public/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-04-14 21:29:56 +09:00
Code Issues Packages Projects Releases Wiki Activity

testdata: strip unused fields from all test data files (23MB -> 4MB)

Browse Source 
Strip fields not consumed by any test from all 594 HuJSON test data files:

grant_results/ (248 files, 21MB -> 1.8MB):
  - Remove: timestamp, propagation_wait_seconds, input.policy_file,
    input.grants_section, input.api_endpoint, input.api_method,
    topology.nodes.mts_name, topology.nodes.socket, topology.nodes.user_id,
    captures.commands, captures.packet_filter_matches, captures.whois
  - V14-V16, V26-V36: keep stripped netmap (Peers.Name/AllowedIPs/PrimaryRoutes
    + PacketFilterRules) for via_compat_test.go compatibility
  - V17-V25: strip netmap (old topology, incompatible with via_compat harness)

acl_results/ (215 files, 1.4MB -> 1.2MB):
  - Remove: timestamp, propagation_wait_seconds, input.policy_file,
    input.api_endpoint, input.api_response_code, entire topology section
    (parsed by Go struct but completely ignored — nodes are hardcoded)

routes_results/ (92 files, unchanged — topology is actively used):
  - Remove: timestamp, propagation_wait_seconds, input.policy_file,
    input.api_endpoint, input.api_response_code

ssh_results/ (39 files, unchanged — minimal to begin with):
  - Remove: policy_file
This commit is contained in:
Kristoffer Dalby
2026-03-30 17:10:53 +00:00
parent 30dce30a9d
commit 835db974b5
594 changed files with 45359 additions and 535977 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
hscontrol/policy/v2/testdata/acl_results/ACL-A01.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-A01",
"timestamp": "2026-03-17T14:16:33Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["*:*"]
"src": [
"autogroup:member"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

112
hscontrol/policy/v2/testdata/acl_results/ACL-A02.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-A02",
"timestamp": "2026-03-17T14:16:44Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:tagged"],
"dst": ["*:*"]
"src": [
"autogroup:tagged"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

113
hscontrol/policy/v2/testdata/acl_results/ACL-A03.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-A03",
"timestamp": "2026-03-17T14:16:54Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "tag:client"],
"dst": ["tag:server:22"]
"src": [
"autogroup:member",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

127
hscontrol/policy/v2/testdata/acl_results/ACL-A04.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A04",
"timestamp": "2026-03-17T14:17:04Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*"]
"src": [
"*"
],
"dst": [
"autogroup:self:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -120,7 +88,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -143,7 +114,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -166,7 +140,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

112
hscontrol/policy/v2/testdata/acl_results/ACL-A05.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: No filter rules
{
"test_id": "ACL-A05",
"timestamp": "2026-03-17T14:17:15Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:internet:*"]
"src": [
"*"
],
"dst": [
"autogroup:internet:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

112
hscontrol/policy/v2/testdata/acl_results/ACL-A06.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A06",
"timestamp": "2026-03-17T14:17:25Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:member:*"]
"src": [
"*"
],
"dst": [
"autogroup:member:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

128
hscontrol/policy/v2/testdata/acl_results/ACL-A07.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server, user-kris, user-mon, user1
{
"test_id": "ACL-A07",
"timestamp": "2026-03-17T14:17:36Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*", "tag:server:22"]
"src": [
"*"
],
"dst": [
"autogroup:self:*",
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -145,7 +114,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -168,7 +140,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -191,7 +166,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

112
hscontrol/policy/v2/testdata/acl_results/ACL-A08.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server
{
"test_id": "ACL-A08",
"timestamp": "2026-03-17T14:17:47Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:tagged:*"]
"src": [
"*"
],
"dst": [
"autogroup:tagged:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

127
hscontrol/policy/v2/testdata/acl_results/ACL-A09.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A09",
"timestamp": "2026-03-17T14:17:57Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a09.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["autogroup:self:*"]
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -120,7 +88,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -143,7 +114,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -166,7 +140,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

117
hscontrol/policy/v2/testdata/acl_results/ACL-A10.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on user1
{
"test_id": "ACL-A10",
"timestamp": "2026-03-17T14:18:08Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a10.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["kratail2tid@passkey"],
"dst": ["autogroup:self:*"]
"src": [
"kratail2tid@passkey"
],
"dst": [
"autogroup:self:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -126,7 +94,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

117
hscontrol/policy/v2/testdata/acl_results/ACL-A11.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on user1
{
"test_id": "ACL-A11",
"timestamp": "2026-03-17T14:18:18Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a11.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["group:admins"],
"dst": ["autogroup:self:*"]
"src": [
"group:admins"
],
"dst": [
"autogroup:self:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -126,7 +94,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

127
hscontrol/policy/v2/testdata/acl_results/ACL-A12.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A12",
"timestamp": "2026-03-17T14:18:28Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a12.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:22"]
"src": [
"*"
],
"dst": [
"autogroup:self:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -120,7 +88,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -143,7 +114,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -166,7 +140,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

127
hscontrol/policy/v2/testdata/acl_results/ACL-A13.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A13",
"timestamp": "2026-03-17T14:18:39Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a13.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:80-443"]
"src": [
"*"
],
"dst": [
"autogroup:self:80-443"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -120,7 +88,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -143,7 +114,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -166,7 +140,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

127
hscontrol/policy/v2/testdata/acl_results/ACL-A14.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-A14",
"timestamp": "2026-03-17T14:18:49Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a14.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:22,80,443"]
"src": [
"*"
],
"dst": [
"autogroup:self:22,80,443"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -120,7 +88,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -171,7 +142,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -222,7 +196,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

113
hscontrol/policy/v2/testdata/acl_results/ACL-A15.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-A15",
"timestamp": "2026-03-17T14:19:00Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a15.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "autogroup:tagged"],
"dst": ["*:*"]
"src": [
"autogroup:member",
"autogroup:tagged"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

113
hscontrol/policy/v2/testdata/acl_results/ACL-A16.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-A16",
"timestamp": "2026-03-17T14:19:10Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a16.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "autogroup:tagged"],
"dst": ["tag:server:22"]
"src": [
"autogroup:member",
"autogroup:tagged"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

