{ACL-R01.json => ACL-R01.hujson} | 7 ++++++ .../{ACL-R02.json => ACL-R02.hujson} | 7 ++++++ .../{ACL-R03.json => ACL-R03.hujson} | 7 ++++++ .../{ACL-R04.json => ACL-R04.hujson} | 7 ++++++ .../{ACL-R05.json => ACL-R05.hujson} | 7 ++++++ .../{ACL-R06.json => ACL-R06.hujson} | 8 +++++++ .../{ACL-R07.json => ACL-R07.hujson} | 8 +++++++ .../{ACL-R08.json => ACL-R08.hujson} | 8 +++++++ .../{ACL-R09.json => ACL-R09.hujson} | 7 ++++++ .../{ACL-R10.json => ACL-R10.hujson} | 7 ++++++ .../{ACL-RS01.json => ACL-RS01.hujson} | 5 ++++ .../{ACL-RS02.json => ACL-RS02.hujson} | 5 ++++ .../{ACL-RS03.json => ACL-RS03.hujson} | 5 ++++ .../{ACL-RS04.json => ACL-RS04.hujson} | 5 ++++ .../{ACL-RS05.json => ACL-RS05.hujson} | 5 ++++ .../{ACL-RS06.json => ACL-RS06.hujson} | 5 ++++ .../{ACL-RS07.json => ACL-RS07.hujson} | 5 ++++ .../{ACL-S01.json => ACL-S01.hujson} | 5 ++++ .../{ACL-S02.json => ACL-S02.hujson} | 5 ++++ .../{ACL-S03.json => ACL-S03.hujson} | 5 ++++ .../{ACL-S04.json => ACL-S04.hujson} | 5 ++++ .../{ACL-S05.json => ACL-S05.hujson} | 5 ++++ .../{ACL-S06.json => ACL-S06.hujson} | 5 ++++ .../{ACL-S07.json => ACL-S07.hujson} | 7 ++++++ .../{ACL-S08.json => ACL-S08.hujson} | 5 ++++ .../{ACL-S09.json => ACL-S09.hujson} | 5 ++++ .../{ACL-S10.json => ACL-S10.hujson} | 7 ++++++ .../{ACL-SF01.json => ACL-SF01.hujson} | 5 ++++ .../{ACL-SF02.json => ACL-SF02.hujson} | 5 ++++ .../{ACL-SF03.json => ACL-SF03.hujson} | 5 ++++ .../{ACL-SF04.json => ACL-SF04.hujson} | 5 ++++ .../{ACL-SF05.json => ACL-SF05.hujson} | 5 ++++ .../{ACL-SF06.json => ACL-SF06.hujson} | 5 ++++ .../{ACL-SF07.json => ACL-SF07.hujson} | 5 ++++ .../{ACL-SF08.json => ACL-SF08.hujson} | 5 ++++ .../{ACL-SF09.json => ACL-SF09.hujson} | 7 ++++++ .../{ACL-SF10.json => ACL-SF10.hujson} | 5 ++++ .../{ACL-SF11.json => ACL-SF11.hujson} | 5 ++++ .../{ACL-SF12.json => ACL-SF12.hujson} | 5 ++++ .../{ACL-SF13.json => ACL-SF13.hujson} | 5 ++++ .../{ACL-T01.json => ACL-T01.hujson} | 5 ++++ .../{ACL-T02.json => ACL-T02.hujson} | 5 ++++ .../{ACL-T03.json => ACL-T03.hujson} | 5 ++++ .../{ACL-T04.json => ACL-T04.hujson} | 5 ++++ .../{ACL-T05.json => ACL-T05.hujson} | 5 ++++ .../{ACL-T06.json => ACL-T06.hujson} | 5 ++++ .../{ACL-T07.json => ACL-T07.hujson} | 5 ++++ .../{ACL-T08.json => ACL-T08.hujson} | 5 ++++ .../{ACL-T09.json => ACL-T09.hujson} | 5 ++++ .../{ACL-T10.json => ACL-T10.hujson} | 5 ++++ .../{ACL-U01.json => ACL-U01.hujson} | 5 ++++ .../{ACL-U02.json => ACL-U02.hujson} | 5 ++++ .../{ACL-U03.json => ACL-U03.hujson} | 5 ++++ .../{ACL-U04.json => ACL-U04.hujson} | 5 ++++ .../{ACL-U05.json => ACL-U05.hujson} | 5 ++++ .../{ACL-U06.json => ACL-U06.hujson} | 5 ++++ .../{ACL-U07.json => ACL-U07.hujson} | 5 ++++ .../{ACL-U08.json => ACL-U08.hujson} | 5 ++++ .../{ACL-U09.json => ACL-U09.hujson} | 5 ++++ .../{ACL-U10.json => ACL-U10.hujson} | 5 ++++ .../{ACL-U11.json => ACL-U11.hujson} | 5 ++++ .../{ACL-U12.json => ACL-U12.hujson} | 5 ++++ .../{ACL-W01.json => ACL-W01.hujson} | 5 ++++ .../{ACL-W02.json => ACL-W02.hujson} | 5 ++++ .../{ACL-W03.json => ACL-W03.hujson} | 5 ++++ .../{ACL-W04.json => ACL-W04.hujson} | 5 ++++ .../{ACL-W05.json => ACL-W05.hujson} | 5 ++++ .../{ACL-W06.json => ACL-W06.hujson} | 5 ++++ .../{ACL-W07.json => ACL-W07.hujson} | 5 ++++ .../{GRANT-A1.json => GRANT-A1.hujson} | 5 ++++ .../{GRANT-A2.json => GRANT-A2.hujson} | 5 ++++ .../{GRANT-A3.json => GRANT-A3.hujson} | 5 ++++ .../{GRANT-A4.json => GRANT-A4.hujson} | 5 ++++ .../{GRANT-A5.json => GRANT-A5.hujson} | 5 ++++ .../{GRANT-A6.json => GRANT-A6.hujson} | 5 ++++ .../{GRANT-B1.json => GRANT-B1.hujson} | 5 ++++ .../{GRANT-B2.json => GRANT-B2.hujson} | 5 ++++ .../{GRANT-B3.json => GRANT-B3.hujson} | 5 ++++ .../{GRANT-B4.json => GRANT-B4.hujson} | 5 ++++ .../{GRANT-B5.json => GRANT-B5.hujson} | 5 ++++ .../{GRANT-C1.json => GRANT-C1.hujson} | 5 ++++ .../{GRANT-C2.json => GRANT-C2.hujson} | 5 ++++ .../{GRANT-C3.json => GRANT-C3.hujson} | 5 ++++ .../{GRANT-C4.json => GRANT-C4.hujson} | 5 ++++ .../{GRANT-C5.json => GRANT-C5.hujson} | 5 ++++ .../{GRANT-C6.json => GRANT-C6.hujson} | 5 ++++ .../{GRANT-D1.json => GRANT-D1.hujson} | 5 ++++ .../{GRANT-D2.json => GRANT-D2.hujson} | 5 ++++ .../{GRANT-D3.json => GRANT-D3.hujson} | 5 ++++ .../{GRANT-D4.json => GRANT-D4.hujson} | 5 ++++ .../{GRANT-D5.json => GRANT-D5.hujson} | 5 ++++ .../{GRANT-D6.json => GRANT-D6.hujson} | 5 ++++ .../{GRANT-D7.json => GRANT-D7.hujson} | 5 ++++ .../{GRANT-E1.json => GRANT-E1.hujson} | 5 ++++ .../{GRANT-E2.json => GRANT-E2.hujson} | 5 ++++ .../{GRANT-E3.json => GRANT-E3.hujson} | 5 ++++ .../{GRANT-E4.json => GRANT-E4.hujson} | 5 ++++ .../{GRANT-E5.json => GRANT-E5.hujson} | 5 ++++ .../{GRANT-E6.json => GRANT-E6.hujson} | 5 ++++ .../{GRANT-E7.json => GRANT-E7.hujson} | 5 ++++ .../{GRANT-E8.json => GRANT-E8.hujson} | 5 ++++ .../{GRANT-F1.json => GRANT-F1.hujson} | 5 ++++ .../{GRANT-F2.json => GRANT-F2.hujson} | 5 ++++ .../{GRANT-F3.json => GRANT-F3.hujson} | 7 ++++++ .../{GRANT-F4.json => GRANT-F4.hujson} | 5 ++++ .../{GRANT-G1.json => GRANT-G1.hujson} | 7 ++++++ .../{GRANT-G2.json => GRANT-G2.hujson} | 7 ++++++ .../{GRANT-G3.json => GRANT-G3.hujson} | 7 ++++++ .../{GRANT-G4.json => GRANT-G4.hujson} | 7 ++++++ .../{GRANT-G5.json => GRANT-G5.hujson} | 8 +++++++ .../{GRANT-G6.json => GRANT-G6.hujson} | 7 ++++++ .../{GRANT-H1.json => GRANT-H1.hujson} | 5 ++++ .../{GRANT-H10.json => GRANT-H10.hujson} | 5 ++++ .../{GRANT-H2.json => GRANT-H2.hujson} | 5 ++++ .../{GRANT-H3.json => GRANT-H3.hujson} | 5 ++++ .../{GRANT-H4.json => GRANT-H4.hujson} | 5 ++++ .../{GRANT-H5.json => GRANT-H5.hujson} | 5 ++++ .../{GRANT-H6.json => GRANT-H6.hujson} | 5 ++++ .../{GRANT-H7.json => GRANT-H7.hujson} | 5 ++++ .../{GRANT-H8.json => GRANT-H8.hujson} | 5 ++++ .../{GRANT-H9.json => GRANT-H9.hujson} | 5 ++++ .../{GRANT-I1.json => GRANT-I1.hujson} | 5 ++++ .../{GRANT-I2.json => GRANT-I2.hujson} | 5 ++++ .../{GRANT-I3.json => GRANT-I3.hujson} | 5 ++++ .../{GRANT-I4.json => GRANT-I4.hujson} | 5 ++++ .../{GRANT-J1.json => GRANT-J1.hujson} | 5 ++++ .../{GRANT-J2.json => GRANT-J2.hujson} | 5 ++++ .../{GRANT-J3.json => GRANT-J3.hujson} | 5 ++++ .../{GRANT-J4.json => GRANT-J4.hujson} | 5 ++++ .../{GRANT-J5.json => GRANT-J5.hujson} | 5 ++++ .../{GRANT-J6.json => GRANT-J6.hujson} | 5 ++++ .../{GRANT-J7.json => GRANT-J7.hujson} | 5 ++++ .../{GRANT-K1.json => GRANT-K1.hujson} | 6 +++++ .../{GRANT-K10.json => GRANT-K10.hujson} | 5 ++++ .../{GRANT-K11.json => GRANT-K11.hujson} | 5 ++++ .../{GRANT-K12.json => GRANT-K12.hujson} | 5 ++++ .../{GRANT-K13.json => GRANT-K13.hujson} | 5 ++++ .../{GRANT-K14.json => GRANT-K14.hujson} | 5 ++++ .../{GRANT-K15.json => GRANT-K15.hujson} | 5 ++++ .../{GRANT-K16.json => GRANT-K16.hujson} | 7 ++++++ .../{GRANT-K17.json => GRANT-K17.hujson} | 7 ++++++ .../{GRANT-K18.json => GRANT-K18.hujson} | 7 ++++++ .../{GRANT-K19.json => GRANT-K19.hujson} | 7 ++++++ .../{GRANT-K2.json => GRANT-K2.hujson} | 5 ++++ .../{GRANT-K20.json => GRANT-K20.hujson} | 5 ++++ .../{GRANT-K21.json => GRANT-K21.hujson} | 5 ++++ .../{GRANT-K22.json => GRANT-K22.hujson} | 5 ++++ .../{GRANT-K23.json => GRANT-K23.hujson} | 5 ++++ .../{GRANT-K24.json => GRANT-K24.hujson} | 5 ++++ .../{GRANT-K25.json => GRANT-K25.hujson} | 5 ++++ .../{GRANT-K26.json => GRANT-K26.hujson} | 5 ++++ .../{GRANT-K27.json => GRANT-K27.hujson} | 5 ++++ .../{GRANT-K28.json => GRANT-K28.hujson} | 5 ++++ .../{GRANT-K29.json => GRANT-K29.hujson} | 3 +++ .../{GRANT-K3.json => GRANT-K3.hujson} | 6 +++++ .../{GRANT-K30.json => GRANT-K30.hujson} | 5 ++++ .../{GRANT-K4.json => GRANT-K4.hujson} | 6 +++++ .../{GRANT-K5.json => GRANT-K5.hujson} | 8 +++++++ .../{GRANT-K6.json => GRANT-K6.hujson} | 5 ++++ .../{GRANT-K7.json => GRANT-K7.hujson} | 5 ++++ .../{GRANT-K8.json => GRANT-K8.hujson} | 5 ++++ .../{GRANT-K9.json => GRANT-K9.hujson} | 5 ++++ .../{GRANT-P01_1.json => GRANT-P01_1.hujson} | 5 ++++ .../{GRANT-P01_2.json => GRANT-P01_2.hujson} | 5 ++++ .../{GRANT-P01_3.json => GRANT-P01_3.hujson} | 5 ++++ .../{GRANT-P01_4.json => GRANT-P01_4.hujson} | 5 ++++ .../{GRANT-P01_5.json => GRANT-P01_5.hujson} | 5 ++++ .../{GRANT-P02_1.json => GRANT-P02_1.hujson} | 5 ++++ .../{GRANT-P02_2.json => GRANT-P02_2.hujson} | 5 ++++ .../{GRANT-P02_3.json => GRANT-P02_3.hujson} | 5 ++++ .../{GRANT-P02_4.json => GRANT-P02_4.hujson} | 5 ++++ ...ORRECT.json => GRANT-P02_5_CORRECT.hujson} | 7 ++++++ ..._5_NAIVE.json => GRANT-P02_5_NAIVE.hujson} | 5 ++++ .../{GRANT-P03_1.json => GRANT-P03_1.hujson} | 5 ++++ .../{GRANT-P03_2.json => GRANT-P03_2.hujson} | 5 ++++ .../{GRANT-P03_3.json => GRANT-P03_3.hujson} | 5 ++++ .../{GRANT-P03_4.json => GRANT-P03_4.hujson} | 5 ++++ .../{GRANT-P04_1.json => GRANT-P04_1.hujson} | 5 ++++ .../{GRANT-P04_2.json => GRANT-P04_2.hujson} | 5 ++++ .../{GRANT-P04_3.json => GRANT-P04_3.hujson} | 5 ++++ .../{GRANT-P04_4.json => GRANT-P04_4.hujson} | 5 ++++ .../{GRANT-P05_1.json => GRANT-P05_1.hujson} | 5 ++++ .../{GRANT-P05_2.json => GRANT-P05_2.hujson} | 5 ++++ .../{GRANT-P05_3.json => GRANT-P05_3.hujson} | 5 ++++ .../{GRANT-P06_1.json => GRANT-P06_1.hujson} | 5 ++++ .../{GRANT-P06_2.json => GRANT-P06_2.hujson} | 5 ++++ .../{GRANT-P06_3.json => GRANT-P06_3.hujson} | 5 ++++ .../{GRANT-P06_4.json => GRANT-P06_4.hujson} | 5 ++++ .../{GRANT-P06_5.json => GRANT-P06_5.hujson} | 5 ++++ .../{GRANT-P06_6.json => GRANT-P06_6.hujson} | 5 ++++ .../{GRANT-P06_7.json => GRANT-P06_7.hujson} | 5 ++++ .../{GRANT-P08_1.json => GRANT-P08_1.hujson} | 7 ++++++ .../{GRANT-P08_2.json => GRANT-P08_2.hujson} | 8 +++++++ .../{GRANT-P08_3.json => GRANT-P08_3.hujson} | 5 ++++ .../{GRANT-P08_4.json => GRANT-P08_4.hujson} | 8 +++++++ .../{GRANT-P08_5.json => GRANT-P08_5.hujson} | 8 +++++++ .../{GRANT-P08_6.json => GRANT-P08_6.hujson} | 7 ++++++ .../{GRANT-P08_7.json => GRANT-P08_7.hujson} | 7 ++++++ .../{GRANT-P08_8.json => GRANT-P08_8.hujson} | 5 ++++ ...RANT-P09_10A.json => GRANT-P09_10A.hujson} | 7 ++++++ ...RANT-P09_10B.json => GRANT-P09_10B.hujson} | 7 ++++++ ...RANT-P09_10C.json => GRANT-P09_10C.hujson} | 8 +++++++ ...RANT-P09_10D.json => GRANT-P09_10D.hujson} | 7 ++++++ ...RANT-P09_11A.json => GRANT-P09_11A.hujson} | 5 ++++ ...RANT-P09_11B.json => GRANT-P09_11B.hujson} | 5 ++++ ..._NAIVE.json => GRANT-P09_11C_NAIVE.hujson} | 5 ++++ ...RANT-P09_11D.json => GRANT-P09_11D.hujson} | 5 ++++ ...RANT-P09_12A.json => GRANT-P09_12A.hujson} | 5 ++++ ...RANT-P09_12B.json => GRANT-P09_12B.hujson} | 5 ++++ ...RANT-P09_13A.json => GRANT-P09_13A.hujson} | 5 ++++ ...RANT-P09_13B.json => GRANT-P09_13B.hujson} | 5 ++++ ...RANT-P09_13C.json => GRANT-P09_13C.hujson} | 5 ++++ ...RANT-P09_13D.json => GRANT-P09_13D.hujson} | 5 ++++ ...RANT-P09_13E.json => GRANT-P09_13E.hujson} | 5 ++++ ...RANT-P09_13F.json => GRANT-P09_13F.hujson} | 5 ++++ ...RANT-P09_13G.json => GRANT-P09_13G.hujson} | 5 ++++ ...RECT.json => GRANT-P09_13H_CORRECT.hujson} | 7 ++++++ ..._NAIVE.json => GRANT-P09_13H_NAIVE.hujson} | 5 ++++ ...RANT-P09_14A.json => GRANT-P09_14A.hujson} | 7 ++++++ ...RANT-P09_14B.json => GRANT-P09_14B.hujson} | 7 ++++++ ...RANT-P09_14C.json => GRANT-P09_14C.hujson} | 7 ++++++ ...RANT-P09_14D.json => GRANT-P09_14D.hujson} | 8 +++++++ ...RANT-P09_14E.json => GRANT-P09_14E.hujson} | 8 +++++++ ...RANT-P09_14F.json => GRANT-P09_14F.hujson} | 7 ++++++ ...RANT-P09_14G.json => GRANT-P09_14G.hujson} | 7 ++++++ ...RANT-P09_14H.json => GRANT-P09_14H.hujson} | 7 ++++++ ...RANT-P09_14I.json => GRANT-P09_14I.hujson} | 8 +++++++ ...{GRANT-P09_1A.json => GRANT-P09_1A.hujson} | 5 ++++ ...{GRANT-P09_1B.json => GRANT-P09_1B.hujson} | 5 ++++ ...{GRANT-P09_1C.json => GRANT-P09_1C.hujson} | 5 ++++ ...{GRANT-P09_1D.json => GRANT-P09_1D.hujson} | 5 ++++ ...{GRANT-P09_1E.json => GRANT-P09_1E.hujson} | 5 ++++ ...RRECT.json => GRANT-P09_2A_CORRECT.hujson} | 7 ++++++ ...A_NAIVE.json => GRANT-P09_2A_NAIVE.hujson} | 5 ++++ ...RRECT.json => GRANT-P09_2B_CORRECT.hujson} | 7 ++++++ ...B_NAIVE.json => GRANT-P09_2B_NAIVE.hujson} | 5 ++++ ...{GRANT-P09_2C.json => GRANT-P09_2C.hujson} | 5 ++++ ...{GRANT-P09_3A.json => GRANT-P09_3A.hujson} | 5 ++++ ...{GRANT-P09_3B.json => GRANT-P09_3B.hujson} | 5 ++++ ...{GRANT-P09_3C.json => GRANT-P09_3C.hujson} | 5 ++++ ...{GRANT-P09_4A.json => GRANT-P09_4A.hujson} | 5 ++++ ...{GRANT-P09_4B.json => GRANT-P09_4B.hujson} | 5 ++++ ...{GRANT-P09_4C.json => GRANT-P09_4C.hujson} | 5 ++++ ...{GRANT-P09_4D.json => GRANT-P09_4D.hujson} | 5 ++++ ...{GRANT-P09_4E.json => GRANT-P09_4E.hujson} | 5 ++++ ...{GRANT-P09_4F.json => GRANT-P09_4F.hujson} | 5 ++++ ...{GRANT-P09_4G.json => GRANT-P09_4G.hujson} | 5 ++++ ...{GRANT-P09_5A.json => GRANT-P09_5A.hujson} | 5 ++++ ...{GRANT-P09_5B.json => GRANT-P09_5B.hujson} | 5 ++++ ...C_NAIVE.json => GRANT-P09_5C_NAIVE.hujson} | 5 ++++ ...{GRANT-P09_6A.json => GRANT-P09_6A.hujson} | 5 ++++ ...{GRANT-P09_6B.json => GRANT-P09_6B.hujson} | 5 ++++ ...{GRANT-P09_6C.json => GRANT-P09_6C.hujson} | 5 ++++ ...{GRANT-P09_6D.json => GRANT-P09_6D.hujson} | 5 ++++ ...{GRANT-P09_7A.json => GRANT-P09_7A.hujson} | 5 ++++ ...B_NAIVE.json => GRANT-P09_7B_NAIVE.hujson} | 5 ++++ ...{GRANT-P09_7C.json => GRANT-P09_7C.hujson} | 5 ++++ ...D_NAIVE.json => GRANT-P09_7D_NAIVE.hujson} | 5 ++++ ...{GRANT-P09_8A.json => GRANT-P09_8A.hujson} | 5 ++++ ...{GRANT-P09_8B.json => GRANT-P09_8B.hujson} | 5 ++++ ...{GRANT-P09_8C.json => GRANT-P09_8C.hujson} | 5 ++++ ...{GRANT-P09_9A.json => GRANT-P09_9A.hujson} | 5 ++++ ...{GRANT-P09_9B.json => GRANT-P09_9B.hujson} | 5 ++++ ...{GRANT-P09_9C.json => GRANT-P09_9C.hujson} | 5 ++++ .../{GRANT-P10_1.json => GRANT-P10_1.hujson} | 5 ++++ .../{GRANT-P10_2.json => GRANT-P10_2.hujson} | 5 ++++ .../{GRANT-P10_3.json => GRANT-P10_3.hujson} | 5 ++++ .../{GRANT-P10_4.json => GRANT-P10_4.hujson} | 5 ++++ .../{GRANT-P11_1.json => GRANT-P11_1.hujson} | 5 ++++ .../{GRANT-P11_2.json => GRANT-P11_2.hujson} | 5 ++++ .../{GRANT-P11_3.json => GRANT-P11_3.hujson} | 5 ++++ .../{GRANT-P13_1.json => GRANT-P13_1.hujson} | 5 ++++ .../{GRANT-P13_2.json => GRANT-P13_2.hujson} | 5 ++++ .../{GRANT-P13_3.json => GRANT-P13_3.hujson} | 5 ++++ .../{GRANT-P13_4.json => GRANT-P13_4.hujson} | 5 ++++ .../{GRANT-P15_1.json => GRANT-P15_1.hujson} | 5 ++++ .../{GRANT-P15_2.json => GRANT-P15_2.hujson} | 5 ++++ .../{GRANT-P15_3.json => GRANT-P15_3.hujson} | 5 ++++ .../{GRANT-P15_4.json => GRANT-P15_4.hujson} | 5 ++++ .../{GRANT-P15_5.json => GRANT-P15_5.hujson} | 5 ++++ .../{GRANT-P15_6.json => GRANT-P15_6.hujson} | 5 ++++ .../{GRANT-V01.json => GRANT-V01.hujson} | 5 ++++ .../{GRANT-V02.json => GRANT-V02.hujson} | 5 ++++ .../{GRANT-V03.json => GRANT-V03.hujson} | 5 ++++ .../{GRANT-V04.json => GRANT-V04.hujson} | 5 ++++ .../{GRANT-V05.json => GRANT-V05.hujson} | 5 ++++ .../{GRANT-V06.json => GRANT-V06.hujson} | 5 ++++ .../{GRANT-V07.json => GRANT-V07.hujson} | 5 ++++ .../{GRANT-V08.json => GRANT-V08.hujson} | 5 ++++ .../{GRANT-V09.json => GRANT-V09.hujson} | 5 ++++ .../{GRANT-V10.json => GRANT-V10.hujson} | 5 ++++ .../{GRANT-V11.json => GRANT-V11.hujson} | 5 ++++ .../{GRANT-V12.json => GRANT-V12.hujson} | 5 ++++ .../{GRANT-V13.json => GRANT-V13.hujson} | 5 ++++ .../{GRANT-V14.json => GRANT-V14.hujson} | 5 ++++ .../{GRANT-V15.json => GRANT-V15.hujson} | 5 ++++ .../{GRANT-V16.json => GRANT-V16.hujson} | 5 ++++ .../{GRANT-V17.json => GRANT-V17.hujson} | 5 ++++ .../{GRANT-V18.json => GRANT-V18.hujson} | 5 ++++ .../{GRANT-V19.json => GRANT-V19.hujson} | 5 ++++ .../{GRANT-V20.json => GRANT-V20.hujson} | 5 ++++ .../{GRANT-V21.json => GRANT-V21.hujson} | 5 ++++ .../{GRANT-V22.json => GRANT-V22.hujson} | 5 ++++ .../{GRANT-V23.json => GRANT-V23.hujson} | 5 ++++ .../{GRANT-V24.json => GRANT-V24.hujson} | 5 ++++ .../{GRANT-V25.json => GRANT-V25.hujson} | 5 ++++ .../{GRANT-V26.json => GRANT-V26.hujson} | 5 ++++ .../{GRANT-V27.json => GRANT-V27.hujson} | 5 ++++ .../{GRANT-V28.json => GRANT-V28.hujson} | 7 ++++++ .../{GRANT-V29.json => GRANT-V29.hujson} | 12 ++++++++++ .../{GRANT-V30.json => GRANT-V30.hujson} | 14 +++++++++++ .../{GRANT-V31.json => GRANT-V31.hujson} | 13 +++++++++++ .../{GRANT-V32.json => GRANT-V32.hujson} | 7 ++++++ .../{GRANT-V33.json => GRANT-V33.hujson} | 7 ++++++ .../{GRANT-V34.json => GRANT-V34.hujson} | 5 ++++ .../{GRANT-V35.json => GRANT-V35.hujson} | 5 ++++ .../{GRANT-V36.json => GRANT-V36.hujson} | 15 ++++++++++++ ...card_acl_includes_routes_in_srcips.hujson} | 7 ++++++ ...S-a2_tag_based_acl_excludes_routes.hujson} | 7 ++++++ ...3_explicit_subnet_filter_to_router.hujson} | 7 ++++++ ...TES-a3b_autogroup_member_to_subnet.hujson} | 7 ++++++ ...TES-a4_multiple_routes_same_router.hujson} | 7 ++++++ ... => ROUTES-a5_host_alias_to_subnet.hujson} | 7 ++++++ ...0_exit_routes_not_in_primaryroutes.hujson} | 7 ++++++ ...OUTES-b1_exit_routes_not_in_srcips.hujson} | 7 ++++++ ...S-b2_tag_exit_excludes_exit_routes.hujson} | 7 ++++++ ...TES-b3_exit_node_advertises_routes.hujson} | 7 ++++++ ..._multi_router_has_both_route_types.hujson} | 7 ++++++ ...> ROUTES-b5_exit_with_wildcard_dst.hujson} | 7 ++++++ ...> ROUTES-b6_exit_node_option_field.hujson} | 7 ++++++ ...n => ROUTES-b7_multiple_exit_nodes.hujson} | 7 ++++++ ...S-b8_autogroup_internet_no_filters.hujson} | 7 ++++++ ...OUTES-b9_exit_routes_in_allowedips.hujson} | 7 ++++++ ...UTES-d10_auto_approval_retroactive.hujson} | 7 ++++++ ...TES-d11_overlapping_auto_approvers.hujson} | 7 ++++++ ...OUTES-d1_basic_route_auto_approval.hujson} | 7 ++++++ ...> ROUTES-d2_nested_prefix_approval.hujson} | 7 ++++++ ...=> ROUTES-d3_exact_prefix_approval.hujson} | 7 ++++++ ...on => ROUTES-d4_prefix_not_covered.hujson} | 7 ++++++ ...> ROUTES-d5_wrong_tag_not_approved.hujson} | 7 ++++++ ... ROUTES-d6_exit_node_auto_approval.hujson} | 7 ++++++ ...ES-d7_exit_auto_approval_wrong_tag.hujson} | 7 ++++++ ...S-d8_auto_approval_acl_interaction.hujson} | 7 ++++++ ...uto_approval_triggers_on_advertise.hujson} | 7 ++++++ ...UTES-e1_ha_two_routers_same_subnet.hujson} | 7 ++++++ ...ROUTES-e2_ha_primary_in_allowedips.hujson} | 7 ++++++ ...a_secondary_no_route_in_allowedips.hujson} | 7 ++++++ ...-e4_ha_both_get_filters_host_alias.hujson} | 7 ++++++ ...TES-e5_first_advertiser_is_primary.hujson} | 7 ++++++ ...1_filter_on_destination_not_source.hujson} | 7 ++++++ ... => ROUTES-f2_subnet_as_acl_source.hujson} | 7 ++++++ ...OUTES-f3_wildcard_src_specific_dst.hujson} | 7 ++++++ ...OUTES-f4_specific_src_wildcard_dst.hujson} | 7 ++++++ ...TES-f5_bidirectional_subnet_access.hujson} | 9 ++++++++ ... ROUTES-f6_filter_srcips_expansion.hujson} | 7 ++++++ ...-f7_filter_dstports_shows_acl_cidr.hujson} | 7 ++++++ ...ROUTES-f8_route_enabled_acl_denies.hujson} | 7 ++++++ ...OUTES-f9_route_disabled_acl_allows.hujson} | 7 ++++++ ... ROUTES-g1_port_restriction_subnet.hujson} | 7 ++++++ ...son => ROUTES-g2_port_range_subnet.hujson} | 7 ++++++ ...=> ROUTES-g3_multiple_ports_subnet.hujson} | 7 ++++++ ... => ROUTES-g4_protocol_icmp_subnet.hujson} | 7 ++++++ ...son => ROUTES-g5_protocol_tcp_only.hujson} | 7 ++++++ ...son => ROUTES-g6_protocol_udp_only.hujson} | 7 ++++++ ...on => ROUTES-g7_all_ports_wildcard.hujson} | 7 ++++++ ....json => ROUTES-g8_default_ipproto.hujson} | 7 ++++++ ...on => ROUTES-h10_very_small_prefix.hujson} | 7 ++++++ ...on => ROUTES-h11_ipv6_small_prefix.hujson} | 7 ++++++ ...> ROUTES-h1_wildcard_srcips_format.hujson} | 7 ++++++ ...ROUTES-h2_wildcard_dstports_format.hujson} | 7 ++++++ ...=> ROUTES-h3_cgnat_range_expansion.hujson} | 7 ++++++ ... => ROUTES-h4_ipv6_range_in_srcips.hujson} | 7 ++++++ ...=> ROUTES-h5_subnet_overlaps_cgnat.hujson} | 7 ++++++ ...h6_loopback_routes_not_distributed.hujson} | 7 ++++++ ...=> ROUTES-h7_two_nodes_same_subnet.hujson} | 7 ++++++ ...=> ROUTES-h8_cgnat_overlap_blocked.hujson} | 7 ++++++ ...on => ROUTES-h9_large_prefix_works.hujson} | 7 ++++++ ...son => ROUTES-i1_ipv6_subnet_route.hujson} | 7 ++++++ ....json => ROUTES-i2_ipv6_exit_route.hujson} | 7 ++++++ ... ROUTES-i3_ipv6_in_wildcard_srcips.hujson} | 7 ++++++ ...son => ROUTES-i4_ipv6_specific_acl.hujson} | 7 ++++++ ...ROUTES-i5_ipv6_parent_child_routes.hujson} | 7 ++++++ ....json => ROUTES-i6_dual_stack_node.hujson} | 9 ++++++++ ...on => ROUTES-i7_ipv6_exit_coverage.hujson} | 7 ++++++ ...S-o10_acl_dest_covered_by_multiple.hujson} | 7 ++++++ ...=> ROUTES-o11_acl_dest_not_covered.hujson} | 7 ++++++ ...ROUTES-o12_filter_dest_is_acl_cidr.hujson} | 7 ++++++ ...S-o1_overlapping_routes_not_merged.hujson} | 7 ++++++ ...UTES-o2_ha_routers_both_get_filter.hujson} | 7 ++++++ ...ES-o3_parent_child_different_nodes.hujson} | 7 ++++++ ...n => ROUTES-o4_three_way_hierarchy.hujson} | 7 ++++++ ...-o5_sibling_routes_with_parent_acl.hujson} | 7 ++++++ ...-o6_exit_route_expands_filter_dist.hujson} | 7 ++++++ ...=> ROUTES-o7_specific_ip_targeting.hujson} | 7 ++++++ ...ES-o8_same_node_overlapping_routes.hujson} | 7 ++++++ ...UTES-o9_different_nodes_same_route.hujson} | 7 ++++++ ...OUTES-r1_exit_covers_external_dest.hujson} | 7 ++++++ ...-r2_parent_route_covers_child_dest.hujson} | 7 ++++++ ...UTES-r3_sibling_routes_no_coverage.hujson} | 7 ++++++ ...son => ROUTES-r4_exact_match_route.hujson} | 7 ++++++ ...UTES-r5_route_coverage_check_logic.hujson} | 7 ++++++ ...n => ROUTES-r6_ipv6_route_coverage.hujson} | 7 ++++++ ...on => ROUTES-r7_exit_ipv6_coverage.hujson} | 7 ++++++ ...ROUTES-r8_mixed_ipv4_ipv6_coverage.hujson} | 7 ++++++ ...-t1_tags_resolve_to_ips_not_routes.hujson} | 7 ++++++ ... => ROUTES-t2_tag_to_tag_with_exit.hujson} | 7 ++++++ ...TES-t3_tag_src_includes_all_tagged.hujson} | 7 ++++++ ...TES-t4_tag_dst_includes_all_tagged.hujson} | 7 ++++++ ...> ROUTES-t5_multi_tag_node_in_both.hujson} | 7 ++++++ .../{SSH-A1.json => SSH-A1.hujson} | 5 ++++ .../{SSH-A2.json => SSH-A2.hujson} | 5 ++++ .../{SSH-A3.json => SSH-A3.hujson} | 5 ++++ .../{SSH-A4.json => SSH-A4.hujson} | 5 ++++ .../{SSH-A5.json => SSH-A5.hujson} | 5 ++++ .../{SSH-A6.json => SSH-A6.hujson} | 5 ++++ .../{SSH-A7.json => SSH-A7.hujson} | 5 ++++ .../{SSH-A8.json => SSH-A8.hujson} | 5 ++++ .../{SSH-B1.json => SSH-B1.hujson} | 5 ++++ .../{SSH-B2.json => SSH-B2.hujson} | 5 ++++ .../{SSH-B3.json => SSH-B3.hujson} | 5 ++++ .../{SSH-B5.json => SSH-B5.hujson} | 5 ++++ .../{SSH-B6.json => SSH-B6.hujson} | 5 ++++ .../{SSH-C1.json => SSH-C1.hujson} | 5 ++++ .../{SSH-C2.json => SSH-C2.hujson} | 5 ++++ .../{SSH-C3.json => SSH-C3.hujson} | 5 ++++ .../{SSH-C4.json => SSH-C4.hujson} | 5 ++++ .../{SSH-D10.json => SSH-D10.hujson} | 5 ++++ .../{SSH-D11.json => SSH-D11.hujson} | 5 ++++ .../{SSH-D12.json => SSH-D12.hujson} | 5 ++++ .../{SSH-D2.json => SSH-D2.hujson} | 5 ++++ .../{SSH-D3.json => SSH-D3.hujson} | 5 ++++ .../{SSH-D4.json => SSH-D4.hujson} | 5 ++++ .../{SSH-D5.json => SSH-D5.hujson} | 5 ++++ .../{SSH-D6.json => SSH-D6.hujson} | 5 ++++ .../{SSH-D7.json => SSH-D7.hujson} | 5 ++++ .../{SSH-D8.json => SSH-D8.hujson} | 5 ++++ .../{SSH-D9.json => SSH-D9.hujson} | 5 ++++ .../{SSH-E3.json => SSH-E3.hujson} | 5 ++++ .../{SSH-E4.json => SSH-E4.hujson} | 5 ++++ .../{SSH-E5.json => SSH-E5.hujson} | 5 ++++ .../{SSH-E6.json => SSH-E6.hujson} | 5 ++++ .../{SSH-F1.json => SSH-F1.hujson} | 7 ++++++ .../{SSH-F2.json => SSH-F2.hujson} | 7 ++++++ .../{SSH-F3.json => SSH-F3.hujson} | 7 ++++++ .../{SSH-F4.json => SSH-F4.hujson} | 7 ++++++ .../{SSH-F5.json => SSH-F5.hujson} | 7 ++++++ .../{SSH-G1.json => SSH-G1.hujson} | 5 ++++ .../{SSH-G2.json => SSH-G2.hujson} | 5 ++++ hscontrol/servertest/via_compat_test.go | 23 +++++++++++++++++-- 600 files changed, 3493 insertions(+), 18 deletions(-) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A01.json => ACL-A01.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A02.json => ACL-A02.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A03.json => ACL-A03.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A04.json => ACL-A04.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A05.json => ACL-A05.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A06.json => ACL-A06.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A07.json => ACL-A07.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A08.json => ACL-A08.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A09.json => ACL-A09.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A10.json => ACL-A10.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A11.json => ACL-A11.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A12.json => ACL-A12.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A13.json => ACL-A13.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A14.json => ACL-A14.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A15.json => ACL-A15.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A16.json => ACL-A16.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-A17.json => ACL-A17.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AH01.json => ACL-AH01.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AH02.json => ACL-AH02.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AH03.json => ACL-AH03.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AH04.json => ACL-AH04.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AH05.json => ACL-AH05.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AH06.json => ACL-AH06.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AR01.json => ACL-AR01.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AR02.json => ACL-AR02.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AR03.json => ACL-AR03.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AR04.json => ACL-AR04.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AR05.json => ACL-AR05.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AR06.json => ACL-AR06.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AT01.json => ACL-AT01.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AT02.json => ACL-AT02.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AT03.json => ACL-AT03.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AT04.json => ACL-AT04.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AT05.json => ACL-AT05.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AT06.json => ACL-AT06.hujson} (94%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AU01.json => ACL-AU01.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AU02.json => ACL-AU02.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AU03.json => ACL-AU03.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AU04.json => ACL-AU04.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AU05.json => ACL-AU05.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-AU06.json => ACL-AU06.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-C01.json => ACL-C01.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-C02.json => ACL-C02.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-C03.json => ACL-C03.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-C04.json => ACL-C04.hujson} (94%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-C05.json => ACL-C05.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-C06.json => ACL-C06.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-C07.json => ACL-C07.hujson} (94%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-C08.json => ACL-C08.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-C09.json => ACL-C09.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-C10.json => ACL-C10.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-D01.json => ACL-D01.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-D02.json => ACL-D02.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-D03.json => ACL-D03.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-D04.json => ACL-D04.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-D05.json => ACL-D05.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-D06.json => ACL-D06.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-D07.json => ACL-D07.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-D08.json => ACL-D08.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-E01.json => ACL-E01.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-E02.json => ACL-E02.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-E03.json => ACL-E03.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-E04.json => ACL-E04.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-E05.json => ACL-E05.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-E06.json => ACL-E06.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-E07.json => ACL-E07.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-E08.json => ACL-E08.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-E09.json => ACL-E09.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-ERR01.json => ACL-ERR01.hujson} (90%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-ERR02.json => ACL-ERR02.hujson} (89%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-ERR03.json => ACL-ERR03.hujson} (89%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-ERR04.json => ACL-ERR04.hujson} (91%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-ERR05.json => ACL-ERR05.hujson} (90%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-ERR06.json => ACL-ERR06.hujson} (91%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-ERR07.json => ACL-ERR07.hujson} (90%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-ERR08.json => ACL-ERR08.hujson} (86%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-ERR09.json => ACL-ERR09.hujson} (86%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-H01.json => ACL-H01.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-H02.json => ACL-H02.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-H03.json => ACL-H03.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-H04.json => ACL-H04.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-H05.json => ACL-H05.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-H06.json => ACL-H06.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-H07.json => ACL-H07.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-H08.json => ACL-H08.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-K01.json => ACL-K01.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-K02.json => ACL-K02.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-K03.json => ACL-K03.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-K04.json => ACL-K04.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-K05.json => ACL-K05.hujson} (94%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-M01.json => ACL-M01.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-M02.json => ACL-M02.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-M03.json => ACL-M03.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-M04.json => ACL-M04.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-M05.json => ACL-M05.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-M06.json => ACL-M06.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-M07.json => ACL-M07.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-M08.json => ACL-M08.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-M09.json => ACL-M09.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-M10.json => ACL-M10.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR01.json => ACL-MR01.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR02.json => ACL-MR02.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR03.json => ACL-MR03.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR04.json => ACL-MR04.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR05.json => ACL-MR05.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR06.json => ACL-MR06.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR07.json => ACL-MR07.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR08.json => ACL-MR08.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR09.json => ACL-MR09.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR10.json => ACL-MR10.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR11.json => ACL-MR11.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR12.json => ACL-MR12.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR13.json => ACL-MR13.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR14.json => ACL-MR14.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR15.json => ACL-MR15.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR16.json => ACL-MR16.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR17.json => ACL-MR17.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR18.json => ACL-MR18.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR19.json => ACL-MR19.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR20.json => ACL-MR20.hujson} (94%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR21.json => ACL-MR21.hujson} (94%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR22.json => ACL-MR22.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MR23.json => ACL-MR23.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MU01.json => ACL-MU01.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MU02.json => ACL-MU02.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MU03.json => ACL-MU03.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MU04.json => ACL-MU04.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MU05.json => ACL-MU05.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MU06.json => ACL-MU06.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MU07.json => ACL-MU07.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-MU08.json => ACL-MU08.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-O01.json => ACL-O01.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-O02.json => ACL-O02.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-O03.json => ACL-O03.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-O04.json => ACL-O04.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-P01.json => ACL-P01.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-P02.json => ACL-P02.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-P03.json => ACL-P03.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-P04.json => ACL-P04.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-P05.json => ACL-P05.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-P06.json => ACL-P06.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-PF01.json => ACL-PF01.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-PF02.json => ACL-PF02.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-PF03.json => ACL-PF03.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-PF04.json => ACL-PF04.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-PF05.json => ACL-PF05.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-R01.json => ACL-R01.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-R02.json => ACL-R02.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-R03.json => ACL-R03.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-R04.json => ACL-R04.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-R05.json => ACL-R05.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-R06.json => ACL-R06.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-R07.json => ACL-R07.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-R08.json => ACL-R08.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-R09.json => ACL-R09.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-R10.json => ACL-R10.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-RS01.json => ACL-RS01.hujson} (95%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-RS02.json => ACL-RS02.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-RS03.json => ACL-RS03.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-RS04.json => ACL-RS04.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-RS05.json => ACL-RS05.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-RS06.json => ACL-RS06.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-RS07.json => ACL-RS07.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-S01.json => ACL-S01.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-S02.json => ACL-S02.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-S03.json => ACL-S03.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-S04.json => ACL-S04.hujson} (88%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-S05.json => ACL-S05.hujson} (88%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-S06.json => ACL-S06.hujson} (88%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-S07.json => ACL-S07.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-S08.json => ACL-S08.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-S09.json => ACL-S09.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-S10.json => ACL-S10.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF01.json => ACL-SF01.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF02.json => ACL-SF02.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF03.json => ACL-SF03.hujson} (88%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF04.json => ACL-SF04.hujson} (88%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF05.json => ACL-SF05.hujson} (88%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF06.json => ACL-SF06.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF07.json => ACL-SF07.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF08.json => ACL-SF08.hujson} (87%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF09.json => ACL-SF09.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF10.json => ACL-SF10.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF11.json => ACL-SF11.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF12.json => ACL-SF12.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-SF13.json => ACL-SF13.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-T01.json => ACL-T01.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-T02.json => ACL-T02.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-T03.json => ACL-T03.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-T04.json => ACL-T04.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-T05.json => ACL-T05.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-T06.json => ACL-T06.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-T07.json => ACL-T07.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-T08.json => ACL-T08.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-T09.json => ACL-T09.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-T10.json => ACL-T10.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U01.json => ACL-U01.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U02.json => ACL-U02.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U03.json => ACL-U03.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U04.json => ACL-U04.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U05.json => ACL-U05.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U06.json => ACL-U06.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U07.json => ACL-U07.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U08.json => ACL-U08.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U09.json => ACL-U09.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U10.json => ACL-U10.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U11.json => ACL-U11.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-U12.json => ACL-U12.hujson} (96%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-W01.json => ACL-W01.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-W02.json => ACL-W02.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-W03.json => ACL-W03.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-W04.json => ACL-W04.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-W05.json => ACL-W05.hujson} (97%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-W06.json => ACL-W06.hujson} (98%) rename hscontrol/policy/v2/testdata/acl_results/{ACL-W07.json => ACL-W07.hujson} (98%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-A1.json => GRANT-A1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-A2.json => GRANT-A2.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-A3.json => GRANT-A3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-A4.json => GRANT-A4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-A5.json => GRANT-A5.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-A6.json => GRANT-A6.