diff --git a/hscontrol/policy/v2/tailscale_acl_data_compat_test.go b/hscontrol/policy/v2/tailscale_acl_data_compat_test.go index 45c26aa9..833e3233 100644 --- a/hscontrol/policy/v2/tailscale_acl_data_compat_test.go +++ b/hscontrol/policy/v2/tailscale_acl_data_compat_test.go @@ -38,70 +38,64 @@ func ptrAddr(s string) *netip.Addr { return &addr } -// setupTailscaleCompatUsers returns the test users for compatibility tests. -func setupTailscaleCompatUsers() types.Users { +// setupACLCompatUsers returns the 3 test users for ACL compatibility tests. +// Email addresses use @example.com domain, matching the converted Tailscale +// policy format (Tailscale uses @passkey and @dalby.cc). +func setupACLCompatUsers() types.Users { return types.Users{ - {Model: gorm.Model{ID: 1}, Name: "kratail2tid"}, + {Model: gorm.Model{ID: 1}, Name: "kratail2tid", Email: "kratail2tid@example.com"}, + {Model: gorm.Model{ID: 2}, Name: "kristoffer", Email: "kristoffer@example.com"}, + {Model: gorm.Model{ID: 3}, Name: "monitorpasskeykradalby", Email: "monitorpasskeykradalby@example.com"}, } } -// setupTailscaleCompatNodes returns the test nodes for compatibility tests. -// The node configuration matches the Tailscale test environment: -// - 1 user-owned node (user1) -// - 4 tagged nodes (tagged-server, tagged-client, tagged-db, tagged-web). -func setupTailscaleCompatNodes(users types.Users) types.Nodes { - nodeUser1 := &types.Node{ - ID: 1, - GivenName: "user1", - User: &users[0], - UserID: &users[0].ID, - IPv4: ptrAddr("100.90.199.68"), - IPv6: ptrAddr("fd7a:115c:a1e0::2d01:c747"), - Hostinfo: &tailcfg.Hostinfo{}, - } - - nodeTaggedServer := &types.Node{ - ID: 2, - GivenName: "tagged-server", - IPv4: ptrAddr("100.108.74.26"), - IPv6: ptrAddr("fd7a:115c:a1e0::b901:4a87"), - Tags: []string{"tag:server"}, - Hostinfo: &tailcfg.Hostinfo{}, - } - - nodeTaggedClient := &types.Node{ - ID: 3, - GivenName: "tagged-client", - IPv4: ptrAddr("100.80.238.75"), - IPv6: ptrAddr("fd7a:115c:a1e0::7901:ee86"), - Tags: []string{"tag:client"}, - Hostinfo: &tailcfg.Hostinfo{}, - } - - nodeTaggedDB := &types.Node{ - ID: 4, - GivenName: "tagged-db", - IPv4: ptrAddr("100.74.60.128"), - IPv6: ptrAddr("fd7a:115c:a1e0::2f01:3c9c"), - Tags: []string{"tag:database"}, - Hostinfo: &tailcfg.Hostinfo{}, - } - - nodeTaggedWeb := &types.Node{ - ID: 5, - GivenName: "tagged-web", - IPv4: ptrAddr("100.94.92.91"), - IPv6: ptrAddr("fd7a:115c:a1e0::ef01:5c81"), - Tags: []string{"tag:web"}, - Hostinfo: &tailcfg.Hostinfo{}, - } - +// setupACLCompatNodes returns the 8 test nodes for ACL compatibility tests. +// Uses the same topology as the grants compat tests. +func setupACLCompatNodes(users types.Users) types.Nodes { return types.Nodes{ - nodeUser1, - nodeTaggedServer, - nodeTaggedClient, - nodeTaggedDB, - nodeTaggedWeb, + { + ID: 1, GivenName: "user1", + User: &users[0], UserID: &users[0].ID, + IPv4: ptrAddr("100.90.199.68"), IPv6: ptrAddr("fd7a:115c:a1e0::2d01:c747"), + Hostinfo: &tailcfg.Hostinfo{}, + }, + { + ID: 2, GivenName: "user-kris", + User: &users[1], UserID: &users[1].ID, + IPv4: ptrAddr("100.110.121.96"), IPv6: ptrAddr("fd7a:115c:a1e0::1737:7960"), + Hostinfo: &tailcfg.Hostinfo{}, + }, + { + ID: 3, GivenName: "user-mon", + User: &users[2], UserID: &users[2].ID, + IPv4: ptrAddr("100.103.90.82"), IPv6: ptrAddr("fd7a:115c:a1e0::9e37:5a52"), + Hostinfo: &tailcfg.Hostinfo{}, + }, + { + ID: 4, GivenName: "tagged-server", + IPv4: ptrAddr("100.108.74.26"), IPv6: ptrAddr("fd7a:115c:a1e0::b901:4a87"), + Tags: []string{"tag:server"}, Hostinfo: &tailcfg.Hostinfo{}, + }, + { + ID: 5, GivenName: "tagged-prod", + IPv4: ptrAddr("100.103.8.15"), IPv6: ptrAddr("fd7a:115c:a1e0::5b37:80f"), + Tags: []string{"tag:prod"}, Hostinfo: &tailcfg.Hostinfo{}, + }, + { + ID: 6, GivenName: "tagged-client", + IPv4: ptrAddr("100.83.200.69"), IPv6: ptrAddr("fd7a:115c:a1e0::c537:c845"), + Tags: []string{"tag:client"}, Hostinfo: &tailcfg.Hostinfo{}, + }, + { + ID: 7, GivenName: "subnet-router", + IPv4: ptrAddr("100.92.142.61"), IPv6: ptrAddr("fd7a:115c:a1e0::3e37:8e3d"), + Tags: []string{"tag:router"}, Hostinfo: &tailcfg.Hostinfo{}, + }, + { + ID: 8, GivenName: "exit-node", + IPv4: ptrAddr("100.85.66.106"), IPv6: ptrAddr("fd7a:115c:a1e0::7c37:426a"), + Tags: []string{"tag:exit"}, Hostinfo: &tailcfg.Hostinfo{}, + }, } } @@ -217,8 +211,8 @@ func TestACLCompat(t *testing.T) { t.Logf("Loaded %d ACL test files", len(files)) - users := setupTailscaleCompatUsers() - nodes := setupTailscaleCompatNodes(users) + users := setupACLCompatUsers() + nodes := setupACLCompatNodes(users) for _, file := range files { tf := loadACLTestFile(t, file) @@ -251,7 +245,9 @@ func TestACLCompat(t *testing.T) { func testACLError(t *testing.T, tf aclTestFile) { t.Helper() - pol, err := unmarshalPolicy(tf.Input.FullPolicy) + policyJSON := convertPolicyUserEmails(tf.Input.FullPolicy) + + pol, err := unmarshalPolicy(policyJSON) if err != nil { // Parse-time error — valid for some error tests if tf.Input.APIResponseBody != nil { @@ -338,7 +334,10 @@ func testACLSuccess( ) { t.Helper() - pol, err := unmarshalPolicy(tf.Input.FullPolicy) + // Convert Tailscale SaaS user emails to headscale @example.com format. + policyJSON := convertPolicyUserEmails(tf.Input.FullPolicy) + + pol, err := unmarshalPolicy(policyJSON) require.NoError( t, err, diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A01.json new file mode 100644 index 00000000..adfab5b5 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A01.json @@ -0,0 +1,283 @@ +{ + "test_id": "ACL-A01", + "timestamp": "2026-03-17T14:16:33Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A02.json new file mode 100644 index 00000000..ace18c56 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A02.json @@ -0,0 +1,315 @@ +{ + "test_id": "ACL-A02", + "timestamp": "2026-03-17T14:16:44Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:tagged"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A03.json new file mode 100644 index 00000000..bf4c52bb --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A03.json @@ -0,0 +1,152 @@ +{ + "test_id": "ACL-A03", + "timestamp": "2026-03-17T14:16:54Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member", "tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.83.200.69", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A04.json new file mode 100644 index 00000000..a0df000c --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A04.json @@ -0,0 +1,183 @@ +{ + "test_id": "ACL-A04", + "timestamp": "2026-03-17T14:17:04Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A05.json new file mode 100644 index 00000000..339e98c1 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A05.json @@ -0,0 +1,123 @@ +{ + "test_id": "ACL-A05", + "timestamp": "2026-03-17T14:17:15Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:internet:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A06.json new file mode 100644 index 00000000..c57dd1cf --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A06.json @@ -0,0 +1,198 @@ +{ + "test_id": "ACL-A06", + "timestamp": "2026-03-17T14:17:25Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:member:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A07.json new file mode 100644 index 00000000..44222cd5 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A07.json @@ -0,0 +1,208 @@ +{ + "test_id": "ACL-A07", + "timestamp": "2026-03-17T14:17:36Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*", "tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A08.json new file mode 100644 index 00000000..6e1cd16d --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A08.json @@ -0,0 +1,248 @@ +{ + "test_id": "ACL-A08", + "timestamp": "2026-03-17T14:17:47Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:tagged:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.85.66.106", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::7c37:426a", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A09.json new file mode 100644 index 00000000..0387fb85 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A09.json @@ -0,0 +1,183 @@ +{ + "test_id": "ACL-A09", + "timestamp": "2026-03-17T14:17:57Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A10.json new file mode 100644 index 00000000..b0e730e3 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A10.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-A10", + "timestamp": "2026-03-17T14:18:08Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a10.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kratail2tid@passkey"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A11.json new file mode 100644 index 00000000..d09858c3 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A11.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-A11", + "timestamp": "2026-03-17T14:18:18Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a11.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:admins"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A12.json new file mode 100644 index 00000000..cb1971df --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A12.json @@ -0,0 +1,183 @@ +{ + "test_id": "ACL-A12", + "timestamp": "2026-03-17T14:18:28Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a12.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A13.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A13.json new file mode 100644 index 00000000..67d3f820 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A13.json @@ -0,0 +1,183 @@ +{ + "test_id": "ACL-A13", + "timestamp": "2026-03-17T14:18:39Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a13.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:80-443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 80, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 80, + "Last": 443 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 80, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 80, + "Last": 443 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 80, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 80, + "Last": 443 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A14.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A14.json new file mode 100644 index 00000000..260728e2 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A14.json @@ -0,0 +1,267 @@ +{ + "test_id": "ACL-A14", + "timestamp": "2026-03-17T14:18:49Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a14.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:22,80,443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.110.121.96", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.110.121.96", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.103.90.82", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.103.90.82", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A15.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A15.json new file mode 100644 index 00000000..d1f3426b --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A15.json @@ -0,0 +1,363 @@ +{ + "test_id": "ACL-A15", + "timestamp": "2026-03-17T14:19:00Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a15.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member", "autogroup:tagged"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A16.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A16.json new file mode 100644 index 00000000..39f5dd4f --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A16.json @@ -0,0 +1,160 @@ +{ + "test_id": "ACL-A16", + "timestamp": "2026-03-17T14:19:10Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a16.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member", "autogroup:tagged"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A17.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A17.json new file mode 100644 index 00000000..829eabfc --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A17.json @@ -0,0 +1,280 @@ +{ + "test_id": "ACL-A17", + "timestamp": "2026-03-17T14:19:21Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_a17.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*", "tag:server:22", "autogroup:member:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH01.json new file mode 100644 index 00000000..bff0dd40 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH01.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-AH01", + "timestamp": "2026-03-17T14:19:31Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ah01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["internal", "subnet24"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH02.json new file mode 100644 index 00000000..bcc05bf1 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH02.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-AH02", + "timestamp": "2026-03-17T14:19:42Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ah02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["internal", "100.108.74.26"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8", "100.108.74.26"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH03.json new file mode 100644 index 00000000..8ed87a0e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH03.json @@ -0,0 +1,166 @@ +{ + "test_id": "ACL-AH03", + "timestamp": "2026-03-17T14:19:52Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ah03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["internal:22", "subnet24:80", "tag:server:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "10.0.0.0/8", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH04.json new file mode 100644 index 00000000..06a744b6 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH04.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-AH04", + "timestamp": "2026-03-17T14:20:02Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ah04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["internal", "10.0.0.0/8"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH05.json new file mode 100644 index 00000000..19009f65 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH05.json @@ -0,0 +1,141 @@ +{ + "test_id": "ACL-AH05", + "timestamp": "2026-03-17T14:20:13Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ah05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["internal:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "10.0.0.0/8", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH06.json new file mode 100644 index 00000000..1cbd99cb --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH06.json @@ -0,0 +1,141 @@ +{ + "test_id": "ACL-AH06", + "timestamp": "2026-03-17T14:20:23Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ah06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["10.0.0.0/8:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "10.0.0.0/8", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR01.json new file mode 100644 index 00000000..9bc376c0 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR01.json @@ -0,0 +1,176 @@ +{ + "test_id": "ACL-AR01", + "timestamp": "2026-03-17T14:20:34Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ar01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:80,443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.json new file mode 100644 index 00000000..333e9899 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.json @@ -0,0 +1,207 @@ +{ + "test_id": "ACL-AR02", + "timestamp": "2026-03-17T14:20:44Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ar02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:80,443"] + }, + { + "action": "accept", + "src": ["*"], + "proto": "udp", + "dst": ["tag:server:53"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 53, + "Last": 53 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 53, + "Last": 53 + } + } + ], + "IPProto": [17] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR03.json new file mode 100644 index 00000000..0c84ef98 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR03.json @@ -0,0 +1,181 @@ +{ + "test_id": "ACL-AR03", + "timestamp": "2026-03-17T14:20:55Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ar03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:80"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR04.json new file mode 100644 index 00000000..42953d8a --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR04.json @@ -0,0 +1,191 @@ +{ + "test_id": "ACL-AR04", + "timestamp": "2026-03-17T14:21:05Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ar04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:prod"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:router"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.92.142.61", "fd7a:115c:a1e0::3e37:8e3d"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR05.json new file mode 100644 index 00000000..0ffaa3c1 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR05.json @@ -0,0 +1,205 @@ +{ + "test_id": "ACL-AR05", + "timestamp": "2026-03-17T14:21:16Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ar05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:80"] + }, + { + "action": "accept", + "src": ["tag:prod"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:prod"], + "dst": ["tag:server:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR06.json new file mode 100644 index 00000000..97fd9f08 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR06.json @@ -0,0 +1,172 @@ +{ + "test_id": "ACL-AR06", + "timestamp": "2026-03-17T14:21:26Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_ar06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT01.json new file mode 100644 index 00000000..2c972e7e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT01.json @@ -0,0 +1,315 @@ +{ + "test_id": "ACL-AT01", + "timestamp": "2026-03-17T14:21:36Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_at01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:server", "tag:client", "tag:prod", "tag:router", "tag:exit"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT02.json new file mode 100644 index 00000000..bdc599df --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT02.json @@ -0,0 +1,248 @@ +{ + "test_id": "ACL-AT02", + "timestamp": "2026-03-17T14:21:47Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_at02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:22", "tag:client:22", "tag:prod:22", "tag:router:22", "tag:exit:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.85.66.106", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::7c37:426a", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT03.json new file mode 100644 index 00000000..92c2ef71 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT03.json @@ -0,0 +1,216 @@ +{ + "test_id": "ACL-AT03", + "timestamp": "2026-03-17T14:21:57Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_at03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:server", "tag:client", "tag:prod", "tag:router", "tag:exit"], + "dst": ["autogroup:member:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT04.json new file mode 100644 index 00000000..5a0894b6 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT04.json @@ -0,0 +1,185 @@ +{ + "test_id": "ACL-AT04", + "timestamp": "2026-03-17T14:22:08Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_at04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:tagged"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["tag:server:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT05.json new file mode 100644 index 00000000..9f606358 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT05.json @@ -0,0 +1,168 @@ +{ + "test_id": "ACL-AT05", + "timestamp": "2026-03-17T14:22:18Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_at05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:server"], + "dst": ["tag:client:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT06.json new file mode 100644 index 00000000..db101e99 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT06.json @@ -0,0 +1,217 @@ +{ + "test_id": "ACL-AT06", + "timestamp": "2026-03-17T14:22:29Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_at06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:server"], + "dst": ["tag:prod:5432"] + }, + { + "action": "accept", + "src": ["tag:prod"], + "dst": ["tag:client:80"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:prod:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + }, + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU01.json new file mode 100644 index 00000000..ad696e82 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU01.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-AU01", + "timestamp": "2026-03-17T14:22:39Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_au01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kristoffer@dalby.cc"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU02.json new file mode 100644 index 00000000..7f021094 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU02.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-AU02", + "timestamp": "2026-03-17T14:22:49Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_au02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["monitorpasskeykradalby@passkey"], + "dst": ["tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU03.json new file mode 100644 index 00000000..eb0b26fb --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU03.json @@ -0,0 +1,163 @@ +{ + "test_id": "ACL-AU03", + "timestamp": "2026-03-17T14:23:00Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_au03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:developers"], + "dst": ["tag:server:22", "tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU04.json new file mode 100644 index 00000000..61bb5ddd --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU04.json @@ -0,0 +1,173 @@ +{ + "test_id": "ACL-AU04", + "timestamp": "2026-03-17T14:23:10Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_au04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["group:developers:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU05.json new file mode 100644 index 00000000..63cc6805 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU05.json @@ -0,0 +1,148 @@ +{ + "test_id": "ACL-AU05", + "timestamp": "2026-03-17T14:23:21Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_au05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["group:monitors:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU06.json new file mode 100644 index 00000000..6bbeed3b --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU06.json @@ -0,0 +1,150 @@ +{ + "test_id": "ACL-AU06", + "timestamp": "2026-03-17T14:23:31Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_au06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:admins", "group:developers", "group:monitors"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C01.json new file mode 100644 index 00000000..633be674 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C01.json @@ -0,0 +1,204 @@ +{ + "test_id": "ACL-C01", + "timestamp": "2026-03-17T14:23:42Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_c01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["tag:server:80"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C02.json new file mode 100644 index 00000000..cdba652c --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C02.json @@ -0,0 +1,201 @@ +{ + "test_id": "ACL-C02", + "timestamp": "2026-03-17T14:23:52Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_c02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client", "autogroup:member"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:prod"], + "dst": ["tag:server:80"] + }, + { + "action": "accept", + "src": ["group:admins"], + "dst": ["tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.83.200.69", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C03.json new file mode 100644 index 00000000..71d12741 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C03.json @@ -0,0 +1,235 @@ +{ + "test_id": "ACL-C03", + "timestamp": "2026-03-17T14:24:03Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_c03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22", "tag:prod:5432", "webserver:80"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C04.json new file mode 100644 index 00000000..0b611ea0 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C04.json @@ -0,0 +1,238 @@ +{ + "test_id": "ACL-C04", + "timestamp": "2026-03-17T14:24:13Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_c04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:server"], + "dst": ["tag:prod:5432"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["autogroup:self:*"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:internet:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C05.json new file mode 100644 index 00000000..c5374597 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C05.json @@ -0,0 +1,388 @@ +{ + "test_id": "ACL-C05", + "timestamp": "2026-03-17T14:24:23Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_c05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": [ + "tag:server:22", + "tag:prod:5432", + "tag:client:80", + "tag:router:*", + "tag:exit:*", + "autogroup:member:443", + "autogroup:self:*" + ] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.85.66.106", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::7c37:426a", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + }, + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + }, + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + }, + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C06.json new file mode 100644 index 00000000..cd12e982 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C06.json @@ -0,0 +1,156 @@ +{ + "test_id": "ACL-C06", + "timestamp": "2026-03-17T14:24:34Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_c06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client", "tag:prod", "tag:server", "autogroup:member", "group:admins"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C07.json new file mode 100644 index 00000000..a80d3eab --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C07.json @@ -0,0 +1,200 @@ +{ + "test_id": "ACL-C07", + "timestamp": "2026-03-17T14:24:44Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_c07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:80"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:443"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:8080"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 8080, + "Last": 8080 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 8080, + "Last": 8080 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C08.json new file mode 100644 index 00000000..c3cbe486 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C08.json @@ -0,0 +1,248 @@ +{ + "test_id": "ACL-C08", + "timestamp": "2026-03-17T14:24:55Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_c08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:22", "tag:prod:22", "tag:client:22", "tag:router:22", "tag:exit:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.85.66.106", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::7c37:426a", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C09.json new file mode 100644 index 00000000..d7f5a557 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C09.json @@ -0,0 +1,287 @@ +{ + "test_id": "ACL-C09", + "timestamp": "2026-03-17T14:25:05Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_c09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:prod:22"] + }, + { + "action": "accept", + "src": ["tag:server"], + "dst": ["tag:prod:5432"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["autogroup:self:*"] + }, + { + "action": "accept", + "src": ["group:developers"], + "dst": ["tag:router:*"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:internet:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C10.json new file mode 100644 index 00000000..f2e7b7bc --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C10.json @@ -0,0 +1,400 @@ +{ + "test_id": "ACL-C10", + "timestamp": "2026-03-17T14:25:16Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_c10.