129
hscontrol/policy/v2/testdata/acl_results/ACL-A17.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server, user-kris, user-mon, user1
{
"test_id": "ACL-A17",
"timestamp": "2026-03-17T14:19:21Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_a17.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,30 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*", "tag:server:22", "autogroup:member:80"]
"src": [
"*"
],
"dst": [
"autogroup:self:*",
"tag:server:22",
"autogroup:member:80"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -169,7 +139,10 @@
]
},
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -216,7 +189,10 @@
]
},
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -263,7 +239,10 @@
]
},
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

153
hscontrol/policy/v2/testdata/acl_results/ACL-AH01.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-AH01",
"timestamp": "2026-03-17T14:19:31Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,81 +45,39 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["internal", "subnet24"],
"dst": ["*:*"]
"src": [
"internal",
"subnet24"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
@@ -121,7 +93,10 @@
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
@@ -137,7 +112,10 @@
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
@@ -153,7 +131,10 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
@@ -169,7 +150,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
@@ -185,7 +169,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
@@ -201,7 +188,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",
@@ -217,7 +207,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"],
"SrcIPs": [
"10.0.0.0/8",
"192.168.1.0/24"
],
"DstPorts": [
{
"IP": "*",

118
hscontrol/policy/v2/testdata/acl_results/ACL-AH02.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-AH02",
"timestamp": "2026-03-17T14:19:42Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["internal", "100.108.74.26"],
"dst": ["tag:server:22"]
"src": [
"internal",
"100.108.74.26"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +86,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "100.108.74.26"],
"SrcIPs": [
"10.0.0.0/8",
"100.108.74.26"
],
"DstPorts": [
{
"IP": "100.108.74.26",

114
hscontrol/policy/v2/testdata/acl_results/ACL-AH03.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on subnet-router, tagged-server
{
"test_id": "ACL-AH03",
"timestamp": "2026-03-17T14:19:52Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,30 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["internal:22", "subnet24:80", "tag:server:443"]
"src": [
"*"
],
"dst": [
"internal:22",
"subnet24:80",
"tag:server:443"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

117
hscontrol/policy/v2/testdata/acl_results/ACL-AH04.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-AH04",
"timestamp": "2026-03-17T14:20:02Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["internal", "10.0.0.0/8"],
"dst": ["tag:server:22"]
"src": [
"internal",
"10.0.0.0/8"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +86,9 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8"],
"SrcIPs": [
"10.0.0.0/8"
],
"DstPorts": [
{
"IP": "100.108.74.26",

112
hscontrol/policy/v2/testdata/acl_results/ACL-AH05.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on subnet-router
{
"test_id": "ACL-AH05",
"timestamp": "2026-03-17T14:20:13Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["internal:22"]
"src": [
"*"
],
"dst": [
"internal:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

112
hscontrol/policy/v2/testdata/acl_results/ACL-AH06.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on subnet-router
{
"test_id": "ACL-AH06",
"timestamp": "2026-03-17T14:20:23Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ah06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["10.0.0.0/8:22"]
"src": [
"*"
],
"dst": [
"10.0.0.0/8:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

125
hscontrol/policy/v2/testdata/acl_results/ACL-AR01.hujson vendored
View File

@@ -7,23 +7,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR01",
"timestamp": "2026-03-17T14:20:34Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -33,79 +47,37 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:80,443"]
"src": [
"tag:client"
],
"dst": [
"tag:server:80,443"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -124,7 +96,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

137
hscontrol/policy/v2/testdata/acl_results/ACL-AR02.hujson vendored
View File

@@ -8,23 +8,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR02",
"timestamp": "2026-03-17T14:20:44Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -34,85 +48,47 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:80,443"]
"src": [
"tag:client"
],
"dst": [
"tag:server:80,443"
]
},
{
"action": "accept",
"src": ["*"],
"src": [
"*"
],
"proto": "udp",
"dst": ["tag:server:53"]
"dst": [
"tag:server:53"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -131,7 +107,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
@@ -200,7 +179,9 @@
}
}
],
"IPProto": [17]
"IPProto": [
17
]
}
]
},

133
hscontrol/policy/v2/testdata/acl_results/ACL-AR03.hujson vendored
View File

@@ -8,23 +8,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR03",
"timestamp": "2026-03-17T14:20:55Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -34,84 +48,46 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:80"]
"src": [
"tag:client"
],
"dst": [
"tag:server:80"
]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:443"]
"src": [
"tag:client"
],
"dst": [
"tag:server:443"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -130,7 +106,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

143
hscontrol/policy/v2/testdata/acl_results/ACL-AR04.hujson vendored
View File

@@ -8,23 +8,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR04",
"timestamp": "2026-03-17T14:21:05Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -34,84 +48,46 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:prod"],
"dst": ["tag:server:22"]
"src": [
"tag:prod"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:router"],
"dst": ["tag:server:22"]
"src": [
"tag:router"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -130,7 +106,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
@@ -149,7 +128,10 @@
]
},
{
"SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"],
"SrcIPs": [
"100.103.8.15",
"fd7a:115c:a1e0::5b37:80f"
],
"DstPorts": [
{
"IP": "100.108.74.26",
@@ -168,7 +150,10 @@
]
},
{
"SrcIPs": ["100.92.142.61", "fd7a:115c:a1e0::3e37:8e3d"],
"SrcIPs": [
"100.92.142.61",
"fd7a:115c:a1e0::3e37:8e3d"
],
"DstPorts": [
{
"IP": "100.108.74.26",

146
hscontrol/policy/v2/testdata/acl_results/ACL-AR05.hujson vendored
View File

@@ -9,23 +9,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR05",
"timestamp": "2026-03-17T14:21:16Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -35,89 +49,55 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:80"]
"src": [
"tag:client"
],
"dst": [
"tag:server:80"
]
},
{
"action": "accept",
"src": ["tag:prod"],
"dst": ["tag:server:22"]
"src": [
"tag:prod"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:prod"],
"dst": ["tag:server:443"]
"src": [
"tag:prod"
],
"dst": [
"tag:server:443"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -136,7 +116,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
@@ -169,7 +152,10 @@
]
},
{
"SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"],
"SrcIPs": [
"100.103.8.15",
"fd7a:115c:a1e0::5b37:80f"
],
"DstPorts": [
{
"IP": "100.108.74.26",