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-B1.json => GRANT-B1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-B2.json => GRANT-B2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-B3.json => GRANT-B3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-B4.json => GRANT-B4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-B5.json => GRANT-B5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-C1.json => GRANT-C1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-C2.json => GRANT-C2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-C3.json => GRANT-C3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-C4.json => GRANT-C4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-C5.json => GRANT-C5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-C6.json => GRANT-C6.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-D1.json => GRANT-D1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-D2.json => GRANT-D2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-D3.json => GRANT-D3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-D4.json => GRANT-D4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-D5.json => GRANT-D5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-D6.json => GRANT-D6.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-D7.json => GRANT-D7.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-E1.json => GRANT-E1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-E2.json => GRANT-E2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-E3.json => GRANT-E3.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-E4.json => GRANT-E4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-E5.json => GRANT-E5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-E6.json => GRANT-E6.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-E7.json => GRANT-E7.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-E8.json => GRANT-E8.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-F1.json => GRANT-F1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-F2.json => GRANT-F2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-F3.json => GRANT-F3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-F4.json => GRANT-F4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-G1.json => GRANT-G1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-G2.json => GRANT-G2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-G3.json => GRANT-G3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-G4.json => GRANT-G4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-G5.json => GRANT-G5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-G6.json => GRANT-G6.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-H1.json => GRANT-H1.hujson} (92%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-H10.json => GRANT-H10.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-H2.json => GRANT-H2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-H3.json => GRANT-H3.hujson} (92%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-H4.json => GRANT-H4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-H5.json => GRANT-H5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-H6.json => GRANT-H6.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-H7.json => GRANT-H7.hujson} (90%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-H8.json => GRANT-H8.hujson} (92%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-H9.json => GRANT-H9.hujson} (88%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-I1.json => GRANT-I1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-I2.json => GRANT-I2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-I3.json => GRANT-I3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-I4.json => GRANT-I4.hujson} (91%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-J1.json => GRANT-J1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-J2.json => GRANT-J2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-J3.json => GRANT-J3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-J4.json => GRANT-J4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-J5.json => GRANT-J5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-J6.json => GRANT-J6.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-J7.json => GRANT-J7.hujson} (91%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K1.json => GRANT-K1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K10.json => GRANT-K10.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K11.json => GRANT-K11.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K12.json => GRANT-K12.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K13.json => GRANT-K13.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K14.json => GRANT-K14.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K15.json => GRANT-K15.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K16.json => GRANT-K16.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K17.json => GRANT-K17.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K18.json => GRANT-K18.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K19.json => GRANT-K19.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K2.json => GRANT-K2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K20.json => GRANT-K20.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K21.json => GRANT-K21.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K22.json => GRANT-K22.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K23.json => GRANT-K23.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K24.json => GRANT-K24.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K25.json => GRANT-K25.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K26.json => GRANT-K26.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K27.json => GRANT-K27.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K28.json => GRANT-K28.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K29.json => GRANT-K29.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K3.json => GRANT-K3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K30.json => GRANT-K30.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K4.json => GRANT-K4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K5.json => GRANT-K5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K6.json => GRANT-K6.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K7.json => GRANT-K7.hujson} (90%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K8.json => GRANT-K8.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-K9.json => GRANT-K9.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P01_1.json => GRANT-P01_1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P01_2.json => GRANT-P01_2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P01_3.json => GRANT-P01_3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P01_4.json => GRANT-P01_4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P01_5.json => GRANT-P01_5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P02_1.json => GRANT-P02_1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P02_2.json => GRANT-P02_2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P02_3.json => GRANT-P02_3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P02_4.json => GRANT-P02_4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P02_5_CORRECT.json => GRANT-P02_5_CORRECT.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P02_5_NAIVE.json => GRANT-P02_5_NAIVE.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P03_1.json => GRANT-P03_1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P03_2.json => GRANT-P03_2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P03_3.json => GRANT-P03_3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P03_4.json => GRANT-P03_4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P04_1.json => GRANT-P04_1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P04_2.json => GRANT-P04_2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P04_3.json => GRANT-P04_3.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P04_4.json => GRANT-P04_4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P05_1.json => GRANT-P05_1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P05_2.json => GRANT-P05_2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P05_3.json => GRANT-P05_3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P06_1.json => GRANT-P06_1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P06_2.json => GRANT-P06_2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P06_3.json => GRANT-P06_3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P06_4.json => GRANT-P06_4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P06_5.json => GRANT-P06_5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P06_6.json => GRANT-P06_6.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P06_7.json => GRANT-P06_7.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P08_1.json => GRANT-P08_1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P08_2.json => GRANT-P08_2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P08_3.json => GRANT-P08_3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P08_4.json => GRANT-P08_4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P08_5.json => GRANT-P08_5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P08_6.json => GRANT-P08_6.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P08_7.json => GRANT-P08_7.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P08_8.json => GRANT-P08_8.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_10A.json => GRANT-P09_10A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_10B.json => GRANT-P09_10B.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_10C.json => GRANT-P09_10C.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_10D.json => GRANT-P09_10D.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_11A.json => GRANT-P09_11A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_11B.json => GRANT-P09_11B.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_11C_NAIVE.json => GRANT-P09_11C_NAIVE.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_11D.json => GRANT-P09_11D.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_12A.json => GRANT-P09_12A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_12B.json => GRANT-P09_12B.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_13A.json => GRANT-P09_13A.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_13B.json => GRANT-P09_13B.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_13C.json => GRANT-P09_13C.hujson} (88%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_13D.json => GRANT-P09_13D.hujson} (88%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_13E.json => GRANT-P09_13E.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_13F.json => GRANT-P09_13F.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_13G.json => GRANT-P09_13G.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_13H_CORRECT.json => GRANT-P09_13H_CORRECT.hujson} (87%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_13H_NAIVE.json => GRANT-P09_13H_NAIVE.hujson} (88%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_14A.json => GRANT-P09_14A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_14B.json => GRANT-P09_14B.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_14C.json => GRANT-P09_14C.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_14D.json => GRANT-P09_14D.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_14E.json => GRANT-P09_14E.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_14F.json => GRANT-P09_14F.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_14G.json => GRANT-P09_14G.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_14H.json => GRANT-P09_14H.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_14I.json => GRANT-P09_14I.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_1A.json => GRANT-P09_1A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_1B.json => GRANT-P09_1B.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_1C.json => GRANT-P09_1C.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_1D.json => GRANT-P09_1D.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_1E.json => GRANT-P09_1E.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_2A_CORRECT.json => GRANT-P09_2A_CORRECT.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_2A_NAIVE.json => GRANT-P09_2A_NAIVE.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_2B_CORRECT.json => GRANT-P09_2B_CORRECT.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_2B_NAIVE.json => GRANT-P09_2B_NAIVE.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_2C.json => GRANT-P09_2C.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_3A.json => GRANT-P09_3A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_3B.json => GRANT-P09_3B.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_3C.json => GRANT-P09_3C.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_4A.json => GRANT-P09_4A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_4B.json => GRANT-P09_4B.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_4C.json => GRANT-P09_4C.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_4D.json => GRANT-P09_4D.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_4E.json => GRANT-P09_4E.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_4F.json => GRANT-P09_4F.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_4G.json => GRANT-P09_4G.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_5A.json => GRANT-P09_5A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_5B.json => GRANT-P09_5B.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_5C_NAIVE.json => GRANT-P09_5C_NAIVE.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_6A.json => GRANT-P09_6A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_6B.json => GRANT-P09_6B.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_6C.json => GRANT-P09_6C.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_6D.json => GRANT-P09_6D.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_7A.json => GRANT-P09_7A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_7B_NAIVE.json => GRANT-P09_7B_NAIVE.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_7C.json => GRANT-P09_7C.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_7D_NAIVE.json => GRANT-P09_7D_NAIVE.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_8A.json => GRANT-P09_8A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_8B.json => GRANT-P09_8B.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_8C.json => GRANT-P09_8C.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_9A.json => GRANT-P09_9A.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_9B.json => GRANT-P09_9B.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P09_9C.json => GRANT-P09_9C.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P10_1.json => GRANT-P10_1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P10_2.json => GRANT-P10_2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P10_3.json => GRANT-P10_3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P10_4.json => GRANT-P10_4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P11_1.json => GRANT-P11_1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P11_2.json => GRANT-P11_2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P11_3.json => GRANT-P11_3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P13_1.json => GRANT-P13_1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P13_2.json => GRANT-P13_2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P13_3.json => GRANT-P13_3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P13_4.json => GRANT-P13_4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P15_1.json => GRANT-P15_1.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P15_2.json => GRANT-P15_2.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P15_3.json => GRANT-P15_3.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P15_4.json => GRANT-P15_4.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P15_5.json => GRANT-P15_5.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-P15_6.json => GRANT-P15_6.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V01.json => GRANT-V01.hujson} (90%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V02.json => GRANT-V02.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V03.json => GRANT-V03.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V04.json => GRANT-V04.hujson} (88%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V05.json => GRANT-V05.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V06.json => GRANT-V06.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V07.json => GRANT-V07.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V08.json => GRANT-V08.hujson} (88%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V09.json => GRANT-V09.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V10.json => GRANT-V10.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V11.json => GRANT-V11.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V12.json => GRANT-V12.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V13.json => GRANT-V13.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V14.json => GRANT-V14.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V15.json => GRANT-V15.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V16.json => GRANT-V16.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V17.json => GRANT-V17.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V18.json => GRANT-V18.hujson} (88%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V19.json => GRANT-V19.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V20.json => GRANT-V20.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V21.json => GRANT-V21.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V22.json => GRANT-V22.hujson} (89%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V23.json => GRANT-V23.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V24.json => GRANT-V24.hujson} (88%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V25.json => GRANT-V25.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V26.json => GRANT-V26.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V27.json => GRANT-V27.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V28.json => GRANT-V28.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V29.json => GRANT-V29.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V30.json => GRANT-V30.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V31.json => GRANT-V31.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V32.json => GRANT-V32.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V33.json => GRANT-V33.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V34.json => GRANT-V34.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V35.json => GRANT-V35.hujson} (99%) rename hscontrol/policy/v2/testdata/grant_results/{GRANT-V36.json => GRANT-V36.hujson} (99%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-a1_wildcard_acl_includes_routes_in_srcips.json => ROUTES-a1_wildcard_acl_includes_routes_in_srcips.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-a2_tag_based_acl_excludes_routes.json => ROUTES-a2_tag_based_acl_excludes_routes.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-a3_explicit_subnet_filter_to_router.json => ROUTES-a3_explicit_subnet_filter_to_router.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-a3b_autogroup_member_to_subnet.json => ROUTES-a3b_autogroup_member_to_subnet.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-a4_multiple_routes_same_router.json => ROUTES-a4_multiple_routes_same_router.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-a5_host_alias_to_subnet.json => ROUTES-a5_host_alias_to_subnet.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-b10_exit_routes_not_in_primaryroutes.json => ROUTES-b10_exit_routes_not_in_primaryroutes.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-b1_exit_routes_not_in_srcips.json => ROUTES-b1_exit_routes_not_in_srcips.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-b2_tag_exit_excludes_exit_routes.json => ROUTES-b2_tag_exit_excludes_exit_routes.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-b3_exit_node_advertises_routes.json => ROUTES-b3_exit_node_advertises_routes.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-b4_multi_router_has_both_route_types.json => ROUTES-b4_multi_router_has_both_route_types.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-b5_exit_with_wildcard_dst.json => ROUTES-b5_exit_with_wildcard_dst.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-b6_exit_node_option_field.json => ROUTES-b6_exit_node_option_field.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-b7_multiple_exit_nodes.json => ROUTES-b7_multiple_exit_nodes.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-b8_autogroup_internet_no_filters.json => ROUTES-b8_autogroup_internet_no_filters.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-b9_exit_routes_in_allowedips.json => ROUTES-b9_exit_routes_in_allowedips.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-d10_auto_approval_retroactive.json => ROUTES-d10_auto_approval_retroactive.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-d11_overlapping_auto_approvers.json => ROUTES-d11_overlapping_auto_approvers.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-d1_basic_route_auto_approval.json => ROUTES-d1_basic_route_auto_approval.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-d2_nested_prefix_approval.json => ROUTES-d2_nested_prefix_approval.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-d3_exact_prefix_approval.json => ROUTES-d3_exact_prefix_approval.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-d4_prefix_not_covered.json => ROUTES-d4_prefix_not_covered.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-d5_wrong_tag_not_approved.json => ROUTES-d5_wrong_tag_not_approved.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-d6_exit_node_auto_approval.json => ROUTES-d6_exit_node_auto_approval.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-d7_exit_auto_approval_wrong_tag.json => ROUTES-d7_exit_auto_approval_wrong_tag.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-d8_auto_approval_acl_interaction.json => ROUTES-d8_auto_approval_acl_interaction.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-d9_auto_approval_triggers_on_advertise.json => ROUTES-d9_auto_approval_triggers_on_advertise.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-e1_ha_two_routers_same_subnet.json => ROUTES-e1_ha_two_routers_same_subnet.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-e2_ha_primary_in_allowedips.json => ROUTES-e2_ha_primary_in_allowedips.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-e3_ha_secondary_no_route_in_allowedips.json => ROUTES-e3_ha_secondary_no_route_in_allowedips.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-e4_ha_both_get_filters_host_alias.json => ROUTES-e4_ha_both_get_filters_host_alias.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-e5_first_advertiser_is_primary.json => ROUTES-e5_first_advertiser_is_primary.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-f1_filter_on_destination_not_source.json => ROUTES-f1_filter_on_destination_not_source.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-f2_subnet_as_acl_source.json => ROUTES-f2_subnet_as_acl_source.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-f3_wildcard_src_specific_dst.json => ROUTES-f3_wildcard_src_specific_dst.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-f4_specific_src_wildcard_dst.json => ROUTES-f4_specific_src_wildcard_dst.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-f5_bidirectional_subnet_access.json => ROUTES-f5_bidirectional_subnet_access.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-f6_filter_srcips_expansion.json => ROUTES-f6_filter_srcips_expansion.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-f7_filter_dstports_shows_acl_cidr.json => ROUTES-f7_filter_dstports_shows_acl_cidr.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-f8_route_enabled_acl_denies.json => ROUTES-f8_route_enabled_acl_denies.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-f9_route_disabled_acl_allows.json => ROUTES-f9_route_disabled_acl_allows.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-g1_port_restriction_subnet.json => ROUTES-g1_port_restriction_subnet.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-g2_port_range_subnet.json => ROUTES-g2_port_range_subnet.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-g3_multiple_ports_subnet.json => ROUTES-g3_multiple_ports_subnet.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-g4_protocol_icmp_subnet.json => ROUTES-g4_protocol_icmp_subnet.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-g5_protocol_tcp_only.json => ROUTES-g5_protocol_tcp_only.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-g6_protocol_udp_only.json => ROUTES-g6_protocol_udp_only.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-g7_all_ports_wildcard.json => ROUTES-g7_all_ports_wildcard.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-g8_default_ipproto.json => ROUTES-g8_default_ipproto.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-h10_very_small_prefix.json => ROUTES-h10_very_small_prefix.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-h11_ipv6_small_prefix.json => ROUTES-h11_ipv6_small_prefix.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-h1_wildcard_srcips_format.json => ROUTES-h1_wildcard_srcips_format.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-h2_wildcard_dstports_format.json => ROUTES-h2_wildcard_dstports_format.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-h3_cgnat_range_expansion.json => ROUTES-h3_cgnat_range_expansion.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-h4_ipv6_range_in_srcips.json => ROUTES-h4_ipv6_range_in_srcips.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-h5_subnet_overlaps_cgnat.json => ROUTES-h5_subnet_overlaps_cgnat.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-h6_loopback_routes_not_distributed.json => ROUTES-h6_loopback_routes_not_distributed.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-h7_two_nodes_same_subnet.json => ROUTES-h7_two_nodes_same_subnet.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-h8_cgnat_overlap_blocked.json => ROUTES-h8_cgnat_overlap_blocked.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-h9_large_prefix_works.json => ROUTES-h9_large_prefix_works.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-i1_ipv6_subnet_route.json => ROUTES-i1_ipv6_subnet_route.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-i2_ipv6_exit_route.json => ROUTES-i2_ipv6_exit_route.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-i3_ipv6_in_wildcard_srcips.json => ROUTES-i3_ipv6_in_wildcard_srcips.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-i4_ipv6_specific_acl.json => ROUTES-i4_ipv6_specific_acl.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-i5_ipv6_parent_child_routes.json => ROUTES-i5_ipv6_parent_child_routes.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-i6_dual_stack_node.json => ROUTES-i6_dual_stack_node.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-i7_ipv6_exit_coverage.json => ROUTES-i7_ipv6_exit_coverage.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o10_acl_dest_covered_by_multiple.json => ROUTES-o10_acl_dest_covered_by_multiple.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o11_acl_dest_not_covered.json => ROUTES-o11_acl_dest_not_covered.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o12_filter_dest_is_acl_cidr.json => ROUTES-o12_filter_dest_is_acl_cidr.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o1_overlapping_routes_not_merged.json => ROUTES-o1_overlapping_routes_not_merged.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o2_ha_routers_both_get_filter.json => ROUTES-o2_ha_routers_both_get_filter.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o3_parent_child_different_nodes.json => ROUTES-o3_parent_child_different_nodes.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o4_three_way_hierarchy.json => ROUTES-o4_three_way_hierarchy.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o5_sibling_routes_with_parent_acl.json => ROUTES-o5_sibling_routes_with_parent_acl.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o6_exit_route_expands_filter_dist.json => ROUTES-o6_exit_route_expands_filter_dist.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o7_specific_ip_targeting.json => ROUTES-o7_specific_ip_targeting.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o8_same_node_overlapping_routes.json => ROUTES-o8_same_node_overlapping_routes.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-o9_different_nodes_same_route.json => ROUTES-o9_different_nodes_same_route.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-r1_exit_covers_external_dest.json => ROUTES-r1_exit_covers_external_dest.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-r2_parent_route_covers_child_dest.json => ROUTES-r2_parent_route_covers_child_dest.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-r3_sibling_routes_no_coverage.json => ROUTES-r3_sibling_routes_no_coverage.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-r4_exact_match_route.json => ROUTES-r4_exact_match_route.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-r5_route_coverage_check_logic.json => ROUTES-r5_route_coverage_check_logic.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-r6_ipv6_route_coverage.json => ROUTES-r6_ipv6_route_coverage.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-r7_exit_ipv6_coverage.json => ROUTES-r7_exit_ipv6_coverage.hujson} (96%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-r8_mixed_ipv4_ipv6_coverage.json => ROUTES-r8_mixed_ipv4_ipv6_coverage.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-t1_tags_resolve_to_ips_not_routes.json => ROUTES-t1_tags_resolve_to_ips_not_routes.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-t2_tag_to_tag_with_exit.json => ROUTES-t2_tag_to_tag_with_exit.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-t3_tag_src_includes_all_tagged.json => ROUTES-t3_tag_src_includes_all_tagged.hujson} (98%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-t4_tag_dst_includes_all_tagged.json => ROUTES-t4_tag_dst_includes_all_tagged.hujson} (97%) rename hscontrol/policy/v2/testdata/routes_results/{ROUTES-t5_multi_tag_node_in_both.json => ROUTES-t5_multi_tag_node_in_both.hujson} (97%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-A1.json => SSH-A1.hujson} (91%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-A2.json => SSH-A2.hujson} (91%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-A3.json => SSH-A3.hujson} (91%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-A4.json => SSH-A4.hujson} (88%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-A5.json => SSH-A5.hujson} (87%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-A6.json => SSH-A6.hujson} (94%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-A7.json => SSH-A7.hujson} (94%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-A8.json => SSH-A8.hujson} (94%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-B1.json => SSH-B1.hujson} (84%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-B2.json => SSH-B2.hujson} (87%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-B3.json => SSH-B3.hujson} (85%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-B5.json => SSH-B5.hujson} (87%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-B6.json => SSH-B6.hujson} (87%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-C1.json => SSH-C1.hujson} (91%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-C2.json => SSH-C2.hujson} (88%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-C3.json => SSH-C3.hujson} (84%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-C4.json => SSH-C4.hujson} (91%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-D10.json => SSH-D10.hujson} (95%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-D11.json => SSH-D11.hujson} (96%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-D12.json => SSH-D12.hujson} (96%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-D2.json => SSH-D2.hujson} (96%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-D3.json => SSH-D3.hujson} (96%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-D4.json => SSH-D4.hujson} (96%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-D5.json => SSH-D5.hujson} (96%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-D6.json => SSH-D6.hujson} (96%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-D7.json => SSH-D7.hujson} (96%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-D8.json => SSH-D8.hujson} (93%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-D9.json => SSH-D9.hujson} (93%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-E3.json => SSH-E3.hujson} (80%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-E4.json => SSH-E4.hujson} (81%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-E5.json => SSH-E5.hujson} (89%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-E6.json => SSH-E6.hujson} (97%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-F1.json => SSH-F1.hujson} (90%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-F2.json => SSH-F2.hujson} (91%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-F3.json => SSH-F3.hujson} (95%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-F4.json => SSH-F4.hujson} (95%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-F5.json => SSH-F5.hujson} (96%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-G1.json => SSH-G1.hujson} (89%) rename hscontrol/policy/v2/testdata/ssh_results/{SSH-G2.json => SSH-G2.hujson} (89%) diff --git a/.gitignore b/.gitignore index 4fec4f53..8dbdbe85 100644 --- a/.gitignore +++ b/.gitignore @@ -29,6 +29,7 @@ config*.yaml !config-example.yaml derp.yaml *.hujson +!hscontrol/policy/v2/testdata/*/*.hujson *.key /db.sqlite *.sqlite3 diff --git a/hscontrol/policy/v2/tailscale_acl_data_compat_test.go b/hscontrol/policy/v2/tailscale_acl_data_compat_test.go index 5c665575..ec56a408 100644 --- a/hscontrol/policy/v2/tailscale_acl_data_compat_test.go +++ b/hscontrol/policy/v2/tailscale_acl_data_compat_test.go @@ -27,6 +27,7 @@ import ( "github.com/juanfont/headscale/hscontrol/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/tailscale/hujson" "gorm.io/gorm" "tailscale.com/tailcfg" ) @@ -220,10 +221,14 @@ func loadACLTestFile(t *testing.T, path string) aclTestFile { content, err := os.ReadFile(path) require.NoError(t, err, "failed to read test file %s", path) + ast, err := hujson.Parse(content) + require.NoError(t, err, "failed to parse HuJSON in %s", path) + ast.Standardize() + var tf aclTestFile - err = json.Unmarshal(content, &tf) - require.NoError(t, err, "failed to parse test file %s", path) + err = json.Unmarshal(ast.Pack(), &tf) + require.NoError(t, err, "failed to unmarshal test file %s", path) return tf } @@ -255,13 +260,13 @@ func TestACLCompat(t *testing.T) { t.Parallel() files, err := filepath.Glob( - filepath.Join("testdata", "acl_results", "ACL-*.json"), + filepath.Join("testdata", "acl_results", "ACL-*.hujson"), ) require.NoError(t, err, "failed to glob test files") require.NotEmpty( t, files, - "no ACL-*.json test files found in testdata/acl_results/", + "no ACL-*.hujson test files found in testdata/acl_results/", ) t.Logf("Loaded %d ACL test files", len(files)) diff --git a/hscontrol/policy/v2/tailscale_grants_compat_test.go b/hscontrol/policy/v2/tailscale_grants_compat_test.go index f983aeff..c87f1fc3 100644 --- a/hscontrol/policy/v2/tailscale_grants_compat_test.go +++ b/hscontrol/policy/v2/tailscale_grants_compat_test.go @@ -31,6 +31,7 @@ import ( "github.com/juanfont/headscale/hscontrol/policy/policyutil" "github.com/juanfont/headscale/hscontrol/types" "github.com/stretchr/testify/require" + "github.com/tailscale/hujson" "gorm.io/gorm" "tailscale.com/tailcfg" ) @@ -316,10 +317,14 @@ func loadGrantTestFile(t *testing.T, path string) grantTestFile { content, err := os.ReadFile(path) require.NoError(t, err, "failed to read test file %s", path) + ast, err := hujson.Parse(content) + require.NoError(t, err, "failed to parse HuJSON in %s", path) + ast.Standardize() + var tf grantTestFile - err = json.Unmarshal(content, &tf) - require.NoError(t, err, "failed to parse test file %s", path) + err = json.Unmarshal(ast.Pack(), &tf) + require.NoError(t, err, "failed to unmarshal test file %s", path) return tf } @@ -357,9 +362,9 @@ var grantSkipReasons = map[string]string{ func TestGrantsCompat(t *testing.T) { t.Parallel() - files, err := filepath.Glob(filepath.Join("testdata", "grant_results", "GRANT-*.json")) + files, err := filepath.Glob(filepath.Join("testdata", "grant_results", "GRANT-*.hujson")) require.NoError(t, err, "failed to glob test files") - require.NotEmpty(t, files, "no GRANT-*.json test files found in testdata/grant_results/") + require.NotEmpty(t, files, "no GRANT-*.hujson test files found in testdata/grant_results/") t.Logf("Loaded %d grant test files", len(files)) diff --git a/hscontrol/policy/v2/tailscale_routes_data_compat_test.go b/hscontrol/policy/v2/tailscale_routes_data_compat_test.go index ec37d9a7..4f11c319 100644 --- a/hscontrol/policy/v2/tailscale_routes_data_compat_test.go +++ b/hscontrol/policy/v2/tailscale_routes_data_compat_test.go @@ -25,6 +25,7 @@ import ( "github.com/juanfont/headscale/hscontrol/policy/policyutil" "github.com/juanfont/headscale/hscontrol/types" "github.com/stretchr/testify/require" + "github.com/tailscale/hujson" "gorm.io/gorm" "tailscale.com/tailcfg" ) @@ -71,10 +72,14 @@ func loadRoutesTestFile(t *testing.T, path string) routesTestFile { content, err := os.ReadFile(path) require.NoError(t, err, "failed to read test file %s", path) + ast, err := hujson.Parse(content) + require.NoError(t, err, "failed to parse HuJSON in %s", path) + ast.Standardize() + var tf routesTestFile - err = json.Unmarshal(content, &tf) - require.NoError(t, err, "failed to parse test file %s", path) + err = json.Unmarshal(ast.Pack(), &tf) + require.NoError(t, err, "failed to unmarshal test file %s", path) return tf } @@ -188,13 +193,13 @@ func TestRoutesCompat(t *testing.T) { t.Parallel() files, err := filepath.Glob( - filepath.Join("testdata", "routes_results", "ROUTES-*.json"), + filepath.Join("testdata", "routes_results", "ROUTES-*.hujson"), ) require.NoError(t, err, "failed to glob test files") require.NotEmpty( t, files, - "no ROUTES-*.json test files found in testdata/routes_results/", + "no ROUTES-*.hujson test files found in testdata/routes_results/", ) t.Logf("Loaded %d routes test files", len(files)) diff --git a/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go b/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go index 75c9420a..1197f69f 100644 --- a/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go +++ b/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go @@ -29,6 +29,7 @@ import ( "github.com/google/go-cmp/cmp/cmpopts" "github.com/juanfont/headscale/hscontrol/types" "github.com/stretchr/testify/require" + "github.com/tailscale/hujson" "gorm.io/gorm" "tailscale.com/tailcfg" ) @@ -191,10 +192,14 @@ func loadSSHTestFile(t *testing.T, path string) sshTestFile { content, err := os.ReadFile(path) require.NoError(t, err, "failed to read test file %s", path) + ast, err := hujson.Parse(content) + require.NoError(t, err, "failed to parse HuJSON in %s", path) + ast.Standardize() + var tf sshTestFile - err = json.Unmarshal(content, &tf) - require.NoError(t, err, "failed to parse test file %s", path) + err = json.Unmarshal(ast.Pack(), &tf) + require.NoError(t, err, "failed to unmarshal test file %s", path) return tf } @@ -226,13 +231,13 @@ func TestSSHDataCompat(t *testing.T) { t.Parallel() files, err := filepath.Glob( - filepath.Join("testdata", "ssh_results", "SSH-*.json"), + filepath.Join("testdata", "ssh_results", "SSH-*.hujson"), ) require.NoError(t, err, "failed to glob test files") require.NotEmpty( t, files, - "no SSH-*.json test files found in testdata/ssh_results/", + "no SSH-*.hujson test files found in testdata/ssh_results/", ) t.Logf("Loaded %d SSH test files", len(files)) diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A01.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A01.hujson index 4aafe57f..6d7c9ee8 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A01.hujson @@ -1,3 +1,8 @@ +// ACL-A01 +// +// ACL: accept: src=['autogroup:member'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-A01", "timestamp": "2026-03-17T14:16:33Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A02.