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["autogroup:self:*"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["tag:server:22", "tag:prod:5432"] + }, + { + "action": "accept", + "src": ["autogroup:tagged"], + "dst": ["autogroup:tagged:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.85.66.106", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::7c37:426a", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D01.json new file mode 100644 index 00000000..c88b22a4 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D01.json @@ -0,0 +1,172 @@ +{ + "test_id": "ACL-D01", + "timestamp": "2026-03-17T14:25:26Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_d01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D02.json new file mode 100644 index 00000000..a399570e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D02.json @@ -0,0 +1,150 @@ +{ + "test_id": "ACL-D02", + "timestamp": "2026-03-17T14:25:37Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_d02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22", "webserver:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D03.json new file mode 100644 index 00000000..5afeee24 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D03.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-D03", + "timestamp": "2026-03-17T14:25:47Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_d03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["100.108.74.26", "tag:server"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D04.json new file mode 100644 index 00000000..fcf31f23 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D04.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-D04", + "timestamp": "2026-03-17T14:25:57Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_d04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["100.108.74.26", "webserver"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D05.json new file mode 100644 index 00000000..7814df0e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D05.json @@ -0,0 +1,155 @@ +{ + "test_id": "ACL-D05", + "timestamp": "2026-03-17T14:26:08Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_d05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["100.108.74.26:22", "tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D06.json new file mode 100644 index 00000000..aabbfa10 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D06.json @@ -0,0 +1,148 @@ +{ + "test_id": "ACL-D06", + "timestamp": "2026-03-17T14:26:18Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_d06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["100.108.74.26:22", "webserver:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D07.json new file mode 100644 index 00000000..028fe39d --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D07.json @@ -0,0 +1,363 @@ +{ + "test_id": "ACL-D07", + "timestamp": "2026-03-17T14:26:29Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_d07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member", "autogroup:tagged"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D08.json new file mode 100644 index 00000000..0e4e0fbc --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D08.json @@ -0,0 +1,202 @@ +{ + "test_id": "ACL-D08", + "timestamp": "2026-03-17T14:26:39Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_d08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*"] + }, + { + "action": "accept", + "src": ["kratail2tid@passkey"], + "dst": ["kratail2tid@passkey:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E01.json new file mode 100644 index 00000000..138f9d56 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E01.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-E01", + "timestamp": "2026-03-17T14:26:50Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_e01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["100.108.74.26"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E02.json new file mode 100644 index 00000000..1dcabc3d --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E02.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-E02", + "timestamp": "2026-03-17T14:27:00Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_e02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:server"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E03.json new file mode 100644 index 00000000..bffcf22b --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E03.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-E03", + "timestamp": "2026-03-17T14:27:11Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_e03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["webserver"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E04.json new file mode 100644 index 00000000..47976c18 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E04.json @@ -0,0 +1,141 @@ +{ + "test_id": "ACL-E04", + "timestamp": "2026-03-17T14:27:21Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_e04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["100.108.74.26:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E05.json new file mode 100644 index 00000000..2195029c --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E05.json @@ -0,0 +1,148 @@ +{ + "test_id": "ACL-E05", + "timestamp": "2026-03-17T14:27:32Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_e05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E06.json new file mode 100644 index 00000000..557b2279 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E06.json @@ -0,0 +1,141 @@ +{ + "test_id": "ACL-E06", + "timestamp": "2026-03-17T14:27:42Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_e06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["webserver:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E07.json new file mode 100644 index 00000000..9ce58537 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E07.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-E07", + "timestamp": "2026-03-17T14:27:52Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_e07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kratail2tid@passkey"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E08.json new file mode 100644 index 00000000..407badcc --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E08.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-E08", + "timestamp": "2026-03-17T14:28:03Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_e08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:admins"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E09.json new file mode 100644 index 00000000..755ca138 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E09.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-E09", + "timestamp": "2026-03-17T14:28:13Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_e09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kratail2tid@passkey", "group:admins"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.json new file mode 100644 index 00000000..f327419b --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-ERR01", + "timestamp": "2026-03-17T14:28:24Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_err01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:nonexistent"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "src=tag not found: \"tag:nonexistent\"" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.json new file mode 100644 index 00000000..1eebf587 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-ERR02", + "timestamp": "2026-03-17T14:28:24Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_err02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:self"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "\"autogroup:self\" not valid on the src side of a rule" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.json new file mode 100644 index 00000000..5c6a5100 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-ERR03", + "timestamp": "2026-03-17T14:28:24Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_err03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "dst=\"autogroup:self\": port range \"self\": invalid first integer" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.json new file mode 100644 index 00000000..fd7387ee --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-ERR04", + "timestamp": "2026-03-17T14:28:25Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_err04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:nonexistent"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "src=tag not found: \"tag:nonexistent\"" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.json new file mode 100644 index 00000000..105363fe --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-ERR05", + "timestamp": "2026-03-17T14:28:25Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_err05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:nonexistent:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "dst=\"tag:nonexistent\": tag not found: \"tag:nonexistent\"" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.json new file mode 100644 index 00000000..aeb01305 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-ERR06", + "timestamp": "2026-03-17T14:28:25Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_err06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "deny", + "src": ["tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "action=\"deny\" is not supported" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.json new file mode 100644 index 00000000..669e7a06 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-ERR07", + "timestamp": "2026-03-17T14:28:29Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_err07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:ssh"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "dst=\"tag:server:ssh\": port range \"ssh\": invalid first integer" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.json new file mode 100644 index 00000000..f0abcb87 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.json @@ -0,0 +1,51 @@ +{ + "test_id": "ACL-ERR08", + "timestamp": "2026-03-17T14:28:34Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_err08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["autogroup:self:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.json new file mode 100644 index 00000000..a617c402 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.json @@ -0,0 +1,51 @@ +{ + "test_id": "ACL-ERR09", + "timestamp": "2026-03-17T14:28:39Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_err09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*"] + }, + { + "action": "accept", + "src": ["autogroup:tagged"], + "dst": ["autogroup:self:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H01.json new file mode 100644 index 00000000..73dabb10 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H01.json @@ -0,0 +1,141 @@ +{ + "test_id": "ACL-H01", + "timestamp": "2026-03-17T14:28:44Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_h01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["webserver:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H02.json new file mode 100644 index 00000000..57a1f5f3 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H02.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-H02", + "timestamp": "2026-03-17T14:28:59Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_h02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["webserver"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H03.json new file mode 100644 index 00000000..db4af458 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H03.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-H03", + "timestamp": "2026-03-17T14:29:10Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_h03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["internal"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H04.json new file mode 100644 index 00000000..da7ee2b0 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H04.json @@ -0,0 +1,141 @@ +{ + "test_id": "ACL-H04", + "timestamp": "2026-03-17T14:29:20Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_h04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["internal:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "10.0.0.0/8", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H05.json new file mode 100644 index 00000000..36a9b30f --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H05.json @@ -0,0 +1,159 @@ +{ + "test_id": "ACL-H05", + "timestamp": "2026-03-17T14:29:31Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_h05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["webserver:22", "prodbox:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H06.json new file mode 100644 index 00000000..1529a1dd --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H06.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-H06", + "timestamp": "2026-03-17T14:29:41Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_h06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["webserver", "tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H07.json new file mode 100644 index 00000000..c8c0fd84 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H07.json @@ -0,0 +1,136 @@ +{ + "test_id": "ACL-H07", + "timestamp": "2026-03-17T14:29:52Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_h07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:admins"], + "dst": ["webserver:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H08.json new file mode 100644 index 00000000..a635f7c7 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H08.json @@ -0,0 +1,123 @@ +{ + "test_id": "ACL-H08", + "timestamp": "2026-03-17T14:30:02Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_h08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["subnet24:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K01.json new file mode 100644 index 00000000..cfc17a34 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K01.json @@ -0,0 +1,172 @@ +{ + "test_id": "ACL-K01", + "timestamp": "2026-03-17T14:30:13Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_k01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": [ + "*", + "autogroup:member", + "autogroup:tagged", + "group:admins", + "tag:client", + "webserver", + "100.90.199.68" + ], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::/48", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K02.json new file mode 100644 index 00000000..b9e10966 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K02.json @@ -0,0 +1,226 @@ +{ + "test_id": "ACL-K02", + "timestamp": "2026-03-17T14:30:23Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_k02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": [ + "tag:server:22", + "tag:prod:5432", + "webserver:80", + "prodbox:443", + "group:admins:8080", + "kratail2tid@passkey:3000", + "100.108.74.26:9000" + ] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 9000, + "Last": 9000 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 3000, + "Last": 3000 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 3000, + "Last": 3000 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 8080, + "Last": 8080 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 8080, + "Last": 8080 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K03.json new file mode 100644 index 00000000..d431edf3 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K03.json @@ -0,0 +1,374 @@ +{ + "test_id": "ACL-K03", + "timestamp": "2026-03-17T14:30:34Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_k03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": [ + "autogroup:member", + "autogroup:tagged", + "group:admins", + "group:developers", + "kratail2tid@passkey", + "tag:client", + "tag:prod", + "tag:server", + "webserver", + "prodbox" + ], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_9_destinations_7_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K04.json similarity index 50% rename from hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_9_destinations_7_4.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-K04.json index 14092c5f..e58a7e0b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_9_destinations_7_4.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K04.json @@ -1,26 +1,36 @@ { - "test_id": "ACL-wildcard_to_9_destinations_7_4", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", + "test_id": "ACL-K04", + "timestamp": "2026-03-17T14:30:44Z", + "propagation_wait_seconds": 10, "input": { + "policy_file": "acl_policies/acl_k04.json", "full_policy": { "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], "group:empty": [] }, "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] }, "hosts": { "webserver": "100.108.74.26", - "database": "100.74.60.128", + "prodbox": "100.103.8.15", "internal": "10.0.0.0/8", "subnet24": "192.168.1.0/24" }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, "acls": [ { "action": "accept", @@ -29,25 +39,44 @@ "tag:server:22", "tag:server:80", "tag:server:443", - "tag:database:5432", - "tag:database:3306", - "tag:web:80", - "tag:web:443", + "tag:prod:5432", + "tag:prod:3306", + "tag:client:80", + "tag:client:443", "webserver:8080", - "database:8080" + "prodbox:8080" ] } ] - } + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 }, "topology": { "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" }, "tagged-server": { "hostname": "tagged-server", @@ -55,188 +84,195 @@ "ipv4": "100.108.74.26", "ipv6": "fd7a:115c:a1e0::b901:4a87" }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" } } }, "captures": { - "user1": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { "packet_filter_rules": null }, "tagged-client": { - "packet_filter_rules": null + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.83.200.69", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 8080, + "Last": 8080 + } + }, + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "100.103.8.15", + "Ports": { + "First": 3306, + "Last": 3306 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 3306, + "Last": 3306 + } + } + ] + } + ] }, "tagged-server": { "packet_filter_rules": [ { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], "DstPorts": [ { - "IP": "100.108.74.26/32", + "IP": "100.108.74.26", "Ports": { "First": 8080, "Last": 8080 } }, { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 8080, - "Last": 8080 - } - }, - { - "IP": "100.108.74.26/32", + "IP": "100.108.74.26", "Ports": { "First": 22, "Last": 22 } }, { - "IP": "100.108.74.26/32", + "IP": "100.108.74.26", "Ports": { "First": 80, "Last": 80 } }, { - "IP": "100.108.74.26/32", + "IP": "100.108.74.26", "Ports": { "First": 443, "Last": 443 } }, { - "IP": "fd7a:115c:a1e0::b901:4a87/128", + "IP": "fd7a:115c:a1e0::b901:4a87", "Ports": { "First": 22, "Last": 22 } }, { - "IP": "fd7a:115c:a1e0::b901:4a87/128", + "IP": "fd7a:115c:a1e0::b901:4a87", "Ports": { "First": 80, "Last": 80 } }, { - "IP": "fd7a:115c:a1e0::b901:4a87/128", + "IP": "fd7a:115c:a1e0::b901:4a87", "Ports": { "First": 443, "Last": 443 } } - ], - "IPProto": [6, 17, 1, 58] + ] } ] }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 8080, - "Last": 8080 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 8080, - "Last": 8080 - } - }, - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 3306, - "Last": 3306 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 3306, - "Last": 3306 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] + "user-kris": { + "packet_filter_rules": null }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null } } } diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K05.json new file mode 100644 index 00000000..3aaa7f39 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K05.json @@ -0,0 +1,221 @@ +{ + "test_id": "ACL-K05", + "timestamp": "2026-03-17T14:30:54Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_k05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": [ + "autogroup:member", + "group:admins", + "kratail2tid@passkey", + "tag:client", + "tag:prod", + "100.83.200.69", + "100.103.8.15" + ], + "dst": ["tag:server:22", "webserver:80", "100.108.74.26:443", "group:admins:8080", "kratail2tid@passkey:9000"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.110.121.96", + "100.83.200.69", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.110.121.96", + "100.83.200.69", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 9000, + "Last": 9000 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 9000, + "Last": 9000 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 8080, + "Last": 8080 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 8080, + "Last": 8080 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M01.json new file mode 100644 index 00000000..7380851c --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M01.json @@ -0,0 +1,150 @@ +{ + "test_id": "ACL-M01", + "timestamp": "2026-03-17T14:31:05Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_m01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kratail2tid@passkey", "tag:client", "group:monitors"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.83.200.69", + "100.90.199.68", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M02.json new file mode 100644 index 00000000..0dbced2d --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M02.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-M02", + "timestamp": "2026-03-17T14:31:15Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_m02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["100.90.199.68", "tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "100.90.199.68", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M03.json new file mode 100644 index 00000000..0632438a --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M03.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-M03", + "timestamp": "2026-03-17T14:31:26Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_m03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["webserver", "tag:client"], + "dst": ["tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M04.json new file mode 100644 index 00000000..b2f290d3 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M04.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-M04", + "timestamp": "2026-03-17T14:31:36Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_m04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:admins", "tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "100.90.199.68", "fd7a:115c:a1e0::2d01:c747", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M05.json new file mode 100644 index 00000000..ee51c3a6 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M05.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-M05", + "timestamp": "2026-03-17T14:31:47Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_m05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kratail2tid@passkey", "group:monitors"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "100.90.199.68", "fd7a:115c:a1e0::2d01:c747", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M06.json new file mode 100644 index 00000000..892f019b --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M06.json @@ -0,0 +1,150 @@ +{ + "test_id": "ACL-M06", + "timestamp": "2026-03-17T14:31:57Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_m06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*", "tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "100.83.200.69", + "fd7a:115c:a1e0::/48", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M07.json new file mode 100644 index 00000000..25766123 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M07.json @@ -0,0 +1,180 @@ +{ + "test_id": "ACL-M07", + "timestamp": "2026-03-17T14:32:08Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_m07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member", "tag:client"], + "dst": ["tag:server:22,80,443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.83.200.69", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M08.json new file mode 100644 index 00000000..d78dcf3c --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M08.json @@ -0,0 +1,152 @@ +{ + "test_id": "ACL-M08", + "timestamp": "2026-03-17T14:32:18Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_m08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member", "tag:client"], + "dst": ["tag:server:80-443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.83.200.69", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M09.json new file mode 100644 index 00000000..4cfc286b --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M09.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-M09", + "timestamp": "2026-03-17T14:32:29Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_m09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client", "internal"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["10.0.0.0/8", "100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M10.json new file mode 100644 index 00000000..1f5dcae2 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M10.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-M10", + "timestamp": "2026-03-17T14:32:39Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_m10.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["100.92.142.61", "tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "100.92.142.61", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR01.json new file mode 100644 index 00000000..f62a23c9 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR01.json @@ -0,0 +1,168 @@ +{ + "test_id": "ACL-MR01", + "timestamp": "2026-03-17T14:32:50Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR02.json new file mode 100644 index 00000000..c305ac4f --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR02.json @@ -0,0 +1,162 @@ +{ + "test_id": "ACL-MR02", + "timestamp": "2026-03-17T14:33:00Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR03.json new file mode 100644 index 00000000..ea687121 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR03.json @@ -0,0 +1,167 @@ +{ + "test_id": "ACL-MR03", + "timestamp": "2026-03-17T14:33:10Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:prod"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR04.json new file mode 100644 index 00000000..5a7d1127 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR04.json @@ -0,0 +1,162 @@ +{ + "test_id": "ACL-MR04", + "timestamp": "2026-03-17T14:33:21Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:admins"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["kratail2tid@passkey"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR05.json new file mode 100644 index 00000000..7196cd13 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR05.json @@ -0,0 +1,167 @@ +{ + "test_id": "ACL-MR05", + "timestamp": "2026-03-17T14:33:31Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["group:admins:22"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["kratail2tid@passkey:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR06.json new file mode 100644 index 00000000..07fc9759 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR06.json @@ -0,0 +1,202 @@ +{ + "test_id": "ACL-MR06", + "timestamp": "2026-03-17T14:33:42Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["autogroup:member:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["group:admins:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR07.json new file mode 100644 index 00000000..03180abe --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR07.json @@ -0,0 +1,217 @@ +{ + "test_id": "ACL-MR07", + "timestamp": "2026-03-17T14:33:52Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:22", "tag:prod:5432"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:80", "tag:router:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR08.json new file mode 100644 index 00000000..2c6c0ca7 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR08.json @@ -0,0 +1,191 @@ +{ + "test_id": "ACL-MR08", + "timestamp": "2026-03-17T14:34:03Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:prod"], + "dst": ["tag:server:80"] + }, + { + "action": "accept", + "src": ["tag:router"], + "dst": ["tag:server:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": ["100.92.142.61", "fd7a:115c:a1e0::3e37:8e3d"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR09.json new file mode 100644 index 00000000..b92f3a43 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR09.json @@ -0,0 +1,193 @@ +{ + "test_id": "ACL-MR09", + "timestamp": "2026-03-17T14:34:13Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["group:admins"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["kratail2tid@passkey"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR10.json new file mode 100644 index 00000000..185463eb --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR10.json @@ -0,0 +1,193 @@ +{ + "test_id": "ACL-MR10", + "timestamp": "2026-03-17T14:34:23Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr10.