125
hscontrol/policy/v2/testdata/acl_results/ACL-AR06.hujson vendored
View File

@@ -7,23 +7,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-AR06",
"timestamp": "2026-03-17T14:21:26Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_ar06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -33,79 +47,37 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:80"]
"src": [
"*"
],
"dst": [
"tag:server:80"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -124,7 +96,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

116
hscontrol/policy/v2/testdata/acl_results/ACL-AT01.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-AT01",
"timestamp": "2026-03-17T14:21:36Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,32 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:server", "tag:client", "tag:prod", "tag:router", "tag:exit"],
"dst": ["*:*"]
"src": [
"tag:server",
"tag:client",
"tag:prod",
"tag:router",
"tag:exit"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

116
hscontrol/policy/v2/testdata/acl_results/ACL-AT02.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server
{
"test_id": "ACL-AT02",
"timestamp": "2026-03-17T14:21:47Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,32 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:22", "tag:client:22", "tag:prod:22", "tag:router:22", "tag:exit:22"]
"src": [
"*"
],
"dst": [
"tag:server:22",
"tag:client:22",
"tag:prod:22",
"tag:router:22",
"tag:exit:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

116
hscontrol/policy/v2/testdata/acl_results/ACL-AT03.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-AT03",
"timestamp": "2026-03-17T14:21:57Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,32 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:server", "tag:client", "tag:prod", "tag:router", "tag:exit"],
"dst": ["autogroup:member:22"]
"src": [
"tag:server",
"tag:client",
"tag:prod",
"tag:router",
"tag:exit"
],
"dst": [
"autogroup:member:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

120
hscontrol/policy/v2/testdata/acl_results/ACL-AT04.hujson vendored
View File

@@ -7,23 +7,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-AT04",
"timestamp": "2026-03-17T14:22:08Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -33,79 +47,37 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:tagged"],
"dst": ["tag:server:22"]
"src": [
"autogroup:tagged"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["tag:server:80"]
"src": [
"autogroup:member"
],
"dst": [
"tag:server:80"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

130
hscontrol/policy/v2/testdata/acl_results/ACL-AT05.hujson vendored
View File

@@ -7,23 +7,37 @@
// Expected: Rules on tagged-client, tagged-server
{
"test_id": "ACL-AT05",
"timestamp": "2026-03-17T14:22:18Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -33,79 +47,37 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:server"],
"dst": ["tag:client:22"]
"src": [
"tag:server"
],
"dst": [
"tag:client:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -118,7 +90,10 @@
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "100.83.200.69",
@@ -144,7 +119,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

156
hscontrol/policy/v2/testdata/acl_results/ACL-AT06.hujson vendored
View File

@@ -9,23 +9,37 @@
// Expected: Rules on tagged-client, tagged-prod, tagged-server
{
"test_id": "ACL-AT06",
"timestamp": "2026-03-17T14:22:29Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_at06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -35,89 +49,55 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:server"],
"dst": ["tag:prod:5432"]
"src": [
"tag:server"
],
"dst": [
"tag:prod:5432"
]
},
{
"action": "accept",
"src": ["tag:prod"],
"dst": ["tag:client:80"]
"src": [
"tag:prod"
],
"dst": [
"tag:client:80"
]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:prod:443"]
"src": [
"tag:client"
],
"dst": [
"tag:prod:443"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -130,7 +110,10 @@
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"],
"SrcIPs": [
"100.103.8.15",
"fd7a:115c:a1e0::5b37:80f"
],
"DstPorts": [
{
"IP": "100.83.200.69",
@@ -153,7 +136,10 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",
@@ -172,7 +158,10 @@
]
},
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "100.103.8.15",
@@ -195,7 +184,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

117
hscontrol/policy/v2/testdata/acl_results/ACL-AU01.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-AU01",
"timestamp": "2026-03-17T14:22:39Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["kristoffer@dalby.cc"],
"dst": ["tag:server:22"]
"src": [
"kristoffer@dalby.cc"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +85,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.108.74.26",

117
hscontrol/policy/v2/testdata/acl_results/ACL-AU02.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-prod
{
"test_id": "ACL-AU02",
"timestamp": "2026-03-17T14:22:49Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["monitorpasskeykradalby@passkey"],
"dst": ["tag:prod:5432"]
"src": [
"monitorpasskeykradalby@passkey"
],
"dst": [
"tag:prod:5432"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -114,7 +82,10 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.8.15",

127
hscontrol/policy/v2/testdata/acl_results/ACL-AU03.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-prod, tagged-server
{
"test_id": "ACL-AU03",
"timestamp": "2026-03-17T14:23:00Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["group:developers"],
"dst": ["tag:server:22", "tag:prod:5432"]
"src": [
"group:developers"
],
"dst": [
"tag:server:22",
"tag:prod:5432"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -114,7 +83,12 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.103.8.15",
@@ -137,7 +111,12 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.108.74.26",

112
hscontrol/policy/v2/testdata/acl_results/ACL-AU04.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on user-kris, user1
{
"test_id": "ACL-AU04",
"timestamp": "2026-03-17T14:23:10Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["group:developers:22"]
"src": [
"*"
],
"dst": [
"group:developers:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

112
hscontrol/policy/v2/testdata/acl_results/ACL-AU05.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on user-mon
{
"test_id": "ACL-AU05",
"timestamp": "2026-03-17T14:23:21Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["group:monitors:*"]
"src": [
"*"
],
"dst": [
"group:monitors:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

114
hscontrol/policy/v2/testdata/acl_results/ACL-AU06.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-AU06",
"timestamp": "2026-03-17T14:23:31Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_au06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,30 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["group:admins", "group:developers", "group:monitors"],
"dst": ["tag:server:22"]
"src": [
"group:admins",
"group:developers",
"group:monitors"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