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A02.hujson index 3a1cfe57..78fbb205 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A02.hujson @@ -1,3 +1,8 @@ +// ACL-A02 +// +// ACL: accept: src=['autogroup:tagged'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-A02", "timestamp": "2026-03-17T14:16:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A03.hujson index d8a96700..7af4bd7d 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A03.hujson @@ -1,3 +1,8 @@ +// ACL-A03 +// +// ACL: accept: src=['autogroup:member', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-A03", "timestamp": "2026-03-17T14:16:54Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A04.hujson index 93da9c05..5018ca30 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A04.hujson @@ -1,3 +1,8 @@ +// ACL-A04 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A04", "timestamp": "2026-03-17T14:17:04Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A05.hujson index 13b8b048..0d9c2a62 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A05.hujson @@ -1,3 +1,8 @@ +// ACL-A05 +// +// ACL: accept: src=['*'] dst=['autogroup:internet:*'] +// +// Expected: No filter rules { "test_id": "ACL-A05", "timestamp": "2026-03-17T14:17:15Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A06.hujson index 86d0c113..9c4eb374 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A06.hujson @@ -1,3 +1,8 @@ +// ACL-A06 +// +// ACL: accept: src=['*'] dst=['autogroup:member:*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A06", "timestamp": "2026-03-17T14:17:25Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A07.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A07.hujson index f1821a5a..5ec2d15c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A07.hujson @@ -1,3 +1,8 @@ +// ACL-A07 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*', 'tag:server:22'] +// +// Expected: Rules on tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-A07", "timestamp": "2026-03-17T14:17:36Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A08.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A08.hujson index ff4e4140..b66e7763 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A08.hujson @@ -1,3 +1,8 @@ +// ACL-A08 +// +// ACL: accept: src=['*'] dst=['autogroup:tagged:*'] +// +// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "ACL-A08", "timestamp": "2026-03-17T14:17:47Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A09.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A09.hujson index d8b6e62d..032d83cd 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A09.hujson @@ -1,3 +1,8 @@ +// ACL-A09 +// +// ACL: accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A09", "timestamp": "2026-03-17T14:17:57Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A10.hujson index d5eb861c..b0445bb2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A10.hujson @@ -1,3 +1,8 @@ +// ACL-A10 +// +// ACL: accept: src=['kratail2tid@passkey'] dst=['autogroup:self:*'] +// +// Expected: Rules on user1 { "test_id": "ACL-A10", "timestamp": "2026-03-17T14:18:08Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A11.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A11.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A11.hujson index dbb580c1..f86e6722 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A11.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A11.hujson @@ -1,3 +1,8 @@ +// ACL-A11 +// +// ACL: accept: src=['group:admins'] dst=['autogroup:self:*'] +// +// Expected: Rules on user1 { "test_id": "ACL-A11", "timestamp": "2026-03-17T14:18:18Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A12.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A12.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A12.hujson index 4c20a617..9d774e81 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A12.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A12.hujson @@ -1,3 +1,8 @@ +// ACL-A12 +// +// ACL: accept: src=['*'] dst=['autogroup:self:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A12", "timestamp": "2026-03-17T14:18:28Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A13.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A13.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A13.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A13.hujson index 5f3b8468..47287b98 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A13.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A13.hujson @@ -1,3 +1,8 @@ +// ACL-A13 +// +// ACL: accept: src=['*'] dst=['autogroup:self:80-443'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A13", "timestamp": "2026-03-17T14:18:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A14.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A14.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A14.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A14.hujson index 25e90b4e..e6daf80c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A14.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A14.hujson @@ -1,3 +1,8 @@ +// ACL-A14 +// +// ACL: accept: src=['*'] dst=['autogroup:self:22,80,443'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A14", "timestamp": "2026-03-17T14:18:49Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A15.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A15.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A15.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A15.hujson index 709d1d4e..451f1371 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A15.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A15.hujson @@ -1,3 +1,8 @@ +// ACL-A15 +// +// ACL: accept: src=['autogroup:member', 'autogroup:tagged'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-A15", "timestamp": "2026-03-17T14:19:00Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A16.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A16.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A16.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A16.hujson index 3fac6fa3..3c335233 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A16.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A16.hujson @@ -1,3 +1,8 @@ +// ACL-A16 +// +// ACL: accept: src=['autogroup:member', 'autogroup:tagged'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-A16", "timestamp": "2026-03-17T14:19:10Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A17.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A17.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A17.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A17.hujson index ee94df33..961984da 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A17.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A17.hujson @@ -1,3 +1,8 @@ +// ACL-A17 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*', 'tag:server:22', 'autogroup:member:80'] +// +// Expected: Rules on tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-A17", "timestamp": "2026-03-17T14:19:21Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH01.hujson index 8ccb1a00..752eec0b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH01.hujson @@ -1,3 +1,8 @@ +// ACL-AH01 +// +// ACL: accept: src=['internal', 'subnet24'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-AH01", "timestamp": "2026-03-17T14:19:31Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH02.hujson index 6acdad4a..60ff7475 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH02.hujson @@ -1,3 +1,8 @@ +// ACL-AH02 +// +// ACL: accept: src=['internal', '100.108.74.26'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AH02", "timestamp": "2026-03-17T14:19:42Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH03.hujson index 86941b6e..b1479894 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH03.hujson @@ -1,3 +1,8 @@ +// ACL-AH03 +// +// ACL: accept: src=['*'] dst=['internal:22', 'subnet24:80', 'tag:server:443'] +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "ACL-AH03", "timestamp": "2026-03-17T14:19:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH04.hujson index c21eeb6e..98f50e2b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH04.hujson @@ -1,3 +1,8 @@ +// ACL-AH04 +// +// ACL: accept: src=['internal', '10.0.0.0/8'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AH04", "timestamp": "2026-03-17T14:20:02Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH05.hujson index b58cc483..faec62f4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH05.hujson @@ -1,3 +1,8 @@ +// ACL-AH05 +// +// ACL: accept: src=['*'] dst=['internal:22'] +// +// Expected: Rules on subnet-router { "test_id": "ACL-AH05", "timestamp": "2026-03-17T14:20:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH06.hujson index 6f07797e..bba92897 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH06.hujson @@ -1,3 +1,8 @@ +// ACL-AH06 +// +// ACL: accept: src=['*'] dst=['10.0.0.0/8:22'] +// +// Expected: Rules on subnet-router { "test_id": "ACL-AH06", "timestamp": "2026-03-17T14:20:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR01.hujson index 66928505..8c3776aa 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR01.hujson @@ -1,3 +1,10 @@ +// ACL-AR01 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80,443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR01", "timestamp": "2026-03-17T14:20:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR02.hujson index 3aae4a2d..1e12094a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.hujson @@ -1,3 +1,11 @@ +// ACL-AR02 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80,443'] +// accept: src=['*'] dst=['tag:server:53'] proto=udp +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR02", "timestamp": "2026-03-17T14:20:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR03.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR03.hujson index 7a913a60..48d2901c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR03.hujson @@ -1,3 +1,11 @@ +// ACL-AR03 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80'] +// accept: src=['tag:client'] dst=['tag:server:443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR03", "timestamp": "2026-03-17T14:20:55Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR04.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR04.hujson index 381dacb5..a18e679f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR04.hujson @@ -1,3 +1,11 @@ +// ACL-AR04 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:22'] +// accept: src=['tag:router'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR04", "timestamp": "2026-03-17T14:21:05Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR05.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR05.hujson index 8f46b6b5..b4eb5f27 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR05.hujson @@ -1,3 +1,12 @@ +// ACL-AR05 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80'] +// accept: src=['tag:prod'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR05", "timestamp": "2026-03-17T14:21:16Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR06.hujson index c24e37c2..ee770f44 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR06.hujson @@ -1,3 +1,10 @@ +// ACL-AR06 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['*'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR06", "timestamp": "2026-03-17T14:21:26Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT01.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT01.hujson index 77be1c17..e3387743 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT01.hujson @@ -1,3 +1,8 @@ +// ACL-AT01 +// +// ACL: accept: src=['tag:server', 'tag:client', 'tag:prod', 'tag:router', 'tag:exit'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-AT01", "timestamp": "2026-03-17T14:21:36Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT02.hujson index 05f7efe9..ecf74fbb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT02.hujson @@ -1,3 +1,8 @@ +// ACL-AT02 +// +// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:client:22', 'tag:prod:22', 'tag:router:22', 'tag:exit:22'] +// +// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "ACL-AT02", "timestamp": "2026-03-17T14:21:47Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT03.hujson index 454521ac..899df47f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT03.hujson @@ -1,3 +1,8 @@ +// ACL-AT03 +// +// ACL: accept: src=['tag:server', 'tag:client', 'tag:prod', 'tag:router', 'tag:exit'] dst=['autogroup:member:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-AT03", "timestamp": "2026-03-17T14:21:57Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT04.hujson index bc50ab9a..392ec196 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT04.hujson @@ -1,3 +1,10 @@ +// ACL-AT04 +// +// ACLs: +// accept: src=['autogroup:tagged'] dst=['tag:server:22'] +// accept: src=['autogroup:member'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AT04", "timestamp": "2026-03-17T14:22:08Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT05.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT05.hujson index ac083035..d98bd4ad 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT05.hujson @@ -1,3 +1,10 @@ +// ACL-AT05 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:server'] dst=['tag:client:22'] +// +// Expected: Rules on tagged-client, tagged-server { "test_id": "ACL-AT05", "timestamp": "2026-03-17T14:22:18Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT06.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT06.hujson index f04eb600..25a76edd 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT06.hujson @@ -1,3 +1,12 @@ +// ACL-AT06 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:server'] dst=['tag:prod:5432'] +// accept: src=['tag:prod'] dst=['tag:client:80'] +// accept: src=['tag:client'] dst=['tag:prod:443'] +// +// Expected: Rules on tagged-client, tagged-prod, tagged-server { "test_id": "ACL-AT06", "timestamp": "2026-03-17T14:22:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU01.hujson index 7c35a1e7..2f5f50a1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU01.hujson @@ -1,3 +1,8 @@ +// ACL-AU01 +// +// ACL: accept: src=['kristoffer@dalby.cc'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AU01", "timestamp": "2026-03-17T14:22:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU02.hujson index bc354805..353211fa 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU02.hujson @@ -1,3 +1,8 @@ +// ACL-AU02 +// +// ACL: accept: src=['monitorpasskeykradalby@passkey'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod { "test_id": "ACL-AU02", "timestamp": "2026-03-17T14:22:49Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU03.hujson index 71e87c8b..6a8db0d4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU03.hujson @@ -1,3 +1,8 @@ +// ACL-AU03 +// +// ACL: accept: src=['group:developers'] dst=['tag:server:22', 'tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-AU03", "timestamp": "2026-03-17T14:23:00Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU04.hujson index 29df0930..86d6bafa 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU04.hujson @@ -1,3 +1,8 @@ +// ACL-AU04 +// +// ACL: accept: src=['*'] dst=['group:developers:22'] +// +// Expected: Rules on user-kris, user1 { "test_id": "ACL-AU04", "timestamp": "2026-03-17T14:23:10Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU05.hujson index 715fef25..ae894706 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU05.hujson @@ -1,3 +1,8 @@ +// ACL-AU05 +// +// ACL: accept: src=['*'] dst=['group:monitors:*'] +// +// Expected: Rules on user-mon { "test_id": "ACL-AU05", "timestamp": "2026-03-17T14:23:21Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU06.hujson index 9a1394f3..d87204d4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU06.hujson @@ -1,3 +1,8 @@ +// ACL-AU06 +// +// ACL: accept: src=['group:admins', 'group:developers', 'group:monitors'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AU06", "timestamp": "2026-03-17T14:23:31Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C01.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C01.hujson index c5c679ba..b0449557 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C01.hujson @@ -1,3 +1,11 @@ +// ACL-C01 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['autogroup:member'] dst=['tag:server:80'] +// accept: src=['*'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-C01", "timestamp": "2026-03-17T14:23:42Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C02.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C02.hujson index 756fe3a7..023bcede 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C02.hujson @@ -1,3 +1,11 @@ +// ACL-C02 +// +// ACLs: +// accept: src=['tag:client', 'autogroup:member'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:80'] +// accept: src=['group:admins'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-C02", "timestamp": "2026-03-17T14:23:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C03.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C03.hujson index 837043f0..8c6a47f9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C03.hujson @@ -1,3 +1,10 @@ +// ACL-C03 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22', 'tag:prod:5432', 'webserver:80'] +// accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// +// Expected: Rules on tagged-prod, tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-C03", "timestamp": "2026-03-17T14:24:03Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C04.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C04.hujson index c8197e5e..21f979ce 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C04.hujson @@ -1,3 +1,12 @@ +// ACL-C04 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:server'] dst=['tag:prod:5432'] +// accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// accept: src=['*'] dst=['autogroup:internet:*'] +// +// Expected: Rules on tagged-prod, tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-C04", "timestamp": "2026-03-17T14:24:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C05.hujson index cccdb09b..88d66a87 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C05.hujson @@ -1,3 +1,8 @@ +// ACL-C05 +// +// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:prod:5432', 'tag:client:80', 'tag:router:*', 'tag:exit:*', 'autogroup:member:443', 'autogroup:self:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-C05", "timestamp": "2026-03-17T14:24:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C06.hujson index 9978a238..74a0be1b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C06.hujson @@ -1,3 +1,8 @@ +// ACL-C06 +// +// ACL: accept: src=['tag:client', 'tag:prod', 'tag:server', 'autogroup:member', 'group:admins'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-C06", "timestamp": "2026-03-17T14:24:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C07.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C07.hujson index 83205b4b..aedd2985 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C07.hujson @@ -1,3 +1,12 @@ +// ACL-C07 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80'] +// accept: src=['tag:client'] dst=['tag:server:443'] +// accept: src=['tag:client'] dst=['tag:server:8080'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-C07", "timestamp": "2026-03-17T14:24:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C08.hujson index 4c8c996d..e6d5e69a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C08.hujson @@ -1,3 +1,8 @@ +// ACL-C08 +// +// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:prod:22', 'tag:client:22', 'tag:router:22', 'tag:exit:22'] +// +// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "ACL-C08", "timestamp": "2026-03-17T14:24:55Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C09.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C09.hujson index 9a3e239f..c0b3ea2a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C09.hujson @@ -1,3 +1,12 @@ +// ACL-C09 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:prod:22'] +// accept: src=['tag:server'] dst=['tag:prod:5432'] +// ... (6 rules total) +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-C09", "timestamp": "2026-03-17T14:25:05Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C10.hujson index 99e40d90..74c0deec 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C10.hujson @@ -1,3 +1,11 @@ +// ACL-C10 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// accept: src=['autogroup:member'] dst=['tag:server:22', 'tag:prod:5432'] +// accept: src=['autogroup:tagged'] dst=['autogroup:tagged:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-C10", "timestamp": "2026-03-17T14:25:16Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D01.hujson index b59a900f..2f960bee 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D01.hujson @@ -1,3 +1,10 @@ +// ACL-D01 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['*'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-D01", "timestamp": "2026-03-17T14:25:26Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D02.hujson index 8ed62f0b..f931be28 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D02.hujson @@ -1,3 +1,8 @@ +// ACL-D02 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'webserver:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-D02", "timestamp": "2026-03-17T14:25:37Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D03.hujson index 489b703c..ed23fd27 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D03.hujson @@ -1,3 +1,8 @@ +// ACL-D03 +// +// ACL: accept: src=['100.108.74.26', 'tag:server'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-D03", "timestamp": "2026-03-17T14:25:47Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D04.hujson index 1a706e02..df03b84c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D04.hujson @@ -1,3 +1,8 @@ +// ACL-D04 +// +// ACL: accept: src=['100.108.74.26', 'webserver'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-D04", "timestamp": "2026-03-17T14:25:57Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D05.hujson index 77e504d3..c1c1a7ad 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D05.hujson @@ -1,3 +1,8 @@ +// ACL-D05 +// +// ACL: accept: src=['*'] dst=['100.108.74.26:22', 'tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-D05", "timestamp": "2026-03-17T14:26:08Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D06.hujson index 28add351..f859ac5e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D06.hujson @@ -1,3 +1,8 @@ +// ACL-D06 +// +// ACL: accept: src=['*'] dst=['100.108.74.26:22', 'webserver:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-D06", "timestamp": "2026-03-17T14:26:18Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D07.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D07.hujson index 964d2052..439b5bf7 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D07.hujson @@ -1,3 +1,8 @@ +// ACL-D07 +// +// ACL: accept: src=['autogroup:member', 'autogroup:tagged'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-D07", "timestamp": "2026-03-17T14:26:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D08.hujson index 876e842e..3289ea33 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D08.hujson @@ -1,3 +1,10 @@ +// ACL-D08 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:*'] +// accept: src=['kratail2tid@passkey'] dst=['kratail2tid@passkey:*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-D08", "timestamp": "2026-03-17T14:26:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E01.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E01.hujson index 3be67491..c7cd6384 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E01.hujson @@ -1,3 +1,8 @@ +// ACL-E01 +// +// ACL: accept: src=['100.108.74.26'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-E01", "timestamp": "2026-03-17T14:26:50Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E02.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E02.hujson index e3e72163..69b23872 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E02.hujson @@ -1,3 +1,8 @@ +// ACL-E02 +// +// ACL: accept: src=['tag:server'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-E02", "timestamp": "2026-03-17T14:27:00Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E03.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E03.hujson index 09b18ac1..e771f0a3 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E03.hujson @@ -1,3 +1,8 @@ +// ACL-E03 +// +// ACL: accept: src=['webserver'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-E03", "timestamp": "2026-03-17T14:27:11Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E04.hujson index 93629c30..5aff3a18 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E04.hujson @@ -1,3 +1,8 @@ +// ACL-E04 +// +// ACL: accept: src=['*'] dst=['100.108.74.26:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E04", "timestamp": "2026-03-17T14:27:21Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E05.hujson index 60527fd9..bf8b182e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E05.hujson @@ -1,3 +1,8 @@ +// ACL-E05 +// +// ACL: accept: src=['*'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E05", "timestamp": "2026-03-17T14:27:32Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E06.hujson index 0566c82e..1e339772 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E06.hujson @@ -1,3 +1,8 @@ +// ACL-E06 +// +// ACL: accept: src=['*'] dst=['webserver:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E06", "timestamp": "2026-03-17T14:27:42Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E07.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E07.hujson index e7a37f9f..ea54c36c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E07.hujson @@ -1,3 +1,8 @@ +// ACL-E07 +// +// ACL: accept: src=['kratail2tid@passkey'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E07", "timestamp": "2026-03-17T14:27:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E08.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E08.hujson index f9d12dc6..3f7b4ee7 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E08.hujson @@ -1,3 +1,8 @@ +// ACL-E08 +// +// ACL: accept: src=['group:admins'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E08", "timestamp": "2026-03-17T14:28:03Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E09.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E09.hujson index 0dab66ea..adabc8f5 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E09.hujson @@ -1,3 +1,8 @@ +// ACL-E09 +// +// ACL: accept: src=['kratail2tid@passkey', 'group:admins'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E09", "timestamp": "2026-03-17T14:28:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.hujson index f327419b..895c04f9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.hujson @@ -1,3 +1,8 @@ +// ACL-ERR01 +// +// ACL: accept: src=['tag:nonexistent'] dst=['tag:server:22'] +// +// Expected: Error — src=tag not found: "tag:nonexistent" { "test_id": "ACL-ERR01", "timestamp": "2026-03-17T14:28:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.hujson index 1eebf587..1fb9b6d4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.hujson @@ -1,3 +1,8 @@ +// ACL-ERR02 +// +// ACL: accept: src=['autogroup:self'] dst=['tag:server:22'] +// +// Expected: Error — "autogroup:self" not valid on the src side of a rule { "test_id": "ACL-ERR02", "timestamp": "2026-03-17T14:28:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.hujson index 5c6a5100..3131e042 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.hujson @@ -1,3 +1,8 @@ +// ACL-ERR03 +// +// ACL: accept: src=['*'] dst=['autogroup:self'] +// +// Expected: Error — dst="autogroup:self": port range "self": invalid first integer { "test_id": "ACL-ERR03", "timestamp": "2026-03-17T14:28:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.hujson index fd7387ee..cd8d824e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.hujson @@ -1,3 +1,8 @@ +// ACL-ERR04 +// +// ACL: accept: src=['tag:nonexistent'] dst=['*:*'] +// +// Expected: Error — src=tag not found: "tag:nonexistent" { "test_id": "ACL-ERR04", "timestamp": "2026-03-17T14:28:25Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.hujson index 105363fe..5a1c892c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.hujson @@ -1,3 +1,8 @@ +// ACL-ERR05 +// +// ACL: accept: src=['*'] dst=['tag:nonexistent:22'] +// +// Expected: Error — dst="tag:nonexistent": tag not found: "tag:nonexistent" { "test_id": "ACL-ERR05", "timestamp": "2026-03-17T14:28:25Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.hujson index aeb01305..6e410e78 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.hujson @@ -1,3 +1,8 @@ +// ACL-ERR06 +// +// ACL: deny: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Error — action="deny" is not supported { "test_id": "ACL-ERR06", "timestamp": "2026-03-17T14:28:25Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.hujson index 669e7a06..7d271710 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.hujson @@ -1,3 +1,8 @@ +// ACL-ERR07 +// +// ACL: accept: src=['*'] dst=['tag:server:ssh'] +// +// Expected: Error — dst="tag:server:ssh": port range "ssh": invalid first integer { "test_id": "ACL-ERR07", "timestamp": "2026-03-17T14:28:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.hujson similarity index 86% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.hujson index f0abcb87..f0406693 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.hujson @@ -1,3 +1,10 @@ +// ACL-ERR08 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:*'] +// accept: src=['tag:client'] dst=['autogroup:self:22'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-ERR08", "timestamp": "2026-03-17T14:28:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.hujson similarity index 86% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.hujson index a617c402..cbbc0b1b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.hujson @@ -1,3 +1,10 @@ +// ACL-ERR09 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:*'] +// accept: src=['autogroup:tagged'] dst=['autogroup:self:22'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-ERR09", "timestamp": "2026-03-17T14:28:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H01.hujson index c2456430..5a7e3391 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H01.hujson @@ -1,3 +1,8 @@ +// ACL-H01 +// +// ACL: accept: src=['*'] dst=['webserver:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-H01", "timestamp": "2026-03-17T14:28:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H02.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H02.hujson index 5bfc732f..91ef5e84 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H02.hujson @@ -1,3 +1,8 @@ +// ACL-H02 +// +// ACL: accept: src=['webserver'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-H02", "timestamp": "2026-03-17T14:28:59Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H03.hujson index bbb79e43..9f6c2cdf 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H03.hujson @@ -1,3 +1,8 @@ +// ACL-H03 +// +// ACL: accept: src=['internal'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-H03", "timestamp": "2026-03-17T14:29:10Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H04.hujson index 357829f0..1e3f6278 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H04.hujson @@ -1,3 +1,8 @@ +// ACL-H04 +// +// ACL: accept: src=['*'] dst=['internal:22'] +// +// Expected: Rules on subnet-router { "test_id": "ACL-H04", "timestamp": "2026-03-17T14:29:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H05.hujson index 0c29d0c9..862bbff1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H05.hujson @@ -1,3 +1,8 @@ +// ACL-H05 +// +// ACL: accept: src=['*'] dst=['webserver:22', 'prodbox:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-H05", "timestamp": "2026-03-17T14:29:31Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H06.hujson index 5ecca2e2..fb82cf07 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H06.hujson @@ -1,3 +1,8 @@ +// ACL-H06 +// +// ACL: accept: src=['webserver', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-H06", "timestamp": "2026-03-17T14:29:41Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H07.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H07.hujson index 99b7d1c0..eefabf1c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H07.hujson @@ -1,3 +1,8 @@ +// ACL-H07 +// +// ACL: accept: src=['group:admins'] dst=['webserver:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-H07", "timestamp": "2026-03-17T14:29:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H08.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H08.hujson index 9ba835f9..25b86b41 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H08.hujson @@ -1,3 +1,8 @@ +// ACL-H08 +// +// ACL: accept: src=['*'] dst=['subnet24:80'] +// +// Expected: No filter rules { "test_id": "ACL-H08", "timestamp": "2026-03-17T14:30:02Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K01.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-K01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-K01.hujson index 15509cab..3302edd2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-K01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K01.hujson @@ -1,3 +1,8 @@ +// ACL-K01 +// +// ACL: accept: src=['*', 'autogroup:member', 'autogroup:tagged', 'group:admins', 'tag:client', 'webserver', '100.90.199.68'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-K01", "timestamp": "2026-03-17T14:30:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K02.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-K02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-K02.hujson index f72a6e71..589f94db 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-K02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K02.hujson @@ -1,3 +1,8 @@ +// ACL-K02 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'tag:prod:5432', 'webserver:80', 'prodbox:443', 'group:admins:8080', 'kratail2tid@passkey:3000', '100.108.74.26:9000'] +// +// Expected: Rules on tagged-prod, tagged-server, user1 { "test_id": "ACL-K02", "timestamp": "2026-03-17T14:30:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-K03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-K03.hujson index 49185560..5e948860 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-K03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K03.hujson @@ -1,3 +1,8 @@ +// ACL-K03 +// +// ACL: accept: src=['autogroup:member', 'autogroup:tagged', 'group:admins', 'group:developers', 'kratail2tid@passkey', 'tag:client', 'tag:prod', 'tag:server', 'webserver', 'prodbox'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-K03", "timestamp": "2026-03-17T14:30:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-K04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-K04.hujson index fbfbfa63..5cfa2755 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-K04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K04.hujson @@ -1,3 +1,8 @@ +// ACL-K04 +// +// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:server:80', 'tag:server:443', 'tag:prod:5432', 'tag:prod:3306', 'tag:client:80', 'tag:client:443', 'webserver:8080', 'prodbox:8080'] +// +// Expected: Rules on tagged-client, tagged-prod, tagged-server { "test_id": "ACL-K04", "timestamp": "2026-03-17T14:30:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K05.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-K05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-K05.hujson index 898a7e93..fb717a68 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-K05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K05.hujson @@ -1,3 +1,8 @@ +// ACL-K05 +// +// ACL: accept: src=['autogroup:member', 'group:admins', 'kratail2tid@passkey', 'tag:client', 'tag:prod', '100.83.200.69', '100.103.8.15'] dst=['tag:server:22', 'webserver:80', '100.108.74.26:443', 'group:admins:8080', 'kratail2tid@passkey:9000'] +// +// Expected: Rules on tagged-server, user1 { "test_id": "ACL-K05", "timestamp": "2026-03-17T14:30:54Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M01.hujson index 02e69ca2..dd4202e2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M01.hujson @@ -1,3 +1,8 @@ +// ACL-M01 +// +// ACL: accept: src=['kratail2tid@passkey', 'tag:client', 'group:monitors'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M01", "timestamp": "2026-03-17T14:31:05Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M02.hujson index 146cc4e1..d68b12c3 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M02.hujson @@ -1,3 +1,8 @@ +// ACL-M02 +// +// ACL: accept: src=['100.90.199.68', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M02", "timestamp": "2026-03-17T14:31:15Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M03.hujson index ed8ae756..2d6f50ec 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M03.hujson @@ -1,3 +1,8 @@ +// ACL-M03 +// +// ACL: accept: src=['webserver', 'tag:client'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod { "test_id": "ACL-M03", "timestamp": "2026-03-17T14:31:26Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M04.hujson index 9de7e33e..4946d0fc 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M04.hujson @@ -1,3 +1,8 @@ +// ACL-M04 +// +// ACL: accept: src=['group:admins', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M04", "timestamp": "2026-03-17T14:31:36Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M05.hujson index 7edd5f17..50e5c7f6 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M05.hujson @@ -1,3 +1,8 @@ +// ACL-M05 +// +// ACL: accept: src=['kratail2tid@passkey', 'group:monitors'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M05", "timestamp": "2026-03-17T14:31:47Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M06.hujson index 575d223b..faafbfbb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M06.hujson @@ -1,3 +1,8 @@ +// ACL-M06 +// +// ACL: accept: src=['*', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M06", "timestamp": "2026-03-17T14:31:57Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M07.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M07.hujson index 729f7ee5..cc181df6 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M07.hujson @@ -1,3 +1,8 @@ +// ACL-M07 +// +// ACL: accept: src=['autogroup:member', 'tag:client'] dst=['tag:server:22,80,443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M07", "timestamp": "2026-03-17T14:32:08Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M08.hujson index 95cc712b..fe83ac4a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M08.hujson @@ -1,3 +1,8 @@ +// ACL-M08 +// +// ACL: accept: src=['autogroup:member', 'tag:client'] dst=['tag:server:80-443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M08", "timestamp": "2026-03-17T14:32:18Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M09.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M09.hujson index de815a4a..3fb50dbd 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M09.hujson @@ -1,3 +1,8 @@ +// ACL-M09 +// +// ACL: accept: src=['tag:client', 'internal'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M09", "timestamp": "2026-03-17T14:32:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M10.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M10.hujson index a7ffac09..a71adfe9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M10.hujson @@ -1,3 +1,8 @@ +// ACL-M10 +// +// ACL: accept: src=['100.92.142.61', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M10", "timestamp": "2026-03-17T14:32:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR01.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR01.hujson index 59901463..921a7a3b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR01.hujson @@ -1,3 +1,10 @@ +// ACL-MR01 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-MR01", "timestamp": "2026-03-17T14:32:50Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR02.hujson index 4b93ef1a..c13adef7 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR02.hujson @@ -1,3 +1,10 @@ +// ACL-MR02 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MR02", "timestamp": "2026-03-17T14:33:00Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR03.hujson index a020aeb2..ea7b2cd4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR03.hujson @@ -1,3 +1,10 @@ +// ACL-MR03 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MR03", "timestamp": "2026-03-17T14:33:10Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR04.