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:prod:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:router:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR11.json new file mode 100644 index 00000000..958cd1dd --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR11.json @@ -0,0 +1,228 @@ +{ + "test_id": "ACL-MR11", + "timestamp": "2026-03-17T14:34:34Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr11.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["autogroup:member:22"] + }, + { + "action": "accept", + "src": ["group:admins"], + "dst": ["group:admins:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR12.json new file mode 100644 index 00000000..242b3c8e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR12.json @@ -0,0 +1,162 @@ +{ + "test_id": "ACL-MR12", + "timestamp": "2026-03-17T14:34:44Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr12.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kratail2tid@passkey"], + "dst": ["kratail2tid@passkey:22"] + }, + { + "action": "accept", + "src": ["group:admins"], + "dst": ["kratail2tid@passkey:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR13.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR13.json new file mode 100644 index 00000000..00d77deb --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR13.json @@ -0,0 +1,378 @@ +{ + "test_id": "ACL-MR13", + "timestamp": "2026-03-17T14:34:55Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr13.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:tagged"], + "dst": ["autogroup:tagged:22"] + }, + { + "action": "accept", + "src": ["tag:client", "tag:prod"], + "dst": ["autogroup:tagged:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.85.66.106", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::7c37:426a", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "100.83.200.69", "fd7a:115c:a1e0::5b37:80f", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.85.66.106", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::7c37:426a", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "100.83.200.69", "fd7a:115c:a1e0::5b37:80f", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "100.83.200.69", "fd7a:115c:a1e0::5b37:80f", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "100.83.200.69", "fd7a:115c:a1e0::5b37:80f", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "100.83.200.69", "fd7a:115c:a1e0::5b37:80f", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR14.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR14.json new file mode 100644 index 00000000..d3008297 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR14.json @@ -0,0 +1,560 @@ +{ + "test_id": "ACL-MR14", + "timestamp": "2026-03-17T14:35:05Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr14.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member", "autogroup:tagged"], + "dst": ["autogroup:member:22", "autogroup:tagged:80"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["*:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.85.66.106", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::7c37:426a", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.103.90.82", + "100.108.74.26", + "100.110.121.96", + "100.83.200.69", + "100.85.66.106", + "100.90.199.68", + "100.92.142.61", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::9e37:5a52", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR15.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR15.json new file mode 100644 index 00000000..b615ead7 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR15.json @@ -0,0 +1,291 @@ +{ + "test_id": "ACL-MR15", + "timestamp": "2026-03-17T14:35:16Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr15.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["*:*"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR16.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR16.json new file mode 100644 index 00000000..502aed9e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR16.json @@ -0,0 +1,305 @@ +{ + "test_id": "ACL-MR16", + "timestamp": "2026-03-17T14:35:26Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr16.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["tag:prod:5432"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["*:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR17.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR17.json new file mode 100644 index 00000000..185d6d4e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR17.json @@ -0,0 +1,246 @@ +{ + "test_id": "ACL-MR17", + "timestamp": "2026-03-17T14:35:37Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr17.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["*:*"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR18.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR18.json new file mode 100644 index 00000000..15b46c88 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR18.json @@ -0,0 +1,318 @@ +{ + "test_id": "ACL-MR18", + "timestamp": "2026-03-17T14:35:47Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr18.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:22", "tag:prod:5432", "tag:client:80"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:80", "*:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + }, + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR19.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR19.json new file mode 100644 index 00000000..0b8dce19 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR19.json @@ -0,0 +1,472 @@ +{ + "test_id": "ACL-MR19", + "timestamp": "2026-03-17T14:35:58Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr19.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:tagged"], + "dst": ["*:*"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR20.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR20.json new file mode 100644 index 00000000..3b7550fe --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR20.json @@ -0,0 +1,175 @@ +{ + "test_id": "ACL-MR20", + "timestamp": "2026-03-17T14:36:08Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr20.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member", "group:admins", "kratail2tid@passkey"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:server", "webserver", "100.108.74.26"], + "dst": ["group:admins:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR21.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR21.json new file mode 100644 index 00000000..0656ffb7 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR21.json @@ -0,0 +1,226 @@ +{ + "test_id": "ACL-MR21", + "timestamp": "2026-03-17T14:36:18Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr21.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["tag:prod:5432"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["tag:client:80"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["webserver:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR22.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR22.json new file mode 100644 index 00000000..6c5306bb --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR22.json @@ -0,0 +1,217 @@ +{ + "test_id": "ACL-MR22", + "timestamp": "2026-03-17T14:36:29Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr22.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:prod:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:router:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["webserver:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["prodbox:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.103.8.15", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR23.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR23.json new file mode 100644 index 00000000..e83b49ff --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR23.json @@ -0,0 +1,456 @@ +{ + "test_id": "ACL-MR23", + "timestamp": "2026-03-17T14:36:39Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mr23.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:server"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:client:22"] + }, + { + "action": "accept", + "src": ["tag:prod"], + "dst": ["tag:prod:22"] + }, + { + "action": "accept", + "src": ["tag:router"], + "dst": ["tag:router:22"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["*:80"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:member:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.92.142.61", "fd7a:115c:a1e0::3e37:8e3d"], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU01.json new file mode 100644 index 00000000..274b48ff --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU01.json @@ -0,0 +1,167 @@ +{ + "test_id": "ACL-MU01", + "timestamp": "2026-03-17T14:36:50Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mu01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kratail2tid@passkey"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["kristoffer@dalby.cc"], + "dst": ["tag:server:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU02.json new file mode 100644 index 00000000..a630277e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU02.json @@ -0,0 +1,163 @@ +{ + "test_id": "ACL-MU02", + "timestamp": "2026-03-17T14:37:00Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mu02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:developers"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU03.json new file mode 100644 index 00000000..9598bdfb --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU03.json @@ -0,0 +1,168 @@ +{ + "test_id": "ACL-MU03", + "timestamp": "2026-03-17T14:37:11Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mu03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:developers"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["group:monitors"], + "dst": ["tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU04.json new file mode 100644 index 00000000..fca1aeda --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU04.json @@ -0,0 +1,266 @@ +{ + "test_id": "ACL-MU04", + "timestamp": "2026-03-17T14:37:21Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mu04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["autogroup:self:*"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["autogroup:member:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU05.json new file mode 100644 index 00000000..420d204b --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU05.json @@ -0,0 +1,148 @@ +{ + "test_id": "ACL-MU05", + "timestamp": "2026-03-17T14:37:32Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mu05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["kratail2tid@passkey:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU06.json new file mode 100644 index 00000000..355a542d --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU06.json @@ -0,0 +1,148 @@ +{ + "test_id": "ACL-MU06", + "timestamp": "2026-03-17T14:37:42Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mu06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["kristoffer@dalby.cc:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU07.json new file mode 100644 index 00000000..1edcde76 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU07.json @@ -0,0 +1,283 @@ +{ + "test_id": "ACL-MU07", + "timestamp": "2026-03-17T14:37:53Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mu07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kratail2tid@passkey", "kristoffer@dalby.cc", "monitorpasskeykradalby@passkey"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU08.json new file mode 100644 index 00000000..fad93668 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU08.json @@ -0,0 +1,198 @@ +{ + "test_id": "ACL-MU08", + "timestamp": "2026-03-17T14:38:03Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_mu08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["kratail2tid@passkey:22", "kristoffer@dalby.cc:22", "monitorpasskeykradalby@passkey:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O01.json new file mode 100644 index 00000000..90b8de0b --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O01.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-O01", + "timestamp": "2026-03-17T14:38:13Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_o01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client", "tag:prod"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.8.15", "100.83.200.69", "fd7a:115c:a1e0::5b37:80f", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O02.json new file mode 100644 index 00000000..7ea0f912 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O02.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-O02", + "timestamp": "2026-03-17T14:38:24Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_o02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:prod", "tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.8.15", "100.83.200.69", "fd7a:115c:a1e0::5b37:80f", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O03.json new file mode 100644 index 00000000..ab71d000 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O03.json @@ -0,0 +1,163 @@ +{ + "test_id": "ACL-O03", + "timestamp": "2026-03-17T14:38:34Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_o03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22", "tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O04.json new file mode 100644 index 00000000..262bea57 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O04.json @@ -0,0 +1,163 @@ +{ + "test_id": "ACL-O04", + "timestamp": "2026-03-17T14:38:45Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_o04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:prod:5432", "tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P01.json new file mode 100644 index 00000000..c6bec53e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P01.json @@ -0,0 +1,148 @@ +{ + "test_id": "ACL-P01", + "timestamp": "2026-03-17T14:38:55Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_p01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P02.json new file mode 100644 index 00000000..d3ebd0c2 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P02.json @@ -0,0 +1,148 @@ +{ + "test_id": "ACL-P02", + "timestamp": "2026-03-17T14:39:06Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_p02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:80-443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P03.json new file mode 100644 index 00000000..595084be --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P03.json @@ -0,0 +1,176 @@ +{ + "test_id": "ACL-P03", + "timestamp": "2026-03-17T14:39:16Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_p03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:22,80,443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P04.json new file mode 100644 index 00000000..0b91c36a --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P04.json @@ -0,0 +1,150 @@ +{ + "test_id": "ACL-P04", + "timestamp": "2026-03-17T14:39:27Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_p04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:22"], + "proto": "tcp" + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ], + "IPProto": [6] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P05.json new file mode 100644 index 00000000..57d7bbc2 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P05.json @@ -0,0 +1,150 @@ +{ + "test_id": "ACL-P05", + "timestamp": "2026-03-17T14:39:37Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_p05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:53"], + "proto": "udp" + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 53, + "Last": 53 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 53, + "Last": 53 + } + } + ], + "IPProto": [17] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P06.json new file mode 100644 index 00000000..88baebe2 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P06.json @@ -0,0 +1,150 @@ +{ + "test_id": "ACL-P06", + "timestamp": "2026-03-17T14:39:48Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_p06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:*"], + "proto": "1" + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ], + "IPProto": [1] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF01.json new file mode 100644 index 00000000..390cf539 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF01.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-PF01", + "timestamp": "2026-03-17T14:39:58Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_pf01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF02.json new file mode 100644 index 00000000..29d83e0f --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF02.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-PF02", + "timestamp": "2026-03-17T14:40:09Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_pf02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:80-443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF03.json new file mode 100644 index 00000000..dbba01ea --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF03.json @@ -0,0 +1,171 @@ +{ + "test_id": "ACL-PF03", + "timestamp": "2026-03-17T14:40:19Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_pf03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22,80,443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF04.json new file mode 100644 index 00000000..5bc9f695 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF04.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-PF04", + "timestamp": "2026-03-17T14:40:29Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_pf04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF05.json new file mode 100644 index 00000000..af688736 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF05.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-PF05", + "timestamp": "2026-03-17T14:40:40Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_pf05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:1-65535"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 1, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 1, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R01.json new file mode 100644 index 00000000..c799d2e9 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R01.json @@ -0,0 +1,167 @@ +{ + "test_id": "ACL-R01", + "timestamp": "2026-03-17T14:40:50Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_r01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:prod"], + "dst": ["tag:server:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R02.json new file mode 100644 index 00000000..3b530492 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R02.json @@ -0,0 +1,168 @@ +{ + "test_id": "ACL-R02", + "timestamp": "2026-03-17T14:41:01Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_r02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R03.json new file mode 100644 index 00000000..6f5639b3 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R03.json @@ -0,0 +1,162 @@ +{ + "test_id": "ACL-R03", + "timestamp": "2026-03-17T14:41:11Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_r03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R04.json new file mode 100644 index 00000000..4b5edc4a --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R04.json @@ -0,0 +1,167 @@ +{ + "test_id": "ACL-R04", + "timestamp": "2026-03-17T14:41:22Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_r04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["group:admins"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R05.json new file mode 100644 index 00000000..68f61569 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R05.json @@ -0,0 +1,291 @@ +{ + "test_id": "ACL-R05", + "timestamp": "2026-03-17T14:41:32Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_r05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["*:*"] + }, + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R06.json new file mode 100644 index 00000000..dc6756dc --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R06.json @@ -0,0 +1,191 @@ +{ + "test_id": "ACL-R06", + "timestamp": "2026-03-17T14:41:43Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_r06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:prod"], + "dst": ["tag:server:80"] + }, + { + "action": "accept", + "src": ["group:admins"], + "dst": ["tag:server:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + }, + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R07.json new file mode 100644 index 00000000..248f2577 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R07.json @@ -0,0 +1,240 @@ +{ + "test_id": "ACL-R07", + "timestamp": "2026-03-17T14:41:53Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_r07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["tag:prod:5432"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R08.json new file mode 100644 index 00000000..feef997c --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R08.json @@ -0,0 +1,193 @@ +{ + "test_id": "ACL-R08", + "timestamp": "2026-03-17T14:42:04Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_r08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + }, + { + "action": "accept", + "src": ["tag:server"], + "dst": ["tag:prod:5432"] + }, + { + "action": "accept", + "src": ["tag:prod"], + "dst": ["tag:client:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R09.json new file mode 100644 index 00000000..7241e609 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R09.json @@ -0,0 +1,215 @@ +{ + "test_id": "ACL-R09", + "timestamp": "2026-03-17T14:42:14Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_r09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["autogroup:self:*"] + }, + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R10.json new file mode 100644 index 00000000..a9427763 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R10.json @@ -0,0 +1,313 @@ +{ + "test_id": "ACL-R10", + "timestamp": "2026-03-17T14:42:25Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_r10.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:tagged:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.85.66.106", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::7c37:426a", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS01.json new file mode 100644 index 00000000..edae2b34 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS01.json @@ -0,0 +1,150 @@ +{ + "test_id": "ACL-RS01", + "timestamp": "2026-03-17T14:42:35Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_rs01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member", "group:admins", "group:developers", "kratail2tid@passkey", "100.90.199.68"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS02.json new file mode 100644 index 00000000..fdf25bbc --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS02.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-RS02", + "timestamp": "2026-03-17T14:42:45Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_rs02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:server", "webserver", "100.108.74.26"], + "dst": ["tag:client:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "100.83.200.69", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::c537:c845", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS03.json new file mode 100644 index 00000000..81334e8a --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS03.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-RS03", + "timestamp": "2026-03-17T14:42:56Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_rs03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:prod", "prodbox", "100.103.8.15"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.8.15", "fd7a:115c:a1e0::5b37:80f"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS04.json new file mode 100644 index 00000000..837fcf09 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS04.json @@ -0,0 +1,216 @@ +{ + "test_id": "ACL-RS04", + "timestamp": "2026-03-17T14:43:06Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_rs04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:tagged", "tag:server", "tag:client", "tag:prod", "tag:router", "tag:exit"], + "dst": ["autogroup:member:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS05.json new file mode 100644 index 00000000..f41cf10e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS05.json @@ -0,0 +1,157 @@ +{ + "test_id": "ACL-RS05", + "timestamp": "2026-03-17T14:43:17Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_rs05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22", "webserver:22", "100.108.74.26:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS06.json new file mode 100644 index 00000000..fd1cd5cb --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS06.json @@ -0,0 +1,198 @@ +{ + "test_id": "ACL-RS06", + "timestamp": "2026-03-17T14:43:27Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_rs06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["group:admins:22", "group:developers:22", "kratail2tid@passkey:22", "100.90.199.68:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS07.json new file mode 100644 index 00000000..3566c741 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS07.json @@ -0,0 +1,185 @@ +{ + "test_id": "ACL-RS07", + "timestamp": "2026-03-17T14:43:38Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_rs07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22", "tag:server:80", "tag:server:443", "webserver:8080", "100.108.74.26:9000"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 8080, + "Last": 8080 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 443, + "Last": 443 + } + }, + { + "IP": "100.108.74.26", + "Ports": { + "First": 9000, + "Last": 9000 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S01.json new file mode 100644 index 00000000..48150bec --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S01.json @@ -0,0 +1,183 @@ +{ + "test_id": "ACL-S01", + "timestamp": "2026-03-17T14:43:48Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_s01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["autogroup:self:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S02.json new file mode 100644 index 00000000..91a1343a --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S02.