And more tests

juanfont · Jul 4, 2021 · 401e6ae · 401e6ae
1 parent bd86975
commit 401e6ae
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 18 deletions.
diff --git a/acls_test.go b/acls_test.go
@@ -5,18 +5,18 @@ import (
 )
 
 func (s *Suite) TestWrongPath(c *check.C) {
-	err := h.LoadPolicy("asdfg")
+	err := h.LoadAclPolicy("asdfg")
 	c.Assert(err, check.NotNil)
 }
 
 func (s *Suite) TestBrokenHuJson(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/broken.hujson")
+	err := h.LoadAclPolicy("./tests/acls/broken.hujson")
 	c.Assert(err, check.NotNil)
 
 }
 
 func (s *Suite) TestInvalidPolicyHuson(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/invalid.hujson")
+	err := h.LoadAclPolicy("./tests/acls/invalid.hujson")
 	c.Assert(err, check.NotNil)
 	c.Assert(err, check.Equals, errorEmptyPolicy)
 }
@@ -36,21 +36,21 @@ func (s *Suite) TestParseInvalidCIDR(c *check.C) {
 }
 
 func (s *Suite) TestCheckLoaded(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_1.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_1.hujson")
 	c.Assert(err, check.IsNil)
 	c.Assert(h.aclPolicy, check.NotNil)
 }
 
 func (s *Suite) TestValidCheckParsedHosts(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_1.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_1.hujson")
 	c.Assert(err, check.IsNil)
 	c.Assert(h.aclPolicy, check.NotNil)
 	c.Assert(h.aclPolicy.IsZero(), check.Equals, false)
 	c.Assert(h.aclPolicy.Hosts, check.HasLen, 2)
 }
 
 func (s *Suite) TestRuleInvalidGeneration(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_invalid.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_invalid.hujson")
 	c.Assert(err, check.IsNil)
 
 	rules, err := h.generateACLRules()
@@ -59,7 +59,7 @@ func (s *Suite) TestRuleInvalidGeneration(c *check.C) {
 }
 
 func (s *Suite) TestBasicRule(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_basic_1.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_basic_1.hujson")
 	c.Assert(err, check.IsNil)
 
 	rules, err := h.generateACLRules()
@@ -68,7 +68,7 @@ func (s *Suite) TestBasicRule(c *check.C) {
 }
 
 func (s *Suite) TestPortRange(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_basic_range.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_basic_range.hujson")
 	c.Assert(err, check.IsNil)
 
 	rules, err := h.generateACLRules()
@@ -82,7 +82,7 @@ func (s *Suite) TestPortRange(c *check.C) {
 }
 
 func (s *Suite) TestPortWildcard(c *check.C) {
-	err := h.LoadPolicy("./tests/acls/acl_policy_basic_wildcards.hujson")
+	err := h.LoadAclPolicy("./tests/acls/acl_policy_basic_wildcards.hujson")
 	c.Assert(err, check.IsNil)
 
 	rules, err := h.generateACLRules()
@@ -126,7 +126,7 @@ func (s *Suite) TestPortNamespace(c *check.C) {
 	}
 	db.Save(&m)
 
-	err = h.LoadPolicy("./tests/acls/acl_policy_basic_namespace_as_user.hujson")
+	err = h.LoadAclPolicy("./tests/acls/acl_policy_basic_namespace_as_user.hujson")
 	c.Assert(err, check.IsNil)
 
 	rules, err := h.generateACLRules()
@@ -142,12 +142,47 @@ func (s *Suite) TestPortNamespace(c *check.C) {
 	c.Assert((*rules)[0].SrcIPs[0], check.Equals, ip.String())
 }
 
-// func (s *Suite) TestRuleGeneration(c *check.C) {
-// 	err := h.LoadPolicy("./tests/acls/acl_policy_1.hujson")
-// 	c.Assert(err, check.IsNil)
+func (s *Suite) TestPortGroup(c *check.C) {
+	n, err := h.CreateNamespace("testnamespace")
+	c.Assert(err, check.IsNil)
+
+	pak, err := h.CreatePreAuthKey(n.Name, false, false, nil)
+	c.Assert(err, check.IsNil)
+
+	db, err := h.db()
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	_, err = h.GetMachine("testnamespace", "testmachine")
+	c.Assert(err, check.NotNil)
+	ip, _ := h.getAvailableIP()
+	m := Machine{
+		ID:             0,
+		MachineKey:     "foo",
+		NodeKey:        "bar",
+		DiscoKey:       "faa",
+		Name:           "testmachine",
+		NamespaceID:    n.ID,
+		Registered:     true,
+		RegisterMethod: "authKey",
+		IPAddress:      ip.String(),
+		AuthKeyID:      uint(pak.ID),
+	}
+	db.Save(&m)
 
-// 	rules, err := h.generateACLRules()
-// 	c.Assert(err, check.IsNil)
-// 	c.Assert(rules, check.NotNil)
+	err = h.LoadAclPolicy("./tests/acls/acl_policy_basic_groups.hujson")
+	c.Assert(err, check.IsNil)
+
+	rules, err := h.generateACLRules()
+	c.Assert(err, check.IsNil)
+	c.Assert(rules, check.NotNil)
 
-// }
+	c.Assert(*rules, check.HasLen, 1)
+	c.Assert((*rules)[0].DstPorts, check.HasLen, 1)
+	c.Assert((*rules)[0].DstPorts[0].Ports.First, check.Equals, uint16(0))
+	c.Assert((*rules)[0].DstPorts[0].Ports.Last, check.Equals, uint16(65535))
+	c.Assert((*rules)[0].SrcIPs, check.HasLen, 1)
+	c.Assert((*rules)[0].SrcIPs[0], check.Not(check.Equals), "not an ip")
+	c.Assert((*rules)[0].SrcIPs[0], check.Equals, ip.String())
+}
diff --git a/tests/acls/acl_policy_basic_groups.hujson b/tests/acls/acl_policy_basic_groups.hujson
@@ -0,0 +1,26 @@
+// This ACL is used to test group expansion
+
+{
+    "Groups": {
+        "group:example": [
+            "testnamespace",
+        ],
+    },
+
+    "Hosts": {
+        "host-1": "100.100.100.100",
+        "subnet-1": "100.100.101.100/24",
+    },
+
+    "ACLs": [
+        {
+            "Action": "accept",
+            "Users": [
+                "group:example",
+            ],
+            "Ports": [
+                "host-1:*",
+            ],
+        },
+    ],
+}
diff --git a/tests/acls/acl_policy_basic_namespace_as_user.hujson b/tests/acls/acl_policy_basic_namespace_as_user.hujson
@@ -1,4 +1,4 @@
-// This ACL is used to test wildcards
+// This ACL is used to test namespace expansion
 
 {
     "Hosts": {