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR04.hujson index 832e6ba9..17a820dc 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR04.hujson @@ -1,3 +1,10 @@ +// ACL-MR04 +// +// ACLs: +// accept: src=['group:admins'] dst=['tag:server:22'] +// accept: src=['kratail2tid@passkey'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MR04", "timestamp": "2026-03-17T14:33:21Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR05.hujson index 2cd0ab53..9bf05a07 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR05.hujson @@ -1,3 +1,10 @@ +// ACL-MR05 +// +// ACLs: +// accept: src=['*'] dst=['group:admins:22'] +// accept: src=['*'] dst=['kratail2tid@passkey:22'] +// +// Expected: Rules on user1 { "test_id": "ACL-MR05", "timestamp": "2026-03-17T14:33:31Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR06.hujson index 121a8a89..394f336d 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR06.hujson @@ -1,3 +1,10 @@ +// ACL-MR06 +// +// ACLs: +// accept: src=['tag:client'] dst=['autogroup:member:22'] +// accept: src=['tag:client'] dst=['group:admins:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-MR06", "timestamp": "2026-03-17T14:33:42Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR07.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR07.hujson index 4f59d484..c63c8f70 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR07.hujson @@ -1,3 +1,10 @@ +// ACL-MR07 +// +// ACLs: +// accept: src=['*'] dst=['tag:server:22', 'tag:prod:5432'] +// accept: src=['tag:client'] dst=['tag:server:80', 'tag:router:443'] +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server { "test_id": "ACL-MR07", "timestamp": "2026-03-17T14:33:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR08.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR08.hujson index 4b875236..41dd9cb1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR08.hujson @@ -1,3 +1,11 @@ +// ACL-MR08 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:80'] +// accept: src=['tag:router'] dst=['tag:server:443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MR08", "timestamp": "2026-03-17T14:34:03Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR09.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR09.hujson index bf1590a4..5dfce887 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR09.hujson @@ -1,3 +1,11 @@ +// ACL-MR09 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['tag:server:22'] +// accept: src=['group:admins'] dst=['tag:server:22'] +// accept: src=['kratail2tid@passkey'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MR09", "timestamp": "2026-03-17T14:34:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR10.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR10.hujson index fe014369..86a8d541 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR10.hujson @@ -1,3 +1,11 @@ +// ACL-MR10 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:prod:22'] +// accept: src=['tag:client'] dst=['tag:router:22'] +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server { "test_id": "ACL-MR10", "timestamp": "2026-03-17T14:34:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR11.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR11.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR11.hujson index 48f02f02..78e2db71 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR11.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR11.hujson @@ -1,3 +1,10 @@ +// ACL-MR11 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['autogroup:member:22'] +// accept: src=['group:admins'] dst=['group:admins:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-MR11", "timestamp": "2026-03-17T14:34:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR12.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR12.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR12.hujson index 83a362ba..087ed2fb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR12.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR12.hujson @@ -1,3 +1,10 @@ +// ACL-MR12 +// +// ACLs: +// accept: src=['kratail2tid@passkey'] dst=['kratail2tid@passkey:22'] +// accept: src=['group:admins'] dst=['kratail2tid@passkey:80'] +// +// Expected: Rules on user1 { "test_id": "ACL-MR12", "timestamp": "2026-03-17T14:34:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR13.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR13.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR13.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR13.hujson index 01d9e394..c451b79f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR13.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR13.hujson @@ -1,3 +1,10 @@ +// ACL-MR13 +// +// ACLs: +// accept: src=['autogroup:tagged'] dst=['autogroup:tagged:22'] +// accept: src=['tag:client', 'tag:prod'] dst=['autogroup:tagged:80'] +// +// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "ACL-MR13", "timestamp": "2026-03-17T14:34:55Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR14.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR14.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR14.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR14.hujson index b39c5dc0..a7db2b99 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR14.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR14.hujson @@ -1,3 +1,10 @@ +// ACL-MR14 +// +// ACLs: +// accept: src=['autogroup:member', 'autogroup:tagged'] dst=['autogroup:member:22', 'autogroup:tagged:80'] +// accept: src=['*'] dst=['*:443'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR14", "timestamp": "2026-03-17T14:35:05Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR15.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR15.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR15.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR15.hujson index 77de1a33..7dac19ef 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR15.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR15.hujson @@ -1,3 +1,10 @@ +// ACL-MR15 +// +// ACLs: +// accept: src=['*'] dst=['*:*'] +// accept: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR15", "timestamp": "2026-03-17T14:35:16Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR16.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR16.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR16.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR16.hujson index 972f27e4..b06bb22a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR16.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR16.hujson @@ -1,3 +1,11 @@ +// ACL-MR16 +// +// ACLs: +// accept: src=['*'] dst=['tag:server:22'] +// accept: src=['*'] dst=['tag:prod:5432'] +// accept: src=['*'] dst=['*:80'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR16", "timestamp": "2026-03-17T14:35:26Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR17.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR17.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR17.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR17.hujson index e852c8ee..d9d3c042 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR17.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR17.hujson @@ -1,3 +1,10 @@ +// ACL-MR17 +// +// ACLs: +// accept: src=['tag:client'] dst=['*:*'] +// accept: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR17", "timestamp": "2026-03-17T14:35:37Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR18.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR18.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR18.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR18.hujson index 64ca6f2c..c854621a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR18.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR18.hujson @@ -1,3 +1,10 @@ +// ACL-MR18 +// +// ACLs: +// accept: src=['*'] dst=['tag:server:22', 'tag:prod:5432', 'tag:client:80'] +// accept: src=['tag:client'] dst=['tag:server:80', '*:443'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR18", "timestamp": "2026-03-17T14:35:47Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR19.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR19.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR19.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR19.hujson index 3f58da83..de536dda 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR19.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR19.hujson @@ -1,3 +1,10 @@ +// ACL-MR19 +// +// ACLs: +// accept: src=['autogroup:tagged'] dst=['*:*'] +// accept: src=['autogroup:member'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR19", "timestamp": "2026-03-17T14:35:58Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR20.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR20.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR20.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR20.hujson index 47e195f7..db9069b7 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR20.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR20.hujson @@ -1,3 +1,10 @@ +// ACL-MR20 +// +// ACLs: +// accept: src=['autogroup:member', 'group:admins', 'kratail2tid@passkey'] dst=['tag:server:22'] +// accept: src=['tag:server', 'webserver', '100.108.74.26'] dst=['group:admins:80'] +// +// Expected: Rules on tagged-server, user1 { "test_id": "ACL-MR20", "timestamp": "2026-03-17T14:36:08Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR21.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR21.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR21.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR21.hujson index c4688962..6fba8ee1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR21.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR21.hujson @@ -1,3 +1,12 @@ +// ACL-MR21 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['tag:server:22'] +// accept: src=['autogroup:member'] dst=['tag:prod:5432'] +// accept: src=['autogroup:member'] dst=['tag:client:80'] +// accept: src=['autogroup:member'] dst=['webserver:443'] +// +// Expected: Rules on tagged-client, tagged-prod, tagged-server { "test_id": "ACL-MR21", "timestamp": "2026-03-17T14:36:18Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR22.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR22.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR22.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR22.hujson index 04db0fde..970ffb7e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR22.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR22.hujson @@ -1,3 +1,12 @@ +// ACL-MR22 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:prod:22'] +// accept: src=['tag:client'] dst=['tag:router:22'] +// ... (5 rules total) +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server { "test_id": "ACL-MR22", "timestamp": "2026-03-17T14:36:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR23.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR23.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR23.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR23.hujson index 9081e618..8d2ad968 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR23.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR23.hujson @@ -1,3 +1,12 @@ +// ACL-MR23 +// +// ACLs: +// accept: src=['tag:server'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:client:22'] +// accept: src=['tag:prod'] dst=['tag:prod:22'] +// ... (6 rules total) +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR23", "timestamp": "2026-03-17T14:36:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU01.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU01.hujson index 10c204cd..83b0b554 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU01.hujson @@ -1,3 +1,10 @@ +// ACL-MU01 +// +// ACLs: +// accept: src=['kratail2tid@passkey'] dst=['tag:server:22'] +// accept: src=['kristoffer@dalby.cc'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MU01", "timestamp": "2026-03-17T14:36:50Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU02.hujson index 731a5d58..e835b02b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU02.hujson @@ -1,3 +1,8 @@ +// ACL-MU02 +// +// ACL: accept: src=['group:developers'] dst=['autogroup:self:*'] +// +// Expected: Rules on user-kris, user1 { "test_id": "ACL-MU02", "timestamp": "2026-03-17T14:37:00Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU03.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU03.hujson index 4bc0ac5d..c449727e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU03.hujson @@ -1,3 +1,10 @@ +// ACL-MU03 +// +// ACLs: +// accept: src=['group:developers'] dst=['tag:server:22'] +// accept: src=['group:monitors'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-MU03", "timestamp": "2026-03-17T14:37:11Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU04.hujson index cfac0a9e..d211db52 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU04.hujson @@ -1,3 +1,10 @@ +// ACL-MU04 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// accept: src=['autogroup:member'] dst=['autogroup:member:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-MU04", "timestamp": "2026-03-17T14:37:21Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU05.hujson index cec835b5..70633962 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU05.hujson @@ -1,3 +1,8 @@ +// ACL-MU05 +// +// ACL: accept: src=['*'] dst=['kratail2tid@passkey:22'] +// +// Expected: Rules on user1 { "test_id": "ACL-MU05", "timestamp": "2026-03-17T14:37:32Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU06.hujson index 537366ec..9c958a0e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU06.hujson @@ -1,3 +1,8 @@ +// ACL-MU06 +// +// ACL: accept: src=['*'] dst=['kristoffer@dalby.cc:*'] +// +// Expected: Rules on user-kris { "test_id": "ACL-MU06", "timestamp": "2026-03-17T14:37:42Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU07.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU07.hujson index 278d2b07..6648757e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU07.hujson @@ -1,3 +1,8 @@ +// ACL-MU07 +// +// ACL: accept: src=['kratail2tid@passkey', 'kristoffer@dalby.cc', 'monitorpasskeykradalby@passkey'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MU07", "timestamp": "2026-03-17T14:37:53Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU08.hujson index 2da2cc7b..cd1e69a6 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU08.hujson @@ -1,3 +1,8 @@ +// ACL-MU08 +// +// ACL: accept: src=['*'] dst=['kratail2tid@passkey:22', 'kristoffer@dalby.cc:22', 'monitorpasskeykradalby@passkey:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-MU08", "timestamp": "2026-03-17T14:38:03Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-O01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-O01.hujson index 55eb57d8..bf58f067 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-O01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O01.hujson @@ -1,3 +1,8 @@ +// ACL-O01 +// +// ACL: accept: src=['tag:client', 'tag:prod'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-O01", "timestamp": "2026-03-17T14:38:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-O02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-O02.hujson index 2603e5cf..bdfd6950 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-O02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O02.hujson @@ -1,3 +1,8 @@ +// ACL-O02 +// +// ACL: accept: src=['tag:prod', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-O02", "timestamp": "2026-03-17T14:38:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-O03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-O03.hujson index df39290a..02eea762 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-O03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O03.hujson @@ -1,3 +1,8 @@ +// ACL-O03 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-O03", "timestamp": "2026-03-17T14:38:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-O04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-O04.hujson index 98f6e880..5900ad35 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-O04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O04.hujson @@ -1,3 +1,8 @@ +// ACL-O04 +// +// ACL: accept: src=['tag:client'] dst=['tag:prod:5432', 'tag:server:22'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-O04", "timestamp": "2026-03-17T14:38:45Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P01.hujson index 33eee487..a9ce56c7 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P01.hujson @@ -1,3 +1,8 @@ +// ACL-P01 +// +// ACL: accept: src=['*'] dst=['tag:server:*'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-P01", "timestamp": "2026-03-17T14:38:55Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P02.hujson index ec4fd311..d17d3bf0 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P02.hujson @@ -1,3 +1,8 @@ +// ACL-P02 +// +// ACL: accept: src=['*'] dst=['tag:server:80-443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-P02", "timestamp": "2026-03-17T14:39:06Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P03.hujson index cb4ae118..cfdc96d1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P03.hujson @@ -1,3 +1,8 @@ +// ACL-P03 +// +// ACL: accept: src=['*'] dst=['tag:server:22,80,443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-P03", "timestamp": "2026-03-17T14:39:16Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P04.hujson index 8cdf8b34..357df7b2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P04.hujson @@ -1,3 +1,8 @@ +// ACL-P04 +// +// ACL: accept: src=['*'] dst=['tag:server:22'] proto=tcp +// +// Expected: Rules on tagged-server { "test_id": "ACL-P04", "timestamp": "2026-03-17T14:39:27Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P05.hujson index 482e780d..59649776 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P05.hujson @@ -1,3 +1,8 @@ +// ACL-P05 +// +// ACL: accept: src=['*'] dst=['tag:server:53'] proto=udp +// +// Expected: Rules on tagged-server { "test_id": "ACL-P05", "timestamp": "2026-03-17T14:39:37Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P06.hujson index 18612fb3..8cf5aacd 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P06.hujson @@ -1,3 +1,8 @@ +// ACL-P06 +// +// ACL: accept: src=['*'] dst=['tag:server:*'] proto=1 +// +// Expected: Rules on tagged-server { "test_id": "ACL-P06", "timestamp": "2026-03-17T14:39:48Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-PF01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-PF01.hujson index 08756bf2..58616778 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-PF01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF01.hujson @@ -1,3 +1,8 @@ +// ACL-PF01 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-PF01", "timestamp": "2026-03-17T14:39:58Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-PF02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-PF02.hujson index 322dfad6..8a927696 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-PF02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF02.hujson @@ -1,3 +1,8 @@ +// ACL-PF02 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:80-443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-PF02", "timestamp": "2026-03-17T14:40:09Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-PF03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-PF03.hujson index 7eac6b80..72ec55ad 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-PF03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF03.hujson @@ -1,3 +1,8 @@ +// ACL-PF03 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22,80,443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-PF03", "timestamp": "2026-03-17T14:40:19Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-PF04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-PF04.hujson index 3d439dbd..66b9f041 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-PF04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF04.hujson @@ -1,3 +1,8 @@ +// ACL-PF04 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:*'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-PF04", "timestamp": "2026-03-17T14:40:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-PF05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-PF05.hujson index 9e328901..bd5961b1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-PF05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF05.hujson @@ -1,3 +1,8 @@ +// ACL-PF05 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:1-65535'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-PF05", "timestamp": "2026-03-17T14:40:40Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R01.hujson index 20619f80..670b9549 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R01.hujson @@ -1,3 +1,10 @@ +// ACL-R01 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-R01", "timestamp": "2026-03-17T14:40:50Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R02.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R02.hujson index f5e1adc7..b9d3c0e1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R02.hujson @@ -1,3 +1,10 @@ +// ACL-R02 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-R02", "timestamp": "2026-03-17T14:41:01Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R03.hujson index a78bef8c..f9fd8832 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R03.hujson @@ -1,3 +1,10 @@ +// ACL-R03 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-R03", "timestamp": "2026-03-17T14:41:11Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R04.hujson index c8c822e6..38e0f9ed 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R04.hujson @@ -1,3 +1,10 @@ +// ACL-R04 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['group:admins'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-R04", "timestamp": "2026-03-17T14:41:22Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R05.hujson index 8d56abbb..4979bb9a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R05.hujson @@ -1,3 +1,10 @@ +// ACL-R05 +// +// ACLs: +// accept: src=['*'] dst=['*:*'] +// accept: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-R05", "timestamp": "2026-03-17T14:41:32Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R06.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R06.hujson index 4ca1a774..6167e55f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R06.hujson @@ -1,3 +1,11 @@ +// ACL-R06 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:80'] +// accept: src=['group:admins'] dst=['tag:server:443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-R06", "timestamp": "2026-03-17T14:41:43Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R07.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R07.hujson index 03aaae95..c89bc7c3 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R07.hujson @@ -1,3 +1,11 @@ +// ACL-R07 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['autogroup:member'] dst=['tag:prod:5432'] +// accept: src=['*'] dst=['autogroup:self:*'] +// +// Expected: Rules on tagged-prod, tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-R07", "timestamp": "2026-03-17T14:41:53Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R08.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R08.hujson index dcdfb2aa..58a50912 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R08.hujson @@ -1,3 +1,11 @@ +// ACL-R08 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:server'] dst=['tag:prod:5432'] +// accept: src=['tag:prod'] dst=['tag:client:80'] +// +// Expected: Rules on tagged-client, tagged-prod, tagged-server { "test_id": "ACL-R08", "timestamp": "2026-03-17T14:42:04Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R09.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R09.hujson index ebdaaa45..f0616523 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R09.hujson @@ -1,3 +1,10 @@ +// ACL-R09 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// accept: src=['autogroup:member'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-R09", "timestamp": "2026-03-17T14:42:14Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R10.hujson index d1d309ee..30523edc 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R10.hujson @@ -1,3 +1,10 @@ +// ACL-R10 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:*'] +// accept: src=['*'] dst=['autogroup:tagged:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-R10", "timestamp": "2026-03-17T14:42:25Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS01.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS01.hujson index 2d65dfd6..67b8aae9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS01.hujson @@ -1,3 +1,8 @@ +// ACL-RS01 +// +// ACL: accept: src=['autogroup:member', 'group:admins', 'group:developers', 'kratail2tid@passkey', '100.90.199.68'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-RS01", "timestamp": "2026-03-17T14:42:35Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS02.hujson index f30290fd..03e6906d 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS02.hujson @@ -1,3 +1,8 @@ +// ACL-RS02 +// +// ACL: accept: src=['tag:server', 'webserver', '100.108.74.26'] dst=['tag:client:22'] +// +// Expected: Rules on tagged-client { "test_id": "ACL-RS02", "timestamp": "2026-03-17T14:42:45Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS03.hujson index cb66384a..0b919ee8 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS03.hujson @@ -1,3 +1,8 @@ +// ACL-RS03 +// +// ACL: accept: src=['tag:prod', 'prodbox', '100.103.8.15'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-RS03", "timestamp": "2026-03-17T14:42:56Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS04.hujson index 8508e476..4d226e8b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS04.hujson @@ -1,3 +1,8 @@ +// ACL-RS04 +// +// ACL: accept: src=['autogroup:tagged', 'tag:server', 'tag:client', 'tag:prod', 'tag:router', 'tag:exit'] dst=['autogroup:member:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-RS04", "timestamp": "2026-03-17T14:43:06Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS05.hujson index 07d4a5cd..e00e0de2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS05.hujson @@ -1,3 +1,8 @@ +// ACL-RS05 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'webserver:22', '100.108.74.26:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-RS05", "timestamp": "2026-03-17T14:43:17Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS06.hujson index e68f5dda..588d0aba 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS06.hujson @@ -1,3 +1,8 @@ +// ACL-RS06 +// +// ACL: accept: src=['tag:client'] dst=['group:admins:22', 'group:developers:22', 'kratail2tid@passkey:22', '100.90.199.68:22'] +// +// Expected: Rules on user-kris, user1 { "test_id": "ACL-RS06", "timestamp": "2026-03-17T14:43:27Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS07.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS07.hujson index 8d1ecdbe..d092dece 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS07.hujson @@ -1,3 +1,8 @@ +// ACL-RS07 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'tag:server:80', 'tag:server:443', 'webserver:8080', '100.108.74.26:9000'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-RS07", "timestamp": "2026-03-17T14:43:38Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S01.hujson index 4692b91e..962b9bf4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S01.hujson @@ -1,3 +1,8 @@ +// ACL-S01 +// +// ACL: accept: src=['autogroup:member'] dst=['autogroup:self:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-S01", "timestamp": "2026-03-17T14:43:48Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S02.hujson index ea03aecb..b9d0edfb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S02.hujson @@ -1,3 +1,8 @@ +// ACL-S02 +// +// ACL: accept: src=['group:admins'] dst=['autogroup:self:*'] +// +// Expected: Rules on user1 { "test_id": "ACL-S02", "timestamp": "2026-03-17T14:43:59Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S03.hujson index 63cb0c0c..4932dac4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S03.hujson @@ -1,3 +1,8 @@ +// ACL-S03 +// +// ACL: accept: src=['group:developers'] dst=['autogroup:self:22'] +// +// Expected: Rules on user-kris, user1 { "test_id": "ACL-S03", "timestamp": "2026-03-17T14:44:09Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S04.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S04.hujson index 7e6119a2..16413db9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S04.hujson @@ -1,3 +1,8 @@ +// ACL-S04 +// +// ACL: accept: src=['autogroup:tagged'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-S04", "timestamp": "2026-03-17T14:44:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S05.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S05.hujson index 45daa0a7..a60a6df9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S05.hujson @@ -1,3 +1,8 @@ +// ACL-S05 +// +// ACL: accept: src=['100.90.199.68'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-S05", "timestamp": "2026-03-17T14:44:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S06.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S06.hujson index a5508ed5..2d932d59 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S06.hujson @@ -1,3 +1,8 @@ +// ACL-S06 +// +// ACL: accept: src=['webserver'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-S06", "timestamp": "2026-03-17T14:44:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S07.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S07.hujson index c3141b7e..6d8fab13 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S07.hujson @@ -1,3 +1,10 @@ +// ACL-S07 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:*'] +// accept: src=['*'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-S07", "timestamp": "2026-03-17T14:44:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S08.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S08.hujson index 886cd493..91ebfcb3 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S08.hujson @@ -1,3 +1,8 @@ +// ACL-S08 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*', 'autogroup:member:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-S08", "timestamp": "2026-03-17T14:44:31Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S09.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S09.hujson index e35526bd..6e30fcc3 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S09.hujson @@ -1,3 +1,8 @@ +// ACL-S09 +// +// ACL: accept: src=['*'] dst=['autogroup:self:22', 'autogroup:self:80'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-S09", "timestamp": "2026-03-17T14:44:41Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S10.hujson index a85bede3..b3f66472 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S10.hujson @@ -1,3 +1,10 @@ +// ACL-S10 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:22'] +// accept: src=['*'] dst=['autogroup:self:80'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-S10", "timestamp": "2026-03-17T14:44:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF01.hujson index 7d1e770d..d9165c23 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF01.hujson @@ -1,3 +1,8 @@ +// ACL-SF01 +// +// ACL: accept: src=['autogroup:member'] dst=['autogroup:self:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-SF01", "timestamp": "2026-03-17T14:45:02Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF02.hujson index 035a20db..65ac9574 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF02.hujson @@ -1,3 +1,8 @@ +// ACL-SF02 +// +// ACL: accept: src=['group:developers'] dst=['autogroup:self:*'] +// +// Expected: Rules on user-kris, user1 { "test_id": "ACL-SF02", "timestamp": "2026-03-17T14:45:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF03.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF03.hujson index 91a41445..7b0cbe91 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF03.hujson @@ -1,3 +1,8 @@ +// ACL-SF03 +// +// ACL: accept: src=['tag:client'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-SF03", "timestamp": "2026-03-17T14:45:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF04.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF04.hujson index 75219abd..6fad9191 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF04.hujson @@ -1,3 +1,8 @@ +// ACL-SF04 +// +// ACL: accept: src=['webserver'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-SF04", "timestamp": "2026-03-17T14:45:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF05.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF05.hujson index 07e9da1b..a12e8227 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF05.hujson @@ -1,3 +1,8 @@ +// ACL-SF05 +// +// ACL: accept: src=['100.90.199.68'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-SF05", "timestamp": "2026-03-17T14:45:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF06.hujson index 6a804012..84be509a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF06.hujson @@ -1,3 +1,8 @@ +// ACL-SF06 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*', 'tag:server:22'] +// +// Expected: Rules on tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-SF06", "timestamp": "2026-03-17T14:45:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF07.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF07.hujson index d6808433..286a300e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF07.hujson @@ -1,3 +1,8 @@ +// ACL-SF07 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*', 'group:admins:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-SF07", "timestamp": "2026-03-17T14:45:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF08.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF08.hujson index 65c76d48..52775691 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF08.hujson @@ -1,3 +1,8 @@ +// ACL-SF08 +// +// ACL: accept: src=['autogroup:member', 'tag:client'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-SF08", "timestamp": "2026-03-17T14:45:45Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF09.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF09.hujson index f794e3ce..7b3d9efa 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF09.hujson @@ -1,3 +1,10 @@ +// ACL-SF09 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:22'] +// accept: src=['*'] dst=['autogroup:self:80'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-SF09", "timestamp": "2026-03-17T14:45:45Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF10.hujson index 77833398..fb182f01 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF10.hujson @@ -1,3 +1,8 @@ +// ACL-SF10 +// +// ACL: accept: src=['*'] dst=['autogroup:self:22', 'autogroup:self:80'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-SF10", "timestamp": "2026-03-17T14:45:55Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF11.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF11.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF11.hujson index cc974ad2..1efe4e60 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF11.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF11.hujson @@ -1,3 +1,8 @@ +// ACL-SF11 +// +// ACL: accept: src=['*'] dst=['autogroup:self:22', 'kratail2tid@passkey:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-SF11", "timestamp": "2026-03-17T14:46:06Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF12.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF12.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF12.hujson index f8af20fd..0841551f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF12.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF12.hujson @@ -1,3 +1,8 @@ +// ACL-SF12 +// +// ACL: accept: src=['kristoffer@dalby.cc'] dst=['autogroup:self:*'] +// +// Expected: Rules on user-kris { "test_id": "ACL-SF12", "timestamp": "2026-03-17T14:46:16Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF13.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF13.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF13.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF13.hujson index 79c1c8b0..b9e60aca 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF13.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF13.hujson @@ -1,3 +1,8 @@ +// ACL-SF13 +// +// ACL: accept: src=['group:monitors'] dst=['autogroup:self:22'] +// +// Expected: Rules on user-mon { "test_id": "ACL-SF13", "timestamp": "2026-03-17T14:46:27Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T01.hujson index 149a9198..c8722a6f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T01.hujson @@ -1,3 +1,8 @@ +// ACL-T01 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-T01", "timestamp": "2026-03-17T14:46:37Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T02.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T02.hujson index 9c5e196b..ca7e3fc9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T02.hujson @@ -1,3 +1,8 @@ +// ACL-T02 +// +// ACL: accept: src=['tag:client'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-T02", "timestamp": "2026-03-17T14:46:48Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T03.hujson index 4dc6b1f8..01e8598b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T03.hujson @@ -1,3 +1,8 @@ +// ACL-T03 +// +// ACL: accept: src=['tag:client', 'tag:prod'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-T03", "timestamp": "2026-03-17T14:46:58Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T04.hujson index 93b3cc1d..7dfb0040 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T04.hujson @@ -1,3 +1,8 @@ +// ACL-T04 +// +// ACL: accept: src=['*'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-T04", "timestamp": "2026-03-17T14:47:09Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T05.hujson index 703a34db..bc8f3591 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T05.hujson @@ -1,3 +1,8 @@ +// ACL-T05 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'tag:prod:5432', 'tag:router:80'] +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server { "test_id": "ACL-T05", "timestamp": "2026-03-17T14:47:19Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T06.hujson index 42c17aa5..479a4380 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T06.hujson @@ -1,3 +1,8 @@ +// ACL-T06 +// +// ACL: accept: src=['autogroup:tagged'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod { "test_id": "ACL-T06", "timestamp": "2026-03-17T14:47:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T07.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T07.hujson index 6c571700..8dd47d6f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T07.hujson @@ -1,3 +1,8 @@ +// ACL-T07 +// +// ACL: accept: src=['tag:server'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod { "test_id": "ACL-T07", "timestamp": "2026-03-17T14:47:40Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T08.hujson index 0254f34c..af127da1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T08.hujson @@ -1,3 +1,8 @@ +// ACL-T08 +// +// ACL: accept: src=['tag:client', 'tag:server', 'tag:prod'] dst=['tag:router:*'] +// +// Expected: Rules on subnet-router { "test_id": "ACL-T08", "timestamp": "2026-03-17T14:47:50Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T09.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T09.hujson index f4cd54a1..9816989a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T09.hujson @@ -1,3 +1,8 @@ +// ACL-T09 +// +// ACL: accept: src=['tag:client'] dst=['100.108.74.26:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-T09", "timestamp": "2026-03-17T14:48:01Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T10.hujson index f76b5f99..89576481 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T10.hujson @@ -1,3 +1,8 @@ +// ACL-T10 +// +// ACL: accept: src=['100.83.200.69'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-T10", "timestamp": "2026-03-17T14:48:11Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U01.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U01.hujson index 02f879ad..45e8f852 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U01.hujson @@ -1,3 +1,8 @@ +// ACL-U01 +// +// ACL: accept: src=['kratail2tid@passkey'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-U01", "timestamp": "2026-03-17T14:48:22Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U02.hujson index 7583c176..03597cf2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U02.hujson @@ -1,3 +1,8 @@ +// ACL-U02 +// +// ACL: accept: src=['*'] dst=['kratail2tid@passkey:*'] +// +// Expected: Rules on user1 { "test_id": "ACL-U02", "timestamp": "2026-03-17T14:48:32Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U03.