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-S02", + "timestamp": "2026-03-17T14:43:59Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_s02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:admins"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S03.json new file mode 100644 index 00000000..08ca1bfe --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S03.json @@ -0,0 +1,163 @@ +{ + "test_id": "ACL-S03", + "timestamp": "2026-03-17T14:44:09Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_s03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:developers"], + "dst": ["autogroup:self:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S04.json new file mode 100644 index 00000000..7e6119a2 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S04.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-S04", + "timestamp": "2026-03-17T14:44:20Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_s04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:tagged"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S05.json new file mode 100644 index 00000000..45daa0a7 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S05.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-S05", + "timestamp": "2026-03-17T14:44:20Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_s05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["100.90.199.68"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S06.json new file mode 100644 index 00000000..a5508ed5 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S06.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-S06", + "timestamp": "2026-03-17T14:44:20Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_s06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["webserver"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S07.json new file mode 100644 index 00000000..fcb5b657 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S07.json @@ -0,0 +1,213 @@ +{ + "test_id": "ACL-S07", + "timestamp": "2026-03-17T14:44:20Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_s07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S08.json new file mode 100644 index 00000000..c54f589d --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S08.json @@ -0,0 +1,255 @@ +{ + "test_id": "ACL-S08", + "timestamp": "2026-03-17T14:44:31Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_s08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*", "autogroup:member:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S09.json new file mode 100644 index 00000000..4a0df20c --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S09.json @@ -0,0 +1,225 @@ +{ + "test_id": "ACL-S09", + "timestamp": "2026-03-17T14:44:41Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_s09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:22", "autogroup:self:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.110.121.96", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.103.90.82", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S10.json new file mode 100644 index 00000000..2d560805 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S10.json @@ -0,0 +1,230 @@ +{ + "test_id": "ACL-S10", + "timestamp": "2026-03-17T14:44:52Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_s10.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:22"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.110.121.96", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.103.90.82", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF01.json new file mode 100644 index 00000000..cadc25b9 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF01.json @@ -0,0 +1,183 @@ +{ + "test_id": "ACL-SF01", + "timestamp": "2026-03-17T14:45:02Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_sf01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member"], + "dst": ["autogroup:self:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF02.json new file mode 100644 index 00000000..6c741acd --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF02.json @@ -0,0 +1,163 @@ +{ + "test_id": "ACL-SF02", + "timestamp": "2026-03-17T14:45:13Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_sf02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:developers"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF03.json new file mode 100644 index 00000000..91a41445 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF03.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-SF03", + "timestamp": "2026-03-17T14:45:23Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_sf03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF04.json new file mode 100644 index 00000000..75219abd --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF04.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-SF04", + "timestamp": "2026-03-17T14:45:23Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_sf04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["webserver"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF05.json new file mode 100644 index 00000000..07e9da1b --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF05.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-SF05", + "timestamp": "2026-03-17T14:45:24Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_sf05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["100.90.199.68"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF06.json new file mode 100644 index 00000000..4d153360 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF06.json @@ -0,0 +1,208 @@ +{ + "test_id": "ACL-SF06", + "timestamp": "2026-03-17T14:45:24Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_sf06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*", "tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF07.json new file mode 100644 index 00000000..fbdef2bb --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF07.json @@ -0,0 +1,207 @@ +{ + "test_id": "ACL-SF07", + "timestamp": "2026-03-17T14:45:34Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_sf07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:*", "group:admins:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF08.json new file mode 100644 index 00000000..65c76d48 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF08.json @@ -0,0 +1,46 @@ +{ + "test_id": "ACL-SF08", + "timestamp": "2026-03-17T14:45:45Z", + "error": true, + "input": { + "policy_file": "acl_policies/acl_sf08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:member", "tag:client"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 400, + "api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF09.json new file mode 100644 index 00000000..3604b3f6 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF09.json @@ -0,0 +1,230 @@ +{ + "test_id": "ACL-SF09", + "timestamp": "2026-03-17T14:45:45Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_sf09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:22"] + }, + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.110.121.96", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.103.90.82", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF10.json new file mode 100644 index 00000000..9f6a7ffc --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF10.json @@ -0,0 +1,225 @@ +{ + "test_id": "ACL-SF10", + "timestamp": "2026-03-17T14:45:55Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_sf10.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:22", "autogroup:self:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.110.121.96", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.103.90.82", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "100.90.199.68", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF11.json new file mode 100644 index 00000000..0562494b --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF11.json @@ -0,0 +1,207 @@ +{ + "test_id": "ACL-SF11", + "timestamp": "2026-03-17T14:46:06Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_sf11.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["autogroup:self:22", "kratail2tid@passkey:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + }, + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF12.json new file mode 100644 index 00000000..235a791f --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF12.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-SF12", + "timestamp": "2026-03-17T14:46:16Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_sf12.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kristoffer@dalby.cc"], + "dst": ["autogroup:self:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "100.110.121.96", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::1737:7960", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF13.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF13.json new file mode 100644 index 00000000..2dfbe83e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF13.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-SF13", + "timestamp": "2026-03-17T14:46:27Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_sf13.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:monitors"], + "dst": ["autogroup:self:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.103.90.82", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::9e37:5a52", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T01.json new file mode 100644 index 00000000..7290ab3c --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T01.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-T01", + "timestamp": "2026-03-17T14:46:37Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_t01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T02.json new file mode 100644 index 00000000..fef73138 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T02.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-T02", + "timestamp": "2026-03-17T14:46:48Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_t02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T03.json new file mode 100644 index 00000000..c3e1e872 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T03.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-T03", + "timestamp": "2026-03-17T14:46:58Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_t03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client", "tag:prod"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.8.15", "100.83.200.69", "fd7a:115c:a1e0::5b37:80f", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T04.json new file mode 100644 index 00000000..36751d45 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T04.json @@ -0,0 +1,148 @@ +{ + "test_id": "ACL-T04", + "timestamp": "2026-03-17T14:47:09Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_t04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T05.json new file mode 100644 index 00000000..b2998a0a --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T05.json @@ -0,0 +1,183 @@ +{ + "test_id": "ACL-T05", + "timestamp": "2026-03-17T14:47:19Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_t05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["tag:server:22", "tag:prod:5432", "tag:router:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 80, + "Last": 80 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T06.json new file mode 100644 index 00000000..e68913a6 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T06.json @@ -0,0 +1,154 @@ +{ + "test_id": "ACL-T06", + "timestamp": "2026-03-17T14:47:29Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_t06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["autogroup:tagged"], + "dst": ["tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "100.85.66.106", + "100.92.142.61", + "fd7a:115c:a1e0::3e37:8e3d", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::7c37:426a", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T07.json new file mode 100644 index 00000000..8c453671 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T07.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-T07", + "timestamp": "2026-03-17T14:47:40Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_t07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:server"], + "dst": ["tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.108.74.26", "fd7a:115c:a1e0::b901:4a87"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T08.json new file mode 100644 index 00000000..3ad4cf0f --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T08.json @@ -0,0 +1,150 @@ +{ + "test_id": "ACL-T08", + "timestamp": "2026-03-17T14:47:50Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_t08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client", "tag:server", "tag:prod"], + "dst": ["tag:router:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.8.15", + "100.108.74.26", + "100.83.200.69", + "fd7a:115c:a1e0::5b37:80f", + "fd7a:115c:a1e0::b901:4a87", + "fd7a:115c:a1e0::c537:c845" + ], + "DstPorts": [ + { + "IP": "100.92.142.61", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::3e37:8e3d", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T09.json new file mode 100644 index 00000000..e61ed893 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T09.json @@ -0,0 +1,136 @@ +{ + "test_id": "ACL-T09", + "timestamp": "2026-03-17T14:48:01Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_t09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["tag:client"], + "dst": ["100.108.74.26:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T10.json new file mode 100644 index 00000000..4089db74 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T10.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-T10", + "timestamp": "2026-03-17T14:48:11Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_t10.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["100.83.200.69"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U01.json new file mode 100644 index 00000000..bb3b29e2 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U01.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-U01", + "timestamp": "2026-03-17T14:48:22Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kratail2tid@passkey"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U02.json new file mode 100644 index 00000000..52412106 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U02.json @@ -0,0 +1,148 @@ +{ + "test_id": "ACL-U02", + "timestamp": "2026-03-17T14:48:32Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["kratail2tid@passkey:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U03.json new file mode 100644 index 00000000..61f67569 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U03.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-U03", + "timestamp": "2026-03-17T14:48:43Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:admins"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U04.json new file mode 100644 index 00000000..096ca91d --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U04.json @@ -0,0 +1,148 @@ +{ + "test_id": "ACL-U04", + "timestamp": "2026-03-17T14:48:53Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["group:admins:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.90.199.68", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::2d01:c747", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U05.json new file mode 100644 index 00000000..cb44017e --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U05.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-U05", + "timestamp": "2026-03-17T14:49:03Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:developers"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U06.json new file mode 100644 index 00000000..98aa256d --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U06.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-U06", + "timestamp": "2026-03-17T14:49:14Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kratail2tid@passkey"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U07.json new file mode 100644 index 00000000..d3fbe05f --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U07.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-U07", + "timestamp": "2026-03-17T14:49:24Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kristoffer@dalby.cc"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U08.json new file mode 100644 index 00000000..39022a55 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U08.json @@ -0,0 +1,163 @@ +{ + "test_id": "ACL-U08", + "timestamp": "2026-03-17T14:49:35Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:admins"], + "dst": ["tag:server:22", "tag:prod:5432"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.103.8.15", + "Ports": { + "First": 5432, + "Last": 5432 + } + }, + { + "IP": "fd7a:115c:a1e0::5b37:80f", + "Ports": { + "First": 5432, + "Last": 5432 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U09.json new file mode 100644 index 00000000..4a0e1828 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U09.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-U09", + "timestamp": "2026-03-17T14:49:45Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:monitors"], + "dst": ["tag:server:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 0, + "Last": 65535 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U10.json new file mode 100644 index 00000000..9f35a5dc --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U10.json @@ -0,0 +1,123 @@ +{ + "test_id": "ACL-U10", + "timestamp": "2026-03-17T14:49:56Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u10.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:empty"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U11.json new file mode 100644 index 00000000..cd170e27 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U11.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-U11", + "timestamp": "2026-03-17T14:50:06Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u11.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["kratail2tid@passkey", "tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "100.90.199.68", "fd7a:115c:a1e0::2d01:c747", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U12.json new file mode 100644 index 00000000..f61bc2b8 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U12.json @@ -0,0 +1,143 @@ +{ + "test_id": "ACL-U12", + "timestamp": "2026-03-17T14:50:17Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_u12.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["group:admins", "tag:client"], + "dst": ["tag:server:22"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "100.90.199.68", "fd7a:115c:a1e0::2d01:c747", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 22, + "Last": 22 + } + }, + { + "IP": "fd7a:115c:a1e0::b901:4a87", + "Ports": { + "First": 22, + "Last": 22 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W01.json new file mode 100644 index 00000000..d4a5bb63 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W01.json @@ -0,0 +1,267 @@ +{ + "test_id": "ACL-W01", + "timestamp": "2026-03-17T14:50:27Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_w01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W02.json new file mode 100644 index 00000000..35242597 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W02.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-W02", + "timestamp": "2026-03-17T14:50:38Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_w02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["100.90.199.68"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W03.json new file mode 100644 index 00000000..6c1cc135 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W03.json @@ -0,0 +1,227 @@ +{ + "test_id": "ACL-W03", + "timestamp": "2026-03-17T14:50:48Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_w03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["100.64.0.0/16"], + "dst": ["*:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.64.0.0/16"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.64.0.0/16"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.64.0.0/16"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.64.0.0/16"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.64.0.0/16"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.64.0.0/16"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.64.0.0/16"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": ["100.64.0.0/16"], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W04.json new file mode 100644 index 00000000..686eb622 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W04.json @@ -0,0 +1,141 @@ +{ + "test_id": "ACL-W04", + "timestamp": "2026-03-17T14:50:59Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_w04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["100.108.74.26:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "100.108.74.26", + "Ports": { + "First": 0, + "Last": 65535 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W05.json new file mode 100644 index 00000000..dbd4ba67 --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W05.json @@ -0,0 +1,123 @@ +{ + "test_id": "ACL-W05", + "timestamp": "2026-03-17T14:51:09Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_w05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["100.64.0.0/12:*"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": null + }, + "subnet-router": { + "packet_filter_rules": null + }, + "tagged-client": { + "packet_filter_rules": null + }, + "tagged-prod": { + "packet_filter_rules": null + }, + "tagged-server": { + "packet_filter_rules": null + }, + "user-kris": { + "packet_filter_rules": null + }, + "user-mon": { + "packet_filter_rules": null + }, + "user1": { + "packet_filter_rules": null + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W06.json new file mode 100644 index 00000000..6980de0a --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W06.json @@ -0,0 +1,267 @@ +{ + "test_id": "ACL-W06", + "timestamp": "2026-03-17T14:51:20Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_w06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["*:80"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 80, + "Last": 80 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W07.json new file mode 100644 index 00000000..6650ca3a --- /dev/null +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W07.json @@ -0,0 +1,267 @@ +{ + "test_id": "ACL-W07", + "timestamp": "2026-03-17T14:51:30Z", + "propagation_wait_seconds": 10, + "input": { + "policy_file": "acl_policies/acl_w07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8", + "subnet24": "192.168.1.0/24" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "acls": [ + { + "action": "accept", + "src": ["*"], + "dst": ["*:443"] + } + ] + }, + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "hostname": "exit-node", + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "hostname": "subnet-router", + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "hostname": "tagged-client", + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "hostname": "tagged-prod", + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "hostname": "tagged-server", + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "hostname": "user-kris", + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "hostname": "user-mon", + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "hostname": "user1", + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "subnet-router": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "tagged-client": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "tagged-prod": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "tagged-server": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-kris": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user-mon": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + }, + "user1": { + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { + "IP": "*", + "Ports": { + "First": 443, + "Last": 443 + } + } + ] + } + ] + } + } +} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-all_dest_types_7_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-all_dest_types_7_2.json deleted file mode 100644 index 12b04d8b..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-all_dest_types_7_2.json +++ /dev/null @@ -1,233 +0,0 @@ -{ - "test_id": "ACL-all_dest_types_7_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": [ - "tag:server:22", - "tag:database:5432", - "webserver:80", - "database:443", - "group:admins:8080", - "kratail2tid@:3000", - "100.108.74.26:9000" - ] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 8080, - "Last": 8080 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 8080, - "Last": 8080 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 3000, - "Last": 3000 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 3000, - "Last": 3000 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 9000, - "Last": 9000 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 9000, - "Last": 9000 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_as_destinations.json b/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_as_destinations.json deleted file mode 100644 index da9435dc..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_as_destinations.json +++ /dev/null @@ -1,169 +0,0 @@ -{ - "test_id": "ACL-all_four_tags_as_destinations", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["kratail2tid@"], - "dst": ["tag:server:22", "tag:client:22", "tag:database:22", "tag:web:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.80.238.75/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::7901:ee86/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_as_sources.json b/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_as_sources.json deleted file mode 100644 index 26091e01..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_as_sources.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "test_id": "ACL-all_four_tags_as_sources", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:server", "tag:client", "tag:database", "tag:web"], - "dst": ["kratail2tid@:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_dests_9_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_dests_9_2.json deleted file mode 100644 index 7dd55b36..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_dests_9_2.json +++ /dev/null @@ -1,169 +0,0 @@ -{ - "test_id": "ACL-all_four_tags_dests_9_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:server:22", "tag:client:22", "tag:database:22", "tag:web:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.80.238.75/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::7901:ee86/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_sources_9_1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_sources_9_1.json deleted file mode 100644 index 86d61d1c..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-all_four_tags_sources_9_1.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "test_id": "ACL-all_four_tags_sources_9_1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:server", "tag:client", "tag:database", "tag:web"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-all_source_types_to_tag_server_7_1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-all_source_types_to_tag_server_7_1.json deleted file mode 100644 index d3021da9..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-all_source_types_to_tag_server_7_1.json +++ /dev/null @@ -1,117 +0,0 @@ -{ - "test_id": "ACL-all_source_types_to_tag_server_7_1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "autogroup:tagged", "group:admins", "tag:client", "webserver", "100.74.60.128"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-all_tagged_nodes_as_source_to_specific_destination.json b/hscontrol/policy/v2/testdata/acl_results/ACL-all_tagged_nodes_as_source_to_specific_destination.json deleted file mode 100644 index bf1f516b..