133
hscontrol/policy/v2/testdata/acl_results/ACL-C01.hujson vendored
View File

@@ -8,23 +8,37 @@
// Expected: Rules on tagged-prod, tagged-server
{
"test_id": "ACL-C01",
"timestamp": "2026-03-17T14:23:42Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -34,84 +48,46 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["tag:server:80"]
"src": [
"autogroup:member"
],
"dst": [
"tag:server:80"
]
},
{
"action": "accept",
"src": ["*"],
"dst": ["tag:prod:5432"]
"src": [
"*"
],
"dst": [
"tag:prod:5432"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -155,7 +131,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

139
hscontrol/policy/v2/testdata/acl_results/ACL-C02.hujson vendored
View File

@@ -8,23 +8,37 @@
// Expected: Rules on tagged-prod, tagged-server
{
"test_id": "ACL-C02",
"timestamp": "2026-03-17T14:23:52Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -34,84 +48,47 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client", "autogroup:member"],
"dst": ["tag:server:22"]
"src": [
"tag:client",
"autogroup:member"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:prod"],
"dst": ["tag:server:80"]
"src": [
"tag:prod"
],
"dst": [
"tag:server:80"
]
},
{
"action": "accept",
"src": ["group:admins"],
"dst": ["tag:prod:5432"]
"src": [
"group:admins"
],
"dst": [
"tag:prod:5432"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -127,7 +104,10 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.103.8.15",
@@ -178,7 +158,10 @@
]
},
{
"SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"],
"SrcIPs": [
"100.103.8.15",
"fd7a:115c:a1e0::5b37:80f"
],
"DstPorts": [
{
"IP": "100.108.74.26",

147
hscontrol/policy/v2/testdata/acl_results/ACL-C03.hujson vendored
View File

@@ -7,23 +7,37 @@
// Expected: Rules on tagged-prod, tagged-server, user-kris, user-mon, user1
{
"test_id": "ACL-C03",
"timestamp": "2026-03-17T14:24:03Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -33,79 +47,39 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22", "tag:prod:5432", "webserver:80"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22",
"tag:prod:5432",
"webserver:80"
]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["autogroup:self:*"]
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -121,7 +95,10 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",
@@ -144,7 +121,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
@@ -174,7 +154,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -197,7 +180,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -220,7 +206,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

161
hscontrol/policy/v2/testdata/acl_results/ACL-C04.hujson vendored
View File

@@ -9,23 +9,37 @@
// Expected: Rules on tagged-prod, tagged-server, user-kris, user-mon, user1
{
"test_id": "ACL-C04",
"timestamp": "2026-03-17T14:24:13Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -35,89 +49,55 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:server"],
"dst": ["tag:prod:5432"]
"src": [
"tag:server"
],
"dst": [
"tag:prod:5432"
]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["autogroup:self:*"]
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:internet:*"]
"src": [
"*"
],
"dst": [
"autogroup:internet:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -133,7 +113,10 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "100.103.8.15",
@@ -156,7 +139,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
@@ -179,7 +165,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -202,7 +191,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -225,7 +217,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

123
hscontrol/policy/v2/testdata/acl_results/ACL-C05.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-C05",
"timestamp": "2026-03-17T14:24:23Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,15 +45,23 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"src": [
"*"
],
"dst": [
"tag:server:22",
"tag:prod:5432",
@@ -51,62 +73,6 @@
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -277,7 +243,10 @@
]
},
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -324,7 +293,10 @@
]
},
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -371,7 +343,10 @@
]
},
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

116
hscontrol/policy/v2/testdata/acl_results/ACL-C06.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-C06",
"timestamp": "2026-03-17T14:24:34Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,32 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client", "tag:prod", "tag:server", "autogroup:member", "group:admins"],
"dst": ["tag:server:22"]
"src": [
"tag:client",
"tag:prod",
"tag:server",
"autogroup:member",
"group:admins"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

141
hscontrol/policy/v2/testdata/acl_results/ACL-C07.hujson vendored
View File

@@ -9,23 +9,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-C07",
"timestamp": "2026-03-17T14:24:44Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -35,89 +49,55 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:80"]
"src": [
"tag:client"
],
"dst": [
"tag:server:80"
]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:443"]
"src": [
"tag:client"
],
"dst": [
"tag:server:443"
]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:8080"]
"src": [
"tag:client"
],
"dst": [
"tag:server:8080"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -136,7 +116,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

116
hscontrol/policy/v2/testdata/acl_results/ACL-C08.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server
{
"test_id": "ACL-C08",
"timestamp": "2026-03-17T14:24:55Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,32 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:22", "tag:prod:22", "tag:client:22", "tag:router:22", "tag:exit:22"]
"src": [
"*"
],
"dst": [
"tag:server:22",
"tag:prod:22",
"tag:client:22",
"tag:router:22",
"tag:exit:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

189
hscontrol/policy/v2/testdata/acl_results/ACL-C09.hujson vendored
View File

@@ -9,23 +9,37 @@
// Expected: Rules on subnet-router, tagged-prod, tagged-server, user-kris, user-mon, user1
{
"test_id": "ACL-C09",
"timestamp": "2026-03-17T14:25:05Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c09.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -35,99 +49,73 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:prod:22"]
"src": [
"tag:client"
],
"dst": [
"tag:prod:22"
]
},
{
"action": "accept",
"src": ["tag:server"],
"dst": ["tag:prod:5432"]
"src": [
"tag:server"
],
"dst": [
"tag:prod:5432"
]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["autogroup:self:*"]
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": ["group:developers"],
"dst": ["tag:router:*"]
"src": [
"group:developers"
],
"dst": [
"tag:router:*"
]
},
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:internet:*"]
"src": [
"*"
],
"dst": [
"autogroup:internet:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -137,7 +125,12 @@
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.110.121.96",
"100.90.199.68",
"fd7a:115c:a1e0::1737:7960",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.92.142.61",
@@ -163,7 +156,10 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",
@@ -182,7 +178,10 @@
]
},
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "100.103.8.15",
@@ -205,7 +204,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
@@ -228,7 +230,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -251,7 +256,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -274,7 +282,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