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U03.hujson index dc3eec6a..11a3c5eb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U03.hujson @@ -1,3 +1,8 @@ +// ACL-U03 +// +// ACL: accept: src=['group:admins'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-U03", "timestamp": "2026-03-17T14:48:43Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U04.hujson index 2b1e93d4..9850ba12 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U04.hujson @@ -1,3 +1,8 @@ +// ACL-U04 +// +// ACL: accept: src=['*'] dst=['group:admins:*'] +// +// Expected: Rules on user1 { "test_id": "ACL-U04", "timestamp": "2026-03-17T14:48:53Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U05.hujson index c2aa7fef..d8bb3d50 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U05.hujson @@ -1,3 +1,8 @@ +// ACL-U05 +// +// ACL: accept: src=['group:developers'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-U05", "timestamp": "2026-03-17T14:49:03Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U06.hujson index 9a3712ca..433fce45 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U06.hujson @@ -1,3 +1,8 @@ +// ACL-U06 +// +// ACL: accept: src=['kratail2tid@passkey'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-U06", "timestamp": "2026-03-17T14:49:14Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U07.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U07.hujson index 72182012..b420d3f6 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U07.hujson @@ -1,3 +1,8 @@ +// ACL-U07 +// +// ACL: accept: src=['kristoffer@dalby.cc'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-U07", "timestamp": "2026-03-17T14:49:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U08.hujson index 9fc3d8c3..58d7b34f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U08.hujson @@ -1,3 +1,8 @@ +// ACL-U08 +// +// ACL: accept: src=['group:admins'] dst=['tag:server:22', 'tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-U08", "timestamp": "2026-03-17T14:49:35Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U09.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U09.hujson index f6da277e..c0a4d1a0 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U09.hujson @@ -1,3 +1,8 @@ +// ACL-U09 +// +// ACL: accept: src=['group:monitors'] dst=['tag:server:*'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-U09", "timestamp": "2026-03-17T14:49:45Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U10.hujson index 7bd1f2a9..4116ea36 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U10.hujson @@ -1,3 +1,8 @@ +// ACL-U10 +// +// ACL: accept: src=['group:empty'] dst=['*:*'] +// +// Expected: No filter rules { "test_id": "ACL-U10", "timestamp": "2026-03-17T14:49:56Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U11.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U11.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U11.hujson index 27d0b511..d2ef544b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U11.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U11.hujson @@ -1,3 +1,8 @@ +// ACL-U11 +// +// ACL: accept: src=['kratail2tid@passkey', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-U11", "timestamp": "2026-03-17T14:50:06Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U12.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U12.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U12.hujson index c7e34cc9..5633999d 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U12.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U12.hujson @@ -1,3 +1,8 @@ +// ACL-U12 +// +// ACL: accept: src=['group:admins', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-U12", "timestamp": "2026-03-17T14:50:17Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W01.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W01.hujson index 095e1def..1be7ad05 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W01.hujson @@ -1,3 +1,8 @@ +// ACL-W01 +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-W01", "timestamp": "2026-03-17T14:50:27Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W02.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W02.hujson index 6e8fa5da..0ccc8f2e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W02.hujson @@ -1,3 +1,8 @@ +// ACL-W02 +// +// ACL: accept: src=['100.90.199.68'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-W02", "timestamp": "2026-03-17T14:50:38Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W03.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W03.hujson index 1dbf0242..a323c82e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W03.hujson @@ -1,3 +1,8 @@ +// ACL-W03 +// +// ACL: accept: src=['100.64.0.0/16'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-W03", "timestamp": "2026-03-17T14:50:48Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W04.hujson index be6a784e..9ade48fb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W04.hujson @@ -1,3 +1,8 @@ +// ACL-W04 +// +// ACL: accept: src=['*'] dst=['100.108.74.26:*'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-W04", "timestamp": "2026-03-17T14:50:59Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W05.hujson index 5e2beeb2..6b401804 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W05.hujson @@ -1,3 +1,8 @@ +// ACL-W05 +// +// ACL: accept: src=['*'] dst=['100.64.0.0/12:*'] +// +// Expected: No filter rules { "test_id": "ACL-W05", "timestamp": "2026-03-17T14:51:09Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W06.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W06.hujson index 1b0d4275..1129093a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W06.hujson @@ -1,3 +1,8 @@ +// ACL-W06 +// +// ACL: accept: src=['*'] dst=['*:80'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-W06", "timestamp": "2026-03-17T14:51:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W07.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W07.hujson index 33aa72df..71cbe35a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W07.hujson @@ -1,3 +1,8 @@ +// ACL-W07 +// +// ACL: accept: src=['*'] dst=['*:443'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-W07", "timestamp": "2026-03-17T14:51:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A1.hujson index f6d8e417..7ad33eb5 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A1.hujson @@ -1,3 +1,8 @@ +// GRANT-A1 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/basic} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-A1", "timestamp": "2026-02-23T00:15:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A2.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A2.hujson index f0fb092c..f783ba96 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A2.hujson @@ -1,3 +1,8 @@ +// GRANT-A2 +// +// Grant: src=['*'] dst=['*'] app={https://tailscale.com/cap/ingress} +// +// Expected: Error (HTTP 400) — capability name must have the form {domain}/{path} { "test_id": "GRANT-A2", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A3.hujson index 7be253ab..4b8b0f66 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A3.hujson @@ -1,3 +1,8 @@ +// GRANT-A3 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/webui} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-A3", "timestamp": "2026-02-23T00:17:41Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A4.hujson index 09cc6dd1..628f09c7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A4.hujson @@ -1,3 +1,8 @@ +// GRANT-A4 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/relay} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-A4", "timestamp": "2026-02-23T00:18:54Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A5.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A5.hujson index 946933b7..9b8543eb 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A5.hujson @@ -1,3 +1,8 @@ +// GRANT-A5 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/relay-target} +// +// Expected: Error (HTTP 400) — capability name must not be in the tailscale.com domain { "test_id": "GRANT-A5", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A6.hujson index 6a5cfc2d..f44867f6 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A6.hujson @@ -1,3 +1,8 @@ +// GRANT-A6 +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] app={tailscale.com/cap/drive} +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-A6", "timestamp": "2026-02-23T00:20:13Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-B1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-B1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-B1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-B1.hujson index 16c470ea..601ebca7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-B1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-B1.hujson @@ -1,3 +1,8 @@ +// GRANT-B1 +// +// Grant: src=['*'] dst=['tag:server'] app={tailscale.com/cap/kubernetes} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-B1", "timestamp": "2026-02-23T00:21:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-B2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-B2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-B2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-B2.hujson index 8637ad97..37f77123 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-B2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-B2.hujson @@ -1,3 +1,8 @@ +// GRANT-B2 +// +// Grant: src=['*'] dst=['tag:server'] app={tailscale.com/cap/kubernetes} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-B2", "timestamp": "2026-02-23T00:22:39Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-B3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-B3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-B3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-B3.hujson index f6a139ad..45650204 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-B3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-B3.hujson @@ -1,3 +1,8 @@ +// GRANT-B3 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/drive} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-B3", "timestamp": "2026-02-23T00:23:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-B4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-B4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-B4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-B4.hujson index 0d969cba..72910917 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-B4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-B4.hujson @@ -1,3 +1,8 @@ +// GRANT-B4 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/drive} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-B4", "timestamp": "2026-02-23T00:25:05Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-B5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-B5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-B5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-B5.hujson index c016e89b..3c8ca624 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-B5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-B5.hujson @@ -1,3 +1,8 @@ +// GRANT-B5 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/drive} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-B5", "timestamp": "2026-02-23T00:26:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C1.hujson index 0ad0302d..60dc71d0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C1.hujson @@ -1,3 +1,8 @@ +// GRANT-C1 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C1", "timestamp": "2026-02-23T00:28:11Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C2.hujson index f89a7da9..3640df85 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C2.hujson @@ -1,3 +1,8 @@ +// GRANT-C2 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C2", "timestamp": "2026-02-23T00:28:28Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C3.hujson index cb413f4c..9cb65fea 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C3.hujson @@ -1,3 +1,8 @@ +// GRANT-C3 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C3", "timestamp": "2026-02-23T00:28:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C4.hujson index ae549c4f..da6d51c4 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C4.hujson @@ -1,3 +1,8 @@ +// GRANT-C4 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/one,example.com/cap/two} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C4", "timestamp": "2026-02-23T00:29:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C5.hujson index 4218e377..b37e62bb 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C5.hujson @@ -1,3 +1,8 @@ +// GRANT-C5 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/complex} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C5", "timestamp": "2026-02-23T00:29:18Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C6.hujson index 0624b4ed..1d966ec9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C6.hujson @@ -1,3 +1,8 @@ +// GRANT-C6 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/array} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C6", "timestamp": "2026-02-23T00:29:35Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D1.hujson index a67ae96f..9a1417e7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D1.hujson @@ -1,3 +1,8 @@ +// GRANT-D1 +// +// Grant: src=['autogroup:member'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D1", "timestamp": "2026-02-23T00:29:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D2.hujson index 17b5087f..bf24acc7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D2.hujson @@ -1,3 +1,8 @@ +// GRANT-D2 +// +// Grant: src=['autogroup:tagged'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D2", "timestamp": "2026-02-23T00:30:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D3.hujson index 75340779..0ee48dc3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D3.hujson @@ -1,3 +1,8 @@ +// GRANT-D3 +// +// Grant: src=['group:admins'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D3", "timestamp": "2026-02-23T00:30:25Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D4.hujson index b88fae20..a817691f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D4.hujson @@ -1,3 +1,8 @@ +// GRANT-D4 +// +// Grant: src=['kratail2tid@passkey'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D4", "timestamp": "2026-02-23T00:30:42Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D5.hujson index ee185b4c..22cddc51 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D5.hujson @@ -1,3 +1,8 @@ +// GRANT-D5 +// +// Grant: src=['tag:prod'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D5", "timestamp": "2026-02-23T00:30:59Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D6.hujson index 98d092ae..9a012347 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D6.hujson @@ -1,3 +1,8 @@ +// GRANT-D6 +// +// Grant: src=['100.90.199.68'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D6", "timestamp": "2026-02-23T00:31:16Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D7.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D7.hujson index 5c749dec..45eff2de 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D7.hujson @@ -1,3 +1,8 @@ +// GRANT-D7 +// +// Grant: src=['autogroup:member', 'tag:prod'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D7", "timestamp": "2026-02-23T00:31:33Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E1.hujson index f5b82396..a5ee337e 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E1.hujson @@ -1,3 +1,8 @@ +// GRANT-E1 +// +// Grant: src=['*'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-E1", "timestamp": "2026-02-23T00:31:50Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E2.hujson index e67ddbf1..7a1f5bb9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E2.hujson @@ -1,3 +1,8 @@ +// GRANT-E2 +// +// Grant: src=['*'] dst=['tag:server', 'tag:prod'] app={example.com/cap/test} +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-E2", "timestamp": "2026-02-23T00:32:07Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E3.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E3.hujson index 86b4a55b..b7afd28d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E3.hujson @@ -1,3 +1,8 @@ +// GRANT-E3 +// +// Grant: src=['*'] dst=['autogroup:self'] app={tailscale.com/cap/drive} +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-E3", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E4.hujson index 89bef1bc..df5ef74f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E4.hujson @@ -1,3 +1,8 @@ +// GRANT-E4 +// +// Grant: src=['*'] dst=['autogroup:member'] app={example.com/cap/test} +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-E4", "timestamp": "2026-02-23T00:32:23Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E5.hujson index ad3ef279..f3be1fbc 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E5.hujson @@ -1,3 +1,8 @@ +// GRANT-E5 +// +// Grant: src=['*'] dst=['autogroup:tagged'] app={example.com/cap/test} +// +// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "GRANT-E5", "timestamp": "2026-02-23T00:32:40Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E6.hujson index b2f28b19..4aafe410 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E6.hujson @@ -1,3 +1,8 @@ +// GRANT-E6 +// +// Grant: src=['*'] dst=['group:admins'] app={example.com/cap/test} +// +// Expected: Rules on user1 { "test_id": "GRANT-E6", "timestamp": "2026-02-23T00:32:57Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E7.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E7.hujson index a092c24a..371ad598 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E7.hujson @@ -1,3 +1,8 @@ +// GRANT-E7 +// +// Grant: src=['*'] dst=['kratail2tid@passkey'] app={example.com/cap/test} +// +// Expected: Rules on user1 { "test_id": "GRANT-E7", "timestamp": "2026-02-23T00:33:14Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E8.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E8.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E8.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E8.hujson index 1f9676a7..55661838 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E8.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E8.hujson @@ -1,3 +1,8 @@ +// GRANT-E8 +// +// Grant: src=['*'] dst=['100.108.74.26'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-E8", "timestamp": "2026-02-23T00:33:31Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-F1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-F1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-F1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-F1.hujson index 95385f54..b1ae7d00 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-F1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-F1.hujson @@ -1,3 +1,8 @@ +// GRANT-F1 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:80', 'tcp:443'] app={tailscale.com/cap/kubernetes} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-F1", "timestamp": "2026-02-23T00:33:47Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-F2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-F2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-F2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-F2.hujson index 318c6340..1f87438b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-F2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-F2.hujson @@ -1,3 +1,8 @@ +// GRANT-F2 +// +// Grant: src=['autogroup:member'] dst=['tag:server'] ip=['*'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-F2", "timestamp": "2026-02-23T00:34:04Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-F3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-F3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-F3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-F3.hujson index ee28ec06..94e1f81d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-F3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-F3.hujson @@ -1,3 +1,10 @@ +// GRANT-F3 +// +// Grants: +// src=['*'] dst=['tag:server'] ip=['tcp:80', 'tcp:443'] +// src=['*'] dst=['tag:server'] app={tailscale.com/cap/kubernetes} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-F3", "timestamp": "2026-02-23T00:34:21Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-F4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-F4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-F4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-F4.hujson index e8600c6d..7067e68b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-F4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-F4.hujson @@ -1,3 +1,8 @@ +// GRANT-F4 +// +// Grant: src=['*'] dst=['*'] ip=['tcp:443'] app={tailscale.com/cap/drive,example.com/cap/extra} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-F4", "timestamp": "2026-02-23T00:34:38Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G1.hujson index ebdf0da0..9e9e9c38 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G1.hujson @@ -1,3 +1,10 @@ +// GRANT-G1 +// +// Grants: +// src=['*'] dst=['tag:server'] app={example.com/cap/one} +// src=['*'] dst=['tag:server'] app={example.com/cap/two} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-G1", "timestamp": "2026-02-23T00:34:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G2.hujson index 4e9d2b13..3d6225d8 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G2.hujson @@ -1,3 +1,10 @@ +// GRANT-G2 +// +// Grants: +// src=['*'] dst=['tag:server'] app={example.com/cap/test} +// src=['*'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-G2", "timestamp": "2026-02-23T00:35:12Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G3.hujson index 2062ad30..8c15c762 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G3.hujson @@ -1,3 +1,10 @@ +// GRANT-G3 +// +// Grants: +// src=['*'] dst=['tag:server'] app={example.com/cap/test} +// src=['tag:client'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-G3", "timestamp": "2026-02-23T00:35:28Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G4.hujson index 7dca87e7..5141ac54 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G4.hujson @@ -1,3 +1,10 @@ +// GRANT-G4 +// +// Grants: +// src=['*'] dst=['tag:server'] app={example.com/cap/test} +// src=['*'] dst=['tag:server'] ip=['tcp:80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-G4", "timestamp": "2026-02-23T00:35:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G5.hujson index e9891cf0..0206a108 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G5.hujson @@ -1,3 +1,11 @@ +// GRANT-G5 +// +// Grants: +// src=['*'] dst=['*'] ip=['*'] +// src=['tag:client'] dst=['tag:server'] app={example.com/cap/test} +// src=['autogroup:member'] dst=['tag:server'] ip=['tcp:443'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-G5", "timestamp": "2026-02-23T00:36:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G6.hujson index 7bec7b67..01707dec 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G6.hujson @@ -1,3 +1,10 @@ +// GRANT-G6 +// +// Grants: +// src=['*'] dst=['*'] app={example.com/cap/test} +// src=['*'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-G6", "timestamp": "2026-02-23T00:36:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H1.hujson similarity index 92% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H1.hujson index 9f6e652a..eb1c0941 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H1.hujson @@ -1,3 +1,8 @@ +// GRANT-H1 +// +// Grant: src=['*'] dst=['*'] +// +// Expected: Error (HTTP 400) — ip and app can not both be empty { "test_id": "GRANT-H1", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H10.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H10.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H10.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H10.hujson index fcbc39d3..c60e285a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H10.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H10.hujson @@ -1,3 +1,8 @@ +// GRANT-H10 +// +// Grant: src=['autogroup:self'] dst=['*'] app={example.com/cap/test} +// +// Expected: Error (HTTP 400) — "autogroup:self" not valid on the src side of a rule { "test_id": "GRANT-H10", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H2.hujson index 59401296..8b938c9d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H2.hujson @@ -1,3 +1,8 @@ +// GRANT-H2 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-H2", "timestamp": "2026-02-23T00:36:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H3.hujson similarity index 92% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H3.hujson index af9ebd33..48d3f2d3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H3.hujson @@ -1,3 +1,8 @@ +// GRANT-H3 +// +// Grant: src=['*'] dst=['*'] +// +// Expected: Error (HTTP 400) — ip and app can not both be empty { "test_id": "GRANT-H3", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H4.hujson index c2915684..ec0afa57 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H4.hujson @@ -1,3 +1,8 @@ +// GRANT-H4 +// +// Grant: src=[] dst=['*'] app={example.com/cap/test} +// +// Expected: No filter rules on any node { "test_id": "GRANT-H4", "timestamp": "2026-02-23T00:36:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H5.hujson index 1e841294..4ea34273 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H5.hujson @@ -1,3 +1,8 @@ +// GRANT-H5 +// +// Grant: src=['*'] dst=[] app={example.com/cap/test} +// +// Expected: No filter rules on any node { "test_id": "GRANT-H5", "timestamp": "2026-02-23T00:37:10Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H6.hujson index f052ad1e..7d2049d7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H6.hujson @@ -1,3 +1,8 @@ +// GRANT-H6 +// +// Grant: src=['group:empty'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-H6", "timestamp": "2026-02-23T00:37:27Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H7.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H7.hujson index cfe2ffef..c34b843b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H7.hujson @@ -1,3 +1,8 @@ +// GRANT-H7 +// +// Grant: src=['tag:nonexistent'] dst=['*'] app={example.com/cap/test} +// +// Expected: Error (HTTP 400) — src=tag not found: "tag:nonexistent" { "test_id": "GRANT-H7", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H8.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H8.hujson similarity index 92% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H8.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H8.hujson index 4a0a0b80..1cf7fec3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H8.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H8.hujson @@ -1,3 +1,8 @@ +// GRANT-H8 +// +// Grant: src=['*'] dst=['*'] +// +// Expected: Error (HTTP 400) — ip and app can not both be empty { "test_id": "GRANT-H8", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H9.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H9.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H9.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H9.hujson index 04bc4a01..5f80bed9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H9.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H9.hujson @@ -1,3 +1,8 @@ +// GRANT-H9 +// +// Grant: src=['*'] dst=['autogroup:self'] app={example.com/cap/test} +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-H9", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-I1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-I1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-I1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-I1.hujson index 082593d6..c1036a1c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-I1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-I1.hujson @@ -1,3 +1,8 @@ +// GRANT-I1 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-I1", "timestamp": "2026-02-23T00:37:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-I2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-I2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-I2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-I2.hujson index 19df2802..ab512719 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-I2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-I2.hujson @@ -1,3 +1,8 @@ +// GRANT-I2 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['tcp:80'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-I2", "timestamp": "2026-02-23T00:38:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-I3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-I3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-I3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-I3.hujson index b8abd3f4..90fbc8a2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-I3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-I3.hujson @@ -1,3 +1,8 @@ +// GRANT-I3 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router', 'tag:exit'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-I3", "timestamp": "2026-02-23T00:38:18Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-I4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-I4.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-I4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-I4.hujson index 58a2dea9..3619e2d1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-I4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-I4.hujson @@ -1,3 +1,8 @@ +// GRANT-I4 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['autogroup:tagged'] ip=['*'] +// +// Expected: Error (HTTP 400) — via can only be a tag { "test_id": "GRANT-I4", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J1.hujson index bc1a547c..d7c5e3f9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J1.hujson @@ -1,3 +1,8 @@ +// GRANT-J1 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J1", "timestamp": "2026-02-23T00:38:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J2.hujson index 961a9511..f8d75ec3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J2.hujson @@ -1,3 +1,8 @@ +// GRANT-J2 +// +// Grant: src=['*'] dst=['tag:server'] ip=['udp:53'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J2", "timestamp": "2026-02-23T00:38:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J3.hujson index ff513b37..a2f687ef 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J3.hujson @@ -1,3 +1,8 @@ +// GRANT-J3 +// +// Grant: src=['*'] dst=['tag:server'] ip=['*'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J3", "timestamp": "2026-02-23T00:39:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J4.hujson index 31831019..024ae19b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J4.hujson @@ -1,3 +1,8 @@ +// GRANT-J4 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:80', 'udp:53', 'tcp:443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J4", "timestamp": "2026-02-23T00:39:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J5.hujson index de9a0e70..9df3cea2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J5.hujson @@ -1,3 +1,8 @@ +// GRANT-J5 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:80-443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J5", "timestamp": "2026-02-23T00:39:43Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J6.hujson index 453add9b..4f4c2ea3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J6.hujson @@ -1,3 +1,8 @@ +// GRANT-J6 +// +// Grant: src=['*'] dst=['tag:server'] ip=['80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J6", "timestamp": "2026-02-23T00:40:00Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J7.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J7.hujson index 8b574e92..4c4ffbec 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J7.hujson @@ -1,3 +1,8 @@ +// GRANT-J7 +// +// Grant: src=['*'] dst=['tag:server'] ip=['icmp'] +// +// Expected: Error (HTTP 400) — port range "icmp": invalid first integer { "test_id": "GRANT-J7", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K1.hujson index e307a80d..c96adb38 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K1.hujson @@ -1,3 +1,9 @@ +// GRANT-K1 +// +// ACLs: +// accept: src=['*'] dst=['*:*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K1", "timestamp": "2026-02-23T02:53:51Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K10.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K10.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K10.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K10.hujson index 0bfdd4b4..0deb2029 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K10.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K10.hujson @@ -1,3 +1,8 @@ +// GRANT-K10 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/funnel} +// +// Expected: Error (HTTP 400) — capability name must not be in the tailscale.com domain { "test_id": "GRANT-K10", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K11.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K11.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K11.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K11.hujson index 439d13e2..e41b21ee 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K11.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K11.hujson @@ -1,3 +1,8 @@ +// GRANT-K11 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/webui,...} (4 caps) +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K11", "timestamp": "2026-02-23T02:55:39Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K12.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K12.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K12.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K12.hujson index d1acf460..c37eef27 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K12.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K12.hujson @@ -1,3 +1,8 @@ +// GRANT-K12 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] app={example.com/cap/subnet-access} +// +// Expected: No filter rules on any node { "test_id": "GRANT-K12", "timestamp": "2026-02-23T02:55:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K13.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K13.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K13.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K13.hujson index 16bb593a..5733bc6f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K13.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K13.hujson @@ -1,3 +1,8 @@ +// GRANT-K13 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['tcp:80'] app={example.com/cap/subnet-access} +// +// Expected: Rules on subnet-router { "test_id": "GRANT-K13", "timestamp": "2026-02-23T02:56:12Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K14.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K14.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K14.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K14.hujson index 6bdd1ce4..3b6a9c39 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K14.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K14.hujson @@ -1,3 +1,8 @@ +// GRANT-K14 +// +// Grant: src=['fd7a:115c:a1e0::c537:c845'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K14", "timestamp": "2026-02-23T02:56:28Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K15.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K15.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K15.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K15.hujson index da53a921..19b1c914 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K15.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K15.hujson @@ -1,3 +1,8 @@ +// GRANT-K15 +// +// Grant: src=['*'] dst=['fd7a:115c:a1e0::b901:4a87'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K15", "timestamp": "2026-02-23T02:56:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K16.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K16.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K16.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K16.hujson index 9481e699..56d8492c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K16.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K16.hujson @@ -1,3 +1,10 @@ +// GRANT-K16 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['tcp:22'] +// src=['*'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K16", "timestamp": "2026-02-23T02:57:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K17.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K17.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K17.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K17.hujson index 8c11fe5b..f87deb74 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K17.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K17.hujson @@ -1,3 +1,10 @@ +// GRANT-K17 +// +// Grants: +// src=['*'] dst=['*'] ip=['*'] +// src=['tag:client'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K17", "timestamp": "2026-02-23T02:57:18Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K18.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K18.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K18.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K18.hujson index b8eb320f..00776f73 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K18.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K18.hujson @@ -1,3 +1,10 @@ +// GRANT-K18 +// +// Grants: +// src=['*'] dst=['*'] app={example.com/cap/one} +// src=['*'] dst=['*'] app={example.com/cap/two} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K18", "timestamp": "2026-02-23T02:57:35Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K19.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K19.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K19.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K19.hujson index 876af178..69390bae 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K19.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K19.hujson @@ -1,3 +1,10 @@ +// GRANT-K19 +// +// Grants: +// src=['*'] dst=['*'] app={example.com/cap/test} +// src=['*'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K19", "timestamp": "2026-02-23T02:57:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K2.hujson index 8e28b0d4..f00b8d2d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K2.hujson @@ -1,3 +1,8 @@ +// GRANT-K2 +// +// Grant: src=['*'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K2", "timestamp": "2026-02-23T02:54:08Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K20.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K20.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K20.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K20.hujson index 837415a1..e3710b81 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K20.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K20.hujson @@ -1,3 +1,8 @@ +// GRANT-K20 +// +// Grant: src=['user:*@passkey'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K20", "timestamp": "2026-02-23T02:58:08Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K21.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K21.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K21.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K21.hujson index 03bd5192..5d42367c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K21.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K21.hujson @@ -1,3 +1,8 @@ +// GRANT-K21 +// +// Grant: src=['*'] dst=['user:*@passkey'] ip=['tcp:22'] +// +// Expected: Rules on user-mon, user1 { "test_id": "GRANT-K21", "timestamp": "2026-02-23T02:58:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K22.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K22.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K22.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K22.hujson index 8b2968ea..02b83af5 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K22.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K22.hujson @@ -1,3 +1,8 @@ +// GRANT-K22 +// +// Grant: src=['*'] dst=['tag:server'] ip=['47'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K22", "timestamp": "2026-02-23T02:58:46Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K23.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K23.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K23.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K23.hujson index bfb6153a..794d2932 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K23.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K23.hujson @@ -1,3 +1,8 @@ +// GRANT-K23 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:0'] +// +// Expected: Error (HTTP 400) — port range "0": first port must be >0, or use '*' for wildcard { "test_id": "GRANT-K23", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K24.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K24.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K24.