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-all_tagged_nodes_as_source_to_specific_destination.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "test_id": "ACL-all_tagged_nodes_as_source_to_specific_destination", - "source": "headscale_adapted", - "parent_test": "BasicTags", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged"], - "dst": ["tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-all_to_all_subset_wildcard_wildcard_14_30.json b/hscontrol/policy/v2/testdata/acl_results/ACL-all_to_all_subset_wildcard_wildcard_14_30.json deleted file mode 100644 index 72fa3506..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-all_to_all_subset_wildcard_wildcard_14_30.json +++ /dev/null @@ -1,332 +0,0 @@ -{ - "test_id": "ACL-all_to_all_subset_wildcard_wildcard_14_30", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "autogroup:tagged"], - "dst": ["autogroup:member:22", "autogroup:tagged:80"] - }, - { - "action": "accept", - "src": ["*"], - "dst": ["*:443"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.80.238.75/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::7901:ee86/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-allow_all_wildcard.json b/hscontrol/policy/v2/testdata/acl_results/ACL-allow_all_wildcard.json deleted file mode 100644 index 3effcf1e..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-allow_all_wildcard.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "test_id": "ACL-allow_all_wildcard", - "source": "headscale_adapted", - "parent_test": "WildcardACLs", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_internet_as_destination.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_internet_as_destination.json deleted file mode 100644 index cb6d4a32..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_internet_as_destination.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "test_id": "ACL-autogroup_internet_as_destination", - "source": "headscale_adapted", - "parent_test": "Autogroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:internet:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_as_destination.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_as_destination.json deleted file mode 100644 index bb837976..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_as_destination.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-autogroup_member_as_destination", - "source": "headscale_adapted", - "parent_test": "Autogroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:member:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_as_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_as_source.json deleted file mode 100644 index 7c73d168..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_as_source.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "test_id": "ACL-autogroup_member_as_source", - "source": "headscale_adapted", - "parent_test": "Autogroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_plus_tag_client.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_plus_tag_client.json deleted file mode 100644 index f04ede9d..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_plus_tag_client.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-autogroup_member_plus_tag_client", - "source": "headscale_adapted", - "parent_test": "Autogroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_plus_tag_client_1_1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_plus_tag_client_1_1.json deleted file mode 100644 index 1b1e71ab..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_plus_tag_client_1_1.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-autogroup_member_plus_tag_client_1_1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_to_self.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_to_self.json deleted file mode 100644 index 42490ead..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_member_to_self.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-autogroup_member_to_self", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["autogroup:self:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_self_as_destination.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_self_as_destination.json deleted file mode 100644 index 88321c88..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_self_as_destination.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-autogroup_self_as_destination", - "source": "headscale_adapted", - "parent_test": "Autogroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_self_mixed_with_tag.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_self_mixed_with_tag.json deleted file mode 100644 index 81deb312..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_self_mixed_with_tag.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-autogroup_self_mixed_with_tag", - "source": "headscale_adapted", - "parent_test": "Autogroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:*", "tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_as_destination.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_as_destination.json deleted file mode 100644 index eccd6b4e..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_as_destination.json +++ /dev/null @@ -1,225 +0,0 @@ -{ - "test_id": "ACL-autogroup_tagged_as_destination", - "source": "headscale_adapted", - "parent_test": "Autogroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:tagged:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "100.80.238.75/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::7901:ee86/128", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.80.238.75/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::7901:ee86/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_as_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_as_source.json deleted file mode 100644 index b55c72eb..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_as_source.json +++ /dev/null @@ -1,200 +0,0 @@ -{ - "test_id": "ACL-autogroup_tagged_as_source", - "source": "headscale_adapted", - "parent_test": "Autogroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_plus_all_4_tags_8_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_plus_all_4_tags_8_4.json deleted file mode 100644 index 6c67bd61..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_plus_all_4_tags_8_4.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "test_id": "ACL-autogroup_tagged_plus_all_4_tags_8_4", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged", "tag:server", "tag:client", "tag:database", "tag:web"], - "dst": ["autogroup:member:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_plus_autogroup_member_full_tailnet.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_plus_autogroup_member_full_tailnet.json deleted file mode 100644 index ca1b1249..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_plus_autogroup_member_full_tailnet.json +++ /dev/null @@ -1,117 +0,0 @@ -{ - "test_id": "ACL-autogroup_tagged_plus_autogroup_member_full_tailnet", - "source": "headscale_adapted", - "parent_test": "MixedSources", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged", "autogroup:member"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_to_self_13_6.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_to_self_13_6.json deleted file mode 100644 index b02f4a2d..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_to_self_13_6.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "test_id": "ACL-autogroup_tagged_to_self_13_6", - "source": "headscale_adapted", - "error": true, - "headscale_differs": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"] - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged"], - "dst": ["autogroup:self:*"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "autogroup:self can only be used with users, groups, or supported autogroups (400)" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_to_self_6_1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_to_self_6_1.json deleted file mode 100644 index 0396982d..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_to_self_6_1.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "test_id": "ACL-autogroup_tagged_to_self_6_1", - "source": "headscale_adapted", - "error": true, - "headscale_differs": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"] - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged"], - "dst": ["autogroup:self:*"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "autogroup:self can only be used with users, groups, or supported autogroups (400)" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_to_user.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_to_user.json deleted file mode 100644 index 710bde13..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroup_tagged_to_user.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "test_id": "ACL-autogroup_tagged_to_user", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged"], - "dst": ["kratail2tid@:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroups_wildcard_port_11_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-autogroups_wildcard_port_11_4.json deleted file mode 100644 index f48a12d4..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-autogroups_wildcard_port_11_4.json +++ /dev/null @@ -1,117 +0,0 @@ -{ - "test_id": "ACL-autogroups_wildcard_port_11_4", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged", "autogroup:member"], - "dst": ["tag:server:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_as_sources.json b/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_as_sources.json deleted file mode 100644 index 4b8fbfc9..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_as_sources.json +++ /dev/null @@ -1,117 +0,0 @@ -{ - "test_id": "ACL-both_autogroups_as_sources", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "autogroup:tagged"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_sources_9_3.json b/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_sources_9_3.json deleted file mode 100644 index ce0f3437..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_sources_9_3.json +++ /dev/null @@ -1,117 +0,0 @@ -{ - "test_id": "ACL-both_autogroups_sources_9_3", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "autogroup:tagged"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_to_self_plus_tag_9_5.json b/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_to_self_plus_tag_9_5.json deleted file mode 100644 index 658ca6b3..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_to_self_plus_tag_9_5.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "test_id": "ACL-both_autogroups_to_self_plus_tag_9_5", - "source": "headscale_adapted", - "error": true, - "headscale_differs": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"] - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "autogroup:tagged"], - "dst": ["autogroup:self:*", "tag:server:22"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "autogroup:self can only be used with users, groups, or supported autogroups (400)" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_to_wildcard.json b/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_to_wildcard.json deleted file mode 100644 index 3343c451..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_to_wildcard.json +++ /dev/null @@ -1,270 +0,0 @@ -{ - "test_id": "ACL-both_autogroups_to_wildcard", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged"], - "dst": ["*:*"] - }, - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_to_wildcard_14_42.json b/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_to_wildcard_14_42.json deleted file mode 100644 index f5d24d44..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-both_autogroups_to_wildcard_14_42.json +++ /dev/null @@ -1,287 +0,0 @@ -{ - "test_id": "ACL-both_autogroups_to_wildcard_14_42", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged"], - "dst": ["*:*"] - }, - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["*:*"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_as_destination.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_as_destination.json deleted file mode 100644 index 60578f84..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_as_destination.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "test_id": "ACL-cidr_as_destination", - "source": "headscale_adapted", - "parent_test": "WildcardACLs", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["100.64.0.0/12:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.64.0.0/12", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_as_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_as_source.json deleted file mode 100644 index 4318a15f..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_as_source.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "test_id": "ACL-cidr_as_source", - "source": "headscale_adapted", - "parent_test": "WildcardACLs", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["100.64.0.0/16"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/16"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/16"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/16"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/16"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/16"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_as_destination_no_matching_nodes.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_as_destination_no_matching_nodes.json deleted file mode 100644 index d6203109..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_as_destination_no_matching_nodes.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "test_id": "ACL-cidr_host_as_destination_no_matching_nodes", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["internal:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_as_source_v1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_as_source_v1.json deleted file mode 100644 index f154653c..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_as_source_v1.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "test_id": "ACL-cidr_host_as_source_v1", - "source": "headscale_adapted", - "parent_test": "Hosts", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["internal"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_as_source_v2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_as_source_v2.json deleted file mode 100644 index c03586f4..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_as_source_v2.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-cidr_host_as_source_v2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["internal"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_dest_6_6.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_dest_6_6.json deleted file mode 100644 index ace9a949..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_dest_6_6.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "test_id": "ACL-cidr_host_dest_6_6", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["internal:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_plus_tag_as_sources.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_plus_tag_as_sources.json deleted file mode 100644 index 35605e1b..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_plus_tag_as_sources.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-cidr_host_plus_tag_as_sources", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["internal", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8", "100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_plus_tag_sources_12_1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_plus_tag_sources_12_1.json deleted file mode 100644 index f5dffc0c..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_plus_tag_sources_12_1.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-cidr_host_plus_tag_sources_12_1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["webserver:22", "database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8", "100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_source_6_5.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_source_6_5.json deleted file mode 100644 index 1f37ba7a..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_host_source_6_5.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-cidr_host_source_6_5", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["internal"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_plus_tag.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_plus_tag.json deleted file mode 100644 index a0f601a1..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_plus_tag.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-cidr_plus_tag", - "source": "headscale_adapted", - "parent_test": "MixedSources", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["10.0.0.0/8", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8", "100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_subnet_plus_tag_as_sources_12_3.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_subnet_plus_tag_as_sources_12_3.json deleted file mode 100644 index 9b508247..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cidr_subnet_plus_tag_as_sources_12_3.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-cidr_subnet_plus_tag_as_sources_12_3", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["internal", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8", "100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cross_type_separate_rules.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cross_type_separate_rules.json deleted file mode 100644 index c0cbfe89..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cross_type_separate_rules.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "test_id": "ACL-cross_type_separate_rules", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-cross_type_separate_rules_10_1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-cross_type_separate_rules_10_1.json deleted file mode 100644 index 3f53bb46..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-cross_type_separate_rules_10_1.json +++ /dev/null @@ -1,153 +0,0 @@ -{ - "test_id": "ACL-cross_type_separate_rules_10_1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["group:admins:80"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-dest_order_db_server_5_2b.json b/hscontrol/policy/v2/testdata/acl_results/ACL-dest_order_db_server_5_2b.json deleted file mode 100644 index ff29ee8d..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-dest_order_db_server_5_2b.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-dest_order_db_server_5_2b", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:database:80", "tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-dest_order_server_db_5_2a.json b/hscontrol/policy/v2/testdata/acl_results/ACL-dest_order_server_db_5_2a.json deleted file mode 100644 index 974a4de6..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-dest_order_server_db_5_2a.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-dest_order_server_db_5_2a", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "tag:database:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-diff_srcs_same_dest_14_6_v1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-diff_srcs_same_dest_14_6_v1.json deleted file mode 100644 index 0169c776..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-diff_srcs_same_dest_14_6_v1.json +++ /dev/null @@ -1,131 +0,0 @@ -{ - "test_id": "ACL-diff_srcs_same_dest_14_6_v1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:web"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.94.92.91/32", "fd7a:115c:a1e0::ef01:5c81/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-diff_srcs_same_dest_14_6_v2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-diff_srcs_same_dest_14_6_v2.json deleted file mode 100644 index 190c0fa9..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-diff_srcs_same_dest_14_6_v2.json +++ /dev/null @@ -1,152 +0,0 @@ -{ - "test_id": "ACL-diff_srcs_same_dest_14_6_v2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:web"], - "dst": ["tag:server:22"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.94.92.91/32", "fd7a:115c:a1e0::ef01:5c81/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-different_sources_same_destination_separate.json b/hscontrol/policy/v2/testdata/acl_results/ACL-different_sources_same_destination_separate.json deleted file mode 100644 index ba2720ef..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-different_sources_same_destination_separate.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "test_id": "ACL-different_sources_same_destination_separate", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:web"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:database"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.94.92.91/32", "fd7a:115c:a1e0::ef01:5c81/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.74.60.128/32", "fd7a:115c:a1e0::2f01:3c9c/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-different_srcs_same_dest_two_rules_v1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-different_srcs_same_dest_two_rules_v1.json deleted file mode 100644 index f499ec67..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-different_srcs_same_dest_two_rules_v1.json +++ /dev/null @@ -1,131 +0,0 @@ -{ - "test_id": "ACL-different_srcs_same_dest_two_rules_v1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-different_srcs_same_dest_two_rules_v2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-different_srcs_same_dest_two_rules_v2.json deleted file mode 100644 index 3d6e5dbf..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-different_srcs_same_dest_two_rules_v2.json +++ /dev/null @@ -1,131 +0,0 @@ -{ - "test_id": "ACL-different_srcs_same_dest_two_rules_v2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:web"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.94.92.91/32", "fd7a:115c:a1e0::ef01:5c81/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-empty_group_produces_no_filter.json b/hscontrol/policy/v2/testdata/acl_results/ACL-empty_group_produces_no_filter.json deleted file mode 100644 index 69a13afb..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-empty_group_produces_no_filter.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "test_id": "ACL-empty_group_produces_no_filter", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:empty"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-empty_group_source_6_3.json b/hscontrol/policy/v2/testdata/acl_results/ACL-empty_group_source_6_3.json deleted file mode 100644 index ccf5fa4b..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-empty_group_source_6_3.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "test_id": "ACL-empty_group_source_6_3", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:empty"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-explicit_user_plus_tag.json b/hscontrol/policy/v2/testdata/acl_results/ACL-explicit_user_plus_tag.json deleted file mode 100644 index a083b9d8..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-explicit_user_plus_tag.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-explicit_user_plus_tag", - "source": "headscale_adapted", - "parent_test": "MixedSources", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["kratail2tid@", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-full_autogroups_with_wildcard_and_specific_port.json b/hscontrol/policy/v2/testdata/acl_results/ACL-full_autogroups_with_wildcard_and_specific_port.json deleted file mode 100644 index 1235f1f4..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-full_autogroups_with_wildcard_and_specific_port.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "test_id": "ACL-full_autogroups_with_wildcard_and_specific_port", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged", "autogroup:member"], - "dst": ["tag:server:*", "tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-full_wildcard_plus_specific_rule.json b/hscontrol/policy/v2/testdata/acl_results/ACL-full_wildcard_plus_specific_rule.json deleted file mode 100644 index 6f5364e1..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-full_wildcard_plus_specific_rule.json +++ /dev/null @@ -1,180 +0,0 @@ -{ - "test_id": "ACL-full_wildcard_plus_specific_rule", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["*:*"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_admins_22_plus_tag_server_80_2_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_admins_22_plus_tag_server_80_2_4.json deleted file mode 100644 index 076ce8c5..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_admins_22_plus_tag_server_80_2_4.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-group_admins_22_plus_tag_server_80_2_4", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["group:admins:22", "tag:server:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_admins_plus_tag_client_1_3.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_admins_plus_tag_client_1_3.json deleted file mode 100644 index 504217d4..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_admins_plus_tag_client_1_3.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-group_admins_plus_tag_client_1_3", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_admins_to_webserver_4_3.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_admins_to_webserver_4_3.json deleted file mode 100644 index b4ded1b3..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_admins_to_webserver_4_3.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-group_admins_to_webserver_4_3", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins"], - "dst": ["webserver:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_and_tag_destinations_distributed.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_and_tag_destinations_distributed.json deleted file mode 100644 index 01738a93..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_and_tag_destinations_distributed.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-group_and_tag_destinations_distributed", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["group:admins:22", "tag:server:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_and_user_same_person_same_dest.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_and_user_same_person_same_dest.json deleted file mode 100644 index 973c81ef..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_and_user_same_person_same_dest.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "test_id": "ACL-group_and_user_same_person_same_dest", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["kratail2tid@"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_as_destination.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_as_destination.json deleted file mode 100644 index a21a31d6..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_as_destination.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-group_as_destination", - "source": "headscale_adapted", - "parent_test": "UsersGroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["group:admins:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_as_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_as_source.json deleted file mode 100644 index d0de772c..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_as_source.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "test_id": "ACL-group_as_source", - "source": "headscale_adapted", - "parent_test": "UsersGroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_plus_tag.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_plus_tag.json deleted file mode 100644 index 54228dd2..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_plus_tag.