144
hscontrol/policy/v2/testdata/acl_results/ACL-C10.hujson vendored
View File

@@ -8,23 +8,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-C10",
"timestamp": "2026-03-17T14:25:16Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_c10.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -34,84 +48,47 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["autogroup:self:*"]
"src": [
"autogroup:member"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": ["autogroup:member"],
"dst": ["tag:server:22", "tag:prod:5432"]
"src": [
"autogroup:member"
],
"dst": [
"tag:server:22",
"tag:prod:5432"
]
},
{
"action": "accept",
"src": ["autogroup:tagged"],
"dst": ["autogroup:tagged:*"]
"src": [
"autogroup:tagged"
],
"dst": [
"autogroup:tagged:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -340,7 +317,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -363,7 +343,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -386,7 +369,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

125
hscontrol/policy/v2/testdata/acl_results/ACL-D01.hujson vendored
View File

@@ -7,23 +7,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-D01",
"timestamp": "2026-03-17T14:25:26Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -33,79 +47,37 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
},
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:22"]
"src": [
"*"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -124,7 +96,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

118
hscontrol/policy/v2/testdata/acl_results/ACL-D02.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-D02",
"timestamp": "2026-03-17T14:25:37Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"dst": ["tag:server:22", "webserver:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22",
"webserver:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +86,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

153
hscontrol/policy/v2/testdata/acl_results/ACL-D03.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-D03",
"timestamp": "2026-03-17T14:25:47Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,81 +45,39 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["100.108.74.26", "tag:server"],
"dst": ["*:*"]
"src": [
"100.108.74.26",
"tag:server"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -121,7 +93,10 @@
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -137,7 +112,10 @@
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -153,7 +131,10 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -169,7 +150,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -185,7 +169,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -201,7 +188,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -217,7 +207,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",

145
hscontrol/policy/v2/testdata/acl_results/ACL-D04.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-D04",
"timestamp": "2026-03-17T14:25:57Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,81 +45,38 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["100.108.74.26", "webserver"],
"dst": ["*:*"]
"src": [
"100.108.74.26",
"webserver"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -121,7 +92,9 @@
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -137,7 +110,9 @@
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -153,7 +128,9 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -169,7 +146,9 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -185,7 +164,9 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -201,7 +182,9 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -217,7 +200,9 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",

113
hscontrol/policy/v2/testdata/acl_results/ACL-D05.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-D05",
"timestamp": "2026-03-17T14:26:08Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["100.108.74.26:22", "tag:server:22"]
"src": [
"*"
],
"dst": [
"100.108.74.26:22",
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

113
hscontrol/policy/v2/testdata/acl_results/ACL-D06.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-D06",
"timestamp": "2026-03-17T14:26:18Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["100.108.74.26:22", "webserver:22"]
"src": [
"*"
],
"dst": [
"100.108.74.26:22",
"webserver:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

113
hscontrol/policy/v2/testdata/acl_results/ACL-D07.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-D07",
"timestamp": "2026-03-17T14:26:29Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "autogroup:tagged"],
"dst": ["*:*"]
"src": [
"autogroup:member",
"autogroup:tagged"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

135
hscontrol/policy/v2/testdata/acl_results/ACL-D08.hujson vendored
View File

@@ -7,23 +7,37 @@
// Expected: Rules on user-kris, user-mon, user1
{
"test_id": "ACL-D08",
"timestamp": "2026-03-17T14:26:39Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_d08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -33,79 +47,37 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*"]
"src": [
"*"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": ["kratail2tid@passkey"],
"dst": ["kratail2tid@passkey:*"]
"src": [
"kratail2tid@passkey"
],
"dst": [
"kratail2tid@passkey:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -127,7 +99,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"],
"SrcIPs": [
"100.110.121.96",
"fd7a:115c:a1e0::1737:7960"
],
"DstPorts": [
{
"IP": "100.110.121.96",
@@ -150,7 +125,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.103.90.82",
@@ -173,7 +151,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.90.199.68",

144
hscontrol/policy/v2/testdata/acl_results/ACL-E01.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-E01",
"timestamp": "2026-03-17T14:26:50Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,81 +45,37 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["100.108.74.26"],
"dst": ["*:*"]
"src": [
"100.108.74.26"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -121,7 +91,9 @@
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -137,7 +109,9 @@
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -153,7 +127,9 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -169,7 +145,9 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -185,7 +163,9 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -201,7 +181,9 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -217,7 +199,9 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",

152
hscontrol/policy/v2/testdata/acl_results/ACL-E02.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-E02",
"timestamp": "2026-03-17T14:27:00Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,81 +45,38 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:server"],
"dst": ["*:*"]
"src": [
"tag:server"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -121,7 +92,10 @@
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -137,7 +111,10 @@
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -153,7 +130,10 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -169,7 +149,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -185,7 +168,10 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -201,7 +187,10 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",
@@ -217,7 +206,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"],
"SrcIPs": [
"100.108.74.26",
"fd7a:115c:a1e0::b901:4a87"
],
"DstPorts": [
{
"IP": "*",

144
hscontrol/policy/v2/testdata/acl_results/ACL-E03.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-E03",
"timestamp": "2026-03-17T14:27:11Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,81 +45,37 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["webserver"],
"dst": ["*:*"]
"src": [
"webserver"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -121,7 +91,9 @@
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -137,7 +109,9 @@
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -153,7 +127,9 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -169,7 +145,9 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -185,7 +163,9 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -201,7 +181,9 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -217,7 +199,9 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",

112
hscontrol/policy/v2/testdata/acl_results/ACL-E04.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-E04",
"timestamp": "2026-03-17T14:27:21Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["100.108.74.26:22"]
"src": [
"*"
],
"dst": [
"100.108.74.26:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

112
hscontrol/policy/v2/testdata/acl_results/ACL-E05.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-E05",
"timestamp": "2026-03-17T14:27:32Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:22"]
"src": [
"*"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

112
hscontrol/policy/v2/testdata/acl_results/ACL-E06.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-E06",
"timestamp": "2026-03-17T14:27:42Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["webserver:22"]
"src": [
"*"
],
"dst": [
"webserver:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

117
hscontrol/policy/v2/testdata/acl_results/ACL-E07.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-E07",
"timestamp": "2026-03-17T14:27:52Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["kratail2tid@passkey"],
"dst": ["tag:server:22"]
"src": [
"kratail2tid@passkey"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +85,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.108.74.26",