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K24.hujson index 72f2838e..d725364f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K24.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K24.hujson @@ -1,3 +1,8 @@ +// GRANT-K24 +// +// Grant: src=['*'] dst=['*'] app={example.com/a/b/c/d/e/f} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K24", "timestamp": "2026-02-23T02:59:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K25.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K25.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K25.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K25.hujson index 2530cebd..0a4ed47e 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K25.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K25.hujson @@ -1,3 +1,8 @@ +// GRANT-K25 +// +// Grant: src=['*'] dst=['*'] app={my-company.internal/cap/access} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K25", "timestamp": "2026-02-23T02:59:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K26.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K26.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K26.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K26.hujson index 921eeeb4..e41b19eb 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K26.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K26.hujson @@ -1,3 +1,8 @@ +// GRANT-K26 +// +// Grant: src=['autogroup:member'] dst=['autogroup:member', 'autogroup:tagged'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K26", "timestamp": "2026-02-23T02:59:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K27.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K27.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K27.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K27.hujson index ba91ee96..eadd45b6 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K27.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K27.hujson @@ -1,3 +1,8 @@ +// GRANT-K27 +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] app={example.com/cap/self-service} +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-K27", "timestamp": "2026-02-23T02:59:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K28.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K28.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K28.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K28.hujson index d7f14dc9..4a89b98f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K28.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K28.hujson @@ -1,3 +1,8 @@ +// GRANT-K28 +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] ip=['*'] app={tailscale.com/cap/drive} +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-K28", "timestamp": "2026-02-23T03:00:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K29.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K29.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K29.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K29.hujson index 5528eef1..d7fdf932 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K29.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K29.hujson @@ -1,3 +1,6 @@ +// GRANT-K29 +// +// Expected: No filter rules on any node { "test_id": "GRANT-K29", "timestamp": "2026-02-23T03:00:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K3.hujson index 2cd9350d..00862f4c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K3.hujson @@ -1,3 +1,9 @@ +// GRANT-K3 +// +// Grant: src=['*'] dst=['tag:server'] app={example.com/cap/test} +// Also has ACLs +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K3", "timestamp": "2026-02-23T02:54:24Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K30.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K30.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K30.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K30.hujson index c627a008..06e64c0a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K30.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K30.hujson @@ -1,3 +1,8 @@ +// GRANT-K30 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router', 'tag:nonexistent'] ip=['*'] +// +// Expected: Error (HTTP 400) — tag "tag:nonexistent" not found { "test_id": "GRANT-K30", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K4.hujson index d8652e4e..6beb03e0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K4.hujson @@ -1,3 +1,9 @@ +// GRANT-K4 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:80', 'tcp:443'] +// Also has ACLs +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K4", "timestamp": "2026-02-23T02:54:40Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K5.hujson index 91412c77..22fe3877 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K5.hujson @@ -1,3 +1,11 @@ +// GRANT-K5 +// +// Grants: +// src=['autogroup:member'] dst=['tag:server'] app={tailscale.com/cap/kubernetes} +// src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['*'] +// Also has ACLs +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "GRANT-K5", "timestamp": "2026-02-23T02:54:57Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K6.hujson index e19ffc06..d065062c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K6.hujson @@ -1,3 +1,8 @@ +// GRANT-K6 +// +// Grant: src=['autogroup:danger-all'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K6", "timestamp": "2026-02-23T02:55:13Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K7.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K7.hujson index 0d244702..a1de9767 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K7.hujson @@ -1,3 +1,8 @@ +// GRANT-K7 +// +// Grant: src=['*'] dst=['autogroup:danger-all'] ip=['tcp:22'] +// +// Expected: Error (HTTP 400) — cannot use autogroup:danger-all as a dst { "test_id": "GRANT-K7", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K8.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K8.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K8.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K8.hujson index 1316d682..0107edd3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K8.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K8.hujson @@ -1,3 +1,8 @@ +// GRANT-K8 +// +// Grant: src=['autogroup:danger-all'] dst=['autogroup:danger-all'] ip=['*'] +// +// Expected: Error (HTTP 400) — cannot use autogroup:danger-all as a dst { "test_id": "GRANT-K8", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K9.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K9.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K9.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K9.hujson index 4488362b..61b9601d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K9.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K9.hujson @@ -1,3 +1,8 @@ +// GRANT-K9 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/ingress} +// +// Expected: Error (HTTP 400) — capability name must not be in the tailscale.com domain { "test_id": "GRANT-K9", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.hujson index 7dee1d31..1ea6de3e 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P01_1 +// +// Grant: src=['*'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P01_1", "timestamp": "2026-02-23T00:42:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.hujson index d4bc423b..e822a619 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P01_2 +// +// Grant: src=['100.90.199.68'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P01_2", "timestamp": "2026-02-23T00:43:12Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.hujson index e5f87a46..02eabb4c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P01_3 +// +// Grant: src=['100.64.0.0/16'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P01_3", "timestamp": "2026-02-23T00:43:29Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.hujson index 48bea17a..b16ccf55 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P01_4 +// +// Grant: src=['*'] dst=['100.108.74.26'] ip=['*'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P01_4", "timestamp": "2026-02-23T00:43:46Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.hujson index c488c244..4d21fc0f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.hujson @@ -1,3 +1,8 @@ +// GRANT-P01_5 +// +// Grant: src=['*'] dst=['100.64.0.0/12'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P01_5", "timestamp": "2026-02-23T00:44:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.hujson index f755a16f..5bab5b8a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P02_1 +// +// Grant: src=['kratail2tid@passkey'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P02_1", "timestamp": "2026-02-23T00:44:20Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.hujson index 0bec0df2..9ebee3a9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P02_2 +// +// Grant: src=['*'] dst=['kratail2tid@passkey'] ip=['*'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P02_2", "timestamp": "2026-02-23T00:44:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.hujson index 019873ee..0ca99c53 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P02_3 +// +// Grant: src=['group:admins'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P02_3", "timestamp": "2026-02-23T00:44:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.hujson index a7abad0a..12b46fe9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P02_4 +// +// Grant: src=['*'] dst=['group:admins'] ip=['*'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P02_4", "timestamp": "2026-02-23T00:45:10Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.hujson index 16d5d811..a9cfccd2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.hujson @@ -1,3 +1,10 @@ +// GRANT-P02_5_CORRECT +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:prod'] ip=['5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P02_5_CORRECT", "timestamp": "2026-02-23T00:45:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.hujson index c0fe29ae..70b5d404 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P02_5_NAIVE +// +// Grant: src=['tag:client'] dst=['tag:server', 'tag:prod'] ip=['22', '5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P02_5_NAIVE", "timestamp": "2026-02-23T00:45:42Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.hujson index 20b9bfb3..e3510f42 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P03_1 +// +// Grant: src=['tag:client'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P03_1", "timestamp": "2026-02-23T00:45:58Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.hujson index fae2ec59..147bece0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P03_2 +// +// Grant: src=['*'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P03_2", "timestamp": "2026-02-23T00:46:15Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.hujson index f22afd32..5a81aa73 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P03_3 +// +// Grant: src=['tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P03_3", "timestamp": "2026-02-23T00:46:32Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.hujson index 85eeb0ad..a17a48c9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P03_4 +// +// Grant: src=['tag:client', 'tag:prod'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P03_4", "timestamp": "2026-02-23T00:46:49Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.hujson index 80014984..794f7fa7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P04_1 +// +// Grant: src=['autogroup:member'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P04_1", "timestamp": "2026-02-23T00:47:06Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.hujson index 4f3d8792..7fec4353 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P04_2 +// +// Grant: src=['autogroup:tagged'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P04_2", "timestamp": "2026-02-23T00:47:22Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.hujson index 8508e5b1..e85f12ce 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P04_3 +// +// Grant: src=['*'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P04_3", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.hujson index 1d3cd8c7..8644469a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P04_4 +// +// Grant: src=['*'] dst=['autogroup:internet'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P04_4", "timestamp": "2026-02-23T00:47:40Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.hujson index ab6db23c..a60f748b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P05_1 +// +// Grant: src=['*'] dst=['webserver'] ip=['80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P05_1", "timestamp": "2026-02-23T00:47:56Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.hujson index 97fe9ef7..d6a5b35b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P05_2 +// +// Grant: src=['webserver'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P05_2", "timestamp": "2026-02-23T00:48:13Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.hujson index 97f65e04..20e6fb1c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P05_3 +// +// Grant: src=['internal'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P05_3", "timestamp": "2026-02-23T00:48:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.hujson index ad234b10..ab58ee1d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_1 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_1", "timestamp": "2026-02-23T00:48:47Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.hujson index 86b25e4b..fca9ad47 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_2 +// +// Grant: src=['*'] dst=['tag:server'] ip=['udp:53'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_2", "timestamp": "2026-02-23T00:49:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.hujson index a47a227b..32bcb8f4 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_3 +// +// Grant: src=['*'] dst=['tag:server'] ip=['*'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_3", "timestamp": "2026-02-23T00:49:20Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.hujson index c4db4e14..ce5816f5 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_4 +// +// Grant: src=['*'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_4", "timestamp": "2026-02-23T00:49:37Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.hujson index 147ae7b4..d81f711d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_5 +// +// Grant: src=['*'] dst=['tag:server'] ip=['80-443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_5", "timestamp": "2026-02-23T00:49:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.hujson index 7dd5fe53..da7f83d8 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_6 +// +// Grant: src=['*'] dst=['tag:server'] ip=['22', '80', '443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_6", "timestamp": "2026-02-23T00:50:11Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.hujson index ea896910..6f0c83f6 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_7 +// +// Grant: src=['*'] dst=['tag:server'] ip=['*'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_7", "timestamp": "2026-02-23T00:50:27Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.hujson index 3b31e58e..f7b31995 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.hujson @@ -1,3 +1,10 @@ +// GRANT-P08_1 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:server'] ip=['80', '443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P08_1", "timestamp": "2026-02-23T00:50:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.hujson index 7400d268..73d7812c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.hujson @@ -1,3 +1,11 @@ +// GRANT-P08_2 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:server'] ip=['80', '443'] +// src=['*'] dst=['tag:server'] ip=['udp:53'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P08_2", "timestamp": "2026-02-23T00:51:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.hujson index 66afd33b..03e308b8 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P08_3 +// +// Grant: src=['group:empty'] dst=['*'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P08_3", "timestamp": "2026-02-23T00:51:25Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.hujson index 4fd8c45a..e74a5b0b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.hujson @@ -1,3 +1,11 @@ +// GRANT-P08_4 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:server'] ip=['80'] +// src=['tag:client'] dst=['tag:server'] ip=['443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P08_4", "timestamp": "2026-02-23T00:51:42Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.hujson index 8ce797c3..6a5b168f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.hujson @@ -1,3 +1,11 @@ +// GRANT-P08_5 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:prod'] dst=['tag:server'] ip=['22'] +// src=['tag:router'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P08_5", "timestamp": "2026-02-23T00:51:58Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.hujson index fa78c8c1..dfcd289c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.hujson @@ -1,3 +1,10 @@ +// GRANT-P08_6 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['*'] dst=['tag:server'] ip=['80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P08_6", "timestamp": "2026-02-23T00:52:14Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.hujson index f80213dc..31f300e0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.hujson @@ -1,3 +1,10 @@ +// GRANT-P08_7 +// +// Grants: +// src=['*'] dst=['*'] ip=['*'] +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P08_7", "timestamp": "2026-02-23T00:52:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.hujson index fd8bf7ba..cf8f64e0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.hujson @@ -1,3 +1,8 @@ +// GRANT-P08_8 +// +// Grant: src=['*'] dst=['10.0.0.0/8'] ip=['22'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P08_8", "timestamp": "2026-02-23T00:52:47Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.hujson index 65c274a8..322a75b2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_10A +// +// Grants: +// src=['autogroup:member'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['group:admins'] ip=['80'] +// +// Expected: Rules on tagged-server, user1 { "test_id": "GRANT-P09_10A", "timestamp": "2026-02-23T00:53:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.hujson index 022d2ffc..fd1b6bc9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_10B +// +// Grants: +// src=['group:admins'] dst=['*'] ip=['*'] +// src=['autogroup:tagged'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_10B", "timestamp": "2026-02-23T00:53:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.hujson index 6c36ebc0..0d465430 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.hujson @@ -1,3 +1,11 @@ +// GRANT-P09_10C +// +// Grants: +// src=['*'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:server'] ip=['80'] +// src=['autogroup:member'] dst=['tag:server'] ip=['443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_10C", "timestamp": "2026-02-23T00:53:35Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.hujson index 26bc9a5d..bd6a7240 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_10D +// +// Grants: +// src=['tag:client', 'tag:prod'] dst=['tag:server'] ip=['22'] +// src=['autogroup:member', 'group:admins'] dst=['tag:router'] ip=['5432'] +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "GRANT-P09_10D", "timestamp": "2026-02-23T00:53:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.hujson index 663365bf..b9ed5ec1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_11A +// +// Grant: src=['autogroup:member', 'tag:client'] dst=['tag:server'] ip=['22', '80', '443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_11A", "timestamp": "2026-02-23T00:54:08Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.hujson index 9fd6b7b7..3a1dba6d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_11B +// +// Grant: src=['group:admins', 'webserver'] dst=['tag:server'] ip=['80-443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_11B", "timestamp": "2026-02-23T00:54:24Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.hujson index 9b2cbb45..a55e663b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_11C_NAIVE +// +// Grant: src=['tag:client', 'tag:prod'] dst=['tag:server', 'tag:router'] ip=['22', '80-443', '5432', '3306'] +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "GRANT-P09_11C_NAIVE", "timestamp": "2026-02-23T00:54:41Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.hujson index 4543e9ba..36eaf9da 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_11D +// +// Grant: src=['autogroup:tagged', 'autogroup:member'] dst=['tag:server', 'tag:router'] ip=['*', '5432'] +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "GRANT-P09_11D", "timestamp": "2026-02-23T00:54:57Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.hujson index d0902b0b..2d8ac6cf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_12A +// +// Grant: src=['internal', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_12A", "timestamp": "2026-02-23T00:55:13Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.hujson index 3266838d..a0170994 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_12B +// +// Grant: src=['tag:client'] dst=['internal', 'tag:server'] ip=['22', '80'] +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "GRANT-P09_12B", "timestamp": "2026-02-23T00:55:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.hujson index 047b073e..e77a2614 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13A +// +// Grant: src=['*'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13A", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.hujson index f215741a..40bb1ddd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13B +// +// Grant: src=['*'] dst=['autogroup:self'] ip=['22'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13B", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.hujson index 30c256ec..e0104fb7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13C +// +// Grant: src=['*'] dst=['autogroup:self'] ip=['22', '80', '443'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13C", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.hujson index 17115378..a8ffb71c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13D +// +// Grant: src=['*'] dst=['autogroup:self'] ip=['80-443'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13D", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.hujson index f7bb237a..8e308bfa 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13E +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-P09_13E", "timestamp": "2026-02-23T00:55:47Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.hujson index d8fd5fe7..b3401e75 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13F +// +// Grant: src=['kratail2tid@passkey'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P09_13F", "timestamp": "2026-02-23T00:56:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.hujson index f25ad7c7..4dd17f40 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13G +// +// Grant: src=['group:admins'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P09_13G", "timestamp": "2026-02-23T00:56:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.hujson index 421964f1..dae9f5ab 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_13H_CORRECT +// +// Grants: +// src=['*'] dst=['autogroup:self'] ip=['*'] +// src=['*'] dst=['tag:server'] ip=['22'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13H_CORRECT", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.hujson index 94cdafdd..acab45d3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13H_NAIVE +// +// Grant: src=['*'] dst=['autogroup:self', 'tag:server'] ip=['*', '22'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13H_NAIVE", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.hujson index 62010f95..a59f6bb8 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14A +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:server'] ip=['80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_14A", "timestamp": "2026-02-23T00:56:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.hujson index 6c07faa2..56ccb8bb 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14B +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:prod'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_14B", "timestamp": "2026-02-23T00:56:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.hujson index 8bb14cdd..6e56d55f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14C +// +// Grants: +// src=['*'] dst=['*'] ip=['*'] +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_14C", "timestamp": "2026-02-23T00:57:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.hujson index f4d97a7a..33fecbe0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.hujson @@ -1,3 +1,11 @@ +// GRANT-P09_14D +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:prod'] dst=['tag:server'] ip=['80'] +// src=['tag:router'] dst=['tag:server'] ip=['443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_14D", "timestamp": "2026-02-23T00:57:25Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.hujson index b7a3b3a1..b7ff46bd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.hujson @@ -1,3 +1,11 @@ +// GRANT-P09_14E +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:prod'] ip=['5432'] +// src=['tag:client'] dst=['tag:router'] ip=['80'] +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server { "test_id": "GRANT-P09_14E", "timestamp": "2026-02-23T00:57:41Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.hujson index d15c2b15..b80b30cf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14F +// +// Grants: +// src=['autogroup:tagged'] dst=['*'] ip=['*'] +// src=['autogroup:member'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_14F", "timestamp": "2026-02-23T00:57:57Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.hujson index 9ee4b399..d403dbe2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14G +// +// Grants: +// src=['autogroup:member', 'group:admins', 'kratail2tid@passkey'] dst=['tag:server'] ip=['22'] +// src=['tag:server', 'webserver', '100.108.74.26'] dst=['group:admins'] ip=['80'] +// +// Expected: Rules on tagged-server, user1 { "test_id": "GRANT-P09_14G", "timestamp": "2026-02-23T00:58:14Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.hujson index 9e6f5264..890cac76 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14H +// +// Grants: +// src=['tag:client'] dst=['*'] ip=['*'] +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_14H", "timestamp": "2026-02-23T00:58:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.hujson index 7a892023..bfd63ae1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.hujson @@ -1,3 +1,11 @@ +// GRANT-P09_14I +// +// Grants: +// src=['*'] dst=['tag:server'] ip=['22'] +// src=['*'] dst=['tag:prod'] ip=['5432'] +// src=['*'] dst=['*'] ip=['80'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_14I", "timestamp": "2026-02-23T00:58:46Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.hujson index 3f81a47a..ec7c627b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_1A +// +// Grant: src=['autogroup:member', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_1A", "timestamp": "2026-02-23T00:59:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.hujson index 8036ad2b..29c365e0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_1B +// +// Grant: src=['autogroup:tagged', 'autogroup:member'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_1B", "timestamp": "2026-02-23T00:59:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.hujson index 9f3f4715..d24b1137 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_1C +// +// Grant: src=['group:admins', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_1C", "timestamp": "2026-02-23T00:59:35Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.hujson index 38aa290e..9db2c8bd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_1D +// +// Grant: src=['kratail2tid@passkey', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_1D", "timestamp": "2026-02-23T00:59:51Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.hujson index fc9f43d7..71811b39 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_1E +// +// Grant: src=['100.90.199.68', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_1E", "timestamp": "2026-02-23T01:00:07Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.hujson index 9f654e76..ed7b7cb5 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_2A_CORRECT +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:prod'] ip=['5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P09_2A_CORRECT", "timestamp": "2026-02-23T01:00:24Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.hujson index 11ae75a1..3c34fcb0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_2A_NAIVE +// +// Grant: src=['tag:client'] dst=['tag:server', 'tag:prod'] ip=['22', '5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P09_2A_NAIVE", "timestamp": "2026-02-23T01:00:40Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.hujson index fa1e143c..16824ba7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_2B_CORRECT +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['webserver'] ip=['80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_2B_CORRECT", "timestamp": "2026-02-23T01:00:56Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.hujson index ebbe1c1f..a04860b2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_2B_NAIVE +// +// Grant: src=['tag:client'] dst=['tag:server', 'webserver'] ip=['22', '80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_2B_NAIVE", "timestamp": "2026-02-23T01:01:12Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.hujson index 04925427..d3b85e0e 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_2C +// +// Grant: src=['tag:client'] dst=['webserver', 'prodbox'] ip=['22', '5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P09_2C", "timestamp": "2026-02-23T01:01:29Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.hujson index ec43dbb7..ee98c3e7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_3A +// +// Grant: src=['tag:server', 'webserver'] dst=['tag:client'] ip=['22'] +// +// Expected: Rules on tagged-client { "test_id": "GRANT-P09_3A", "timestamp": "2026-02-23T01:01:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.hujson index 99fe507f..f45537d9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_3B +// +// Grant: src=['autogroup:member', 'kratail2tid@passkey', 'group:admins'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_3B", "timestamp": "2026-02-23T01:02:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.hujson index 3abc2559..20b96ae7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_3C +// +// Grant: src=['tag:client'] dst=['tag:server', 'webserver'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_3C", "timestamp": "2026-02-23T01:02:18Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.hujson index d233145f..fc34e880 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4A +// +// Grant: src=['autogroup:member'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_4A", "timestamp": "2026-02-23T01:02:35Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.hujson index 3268d4b5..332bd490 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4B +// +// Grant: src=['autogroup:tagged'] dst=['kratail2tid@passkey'] ip=['22'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P09_4B", "timestamp": "2026-02-23T01:02:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.hujson index df9f2cc1..4c0e12c4 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4C +// +// Grant: src=['group:admins'] dst=['webserver'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_4C", "timestamp": "2026-02-23T01:03:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.hujson index 3800b23c..f2e2a26d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4D +// +// Grant: src=['webserver'] dst=['group:admins'] ip=['22'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P09_4D", "timestamp": "2026-02-23T01:03:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.hujson index 324cc166..0d27813d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4E +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-P09_4E", "timestamp": "2026-02-23T01:03:42Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.hujson index 9821d6dc..3be008ef 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4F +// +// Grant: src=['100.90.199.68'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_4F", "timestamp": "2026-02-23T01:03:58Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.hujson index 0412bec6..3a39ebaf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4G +// +// Grant: src=['tag:client'] dst=['100.108.74.26'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_4G", "timestamp": "2026-02-23T01:04:15Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.hujson index ffb9160a..ee9f1fa2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_5A +// +// Grant: src=['tag:client', 'tag:prod'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_5A", "timestamp": "2026-02-23T01:04:32Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.hujson index 472ca412..972d5d3f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_5B +// +// Grant: src=['tag:prod', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_5B", "timestamp": "2026-02-23T01:04:49Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.hujson index 91ba3fef..b77643a3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_5C_NAIVE +// +// Grant: src=['tag:client'] dst=['tag:server', 'tag:prod'] ip=['22', '80'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P09_5C_NAIVE", "timestamp": "2026-02-23T01:05:06Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.hujson index 46db3802..6837efac 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_6A +// +// Grant: src=['*'] dst=['webserver', 'prodbox'] ip=['22', '5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P09_6A", "timestamp": "2026-02-23T01:05:22Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.hujson index 44ca7696..442e99fb 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_6B +// +// Grant: src=['group:empty'] dst=['tag:server'] ip=['22'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P09_6B", "timestamp": "2026-02-23T01:05:39Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.hujson index 99f8de51..7b7287ac 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_6C +// +// Grant: src=['internal'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_6C", "timestamp": "2026-02-23T01:05:56Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.hujson index a1b8cd3c..8647b546 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_6D +// +// Grant: src=['tag:client'] dst=['internal'] ip=['22'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P09_6D", "timestamp": "2026-02-23T01:06:13Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.hujson index 65de3f4e..3ee575f4 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_7A +// +// Grant: src=['*', 'autogroup:member', 'autogroup:tagged', 'group:admins', 'tag:client', 'webserver', '100.90.199.68'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_7A", "timestamp": "2026-02-23T01:06:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.hujson index e4a7e26d..c1adef93 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_7B_NAIVE +// +// Grant: src=['tag:client'] dst=['tag:server', 'tag:prod', 'webserver', 'prodbox', 'group:admins', 'kratail2tid@passkey', '100.108.74.26'] ip=['22', '5432', '80', '443', '8080', '3000', '9000'] +// +// Expected: Rules on tagged-prod, tagged-server, user1 { "test_id": "GRANT-P09_7B_NAIVE", "timestamp": "2026-02-23T01:06:47Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.hujson index 4296bfb7..e629abb9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_7C +// +// Grant: src=['autogroup:member', 'autogroup:tagged', 'group:admins', 'group:developers', 'kratail2tid@passkey', 'tag:client', 'tag:prod', 'tag:router', 'webserver', 'prodbox'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_7C", "timestamp": "2026-02-23T01:07:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.hujson index ad806cdc..b3247fba 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_7D_NAIVE +// +// Grant: src=['*'] dst=['tag:server', 'tag:prod', 'tag:client', 'tag:router', 'webserver', 'prodbox'] ip=['22', '80', '443', '5432', '3306', '8080'] +// +// Expected: Rules on subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "GRANT-P09_7D_NAIVE", "timestamp": "2026-02-23T01:07:20Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.hujson index 0f37e367..02f2bfa6 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_8A +// +// Grant: src=['autogroup:member', 'group:admins', 'group:developers', 'kratail2tid@passkey', '100.90.199.68'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_8A", "timestamp": "2026-02-23T01:07:38Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.hujson index 4409621e..1a1bb679 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_8B +// +// Grant: src=['tag:server', 'webserver', '100.108.74.26'] dst=['tag:client'] ip=['22'] +// +// Expected: Rules on tagged-client { "test_id": "GRANT-P09_8B", "timestamp": "2026-02-23T01:07:54Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.hujson index 82cb1e90..b9fb5f2b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_8C +// +// Grant: src=['tag:client'] dst=['tag:server', 'webserver', '100.108.74.26'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_8C", "timestamp": "2026-02-23T01:08:11Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.hujson index 8bf01306..fd0eafe0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_9A +// +// Grant: src=['tag:server', 'tag:client', 'tag:prod', 'tag:router'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_9A", "timestamp": "2026-02-23T01:08:28Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.hujson index 017dc390..4c3f7a37 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_9B +// +// Grant: src=['*'] dst=['tag:server', 'tag:client', 'tag:prod', 'tag:router'] ip=['22'] +// +// Expected: Rules on subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "GRANT-P09_9B", "timestamp": "2026-02-23T01:08:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.hujson index c04be363..948408cf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_9C +// +// Grant: src=['autogroup:member', 'autogroup:tagged'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_9C", "timestamp": "2026-02-23T01:09:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.hujson index 15eaa859..f189cda5 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P10_1 +// +// Grant: src=['*'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P10_1", "timestamp": "2026-02-23T01:09:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.hujson index be277a9a..9cf6d5e6 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P10_2 +// +// Grant: src=['tag:router'] dst=['tag:router'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P10_2", "timestamp": "2026-02-23T01:09:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.hujson index 1090c1f4..de225cd9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P10_3 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P10_3", "timestamp": "2026-02-23T01:09:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.hujson index a864c904..833d18bd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P10_4 +// +// Grant: src=['autogroup:member'] dst=['10.33.0.0/16'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P10_4", "timestamp": "2026-02-23T01:10:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.hujson index 9d682987..0377eedf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P11_1 +// +// Grant: src=['*'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P11_1", "timestamp": "2026-02-23T01:10:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.hujson index 361157ee..9383a413 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P11_2 +// +// Grant: src=['tag:exit'] dst=['tag:exit'] ip=['*'] +// +// Expected: Rules on exit-node { "test_id": "GRANT-P11_2", "timestamp": "2026-02-23T01:10:43Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.hujson index e3be84f8..90fcdaec 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P11_3 +// +// Grant: src=['autogroup:member'] dst=['autogroup:internet'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P11_3", "timestamp": "2026-02-23T01:11:00Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.hujson index a9853249..b25ad760 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P13_1 +// +// Grant: src=['autogroup:member'] dst=['10.33.0.0/16'] ip=['22'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P13_1", "timestamp": "2026-02-23T01:11:17Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.hujson index 5ed7a60b..60614ac1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P13_2 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] ip=['80-443'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P13_2", "timestamp": "2026-02-23T01:11:34Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.hujson index 12a9f94e..d3810bbe 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P13_3 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] ip=['22', '80', '443'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P13_3", "timestamp": "2026-02-23T01:11:50Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.hujson index 7b24e60e..75eea7e4 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P13_4 +// +// Grant: src=['10.33.0.0/16'] dst=['autogroup:member'] ip=['*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-P13_4", "timestamp": "2026-02-23T01:12:07Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.hujson index 49a66270..f5d18333 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_1 +// +// Grant: src=['autogroup:member'] dst=['10.33.1.0/24'] ip=['22'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P15_1", "timestamp": "2026-02-23T01:12:24Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.hujson index 9baf31ee..3ba8a535 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_2 +// +// Grant: src=['autogroup:member'] dst=['10.1.0.0/16'] ip=['22'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P15_2", "timestamp": "2026-02-23T01:12:41Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.hujson index 7dd00200..bd5a02dd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_3 +// +// Grant: src=['autogroup:member'] dst=['10.32.0.0/14'] ip=['22'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P15_3", "timestamp": "2026-02-23T01:12:57Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.hujson index 6d9ba03d..435e4dcd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_4 +// +// Grant: src=['autogroup:member'] dst=['8.8.8.0/24'] ip=['53'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P15_4", "timestamp": "2026-02-23T01:13:14Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.hujson index defa3543..5ea036aa 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_5 +// +// Grant: src=['autogroup:member'] dst=['10.32.0.100/32'] ip=['80'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P15_5", "timestamp": "2026-02-23T01:13:31Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.hujson index 625d6f4a..4bf25f56 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_6 +// +// Grant: src=['autogroup:member'] dst=['fd00:1::/64'] ip=['443'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P15_6", "timestamp": "2026-02-23T01:13:48Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V01.