public/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-11-02 22:17:44 +09:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity

feat: add autogroup:member, autogroup:tagged (#2572)
Some checks failed
Build / build-nix (push) Waiting to run
Details
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Details
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Details
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Details
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Details
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Details
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Details
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Details
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Details
Tests / test (push) Waiting to run
Details
Deploy docs / deploy (push) Has been cancelled
Details
update-flake-lock / lockfile (push) Has been cancelled
Details
GitHub Actions Version Updater / build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Vitalij Dovhanyc
2025-05-17 11:07:34 +02:00
committed by GitHub
parent b50e10a1be
commit 6750414db1
6 changed files with 329 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
integration/acl_test.go
View File

@@ -1139,3 +1139,115 @@ func TestPolicyUpdateWhileRunningWithCLIInDatabase(t *testing.T) {
}
}
}
func TestACLAutogroupMember(t *testing.T) {
IntegrationSkip(t)
t.Parallel()
scenario := aclScenario(t,
&policyv1.ACLPolicy{
ACLs: []policyv1.ACL{
{
Action: "accept",
Sources: []string{"autogroup:member"},
Destinations: []string{"autogroup:member:*"},
},
},
},
2,
)
defer scenario.ShutdownAssertNoPanics(t)
allClients, err := scenario.ListTailscaleClients()
require.NoError(t, err)
err = scenario.WaitForTailscaleSync()
require.NoError(t, err)
// Test that untagged nodes can access each other
for _, client := range allClients {
status, err := client.Status()
require.NoError(t, err)
if status.Self.Tags != nil && status.Self.Tags.Len() > 0 {
continue
}
for _, peer := range allClients {
if client.Hostname() == peer.Hostname() {
continue
}
status, err := peer.Status()
require.NoError(t, err)
if status.Self.Tags != nil && status.Self.Tags.Len() > 0 {
continue
}
fqdn, err := peer.FQDN()
require.NoError(t, err)
url := fmt.Sprintf("http://%s/etc/hostname", fqdn)
t.Logf("url from %s to %s", client.Hostname(), url)
result, err := client.Curl(url)
assert.Len(t, result, 13)
require.NoError(t, err)
}
}
}
func TestACLAutogroupTagged(t *testing.T) {
IntegrationSkip(t)
t.Parallel()
scenario := aclScenario(t,
&policyv1.ACLPolicy{
ACLs: []policyv1.ACL{
{
Action: "accept",
Sources: []string{"autogroup:tagged"},
Destinations: []string{"autogroup:tagged:*"},
},
},
},
2,
)
defer scenario.ShutdownAssertNoPanics(t)
allClients, err := scenario.ListTailscaleClients()
require.NoError(t, err)
err = scenario.WaitForTailscaleSync()
require.NoError(t, err)
// Test that tagged nodes can access each other
for _, client := range allClients {
status, err := client.Status()
require.NoError(t, err)
if status.Self.Tags == nil || status.Self.Tags.Len() == 0 {
continue
}
for _, peer := range allClients {
if client.Hostname() == peer.Hostname() {
continue
}
status, err := peer.Status()
require.NoError(t, err)
if status.Self.Tags == nil || status.Self.Tags.Len() == 0 {
continue
}
fqdn, err := peer.FQDN()
require.NoError(t, err)
url := fmt.Sprintf("http://%s/etc/hostname", fqdn)
t.Logf("url from %s to %s", client.Hostname(), url)
result, err := client.Curl(url)
assert.Len(t, result, 13)
require.NoError(t, err)
}
}
}