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-group_plus_tag", - "source": "headscale_adapted", - "parent_test": "MixedSources", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_plus_user_same_person_same_dest_14_8.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_plus_user_same_person_same_dest_14_8.json deleted file mode 100644 index 4145c538..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_plus_user_same_person_same_dest_14_8.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "test_id": "ACL-group_plus_user_same_person_same_dest_14_8", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["kratail2tid@"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_to_host_alias.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_to_host_alias.json deleted file mode 100644 index 6d8c7aac..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_to_host_alias.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-group_to_host_alias", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins"], - "dst": ["webserver:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_to_self.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_to_self.json deleted file mode 100644 index 50d1497d..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_to_self.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-group_to_self", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins"], - "dst": ["autogroup:self:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_to_self_13_9.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_to_self_13_9.json deleted file mode 100644 index 0983a9f4..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_to_self_13_9.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-group_to_self_13_9", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins"], - "dst": ["autogroup:self:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-group_user_same_person_same_dest_14_8.json b/hscontrol/policy/v2/testdata/acl_results/ACL-group_user_same_person_same_dest_14_8.json deleted file mode 100644 index 89e00dc6..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-group_user_same_person_same_dest_14_8.json +++ /dev/null @@ -1,146 +0,0 @@ -{ - "test_id": "ACL-group_user_same_person_same_dest_14_8", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["kratail2tid@"], - "dst": ["tag:server:22"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-host_as_destination.json b/hscontrol/policy/v2/testdata/acl_results/ACL-host_as_destination.json deleted file mode 100644 index 536c55c8..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-host_as_destination.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "test_id": "ACL-host_as_destination", - "source": "headscale_adapted", - "parent_test": "Hosts", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["webserver:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-host_as_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-host_as_source.json deleted file mode 100644 index ad431ea9..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-host_as_source.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "test_id": "ACL-host_as_source", - "source": "headscale_adapted", - "parent_test": "Hosts", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["webserver"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-host_cidr_plus_raw_cidr_same_12_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-host_cidr_plus_raw_cidr_same_12_4.json deleted file mode 100644 index ae87efee..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-host_cidr_plus_raw_cidr_same_12_4.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-host_cidr_plus_raw_cidr_same_12_4", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["webserver:22", "database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-host_plus_tag.json b/hscontrol/policy/v2/testdata/acl_results/ACL-host_plus_tag.json deleted file mode 100644 index 1ced0711..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-host_plus_tag.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-host_plus_tag", - "source": "headscale_adapted", - "parent_test": "MixedSources", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["internal", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8", "100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-host_plus_tag_client_1_5.json b/hscontrol/policy/v2/testdata/acl_results/ACL-host_plus_tag_client_1_5.json deleted file mode 100644 index ecf20f8d..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-host_plus_tag_client_1_5.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-host_plus_tag_client_1_5", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["webserver", "tag:client"], - "dst": ["tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.108.74.26/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128" - ], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-host_to_self_13_13.json b/hscontrol/policy/v2/testdata/acl_results/ACL-host_to_self_13_13.json deleted file mode 100644 index 13d9a4f0..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-host_to_self_13_13.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "test_id": "ACL-host_to_self_13_13", - "source": "headscale_adapted", - "error": true, - "headscale_differs": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26" - }, - "acls": [ - { - "action": "accept", - "src": ["webserver"], - "dst": ["autogroup:self:*"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "autogroup:self can only be used with users, groups, or supported autogroups (400)" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-icmp_numeric_protocol.json b/hscontrol/policy/v2/testdata/acl_results/ACL-icmp_numeric_protocol.json deleted file mode 100644 index e7affbcb..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-icmp_numeric_protocol.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "test_id": "ACL-icmp_numeric_protocol", - "source": "headscale_adapted", - "parent_test": "ProtocolsPorts", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "proto": "1", - "dst": ["tag:server:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [1] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-many_sources_many_destinations_7_5.json b/hscontrol/policy/v2/testdata/acl_results/ACL-many_sources_many_destinations_7_5.json deleted file mode 100644 index 00e48444..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-many_sources_many_destinations_7_5.json +++ /dev/null @@ -1,191 +0,0 @@ -{ - "test_id": "ACL-many_sources_many_destinations_7_5", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": [ - "autogroup:member", - "group:admins", - "kratail2tid@", - "tag:client", - "tag:web", - "100.80.238.75", - "100.94.92.91" - ], - "dst": ["tag:server:22", "webserver:80", "100.108.74.26:443", "group:admins:8080", "kratail2tid@:9000"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 9000, - "Last": 9000 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 9000, - "Last": 9000 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 8080, - "Last": 8080 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 8080, - "Last": 8080 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-member_to_self_13_5.json b/hscontrol/policy/v2/testdata/acl_results/ACL-member_to_self_13_5.json deleted file mode 100644 index d51ea9cc..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-member_to_self_13_5.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-member_to_self_13_5", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["autogroup:self:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_overlapping_rules.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_overlapping_rules.json deleted file mode 100644 index 5fcc4e5f..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_overlapping_rules.json +++ /dev/null @@ -1,169 +0,0 @@ -{ - "test_id": "ACL-mixed_overlapping_rules", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:80"] - }, - { - "action": "accept", - "src": ["tag:web"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:web"], - "dst": ["tag:server:443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.94.92.91/32", "fd7a:115c:a1e0::ef01:5c81/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_source_order_client_member_5_3b.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_source_order_client_member_5_3b.json deleted file mode 100644 index 99a01bb1..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_source_order_client_member_5_3b.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-mixed_source_order_client_member_5_3b", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client", "autogroup:member"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_source_order_member_client_5_3a.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_source_order_member_client_5_3a.json deleted file mode 100644 index 318426f1..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_source_order_member_client_5_3a.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-mixed_source_order_member_client_5_3a", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_comma_ports.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_comma_ports.json deleted file mode 100644 index dafa4d3b..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_comma_ports.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "test_id": "ACL-mixed_sources_comma_ports", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "tag:client"], - "dst": ["tag:server:22,80,443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_comma_ports_11_1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_comma_ports_11_1.json deleted file mode 100644 index 99b7d8e0..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_comma_ports_11_1.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "test_id": "ACL-mixed_sources_comma_ports_11_1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "tag:client"], - "dst": ["tag:server:22,80,443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_in_multiple_rules.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_in_multiple_rules.json deleted file mode 100644 index 589d49e2..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_in_multiple_rules.json +++ /dev/null @@ -1,137 +0,0 @@ -{ - "test_id": "ACL-mixed_sources_in_multiple_rules", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client", "tag:web"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["autogroup:member", "group:admins"], - "dst": ["tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_mixed_port_formats_11_3.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_mixed_port_formats_11_3.json deleted file mode 100644 index 2d93712a..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_mixed_port_formats_11_3.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "test_id": "ACL-mixed_sources_mixed_port_formats_11_3", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client", "tag:web"], - "dst": ["tag:server:22", "tag:server:80-443", "tag:database:5432,3306"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 3306, - "Last": 3306 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 3306, - "Last": 3306 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_multiple_rules_10_5.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_multiple_rules_10_5.json deleted file mode 100644 index 1749ddaf..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_multiple_rules_10_5.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "test_id": "ACL-mixed_sources_multiple_rules_10_5", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client", "tag:web"], - "dst": ["tag:server:22", "tag:server:80-443", "tag:database:5432,3306"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_port_range_11_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_port_range_11_2.json deleted file mode 100644 index b71779f0..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_port_range_11_2.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-mixed_sources_port_range_11_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins", "webserver"], - "dst": ["tag:server:80-443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::b901:4a87/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_with_port_range.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_with_port_range.json deleted file mode 100644 index 3cb07aec..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_with_port_range.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-mixed_sources_with_port_range", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "tag:client"], - "dst": ["tag:server:80-443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_with_port_range_11_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_with_port_range_11_2.json deleted file mode 100644 index 7dc88fdd..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_sources_with_port_range_11_2.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-mixed_sources_with_port_range_11_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins", "webserver"], - "dst": ["tag:server:80-443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.90.199.68/32", - "100.108.74.26/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::b901:4a87/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_valid_invalid_sources_to_self_13_25.json b/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_valid_invalid_sources_to_self_13_25.json deleted file mode 100644 index 66c34039..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-mixed_valid_invalid_sources_to_self_13_25.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "test_id": "ACL-mixed_valid_invalid_sources_to_self_13_25", - "source": "headscale_adapted", - "error": true, - "headscale_differs": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:client": ["kratail2tid@"] - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "tag:client"], - "dst": ["autogroup:self:*"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "autogroup:self can only be used with users, groups, or supported autogroups (400)" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_cidr_hosts_as_sources.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_cidr_hosts_as_sources.json deleted file mode 100644 index ec5110b5..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_cidr_hosts_as_sources.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-multiple_cidr_hosts_as_sources", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["internal", "subnet24"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_cidr_hosts_sources_12_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_cidr_hosts_sources_12_2.json deleted file mode 100644 index 94361aa5..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_cidr_hosts_sources_12_2.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-multiple_cidr_hosts_sources_12_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["webserver:22", "database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8", "192.168.1.0/24"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_cidr_plus_tag_destinations_12_5.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_cidr_plus_tag_destinations_12_5.json deleted file mode 100644 index adc7b25f..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_cidr_plus_tag_destinations_12_5.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-multiple_cidr_plus_tag_destinations_12_5", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["internal:22", "subnet24:80", "tag:server:443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_comma_separated_ports.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_comma_separated_ports.json deleted file mode 100644 index b19646b3..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_comma_separated_ports.json +++ /dev/null @@ -1,134 +0,0 @@ -{ - "test_id": "ACL-multiple_comma_separated_ports", - "source": "headscale_adapted", - "parent_test": "ProtocolsPorts", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["tag:server:22,80,443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_destination_tags.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_destination_tags.json deleted file mode 100644 index 928a2205..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_destination_tags.json +++ /dev/null @@ -1,148 +0,0 @@ -{ - "test_id": "ACL-multiple_destination_tags", - "source": "headscale_adapted", - "parent_test": "BasicTags", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "tag:database:5432", "tag:web:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_destinations_different_ports.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_destinations_different_ports.json deleted file mode 100644 index 3c0f455f..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_destinations_different_ports.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-multiple_destinations_different_ports", - "source": "headscale_adapted", - "parent_test": "UsersGroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_host_destinations.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_host_destinations.json deleted file mode 100644 index 58c30a8b..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_host_destinations.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-multiple_host_destinations", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["webserver:22", "database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_rules_same_source_merged.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_rules_same_source_merged.json deleted file mode 100644 index befe2d5b..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_rules_same_source_merged.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "test_id": "ACL-multiple_rules_same_source_merged", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:80,443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_source_tags.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_source_tags.json deleted file mode 100644 index 9900ca22..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_source_tags.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-multiple_source_tags", - "source": "headscale_adapted", - "parent_test": "BasicTags", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client", "tag:web"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_tag_destinations_distributed.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_tag_destinations_distributed.json deleted file mode 100644 index 08aba199..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_tag_destinations_distributed.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-multiple_tag_destinations_distributed", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_tags_as_sources.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_tags_as_sources.json deleted file mode 100644 index a25ae1eb..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_tags_as_sources.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "test_id": "ACL-multiple_tags_as_sources", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client", "tag:web", "tag:database"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_wildcard_src_rules_14_37.json b/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_wildcard_src_rules_14_37.json deleted file mode 100644 index 1112969e..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-multiple_wildcard_src_rules_14_37.json +++ /dev/null @@ -1,210 +0,0 @@ -{ - "test_id": "ACL-multiple_wildcard_src_rules_14_37", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["*"], - "dst": ["tag:database:5432"] - }, - { - "action": "accept", - "src": ["*"], - "dst": ["*:80"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-overlapping_destinations_different_sources.json b/hscontrol/policy/v2/testdata/acl_results/ACL-overlapping_destinations_different_sources.json deleted file mode 100644 index 87a33cef..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-overlapping_destinations_different_sources.json +++ /dev/null @@ -1,270 +0,0 @@ -{ - "test_id": "ACL-overlapping_destinations_different_sources", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins"], - "dst": ["*:*"] - }, - { - "action": "accept", - "src": ["autogroup:tagged"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-overlapping_dests_diff_sources_10_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-overlapping_dests_diff_sources_10_2.json deleted file mode 100644 index 7b9c391c..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-overlapping_dests_diff_sources_10_2.json +++ /dev/null @@ -1,161 +0,0 @@ -{ - "test_id": "ACL-overlapping_dests_diff_sources_10_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["autogroup:tagged"], - "dst": ["tag:server:22"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-overlapping_dests_same_src_different_rules.json b/hscontrol/policy/v2/testdata/acl_results/ACL-overlapping_dests_same_src_different_rules.json deleted file mode 100644 index bb619e1c..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-overlapping_dests_same_src_different_rules.json +++ /dev/null @@ -1,140 +0,0 @@ -{ - "test_id": "ACL-overlapping_dests_same_src_different_rules", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["group:admins"], - "dst": ["tag:server:*"] - }, - { - "action": "accept", - "src": ["autogroup:tagged"], - "dst": ["tag:server:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-port_range.json b/hscontrol/policy/v2/testdata/acl_results/ACL-port_range.json deleted file mode 100644 index 05e7f806..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-port_range.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-port_range", - "source": "headscale_adapted", - "parent_test": "ProtocolsPorts", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["tag:server:80-443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_plus_tag.json b/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_plus_tag.json deleted file mode 100644 index a1b6d841..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_plus_tag.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-raw_ip_plus_tag", - "source": "headscale_adapted", - "parent_test": "MixedSources", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["100.90.199.68", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "100.80.238.75/32", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_plus_tag_client_1_6.json b/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_plus_tag_client_1_6.json deleted file mode 100644 index 09bbd514..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_plus_tag_client_1_6.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-raw_ip_plus_tag_client_1_6", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["100.90.199.68", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_to_self_13_14.json b/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_to_self_13_14.json deleted file mode 100644 index 8e5884eb..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_to_self_13_14.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "test_id": "ACL-raw_ip_to_self_13_14", - "source": "headscale_adapted", - "error": true, - "headscale_differs": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"] - }, - "acls": [ - { - "action": "accept", - "src": ["100.90.199.68"], - "dst": ["autogroup:self:*"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "autogroup:self can only be used with users, groups, or supported autogroups (400)" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_to_tag_server_4_7.json b/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_to_tag_server_4_7.json deleted file mode 100644 index f38c91d8..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-raw_ip_to_tag_server_4_7.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-raw_ip_to_tag_server_4_7", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["100.90.199.68"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_cidr_via_host_and_raw.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_cidr_via_host_and_raw.json deleted file mode 100644 index d2f055bb..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_cidr_via_host_and_raw.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-same_cidr_via_host_and_raw", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["internal", "10.0.0.0/8"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["10.0.0.0/8"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_dest_node_different_ports_via_different_refs_2_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_dest_node_different_ports_via_different_refs_2_2.json deleted file mode 100644 index 358480b7..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_dest_node_different_ports_via_different_refs_2_2.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "test_id": "ACL-same_dest_node_different_ports_via_different_refs_2_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "webserver:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_dest_node_via_tag_vs_host_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_dest_node_via_tag_vs_host_source.json deleted file mode 100644 index 3d154b9f..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_dest_node_via_tag_vs_host_source.json +++ /dev/null @@ -1,131 +0,0 @@ -{ - "test_id": "ACL-same_dest_node_via_tag_vs_host_source", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["webserver"], - "dst": ["tag:server:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_entity_src_and_dst_14_26.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_entity_src_and_dst_14_26.json deleted file mode 100644 index f0fa5e67..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_entity_src_and_dst_14_26.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "test_id": "ACL-same_entity_src_and_dst_14_26", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["autogroup:member:22"] - }, - { - "action": "accept", - "src": ["group:admins"], - "dst": ["group:admins:22"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_3_ways_dest_8_5.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_3_ways_dest_8_5.json deleted file mode 100644 index b5f1490a..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_3_ways_dest_8_5.json +++ /dev/null @@ -1,134 +0,0 @@ -{ - "test_id": "ACL-same_ip_port_3_ways_dest_8_5", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "webserver:22", "100.108.74.26:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_tag_and_host_dest_3_3.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_tag_and_host_dest_3_3.json deleted file mode 100644 index 459b9039..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_tag_and_host_dest_3_3.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "test_id": "ACL-same_ip_port_tag_and_host_dest_3_3", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "webserver:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_tag_and_raw_ip_dest_3_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_tag_and_raw_ip_dest_3_4.json deleted file mode 100644 index 34f92f16..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_tag_and_raw_ip_dest_3_4.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "test_id": "ACL-same_ip_port_tag_and_raw_ip_dest_3_4", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "100.108.74.26:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_via_tag_and_host_dest.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_via_tag_and_host_dest.json deleted file mode 100644 index df700053..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_via_tag_and_host_dest.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "test_id": "ACL-same_ip_port_via_tag_and_host_dest", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "webserver:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_via_tag_and_raw_ip_dest.