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V01.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V01.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V01.hujson index c467cb5e..845fc0f2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V01.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V01.hujson @@ -1,3 +1,8 @@ +// GRANT-V01 +// +// Grant: src=['*'] dst=['autogroup:internet'] app={example.com/cap/internet-access} +// +// Expected: Error (HTTP 400) — cannot use app grants with autogroup:internet { "test_id": "GRANT-V01", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V02.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V02.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V02.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V02.hujson index b55ac114..e2c4129f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V02.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V02.hujson @@ -1,3 +1,8 @@ +// GRANT-V02 +// +// Grant: src=['*'] dst=['tag:exit'] app={example.com/cap/exit-control} +// +// Expected: Rules on exit-node { "test_id": "GRANT-V02", "timestamp": "2026-02-23T15:39:40Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V03.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V03.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V03.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V03.hujson index b1cb7c50..3c9200ba 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V03.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V03.hujson @@ -1,3 +1,8 @@ +// GRANT-V03 +// +// Grant: src=['*'] dst=['tag:router'] app={example.com/cap/router-admin} +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V03", "timestamp": "2026-02-23T15:39:49Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V04.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V04.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V04.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V04.hujson index 20cfefc5..ce4f822c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V04.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V04.hujson @@ -1,3 +1,8 @@ +// GRANT-V04 +// +// Grant: src=['*'] dst=['0.0.0.0/0'] app={example.com/cap/global-access} +// +// Expected: Error (HTTP 400) — dst "0.0.0.0/0": to allow all IP addresses, use "*" or "autogroup:internet" { "test_id": "GRANT-V04", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V05.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V05.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V05.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V05.hujson index 429dd519..2c668c71 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V05.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V05.hujson @@ -1,3 +1,8 @@ +// GRANT-V05 +// +// Grant: src=['*'] dst=['::/0'] app={example.com/cap/global-v6} +// +// Expected: Error (HTTP 400) — dst "::/0": to allow all IP addresses, use "*" or "autogroup:internet" { "test_id": "GRANT-V05", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V06.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V06.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V06.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V06.hujson index 1acada16..1912e3be 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V06.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V06.hujson @@ -1,3 +1,8 @@ +// GRANT-V06 +// +// Grant: src=['*'] dst=['tag:server', 'tag:exit'] app={example.com/cap/multi-dst} +// +// Expected: Rules on exit-node, tagged-server { "test_id": "GRANT-V06", "timestamp": "2026-02-23T15:39:59Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V07.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V07.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V07.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V07.hujson index 824fc4f1..a8fe6464 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V07.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V07.hujson @@ -1,3 +1,8 @@ +// GRANT-V07 +// +// Grant: src=['*'] dst=['autogroup:internet'] ip=['tcp:443'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V07", "timestamp": "2026-02-23T15:40:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V08.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V08.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V08.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V08.hujson index e844c3e2..e0dcda8a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V08.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V08.hujson @@ -1,3 +1,8 @@ +// GRANT-V08 +// +// Grant: src=['*'] dst=['0.0.0.0/0'] ip=['tcp:80', 'tcp:443'] +// +// Expected: Error (HTTP 400) — dst "0.0.0.0/0": to allow all IP addresses, use "*" or "autogroup:internet" { "test_id": "GRANT-V08", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V09.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V09.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V09.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V09.hujson index 192301f9..700a2127 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V09.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V09.hujson @@ -1,3 +1,8 @@ +// GRANT-V09 +// +// Grant: src=['*'] dst=['tag:exit'] ip=['tcp:443'] app={example.com/cap/exit-mixed} +// +// Expected: Rules on exit-node { "test_id": "GRANT-V09", "timestamp": "2026-02-23T15:40:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V10.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V10.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V10.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V10.hujson index bd6a9325..19b9b7cf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V10.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V10.hujson @@ -1,3 +1,8 @@ +// GRANT-V10 +// +// Grant: src=['*'] dst=['tag:router'] ip=['tcp:80'] app={example.com/cap/router-mixed} +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V10", "timestamp": "2026-02-23T15:40:28Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V11.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V11.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V11.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V11.hujson index ec8c9ab3..9d74ff03 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V11.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V11.hujson @@ -1,3 +1,8 @@ +// GRANT-V11 +// +// Grant: src=['tag:client'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V11", "timestamp": "2026-02-23T15:40:38Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V12.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V12.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V12.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V12.hujson index 7ad4c51b..07450de7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V12.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V12.hujson @@ -1,3 +1,8 @@ +// GRANT-V12 +// +// Grant: src=['autogroup:member'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V12", "timestamp": "2026-02-23T15:40:48Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V13.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V13.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V13.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V13.hujson index 85e0d058..f45facd3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V13.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V13.hujson @@ -1,3 +1,8 @@ +// GRANT-V13 +// +// Grant: src=['group:developers'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['tcp:80', 'tcp:443'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V13", "timestamp": "2026-02-23T15:40:58Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V14.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V14.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V14.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V14.hujson index ab02ea1e..bce483a1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V14.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V14.hujson @@ -1,3 +1,8 @@ +// GRANT-V14 +// +// Grant: src=['tag:client'] dst=['autogroup:internet'] via=['tag:exit'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V14", "timestamp": "2026-03-28T11:50:41Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V15.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V15.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V15.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V15.hujson index ce5e72c9..3315b70b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V15.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V15.hujson @@ -1,3 +1,8 @@ +// GRANT-V15 +// +// Grant: src=['*'] dst=['autogroup:internet'] via=['tag:exit'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V15", "timestamp": "2026-03-28T11:50:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V16.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V16.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V16.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V16.hujson index f9d076d0..01b8592a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V16.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V16.hujson @@ -1,3 +1,8 @@ +// GRANT-V16 +// +// Grant: src=['tag:client', 'autogroup:member'] dst=['autogroup:internet'] via=['tag:exit'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V16", "timestamp": "2026-03-28T11:51:10Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V17.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V17.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V17.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V17.hujson index 4751548c..02e82863 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V17.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V17.hujson @@ -1,3 +1,8 @@ +// GRANT-V17 +// +// Grant: src=['*'] dst=['10.33.0.0/16', '192.168.1.0/24'] via=['tag:router'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V17", "timestamp": "2026-02-23T15:41:15Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V18.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V18.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V18.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V18.hujson index 0e222d91..2b0d9792 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V18.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V18.hujson @@ -1,3 +1,8 @@ +// GRANT-V18 +// +// Grant: src=['*'] dst=['0.0.0.0/0'] via=['tag:exit'] app={example.com/cap/exit-via-app} +// +// Expected: Error (HTTP 400) — dst "0.0.0.0/0": to allow all IP addresses, use "*" or "autogroup:internet" { "test_id": "GRANT-V18", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V19.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V19.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V19.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V19.hujson index 65224277..264763a7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V19.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V19.hujson @@ -1,3 +1,8 @@ +// GRANT-V19 +// +// Grant: src=['autogroup:member'] dst=['tag:exit'] app={tailscale.com/cap/drive} +// +// Expected: Rules on exit-node, user-kris, user-mon, user1 { "test_id": "GRANT-V19", "timestamp": "2026-02-23T15:41:24Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V20.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V20.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V20.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V20.hujson index cc7f9ed1..e480bb6d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V20.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V20.hujson @@ -1,3 +1,8 @@ +// GRANT-V20 +// +// Grant: src=['autogroup:member'] dst=['tag:router'] app={tailscale.com/cap/kubernetes} +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V20", "timestamp": "2026-02-23T15:41:34Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V21.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V21.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V21.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V21.hujson index 1842269f..97096eed 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V21.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V21.hujson @@ -1,3 +1,8 @@ +// GRANT-V21 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router', 'tag:exit'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V21", "timestamp": "2026-02-23T15:41:43Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V22.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V22.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V22.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V22.hujson index 6dd281d7..a2221d57 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V22.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V22.hujson @@ -1,3 +1,8 @@ +// GRANT-V22 +// +// Grant: src=['autogroup:member'] dst=['autogroup:internet'] ip=['tcp:443'] app={example.com/cap/internet-mixed} +// +// Expected: Error (HTTP 400) — cannot use app grants with autogroup:internet { "test_id": "GRANT-V22", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V23.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V23.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V23.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V23.hujson index 802888d3..94ed9506 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V23.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V23.hujson @@ -1,3 +1,8 @@ +// GRANT-V23 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['tcp:22', 'tcp:80', 'tcp:443'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V23", "timestamp": "2026-02-23T15:41:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V24.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V24.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V24.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V24.hujson index 59ded751..12fbcf63 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V24.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V24.hujson @@ -1,3 +1,8 @@ +// GRANT-V24 +// +// Grant: src=['tag:server'] dst=['autogroup:self'] app={example.com/cap/self-cap} +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-V24", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V25.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V25.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V25.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V25.hujson index d0fc2e43..c1e5ce7d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V25.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V25.hujson @@ -1,3 +1,8 @@ +// GRANT-V25 +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] app={example.com/cap/self-test} +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-V25", "timestamp": "2026-02-23T15:42:04Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V26.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V26.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V26.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V26.hujson index c37975a8..1a928378 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V26.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V26.hujson @@ -1,3 +1,8 @@ +// GRANT-V26 +// +// Grant: src=['tag:group-a'] dst=['autogroup:internet'] via=['tag:exit-a'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V26", "timestamp": "2026-03-28T11:51:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V27.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V27.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V27.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V27.hujson index 70307334..93ad3032 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V27.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V27.hujson @@ -1,3 +1,8 @@ +// GRANT-V27 +// +// Grant: src=['autogroup:member'] dst=['autogroup:internet'] via=['tag:exit'] ip=['tcp:443'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V27", "timestamp": "2026-03-28T11:51:38Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V28.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V28.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V28.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V28.hujson index e7aa2639..1f363881 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V28.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V28.hujson @@ -1,3 +1,10 @@ +// GRANT-V28 +// +// Grants: +// src=['tag:group-a'] dst=['autogroup:internet'] via=['tag:exit-a'] ip=['*'] +// src=['tag:group-b'] dst=['autogroup:internet'] via=['tag:exit-b'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V28", "timestamp": "2026-03-28T11:51:51Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V29.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V29.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V29.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V29.hujson index 678016a7..c252c26e 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V29.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V29.hujson @@ -1,3 +1,15 @@ +// GRANT-V29 +// +// WARNING: This file is consumed by TWO tests: +// 1. TestGrantsCompat (hscontrol/policy/v2/) — compares packet_filter_rules +// 2. TestViaGrantMapCompat (hscontrol/servertest/) — compares netmap structure +// Do NOT remove the 'netmap' field — it is required by TestViaGrantMapCompat. +// +// Grants: +// src=['tag:group-a'] dst=['10.44.0.0/16'] via=['tag:router-a'] ip=['*'] +// src=['tag:group-b'] dst=['10.55.0.0/16'] via=['tag:router-b'] ip=['*'] +// +// Expected: Rules on router-a, router-b { "test_id": "GRANT-V29", "timestamp": "2026-03-28T11:52:05Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V30.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V30.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V30.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V30.hujson index 6d51c6c6..3070d69a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V30.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V30.hujson @@ -1,3 +1,17 @@ +// GRANT-V30 +// +// WARNING: This file is consumed by TWO tests: +// 1. TestGrantsCompat (hscontrol/policy/v2/) — compares packet_filter_rules +// 2. TestViaGrantMapCompat (hscontrol/servertest/) — compares netmap structure +// Do NOT remove the 'netmap' field — it is required by TestViaGrantMapCompat. +// +// Grants: +// src=['tag:group-a'] dst=['10.44.0.0/16'] via=['tag:router-a'] ip=['*'] +// src=['tag:group-a'] dst=['autogroup:internet'] via=['tag:exit-b'] ip=['*'] +// src=['tag:group-b'] dst=['10.55.0.0/16'] via=['tag:router-b'] ip=['*'] +// src=['tag:group-b'] dst=['autogroup:internet'] via=['tag:exit-a'] ip=['*'] +// +// Expected: Rules on router-a, router-b { "test_id": "GRANT-V30", "timestamp": "2026-03-28T11:52:18Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V31.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V31.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V31.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V31.hujson index bc5e57e0..8350c5b3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V31.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V31.hujson @@ -1,3 +1,16 @@ +// GRANT-V31 +// +// WARNING: This file is consumed by TWO tests: +// 1. TestGrantsCompat (hscontrol/policy/v2/) — compares packet_filter_rules +// 2. TestViaGrantMapCompat (hscontrol/servertest/) — compares netmap structure +// Do NOT remove the 'netmap' field — it is required by TestViaGrantMapCompat. +// +// Grants: +// src=['tag:exit-a', 'tag:exit-b', 'tag:group-a', 'tag:group-b'] dst=['tag:exit-a', 'tag:exit-b', 'tag:group-a', 'tag:group-b'] ip=['*'] +// src=['tag:group-a'] dst=['autogroup:internet'] via=['tag:exit-a'] ip=['*'] +// src=['tag:group-b'] dst=['autogroup:internet'] via=['tag:exit-b'] ip=['*'] +// +// Expected: Rules on exit-a, exit-b, group-a-client, group-b-client { "test_id": "GRANT-V31", "timestamp": "2026-03-28T11:52:34Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V32.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V32.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V32.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V32.hujson index fe187325..e7048e39 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V32.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V32.hujson @@ -1,3 +1,10 @@ +// GRANT-V32 +// +// Grants: +// src=['tag:client'] dst=['autogroup:internet'] via=['tag:exit'] ip=['*'] +// src=['autogroup:member'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-V32", "timestamp": "2026-03-28T11:52:50Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V33.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V33.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V33.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V33.hujson index 3b4fe5a3..db29215a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V33.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V33.hujson @@ -1,3 +1,10 @@ +// GRANT-V33 +// +// Grants: +// src=['tag:client'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['*'] +// src=['tag:client'] dst=['autogroup:internet'] via=['tag:exit'] ip=['*'] +// +// Expected: Rules on multi-exit-router, subnet-router { "test_id": "GRANT-V33", "timestamp": "2026-03-28T11:53:04Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V34.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V34.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V34.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V34.hujson index 9f6a1e5a..0c702ece 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V34.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V34.hujson @@ -1,3 +1,8 @@ +// GRANT-V34 +// +// Grant: src=['*'] dst=['autogroup:internet'] via=['tag:exit-a', 'tag:exit-b'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V34", "timestamp": "2026-03-28T11:53:16Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V35.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V35.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V35.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V35.hujson index b41f7531..caa225be 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V35.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V35.hujson @@ -1,3 +1,8 @@ +// GRANT-V35 +// +// Grant: src=['tag:client'] dst=['10.99.0.0/16'] via=['tag:router'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V35", "timestamp": "2026-03-28T11:53:31Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V36.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V36.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V36.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V36.hujson index 7972d1ec..041605c1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V36.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V36.hujson @@ -1,3 +1,18 @@ +// GRANT-V36 +// +// WARNING: This file is consumed by TWO tests: +// 1. TestGrantsCompat (hscontrol/policy/v2/) — compares packet_filter_rules +// 2. TestViaGrantMapCompat (hscontrol/servertest/) — compares netmap structure +// Do NOT remove the 'netmap' field — it is required by TestViaGrantMapCompat. +// +// Grants: +// src=['tag:group-a', 'tag:group-b', 'tag:exit-a', 'tag:exit-b', 'tag:router-a', 'tag:router-b'] dst=['tag:group-a', 'tag:group-b', 'tag:exit-a', 'tag:exit-b', 'tag:router-a', 'tag:router-b'] ip=['*'] +// src=['tag:group-a'] dst=['10.44.0.0/16'] via=['tag:router-a'] ip=['*'] +// src=['tag:group-b'] dst=['10.55.0.0/16'] via=['tag:router-b'] ip=['*'] +// src=['tag:group-a'] dst=['autogroup:internet'] via=['tag:exit-b'] ip=['*'] +// src=['tag:group-b'] dst=['autogroup:internet'] via=['tag:exit-a'] ip=['*'] +// +// Expected: Rules on 6 nodes { "test_id": "GRANT-V36", "timestamp": "2026-03-28T11:53:44Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.hujson index 75475d5f..0c8cd603 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.hujson @@ -1,3 +1,10 @@ +// ROUTES-a1_wildcard_acl_includes_routes_in_srcips +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-a1_wildcard_acl_includes_routes_in_srcips", "timestamp": "2026-03-17T16:13:48Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.hujson index 49552317..ecb5f7ec 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-a2_tag_based_acl_excludes_routes +// +// ACL: accept: src=['tag:router'] dst=['tag:router:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-a2_tag_based_acl_excludes_routes", "timestamp": "2026-03-17T16:13:59Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.hujson index 50d19b0e..348fcfb2 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.hujson @@ -1,3 +1,10 @@ +// ROUTES-a3_explicit_subnet_filter_to_router +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-a3_explicit_subnet_filter_to_router", "timestamp": "2026-03-17T16:14:20Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.hujson index 1dfec777..7854c89b 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-a3b_autogroup_member_to_subnet +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-a3b_autogroup_member_to_subnet", "timestamp": "2026-03-17T16:14:10Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.hujson index 21740b1b..8a2071c5 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.hujson @@ -1,3 +1,10 @@ +// ROUTES-a4_multiple_routes_same_router +// +// ACL: accept: src=['*'] dst=['172.16.0.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 1 of 12 nodes { "test_id": "ROUTES-a4_multiple_routes_same_router", "timestamp": "2026-03-17T16:14:31Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.hujson index ebcb4786..427ef515 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-a5_host_alias_to_subnet +// +// ACL: accept: src=['*'] dst=['internal:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-a5_host_alias_to_subnet", "timestamp": "2026-03-17T16:14:41Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.hujson index 0a2fb9a4..3fc1a88c 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.hujson @@ -1,3 +1,10 @@ +// ROUTES-b10_exit_routes_not_in_primaryroutes +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b10_exit_routes_not_in_primaryroutes", "timestamp": "2026-03-17T16:14:52Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.hujson index c850a807..000754fb 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.hujson @@ -1,3 +1,10 @@ +// ROUTES-b1_exit_routes_not_in_srcips +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b1_exit_routes_not_in_srcips", "timestamp": "2026-03-17T16:15:03Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.hujson index f071ba25..d919fefd 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-b2_tag_exit_excludes_exit_routes +// +// ACL: accept: src=['tag:exit'] dst=['tag:exit:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-b2_tag_exit_excludes_exit_routes", "timestamp": "2026-03-17T16:15:13Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.hujson index a857caa2..ceb89c5f 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-b3_exit_node_advertises_routes +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b3_exit_node_advertises_routes", "timestamp": "2026-03-17T16:15:24Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.hujson index ef2c519b..602de1fc 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.hujson @@ -1,3 +1,10 @@ +// ROUTES-b4_multi_router_has_both_route_types +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b4_multi_router_has_both_route_types", "timestamp": "2026-03-17T16:15:35Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.hujson index e4bdee3d..8fd5eba9 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.hujson @@ -1,3 +1,10 @@ +// ROUTES-b5_exit_with_wildcard_dst +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b5_exit_with_wildcard_dst", "timestamp": "2026-03-17T16:15:45Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.hujson index d09f3079..b56a2b67 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.hujson @@ -1,3 +1,10 @@ +// ROUTES-b6_exit_node_option_field +// +// ACL: accept: src=['tag:exit'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b6_exit_node_option_field", "timestamp": "2026-03-17T16:15:56Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.hujson index 5588fcf4..6a04af57 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.hujson @@ -1,3 +1,10 @@ +// ROUTES-b7_multiple_exit_nodes +// +// ACL: accept: src=['tag:exit'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b7_multiple_exit_nodes", "timestamp": "2026-03-17T16:16:07Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.hujson index 24a18fbb..c822c632 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.hujson @@ -1,3 +1,10 @@ +// ROUTES-b8_autogroup_internet_no_filters +// +// ACL: accept: src=['autogroup:member'] dst=['autogroup:internet:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-b8_autogroup_internet_no_filters", "timestamp": "2026-03-17T16:16:17Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.hujson index 4c0dea3b..e0170774 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.hujson @@ -1,3 +1,10 @@ +// ROUTES-b9_exit_routes_in_allowedips +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b9_exit_routes_in_allowedips", "timestamp": "2026-03-17T16:16:28Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.hujson index a2631ae0..e85d53b7 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.hujson @@ -1,3 +1,10 @@ +// ROUTES-d10_auto_approval_retroactive +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:443'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d10_auto_approval_retroactive", "timestamp": "2026-03-17T16:16:38Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.hujson index 97e94456..ac998d2e 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.hujson @@ -1,3 +1,10 @@ +// ROUTES-d11_overlapping_auto_approvers +// +// ACL: accept: src=['*'] dst=['10.0.0.0/8:80'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d11_overlapping_auto_approvers", "timestamp": "2026-03-17T16:16:49Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.hujson index 6f70d274..57e2d153 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.hujson @@ -1,3 +1,10 @@ +// ROUTES-d1_basic_route_auto_approval +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d1_basic_route_auto_approval", "timestamp": "2026-03-17T16:17:00Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.hujson index 53b1e8c6..b6d08854 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.hujson @@ -1,3 +1,10 @@ +// ROUTES-d2_nested_prefix_approval +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d2_nested_prefix_approval", "timestamp": "2026-03-17T16:17:10Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.hujson index 04d41b79..3cd3c107 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.hujson @@ -1,3 +1,10 @@ +// ROUTES-d3_exact_prefix_approval +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d3_exact_prefix_approval", "timestamp": "2026-03-17T16:17:21Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.hujson index 22267774..dac6cb98 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.hujson @@ -1,3 +1,10 @@ +// ROUTES-d4_prefix_not_covered +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d4_prefix_not_covered", "timestamp": "2026-03-17T16:17:32Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.hujson index fd79becb..2c476859 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.hujson @@ -1,3 +1,10 @@ +// ROUTES-d5_wrong_tag_not_approved +// +// ACL: accept: src=['tag:router'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d5_wrong_tag_not_approved", "timestamp": "2026-03-17T16:17:42Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.hujson index 58117dca..73820b87 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.hujson @@ -1,3 +1,10 @@ +// ROUTES-d6_exit_node_auto_approval +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-d6_exit_node_auto_approval", "timestamp": "2026-03-17T16:17:53Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.hujson index 7a12b2f9..7b278826 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.hujson @@ -1,3 +1,10 @@ +// ROUTES-d7_exit_auto_approval_wrong_tag +// +// ACL: accept: src=['tag:exit'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-d7_exit_auto_approval_wrong_tag", "timestamp": "2026-03-17T16:18:04Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.hujson index 44f9adf8..fbea5e78 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.hujson @@ -1,3 +1,10 @@ +// ROUTES-d8_auto_approval_acl_interaction +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d8_auto_approval_acl_interaction", "timestamp": "2026-03-17T16:18:14Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.hujson index b0722e2d..097e7718 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.hujson @@ -1,3 +1,10 @@ +// ROUTES-d9_auto_approval_triggers_on_advertise +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d9_auto_approval_triggers_on_advertise", "timestamp": "2026-03-17T16:18:25Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.hujson index 2e84bb76..2dc8dece 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-e1_ha_two_routers_same_subnet +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-e1_ha_two_routers_same_subnet", "timestamp": "2026-03-17T16:18:36Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.hujson index 0247e9d3..8d4d5acc 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.hujson @@ -1,3 +1,10 @@ +// ROUTES-e2_ha_primary_in_allowedips +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-e2_ha_primary_in_allowedips", "timestamp": "2026-03-17T16:18:46Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.hujson index e711deb1..850f84f6 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.hujson @@ -1,3 +1,10 @@ +// ROUTES-e3_ha_secondary_no_route_in_allowedips +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-e3_ha_secondary_no_route_in_allowedips", "timestamp": "2026-03-17T16:18:57Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.hujson index 38b1c38c..cd150c6b 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.hujson @@ -1,3 +1,10 @@ +// ROUTES-e4_ha_both_get_filters_host_alias +// +// ACL: accept: src=['*'] dst=['subnet24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-e4_ha_both_get_filters_host_alias", "timestamp": "2026-03-17T16:19:07Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.hujson index 41babe10..c9ca7ed4 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.hujson @@ -1,3 +1,10 @@ +// ROUTES-e5_first_advertiser_is_primary +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-e5_first_advertiser_is_primary", "timestamp": "2026-03-17T16:19:18Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.hujson index 256237ec..4c624d5b 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.hujson @@ -1,3 +1,10 @@ +// ROUTES-f1_filter_on_destination_not_source +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-f1_filter_on_destination_not_source", "timestamp": "2026-03-17T16:19:29Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.hujson index 86abae9b..1273baa6 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.hujson @@ -1,3 +1,10 @@ +// ROUTES-f2_subnet_as_acl_source +// +// ACL: accept: src=['10.33.0.0/16'] dst=['autogroup:member:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-f2_subnet_as_acl_source", "timestamp": "2026-03-17T16:19:39Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.hujson index 8dd0abe6..d7079826 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.hujson @@ -1,3 +1,10 @@ +// ROUTES-f3_wildcard_src_specific_dst +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-f3_wildcard_src_specific_dst", "timestamp": "2026-03-17T16:19:50Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.hujson index b41010ff..2b4e9d41 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.hujson @@ -1,3 +1,10 @@ +// ROUTES-f4_specific_src_wildcard_dst +// +// ACL: accept: src=['tag:router'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-f4_specific_src_wildcard_dst", "timestamp": "2026-03-17T16:20:01Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.hujson index a3c55539..e431f2b4 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.hujson @@ -1,3 +1,12 @@ +// ROUTES-f5_bidirectional_subnet_access +// +// ACLs: +// accept: src=['autogroup:member'] dst=['10.33.0.0/16:*'] +// accept: src=['10.33.0.0/16'] dst=['autogroup:member:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 5 of 12 nodes { "test_id": "ROUTES-f5_bidirectional_subnet_access", "timestamp": "2026-03-17T16:20:11Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.hujson index f191ae3f..7474b734 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.hujson @@ -1,3 +1,10 @@ +// ROUTES-f6_filter_srcips_expansion +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-f6_filter_srcips_expansion", "timestamp": "2026-03-17T16:20:22Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.hujson index 18b4284b..4a27a624 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.hujson @@ -1,3 +1,10 @@ +// ROUTES-f7_filter_dstports_shows_acl_cidr +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-f7_filter_dstports_shows_acl_cidr", "timestamp": "2026-03-17T16:20:32Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.hujson index e8113746..a9443ded 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.hujson @@ -1,3 +1,10 @@ +// ROUTES-f8_route_enabled_acl_denies +// +// ACL: accept: src=['group:empty'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-f8_route_enabled_acl_denies", "timestamp": "2026-03-17T16:20:43Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.hujson index 7b495d45..29de123c 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.hujson @@ -1,3 +1,10 @@ +// ROUTES-f9_route_disabled_acl_allows +// +// ACL: accept: src=['*'] dst=['10.99.