117
hscontrol/policy/v2/testdata/acl_results/ACL-E08.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-E08",
"timestamp": "2026-03-17T14:28:03Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["group:admins"],
"dst": ["tag:server:22"]
"src": [
"group:admins"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +85,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.108.74.26",

118
hscontrol/policy/v2/testdata/acl_results/ACL-E09.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-E09",
"timestamp": "2026-03-17T14:28:13Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_e09.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["kratail2tid@passkey", "group:admins"],
"dst": ["tag:server:22"]
"src": [
"kratail2tid@passkey",
"group:admins"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +86,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.108.74.26",

61
hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.hujson vendored
View File

@@ -5,23 +5,38 @@
// Expected: Error — src=tag not found: "tag:nonexistent"
{
"test_id": "ACL-ERR01",
"timestamp": "2026-03-17T14:28:24Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,21 +46,31 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:nonexistent"],
"dst": ["tag:server:22"]
"src": [
"tag:nonexistent"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "src=tag not found: \"tag:nonexistent\"" }
"api_response_body": {
"message": "src=tag not found: \"tag:nonexistent\""
}
}
}

61
hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.hujson vendored
View File

@@ -5,23 +5,38 @@
// Expected: Error — "autogroup:self" not valid on the src side of a rule
{
"test_id": "ACL-ERR02",
"timestamp": "2026-03-17T14:28:24Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,21 +46,31 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:self"],
"dst": ["tag:server:22"]
"src": [
"autogroup:self"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "\"autogroup:self\" not valid on the src side of a rule" }
"api_response_body": {
"message": "\"autogroup:self\" not valid on the src side of a rule"
}
}
}

61
hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.hujson vendored
View File

@@ -5,23 +5,38 @@
// Expected: Error — dst="autogroup:self": port range "self": invalid first integer
{
"test_id": "ACL-ERR03",
"timestamp": "2026-03-17T14:28:24Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,21 +46,31 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self"]
"src": [
"*"
],
"dst": [
"autogroup:self"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "dst=\"autogroup:self\": port range \"self\": invalid first integer" }
"api_response_body": {
"message": "dst=\"autogroup:self\": port range \"self\": invalid first integer"
}
}
}

61
hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.hujson vendored
View File

@@ -5,23 +5,38 @@
// Expected: Error — src=tag not found: "tag:nonexistent"
{
"test_id": "ACL-ERR04",
"timestamp": "2026-03-17T14:28:25Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,21 +46,31 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:nonexistent"],
"dst": ["*:*"]
"src": [
"tag:nonexistent"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "src=tag not found: \"tag:nonexistent\"" }
"api_response_body": {
"message": "src=tag not found: \"tag:nonexistent\""
}
}
}

61
hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.hujson vendored
View File

@@ -5,23 +5,38 @@
// Expected: Error — dst="tag:nonexistent": tag not found: "tag:nonexistent"
{
"test_id": "ACL-ERR05",
"timestamp": "2026-03-17T14:28:25Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,21 +46,31 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["tag:nonexistent:22"]
"src": [
"*"
],
"dst": [
"tag:nonexistent:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "dst=\"tag:nonexistent\": tag not found: \"tag:nonexistent\"" }
"api_response_body": {
"message": "dst=\"tag:nonexistent\": tag not found: \"tag:nonexistent\""
}
}
}

61
hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.hujson vendored
View File

@@ -5,23 +5,38 @@
// Expected: Error — action="deny" is not supported
{
"test_id": "ACL-ERR06",
"timestamp": "2026-03-17T14:28:25Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,21 +46,31 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "deny",
"src": ["tag:client"],
"dst": ["tag:server:22"]
"src": [
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "action=\"deny\" is not supported" }
"api_response_body": {
"message": "action=\"deny\" is not supported"
}
}
}

61
hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.hujson vendored
View File

@@ -5,23 +5,38 @@
// Expected: Error — dst="tag:server:ssh": port range "ssh": invalid first integer
{
"test_id": "ACL-ERR07",
"timestamp": "2026-03-17T14:28:29Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,21 +46,31 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["tag:server:ssh"]
"src": [
"*"
],
"dst": [
"tag:server:ssh"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "dst=\"tag:server:ssh\": port range \"ssh\": invalid first integer" }
"api_response_body": {
"message": "dst=\"tag:server:ssh\": port range \"ssh\": invalid first integer"
}
}
}

69
hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.hujson vendored
View File

@@ -7,23 +7,38 @@
// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups
{
"test_id": "ACL-ERR08",
"timestamp": "2026-03-17T14:28:34Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -33,26 +48,40 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*"]
"src": [
"*"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": ["tag:client"],
"dst": ["autogroup:self:22"]
"src": [
"tag:client"
],
"dst": [
"autogroup:self:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" }
"api_response_body": {
"message": "autogroup:self can only be used with users, groups, or supported autogroups"
}
}
}

69
hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.hujson vendored
View File

@@ -7,23 +7,38 @@
// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups
{
"test_id": "ACL-ERR09",
"timestamp": "2026-03-17T14:28:39Z",
"error": true,
"input": {
"policy_file": "acl_policies/acl_err09.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -33,26 +48,40 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:self:*"]
"src": [
"*"
],
"dst": [
"autogroup:self:*"
]
},
{
"action": "accept",
"src": ["autogroup:tagged"],
"dst": ["autogroup:self:22"]
"src": [
"autogroup:tagged"
],
"dst": [
"autogroup:self:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 400,
"api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" }
"api_response_body": {
"message": "autogroup:self can only be used with users, groups, or supported autogroups"
}
}
}

112
hscontrol/policy/v2/testdata/acl_results/ACL-H01.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-H01",
"timestamp": "2026-03-17T14:28:44Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["webserver:80"]
"src": [
"*"
],
"dst": [
"webserver:80"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

144
hscontrol/policy/v2/testdata/acl_results/ACL-H02.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-H02",
"timestamp": "2026-03-17T14:28:59Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,81 +45,37 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["webserver"],
"dst": ["*:*"]
"src": [
"webserver"
],
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
"exit-node": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -121,7 +91,9 @@
"subnet-router": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -137,7 +109,9 @@
"tagged-client": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -153,7 +127,9 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -169,7 +145,9 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -185,7 +163,9 @@
"user-kris": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -201,7 +181,9 @@
"user-mon": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",
@@ -217,7 +199,9 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26"],
"SrcIPs": [
"100.108.74.26"
],
"DstPorts": [
{
"IP": "*",