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_via_tag_and_raw_ip_dest.json deleted file mode 100644 index c5f24c7e..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_port_via_tag_and_raw_ip_dest.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "test_id": "ACL-same_ip_port_via_tag_and_raw_ip_dest", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "100.108.74.26:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_two_ways_as_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_two_ways_as_source.json deleted file mode 100644 index da026155..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_two_ways_as_source.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-same_ip_two_ways_as_source", - "source": "headscale_adapted", - "parent_test": "MixedSources", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:server", "webserver"], - "dst": ["tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_via_tag_and_host_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_via_tag_and_host_source.json deleted file mode 100644 index 84fd72af..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_ip_via_tag_and_host_source.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-same_ip_via_tag_and_host_source", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:server", "webserver"], - "dst": ["tag:client:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "100.80.238.75/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::7901:ee86/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_node_5_ports_different_refs_8_7.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_node_5_ports_different_refs_8_7.json deleted file mode 100644 index f4873b35..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_node_5_ports_different_refs_8_7.json +++ /dev/null @@ -1,162 +0,0 @@ -{ - "test_id": "ACL-same_node_5_ports_different_refs_8_7", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "tag:server:80", "tag:server:443", "webserver:8080", "100.108.74.26:9000"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 8080, - "Last": 8080 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 8080, - "Last": 8080 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 9000, - "Last": 9000 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 9000, - "Last": 9000 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_node_different_ports_via_tag_and_host.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_node_different_ports_via_tag_and_host.json deleted file mode 100644 index 1c790d65..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_node_different_ports_via_tag_and_host.json +++ /dev/null @@ -1,141 +0,0 @@ -{ - "test_id": "ACL-same_node_different_ports_via_tag_and_host", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "webserver:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_diff_dests_14_1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_diff_dests_14_1.json deleted file mode 100644 index 7a85cf6c..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_diff_dests_14_1.json +++ /dev/null @@ -1,153 +0,0 @@ -{ - "test_id": "ACL-same_src_diff_dests_14_1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:database:5432"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dest_nodes_separate.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dest_nodes_separate.json deleted file mode 100644 index d1b249f7..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dest_nodes_separate.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "test_id": "ACL-same_src_different_dest_nodes_separate", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dest_ports_merged.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dest_ports_merged.json deleted file mode 100644 index 82a6e4bf..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dest_ports_merged.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "test_id": "ACL-same_src_different_dest_ports_merged", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dests_two_rules.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dests_two_rules.json deleted file mode 100644 index 76f75603..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dests_two_rules.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "test_id": "ACL-same_src_different_dests_two_rules", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dests_two_rules_distributed.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dests_two_rules_distributed.json deleted file mode 100644 index f5c094af..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_different_dests_two_rules_distributed.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "test_id": "ACL-same_src_different_dests_two_rules_distributed", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_five_dests_overlap_14_49.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_five_dests_overlap_14_49.json deleted file mode 100644 index a17e99dd..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_five_dests_overlap_14_49.json +++ /dev/null @@ -1,213 +0,0 @@ -{ - "test_id": "ACL-same_src_five_dests_overlap_14_49", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:database:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:web:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["webserver:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["database:22"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_four_dests.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_four_dests.json deleted file mode 100644 index 714969b8..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_four_dests.json +++ /dev/null @@ -1,177 +0,0 @@ -{ - "test_id": "ACL-same_src_four_dests", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:database:5432"] - }, - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:web:80"] - }, - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["webserver:443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_four_dests_14_47.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_four_dests_14_47.json deleted file mode 100644 index 39bad976..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_four_dests_14_47.json +++ /dev/null @@ -1,194 +0,0 @@ -{ - "test_id": "ACL-same_src_four_dests_14_47", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:database:5432"] - }, - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:web:80"] - }, - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["webserver:443"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_same_dest_diff_ports_merged_14_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_same_dest_diff_ports_merged_14_2.json deleted file mode 100644 index 1cea17b5..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_same_dest_diff_ports_merged_14_2.json +++ /dev/null @@ -1,146 +0,0 @@ -{ - "test_id": "ACL-same_src_same_dest_diff_ports_merged_14_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:80"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_same_dest_different_ports_two_rules.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_same_dest_different_ports_two_rules.json deleted file mode 100644 index 29afe4ba..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_same_dest_different_ports_two_rules.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "test_id": "ACL-same_src_same_dest_different_ports_two_rules", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_same_dest_different_ports_two_rules_merged.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_same_dest_different_ports_two_rules_merged.json deleted file mode 100644 index 50685c47..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_same_dest_different_ports_two_rules_merged.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "test_id": "ACL-same_src_same_dest_different_ports_two_rules_merged", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_three_diff_dests_14_23.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_three_diff_dests_14_23.json deleted file mode 100644 index 56490f93..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_three_diff_dests_14_23.json +++ /dev/null @@ -1,175 +0,0 @@ -{ - "test_id": "ACL-same_src_three_diff_dests_14_23", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:database:5432"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:web:80"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_three_different_dests.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_three_different_dests.json deleted file mode 100644 index 308ebf52..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_src_three_different_dests.json +++ /dev/null @@ -1,158 +0,0 @@ -{ - "test_id": "ACL-same_src_three_different_dests", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:database:5432"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:web:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_user_different_ports_via_email_and_group_2_6.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_user_different_ports_via_email_and_group_2_6.json deleted file mode 100644 index 731ae7cb..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_user_different_ports_via_email_and_group_2_6.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "test_id": "ACL-same_user_different_ports_via_email_and_group_2_6", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["kratail2tid@:22", "group:admins:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-same_user_three_ways.json b/hscontrol/policy/v2/testdata/acl_results/ACL-same_user_three_ways.json deleted file mode 100644 index e5ddf090..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-same_user_three_ways.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-same_user_three_ways", - "source": "headscale_adapted", - "parent_test": "MixedSources", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "group:admins", "kratail2tid@"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-self_as_source_13_41.json b/hscontrol/policy/v2/testdata/acl_results/ACL-self_as_source_13_41.json deleted file mode 100644 index de99dde7..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-self_as_source_13_41.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "test_id": "ACL-self_as_source_13_41", - "source": "headscale_adapted", - "error": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"] - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:self"], - "dst": ["tag:server:22"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-self_overlap_with_explicit_user_13_86.json b/hscontrol/policy/v2/testdata/acl_results/ACL-self_overlap_with_explicit_user_13_86.json deleted file mode 100644 index 01b0e908..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-self_overlap_with_explicit_user_13_86.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "test_id": "ACL-self_overlap_with_explicit_user_13_86", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:22", "kratail2tid@:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-self_twice_different_ports_13_36.json b/hscontrol/policy/v2/testdata/acl_results/ACL-self_twice_different_ports_13_36.json deleted file mode 100644 index 0aeab734..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-self_twice_different_ports_13_36.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "test_id": "ACL-self_twice_different_ports_13_36", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:22"] - }, - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-self_twice_separate_rules_merged.json b/hscontrol/policy/v2/testdata/acl_results/ACL-self_twice_separate_rules_merged.json deleted file mode 100644 index 6e75d30d..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-self_twice_separate_rules_merged.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "test_id": "ACL-self_twice_separate_rules_merged", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:22"] - }, - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-self_without_port_13_43.json b/hscontrol/policy/v2/testdata/acl_results/ACL-self_without_port_13_43.json deleted file mode 100644 index 47a05690..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-self_without_port_13_43.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "test_id": "ACL-self_without_port_13_43", - "source": "headscale_adapted", - "error": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"] - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-single_ip_as_destination.json b/hscontrol/policy/v2/testdata/acl_results/ACL-single_ip_as_destination.json deleted file mode 100644 index 464d0f28..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-single_ip_as_destination.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "test_id": "ACL-single_ip_as_destination", - "source": "headscale_adapted", - "parent_test": "WildcardACLs", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["100.108.74.26:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-single_ip_as_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-single_ip_as_source.json deleted file mode 100644 index 21e0c1b9..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-single_ip_as_source.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "test_id": "ACL-single_ip_as_source", - "source": "headscale_adapted", - "parent_test": "WildcardACLs", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["100.90.199.68"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-six_rules_mixed_patterns_14_50.json b/hscontrol/policy/v2/testdata/acl_results/ACL-six_rules_mixed_patterns_14_50.json deleted file mode 100644 index 9356b418..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-six_rules_mixed_patterns_14_50.json +++ /dev/null @@ -1,297 +0,0 @@ -{ - "test_id": "ACL-six_rules_mixed_patterns_14_50", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:server"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:client:22"] - }, - { - "action": "accept", - "src": ["tag:database"], - "dst": ["tag:database:22"] - }, - { - "action": "accept", - "src": ["tag:web"], - "dst": ["tag:web:22"] - }, - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["*:80"] - }, - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:member:443"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.80.238.75/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::7901:ee86/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.74.60.128/32", "fd7a:115c:a1e0::2f01:3c9c/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.94.92.91/32", "fd7a:115c:a1e0::ef01:5c81/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-six_rules_mixing_all_patterns.json b/hscontrol/policy/v2/testdata/acl_results/ACL-six_rules_mixing_all_patterns.json deleted file mode 100644 index f41f3b5a..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-six_rules_mixing_all_patterns.json +++ /dev/null @@ -1,280 +0,0 @@ -{ - "test_id": "ACL-six_rules_mixing_all_patterns", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:server"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:client:22"] - }, - { - "action": "accept", - "src": ["tag:database"], - "dst": ["tag:database:22"] - }, - { - "action": "accept", - "src": ["tag:web"], - "dst": ["tag:web:22"] - }, - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["*:80"] - }, - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:member:443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.80.238.75/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::7901:ee86/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.74.60.128/32", "fd7a:115c:a1e0::2f01:3c9c/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.94.92.91/32", "fd7a:115c:a1e0::ef01:5c81/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-source_order_client_web_5_1a.json b/hscontrol/policy/v2/testdata/acl_results/ACL-source_order_client_web_5_1a.json deleted file mode 100644 index 61f2916d..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-source_order_client_web_5_1a.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-source_order_client_web_5_1a", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client", "tag:web"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-source_order_independence.json b/hscontrol/policy/v2/testdata/acl_results/ACL-source_order_independence.json deleted file mode 100644 index 75ec538d..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-source_order_independence.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-source_order_independence", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:web", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-source_order_web_client_5_1b.json b/hscontrol/policy/v2/testdata/acl_results/ACL-source_order_web_client_5_1b.json deleted file mode 100644 index 2f6e8127..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-source_order_web_client_5_1b.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-source_order_web_client_5_1b", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:web", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-specific_user_to_self.json b/hscontrol/policy/v2/testdata/acl_results/ACL-specific_user_to_self.json deleted file mode 100644 index 6d584bad..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-specific_user_to_self.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-specific_user_to_self", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["kratail2tid@"], - "dst": ["autogroup:self:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-specific_user_to_self_13_8.json b/hscontrol/policy/v2/testdata/acl_results/ACL-specific_user_to_self_13_8.json deleted file mode 100644 index 75b89349..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-specific_user_to_self_13_8.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-specific_user_to_self_13_8", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["kratail2tid@"], - "dst": ["autogroup:self:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_as_destination_only.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_as_destination_only.json deleted file mode 100644 index 1fa5011a..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_as_destination_only.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-tag_as_destination_only", - "source": "headscale_adapted", - "parent_test": "BasicTags", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_as_source_wildcard_dest.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_as_source_wildcard_dest.json deleted file mode 100644 index 334d2869..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_as_source_wildcard_dest.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "test_id": "ACL-tag_as_source_wildcard_dest", - "source": "headscale_adapted", - "parent_test": "BasicTags", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_client_to_raw_ip_4_8.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_client_to_raw_ip_4_8.json deleted file mode 100644 index f013caf6..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_client_to_raw_ip_4_8.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-tag_client_to_raw_ip_4_8", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["100.108.74.26:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_client_to_tag_server_port_22.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_client_to_tag_server_port_22.json deleted file mode 100644 index c5cb9122..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_client_to_tag_server_port_22.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-tag_client_to_tag_server_port_22", - "source": "headscale_adapted", - "parent_test": "BasicTags", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_database_plus_host_database_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_database_plus_host_database_source.json deleted file mode 100644 index 11a57e0a..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_database_plus_host_database_source.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-tag_database_plus_host_database_source", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:database", "database"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.74.60.128/32", "fd7a:115c:a1e0::2f01:3c9c/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_plus_raw_ip_same_node_different_ports.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_plus_raw_ip_same_node_different_ports.json deleted file mode 100644 index 85d30c8a..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_plus_raw_ip_same_node_different_ports.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "test_id": "ACL-tag_plus_raw_ip_same_node_different_ports", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "100.108.74.26:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_server_22_plus_raw_ip_80_2_3.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_server_22_plus_raw_ip_80_2_3.json deleted file mode 100644 index e98934f5..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_server_22_plus_raw_ip_80_2_3.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "test_id": "ACL-tag_server_22_plus_raw_ip_80_2_3", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "100.108.74.26:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_server_22_plus_tag_database_5432_2_1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_server_22_plus_tag_database_5432_2_1.json deleted file mode 100644 index 4bf3a3ec..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_server_22_plus_tag_database_5432_2_1.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-tag_server_22_plus_tag_database_5432_2_1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_server_plus_webserver_same_ip_1_8.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_server_plus_webserver_same_ip_1_8.json deleted file mode 100644 index 4788f7fb..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_server_plus_webserver_same_ip_1_8.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-tag_server_plus_webserver_same_ip_1_8", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:server", "webserver"], - "dst": ["tag:client:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "100.80.238.75/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::7901:ee86/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_source_to_self_dest_only_4_5.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_source_to_self_dest_only_4_5.json deleted file mode 100644 index 5d34dc88..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_source_to_self_dest_only_4_5.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "test_id": "ACL-tag_source_to_self_dest_only_4_5", - "source": "headscale_adapted", - "error": true, - "headscale_differs": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:client": ["kratail2tid@"] - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["autogroup:self:*"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "autogroup:self can only be used with users, groups, or supported autogroups (400)" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_source_with_self_dest_2_5.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_source_with_self_dest_2_5.json deleted file mode 100644 index 79fe9eea..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_source_with_self_dest_2_5.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "test_id": "ACL-tag_source_with_self_dest_2_5", - "source": "headscale_adapted", - "error": true, - "headscale_differs": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"] - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["autogroup:self:*", "tag:server:22"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "autogroup:self can only be used with users, groups, or supported autogroups (400)" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_to_member_and_group_same_14_18.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_to_member_and_group_same_14_18.json deleted file mode 100644 index a8284b0b..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_to_member_and_group_same_14_18.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "test_id": "ACL-tag_to_member_and_group_same_14_18", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["autogroup:member:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["group:admins:22"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_to_multiple_destinations_ports.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_to_multiple_destinations_ports.json deleted file mode 100644 index fdd333f9..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_to_multiple_destinations_ports.json +++ /dev/null @@ -1,148 +0,0 @@ -{ - "test_id": "ACL-tag_to_multiple_destinations_ports", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22", "tag:database:5432", "tag:web:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_to_self_13_10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tag_to_self_13_10.json deleted file mode 100644 index 74b25f95..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tag_to_self_13_10.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "test_id": "ACL-tag_to_self_13_10", - "source": "headscale_adapted", - "error": true, - "headscale_differs": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:client": ["kratail2tid@"] - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["autogroup:self:*"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "autogroup:self can only be used with users, groups, or supported autogroups (400)" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tagged_db_3_ways_source_8_3.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tagged_db_3_ways_source_8_3.json deleted file mode 100644 index d110eefc..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tagged_db_3_ways_source_8_3.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-tagged_db_3_ways_source_8_3", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:database", "database", "100.74.60.128"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.74.60.128/32", "fd7a:115c:a1e0::2f01:3c9c/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tagged_server_3_ways_source_8_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tagged_server_3_ways_source_8_2.json deleted file mode 100644 index f782a473..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tagged_server_3_ways_source_8_2.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-tagged_server_3_ways_source_8_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:server", "webserver", "100.108.74.26"], - "dst": ["tag:database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tagged_to_tagged_specific_tags_14_29.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tagged_to_tagged_specific_tags_14_29.json deleted file mode 100644 index 0f7d2377..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tagged_to_tagged_specific_tags_14_29.json +++ /dev/null @@ -1,327 +0,0 @@ -{ - "test_id": "ACL-tagged_to_tagged_specific_tags_14_29", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:tagged"], - "dst": ["autogroup:tagged:22"] - }, - { - "action": "accept", - "src": ["tag:client", "tag:web"], - "dst": ["autogroup:tagged:80"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.80.238.75/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::7901:ee86/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.80.238.75/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::7901:ee86/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": [ - "100.80.238.75/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-tcp_only_protocol.json b/hscontrol/policy/v2/testdata/acl_results/ACL-tcp_only_protocol.json deleted file mode 100644 index e18095eb..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-tcp_only_protocol.