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 1 of 12 nodes { "test_id": "ROUTES-f9_route_disabled_acl_allows", "timestamp": "2026-03-17T16:20:54Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.hujson index f90f5f66..81e40dbd 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-g1_port_restriction_subnet +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g1_port_restriction_subnet", "timestamp": "2026-03-17T16:21:04Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.hujson index faf6e921..03a7108a 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-g2_port_range_subnet +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:80-443'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g2_port_range_subnet", "timestamp": "2026-03-17T16:21:15Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.hujson index 5fdc7fd9..493814a8 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-g3_multiple_ports_subnet +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22,80,443'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g3_multiple_ports_subnet", "timestamp": "2026-03-17T16:21:26Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.hujson index 0c50a85e..4f9a6bb0 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-g4_protocol_icmp_subnet +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*'] proto=icmp +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g4_protocol_icmp_subnet", "timestamp": "2026-03-17T16:21:36Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.hujson index 0ae337ce..ee34c4fe 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.hujson @@ -1,3 +1,10 @@ +// ROUTES-g5_protocol_tcp_only +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22'] proto=tcp +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g5_protocol_tcp_only", "timestamp": "2026-03-17T16:21:47Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.hujson index 6f74e2e6..a1903f10 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.hujson @@ -1,3 +1,10 @@ +// ROUTES-g6_protocol_udp_only +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:53'] proto=udp +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g6_protocol_udp_only", "timestamp": "2026-03-17T16:21:58Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.hujson index 13c1ade5..688913db 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.hujson @@ -1,3 +1,10 @@ +// ROUTES-g7_all_ports_wildcard +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g7_all_ports_wildcard", "timestamp": "2026-03-17T16:22:08Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.hujson index a02e66af..718ddeaa 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.hujson @@ -1,3 +1,10 @@ +// ROUTES-g8_default_ipproto +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g8_default_ipproto", "timestamp": "2026-03-17T16:22:19Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.hujson index 78ee84c8..0e05c9b5 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.hujson @@ -1,3 +1,10 @@ +// ROUTES-h10_very_small_prefix +// +// ACL: accept: src=['*'] dst=['10.33.0.100/32:80'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-h10_very_small_prefix", "timestamp": "2026-03-17T16:22:30Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.hujson index 35f45c1b..a1e68b81 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.hujson @@ -1,3 +1,10 @@ +// ROUTES-h11_ipv6_small_prefix +// +// ACL: accept: src=['*'] dst=['fd00::1/128:443'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-h11_ipv6_small_prefix", "timestamp": "2026-03-17T16:22:40Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.hujson index e602db12..4d520293 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.hujson @@ -1,3 +1,10 @@ +// ROUTES-h1_wildcard_srcips_format +// +// ACL: accept: src=['*'] dst=['tag:router:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-h1_wildcard_srcips_format", "timestamp": "2026-03-17T16:22:51Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.hujson index bb34ae88..2630bce6 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.hujson @@ -1,3 +1,10 @@ +// ROUTES-h2_wildcard_dstports_format +// +// ACL: accept: src=['autogroup:member'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-h2_wildcard_dstports_format", "timestamp": "2026-03-17T16:23:01Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.hujson index 49857f2f..ed701784 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.hujson @@ -1,3 +1,10 @@ +// ROUTES-h3_cgnat_range_expansion +// +// ACL: accept: src=['*'] dst=['tag:router:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-h3_cgnat_range_expansion", "timestamp": "2026-03-17T16:23:12Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.hujson index ce796e26..f26f2f90 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.hujson @@ -1,3 +1,10 @@ +// ROUTES-h4_ipv6_range_in_srcips +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-h4_ipv6_range_in_srcips", "timestamp": "2026-03-17T16:23:23Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.hujson index f9b1f1be..5ca15f58 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.hujson @@ -1,3 +1,10 @@ +// ROUTES-h5_subnet_overlaps_cgnat +// +// ACL: accept: src=['*'] dst=['100.64.0.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-h5_subnet_overlaps_cgnat", "timestamp": "2026-03-17T16:23:33Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.hujson index abaed0be..46422317 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.hujson @@ -1,3 +1,10 @@ +// ROUTES-h6_loopback_routes_not_distributed +// +// ACL: accept: src=['*'] dst=['127.0.0.1/32:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-h6_loopback_routes_not_distributed", "timestamp": "2026-03-17T16:23:44Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.hujson index c41dabaa..7daa7d76 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-h7_two_nodes_same_subnet +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-h7_two_nodes_same_subnet", "timestamp": "2026-03-17T16:23:55Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.hujson index aca95c52..db01bcf7 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.hujson @@ -1,3 +1,10 @@ +// ROUTES-h8_cgnat_overlap_blocked +// +// ACL: accept: src=['*'] dst=['100.100.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-h8_cgnat_overlap_blocked", "timestamp": "2026-03-17T16:24:05Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.hujson index 4ba1c93c..0917dfab 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.hujson @@ -1,3 +1,10 @@ +// ROUTES-h9_large_prefix_works +// +// ACL: accept: src=['autogroup:member'] dst=['10.0.0.0/8:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-h9_large_prefix_works", "timestamp": "2026-03-17T16:24:16Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.hujson index 7853c87a..61e95f75 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.hujson @@ -1,3 +1,10 @@ +// ROUTES-i1_ipv6_subnet_route +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-i1_ipv6_subnet_route", "timestamp": "2026-03-17T16:24:27Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.hujson index f773a010..def3a0a8 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.hujson @@ -1,3 +1,10 @@ +// ROUTES-i2_ipv6_exit_route +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-i2_ipv6_exit_route", "timestamp": "2026-03-17T16:24:37Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.hujson index 4e3a85b5..f0d15411 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.hujson @@ -1,3 +1,10 @@ +// ROUTES-i3_ipv6_in_wildcard_srcips +// +// ACL: accept: src=['*'] dst=['tag:router:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-i3_ipv6_in_wildcard_srcips", "timestamp": "2026-03-17T16:24:48Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.hujson index 3d5ab3ce..c1769f4b 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.hujson @@ -1,3 +1,10 @@ +// ROUTES-i4_ipv6_specific_acl +// +// ACL: accept: src=['*'] dst=['fd00:1::/64:443'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-i4_ipv6_specific_acl", "timestamp": "2026-03-17T16:24:59Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.hujson index 73b425b8..bc278ef8 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-i5_ipv6_parent_child_routes +// +// ACL: accept: src=['autogroup:member'] dst=['fd00:1:2::/80:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-i5_ipv6_parent_child_routes", "timestamp": "2026-03-17T16:25:09Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.hujson index 34eabe05..d0dbbafb 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.hujson @@ -1,3 +1,12 @@ +// ROUTES-i6_dual_stack_node +// +// ACLs: +// accept: src=['*'] dst=['10.33.0.0/16:*'] +// accept: src=['*'] dst=['fd00:1::/64:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-i6_dual_stack_node", "timestamp": "2026-03-17T16:25:20Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.hujson index 37941edc..f4746c49 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.hujson @@ -1,3 +1,10 @@ +// ROUTES-i7_ipv6_exit_coverage +// +// ACL: accept: src=['*'] dst=['2001:db8::/32:443'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-i7_ipv6_exit_coverage", "timestamp": "2026-03-17T16:25:31Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.hujson index f4ab75ac..8a61f510 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.hujson @@ -1,3 +1,10 @@ +// ROUTES-o10_acl_dest_covered_by_multiple +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o10_acl_dest_covered_by_multiple", "timestamp": "2026-03-17T16:25:41Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.hujson index 8ff7bf47..6431d430 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.hujson @@ -1,3 +1,10 @@ +// ROUTES-o11_acl_dest_not_covered +// +// ACL: accept: src=['*'] dst=['192.168.99.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-o11_acl_dest_not_covered", "timestamp": "2026-03-17T16:25:52Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.hujson index 085417ec..6423a3ab 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.hujson @@ -1,3 +1,10 @@ +// ROUTES-o12_filter_dest_is_acl_cidr +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o12_filter_dest_is_acl_cidr", "timestamp": "2026-03-17T16:26:03Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.hujson index a56aa161..676eb701 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.hujson @@ -1,3 +1,10 @@ +// ROUTES-o1_overlapping_routes_not_merged +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-o1_overlapping_routes_not_merged", "timestamp": "2026-03-17T16:26:13Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.hujson index f8cedc7e..b9c36414 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.hujson @@ -1,3 +1,10 @@ +// ROUTES-o2_ha_routers_both_get_filter +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o2_ha_routers_both_get_filter", "timestamp": "2026-03-17T16:26:24Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.hujson index de3a20d5..51c81fc1 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.hujson @@ -1,3 +1,10 @@ +// ROUTES-o3_parent_child_different_nodes +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o3_parent_child_different_nodes", "timestamp": "2026-03-17T16:26:34Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.hujson index 3b6a5711..98c96d86 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.hujson @@ -1,3 +1,10 @@ +// ROUTES-o4_three_way_hierarchy +// +// ACL: accept: src=['*'] dst=['10.33.1.128/25:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o4_three_way_hierarchy", "timestamp": "2026-03-17T16:26:45Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.hujson index d81e9aca..0c197bbf 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.hujson @@ -1,3 +1,10 @@ +// ROUTES-o5_sibling_routes_with_parent_acl +// +// ACL: accept: src=['*'] dst=['10.0.0.0/8:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o5_sibling_routes_with_parent_acl", "timestamp": "2026-03-17T16:26:56Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.hujson index 010fc6f4..df5dc5bc 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.hujson @@ -1,3 +1,10 @@ +// ROUTES-o6_exit_route_expands_filter_dist +// +// ACL: accept: src=['*'] dst=['8.8.8.0/24:53'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-o6_exit_route_expands_filter_dist", "timestamp": "2026-03-17T16:27:06Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.hujson index ef57da1c..d9457e6a 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.hujson @@ -1,3 +1,10 @@ +// ROUTES-o7_specific_ip_targeting +// +// ACL: accept: src=['*'] dst=['10.33.0.100/32:80'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o7_specific_ip_targeting", "timestamp": "2026-03-17T16:27:17Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.hujson index 217fdf9a..cf069c6c 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-o8_same_node_overlapping_routes +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o8_same_node_overlapping_routes", "timestamp": "2026-03-17T16:27:28Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.hujson index 964f1274..40929db3 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.hujson @@ -1,3 +1,10 @@ +// ROUTES-o9_different_nodes_same_route +// +// ACL: accept: src=['autogroup:member'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o9_different_nodes_same_route", "timestamp": "2026-03-17T16:27:38Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.hujson index 81c52f49..5cea70b1 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.hujson @@ -1,3 +1,10 @@ +// ROUTES-r1_exit_covers_external_dest +// +// ACL: accept: src=['*'] dst=['8.8.8.0/24:53'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-r1_exit_covers_external_dest", "timestamp": "2026-03-17T16:27:49Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.hujson index 373e4ad5..e22054b0 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.hujson @@ -1,3 +1,10 @@ +// ROUTES-r2_parent_route_covers_child_dest +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-r2_parent_route_covers_child_dest", "timestamp": "2026-03-17T16:27:59Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.hujson index 26b861cf..8cef74f9 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.hujson @@ -1,3 +1,10 @@ +// ROUTES-r3_sibling_routes_no_coverage +// +// ACL: accept: src=['*'] dst=['10.34.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 1 of 12 nodes { "test_id": "ROUTES-r3_sibling_routes_no_coverage", "timestamp": "2026-03-17T16:28:10Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.hujson index 95a8d507..1f0bbb9c 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.hujson @@ -1,3 +1,10 @@ +// ROUTES-r4_exact_match_route +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-r4_exact_match_route", "timestamp": "2026-03-17T16:28:21Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.hujson index 7b25d772..a116a974 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.hujson @@ -1,3 +1,10 @@ +// ROUTES-r5_route_coverage_check_logic +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-r5_route_coverage_check_logic", "timestamp": "2026-03-17T16:28:31Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.hujson index 0e5f5e12..f0edb840 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.hujson @@ -1,3 +1,10 @@ +// ROUTES-r6_ipv6_route_coverage +// +// ACL: accept: src=['*'] dst=['fd7a:115c:a1e0::1/128:443'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-r6_ipv6_route_coverage", "timestamp": "2026-03-17T16:28:42Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.hujson index bc8286d5..821a3f04 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.hujson @@ -1,3 +1,10 @@ +// ROUTES-r7_exit_ipv6_coverage +// +// ACL: accept: src=['*'] dst=['2001:db8::1/128:443'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-r7_exit_ipv6_coverage", "timestamp": "2026-03-17T16:28:53Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.hujson index 74210ffd..e8a67266 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.hujson @@ -1,3 +1,10 @@ +// ROUTES-r8_mixed_ipv4_ipv6_coverage +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*', 'fd7a:115c:a1e0::/64:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-r8_mixed_ipv4_ipv6_coverage", "timestamp": "2026-03-17T16:29:03Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.hujson index e6dd662e..db23c864 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-t1_tags_resolve_to_ips_not_routes +// +// ACL: accept: src=['tag:router'] dst=['tag:router:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-t1_tags_resolve_to_ips_not_routes", "timestamp": "2026-03-17T16:29:14Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.hujson index 459867e6..1acb126b 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.hujson @@ -1,3 +1,10 @@ +// ROUTES-t2_tag_to_tag_with_exit +// +// ACL: accept: src=['tag:exit'] dst=['tag:exit:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-t2_tag_to_tag_with_exit", "timestamp": "2026-03-17T16:29:24Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.hujson index f39aeab8..81fcbfce 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.hujson @@ -1,3 +1,10 @@ +// ROUTES-t3_tag_src_includes_all_tagged +// +// ACL: accept: src=['tag:router'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-t3_tag_src_includes_all_tagged", "timestamp": "2026-03-17T16:29:35Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.hujson index b44810d6..aa70366a 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.hujson @@ -1,3 +1,10 @@ +// ROUTES-t4_tag_dst_includes_all_tagged +// +// ACL: accept: src=['*'] dst=['tag:ha:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-t4_tag_dst_includes_all_tagged", "timestamp": "2026-03-17T16:29:46Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.hujson index 7646936d..0d07755d 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.hujson @@ -1,3 +1,10 @@ +// ROUTES-t5_multi_tag_node_in_both +// +// ACL: accept: src=['tag:router'] dst=['tag:exit:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-t5_multi_tag_node_in_both", "timestamp": "2026-03-17T16:29:56Z", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A1.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A1.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A1.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A1.hujson index 7313deab..da6caf84 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A1.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A1.hujson @@ -1,3 +1,8 @@ +// SSH-A1 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A1", "policy_file": "ssh_policies/ssh_a1.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A2.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A2.hujson index a9151058..8ee9db20 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A2.hujson @@ -1,3 +1,8 @@ +// SSH-A2 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['autogroup:nonroot'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A2", "policy_file": "ssh_policies/ssh_a2.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A3.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A3.hujson index 85ab9637..26544aa0 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A3.hujson @@ -1,3 +1,8 @@ +// SSH-A3 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root', 'autogroup:nonroot'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A3", "policy_file": "ssh_policies/ssh_a3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A4.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A4.hujson index 5a50b980..17af8ada 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.hujson @@ -1,3 +1,8 @@ +// SSH-A4 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['ubuntu'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-A4", "policy_file": "ssh_policies/ssh_a4.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A5.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A5.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A5.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A5.hujson index 326255bb..74b2162a 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A5.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A5.hujson @@ -1,3 +1,8 @@ +// SSH-A5 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root', 'ubuntu'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-A5", "policy_file": "ssh_policies/ssh_a5.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A6.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A6.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A6.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A6.hujson index 542396c1..7e585c3d 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A6.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A6.hujson @@ -1,3 +1,8 @@ +// SSH-A6 +// +// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A6", "policy_file": "ssh_policies/ssh_a6.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A7.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A7.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A7.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A7.hujson index 9e73aba4..1038cfa6 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A7.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A7.hujson @@ -1,3 +1,8 @@ +// SSH-A7 +// +// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A7", "policy_file": "ssh_policies/ssh_a7.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A8.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A8.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A8.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A8.hujson index 097a8516..580db59d 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A8.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A8.hujson @@ -1,3 +1,8 @@ +// SSH-A8 +// +// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A8", "policy_file": "ssh_policies/ssh_a8.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B1.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-B1.hujson similarity index 84% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-B1.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-B1.hujson index e68797cb..ca8f6cb4 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B1.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-B1.hujson @@ -1,3 +1,8 @@ +// SSH-B1 +// +// SSH: accept: src=['kristoffer@dalby.cc'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-B1", "policy_file": "ssh_policies/ssh_b1.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-B2.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-B2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-B2.hujson index 46eb8aa3..e1256da2 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-B2.hujson @@ -1,3 +1,8 @@ +// SSH-B2 +// +// SSH: accept: src=['group:developers'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-B2", "policy_file": "ssh_policies/ssh_b2.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-B3.hujson similarity index 85% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-B3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-B3.hujson index 765a4d53..a2492011 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-B3.hujson @@ -1,3 +1,8 @@ +// SSH-B3 +// +// SSH: accept: src=['tag:prod'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-B3", "policy_file": "ssh_policies/ssh_b3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B5.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-B5.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-B5.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-B5.hujson index 279217b7..1b2db59c 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B5.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-B5.hujson @@ -1,3 +1,8 @@ +// SSH-B5 +// +// SSH: accept: src=['user:*@passkey'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-B5", "policy_file": "ssh_policies/ssh_b5.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B6.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-B6.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-B6.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-B6.hujson index b4cf7914..3fb7470f 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B6.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-B6.hujson @@ -1,3 +1,8 @@ +// SSH-B6 +// +// SSH: accept: src=['autogroup:tagged'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-B6", "policy_file": "ssh_policies/ssh_b6.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C1.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-C1.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-C1.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-C1.hujson index c95409f1..b4971778 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C1.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-C1.hujson @@ -1,3 +1,8 @@ +// SSH-C1 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-C1", "policy_file": "ssh_policies/ssh_c1.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-C2.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-C2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-C2.hujson index 21f3722b..48aba4dc 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-C2.hujson @@ -1,3 +1,8 @@ +// SSH-C2 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-C2", "policy_file": "ssh_policies/ssh_c2.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-C3.hujson similarity index 84% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-C3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-C3.hujson index 6c8a651a..ece60647 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-C3.hujson @@ -1,3 +1,8 @@ +// SSH-C3 +// +// SSH: accept: src=['kristoffer@dalby.cc'] dst=['kristoffer@dalby.cc'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-C3", "policy_file": "ssh_policies/ssh_c3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C4.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-C4.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-C4.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-C4.hujson index 14edec5a..c42c1e0d 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C4.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-C4.hujson @@ -1,3 +1,8 @@ +// SSH-C4 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server', 'tag:prod'] users=['root'] +// +// Expected: SSH rules on 2 of 5 nodes { "test_id": "SSH-C4", "policy_file": "ssh_policies/ssh_c4.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D10.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D10.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D10.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D10.hujson index ae37ff0c..365d6167 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D10.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D10.hujson @@ -1,3 +1,8 @@ +// SSH-D10 +// +// SSH: accept: src=['user:*@passkey'] dst=['tag:server'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-D10", "policy_file": "ssh_policies/ssh_d10.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D11.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D11.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D11.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D11.hujson index f87426ef..bb35c9f1 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D11.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D11.hujson @@ -1,3 +1,8 @@ +// SSH-D11 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'ubuntu'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D11", "policy_file": "ssh_policies/ssh_d11.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D12.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D12.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D12.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D12.hujson index 197d9668..83f81a45 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D12.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D12.hujson @@ -1,3 +1,8 @@ +// SSH-D12 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'ubuntu'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D12", "policy_file": "ssh_policies/ssh_d12.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D2.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D2.hujson index 20c79efd..b7aeaca2 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D2.hujson @@ -1,3 +1,8 @@ +// SSH-D2 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D2", "policy_file": "ssh_policies/ssh_d2.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D3.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D3.hujson index a8fc399c..890544c9 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D3.hujson @@ -1,3 +1,8 @@ +// SSH-D3 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D3", "policy_file": "ssh_policies/ssh_d3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D4.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D4.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D4.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D4.hujson index 5a7dc71c..34e072df 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D4.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D4.hujson @@ -1,3 +1,8 @@ +// SSH-D4 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D4", "policy_file": "ssh_policies/ssh_d4.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D5.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D5.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D5.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D5.hujson index f9a4f5f4..1f128483 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D5.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D5.hujson @@ -1,3 +1,8 @@ +// SSH-D5 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root', 'autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D5", "policy_file": "ssh_policies/ssh_d5.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D6.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D6.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D6.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D6.hujson index d11f4a3c..d744cf01 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D6.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D6.hujson @@ -1,3 +1,8 @@ +// SSH-D6 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D6", "policy_file": "ssh_policies/ssh_d6.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D7.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D7.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D7.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D7.hujson index 84dcbce4..23f18267 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D7.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D7.hujson @@ -1,3 +1,8 @@ +// SSH-D7 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root', 'autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D7", "policy_file": "ssh_policies/ssh_d7.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D8.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D8.hujson similarity index 93% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D8.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D8.hujson index 9242e93c..866b1bf2 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D8.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D8.hujson @@ -1,3 +1,8 @@ +// SSH-D8 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-D8", "policy_file": "ssh_policies/ssh_d8.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D9.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D9.hujson similarity index 93% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D9.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D9.hujson index 7abd3b71..0144c546 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D9.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D9.hujson @@ -1,3 +1,8 @@ +// SSH-D9 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey', 'root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-D9", "policy_file": "ssh_policies/ssh_d9.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-E3.hujson similarity index 80% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-E3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-E3.hujson index 3585b996..9f644ef0 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-E3.hujson @@ -1,3 +1,8 @@ +// SSH-E3 +// +// SSH: (no SSH rules) +// +// Expected: No SSH rules { "test_id": "SSH-E3", "policy_file": "ssh_policies/ssh_e3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E4.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-E4.hujson similarity index 81% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-E4.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-E4.hujson index 645d8d0f..d1a9279a 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E4.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-E4.hujson @@ -1,3 +1,8 @@ +// SSH-E4 +// +// SSH: (no SSH rules) +// +// Expected: No SSH rules { "test_id": "SSH-E4", "policy_file": "ssh_policies/ssh_e4.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E5.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-E5.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-E5.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-E5.hujson index 94f67545..469f86cc 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E5.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-E5.hujson @@ -1,3 +1,8 @@ +// SSH-E5 +// +// SSH: accept: src=['tag:prod'] dst=['tag:server'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 2 of 5 nodes { "test_id": "SSH-E5", "policy_file": "ssh_policies/ssh_e5.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E6.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-E6.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-E6.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-E6.hujson index 8dfd5f97..733d422d 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E6.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-E6.hujson @@ -1,3 +1,8 @@ +// SSH-E6 +// +// SSH: check: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-E6", "policy_file": "ssh_policies/ssh_e6.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F1.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-F1.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-F1.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-F1.hujson index 47bd1356..5d540dfa 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F1.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-F1.hujson @@ -1,3 +1,10 @@ +// SSH-F1 +// +// SSH rules: +// accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// accept: src=['autogroup:member'] dst=['tag:server'] users=['autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-F1", "policy_file": "ssh_policies/ssh_f1.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-F2.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-F2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-F2.hujson index 61bc3b4b..ad227cdc 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-F2.hujson @@ -1,3 +1,10 @@ +// SSH-F2 +// +// SSH rules: +// accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// check: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-F2", "policy_file": "ssh_policies/ssh_f2.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-F3.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-F3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-F3.hujson index d16f5f31..12d1f748 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-F3.hujson @@ -1,3 +1,10 @@ +// SSH-F3 +// +// SSH rules: +// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] +// accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-F3", "policy_file": "ssh_policies/ssh_f3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F4.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-F4.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-F4.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-F4.hujson index 43dc27dc..206392c6 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F4.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-F4.hujson @@ -1,3 +1,10 @@ +// SSH-F4 +// +// SSH rules: +// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] +// accept: src=['autogroup:member'] dst=['tag:server'] users=['autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-F4", "policy_file": "ssh_policies/ssh_f4.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F5.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-F5.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-F5.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-F5.hujson index 9065a0f7..f0dc1bfa 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F5.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-F5.hujson @@ -1,3 +1,10 @@ +// SSH-F5 +// +// SSH rules: +// accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey'] +// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-F5", "policy_file": "ssh_policies/ssh_f5.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-G1.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-G1.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-G1.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-G1.hujson index 153dd354..d355fbab 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-G1.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-G1.hujson @@ -1,3 +1,8 @@ +// SSH-G1 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-G1", "policy_file": "ssh_policies/ssh_g1.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-G2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-G2.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-G2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-G2.hujson index fb6fbcf6..a891b8a6 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-G2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-G2.hujson @@ -1,3 +1,8 @@ +// SSH-G2 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-G2", "policy_file": "ssh_policies/ssh_g2.json", diff --git a/hscontrol/servertest/via_compat_test.go b/hscontrol/servertest/via_compat_test.go index fba2de7b..b1a7972f 100644 --- a/hscontrol/servertest/via_compat_test.go +++ b/hscontrol/servertest/via_compat_test.go @@ -14,6 +14,7 @@ import ( "github.com/juanfont/headscale/hscontrol/servertest" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/tailscale/hujson" "tailscale.com/tailcfg" "tailscale.com/types/netmap" ) @@ -81,6 +82,20 @@ var viaCompatTests = []struct { // The comparison is IP-independent: it validates peer visibility, route // prefixes in AllowedIPs, and PrimaryRoutes — not literal Tailscale IP // addresses which differ between Tailscale SaaS and headscale allocation. +// +// CROSS-DEPENDENCY WARNING: +// This test reads golden files from ../policy/v2/testdata/grant_results/ +// (specifically GRANT-V29, V30, V31, V36). These files are shared with +// TestGrantsCompat in the policy/v2 package. Any changes to the file +// format, field structure, or naming must be coordinated with BOTH tests. +// +// Fields consumed by this test (but NOT by TestGrantsCompat): +// - captures[name].netmap (Peers, AllowedIPs, PrimaryRoutes, PacketFilterRules) +// - topology.nodes[name].tags (used for servertest node creation) +// +// Fields consumed by TestGrantsCompat (but NOT by this test): +// - captures[name].packet_filter_rules (golden filter rule comparison) +// - input.api_response_code/body (error case handling) func TestViaGrantMapCompat(t *testing.T) { t.Parallel() @@ -89,13 +104,17 @@ func TestViaGrantMapCompat(t *testing.T) { t.Parallel() path := filepath.Join( - "..", "policy", "v2", "testdata", "grant_results", tc.id+".json", + "..", "policy", "v2", "testdata", "grant_results", tc.id+".hujson", ) data, err := os.ReadFile(path) require.NoError(t, err, "failed to read golden file %s", path) + ast, err := hujson.Parse(data) + require.NoError(t, err, "failed to parse HuJSON in %s", path) + ast.Standardize() + var gf goldenFile - require.NoError(t, json.Unmarshal(data, &gf)) + require.NoError(t, json.Unmarshal(ast.Pack(), &gf)) if gf.Error { t.Skipf("test %s is an error case", tc.id)