116
hscontrol/policy/v2/testdata/acl_results/ACL-H03.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-H03",
"timestamp": "2026-03-17T14:29:10Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["internal"],
"dst": ["tag:server:22"]
"src": [
"internal"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +85,9 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8"],
"SrcIPs": [
"10.0.0.0/8"
],
"DstPorts": [
{
"IP": "100.108.74.26",

112
hscontrol/policy/v2/testdata/acl_results/ACL-H04.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on subnet-router
{
"test_id": "ACL-H04",
"timestamp": "2026-03-17T14:29:20Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["internal:22"]
"src": [
"*"
],
"dst": [
"internal:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

113
hscontrol/policy/v2/testdata/acl_results/ACL-H05.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-prod, tagged-server
{
"test_id": "ACL-H05",
"timestamp": "2026-03-17T14:29:31Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["webserver:22", "prodbox:5432"]
"src": [
"*"
],
"dst": [
"webserver:22",
"prodbox:5432"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

119
hscontrol/policy/v2/testdata/acl_results/ACL-H06.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-H06",
"timestamp": "2026-03-17T14:29:41Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["webserver", "tag:client"],
"dst": ["tag:server:22"]
"src": [
"webserver",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +86,11 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.108.74.26",
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

117
hscontrol/policy/v2/testdata/acl_results/ACL-H07.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-H07",
"timestamp": "2026-03-17T14:29:52Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["group:admins"],
"dst": ["webserver:22"]
"src": [
"group:admins"
],
"dst": [
"webserver:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +85,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"],
"SrcIPs": [
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747"
],
"DstPorts": [
{
"IP": "100.108.74.26",

112
hscontrol/policy/v2/testdata/acl_results/ACL-H08.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: No filter rules
{
"test_id": "ACL-H08",
"timestamp": "2026-03-17T14:30:02Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_h08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,28 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"dst": ["subnet24:80"]
"src": [
"*"
],
"dst": [
"subnet24:80"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

108
hscontrol/policy/v2/testdata/acl_results/ACL-K01.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-K01",
"timestamp": "2026-03-17T14:30:13Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_k01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,9 +45,15 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
@@ -48,65 +68,11 @@
"webserver",
"100.90.199.68"
],
"dst": ["tag:server:22"]
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

123
hscontrol/policy/v2/testdata/acl_results/ACL-K02.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-prod, tagged-server, user1
{
"test_id": "ACL-K02",
"timestamp": "2026-03-17T14:30:23Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_k02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,15 +45,23 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client"],
"src": [
"tag:client"
],
"dst": [
"tag:server:22",
"tag:prod:5432",
@@ -51,62 +73,6 @@
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -122,7 +88,10 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",
@@ -152,7 +121,10 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",
@@ -195,7 +167,10 @@
"user1": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.90.199.68",

108
hscontrol/policy/v2/testdata/acl_results/ACL-K03.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on 8 of 8 nodes
{
"test_id": "ACL-K03",
"timestamp": "2026-03-17T14:30:34Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_k03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,9 +45,15 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
@@ -51,65 +71,11 @@
"webserver",
"prodbox"
],
"dst": ["*:*"]
"dst": [
"*:*"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

108
hscontrol/policy/v2/testdata/acl_results/ACL-K04.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-client, tagged-prod, tagged-server
{
"test_id": "ACL-K04",
"timestamp": "2026-03-17T14:30:44Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_k04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,15 +45,23 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*"],
"src": [
"*"
],
"dst": [
"tag:server:22",
"tag:server:80",
@@ -53,62 +75,6 @@
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

112
hscontrol/policy/v2/testdata/acl_results/ACL-K05.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server, user1
{
"test_id": "ACL-K05",
"timestamp": "2026-03-17T14:30:54Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_k05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,9 +45,15 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
@@ -48,65 +68,15 @@
"100.83.200.69",
"100.103.8.15"
],
"dst": ["tag:server:22", "webserver:80", "100.108.74.26:443", "group:admins:8080", "kratail2tid@passkey:9000"]
"dst": [
"tag:server:22",
"webserver:80",
"100.108.74.26:443",
"group:admins:8080",
"kratail2tid@passkey:9000"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

114
hscontrol/policy/v2/testdata/acl_results/ACL-M01.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-M01",
"timestamp": "2026-03-17T14:31:05Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m01.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,30 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["kratail2tid@passkey", "tag:client", "group:monitors"],
"dst": ["tag:server:22"]
"src": [
"kratail2tid@passkey",
"tag:client",
"group:monitors"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

119
hscontrol/policy/v2/testdata/acl_results/ACL-M02.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-M02",
"timestamp": "2026-03-17T14:31:15Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m02.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["100.90.199.68", "tag:client"],
"dst": ["tag:server:22"]
"src": [
"100.90.199.68",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +86,11 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "100.90.199.68", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

119
hscontrol/policy/v2/testdata/acl_results/ACL-M03.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-prod
{
"test_id": "ACL-M03",
"timestamp": "2026-03-17T14:31:26Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m03.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["webserver", "tag:client"],
"dst": ["tag:prod:5432"]
"src": [
"webserver",
"tag:client"
],
"dst": [
"tag:prod:5432"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -114,7 +83,11 @@
"tagged-prod": {
"packet_filter_rules": [
{
"SrcIPs": ["100.108.74.26", "100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.108.74.26",
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.103.8.15",

120
hscontrol/policy/v2/testdata/acl_results/ACL-M04.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-M04",
"timestamp": "2026-03-17T14:31:36Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m04.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["group:admins", "tag:client"],
"dst": ["tag:server:22"]
"src": [
"group:admins",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +86,12 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "100.90.199.68", "fd7a:115c:a1e0::2d01:c747", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