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "test_id": "ACL-tcp_only_protocol", - "source": "headscale_adapted", - "parent_test": "ProtocolsPorts", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "proto": "tcp", - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ten_sources_to_wildcard_7_3.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ten_sources_to_wildcard_7_3.json deleted file mode 100644 index 0e868103..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ten_sources_to_wildcard_7_3.json +++ /dev/null @@ -1,242 +0,0 @@ -{ - "test_id": "ACL-ten_sources_to_wildcard_7_3", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": [ - "autogroup:member", - "autogroup:tagged", - "group:admins", - "group:developers", - "kratail2tid@", - "tag:client", - "tag:web", - "tag:database", - "webserver", - "database" - ], - "dst": ["*:*"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.74.60.128/32", - "100.80.238.75/32", - "100.90.199.68/32", - "100.94.92.91/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::2f01:3c9c/128", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128", - "fd7a:115c:a1e0::ef01:5c81/128" - ], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-three_diff_srcs_same_dest_diff_ports_14_21.json b/hscontrol/policy/v2/testdata/acl_results/ACL-three_diff_srcs_same_dest_diff_ports_14_21.json deleted file mode 100644 index 37547660..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-three_diff_srcs_same_dest_diff_ports_14_21.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "test_id": "ACL-three_diff_srcs_same_dest_diff_ports_14_21", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:web"], - "dst": ["tag:server:80"] - }, - { - "action": "accept", - "src": ["tag:database"], - "dst": ["tag:server:443"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.94.92.91/32", "fd7a:115c:a1e0::ef01:5c81/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.74.60.128/32", "fd7a:115c:a1e0::2f01:3c9c/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-three_different_srcs_same_dest_different_ports_v1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-three_different_srcs_same_dest_different_ports_v1.json deleted file mode 100644 index 2ad65a65..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-three_different_srcs_same_dest_different_ports_v1.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "test_id": "ACL-three_different_srcs_same_dest_different_ports_v1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:web"], - "dst": ["tag:server:80"] - }, - { - "action": "accept", - "src": ["tag:database"], - "dst": ["tag:server:443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.94.92.91/32", "fd7a:115c:a1e0::ef01:5c81/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.74.60.128/32", "fd7a:115c:a1e0::2f01:3c9c/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-three_different_srcs_same_dest_different_ports_v2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-three_different_srcs_same_dest_different_ports_v2.json deleted file mode 100644 index 43d1b08f..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-three_different_srcs_same_dest_different_ports_v2.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "test_id": "ACL-three_different_srcs_same_dest_different_ports_v2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:web"], - "dst": ["tag:server:80"] - }, - { - "action": "accept", - "src": ["tag:database"], - "dst": ["tag:server:443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.94.92.91/32", "fd7a:115c:a1e0::ef01:5c81/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.74.60.128/32", "fd7a:115c:a1e0::2f01:3c9c/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-three_refs_same_user_same_dest_14_22.json b/hscontrol/policy/v2/testdata/acl_results/ACL-three_refs_same_user_same_dest_14_22.json deleted file mode 100644 index 548fdf74..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-three_refs_same_user_same_dest_14_22.json +++ /dev/null @@ -1,161 +0,0 @@ -{ - "test_id": "ACL-three_refs_same_user_same_dest_14_22", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["group:admins"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["kratail2tid@"], - "dst": ["tag:server:22"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-three_refs_same_user_same_dest_port.json b/hscontrol/policy/v2/testdata/acl_results/ACL-three_refs_same_user_same_dest_port.json deleted file mode 100644 index b81b18f0..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-three_refs_same_user_same_dest_port.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "test_id": "ACL-three_refs_same_user_same_dest_port", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["group:admins"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["kratail2tid@"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-three_rules_same_dest_10_3.json b/hscontrol/policy/v2/testdata/acl_results/ACL-three_rules_same_dest_10_3.json deleted file mode 100644 index 3629c8ee..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-three_rules_same_dest_10_3.json +++ /dev/null @@ -1,140 +0,0 @@ -{ - "test_id": "ACL-three_rules_same_dest_10_3", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "tag:client"], - "dst": ["tag:server:22,80,443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-three_rules_same_dest_different_sources.json b/hscontrol/policy/v2/testdata/acl_results/ACL-three_rules_same_dest_different_sources.json deleted file mode 100644 index e8975954..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-three_rules_same_dest_different_sources.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "test_id": "ACL-three_rules_same_dest_different_sources", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:80"] - }, - { - "action": "accept", - "src": ["autogroup:member"], - "dst": ["tag:server:443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-three_rules_same_dest_different_sources_10_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-three_rules_same_dest_different_sources_10_4.json deleted file mode 100644 index 0fde5f1a..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-three_rules_same_dest_different_sources_10_4.json +++ /dev/null @@ -1,146 +0,0 @@ -{ - "test_id": "ACL-three_rules_same_dest_different_sources_10_4", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client", "tag:web"], - "dst": ["tag:server:22", "tag:server:80-443", "tag:database:5432,3306"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-triple_src_ref_each_rule.json b/hscontrol/policy/v2/testdata/acl_results/ACL-triple_src_ref_each_rule.json deleted file mode 100644 index 021021c4..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-triple_src_ref_each_rule.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "test_id": "ACL-triple_src_ref_each_rule", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "group:admins", "kratail2tid@"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:server", "webserver", "100.108.74.26"], - "dst": ["group:admins:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-triple_src_ref_each_rule_14_45.json b/hscontrol/policy/v2/testdata/acl_results/ACL-triple_src_ref_each_rule_14_45.json deleted file mode 100644 index bdb1bf6c..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-triple_src_ref_each_rule_14_45.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "test_id": "ACL-triple_src_ref_each_rule_14_45", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "group:admins", "kratail2tid@"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["tag:server", "webserver", "100.108.74.26"], - "dst": ["group:admins:80"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-two_rules_multi_dest_partial_overlap_14_20.json b/hscontrol/policy/v2/testdata/acl_results/ACL-two_rules_multi_dest_partial_overlap_14_20.json deleted file mode 100644 index ffdd4e53..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-two_rules_multi_dest_partial_overlap_14_20.json +++ /dev/null @@ -1,190 +0,0 @@ -{ - "test_id": "ACL-two_rules_multi_dest_partial_overlap_14_20", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["tag:server:22", "tag:database:5432"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:80", "tag:web:443"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.94.92.91/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::ef01:5c81/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-udp_only_protocol.json b/hscontrol/policy/v2/testdata/acl_results/ACL-udp_only_protocol.json deleted file mode 100644 index a7738713..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-udp_only_protocol.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "test_id": "ACL-udp_only_protocol", - "source": "headscale_adapted", - "parent_test": "ProtocolsPorts", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "proto": "udp", - "dst": ["tag:server:53"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 53, - "Last": 53 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 53, - "Last": 53 - } - } - ], - "IPProto": [17] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-undefined_tag_source_6_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-undefined_tag_source_6_4.json deleted file mode 100644 index 322ced88..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-undefined_tag_source_6_4.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "test_id": "ACL-undefined_tag_source_6_4", - "source": "headscale_adapted", - "error": true, - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"] - }, - "acls": [ - { - "action": "accept", - "src": ["tag:nonexistent"], - "dst": ["tag:server:22"] - } - ] - }, - "api_response_code": 400, - "api_response_body": { - "message": "" - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-user1_4_ways_dest_8_6.json b/hscontrol/policy/v2/testdata/acl_results/ACL-user1_4_ways_dest_8_6.json deleted file mode 100644 index c2110601..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-user1_4_ways_dest_8_6.json +++ /dev/null @@ -1,148 +0,0 @@ -{ - "test_id": "ACL-user1_4_ways_dest_8_6", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["group:admins:22", "group:developers:22", "kratail2tid@:22", "100.90.199.68:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-user1_referenced_5_ways_8_1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-user1_referenced_5_ways_8_1.json deleted file mode 100644 index a7afcafe..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-user1_referenced_5_ways_8_1.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-user1_referenced_5_ways_8_1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "group:admins", "group:developers", "kratail2tid@", "100.90.199.68"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-user1_referenced_multiple_ways_as_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-user1_referenced_multiple_ways_as_source.json deleted file mode 100644 index 6ed94708..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-user1_referenced_multiple_ways_as_source.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-user1_referenced_multiple_ways_as_source", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "kratail2tid@", "group:admins", "group:developers", "100.90.199.68"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-user1_three_ways_1_7.json b/hscontrol/policy/v2/testdata/acl_results/ACL-user1_three_ways_1_7.json deleted file mode 100644 index 20595d56..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-user1_three_ways_1_7.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-user1_three_ways_1_7", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "group:admins", "kratail2tid@"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-user1_three_ways_source_3_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-user1_three_ways_source_3_2.json deleted file mode 100644 index b35ad361..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-user1_three_ways_source_3_2.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-user1_three_ways_source_3_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["autogroup:member", "kratail2tid@", "group:admins"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-user_as_destination.json b/hscontrol/policy/v2/testdata/acl_results/ACL-user_as_destination.json deleted file mode 100644 index 0f96eb63..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-user_as_destination.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-user_as_destination", - "source": "headscale_adapted", - "parent_test": "UsersGroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["kratail2tid@:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-user_as_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-user_as_source.json deleted file mode 100644 index a23e4124..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-user_as_source.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "test_id": "ACL-user_as_source", - "source": "headscale_adapted", - "parent_test": "UsersGroups", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["kratail2tid@"], - "dst": ["*:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-user_email_plus_tag_client_1_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-user_email_plus_tag_client_1_4.json deleted file mode 100644 index 09251ba9..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-user_email_plus_tag_client_1_4.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-user_email_plus_tag_client_1_4", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["kratail2tid@", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.80.238.75/32", - "100.90.199.68/32", - "fd7a:115c:a1e0::2d01:c747/128", - "fd7a:115c:a1e0::7901:ee86/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-user_to_user_22_group_to_user_80_14_27.json b/hscontrol/policy/v2/testdata/acl_results/ACL-user_to_user_22_group_to_user_80_14_27.json deleted file mode 100644 index c2ab311e..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-user_to_user_22_group_to_user_80_14_27.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "test_id": "ACL-user_to_user_22_group_to_user_80_14_27", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["kratail2tid@"], - "dst": ["kratail2tid@:22"] - }, - { - "action": "accept", - "src": ["group:admins"], - "dst": ["kratail2tid@:80"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-user_via_email_and_group_different_ports.json b/hscontrol/policy/v2/testdata/acl_results/ACL-user_via_email_and_group_different_ports.json deleted file mode 100644 index 29204786..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-user_via_email_and_group_different_ports.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "test_id": "ACL-user_via_email_and_group_different_ports", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["kratail2tid@:22", "group:admins:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-webserver_22_plus_database_5432_2_7.json b/hscontrol/policy/v2/testdata/acl_results/ACL-webserver_22_plus_database_5432_2_7.json deleted file mode 100644 index d20b7181..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-webserver_22_plus_database_5432_2_7.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-webserver_22_plus_database_5432_2_7", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["webserver:22", "database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-webserver_host_plus_tag.json b/hscontrol/policy/v2/testdata/acl_results/ACL-webserver_host_plus_tag.json deleted file mode 100644 index b40884cb..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-webserver_host_plus_tag.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "test_id": "ACL-webserver_host_plus_tag", - "source": "headscale_adapted", - "parent_test": "MixedSources", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["webserver", "tag:client"], - "dst": ["tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": [ - "100.108.74.26/32", - "100.80.238.75/32", - "fd7a:115c:a1e0::7901:ee86/128", - "fd7a:115c:a1e0::b901:4a87/128" - ], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-webserver_to_group_admins_4_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-webserver_to_group_admins_4_4.json deleted file mode 100644 index 6ef59485..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-webserver_to_group_admins_4_4.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-webserver_to_group_admins_4_4", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["webserver"], - "dst": ["group:admins:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_dest_plus_specific_dest_14_38.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_dest_plus_specific_dest_14_38.json deleted file mode 100644 index 9b524700..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_dest_plus_specific_dest_14_38.json +++ /dev/null @@ -1,191 +0,0 @@ -{ - "test_id": "ACL-wildcard_dest_plus_specific_dest_14_38", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["*:*"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_in_different_positions_14_40.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_in_different_positions_14_40.json deleted file mode 100644 index 38627bc6..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_in_different_positions_14_40.json +++ /dev/null @@ -1,231 +0,0 @@ -{ - "test_id": "ACL-wildcard_in_different_positions_14_40", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["tag:server:22", "tag:database:5432"] - }, - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:80", "*:443"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "*", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-web": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-client": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "*", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_mixed_with_specific_source.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_mixed_with_specific_source.json deleted file mode 100644 index c2183d75..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_mixed_with_specific_source.json +++ /dev/null @@ -1,131 +0,0 @@ -{ - "test_id": "ACL-wildcard_mixed_with_specific_source", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["tag:client"], - "dst": ["tag:server:22"] - }, - { - "action": "accept", - "src": ["*"], - "dst": ["tag:server:80"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.80.238.75/32", "fd7a:115c:a1e0::7901:ee86/128"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 80, - "Last": 80 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_port.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_port.json deleted file mode 100644 index 200d51a1..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_port.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-wildcard_port", - "source": "headscale_adapted", - "parent_test": "ProtocolsPorts", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["tag:server:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_autogroup_self.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_autogroup_self.json deleted file mode 100644 index 98ec8cec..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_autogroup_self.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_autogroup_self", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_autogroup_self_9_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_autogroup_self_9_4.json deleted file mode 100644 index d801f308..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_autogroup_self_9_4.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_autogroup_self_9_4", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_autogroup_self_specific_port.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_autogroup_self_specific_port.json deleted file mode 100644 index 212e2b43..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_autogroup_self_specific_port.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_autogroup_self_specific_port", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_group_and_user_same_14_17.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_group_and_user_same_14_17.json deleted file mode 100644 index 8a2c9945..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_group_and_user_same_14_17.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_group_and_user_same_14_17", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "groups": { - "group:admins": ["kratail2tid@"] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["group:admins:22"] - }, - { - "action": "accept", - "src": ["*"], - "dst": ["kratail2tid@:22"] - } - ] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_multiple_hosts_6_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_multiple_hosts_6_2.json deleted file mode 100644 index dbcb8134..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_multiple_hosts_6_2.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_multiple_hosts_6_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["webserver:22", "database:5432"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "user1": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-db": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.74.60.128/32", - "Ports": { - "First": 5432, - "Last": 5432 - } - }, - { - "IP": "fd7a:115c:a1e0::2f01:3c9c/128", - "Ports": { - "First": 5432, - "Last": 5432 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_all_ports_13_1.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_all_ports_13_1.json deleted file mode 100644 index 1ff65e5f..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_all_ports_13_1.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_self_all_ports_13_1", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:*"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_comma_ports.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_comma_ports.json deleted file mode 100644 index 8eabee75..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_comma_ports.json +++ /dev/null @@ -1,134 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_self_comma_ports", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:22,80,443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 443, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 80, - "Last": 80 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 443, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_group.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_group.json deleted file mode 100644 index aa4d407b..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_group.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_self_plus_group", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:*", "group:admins:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_group_admins_13_20.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_group_admins_13_20.json deleted file mode 100644 index 0a1c97ce..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_group_admins_13_20.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_self_plus_group_admins_13_20", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:*", "group:admins:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - }, - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_tag.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_tag.json deleted file mode 100644 index ef5412ae..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_tag.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_self_plus_tag", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:*", "tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_tag_server_13_16.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_tag_server_13_16.json deleted file mode 100644 index 7f16e15c..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_plus_tag_server_13_16.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_self_plus_tag_server_13_16", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:*", "tag:server:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 0, - "Last": 65535 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 0, - "Last": 65535 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - }, - "tagged-server": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.64.0.0/10", "fd7a:115c:a1e0::/48"], - "DstPorts": [ - { - "IP": "100.108.74.26/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::b901:4a87/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_port_22_13_2.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_port_22_13_2.json deleted file mode 100644 index a3be5b9b..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_port_22_13_2.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_self_port_22_13_2", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:22"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 22, - "Last": 22 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 22, - "Last": 22 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_port_range.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_port_range.json deleted file mode 100644 index eccba02c..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_port_range.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_self_port_range", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:80-443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 80, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 80, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -} diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_port_range_13_4.json b/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_port_range_13_4.json deleted file mode 100644 index a2cb4b5b..00000000 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-wildcard_to_self_port_range_13_4.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "test_id": "ACL-wildcard_to_self_port_range_13_4", - "source": "headscale_adapted", - "parent_test": "ComplexScenarios", - "input": { - "full_policy": { - "groups": { - "group:admins": ["kratail2tid@"], - "group:developers": ["kratail2tid@"], - "group:empty": [] - }, - "tagOwners": { - "tag:server": ["kratail2tid@"], - "tag:client": ["kratail2tid@"], - "tag:database": ["kratail2tid@"], - "tag:web": ["kratail2tid@"] - }, - "hosts": { - "webserver": "100.108.74.26", - "database": "100.74.60.128", - "internal": "10.0.0.0/8", - "subnet24": "192.168.1.0/24" - }, - "acls": [ - { - "action": "accept", - "src": ["*"], - "dst": ["autogroup:self:80-443"] - } - ] - } - }, - "topology": { - "nodes": { - "user1": { - "hostname": "user1", - "tags": [], - "ipv4": "100.90.199.68", - "ipv6": "fd7a:115c:a1e0::2d01:c747", - "user": "kratail2tid" - }, - "tagged-server": { - "hostname": "tagged-server", - "tags": ["tag:server"], - "ipv4": "100.108.74.26", - "ipv6": "fd7a:115c:a1e0::b901:4a87" - }, - "tagged-client": { - "hostname": "tagged-client", - "tags": ["tag:client"], - "ipv4": "100.80.238.75", - "ipv6": "fd7a:115c:a1e0::7901:ee86" - }, - "tagged-db": { - "hostname": "tagged-db", - "tags": ["tag:database"], - "ipv4": "100.74.60.128", - "ipv6": "fd7a:115c:a1e0::2f01:3c9c" - }, - "tagged-web": { - "hostname": "tagged-web", - "tags": ["tag:web"], - "ipv4": "100.94.92.91", - "ipv6": "fd7a:115c:a1e0::ef01:5c81" - } - } - }, - "captures": { - "tagged-server": { - "packet_filter_rules": null - }, - "tagged-client": { - "packet_filter_rules": null - }, - "tagged-db": { - "packet_filter_rules": null - }, - "tagged-web": { - "packet_filter_rules": null - }, - "user1": { - "packet_filter_rules": [ - { - "SrcIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], - "DstPorts": [ - { - "IP": "100.90.199.68/32", - "Ports": { - "First": 80, - "Last": 443 - } - }, - { - "IP": "fd7a:115c:a1e0::2d01:c747/128", - "Ports": { - "First": 80, - "Last": 443 - } - } - ], - "IPProto": [6, 17, 1, 58] - } - ] - } - } -}