120
hscontrol/policy/v2/testdata/acl_results/ACL-M05.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-M05",
"timestamp": "2026-03-17T14:31:47Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m05.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["kratail2tid@passkey", "group:monitors"],
"dst": ["tag:server:22"]
"src": [
"kratail2tid@passkey",
"group:monitors"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +86,12 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.103.90.82", "100.90.199.68", "fd7a:115c:a1e0::2d01:c747", "fd7a:115c:a1e0::9e37:5a52"],
"SrcIPs": [
"100.103.90.82",
"100.90.199.68",
"fd7a:115c:a1e0::2d01:c747",
"fd7a:115c:a1e0::9e37:5a52"
],
"DstPorts": [
{
"IP": "100.108.74.26",

113
hscontrol/policy/v2/testdata/acl_results/ACL-M06.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-M06",
"timestamp": "2026-03-17T14:31:57Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m06.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["*", "tag:client"],
"dst": ["tag:server:22"]
"src": [
"*",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

113
hscontrol/policy/v2/testdata/acl_results/ACL-M07.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-M07",
"timestamp": "2026-03-17T14:32:08Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m07.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "tag:client"],
"dst": ["tag:server:22,80,443"]
"src": [
"autogroup:member",
"tag:client"
],
"dst": [
"tag:server:22,80,443"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

113
hscontrol/policy/v2/testdata/acl_results/ACL-M08.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-M08",
"timestamp": "2026-03-17T14:32:18Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m08.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["autogroup:member", "tag:client"],
"dst": ["tag:server:80-443"]
"src": [
"autogroup:member",
"tag:client"
],
"dst": [
"tag:server:80-443"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {

119
hscontrol/policy/v2/testdata/acl_results/ACL-M09.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-M09",
"timestamp": "2026-03-17T14:32:29Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m09.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["tag:client", "internal"],
"dst": ["tag:server:22"]
"src": [
"tag:client",
"internal"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +86,11 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["10.0.0.0/8", "100.83.200.69", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"10.0.0.0/8",
"100.83.200.69",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

119
hscontrol/policy/v2/testdata/acl_results/ACL-M10.hujson vendored
View File

@@ -5,23 +5,37 @@
// Expected: Rules on tagged-server
{
"test_id": "ACL-M10",
"timestamp": "2026-03-17T14:32:39Z",
"propagation_wait_seconds": 10,
"input": {
"policy_file": "acl_policies/acl_m10.json",
"full_policy": {
"groups": {
"group:admins": ["kratail2tid@passkey"],
"group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"],
"group:monitors": ["monitorpasskeykradalby@passkey"],
"group:admins": [
"kratail2tid@passkey"
],
"group:developers": [
"kristoffer@dalby.cc",
"kratail2tid@passkey"
],
"group:monitors": [
"monitorpasskeykradalby@passkey"
],
"group:empty": []
},
"tagOwners": {
"tag:server": ["kratail2tid@passkey"],
"tag:prod": ["kratail2tid@passkey"],
"tag:client": ["kratail2tid@passkey"],
"tag:router": ["kratail2tid@passkey"],
"tag:exit": ["kratail2tid@passkey"]
"tag:server": [
"kratail2tid@passkey"
],
"tag:prod": [
"kratail2tid@passkey"
],
"tag:client": [
"kratail2tid@passkey"
],
"tag:router": [
"kratail2tid@passkey"
],
"tag:exit": [
"kratail2tid@passkey"
]
},
"hosts": {
"webserver": "100.108.74.26",
@@ -31,74 +45,29 @@
},
"autoApprovers": {
"routes": {
"10.33.0.0/16": ["tag:router"],
"0.0.0.0/0": ["tag:exit"],
"::/0": ["tag:exit"]
"10.33.0.0/16": [
"tag:router"
],
"0.0.0.0/0": [
"tag:exit"
],
"::/0": [
"tag:exit"
]
}
},
"acls": [
{
"action": "accept",
"src": ["100.92.142.61", "tag:client"],
"dst": ["tag:server:22"]
"src": [
"100.92.142.61",
"tag:client"
],
"dst": [
"tag:server:22"
]
}
]
},
"api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl",
"api_response_code": 200
},
"topology": {
"nodes": {
"exit-node": {
"hostname": "exit-node",
"tags": ["tag:exit"],
"ipv4": "100.85.66.106",
"ipv6": "fd7a:115c:a1e0::7c37:426a"
},
"subnet-router": {
"hostname": "subnet-router",
"tags": ["tag:router"],
"ipv4": "100.92.142.61",
"ipv6": "fd7a:115c:a1e0::3e37:8e3d",
"routable_ips": ["10.33.0.0/16"],
"approved_routes": ["10.33.0.0/16"]
},
"tagged-client": {
"hostname": "tagged-client",
"tags": ["tag:client"],
"ipv4": "100.83.200.69",
"ipv6": "fd7a:115c:a1e0::c537:c845"
},
"tagged-prod": {
"hostname": "tagged-prod",
"tags": ["tag:prod"],
"ipv4": "100.103.8.15",
"ipv6": "fd7a:115c:a1e0::5b37:80f"
},
"tagged-server": {
"hostname": "tagged-server",
"tags": ["tag:server"],
"ipv4": "100.108.74.26",
"ipv6": "fd7a:115c:a1e0::b901:4a87"
},
"user-kris": {
"hostname": "user-kris",
"tags": [],
"ipv4": "100.110.121.96",
"ipv6": "fd7a:115c:a1e0::1737:7960"
},
"user-mon": {
"hostname": "user-mon",
"tags": [],
"ipv4": "100.103.90.82",
"ipv6": "fd7a:115c:a1e0::9e37:5a52"
},
"user1": {
"hostname": "user1",
"tags": [],
"ipv4": "100.90.199.68",
"ipv6": "fd7a:115c:a1e0::2d01:c747"
}
}
},
"captures": {
@@ -117,7 +86,11 @@
"tagged-server": {
"packet_filter_rules": [
{
"SrcIPs": ["100.83.200.69", "100.92.142.61", "fd7a:115c:a1e0::c537:c845"],
"SrcIPs": [
"100.83.200.69",
"100.92.142.61",
"fd7a:115c:a1e0::c537:c845"
],
"DstPorts": [
{
"IP": "100.108.74.26",

Some files were not shown because too many files have changed in this diff Show More